| // Copyright 2020 Google LLC. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Code generated file. DO NOT EDIT. |
| |
| // Package cloudkms provides access to the Cloud Key Management Service (KMS) API. |
| // |
| // This package is DEPRECATED. Use package cloud.google.com/go/kms/apiv1 instead. |
| // |
| // For product documentation, see: https://cloud.google.com/kms/ |
| // |
| // Creating a client |
| // |
| // Usage example: |
| // |
| // import "google.golang.org/api/cloudkms/v1" |
| // ... |
| // ctx := context.Background() |
| // cloudkmsService, err := cloudkms.NewService(ctx) |
| // |
| // In this example, Google Application Default Credentials are used for authentication. |
| // |
| // For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. |
| // |
| // Other authentication options |
| // |
| // By default, all available scopes (see "Constants") are used to authenticate. To restrict scopes, use option.WithScopes: |
| // |
| // cloudkmsService, err := cloudkms.NewService(ctx, option.WithScopes(cloudkms.CloudkmsScope)) |
| // |
| // To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: |
| // |
| // cloudkmsService, err := cloudkms.NewService(ctx, option.WithAPIKey("AIza...")) |
| // |
| // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: |
| // |
| // config := &oauth2.Config{...} |
| // // ... |
| // token, err := config.Exchange(ctx, ...) |
| // cloudkmsService, err := cloudkms.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) |
| // |
| // See https://godoc.org/google.golang.org/api/option/ for details on options. |
| package cloudkms // import "google.golang.org/api/cloudkms/v1" |
| |
| import ( |
| "bytes" |
| "context" |
| "encoding/json" |
| "errors" |
| "fmt" |
| "io" |
| "net/http" |
| "net/url" |
| "strconv" |
| "strings" |
| |
| googleapi "google.golang.org/api/googleapi" |
| gensupport "google.golang.org/api/internal/gensupport" |
| option "google.golang.org/api/option" |
| internaloption "google.golang.org/api/option/internaloption" |
| htransport "google.golang.org/api/transport/http" |
| ) |
| |
| // Always reference these packages, just in case the auto-generated code |
| // below doesn't. |
| var _ = bytes.NewBuffer |
| var _ = strconv.Itoa |
| var _ = fmt.Sprintf |
| var _ = json.NewDecoder |
| var _ = io.Copy |
| var _ = url.Parse |
| var _ = gensupport.MarshalJSON |
| var _ = googleapi.Version |
| var _ = errors.New |
| var _ = strings.Replace |
| var _ = context.Canceled |
| var _ = internaloption.WithDefaultEndpoint |
| |
| const apiId = "cloudkms:v1" |
| const apiName = "cloudkms" |
| const apiVersion = "v1" |
| const basePath = "https://cloudkms.googleapis.com/" |
| const mtlsBasePath = "https://cloudkms.mtls.googleapis.com/" |
| |
| // OAuth2 scopes used by this API. |
| const ( |
| // View and manage your data across Google Cloud Platform services |
| CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" |
| |
| // View and manage your keys and secrets stored in Cloud Key Management |
| // Service |
| CloudkmsScope = "https://www.googleapis.com/auth/cloudkms" |
| ) |
| |
| // NewService creates a new Service. |
| func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { |
| scopesOption := option.WithScopes( |
| "https://www.googleapis.com/auth/cloud-platform", |
| "https://www.googleapis.com/auth/cloudkms", |
| ) |
| // NOTE: prepend, so we don't override user-specified scopes. |
| opts = append([]option.ClientOption{scopesOption}, opts...) |
| opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) |
| opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) |
| client, endpoint, err := htransport.NewClient(ctx, opts...) |
| if err != nil { |
| return nil, err |
| } |
| s, err := New(client) |
| if err != nil { |
| return nil, err |
| } |
| if endpoint != "" { |
| s.BasePath = endpoint |
| } |
| return s, nil |
| } |
| |
| // New creates a new Service. It uses the provided http.Client for requests. |
| // |
| // Deprecated: please use NewService instead. |
| // To provide a custom HTTP client, use option.WithHTTPClient. |
| // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. |
| func New(client *http.Client) (*Service, error) { |
| if client == nil { |
| return nil, errors.New("client is nil") |
| } |
| s := &Service{client: client, BasePath: basePath} |
| s.Projects = NewProjectsService(s) |
| return s, nil |
| } |
| |
| type Service struct { |
| client *http.Client |
| BasePath string // API endpoint base URL |
| UserAgent string // optional additional User-Agent fragment |
| |
| Projects *ProjectsService |
| } |
| |
| func (s *Service) userAgent() string { |
| if s.UserAgent == "" { |
| return googleapi.UserAgent |
| } |
| return googleapi.UserAgent + " " + s.UserAgent |
| } |
| |
| func NewProjectsService(s *Service) *ProjectsService { |
| rs := &ProjectsService{s: s} |
| rs.Locations = NewProjectsLocationsService(s) |
| return rs |
| } |
| |
| type ProjectsService struct { |
| s *Service |
| |
| Locations *ProjectsLocationsService |
| } |
| |
| func NewProjectsLocationsService(s *Service) *ProjectsLocationsService { |
| rs := &ProjectsLocationsService{s: s} |
| rs.KeyRings = NewProjectsLocationsKeyRingsService(s) |
| return rs |
| } |
| |
| type ProjectsLocationsService struct { |
| s *Service |
| |
| KeyRings *ProjectsLocationsKeyRingsService |
| } |
| |
| func NewProjectsLocationsKeyRingsService(s *Service) *ProjectsLocationsKeyRingsService { |
| rs := &ProjectsLocationsKeyRingsService{s: s} |
| rs.CryptoKeys = NewProjectsLocationsKeyRingsCryptoKeysService(s) |
| rs.ImportJobs = NewProjectsLocationsKeyRingsImportJobsService(s) |
| return rs |
| } |
| |
| type ProjectsLocationsKeyRingsService struct { |
| s *Service |
| |
| CryptoKeys *ProjectsLocationsKeyRingsCryptoKeysService |
| |
| ImportJobs *ProjectsLocationsKeyRingsImportJobsService |
| } |
| |
| func NewProjectsLocationsKeyRingsCryptoKeysService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysService { |
| rs := &ProjectsLocationsKeyRingsCryptoKeysService{s: s} |
| rs.CryptoKeyVersions = NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s) |
| return rs |
| } |
| |
| type ProjectsLocationsKeyRingsCryptoKeysService struct { |
| s *Service |
| |
| CryptoKeyVersions *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService |
| } |
| |
| func NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService { |
| rs := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService{s: s} |
| return rs |
| } |
| |
| type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService struct { |
| s *Service |
| } |
| |
| func NewProjectsLocationsKeyRingsImportJobsService(s *Service) *ProjectsLocationsKeyRingsImportJobsService { |
| rs := &ProjectsLocationsKeyRingsImportJobsService{s: s} |
| return rs |
| } |
| |
| type ProjectsLocationsKeyRingsImportJobsService struct { |
| s *Service |
| } |
| |
| // AsymmetricDecryptRequest: Request message for |
| // KeyManagementService.AsymmetricDecrypt. |
| type AsymmetricDecryptRequest struct { |
| // Ciphertext: Required. The data encrypted with the named |
| // CryptoKeyVersion's public |
| // key using OAEP. |
| Ciphertext string `json:"ciphertext,omitempty"` |
| |
| // CiphertextCrc32c: Optional. An optional CRC32C checksum of the |
| // AsymmetricDecryptRequest.ciphertext. |
| // If specified, KeyManagementService will verify the integrity of |
| // the |
| // received AsymmetricDecryptRequest.ciphertext using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(AsymmetricDecryptRequest.ciphertext) is equal |
| // to |
| // AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform |
| // a |
| // limited number of retries. A persistent mismatch may indicate an |
| // issue in |
| // your computation of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"` |
| |
| // ForceSendFields is a list of field names (e.g. "Ciphertext") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Ciphertext") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AsymmetricDecryptRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod AsymmetricDecryptRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AsymmetricDecryptResponse: Response message for |
| // KeyManagementService.AsymmetricDecrypt. |
| type AsymmetricDecryptResponse struct { |
| // Plaintext: The decrypted data originally encrypted with the matching |
| // public key. |
| Plaintext string `json:"plaintext,omitempty"` |
| |
| // PlaintextCrc32c: Integrity verification field. A CRC32C checksum of |
| // the returned |
| // AsymmetricDecryptResponse.plaintext. An integrity check |
| // of |
| // AsymmetricDecryptResponse.plaintext can be performed by computing |
| // the |
| // CRC32C checksum of AsymmetricDecryptResponse.plaintext and |
| // comparing |
| // your results to this field. Discard the response in case of |
| // non-matching |
| // checksum values, and perform a limited number of retries. A |
| // persistent |
| // mismatch may indicate an issue in your computation of the CRC32C |
| // checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"` |
| |
| // VerifiedCiphertextCrc32c: Integrity verification field. A flag |
| // indicating whether |
| // AsymmetricDecryptRequest.ciphertext_crc32c was received |
| // by |
| // KeyManagementService and used for the integrity verification of |
| // the |
| // ciphertext. A false value of this |
| // field indicates either that |
| // AsymmetricDecryptRequest.ciphertext_crc32c |
| // was left unset or that it was not delivered to KeyManagementService. |
| // If |
| // you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field |
| // is |
| // still false, discard the response and perform a limited number of |
| // retries. |
| // |
| // NOTE: This field is in Beta. |
| VerifiedCiphertextCrc32c bool `json:"verifiedCiphertextCrc32c,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Plaintext") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Plaintext") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AsymmetricDecryptResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod AsymmetricDecryptResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AsymmetricSignRequest: Request message for |
| // KeyManagementService.AsymmetricSign. |
| type AsymmetricSignRequest struct { |
| // Digest: Required. The digest of the data to sign. The digest must be |
| // produced with |
| // the same digest algorithm as specified by the key |
| // version's |
| // algorithm. |
| Digest *Digest `json:"digest,omitempty"` |
| |
| // DigestCrc32c: Optional. An optional CRC32C checksum of the |
| // AsymmetricSignRequest.digest. If |
| // specified, KeyManagementService will verify the integrity of |
| // the |
| // received AsymmetricSignRequest.digest using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(AsymmetricSignRequest.digest) is equal |
| // to |
| // AsymmetricSignRequest.digest_crc32c, and if so, perform a |
| // limited |
| // number of retries. A persistent mismatch may indicate an issue in |
| // your |
| // computation of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| DigestCrc32c int64 `json:"digestCrc32c,omitempty,string"` |
| |
| // ForceSendFields is a list of field names (e.g. "Digest") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Digest") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AsymmetricSignRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod AsymmetricSignRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AsymmetricSignResponse: Response message for |
| // KeyManagementService.AsymmetricSign. |
| type AsymmetricSignResponse struct { |
| // Name: The resource name of the CryptoKeyVersion used for signing. |
| // Check |
| // this field to verify that the intended resource was used for |
| // signing. |
| // |
| // NOTE: This field is in Beta. |
| Name string `json:"name,omitempty"` |
| |
| // Signature: The created signature. |
| Signature string `json:"signature,omitempty"` |
| |
| // SignatureCrc32c: Integrity verification field. A CRC32C checksum of |
| // the returned |
| // AsymmetricSignResponse.signature. An integrity check |
| // of |
| // AsymmetricSignResponse.signature can be performed by computing |
| // the |
| // CRC32C checksum of AsymmetricSignResponse.signature and comparing |
| // your |
| // results to this field. Discard the response in case of |
| // non-matching |
| // checksum values, and perform a limited number of retries. A |
| // persistent |
| // mismatch may indicate an issue in your computation of the CRC32C |
| // checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| SignatureCrc32c int64 `json:"signatureCrc32c,omitempty,string"` |
| |
| // VerifiedDigestCrc32c: Integrity verification field. A flag indicating |
| // whether |
| // AsymmetricSignRequest.digest_crc32c was received |
| // by |
| // KeyManagementService and used for the integrity verification of |
| // the |
| // digest. A false value of this field |
| // indicates either that AsymmetricSignRequest.digest_crc32c was |
| // left |
| // unset or that it was not delivered to KeyManagementService. If |
| // you've |
| // set AsymmetricSignRequest.digest_crc32c but this field is still |
| // false, |
| // discard the response and perform a limited number of retries. |
| // |
| // NOTE: This field is in Beta. |
| VerifiedDigestCrc32c bool `json:"verifiedDigestCrc32c,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Name") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Name") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AsymmetricSignResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod AsymmetricSignResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditConfig: Specifies the audit configuration for a service. |
| // The configuration determines which permission types are logged, and |
| // what |
| // identities, if any, are exempted from logging. |
| // An AuditConfig must have one or more AuditLogConfigs. |
| // |
| // If there are AuditConfigs for both `allServices` and a specific |
| // service, |
| // the union of the two AuditConfigs is used for that service: the |
| // log_types |
| // specified in each AuditConfig are enabled, and the exempted_members |
| // in each |
| // AuditLogConfig are exempted. |
| // |
| // Example Policy with multiple AuditConfigs: |
| // |
| // { |
| // "audit_configs": [ |
| // { |
| // "service": "allServices", |
| // "audit_log_configs": [ |
| // { |
| // "log_type": "DATA_READ", |
| // "exempted_members": [ |
| // "user:jose@example.com" |
| // ] |
| // }, |
| // { |
| // "log_type": "DATA_WRITE" |
| // }, |
| // { |
| // "log_type": "ADMIN_READ" |
| // } |
| // ] |
| // }, |
| // { |
| // "service": "sampleservice.googleapis.com", |
| // "audit_log_configs": [ |
| // { |
| // "log_type": "DATA_READ" |
| // }, |
| // { |
| // "log_type": "DATA_WRITE", |
| // "exempted_members": [ |
| // "user:aliya@example.com" |
| // ] |
| // } |
| // ] |
| // } |
| // ] |
| // } |
| // |
| // For sampleservice, this policy enables DATA_READ, DATA_WRITE and |
| // ADMIN_READ |
| // logging. It also exempts jose@example.com from DATA_READ logging, |
| // and |
| // aliya@example.com from DATA_WRITE logging. |
| type AuditConfig struct { |
| // AuditLogConfigs: The configuration for logging of each type of |
| // permission. |
| AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` |
| |
| // Service: Specifies a service that will be enabled for audit |
| // logging. |
| // For example, `storage.googleapis.com`, |
| // `cloudsql.googleapis.com`. |
| // `allServices` is a special value that covers all services. |
| Service string `json:"service,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AuditLogConfigs") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditConfig) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditConfig |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditLogConfig: Provides the configuration for logging a type of |
| // permissions. |
| // Example: |
| // |
| // { |
| // "audit_log_configs": [ |
| // { |
| // "log_type": "DATA_READ", |
| // "exempted_members": [ |
| // "user:jose@example.com" |
| // ] |
| // }, |
| // { |
| // "log_type": "DATA_WRITE" |
| // } |
| // ] |
| // } |
| // |
| // This enables 'DATA_READ' and 'DATA_WRITE' logging, while |
| // exempting |
| // jose@example.com from DATA_READ logging. |
| type AuditLogConfig struct { |
| // ExemptedMembers: Specifies the identities that do not cause logging |
| // for this type of |
| // permission. |
| // Follows the same format of Binding.members. |
| ExemptedMembers []string `json:"exemptedMembers,omitempty"` |
| |
| // LogType: The log type that this config enables. |
| // |
| // Possible values: |
| // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. |
| // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy |
| // "DATA_WRITE" - Data writes. Example: CloudSQL Users create |
| // "DATA_READ" - Data reads. Example: CloudSQL Users list |
| LogType string `json:"logType,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ExemptedMembers") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditLogConfig |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Binding: Associates `members` with a `role`. |
| type Binding struct { |
| // Condition: The condition that is associated with this binding. |
| // |
| // If the condition evaluates to `true`, then this binding applies to |
| // the |
| // current request. |
| // |
| // If the condition evaluates to `false`, then this binding does not |
| // apply to |
| // the current request. However, a different role binding might grant |
| // the same |
| // role to one or more of the members in this binding. |
| // |
| // To learn which resources support conditions in their IAM policies, |
| // see |
| // the |
| // [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/r |
| // esource-policies). |
| Condition *Expr `json:"condition,omitempty"` |
| |
| // Members: Specifies the identities requesting access for a Cloud |
| // Platform resource. |
| // `members` can have the following values: |
| // |
| // * `allUsers`: A special identifier that represents anyone who is |
| // on the internet; with or without a Google account. |
| // |
| // * `allAuthenticatedUsers`: A special identifier that represents |
| // anyone |
| // who is authenticated with a Google account or a service |
| // account. |
| // |
| // * `user:{emailid}`: An email address that represents a specific |
| // Google |
| // account. For example, `alice@example.com` . |
| // |
| // |
| // * `serviceAccount:{emailid}`: An email address that represents a |
| // service |
| // account. For example, |
| // `my-other-app@appspot.gserviceaccount.com`. |
| // |
| // * `group:{emailid}`: An email address that represents a Google |
| // group. |
| // For example, `admins@example.com`. |
| // |
| // * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus |
| // unique |
| // identifier) representing a user that has been recently deleted. |
| // For |
| // example, `alice@example.com?uid=123456789012345678901`. If the |
| // user is |
| // recovered, this value reverts to `user:{emailid}` and the |
| // recovered user |
| // retains the role in the binding. |
| // |
| // * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address |
| // (plus |
| // unique identifier) representing a service account that has been |
| // recently |
| // deleted. For example, |
| // |
| // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| // |
| // If the service account is undeleted, this value reverts to |
| // `serviceAccount:{emailid}` and the undeleted service account |
| // retains the |
| // role in the binding. |
| // |
| // * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus |
| // unique |
| // identifier) representing a Google group that has been recently |
| // deleted. For example, |
| // `admins@example.com?uid=123456789012345678901`. If |
| // the group is recovered, this value reverts to `group:{emailid}` |
| // and the |
| // recovered group retains the role in the binding. |
| // |
| // |
| // * `domain:{domain}`: The G Suite domain (primary) that represents all |
| // the |
| // users of that domain. For example, `google.com` or |
| // `example.com`. |
| // |
| // |
| Members []string `json:"members,omitempty"` |
| |
| // Role: Role that is assigned to `members`. |
| // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| Role string `json:"role,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Condition") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Condition") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Binding) MarshalJSON() ([]byte, error) { |
| type NoMethod Binding |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CryptoKey: A CryptoKey represents a logical key that can be used for |
| // cryptographic |
| // operations. |
| // |
| // A CryptoKey is made up of zero or more versions, |
| // which represent the actual key material used in cryptographic |
| // operations. |
| type CryptoKey struct { |
| // CreateTime: Output only. The time at which this CryptoKey was |
| // created. |
| CreateTime string `json:"createTime,omitempty"` |
| |
| // Labels: Labels with user-defined metadata. For more information, |
| // see |
| // [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). |
| Labels map[string]string `json:"labels,omitempty"` |
| |
| // Name: Output only. The resource name for this CryptoKey in the |
| // format |
| // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. |
| Name string `json:"name,omitempty"` |
| |
| // NextRotationTime: At next_rotation_time, the Key Management Service |
| // will automatically: |
| // |
| // 1. Create a new version of this CryptoKey. |
| // 2. Mark the new version as primary. |
| // |
| // Key rotations performed manually via |
| // CreateCryptoKeyVersion and |
| // UpdateCryptoKeyPrimaryVersion |
| // do not affect next_rotation_time. |
| // |
| // Keys with purpose |
| // ENCRYPT_DECRYPT support |
| // automatic rotation. For other keys, this field must be omitted. |
| NextRotationTime string `json:"nextRotationTime,omitempty"` |
| |
| // Primary: Output only. A copy of the "primary" CryptoKeyVersion that |
| // will be used |
| // by Encrypt when this CryptoKey is given |
| // in EncryptRequest.name. |
| // |
| // The CryptoKey's primary version can be updated |
| // via |
| // UpdateCryptoKeyPrimaryVersion. |
| // |
| // Keys with purpose |
| // ENCRYPT_DECRYPT may have a |
| // primary. For other keys, this field will be omitted. |
| Primary *CryptoKeyVersion `json:"primary,omitempty"` |
| |
| // Purpose: Immutable. The immutable purpose of this CryptoKey. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_PURPOSE_UNSPECIFIED" - Not specified. |
| // "ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used |
| // with |
| // Encrypt and |
| // Decrypt. |
| // "ASYMMETRIC_SIGN" - CryptoKeys with this purpose may be used |
| // with |
| // AsymmetricSign and |
| // GetPublicKey. |
| // "ASYMMETRIC_DECRYPT" - CryptoKeys with this purpose may be used |
| // with |
| // AsymmetricDecrypt and |
| // GetPublicKey. |
| Purpose string `json:"purpose,omitempty"` |
| |
| // RotationPeriod: next_rotation_time will be advanced by this period |
| // when the service |
| // automatically rotates a key. Must be at least 24 hours and at |
| // most |
| // 876,000 hours. |
| // |
| // If rotation_period is set, next_rotation_time must also be set. |
| // |
| // Keys with purpose |
| // ENCRYPT_DECRYPT support |
| // automatic rotation. For other keys, this field must be omitted. |
| RotationPeriod string `json:"rotationPeriod,omitempty"` |
| |
| // VersionTemplate: A template describing settings for new |
| // CryptoKeyVersion instances. |
| // The properties of new CryptoKeyVersion instances created by |
| // either |
| // CreateCryptoKeyVersion or |
| // auto-rotation are controlled by this template. |
| VersionTemplate *CryptoKeyVersionTemplate `json:"versionTemplate,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "CreateTime") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "CreateTime") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CryptoKey) MarshalJSON() ([]byte, error) { |
| type NoMethod CryptoKey |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CryptoKeyVersion: A CryptoKeyVersion represents an individual |
| // cryptographic key, and the |
| // associated key material. |
| // |
| // An ENABLED version can be |
| // used for cryptographic operations. |
| // |
| // For security reasons, the raw cryptographic key material represented |
| // by a |
| // CryptoKeyVersion can never be viewed or exported. It can only be used |
| // to |
| // encrypt, decrypt, or sign data when an authorized user or application |
| // invokes |
| // Cloud KMS. |
| type CryptoKeyVersion struct { |
| // Algorithm: Output only. The CryptoKeyVersionAlgorithm that |
| // this |
| // CryptoKeyVersion supports. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. |
| // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. |
| // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 |
| // digest. |
| // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA512 digest. |
| // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a |
| // SHA512 digest. |
| // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 |
| // digest. |
| // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 |
| // digest. |
| // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric |
| // encryption by an external key manager. |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // Attestation: Output only. Statement that was generated and signed by |
| // the HSM at key |
| // creation time. Use this statement to verify attributes of the key as |
| // stored |
| // on the HSM, independently of Google. Only provided for key versions |
| // with |
| // protection_level HSM. |
| Attestation *KeyOperationAttestation `json:"attestation,omitempty"` |
| |
| // CreateTime: Output only. The time at which this CryptoKeyVersion was |
| // created. |
| CreateTime string `json:"createTime,omitempty"` |
| |
| // DestroyEventTime: Output only. The time this CryptoKeyVersion's key |
| // material was |
| // destroyed. Only present if state is |
| // DESTROYED. |
| DestroyEventTime string `json:"destroyEventTime,omitempty"` |
| |
| // DestroyTime: Output only. The time this CryptoKeyVersion's key |
| // material is scheduled |
| // for destruction. Only present if state is |
| // DESTROY_SCHEDULED. |
| DestroyTime string `json:"destroyTime,omitempty"` |
| |
| // ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores |
| // a group of additional fields for |
| // configuring a CryptoKeyVersion that are specific to the |
| // EXTERNAL protection level. |
| ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `json:"externalProtectionLevelOptions,omitempty"` |
| |
| // GenerateTime: Output only. The time this CryptoKeyVersion's key |
| // material was |
| // generated. |
| GenerateTime string `json:"generateTime,omitempty"` |
| |
| // ImportFailureReason: Output only. The root cause of an import |
| // failure. Only present if |
| // state is |
| // IMPORT_FAILED. |
| ImportFailureReason string `json:"importFailureReason,omitempty"` |
| |
| // ImportJob: Output only. The name of the ImportJob used to import |
| // this |
| // CryptoKeyVersion. Only present if the underlying key material |
| // was |
| // imported. |
| ImportJob string `json:"importJob,omitempty"` |
| |
| // ImportTime: Output only. The time at which this CryptoKeyVersion's |
| // key material |
| // was imported. |
| ImportTime string `json:"importTime,omitempty"` |
| |
| // Name: Output only. The resource name for this CryptoKeyVersion in the |
| // format |
| // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersio |
| // ns/*`. |
| Name string `json:"name,omitempty"` |
| |
| // ProtectionLevel: Output only. The ProtectionLevel describing how |
| // crypto operations are |
| // performed with this CryptoKeyVersion. |
| // |
| // Possible values: |
| // "PROTECTION_LEVEL_UNSPECIFIED" - Not specified. |
| // "SOFTWARE" - Crypto operations are performed in software. |
| // "HSM" - Crypto operations are performed in a Hardware Security |
| // Module. |
| // "EXTERNAL" - Crypto operations are performed by an external key |
| // manager. |
| ProtectionLevel string `json:"protectionLevel,omitempty"` |
| |
| // State: The current state of the CryptoKeyVersion. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" - Not specified. |
| // "PENDING_GENERATION" - This version is still being generated. It |
| // may not be used, enabled, |
| // disabled, or destroyed yet. Cloud KMS will automatically mark |
| // this |
| // version ENABLED as soon as the version is ready. |
| // "ENABLED" - This version may be used for cryptographic operations. |
| // "DISABLED" - This version may not be used, but the key material is |
| // still available, |
| // and the version can be placed back into the ENABLED state. |
| // "DESTROYED" - This version is destroyed, and the key material is no |
| // longer stored. |
| // A version may not leave this state once entered. |
| // "DESTROY_SCHEDULED" - This version is scheduled for destruction, |
| // and will be destroyed soon. |
| // Call |
| // RestoreCryptoKeyVersion |
| // to put it back into the DISABLED state. |
| // "PENDING_IMPORT" - This version is still being imported. It may not |
| // be used, enabled, |
| // disabled, or destroyed yet. Cloud KMS will automatically mark |
| // this |
| // version ENABLED as soon as the version is ready. |
| // "IMPORT_FAILED" - This version was not imported successfully. It |
| // may not be used, enabled, |
| // disabled, or destroyed. The submitted key material has been |
| // discarded. |
| // Additional details can be found |
| // in |
| // CryptoKeyVersion.import_failure_reason. |
| State string `json:"state,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Algorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Algorithm") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CryptoKeyVersion) MarshalJSON() ([]byte, error) { |
| type NoMethod CryptoKeyVersion |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CryptoKeyVersionTemplate: A CryptoKeyVersionTemplate specifies the |
| // properties to use when creating |
| // a new CryptoKeyVersion, either manually with |
| // CreateCryptoKeyVersion or |
| // automatically as a result of auto-rotation. |
| type CryptoKeyVersionTemplate struct { |
| // Algorithm: Required. Algorithm to use |
| // when creating a CryptoKeyVersion based on this template. |
| // |
| // For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied |
| // if both |
| // this field is omitted and CryptoKey.purpose is |
| // ENCRYPT_DECRYPT. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. |
| // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. |
| // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 |
| // digest. |
| // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA512 digest. |
| // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a |
| // SHA512 digest. |
| // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 |
| // digest. |
| // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 |
| // digest. |
| // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric |
| // encryption by an external key manager. |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // ProtectionLevel: ProtectionLevel to use when creating a |
| // CryptoKeyVersion based on |
| // this template. Immutable. Defaults to SOFTWARE. |
| // |
| // Possible values: |
| // "PROTECTION_LEVEL_UNSPECIFIED" - Not specified. |
| // "SOFTWARE" - Crypto operations are performed in software. |
| // "HSM" - Crypto operations are performed in a Hardware Security |
| // Module. |
| // "EXTERNAL" - Crypto operations are performed by an external key |
| // manager. |
| ProtectionLevel string `json:"protectionLevel,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Algorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Algorithm") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CryptoKeyVersionTemplate) MarshalJSON() ([]byte, error) { |
| type NoMethod CryptoKeyVersionTemplate |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // DecryptRequest: Request message for KeyManagementService.Decrypt. |
| type DecryptRequest struct { |
| // AdditionalAuthenticatedData: Optional. Optional data that must match |
| // the data originally supplied |
| // in |
| // EncryptRequest.additional_authenticated_data. |
| AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"` |
| |
| // AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C |
| // checksum of the |
| // DecryptRequest.additional_authenticated_data. If |
| // specified, |
| // KeyManagementService will verify the integrity of the |
| // received |
| // DecryptRequest.additional_authenticated_data using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(DecryptRequest.additional_authenticated_data) is equal |
| // to |
| // DecryptRequest.additional_authenticated_data_crc32c, and if so, |
| // perform |
| // a limited number of retries. A persistent mismatch may indicate an |
| // issue in |
| // your computation of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"` |
| |
| // Ciphertext: Required. The encrypted data originally returned |
| // in |
| // EncryptResponse.ciphertext. |
| Ciphertext string `json:"ciphertext,omitempty"` |
| |
| // CiphertextCrc32c: Optional. An optional CRC32C checksum of the |
| // DecryptRequest.ciphertext. If |
| // specified, KeyManagementService will verify the integrity of |
| // the |
| // received DecryptRequest.ciphertext using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(DecryptRequest.ciphertext) is equal |
| // to |
| // DecryptRequest.ciphertext_crc32c, and if so, perform a limited |
| // number |
| // of retries. A persistent mismatch may indicate an issue in your |
| // computation |
| // of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"` |
| |
| // ForceSendFields is a list of field names (e.g. |
| // "AdditionalAuthenticatedData") to unconditionally include in API |
| // requests. By default, fields with empty values are omitted from API |
| // requests. However, any non-pointer, non-interface field appearing in |
| // ForceSendFields will be sent to the server regardless of whether the |
| // field is empty or not. This may be used to include empty fields in |
| // Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. |
| // "AdditionalAuthenticatedData") to include in API requests with the |
| // JSON null value. By default, fields with empty values are omitted |
| // from API requests. However, any field with an empty value appearing |
| // in NullFields will be sent to the server as null. It is an error if a |
| // field in this list has a non-empty value. This may be used to include |
| // null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *DecryptRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod DecryptRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // DecryptResponse: Response message for KeyManagementService.Decrypt. |
| type DecryptResponse struct { |
| // Plaintext: The decrypted data originally supplied in |
| // EncryptRequest.plaintext. |
| Plaintext string `json:"plaintext,omitempty"` |
| |
| // PlaintextCrc32c: Integrity verification field. A CRC32C checksum of |
| // the returned |
| // DecryptResponse.plaintext. An integrity check |
| // of |
| // DecryptResponse.plaintext can be performed by computing the |
| // CRC32C |
| // checksum of DecryptResponse.plaintext and comparing your results |
| // to |
| // this field. Discard the response in case of non-matching checksum |
| // values, |
| // and perform a limited number of retries. A persistent mismatch may |
| // indicate |
| // an issue in your computation of the CRC32C checksum. Note: receiving |
| // this |
| // response message indicates that KeyManagementService is able |
| // to |
| // successfully decrypt the ciphertext. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Plaintext") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Plaintext") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *DecryptResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod DecryptResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // DestroyCryptoKeyVersionRequest: Request message for |
| // KeyManagementService.DestroyCryptoKeyVersion. |
| type DestroyCryptoKeyVersionRequest struct { |
| } |
| |
| // Digest: A Digest holds a cryptographic message digest. |
| type Digest struct { |
| // Sha256: A message digest produced with the SHA-256 algorithm. |
| Sha256 string `json:"sha256,omitempty"` |
| |
| // Sha384: A message digest produced with the SHA-384 algorithm. |
| Sha384 string `json:"sha384,omitempty"` |
| |
| // Sha512: A message digest produced with the SHA-512 algorithm. |
| Sha512 string `json:"sha512,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Sha256") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Sha256") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Digest) MarshalJSON() ([]byte, error) { |
| type NoMethod Digest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // EncryptRequest: Request message for KeyManagementService.Encrypt. |
| type EncryptRequest struct { |
| // AdditionalAuthenticatedData: Optional. Optional data that, if |
| // specified, must also be provided during decryption |
| // through DecryptRequest.additional_authenticated_data. |
| // |
| // The maximum size depends on the key version's |
| // protection_level. For |
| // SOFTWARE keys, the AAD must be no larger than |
| // 64KiB. For HSM keys, the combined length of the |
| // plaintext and additional_authenticated_data fields must be no larger |
| // than |
| // 8KiB. |
| AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"` |
| |
| // AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C |
| // checksum of the |
| // EncryptRequest.additional_authenticated_data. If |
| // specified, |
| // KeyManagementService will verify the integrity of the |
| // received |
| // EncryptRequest.additional_authenticated_data using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(EncryptRequest.additional_authenticated_data) is equal |
| // to |
| // EncryptRequest.additional_authenticated_data_crc32c, and if so, |
| // perform |
| // a limited number of retries. A persistent mismatch may indicate an |
| // issue in |
| // your computation of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"` |
| |
| // Plaintext: Required. The data to encrypt. Must be no larger than |
| // 64KiB. |
| // |
| // The maximum size depends on the key version's |
| // protection_level. For |
| // SOFTWARE keys, the plaintext must be no larger |
| // than 64KiB. For HSM keys, the combined length of the |
| // plaintext and additional_authenticated_data fields must be no larger |
| // than |
| // 8KiB. |
| Plaintext string `json:"plaintext,omitempty"` |
| |
| // PlaintextCrc32c: Optional. An optional CRC32C checksum of the |
| // EncryptRequest.plaintext. If |
| // specified, KeyManagementService will verify the integrity of |
| // the |
| // received EncryptRequest.plaintext using this |
| // checksum. |
| // KeyManagementService will report an error if the checksum |
| // verification |
| // fails. If you receive a checksum error, your client should verify |
| // that |
| // CRC32C(EncryptRequest.plaintext) is equal |
| // to |
| // EncryptRequest.plaintext_crc32c, and if so, perform a limited number |
| // of |
| // retries. A persistent mismatch may indicate an issue in your |
| // computation of |
| // the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"` |
| |
| // ForceSendFields is a list of field names (e.g. |
| // "AdditionalAuthenticatedData") to unconditionally include in API |
| // requests. By default, fields with empty values are omitted from API |
| // requests. However, any non-pointer, non-interface field appearing in |
| // ForceSendFields will be sent to the server regardless of whether the |
| // field is empty or not. This may be used to include empty fields in |
| // Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. |
| // "AdditionalAuthenticatedData") to include in API requests with the |
| // JSON null value. By default, fields with empty values are omitted |
| // from API requests. However, any field with an empty value appearing |
| // in NullFields will be sent to the server as null. It is an error if a |
| // field in this list has a non-empty value. This may be used to include |
| // null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *EncryptRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod EncryptRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // EncryptResponse: Response message for KeyManagementService.Encrypt. |
| type EncryptResponse struct { |
| // Ciphertext: The encrypted data. |
| Ciphertext string `json:"ciphertext,omitempty"` |
| |
| // CiphertextCrc32c: Integrity verification field. A CRC32C checksum of |
| // the returned |
| // EncryptResponse.ciphertext. An integrity check |
| // of |
| // EncryptResponse.ciphertext can be performed by computing the |
| // CRC32C |
| // checksum of EncryptResponse.ciphertext and comparing your results |
| // to |
| // this field. Discard the response in case of non-matching checksum |
| // values, |
| // and perform a limited number of retries. A persistent mismatch may |
| // indicate |
| // an issue in your computation of the CRC32C checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"` |
| |
| // Name: The resource name of the CryptoKeyVersion used in encryption. |
| // Check |
| // this field to verify that the intended resource was used for |
| // encryption. |
| Name string `json:"name,omitempty"` |
| |
| // VerifiedAdditionalAuthenticatedDataCrc32c: Integrity verification |
| // field. A flag indicating |
| // whether |
| // EncryptRequest.additional_authenticated_data_crc32c was received |
| // by |
| // KeyManagementService and used for the integrity verification of |
| // the |
| // AAD. A false value of this |
| // field indicates either |
| // that |
| // EncryptRequest.additional_authenticated_data_crc32c was left unset |
| // or |
| // that it was not delivered to KeyManagementService. If you've |
| // set |
| // EncryptRequest.additional_authenticated_data_crc32c but this field |
| // is |
| // still false, discard the response and perform a limited number of |
| // retries. |
| // |
| // NOTE: This field is in Beta. |
| VerifiedAdditionalAuthenticatedDataCrc32c bool `json:"verifiedAdditionalAuthenticatedDataCrc32c,omitempty"` |
| |
| // VerifiedPlaintextCrc32c: Integrity verification field. A flag |
| // indicating whether |
| // EncryptRequest.plaintext_crc32c was received by |
| // KeyManagementService and used for the integrity verification of |
| // the |
| // plaintext. A false value of this field |
| // indicates either that EncryptRequest.plaintext_crc32c was left unset |
| // or |
| // that it was not delivered to KeyManagementService. If you've |
| // set |
| // EncryptRequest.plaintext_crc32c but this field is still false, |
| // discard |
| // the response and perform a limited number of retries. |
| // |
| // NOTE: This field is in Beta. |
| VerifiedPlaintextCrc32c bool `json:"verifiedPlaintextCrc32c,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Ciphertext") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Ciphertext") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *EncryptResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod EncryptResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Expr: Represents a textual expression in the Common Expression |
| // Language (CEL) |
| // syntax. CEL is a C-like expression language. The syntax and semantics |
| // of CEL |
| // are documented at https://github.com/google/cel-spec. |
| // |
| // Example (Comparison): |
| // |
| // title: "Summary size limit" |
| // description: "Determines if a summary is less than 100 chars" |
| // expression: "document.summary.size() < 100" |
| // |
| // Example (Equality): |
| // |
| // title: "Requestor is owner" |
| // description: "Determines if requestor is the document owner" |
| // expression: "document.owner == |
| // request.auth.claims.email" |
| // |
| // Example (Logic): |
| // |
| // title: "Public documents" |
| // description: "Determine whether the document should be publicly |
| // visible" |
| // expression: "document.type != 'private' && document.type != |
| // 'internal'" |
| // |
| // Example (Data Manipulation): |
| // |
| // title: "Notification string" |
| // description: "Create a notification string with a timestamp." |
| // expression: "'New message received at ' + |
| // string(document.create_time)" |
| // |
| // The exact variables and functions that may be referenced within an |
| // expression |
| // are determined by the service that evaluates it. See the |
| // service |
| // documentation for additional information. |
| type Expr struct { |
| // Description: Optional. Description of the expression. This is a |
| // longer text which |
| // describes the expression, e.g. when hovered over it in a UI. |
| Description string `json:"description,omitempty"` |
| |
| // Expression: Textual representation of an expression in Common |
| // Expression Language |
| // syntax. |
| Expression string `json:"expression,omitempty"` |
| |
| // Location: Optional. String indicating the location of the expression |
| // for error |
| // reporting, e.g. a file name and a position in the file. |
| Location string `json:"location,omitempty"` |
| |
| // Title: Optional. Title for the expression, i.e. a short string |
| // describing |
| // its purpose. This can be used e.g. in UIs which allow to enter |
| // the |
| // expression. |
| Title string `json:"title,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Description") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Description") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Expr) MarshalJSON() ([]byte, error) { |
| type NoMethod Expr |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores |
| // a group of additional fields for |
| // configuring a CryptoKeyVersion that are specific to the |
| // EXTERNAL protection level. |
| type ExternalProtectionLevelOptions struct { |
| // ExternalKeyUri: The URI for an external resource that this |
| // CryptoKeyVersion represents. |
| ExternalKeyUri string `json:"externalKeyUri,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "ExternalKeyUri") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ExternalKeyUri") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ExternalProtectionLevelOptions) MarshalJSON() ([]byte, error) { |
| type NoMethod ExternalProtectionLevelOptions |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ImportCryptoKeyVersionRequest: Request message for |
| // KeyManagementService.ImportCryptoKeyVersion. |
| type ImportCryptoKeyVersionRequest struct { |
| // Algorithm: Required. The algorithm of |
| // the key being imported. This does not need to match |
| // the |
| // version_template of the CryptoKey this |
| // version imports into. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. |
| // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. |
| // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 |
| // digest. |
| // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA512 digest. |
| // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a |
| // SHA512 digest. |
| // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 |
| // digest. |
| // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 |
| // digest. |
| // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric |
| // encryption by an external key manager. |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // ImportJob: Required. The name of the ImportJob that was used to |
| // wrap this key material. |
| ImportJob string `json:"importJob,omitempty"` |
| |
| // RsaAesWrappedKey: Wrapped key material produced |
| // with |
| // RSA_OAEP_3072_SHA1_AES_256 |
| // or |
| // RSA_OAEP_4096_SHA1_AES_256. |
| // |
| // This field contains the concatenation of two wrapped keys: |
| // <ol> |
| // <li>An ephemeral AES-256 wrapping key wrapped with the |
| // public_key using RSAES-OAEP with SHA-1, |
| // MGF1 with SHA-1, and an empty label. |
| // </li> |
| // <li>The key to be imported, wrapped with the ephemeral AES-256 key |
| // using AES-KWP (RFC 5649). |
| // </li> |
| // </ol> |
| // |
| // If importing symmetric key material, it is expected that the |
| // unwrapped |
| // key contains plain bytes. If importing asymmetric key material, it |
| // is |
| // expected that the unwrapped key is in PKCS#8-encoded DER format |
| // (the |
| // PrivateKeyInfo structure from RFC 5208). |
| // |
| // This format is the same as the format produced by PKCS#11 |
| // mechanism |
| // CKM_RSA_AES_KEY_WRAP. |
| RsaAesWrappedKey string `json:"rsaAesWrappedKey,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Algorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Algorithm") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ImportCryptoKeyVersionRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod ImportCryptoKeyVersionRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ImportJob: An ImportJob can be used to create CryptoKeys |
| // and |
| // CryptoKeyVersions using pre-existing key material, |
| // generated outside of Cloud KMS. |
| // |
| // When an ImportJob is created, Cloud KMS will generate a "wrapping |
| // key", |
| // which is a public/private key pair. You use the wrapping key to |
| // encrypt (also |
| // known as wrap) the pre-existing key material to protect it during the |
| // import |
| // process. The nature of the wrapping key depends on the choice |
| // of |
| // import_method. When the wrapping key generation |
| // is complete, the state will be set to |
| // ACTIVE and the public_key |
| // can be fetched. The fetched public key can then be used to wrap |
| // your |
| // pre-existing key material. |
| // |
| // Once the key material is wrapped, it can be imported into a |
| // new |
| // CryptoKeyVersion in an existing CryptoKey by |
| // calling |
| // ImportCryptoKeyVersion. |
| // Multiple CryptoKeyVersions can be imported with a single |
| // ImportJob. Cloud KMS uses the private key portion of the wrapping key |
| // to |
| // unwrap the key material. Only Cloud KMS has access to the private |
| // key. |
| // |
| // An ImportJob expires 3 days after it is created. Once expired, Cloud |
| // KMS |
| // will no longer be able to import or unwrap any key material that was |
| // wrapped |
| // with the ImportJob's public key. |
| // |
| // For more information, see |
| // [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). |
| type ImportJob struct { |
| // Attestation: Output only. Statement that was generated and signed by |
| // the key creator |
| // (for example, an HSM) at key creation time. Use this statement to |
| // verify |
| // attributes of the key as stored on the HSM, independently of |
| // Google. |
| // Only present if the chosen ImportMethod is one with a |
| // protection |
| // level of HSM. |
| Attestation *KeyOperationAttestation `json:"attestation,omitempty"` |
| |
| // CreateTime: Output only. The time at which this ImportJob was |
| // created. |
| CreateTime string `json:"createTime,omitempty"` |
| |
| // ExpireEventTime: Output only. The time this ImportJob expired. Only |
| // present if |
| // state is EXPIRED. |
| ExpireEventTime string `json:"expireEventTime,omitempty"` |
| |
| // ExpireTime: Output only. The time at which this ImportJob is |
| // scheduled for |
| // expiration and can no longer be used to import key material. |
| ExpireTime string `json:"expireTime,omitempty"` |
| |
| // GenerateTime: Output only. The time this ImportJob's key material was |
| // generated. |
| GenerateTime string `json:"generateTime,omitempty"` |
| |
| // ImportMethod: Required. Immutable. The wrapping method to be used for |
| // incoming key material. |
| // |
| // Possible values: |
| // "IMPORT_METHOD_UNSPECIFIED" - Not specified. |
| // "RSA_OAEP_3072_SHA1_AES_256" - This ImportMethod represents the |
| // CKM_RSA_AES_KEY_WRAP key wrapping |
| // scheme defined in the PKCS #11 standard. In summary, this |
| // involves |
| // wrapping the raw key with an ephemeral AES key, and wrapping |
| // the |
| // ephemeral AES key with a 3072 bit RSA key. For more details, see |
| // [RSA AES key |
| // wrap |
| // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/co |
| // s01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| // "RSA_OAEP_4096_SHA1_AES_256" - This ImportMethod represents the |
| // CKM_RSA_AES_KEY_WRAP key wrapping |
| // scheme defined in the PKCS #11 standard. In summary, this |
| // involves |
| // wrapping the raw key with an ephemeral AES key, and wrapping |
| // the |
| // ephemeral AES key with a 4096 bit RSA key. For more details, see |
| // [RSA AES key |
| // wrap |
| // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/co |
| // s01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). |
| ImportMethod string `json:"importMethod,omitempty"` |
| |
| // Name: Output only. The resource name for this ImportJob in the |
| // format |
| // `projects/*/locations/*/keyRings/*/importJobs/*`. |
| Name string `json:"name,omitempty"` |
| |
| // ProtectionLevel: Required. Immutable. The protection level of the |
| // ImportJob. This must match the |
| // protection_level of the |
| // version_template on the CryptoKey you |
| // attempt to import into. |
| // |
| // Possible values: |
| // "PROTECTION_LEVEL_UNSPECIFIED" - Not specified. |
| // "SOFTWARE" - Crypto operations are performed in software. |
| // "HSM" - Crypto operations are performed in a Hardware Security |
| // Module. |
| // "EXTERNAL" - Crypto operations are performed by an external key |
| // manager. |
| ProtectionLevel string `json:"protectionLevel,omitempty"` |
| |
| // PublicKey: Output only. The public key with which to wrap key |
| // material prior to |
| // import. Only returned if state is |
| // ACTIVE. |
| PublicKey *WrappingPublicKey `json:"publicKey,omitempty"` |
| |
| // State: Output only. The current state of the ImportJob, indicating if |
| // it can |
| // be used. |
| // |
| // Possible values: |
| // "IMPORT_JOB_STATE_UNSPECIFIED" - Not specified. |
| // "PENDING_GENERATION" - The wrapping key for this job is still being |
| // generated. It may not be |
| // used. Cloud KMS will automatically mark this job as |
| // ACTIVE as soon as the wrapping key is generated. |
| // "ACTIVE" - This job may be used in |
| // CreateCryptoKey and |
| // CreateCryptoKeyVersion |
| // requests. |
| // "EXPIRED" - This job can no longer be used and may not leave this |
| // state once entered. |
| State string `json:"state,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Attestation") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Attestation") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ImportJob) MarshalJSON() ([]byte, error) { |
| type NoMethod ImportJob |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // KeyOperationAttestation: Contains an HSM-generated attestation about |
| // a key operation. For more |
| // information, see [Verifying |
| // attestations] |
| // (https://cloud.google.com/kms/docs/attest-key). |
| type KeyOperationAttestation struct { |
| // Content: Output only. The attestation data provided by the HSM when |
| // the key |
| // operation was performed. |
| Content string `json:"content,omitempty"` |
| |
| // Format: Output only. The format of the attestation data. |
| // |
| // Possible values: |
| // "ATTESTATION_FORMAT_UNSPECIFIED" - Not specified. |
| // "CAVIUM_V1_COMPRESSED" - Cavium HSM attestation compressed with |
| // gzip. Note that this format is |
| // defined by Cavium and subject to change at any time. |
| // "CAVIUM_V2_COMPRESSED" - Cavium HSM attestation V2 compressed with |
| // gzip. This is a new format |
| // introduced in Cavium's version 3.2-08. |
| Format string `json:"format,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Content") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Content") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *KeyOperationAttestation) MarshalJSON() ([]byte, error) { |
| type NoMethod KeyOperationAttestation |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // KeyRing: A KeyRing is a toplevel logical grouping of CryptoKeys. |
| type KeyRing struct { |
| // CreateTime: Output only. The time at which this KeyRing was created. |
| CreateTime string `json:"createTime,omitempty"` |
| |
| // Name: Output only. The resource name for the KeyRing in the |
| // format |
| // `projects/*/locations/*/keyRings/*`. |
| Name string `json:"name,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "CreateTime") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "CreateTime") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *KeyRing) MarshalJSON() ([]byte, error) { |
| type NoMethod KeyRing |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListCryptoKeyVersionsResponse: Response message for |
| // KeyManagementService.ListCryptoKeyVersions. |
| type ListCryptoKeyVersionsResponse struct { |
| // CryptoKeyVersions: The list of CryptoKeyVersions. |
| CryptoKeyVersions []*CryptoKeyVersion `json:"cryptoKeyVersions,omitempty"` |
| |
| // NextPageToken: A token to retrieve next page of results. Pass this |
| // value in |
| // ListCryptoKeyVersionsRequest.page_token to retrieve the next page |
| // of |
| // results. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // TotalSize: The total number of CryptoKeyVersions that matched |
| // the |
| // query. |
| TotalSize int64 `json:"totalSize,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "CryptoKeyVersions") |
| // to unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "CryptoKeyVersions") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListCryptoKeyVersionsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListCryptoKeyVersionsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListCryptoKeysResponse: Response message for |
| // KeyManagementService.ListCryptoKeys. |
| type ListCryptoKeysResponse struct { |
| // CryptoKeys: The list of CryptoKeys. |
| CryptoKeys []*CryptoKey `json:"cryptoKeys,omitempty"` |
| |
| // NextPageToken: A token to retrieve next page of results. Pass this |
| // value in |
| // ListCryptoKeysRequest.page_token to retrieve the next page of |
| // results. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // TotalSize: The total number of CryptoKeys that matched the query. |
| TotalSize int64 `json:"totalSize,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "CryptoKeys") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "CryptoKeys") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListCryptoKeysResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListCryptoKeysResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListImportJobsResponse: Response message for |
| // KeyManagementService.ListImportJobs. |
| type ListImportJobsResponse struct { |
| // ImportJobs: The list of ImportJobs. |
| ImportJobs []*ImportJob `json:"importJobs,omitempty"` |
| |
| // NextPageToken: A token to retrieve next page of results. Pass this |
| // value in |
| // ListImportJobsRequest.page_token to retrieve the next page of |
| // results. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // TotalSize: The total number of ImportJobs that matched the query. |
| TotalSize int64 `json:"totalSize,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "ImportJobs") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ImportJobs") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListImportJobsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListImportJobsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListKeyRingsResponse: Response message for |
| // KeyManagementService.ListKeyRings. |
| type ListKeyRingsResponse struct { |
| // KeyRings: The list of KeyRings. |
| KeyRings []*KeyRing `json:"keyRings,omitempty"` |
| |
| // NextPageToken: A token to retrieve next page of results. Pass this |
| // value in |
| // ListKeyRingsRequest.page_token to retrieve the next page of results. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // TotalSize: The total number of KeyRings that matched the query. |
| TotalSize int64 `json:"totalSize,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "KeyRings") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "KeyRings") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListKeyRingsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListKeyRingsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListLocationsResponse: The response message for |
| // Locations.ListLocations. |
| type ListLocationsResponse struct { |
| // Locations: A list of locations that matches the specified filter in |
| // the request. |
| Locations []*Location `json:"locations,omitempty"` |
| |
| // NextPageToken: The standard List next-page token. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Locations") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Locations") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListLocationsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListLocationsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Location: A resource that represents Google Cloud Platform location. |
| type Location struct { |
| // DisplayName: The friendly name for this location, typically a nearby |
| // city name. |
| // For example, "Tokyo". |
| DisplayName string `json:"displayName,omitempty"` |
| |
| // Labels: Cross-service attributes for the location. For example |
| // |
| // {"cloud.googleapis.com/region": "us-east1"} |
| Labels map[string]string `json:"labels,omitempty"` |
| |
| // LocationId: The canonical id for this location. For example: |
| // "us-east1". |
| LocationId string `json:"locationId,omitempty"` |
| |
| // Metadata: Service-specific metadata. For example the available |
| // capacity at the given |
| // location. |
| Metadata googleapi.RawMessage `json:"metadata,omitempty"` |
| |
| // Name: Resource name for the location, which may vary between |
| // implementations. |
| // For example: "projects/example-project/locations/us-east1" |
| Name string `json:"name,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "DisplayName") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "DisplayName") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Location) MarshalJSON() ([]byte, error) { |
| type NoMethod Location |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // LocationMetadata: Cloud KMS metadata for the given |
| // google.cloud.location.Location. |
| type LocationMetadata struct { |
| // EkmAvailable: Indicates whether CryptoKeys |
| // with |
| // protection_level |
| // EXTERNAL can be created in this location. |
| EkmAvailable bool `json:"ekmAvailable,omitempty"` |
| |
| // HsmAvailable: Indicates whether CryptoKeys with |
| // protection_level |
| // HSM can be created in this location. |
| HsmAvailable bool `json:"hsmAvailable,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "EkmAvailable") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "EkmAvailable") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *LocationMetadata) MarshalJSON() ([]byte, error) { |
| type NoMethod LocationMetadata |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Policy: An Identity and Access Management (IAM) policy, which |
| // specifies access |
| // controls for Google Cloud resources. |
| // |
| // |
| // A `Policy` is a collection of `bindings`. A `binding` binds one or |
| // more |
| // `members` to a single `role`. Members can be user accounts, service |
| // accounts, |
| // Google groups, and domains (such as G Suite). A `role` is a named |
| // list of |
| // permissions; each `role` can be an IAM predefined role or a |
| // user-created |
| // custom role. |
| // |
| // For some types of Google Cloud resources, a `binding` can also |
| // specify a |
| // `condition`, which is a logical expression that allows access to a |
| // resource |
| // only if the expression evaluates to `true`. A condition can add |
| // constraints |
| // based on attributes of the request, the resource, or both. To learn |
| // which |
| // resources support conditions in their IAM policies, see the |
| // [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/resource-p |
| // olicies). |
| // |
| // **JSON example:** |
| // |
| // { |
| // "bindings": [ |
| // { |
| // "role": "roles/resourcemanager.organizationAdmin", |
| // "members": [ |
| // "user:mike@example.com", |
| // "group:admins@example.com", |
| // "domain:google.com", |
| // |
| // "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
| // ] |
| // }, |
| // { |
| // "role": "roles/resourcemanager.organizationViewer", |
| // "members": [ |
| // "user:eve@example.com" |
| // ], |
| // "condition": { |
| // "title": "expirable access", |
| // "description": "Does not grant access after Sep 2020", |
| // "expression": "request.time < |
| // timestamp('2020-10-01T00:00:00.000Z')", |
| // } |
| // } |
| // ], |
| // "etag": "BwWWja0YfJA=", |
| // "version": 3 |
| // } |
| // |
| // **YAML example:** |
| // |
| // bindings: |
| // - members: |
| // - user:mike@example.com |
| // - group:admins@example.com |
| // - domain:google.com |
| // - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| // role: roles/resourcemanager.organizationAdmin |
| // - members: |
| // - user:eve@example.com |
| // role: roles/resourcemanager.organizationViewer |
| // condition: |
| // title: expirable access |
| // description: Does not grant access after Sep 2020 |
| // expression: request.time < |
| // timestamp('2020-10-01T00:00:00.000Z') |
| // - etag: BwWWja0YfJA= |
| // - version: 3 |
| // |
| // For a description of IAM and its features, see the |
| // [IAM documentation](https://cloud.google.com/iam/docs/). |
| type Policy struct { |
| // AuditConfigs: Specifies cloud audit logging configuration for this |
| // policy. |
| AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` |
| |
| // Bindings: Associates a list of `members` to a `role`. Optionally, may |
| // specify a |
| // `condition` that determines how and when the `bindings` are applied. |
| // Each |
| // of the `bindings` must contain at least one member. |
| Bindings []*Binding `json:"bindings,omitempty"` |
| |
| // Etag: `etag` is used for optimistic concurrency control as a way to |
| // help |
| // prevent simultaneous updates of a policy from overwriting each |
| // other. |
| // It is strongly suggested that systems make use of the `etag` in |
| // the |
| // read-modify-write cycle to perform policy updates in order to avoid |
| // race |
| // conditions: An `etag` is returned in the response to `getIamPolicy`, |
| // and |
| // systems are expected to put that etag in the request to |
| // `setIamPolicy` to |
| // ensure that their change will be applied to the same version of the |
| // policy. |
| // |
| // **Important:** If you use IAM Conditions, you must include the `etag` |
| // field |
| // whenever you call `setIamPolicy`. If you omit this field, then IAM |
| // allows |
| // you to overwrite a version `3` policy with a version `1` policy, and |
| // all of |
| // the conditions in the version `3` policy are lost. |
| Etag string `json:"etag,omitempty"` |
| |
| // Version: Specifies the format of the policy. |
| // |
| // Valid values are `0`, `1`, and `3`. Requests that specify an invalid |
| // value |
| // are rejected. |
| // |
| // Any operation that affects conditional role bindings must specify |
| // version |
| // `3`. This requirement applies to the following operations: |
| // |
| // * Getting a policy that includes a conditional role binding |
| // * Adding a conditional role binding to a policy |
| // * Changing a conditional role binding in a policy |
| // * Removing any role binding, with or without a condition, from a |
| // policy |
| // that includes conditions |
| // |
| // **Important:** If you use IAM Conditions, you must include the `etag` |
| // field |
| // whenever you call `setIamPolicy`. If you omit this field, then IAM |
| // allows |
| // you to overwrite a version `3` policy with a version `1` policy, and |
| // all of |
| // the conditions in the version `3` policy are lost. |
| // |
| // If a policy does not include any conditions, operations on that |
| // policy may |
| // specify any valid version or leave the field unset. |
| // |
| // To learn which resources support conditions in their IAM policies, |
| // see the |
| // [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/resource-p |
| // olicies). |
| Version int64 `json:"version,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "AuditConfigs") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AuditConfigs") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Policy) MarshalJSON() ([]byte, error) { |
| type NoMethod Policy |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // PublicKey: The public key for a given CryptoKeyVersion. Obtained |
| // via |
| // GetPublicKey. |
| type PublicKey struct { |
| // Algorithm: The Algorithm associated |
| // with this key. |
| // |
| // Possible values: |
| // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. |
| // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. |
| // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 |
| // digest. |
| // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 |
| // digest. |
| // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA256 digest. |
| // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit |
| // key and a SHA512 digest. |
| // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a |
| // SHA256 digest. |
| // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a |
| // SHA512 digest. |
| // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 |
| // digest. |
| // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 |
| // digest. |
| // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric |
| // encryption by an external key manager. |
| Algorithm string `json:"algorithm,omitempty"` |
| |
| // Name: The name of the CryptoKeyVersion public key. |
| // Provided here for verification. |
| // |
| // NOTE: This field is in Beta. |
| Name string `json:"name,omitempty"` |
| |
| // Pem: The public key, encoded in PEM format. For more information, see |
| // the |
| // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for |
| // [General |
| // Considerations](https://tools.ietf.org/html/rfc7468#section-2) |
| // and |
| // [Textual Encoding of Subject Public Key |
| // Info] |
| // (https://tools.ietf.org/html/rfc7468#section-13). |
| Pem string `json:"pem,omitempty"` |
| |
| // PemCrc32c: Integrity verification field. A CRC32C checksum of the |
| // returned |
| // PublicKey.pem. An integrity check of PublicKey.pem can be |
| // performed |
| // by computing the CRC32C checksum of PublicKey.pem and |
| // comparing your results to this field. Discard the response in case |
| // of |
| // non-matching checksum values, and perform a limited number of |
| // retries. A |
| // persistent mismatch may indicate an issue in your computation of the |
| // CRC32C |
| // checksum. |
| // Note: This field is defined as int64 for reasons of compatibility |
| // across |
| // different languages. However, it is a non-negative integer, which |
| // will |
| // never exceed 2^32-1, and can be safely downconverted to uint32 in |
| // languages |
| // that support this type. |
| // |
| // NOTE: This field is in Beta. |
| PemCrc32c int64 `json:"pemCrc32c,omitempty,string"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Algorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Algorithm") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *PublicKey) MarshalJSON() ([]byte, error) { |
| type NoMethod PublicKey |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // RestoreCryptoKeyVersionRequest: Request message for |
| // KeyManagementService.RestoreCryptoKeyVersion. |
| type RestoreCryptoKeyVersionRequest struct { |
| } |
| |
| // SetIamPolicyRequest: Request message for `SetIamPolicy` method. |
| type SetIamPolicyRequest struct { |
| // Policy: REQUIRED: The complete policy to be applied to the |
| // `resource`. The size of |
| // the policy is limited to a few 10s of KB. An empty policy is a |
| // valid policy but certain Cloud Platform services (such as |
| // Projects) |
| // might reject them. |
| Policy *Policy `json:"policy,omitempty"` |
| |
| // UpdateMask: OPTIONAL: A FieldMask specifying which fields of the |
| // policy to modify. Only |
| // the fields in the mask will be modified. If no mask is provided, |
| // the |
| // following default mask is used: |
| // |
| // `paths: "bindings, etag" |
| UpdateMask string `json:"updateMask,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Policy") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Policy") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod SetIamPolicyRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // TestIamPermissionsRequest: Request message for `TestIamPermissions` |
| // method. |
| type TestIamPermissionsRequest struct { |
| // Permissions: The set of permissions to check for the `resource`. |
| // Permissions with |
| // wildcards (such as '*' or 'storage.*') are not allowed. For |
| // more |
| // information see |
| // [IAM |
| // Overview](https://cloud.google.com/iam/docs/overview#permissions). |
| Permissions []string `json:"permissions,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Permissions") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Permissions") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod TestIamPermissionsRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // TestIamPermissionsResponse: Response message for `TestIamPermissions` |
| // method. |
| type TestIamPermissionsResponse struct { |
| // Permissions: A subset of `TestPermissionsRequest.permissions` that |
| // the caller is |
| // allowed. |
| Permissions []string `json:"permissions,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Permissions") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Permissions") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod TestIamPermissionsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // UpdateCryptoKeyPrimaryVersionRequest: Request message for |
| // KeyManagementService.UpdateCryptoKeyPrimaryVersion. |
| type UpdateCryptoKeyPrimaryVersionRequest struct { |
| // CryptoKeyVersionId: Required. The id of the child CryptoKeyVersion to |
| // use as primary. |
| CryptoKeyVersionId string `json:"cryptoKeyVersionId,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "CryptoKeyVersionId") |
| // to unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "CryptoKeyVersionId") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *UpdateCryptoKeyPrimaryVersionRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod UpdateCryptoKeyPrimaryVersionRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // WrappingPublicKey: The public key component of the wrapping key. For |
| // details of the type of |
| // key this public key corresponds to, see the ImportMethod. |
| type WrappingPublicKey struct { |
| // Pem: The public key, encoded in PEM format. For more information, see |
| // the [RFC |
| // 7468](https://tools.ietf.org/html/rfc7468) sections for |
| // [General |
| // Considerations](https://tools.ietf.org/html/rfc7468#section-2 |
| // ) and |
| // [Textual Encoding of Subject Public Key |
| // Info] |
| // (https://tools.ietf.org/html/rfc7468#section-13). |
| Pem string `json:"pem,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Pem") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Pem") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *WrappingPublicKey) MarshalJSON() ([]byte, error) { |
| type NoMethod WrappingPublicKey |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // method id "cloudkms.projects.locations.get": |
| |
| type ProjectsLocationsGetCall struct { |
| s *Service |
| name string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Get: Gets information about a location. |
| func (r *ProjectsLocationsService) Get(name string) *ProjectsLocationsGetCall { |
| c := &ProjectsLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *ProjectsLocationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // IfNoneMatch sets the optional parameter which makes the operation |
| // fail if the object's ETag matches the given value. This is useful for |
| // getting updates only after the object has changed since the last |
| // request. Use googleapi.IsNotModified to check whether the response |
| // error from Do is the result of In-None-Match. |
| func (c *ProjectsLocationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetCall { |
| c.ifNoneMatch_ = entityTag |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *ProjectsLocationsGetCall) Context(ctx context.Context) *ProjectsLocationsGetCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *ProjectsLocationsGetCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *ProjectsLocationsGetCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200708") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| if c.ifNoneMatch_ != "" { |
| reqHeaders.Set("If-None-Match", c.ifNoneMatch_) |
| } |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("GET", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "cloudkms.projects.locations.get" call. |
| // Exactly one of *Location or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Location.ServerResponse.Header or (if a response was returned at |
| // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified |
| // to check whether the returned error was because |
| // http.StatusNotModified was returned. |
| func (c *ProjectsLocationsGetCall) Do(opts ...googleapi.CallOption) (*Location, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Location{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Gets information about a location.", |
| // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}", |
| // "httpMethod": "GET", |
| // "id": "cloudkms.projects.locations.get", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "name": { |
| // "description": "Resource name for the location.", |
| // "location": "path", |
| // "pattern": "^projects/[^/]+/locations/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}", |
| // "response": { |
| // "$ref": "Location" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform", |
| // "https://www.googleapis.com/auth/cloudkms" |
| // ] |
| // } |
| |
| } |
| |
| // method id "cloudkms.projects.locations.list": |
| |
| type ProjectsLocationsListCall struct { |
| s *Service |
| name string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // List: Lists information about the supported locations for this |
| // service. |
| func (r *ProjectsLocationsService) List(name string) *ProjectsLocationsListCall { |
| c := &ProjectsLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| return c |
| } |
| |
| // Filter sets the optional parameter "filter": The standard list |
| // filter. |
| func (c *ProjectsLocationsListCall) Filter(filter string) *ProjectsLocationsListCall { |
| c.urlParams_.Set("filter", filter) |
| return c |
| } |
| |
| // PageSize sets the optional parameter "pageSize": The standard list |
| // page size. |
| func (c *ProjectsLocationsListCall) PageSize(pageSize int64) *ProjectsLocationsListCall { |
| c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) |
| return c |
| } |
| |
| // PageToken sets the optional parameter "pageToken": The standard list |
| // page token. |
| func (c *ProjectsLocationsListCall) PageToken(pageToken string) *ProjectsLocationsListCall { |
| c.urlParams_.Set("pageToken", pageToken) |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *ProjectsLocationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsListCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // IfNoneMatch sets the optional parameter which makes the operation |
| // fail if the object's ETag matches the given value. This is useful for |
| // getting updates only after the object has changed since the last |
| // request. Use googleapi.IsNotModified to check whether the response |
| // error from Do is the result of In-None-Match. |
| func (c *ProjectsLocationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsListCall { |
| c.ifNoneMatch_ = entityTag |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *ProjectsLocationsListCall) Context(ctx context.Context) *ProjectsLocationsListCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *ProjectsLocationsListCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *ProjectsLocationsListCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200708") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| if c.ifNoneMatch_ != "" { |
| reqHeaders.Set("If-None-Match", c.ifNoneMatch_) |
| } |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/locations") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("GET", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "cloudkms.projects.locations.list" call. |
| // Exactly one of *ListLocationsResponse or error will be non-nil. Any |
| // non-2xx status code is an error. Response headers are in either |
| // *ListLocationsResponse.ServerResponse.Header or (if a response was |
| // returned at all) in error.(*googleapi.Error).Header. Use |
| // googleapi.IsNotModified to check whether the returned error was |
| // because http.StatusNotModified was returned. |
| func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocationsResponse, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &ListLocationsResponse{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Lists information about the supported locations for this service.", |
| // "flatPath": "v1/projects/{projectsId}/locations", |
| // "httpMethod": "GET", |
| // "id": "cloudkms.projects.locations.list", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "filter": { |
| // "description": "The standard list filter.", |
| // "location": "query", |
| // "type": "string" |
| // }, |
| // "name": { |
| // "description": "The resource that owns the locations collection, if applicable.", |
| // "location": "path", |
| // "pattern": "^projects/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // }, |
| // "pageSize": { |
| // "description": "The standard list page size.", |
| // "format": "int32", |
| // "location": "query", |
| // "type": "integer" |
| // }, |
| // "pageToken": { |
| // "description": "The standard list page token.", |
| // "location": "query", |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}/locations", |
| // "response": { |
| // "$ref": "ListLocationsResponse" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform", |
| // "https://www.googleapis.com/auth/cloudkms" |
| // ] |
| // } |
| |
| } |
| |
| // Pages invokes f for each page of results. |
| // A non-nil error returned from f will halt the iteration. |
| // The provided context supersedes any context provided to the Context method. |
| func (c *ProjectsLocationsListCall) Pages(ctx context.Context, f func(*ListLocationsResponse) error) error { |
| c.ctx_ = ctx |
| defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point |
| for { |
| x, err := c.Do() |
| if err != nil { |
| return err |
| } |
| if err := f(x); err != nil { |
| return err |
| } |
| if x.NextPageToken == "" { |
| return nil |
| } |
| c.PageToken(x.NextPageToken) |
| } |
| } |
| |
| // method id "cloudkms.projects.locations.keyRings.create": |
| |
| type ProjectsLocationsKeyRingsCreateCall struct { |
| s *Service |
| parent string |
| keyring *KeyRing |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Create: Create a new KeyRing in a given Project and Location. |
| func (r *ProjectsLocationsKeyRingsService) Create(parent string, keyring *KeyRing) *ProjectsLocationsKeyRingsCreateCall { |
| c := &ProjectsLocationsKeyRingsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.parent = parent |
| c.keyring = keyring |
| return c |
| } |
| |
| // KeyRingId sets the optional parameter "keyRingId": Required. It must |
| // be unique within a location and match the regular |
| // expression `[a-zA-Z0-9_-]{1,63}` |
| func (c *ProjectsLocationsKeyRingsCreateCall) KeyRingId(keyRingId string) *ProjectsLocationsKeyRingsCreateCall { |
| c.urlParams_.Set("keyRingId", keyRingId) |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *ProjectsLocationsKeyRingsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCreateCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *ProjectsLocationsKeyRingsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCreateCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *ProjectsLocationsKeyRingsCreateCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *ProjectsLocationsKeyRingsCreateCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200708") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.keyring) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "parent": c.parent, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "cloudkms.projects.locations.keyRings.create" call. |
| // Exactly one of *KeyRing or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *KeyRing.ServerResponse.Header or (if a response was returned at all) |
| // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to |
| // check whether the returned error was because http.StatusNotModified |
| // was returned. |
| func (c *ProjectsLocationsKeyRingsCreateCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &KeyRing{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Create a new KeyRing in a given Project and Location.", |
| // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings", |
| // "httpMethod": "POST", |
| // "id": "cloudkms.projects.locations.keyRings.create", |
| // "parameterOrder": [ |
| // "parent" |
| // ], |
| // "parameters": { |
| // "keyRingId": { |
| // "description": "Required. It must be unique within a location and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`", |
| // "location": "query", |
| // "type": "string" |
| // }, |
| // "parent": { |
| // "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.", |
| // "location": "path", |
| // "pattern": "^projects/[^/]+/locations/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+parent}/keyRings", |
| // "request": { |
| // "$ref": "KeyRing" |
| // }, |
| // "response": { |
| // "$ref": "KeyRing" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform", |
| // "https://www.googleapis.com/auth/cloudkms" |
| // ] |
| // } |
| |
| } |
| |
| // method id "cloudkms.projects.locations.keyRings.get": |
| |
| type ProjectsLocationsKeyRingsGetCall struct { |
| s *Service |
| name string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Get: Returns metadata for a given KeyRing. |
| func (r *ProjectsLocationsKeyRingsService) Get(name string) *ProjectsLocationsKeyRingsGetCall { |
| c := &ProjectsLocationsKeyRingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *ProjectsLocationsKeyRingsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // IfNoneMatch sets the optional parameter which makes the operation |
| // fail if the object's ETag matches the given value. This is useful for |
| // getting updates only after the object has changed since the last |
| // request. Use googleapi.IsNotModified to check whether the response |
| // error from Do is the result of In-None-Match. |
| func (c *ProjectsLocationsKeyRingsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetCall { |
| c.ifNoneMatch_ = entityTag |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *ProjectsLocationsKeyRingsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *ProjectsLocationsKeyRingsGetCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *ProjectsLocationsKeyRingsGetCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200708") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| if c.ifNoneMatch_ != "" { |
| reqHeaders.Set("If-None-Match", c.ifNoneMatch_) |
| } |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("GET", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "cloudkms.projects.locations.keyRings.get" call. |
| // Exactly one of *KeyRing or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *KeyRing.ServerResponse.Header or (if a response was returned at all) |
| // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to |
| // check whether the returned error was because http.StatusNotModified |
| // was returned. |
| func (c *ProjectsLocationsKeyRingsGetCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &KeyRing{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Returns metadata for a given KeyRing.", |
| // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}", |
| // "httpMethod": "GET", |
| // "id": "cloudkms.projects.locations.keyRings.get", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "name": { |
| // "description": "Required. The name of the KeyRing to get.", |
| // "location": "path", |
| // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}", |
| // "response": { |
| // "$ref": "KeyRing" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform", |
| // "https://www.googleapis.com/auth/cloudkms" |
| // ] |
| // } |
| |
| } |
| |
| // method id "cloudkms.projects.locations.keyRings.getIamPolicy": |
| |
| type ProjectsLocationsKeyRingsGetIamPolicyCall struct { |
| s *Service |
| resource string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // GetIamPolicy: Gets the access control policy for a resource. |
| // Returns an empty policy if the resource exists and does not have a |
| // policy |
| // set. |
| func (r *ProjectsLocationsKeyRingsService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsGetIamPolicyCall { |
| c := &ProjectsLocationsKeyRingsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.resource = resource |
| return c<
|