blob: 7f0c2991e2be18fbc3b9d1a03a75acc5d9571a25 [file] [log] [blame]
// Copyright 2020 Google LLC.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Code generated file. DO NOT EDIT.
// Package cloudkms provides access to the Cloud Key Management Service (KMS) API.
//
// This package is DEPRECATED. Use package cloud.google.com/go/kms/apiv1 instead.
//
// For product documentation, see: https://cloud.google.com/kms/
//
// Creating a client
//
// Usage example:
//
// import "google.golang.org/api/cloudkms/v1"
// ...
// ctx := context.Background()
// cloudkmsService, err := cloudkms.NewService(ctx)
//
// In this example, Google Application Default Credentials are used for authentication.
//
// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
//
// Other authentication options
//
// By default, all available scopes (see "Constants") are used to authenticate. To restrict scopes, use option.WithScopes:
//
// cloudkmsService, err := cloudkms.NewService(ctx, option.WithScopes(cloudkms.CloudkmsScope))
//
// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
//
// cloudkmsService, err := cloudkms.NewService(ctx, option.WithAPIKey("AIza..."))
//
// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
//
// config := &oauth2.Config{...}
// // ...
// token, err := config.Exchange(ctx, ...)
// cloudkmsService, err := cloudkms.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
//
// See https://godoc.org/google.golang.org/api/option/ for details on options.
package cloudkms // import "google.golang.org/api/cloudkms/v1"
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"net/url"
"strconv"
"strings"
googleapi "google.golang.org/api/googleapi"
gensupport "google.golang.org/api/internal/gensupport"
option "google.golang.org/api/option"
internaloption "google.golang.org/api/option/internaloption"
htransport "google.golang.org/api/transport/http"
)
// Always reference these packages, just in case the auto-generated code
// below doesn't.
var _ = bytes.NewBuffer
var _ = strconv.Itoa
var _ = fmt.Sprintf
var _ = json.NewDecoder
var _ = io.Copy
var _ = url.Parse
var _ = gensupport.MarshalJSON
var _ = googleapi.Version
var _ = errors.New
var _ = strings.Replace
var _ = context.Canceled
var _ = internaloption.WithDefaultEndpoint
const apiId = "cloudkms:v1"
const apiName = "cloudkms"
const apiVersion = "v1"
const basePath = "https://cloudkms.googleapis.com/"
const mtlsBasePath = "https://cloudkms.mtls.googleapis.com/"
// OAuth2 scopes used by this API.
const (
// View and manage your data across Google Cloud Platform services
CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
// View and manage your keys and secrets stored in Cloud Key Management
// Service
CloudkmsScope = "https://www.googleapis.com/auth/cloudkms"
)
// NewService creates a new Service.
func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
scopesOption := option.WithScopes(
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloudkms",
)
// NOTE: prepend, so we don't override user-specified scopes.
opts = append([]option.ClientOption{scopesOption}, opts...)
opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
client, endpoint, err := htransport.NewClient(ctx, opts...)
if err != nil {
return nil, err
}
s, err := New(client)
if err != nil {
return nil, err
}
if endpoint != "" {
s.BasePath = endpoint
}
return s, nil
}
// New creates a new Service. It uses the provided http.Client for requests.
//
// Deprecated: please use NewService instead.
// To provide a custom HTTP client, use option.WithHTTPClient.
// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func New(client *http.Client) (*Service, error) {
if client == nil {
return nil, errors.New("client is nil")
}
s := &Service{client: client, BasePath: basePath}
s.Projects = NewProjectsService(s)
return s, nil
}
type Service struct {
client *http.Client
BasePath string // API endpoint base URL
UserAgent string // optional additional User-Agent fragment
Projects *ProjectsService
}
func (s *Service) userAgent() string {
if s.UserAgent == "" {
return googleapi.UserAgent
}
return googleapi.UserAgent + " " + s.UserAgent
}
func NewProjectsService(s *Service) *ProjectsService {
rs := &ProjectsService{s: s}
rs.Locations = NewProjectsLocationsService(s)
return rs
}
type ProjectsService struct {
s *Service
Locations *ProjectsLocationsService
}
func NewProjectsLocationsService(s *Service) *ProjectsLocationsService {
rs := &ProjectsLocationsService{s: s}
rs.KeyRings = NewProjectsLocationsKeyRingsService(s)
return rs
}
type ProjectsLocationsService struct {
s *Service
KeyRings *ProjectsLocationsKeyRingsService
}
func NewProjectsLocationsKeyRingsService(s *Service) *ProjectsLocationsKeyRingsService {
rs := &ProjectsLocationsKeyRingsService{s: s}
rs.CryptoKeys = NewProjectsLocationsKeyRingsCryptoKeysService(s)
rs.ImportJobs = NewProjectsLocationsKeyRingsImportJobsService(s)
return rs
}
type ProjectsLocationsKeyRingsService struct {
s *Service
CryptoKeys *ProjectsLocationsKeyRingsCryptoKeysService
ImportJobs *ProjectsLocationsKeyRingsImportJobsService
}
func NewProjectsLocationsKeyRingsCryptoKeysService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysService {
rs := &ProjectsLocationsKeyRingsCryptoKeysService{s: s}
rs.CryptoKeyVersions = NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s)
return rs
}
type ProjectsLocationsKeyRingsCryptoKeysService struct {
s *Service
CryptoKeyVersions *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService
}
func NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService {
rs := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService{s: s}
return rs
}
type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService struct {
s *Service
}
func NewProjectsLocationsKeyRingsImportJobsService(s *Service) *ProjectsLocationsKeyRingsImportJobsService {
rs := &ProjectsLocationsKeyRingsImportJobsService{s: s}
return rs
}
type ProjectsLocationsKeyRingsImportJobsService struct {
s *Service
}
// AsymmetricDecryptRequest: Request message for
// KeyManagementService.AsymmetricDecrypt.
type AsymmetricDecryptRequest struct {
// Ciphertext: Required. The data encrypted with the named
// CryptoKeyVersion's public
// key using OAEP.
Ciphertext string `json:"ciphertext,omitempty"`
// CiphertextCrc32c: Optional. An optional CRC32C checksum of the
// AsymmetricDecryptRequest.ciphertext.
// If specified, KeyManagementService will verify the integrity of
// the
// received AsymmetricDecryptRequest.ciphertext using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(AsymmetricDecryptRequest.ciphertext) is equal
// to
// AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform
// a
// limited number of retries. A persistent mismatch may indicate an
// issue in
// your computation of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
// ForceSendFields is a list of field names (e.g. "Ciphertext") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Ciphertext") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AsymmetricDecryptRequest) MarshalJSON() ([]byte, error) {
type NoMethod AsymmetricDecryptRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AsymmetricDecryptResponse: Response message for
// KeyManagementService.AsymmetricDecrypt.
type AsymmetricDecryptResponse struct {
// Plaintext: The decrypted data originally encrypted with the matching
// public key.
Plaintext string `json:"plaintext,omitempty"`
// PlaintextCrc32c: Integrity verification field. A CRC32C checksum of
// the returned
// AsymmetricDecryptResponse.plaintext. An integrity check
// of
// AsymmetricDecryptResponse.plaintext can be performed by computing
// the
// CRC32C checksum of AsymmetricDecryptResponse.plaintext and
// comparing
// your results to this field. Discard the response in case of
// non-matching
// checksum values, and perform a limited number of retries. A
// persistent
// mismatch may indicate an issue in your computation of the CRC32C
// checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
// VerifiedCiphertextCrc32c: Integrity verification field. A flag
// indicating whether
// AsymmetricDecryptRequest.ciphertext_crc32c was received
// by
// KeyManagementService and used for the integrity verification of
// the
// ciphertext. A false value of this
// field indicates either that
// AsymmetricDecryptRequest.ciphertext_crc32c
// was left unset or that it was not delivered to KeyManagementService.
// If
// you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field
// is
// still false, discard the response and perform a limited number of
// retries.
//
// NOTE: This field is in Beta.
VerifiedCiphertextCrc32c bool `json:"verifiedCiphertextCrc32c,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Plaintext") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Plaintext") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AsymmetricDecryptResponse) MarshalJSON() ([]byte, error) {
type NoMethod AsymmetricDecryptResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AsymmetricSignRequest: Request message for
// KeyManagementService.AsymmetricSign.
type AsymmetricSignRequest struct {
// Digest: Required. The digest of the data to sign. The digest must be
// produced with
// the same digest algorithm as specified by the key
// version's
// algorithm.
Digest *Digest `json:"digest,omitempty"`
// DigestCrc32c: Optional. An optional CRC32C checksum of the
// AsymmetricSignRequest.digest. If
// specified, KeyManagementService will verify the integrity of
// the
// received AsymmetricSignRequest.digest using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(AsymmetricSignRequest.digest) is equal
// to
// AsymmetricSignRequest.digest_crc32c, and if so, perform a
// limited
// number of retries. A persistent mismatch may indicate an issue in
// your
// computation of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
DigestCrc32c int64 `json:"digestCrc32c,omitempty,string"`
// ForceSendFields is a list of field names (e.g. "Digest") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Digest") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AsymmetricSignRequest) MarshalJSON() ([]byte, error) {
type NoMethod AsymmetricSignRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AsymmetricSignResponse: Response message for
// KeyManagementService.AsymmetricSign.
type AsymmetricSignResponse struct {
// Name: The resource name of the CryptoKeyVersion used for signing.
// Check
// this field to verify that the intended resource was used for
// signing.
//
// NOTE: This field is in Beta.
Name string `json:"name,omitempty"`
// Signature: The created signature.
Signature string `json:"signature,omitempty"`
// SignatureCrc32c: Integrity verification field. A CRC32C checksum of
// the returned
// AsymmetricSignResponse.signature. An integrity check
// of
// AsymmetricSignResponse.signature can be performed by computing
// the
// CRC32C checksum of AsymmetricSignResponse.signature and comparing
// your
// results to this field. Discard the response in case of
// non-matching
// checksum values, and perform a limited number of retries. A
// persistent
// mismatch may indicate an issue in your computation of the CRC32C
// checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
SignatureCrc32c int64 `json:"signatureCrc32c,omitempty,string"`
// VerifiedDigestCrc32c: Integrity verification field. A flag indicating
// whether
// AsymmetricSignRequest.digest_crc32c was received
// by
// KeyManagementService and used for the integrity verification of
// the
// digest. A false value of this field
// indicates either that AsymmetricSignRequest.digest_crc32c was
// left
// unset or that it was not delivered to KeyManagementService. If
// you've
// set AsymmetricSignRequest.digest_crc32c but this field is still
// false,
// discard the response and perform a limited number of retries.
//
// NOTE: This field is in Beta.
VerifiedDigestCrc32c bool `json:"verifiedDigestCrc32c,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Name") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Name") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AsymmetricSignResponse) MarshalJSON() ([]byte, error) {
type NoMethod AsymmetricSignResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditConfig: Specifies the audit configuration for a service.
// The configuration determines which permission types are logged, and
// what
// identities, if any, are exempted from logging.
// An AuditConfig must have one or more AuditLogConfigs.
//
// If there are AuditConfigs for both `allServices` and a specific
// service,
// the union of the two AuditConfigs is used for that service: the
// log_types
// specified in each AuditConfig are enabled, and the exempted_members
// in each
// AuditLogConfig are exempted.
//
// Example Policy with multiple AuditConfigs:
//
// {
// "audit_configs": [
// {
// "service": "allServices",
// "audit_log_configs": [
// {
// "log_type": "DATA_READ",
// "exempted_members": [
// "user:jose@example.com"
// ]
// },
// {
// "log_type": "DATA_WRITE"
// },
// {
// "log_type": "ADMIN_READ"
// }
// ]
// },
// {
// "service": "sampleservice.googleapis.com",
// "audit_log_configs": [
// {
// "log_type": "DATA_READ"
// },
// {
// "log_type": "DATA_WRITE",
// "exempted_members": [
// "user:aliya@example.com"
// ]
// }
// ]
// }
// ]
// }
//
// For sampleservice, this policy enables DATA_READ, DATA_WRITE and
// ADMIN_READ
// logging. It also exempts jose@example.com from DATA_READ logging,
// and
// aliya@example.com from DATA_WRITE logging.
type AuditConfig struct {
// AuditLogConfigs: The configuration for logging of each type of
// permission.
AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
// Service: Specifies a service that will be enabled for audit
// logging.
// For example, `storage.googleapis.com`,
// `cloudsql.googleapis.com`.
// `allServices` is a special value that covers all services.
Service string `json:"service,omitempty"`
// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AuditLogConfigs") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *AuditConfig) MarshalJSON() ([]byte, error) {
type NoMethod AuditConfig
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditLogConfig: Provides the configuration for logging a type of
// permissions.
// Example:
//
// {
// "audit_log_configs": [
// {
// "log_type": "DATA_READ",
// "exempted_members": [
// "user:jose@example.com"
// ]
// },
// {
// "log_type": "DATA_WRITE"
// }
// ]
// }
//
// This enables 'DATA_READ' and 'DATA_WRITE' logging, while
// exempting
// jose@example.com from DATA_READ logging.
type AuditLogConfig struct {
// ExemptedMembers: Specifies the identities that do not cause logging
// for this type of
// permission.
// Follows the same format of Binding.members.
ExemptedMembers []string `json:"exemptedMembers,omitempty"`
// LogType: The log type that this config enables.
//
// Possible values:
// "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
// "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
// "DATA_WRITE" - Data writes. Example: CloudSQL Users create
// "DATA_READ" - Data reads. Example: CloudSQL Users list
LogType string `json:"logType,omitempty"`
// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ExemptedMembers") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *AuditLogConfig) MarshalJSON() ([]byte, error) {
type NoMethod AuditLogConfig
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Binding: Associates `members` with a `role`.
type Binding struct {
// Condition: The condition that is associated with this binding.
//
// If the condition evaluates to `true`, then this binding applies to
// the
// current request.
//
// If the condition evaluates to `false`, then this binding does not
// apply to
// the current request. However, a different role binding might grant
// the same
// role to one or more of the members in this binding.
//
// To learn which resources support conditions in their IAM policies,
// see
// the
// [IAM
// documentation](https://cloud.google.com/iam/help/conditions/r
// esource-policies).
Condition *Expr `json:"condition,omitempty"`
// Members: Specifies the identities requesting access for a Cloud
// Platform resource.
// `members` can have the following values:
//
// * `allUsers`: A special identifier that represents anyone who is
// on the internet; with or without a Google account.
//
// * `allAuthenticatedUsers`: A special identifier that represents
// anyone
// who is authenticated with a Google account or a service
// account.
//
// * `user:{emailid}`: An email address that represents a specific
// Google
// account. For example, `alice@example.com` .
//
//
// * `serviceAccount:{emailid}`: An email address that represents a
// service
// account. For example,
// `my-other-app@appspot.gserviceaccount.com`.
//
// * `group:{emailid}`: An email address that represents a Google
// group.
// For example, `admins@example.com`.
//
// * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
// unique
// identifier) representing a user that has been recently deleted.
// For
// example, `alice@example.com?uid=123456789012345678901`. If the
// user is
// recovered, this value reverts to `user:{emailid}` and the
// recovered user
// retains the role in the binding.
//
// * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
// (plus
// unique identifier) representing a service account that has been
// recently
// deleted. For example,
//
// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
//
// If the service account is undeleted, this value reverts to
// `serviceAccount:{emailid}` and the undeleted service account
// retains the
// role in the binding.
//
// * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus
// unique
// identifier) representing a Google group that has been recently
// deleted. For example,
// `admins@example.com?uid=123456789012345678901`. If
// the group is recovered, this value reverts to `group:{emailid}`
// and the
// recovered group retains the role in the binding.
//
//
// * `domain:{domain}`: The G Suite domain (primary) that represents all
// the
// users of that domain. For example, `google.com` or
// `example.com`.
//
//
Members []string `json:"members,omitempty"`
// Role: Role that is assigned to `members`.
// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
Role string `json:"role,omitempty"`
// ForceSendFields is a list of field names (e.g. "Condition") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Condition") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Binding) MarshalJSON() ([]byte, error) {
type NoMethod Binding
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CryptoKey: A CryptoKey represents a logical key that can be used for
// cryptographic
// operations.
//
// A CryptoKey is made up of zero or more versions,
// which represent the actual key material used in cryptographic
// operations.
type CryptoKey struct {
// CreateTime: Output only. The time at which this CryptoKey was
// created.
CreateTime string `json:"createTime,omitempty"`
// Labels: Labels with user-defined metadata. For more information,
// see
// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
Labels map[string]string `json:"labels,omitempty"`
// Name: Output only. The resource name for this CryptoKey in the
// format
// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
Name string `json:"name,omitempty"`
// NextRotationTime: At next_rotation_time, the Key Management Service
// will automatically:
//
// 1. Create a new version of this CryptoKey.
// 2. Mark the new version as primary.
//
// Key rotations performed manually via
// CreateCryptoKeyVersion and
// UpdateCryptoKeyPrimaryVersion
// do not affect next_rotation_time.
//
// Keys with purpose
// ENCRYPT_DECRYPT support
// automatic rotation. For other keys, this field must be omitted.
NextRotationTime string `json:"nextRotationTime,omitempty"`
// Primary: Output only. A copy of the "primary" CryptoKeyVersion that
// will be used
// by Encrypt when this CryptoKey is given
// in EncryptRequest.name.
//
// The CryptoKey's primary version can be updated
// via
// UpdateCryptoKeyPrimaryVersion.
//
// Keys with purpose
// ENCRYPT_DECRYPT may have a
// primary. For other keys, this field will be omitted.
Primary *CryptoKeyVersion `json:"primary,omitempty"`
// Purpose: Immutable. The immutable purpose of this CryptoKey.
//
// Possible values:
// "CRYPTO_KEY_PURPOSE_UNSPECIFIED" - Not specified.
// "ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used
// with
// Encrypt and
// Decrypt.
// "ASYMMETRIC_SIGN" - CryptoKeys with this purpose may be used
// with
// AsymmetricSign and
// GetPublicKey.
// "ASYMMETRIC_DECRYPT" - CryptoKeys with this purpose may be used
// with
// AsymmetricDecrypt and
// GetPublicKey.
Purpose string `json:"purpose,omitempty"`
// RotationPeriod: next_rotation_time will be advanced by this period
// when the service
// automatically rotates a key. Must be at least 24 hours and at
// most
// 876,000 hours.
//
// If rotation_period is set, next_rotation_time must also be set.
//
// Keys with purpose
// ENCRYPT_DECRYPT support
// automatic rotation. For other keys, this field must be omitted.
RotationPeriod string `json:"rotationPeriod,omitempty"`
// VersionTemplate: A template describing settings for new
// CryptoKeyVersion instances.
// The properties of new CryptoKeyVersion instances created by
// either
// CreateCryptoKeyVersion or
// auto-rotation are controlled by this template.
VersionTemplate *CryptoKeyVersionTemplate `json:"versionTemplate,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "CreateTime") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "CreateTime") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CryptoKey) MarshalJSON() ([]byte, error) {
type NoMethod CryptoKey
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CryptoKeyVersion: A CryptoKeyVersion represents an individual
// cryptographic key, and the
// associated key material.
//
// An ENABLED version can be
// used for cryptographic operations.
//
// For security reasons, the raw cryptographic key material represented
// by a
// CryptoKeyVersion can never be viewed or exported. It can only be used
// to
// encrypt, decrypt, or sign data when an authorized user or application
// invokes
// Cloud KMS.
type CryptoKeyVersion struct {
// Algorithm: Output only. The CryptoKeyVersionAlgorithm that
// this
// CryptoKeyVersion supports.
//
// Possible values:
// "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
// "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
// "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512
// digest.
// "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA512 digest.
// "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a
// SHA512 digest.
// "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
// digest.
// "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
// digest.
// "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
// encryption by an external key manager.
Algorithm string `json:"algorithm,omitempty"`
// Attestation: Output only. Statement that was generated and signed by
// the HSM at key
// creation time. Use this statement to verify attributes of the key as
// stored
// on the HSM, independently of Google. Only provided for key versions
// with
// protection_level HSM.
Attestation *KeyOperationAttestation `json:"attestation,omitempty"`
// CreateTime: Output only. The time at which this CryptoKeyVersion was
// created.
CreateTime string `json:"createTime,omitempty"`
// DestroyEventTime: Output only. The time this CryptoKeyVersion's key
// material was
// destroyed. Only present if state is
// DESTROYED.
DestroyEventTime string `json:"destroyEventTime,omitempty"`
// DestroyTime: Output only. The time this CryptoKeyVersion's key
// material is scheduled
// for destruction. Only present if state is
// DESTROY_SCHEDULED.
DestroyTime string `json:"destroyTime,omitempty"`
// ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores
// a group of additional fields for
// configuring a CryptoKeyVersion that are specific to the
// EXTERNAL protection level.
ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `json:"externalProtectionLevelOptions,omitempty"`
// GenerateTime: Output only. The time this CryptoKeyVersion's key
// material was
// generated.
GenerateTime string `json:"generateTime,omitempty"`
// ImportFailureReason: Output only. The root cause of an import
// failure. Only present if
// state is
// IMPORT_FAILED.
ImportFailureReason string `json:"importFailureReason,omitempty"`
// ImportJob: Output only. The name of the ImportJob used to import
// this
// CryptoKeyVersion. Only present if the underlying key material
// was
// imported.
ImportJob string `json:"importJob,omitempty"`
// ImportTime: Output only. The time at which this CryptoKeyVersion's
// key material
// was imported.
ImportTime string `json:"importTime,omitempty"`
// Name: Output only. The resource name for this CryptoKeyVersion in the
// format
// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersio
// ns/*`.
Name string `json:"name,omitempty"`
// ProtectionLevel: Output only. The ProtectionLevel describing how
// crypto operations are
// performed with this CryptoKeyVersion.
//
// Possible values:
// "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
// "SOFTWARE" - Crypto operations are performed in software.
// "HSM" - Crypto operations are performed in a Hardware Security
// Module.
// "EXTERNAL" - Crypto operations are performed by an external key
// manager.
ProtectionLevel string `json:"protectionLevel,omitempty"`
// State: The current state of the CryptoKeyVersion.
//
// Possible values:
// "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" - Not specified.
// "PENDING_GENERATION" - This version is still being generated. It
// may not be used, enabled,
// disabled, or destroyed yet. Cloud KMS will automatically mark
// this
// version ENABLED as soon as the version is ready.
// "ENABLED" - This version may be used for cryptographic operations.
// "DISABLED" - This version may not be used, but the key material is
// still available,
// and the version can be placed back into the ENABLED state.
// "DESTROYED" - This version is destroyed, and the key material is no
// longer stored.
// A version may not leave this state once entered.
// "DESTROY_SCHEDULED" - This version is scheduled for destruction,
// and will be destroyed soon.
// Call
// RestoreCryptoKeyVersion
// to put it back into the DISABLED state.
// "PENDING_IMPORT" - This version is still being imported. It may not
// be used, enabled,
// disabled, or destroyed yet. Cloud KMS will automatically mark
// this
// version ENABLED as soon as the version is ready.
// "IMPORT_FAILED" - This version was not imported successfully. It
// may not be used, enabled,
// disabled, or destroyed. The submitted key material has been
// discarded.
// Additional details can be found
// in
// CryptoKeyVersion.import_failure_reason.
State string `json:"state,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Algorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Algorithm") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CryptoKeyVersion) MarshalJSON() ([]byte, error) {
type NoMethod CryptoKeyVersion
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CryptoKeyVersionTemplate: A CryptoKeyVersionTemplate specifies the
// properties to use when creating
// a new CryptoKeyVersion, either manually with
// CreateCryptoKeyVersion or
// automatically as a result of auto-rotation.
type CryptoKeyVersionTemplate struct {
// Algorithm: Required. Algorithm to use
// when creating a CryptoKeyVersion based on this template.
//
// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied
// if both
// this field is omitted and CryptoKey.purpose is
// ENCRYPT_DECRYPT.
//
// Possible values:
// "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
// "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
// "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512
// digest.
// "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA512 digest.
// "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a
// SHA512 digest.
// "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
// digest.
// "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
// digest.
// "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
// encryption by an external key manager.
Algorithm string `json:"algorithm,omitempty"`
// ProtectionLevel: ProtectionLevel to use when creating a
// CryptoKeyVersion based on
// this template. Immutable. Defaults to SOFTWARE.
//
// Possible values:
// "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
// "SOFTWARE" - Crypto operations are performed in software.
// "HSM" - Crypto operations are performed in a Hardware Security
// Module.
// "EXTERNAL" - Crypto operations are performed by an external key
// manager.
ProtectionLevel string `json:"protectionLevel,omitempty"`
// ForceSendFields is a list of field names (e.g. "Algorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Algorithm") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CryptoKeyVersionTemplate) MarshalJSON() ([]byte, error) {
type NoMethod CryptoKeyVersionTemplate
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// DecryptRequest: Request message for KeyManagementService.Decrypt.
type DecryptRequest struct {
// AdditionalAuthenticatedData: Optional. Optional data that must match
// the data originally supplied
// in
// EncryptRequest.additional_authenticated_data.
AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C
// checksum of the
// DecryptRequest.additional_authenticated_data. If
// specified,
// KeyManagementService will verify the integrity of the
// received
// DecryptRequest.additional_authenticated_data using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(DecryptRequest.additional_authenticated_data) is equal
// to
// DecryptRequest.additional_authenticated_data_crc32c, and if so,
// perform
// a limited number of retries. A persistent mismatch may indicate an
// issue in
// your computation of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
// Ciphertext: Required. The encrypted data originally returned
// in
// EncryptResponse.ciphertext.
Ciphertext string `json:"ciphertext,omitempty"`
// CiphertextCrc32c: Optional. An optional CRC32C checksum of the
// DecryptRequest.ciphertext. If
// specified, KeyManagementService will verify the integrity of
// the
// received DecryptRequest.ciphertext using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(DecryptRequest.ciphertext) is equal
// to
// DecryptRequest.ciphertext_crc32c, and if so, perform a limited
// number
// of retries. A persistent mismatch may indicate an issue in your
// computation
// of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
// ForceSendFields is a list of field names (e.g.
// "AdditionalAuthenticatedData") to unconditionally include in API
// requests. By default, fields with empty values are omitted from API
// requests. However, any non-pointer, non-interface field appearing in
// ForceSendFields will be sent to the server regardless of whether the
// field is empty or not. This may be used to include empty fields in
// Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g.
// "AdditionalAuthenticatedData") to include in API requests with the
// JSON null value. By default, fields with empty values are omitted
// from API requests. However, any field with an empty value appearing
// in NullFields will be sent to the server as null. It is an error if a
// field in this list has a non-empty value. This may be used to include
// null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *DecryptRequest) MarshalJSON() ([]byte, error) {
type NoMethod DecryptRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// DecryptResponse: Response message for KeyManagementService.Decrypt.
type DecryptResponse struct {
// Plaintext: The decrypted data originally supplied in
// EncryptRequest.plaintext.
Plaintext string `json:"plaintext,omitempty"`
// PlaintextCrc32c: Integrity verification field. A CRC32C checksum of
// the returned
// DecryptResponse.plaintext. An integrity check
// of
// DecryptResponse.plaintext can be performed by computing the
// CRC32C
// checksum of DecryptResponse.plaintext and comparing your results
// to
// this field. Discard the response in case of non-matching checksum
// values,
// and perform a limited number of retries. A persistent mismatch may
// indicate
// an issue in your computation of the CRC32C checksum. Note: receiving
// this
// response message indicates that KeyManagementService is able
// to
// successfully decrypt the ciphertext.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Plaintext") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Plaintext") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *DecryptResponse) MarshalJSON() ([]byte, error) {
type NoMethod DecryptResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// DestroyCryptoKeyVersionRequest: Request message for
// KeyManagementService.DestroyCryptoKeyVersion.
type DestroyCryptoKeyVersionRequest struct {
}
// Digest: A Digest holds a cryptographic message digest.
type Digest struct {
// Sha256: A message digest produced with the SHA-256 algorithm.
Sha256 string `json:"sha256,omitempty"`
// Sha384: A message digest produced with the SHA-384 algorithm.
Sha384 string `json:"sha384,omitempty"`
// Sha512: A message digest produced with the SHA-512 algorithm.
Sha512 string `json:"sha512,omitempty"`
// ForceSendFields is a list of field names (e.g. "Sha256") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Sha256") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Digest) MarshalJSON() ([]byte, error) {
type NoMethod Digest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// EncryptRequest: Request message for KeyManagementService.Encrypt.
type EncryptRequest struct {
// AdditionalAuthenticatedData: Optional. Optional data that, if
// specified, must also be provided during decryption
// through DecryptRequest.additional_authenticated_data.
//
// The maximum size depends on the key version's
// protection_level. For
// SOFTWARE keys, the AAD must be no larger than
// 64KiB. For HSM keys, the combined length of the
// plaintext and additional_authenticated_data fields must be no larger
// than
// 8KiB.
AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C
// checksum of the
// EncryptRequest.additional_authenticated_data. If
// specified,
// KeyManagementService will verify the integrity of the
// received
// EncryptRequest.additional_authenticated_data using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(EncryptRequest.additional_authenticated_data) is equal
// to
// EncryptRequest.additional_authenticated_data_crc32c, and if so,
// perform
// a limited number of retries. A persistent mismatch may indicate an
// issue in
// your computation of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
// Plaintext: Required. The data to encrypt. Must be no larger than
// 64KiB.
//
// The maximum size depends on the key version's
// protection_level. For
// SOFTWARE keys, the plaintext must be no larger
// than 64KiB. For HSM keys, the combined length of the
// plaintext and additional_authenticated_data fields must be no larger
// than
// 8KiB.
Plaintext string `json:"plaintext,omitempty"`
// PlaintextCrc32c: Optional. An optional CRC32C checksum of the
// EncryptRequest.plaintext. If
// specified, KeyManagementService will verify the integrity of
// the
// received EncryptRequest.plaintext using this
// checksum.
// KeyManagementService will report an error if the checksum
// verification
// fails. If you receive a checksum error, your client should verify
// that
// CRC32C(EncryptRequest.plaintext) is equal
// to
// EncryptRequest.plaintext_crc32c, and if so, perform a limited number
// of
// retries. A persistent mismatch may indicate an issue in your
// computation of
// the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
// ForceSendFields is a list of field names (e.g.
// "AdditionalAuthenticatedData") to unconditionally include in API
// requests. By default, fields with empty values are omitted from API
// requests. However, any non-pointer, non-interface field appearing in
// ForceSendFields will be sent to the server regardless of whether the
// field is empty or not. This may be used to include empty fields in
// Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g.
// "AdditionalAuthenticatedData") to include in API requests with the
// JSON null value. By default, fields with empty values are omitted
// from API requests. However, any field with an empty value appearing
// in NullFields will be sent to the server as null. It is an error if a
// field in this list has a non-empty value. This may be used to include
// null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *EncryptRequest) MarshalJSON() ([]byte, error) {
type NoMethod EncryptRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// EncryptResponse: Response message for KeyManagementService.Encrypt.
type EncryptResponse struct {
// Ciphertext: The encrypted data.
Ciphertext string `json:"ciphertext,omitempty"`
// CiphertextCrc32c: Integrity verification field. A CRC32C checksum of
// the returned
// EncryptResponse.ciphertext. An integrity check
// of
// EncryptResponse.ciphertext can be performed by computing the
// CRC32C
// checksum of EncryptResponse.ciphertext and comparing your results
// to
// this field. Discard the response in case of non-matching checksum
// values,
// and perform a limited number of retries. A persistent mismatch may
// indicate
// an issue in your computation of the CRC32C checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
// Name: The resource name of the CryptoKeyVersion used in encryption.
// Check
// this field to verify that the intended resource was used for
// encryption.
Name string `json:"name,omitempty"`
// VerifiedAdditionalAuthenticatedDataCrc32c: Integrity verification
// field. A flag indicating
// whether
// EncryptRequest.additional_authenticated_data_crc32c was received
// by
// KeyManagementService and used for the integrity verification of
// the
// AAD. A false value of this
// field indicates either
// that
// EncryptRequest.additional_authenticated_data_crc32c was left unset
// or
// that it was not delivered to KeyManagementService. If you've
// set
// EncryptRequest.additional_authenticated_data_crc32c but this field
// is
// still false, discard the response and perform a limited number of
// retries.
//
// NOTE: This field is in Beta.
VerifiedAdditionalAuthenticatedDataCrc32c bool `json:"verifiedAdditionalAuthenticatedDataCrc32c,omitempty"`
// VerifiedPlaintextCrc32c: Integrity verification field. A flag
// indicating whether
// EncryptRequest.plaintext_crc32c was received by
// KeyManagementService and used for the integrity verification of
// the
// plaintext. A false value of this field
// indicates either that EncryptRequest.plaintext_crc32c was left unset
// or
// that it was not delivered to KeyManagementService. If you've
// set
// EncryptRequest.plaintext_crc32c but this field is still false,
// discard
// the response and perform a limited number of retries.
//
// NOTE: This field is in Beta.
VerifiedPlaintextCrc32c bool `json:"verifiedPlaintextCrc32c,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Ciphertext") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Ciphertext") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *EncryptResponse) MarshalJSON() ([]byte, error) {
type NoMethod EncryptResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Expr: Represents a textual expression in the Common Expression
// Language (CEL)
// syntax. CEL is a C-like expression language. The syntax and semantics
// of CEL
// are documented at https://github.com/google/cel-spec.
//
// Example (Comparison):
//
// title: "Summary size limit"
// description: "Determines if a summary is less than 100 chars"
// expression: "document.summary.size() < 100"
//
// Example (Equality):
//
// title: "Requestor is owner"
// description: "Determines if requestor is the document owner"
// expression: "document.owner ==
// request.auth.claims.email"
//
// Example (Logic):
//
// title: "Public documents"
// description: "Determine whether the document should be publicly
// visible"
// expression: "document.type != 'private' && document.type !=
// 'internal'"
//
// Example (Data Manipulation):
//
// title: "Notification string"
// description: "Create a notification string with a timestamp."
// expression: "'New message received at ' +
// string(document.create_time)"
//
// The exact variables and functions that may be referenced within an
// expression
// are determined by the service that evaluates it. See the
// service
// documentation for additional information.
type Expr struct {
// Description: Optional. Description of the expression. This is a
// longer text which
// describes the expression, e.g. when hovered over it in a UI.
Description string `json:"description,omitempty"`
// Expression: Textual representation of an expression in Common
// Expression Language
// syntax.
Expression string `json:"expression,omitempty"`
// Location: Optional. String indicating the location of the expression
// for error
// reporting, e.g. a file name and a position in the file.
Location string `json:"location,omitempty"`
// Title: Optional. Title for the expression, i.e. a short string
// describing
// its purpose. This can be used e.g. in UIs which allow to enter
// the
// expression.
Title string `json:"title,omitempty"`
// ForceSendFields is a list of field names (e.g. "Description") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Description") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Expr) MarshalJSON() ([]byte, error) {
type NoMethod Expr
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores
// a group of additional fields for
// configuring a CryptoKeyVersion that are specific to the
// EXTERNAL protection level.
type ExternalProtectionLevelOptions struct {
// ExternalKeyUri: The URI for an external resource that this
// CryptoKeyVersion represents.
ExternalKeyUri string `json:"externalKeyUri,omitempty"`
// ForceSendFields is a list of field names (e.g. "ExternalKeyUri") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ExternalKeyUri") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *ExternalProtectionLevelOptions) MarshalJSON() ([]byte, error) {
type NoMethod ExternalProtectionLevelOptions
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ImportCryptoKeyVersionRequest: Request message for
// KeyManagementService.ImportCryptoKeyVersion.
type ImportCryptoKeyVersionRequest struct {
// Algorithm: Required. The algorithm of
// the key being imported. This does not need to match
// the
// version_template of the CryptoKey this
// version imports into.
//
// Possible values:
// "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
// "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
// "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512
// digest.
// "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA512 digest.
// "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a
// SHA512 digest.
// "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
// digest.
// "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
// digest.
// "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
// encryption by an external key manager.
Algorithm string `json:"algorithm,omitempty"`
// ImportJob: Required. The name of the ImportJob that was used to
// wrap this key material.
ImportJob string `json:"importJob,omitempty"`
// RsaAesWrappedKey: Wrapped key material produced
// with
// RSA_OAEP_3072_SHA1_AES_256
// or
// RSA_OAEP_4096_SHA1_AES_256.
//
// This field contains the concatenation of two wrapped keys:
// <ol>
// <li>An ephemeral AES-256 wrapping key wrapped with the
// public_key using RSAES-OAEP with SHA-1,
// MGF1 with SHA-1, and an empty label.
// </li>
// <li>The key to be imported, wrapped with the ephemeral AES-256 key
// using AES-KWP (RFC 5649).
// </li>
// </ol>
//
// If importing symmetric key material, it is expected that the
// unwrapped
// key contains plain bytes. If importing asymmetric key material, it
// is
// expected that the unwrapped key is in PKCS#8-encoded DER format
// (the
// PrivateKeyInfo structure from RFC 5208).
//
// This format is the same as the format produced by PKCS#11
// mechanism
// CKM_RSA_AES_KEY_WRAP.
RsaAesWrappedKey string `json:"rsaAesWrappedKey,omitempty"`
// ForceSendFields is a list of field names (e.g. "Algorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Algorithm") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ImportCryptoKeyVersionRequest) MarshalJSON() ([]byte, error) {
type NoMethod ImportCryptoKeyVersionRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ImportJob: An ImportJob can be used to create CryptoKeys
// and
// CryptoKeyVersions using pre-existing key material,
// generated outside of Cloud KMS.
//
// When an ImportJob is created, Cloud KMS will generate a "wrapping
// key",
// which is a public/private key pair. You use the wrapping key to
// encrypt (also
// known as wrap) the pre-existing key material to protect it during the
// import
// process. The nature of the wrapping key depends on the choice
// of
// import_method. When the wrapping key generation
// is complete, the state will be set to
// ACTIVE and the public_key
// can be fetched. The fetched public key can then be used to wrap
// your
// pre-existing key material.
//
// Once the key material is wrapped, it can be imported into a
// new
// CryptoKeyVersion in an existing CryptoKey by
// calling
// ImportCryptoKeyVersion.
// Multiple CryptoKeyVersions can be imported with a single
// ImportJob. Cloud KMS uses the private key portion of the wrapping key
// to
// unwrap the key material. Only Cloud KMS has access to the private
// key.
//
// An ImportJob expires 3 days after it is created. Once expired, Cloud
// KMS
// will no longer be able to import or unwrap any key material that was
// wrapped
// with the ImportJob's public key.
//
// For more information, see
// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
type ImportJob struct {
// Attestation: Output only. Statement that was generated and signed by
// the key creator
// (for example, an HSM) at key creation time. Use this statement to
// verify
// attributes of the key as stored on the HSM, independently of
// Google.
// Only present if the chosen ImportMethod is one with a
// protection
// level of HSM.
Attestation *KeyOperationAttestation `json:"attestation,omitempty"`
// CreateTime: Output only. The time at which this ImportJob was
// created.
CreateTime string `json:"createTime,omitempty"`
// ExpireEventTime: Output only. The time this ImportJob expired. Only
// present if
// state is EXPIRED.
ExpireEventTime string `json:"expireEventTime,omitempty"`
// ExpireTime: Output only. The time at which this ImportJob is
// scheduled for
// expiration and can no longer be used to import key material.
ExpireTime string `json:"expireTime,omitempty"`
// GenerateTime: Output only. The time this ImportJob's key material was
// generated.
GenerateTime string `json:"generateTime,omitempty"`
// ImportMethod: Required. Immutable. The wrapping method to be used for
// incoming key material.
//
// Possible values:
// "IMPORT_METHOD_UNSPECIFIED" - Not specified.
// "RSA_OAEP_3072_SHA1_AES_256" - This ImportMethod represents the
// CKM_RSA_AES_KEY_WRAP key wrapping
// scheme defined in the PKCS #11 standard. In summary, this
// involves
// wrapping the raw key with an ephemeral AES key, and wrapping
// the
// ephemeral AES key with a 3072 bit RSA key. For more details, see
// [RSA AES key
// wrap
// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/co
// s01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
// "RSA_OAEP_4096_SHA1_AES_256" - This ImportMethod represents the
// CKM_RSA_AES_KEY_WRAP key wrapping
// scheme defined in the PKCS #11 standard. In summary, this
// involves
// wrapping the raw key with an ephemeral AES key, and wrapping
// the
// ephemeral AES key with a 4096 bit RSA key. For more details, see
// [RSA AES key
// wrap
// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/co
// s01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
ImportMethod string `json:"importMethod,omitempty"`
// Name: Output only. The resource name for this ImportJob in the
// format
// `projects/*/locations/*/keyRings/*/importJobs/*`.
Name string `json:"name,omitempty"`
// ProtectionLevel: Required. Immutable. The protection level of the
// ImportJob. This must match the
// protection_level of the
// version_template on the CryptoKey you
// attempt to import into.
//
// Possible values:
// "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
// "SOFTWARE" - Crypto operations are performed in software.
// "HSM" - Crypto operations are performed in a Hardware Security
// Module.
// "EXTERNAL" - Crypto operations are performed by an external key
// manager.
ProtectionLevel string `json:"protectionLevel,omitempty"`
// PublicKey: Output only. The public key with which to wrap key
// material prior to
// import. Only returned if state is
// ACTIVE.
PublicKey *WrappingPublicKey `json:"publicKey,omitempty"`
// State: Output only. The current state of the ImportJob, indicating if
// it can
// be used.
//
// Possible values:
// "IMPORT_JOB_STATE_UNSPECIFIED" - Not specified.
// "PENDING_GENERATION" - The wrapping key for this job is still being
// generated. It may not be
// used. Cloud KMS will automatically mark this job as
// ACTIVE as soon as the wrapping key is generated.
// "ACTIVE" - This job may be used in
// CreateCryptoKey and
// CreateCryptoKeyVersion
// requests.
// "EXPIRED" - This job can no longer be used and may not leave this
// state once entered.
State string `json:"state,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Attestation") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Attestation") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ImportJob) MarshalJSON() ([]byte, error) {
type NoMethod ImportJob
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// KeyOperationAttestation: Contains an HSM-generated attestation about
// a key operation. For more
// information, see [Verifying
// attestations]
// (https://cloud.google.com/kms/docs/attest-key).
type KeyOperationAttestation struct {
// Content: Output only. The attestation data provided by the HSM when
// the key
// operation was performed.
Content string `json:"content,omitempty"`
// Format: Output only. The format of the attestation data.
//
// Possible values:
// "ATTESTATION_FORMAT_UNSPECIFIED" - Not specified.
// "CAVIUM_V1_COMPRESSED" - Cavium HSM attestation compressed with
// gzip. Note that this format is
// defined by Cavium and subject to change at any time.
// "CAVIUM_V2_COMPRESSED" - Cavium HSM attestation V2 compressed with
// gzip. This is a new format
// introduced in Cavium's version 3.2-08.
Format string `json:"format,omitempty"`
// ForceSendFields is a list of field names (e.g. "Content") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Content") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *KeyOperationAttestation) MarshalJSON() ([]byte, error) {
type NoMethod KeyOperationAttestation
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// KeyRing: A KeyRing is a toplevel logical grouping of CryptoKeys.
type KeyRing struct {
// CreateTime: Output only. The time at which this KeyRing was created.
CreateTime string `json:"createTime,omitempty"`
// Name: Output only. The resource name for the KeyRing in the
// format
// `projects/*/locations/*/keyRings/*`.
Name string `json:"name,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "CreateTime") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "CreateTime") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *KeyRing) MarshalJSON() ([]byte, error) {
type NoMethod KeyRing
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListCryptoKeyVersionsResponse: Response message for
// KeyManagementService.ListCryptoKeyVersions.
type ListCryptoKeyVersionsResponse struct {
// CryptoKeyVersions: The list of CryptoKeyVersions.
CryptoKeyVersions []*CryptoKeyVersion `json:"cryptoKeyVersions,omitempty"`
// NextPageToken: A token to retrieve next page of results. Pass this
// value in
// ListCryptoKeyVersionsRequest.page_token to retrieve the next page
// of
// results.
NextPageToken string `json:"nextPageToken,omitempty"`
// TotalSize: The total number of CryptoKeyVersions that matched
// the
// query.
TotalSize int64 `json:"totalSize,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "CryptoKeyVersions")
// to unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "CryptoKeyVersions") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *ListCryptoKeyVersionsResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListCryptoKeyVersionsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListCryptoKeysResponse: Response message for
// KeyManagementService.ListCryptoKeys.
type ListCryptoKeysResponse struct {
// CryptoKeys: The list of CryptoKeys.
CryptoKeys []*CryptoKey `json:"cryptoKeys,omitempty"`
// NextPageToken: A token to retrieve next page of results. Pass this
// value in
// ListCryptoKeysRequest.page_token to retrieve the next page of
// results.
NextPageToken string `json:"nextPageToken,omitempty"`
// TotalSize: The total number of CryptoKeys that matched the query.
TotalSize int64 `json:"totalSize,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "CryptoKeys") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "CryptoKeys") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListCryptoKeysResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListCryptoKeysResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListImportJobsResponse: Response message for
// KeyManagementService.ListImportJobs.
type ListImportJobsResponse struct {
// ImportJobs: The list of ImportJobs.
ImportJobs []*ImportJob `json:"importJobs,omitempty"`
// NextPageToken: A token to retrieve next page of results. Pass this
// value in
// ListImportJobsRequest.page_token to retrieve the next page of
// results.
NextPageToken string `json:"nextPageToken,omitempty"`
// TotalSize: The total number of ImportJobs that matched the query.
TotalSize int64 `json:"totalSize,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "ImportJobs") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ImportJobs") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListImportJobsResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListImportJobsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListKeyRingsResponse: Response message for
// KeyManagementService.ListKeyRings.
type ListKeyRingsResponse struct {
// KeyRings: The list of KeyRings.
KeyRings []*KeyRing `json:"keyRings,omitempty"`
// NextPageToken: A token to retrieve next page of results. Pass this
// value in
// ListKeyRingsRequest.page_token to retrieve the next page of results.
NextPageToken string `json:"nextPageToken,omitempty"`
// TotalSize: The total number of KeyRings that matched the query.
TotalSize int64 `json:"totalSize,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyRings") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyRings") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListKeyRingsResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListKeyRingsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListLocationsResponse: The response message for
// Locations.ListLocations.
type ListLocationsResponse struct {
// Locations: A list of locations that matches the specified filter in
// the request.
Locations []*Location `json:"locations,omitempty"`
// NextPageToken: The standard List next-page token.
NextPageToken string `json:"nextPageToken,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Locations") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Locations") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListLocationsResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListLocationsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Location: A resource that represents Google Cloud Platform location.
type Location struct {
// DisplayName: The friendly name for this location, typically a nearby
// city name.
// For example, "Tokyo".
DisplayName string `json:"displayName,omitempty"`
// Labels: Cross-service attributes for the location. For example
//
// {"cloud.googleapis.com/region": "us-east1"}
Labels map[string]string `json:"labels,omitempty"`
// LocationId: The canonical id for this location. For example:
// "us-east1".
LocationId string `json:"locationId,omitempty"`
// Metadata: Service-specific metadata. For example the available
// capacity at the given
// location.
Metadata googleapi.RawMessage `json:"metadata,omitempty"`
// Name: Resource name for the location, which may vary between
// implementations.
// For example: "projects/example-project/locations/us-east1"
Name string `json:"name,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "DisplayName") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "DisplayName") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Location) MarshalJSON() ([]byte, error) {
type NoMethod Location
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// LocationMetadata: Cloud KMS metadata for the given
// google.cloud.location.Location.
type LocationMetadata struct {
// EkmAvailable: Indicates whether CryptoKeys
// with
// protection_level
// EXTERNAL can be created in this location.
EkmAvailable bool `json:"ekmAvailable,omitempty"`
// HsmAvailable: Indicates whether CryptoKeys with
// protection_level
// HSM can be created in this location.
HsmAvailable bool `json:"hsmAvailable,omitempty"`
// ForceSendFields is a list of field names (e.g. "EkmAvailable") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "EkmAvailable") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *LocationMetadata) MarshalJSON() ([]byte, error) {
type NoMethod LocationMetadata
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Policy: An Identity and Access Management (IAM) policy, which
// specifies access
// controls for Google Cloud resources.
//
//
// A `Policy` is a collection of `bindings`. A `binding` binds one or
// more
// `members` to a single `role`. Members can be user accounts, service
// accounts,
// Google groups, and domains (such as G Suite). A `role` is a named
// list of
// permissions; each `role` can be an IAM predefined role or a
// user-created
// custom role.
//
// For some types of Google Cloud resources, a `binding` can also
// specify a
// `condition`, which is a logical expression that allows access to a
// resource
// only if the expression evaluates to `true`. A condition can add
// constraints
// based on attributes of the request, the resource, or both. To learn
// which
// resources support conditions in their IAM policies, see the
// [IAM
// documentation](https://cloud.google.com/iam/help/conditions/resource-p
// olicies).
//
// **JSON example:**
//
// {
// "bindings": [
// {
// "role": "roles/resourcemanager.organizationAdmin",
// "members": [
// "user:mike@example.com",
// "group:admins@example.com",
// "domain:google.com",
//
// "serviceAccount:my-project-id@appspot.gserviceaccount.com"
// ]
// },
// {
// "role": "roles/resourcemanager.organizationViewer",
// "members": [
// "user:eve@example.com"
// ],
// "condition": {
// "title": "expirable access",
// "description": "Does not grant access after Sep 2020",
// "expression": "request.time <
// timestamp('2020-10-01T00:00:00.000Z')",
// }
// }
// ],
// "etag": "BwWWja0YfJA=",
// "version": 3
// }
//
// **YAML example:**
//
// bindings:
// - members:
// - user:mike@example.com
// - group:admins@example.com
// - domain:google.com
// - serviceAccount:my-project-id@appspot.gserviceaccount.com
// role: roles/resourcemanager.organizationAdmin
// - members:
// - user:eve@example.com
// role: roles/resourcemanager.organizationViewer
// condition:
// title: expirable access
// description: Does not grant access after Sep 2020
// expression: request.time <
// timestamp('2020-10-01T00:00:00.000Z')
// - etag: BwWWja0YfJA=
// - version: 3
//
// For a description of IAM and its features, see the
// [IAM documentation](https://cloud.google.com/iam/docs/).
type Policy struct {
// AuditConfigs: Specifies cloud audit logging configuration for this
// policy.
AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
// Bindings: Associates a list of `members` to a `role`. Optionally, may
// specify a
// `condition` that determines how and when the `bindings` are applied.
// Each
// of the `bindings` must contain at least one member.
Bindings []*Binding `json:"bindings,omitempty"`
// Etag: `etag` is used for optimistic concurrency control as a way to
// help
// prevent simultaneous updates of a policy from overwriting each
// other.
// It is strongly suggested that systems make use of the `etag` in
// the
// read-modify-write cycle to perform policy updates in order to avoid
// race
// conditions: An `etag` is returned in the response to `getIamPolicy`,
// and
// systems are expected to put that etag in the request to
// `setIamPolicy` to
// ensure that their change will be applied to the same version of the
// policy.
//
// **Important:** If you use IAM Conditions, you must include the `etag`
// field
// whenever you call `setIamPolicy`. If you omit this field, then IAM
// allows
// you to overwrite a version `3` policy with a version `1` policy, and
// all of
// the conditions in the version `3` policy are lost.
Etag string `json:"etag,omitempty"`
// Version: Specifies the format of the policy.
//
// Valid values are `0`, `1`, and `3`. Requests that specify an invalid
// value
// are rejected.
//
// Any operation that affects conditional role bindings must specify
// version
// `3`. This requirement applies to the following operations:
//
// * Getting a policy that includes a conditional role binding
// * Adding a conditional role binding to a policy
// * Changing a conditional role binding in a policy
// * Removing any role binding, with or without a condition, from a
// policy
// that includes conditions
//
// **Important:** If you use IAM Conditions, you must include the `etag`
// field
// whenever you call `setIamPolicy`. If you omit this field, then IAM
// allows
// you to overwrite a version `3` policy with a version `1` policy, and
// all of
// the conditions in the version `3` policy are lost.
//
// If a policy does not include any conditions, operations on that
// policy may
// specify any valid version or leave the field unset.
//
// To learn which resources support conditions in their IAM policies,
// see the
// [IAM
// documentation](https://cloud.google.com/iam/help/conditions/resource-p
// olicies).
Version int64 `json:"version,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AuditConfigs") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Policy) MarshalJSON() ([]byte, error) {
type NoMethod Policy
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PublicKey: The public key for a given CryptoKeyVersion. Obtained
// via
// GetPublicKey.
type PublicKey struct {
// Algorithm: The Algorithm associated
// with this key.
//
// Possible values:
// "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
// "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
// "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256
// digest.
// "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512
// digest.
// "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA256 digest.
// "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit
// key and a SHA512 digest.
// "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a
// SHA256 digest.
// "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a
// SHA512 digest.
// "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
// digest.
// "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
// digest.
// "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
// encryption by an external key manager.
Algorithm string `json:"algorithm,omitempty"`
// Name: The name of the CryptoKeyVersion public key.
// Provided here for verification.
//
// NOTE: This field is in Beta.
Name string `json:"name,omitempty"`
// Pem: The public key, encoded in PEM format. For more information, see
// the
// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
// [General
// Considerations](https://tools.ietf.org/html/rfc7468#section-2)
// and
// [Textual Encoding of Subject Public Key
// Info]
// (https://tools.ietf.org/html/rfc7468#section-13).
Pem string `json:"pem,omitempty"`
// PemCrc32c: Integrity verification field. A CRC32C checksum of the
// returned
// PublicKey.pem. An integrity check of PublicKey.pem can be
// performed
// by computing the CRC32C checksum of PublicKey.pem and
// comparing your results to this field. Discard the response in case
// of
// non-matching checksum values, and perform a limited number of
// retries. A
// persistent mismatch may indicate an issue in your computation of the
// CRC32C
// checksum.
// Note: This field is defined as int64 for reasons of compatibility
// across
// different languages. However, it is a non-negative integer, which
// will
// never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages
// that support this type.
//
// NOTE: This field is in Beta.
PemCrc32c int64 `json:"pemCrc32c,omitempty,string"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Algorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Algorithm") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *PublicKey) MarshalJSON() ([]byte, error) {
type NoMethod PublicKey
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// RestoreCryptoKeyVersionRequest: Request message for
// KeyManagementService.RestoreCryptoKeyVersion.
type RestoreCryptoKeyVersionRequest struct {
}
// SetIamPolicyRequest: Request message for `SetIamPolicy` method.
type SetIamPolicyRequest struct {
// Policy: REQUIRED: The complete policy to be applied to the
// `resource`. The size of
// the policy is limited to a few 10s of KB. An empty policy is a
// valid policy but certain Cloud Platform services (such as
// Projects)
// might reject them.
Policy *Policy `json:"policy,omitempty"`
// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the
// policy to modify. Only
// the fields in the mask will be modified. If no mask is provided,
// the
// following default mask is used:
//
// `paths: "bindings, etag"
UpdateMask string `json:"updateMask,omitempty"`
// ForceSendFields is a list of field names (e.g. "Policy") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Policy") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
type NoMethod SetIamPolicyRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// TestIamPermissionsRequest: Request message for `TestIamPermissions`
// method.
type TestIamPermissionsRequest struct {
// Permissions: The set of permissions to check for the `resource`.
// Permissions with
// wildcards (such as '*' or 'storage.*') are not allowed. For
// more
// information see
// [IAM
// Overview](https://cloud.google.com/iam/docs/overview#permissions).
Permissions []string `json:"permissions,omitempty"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
type NoMethod TestIamPermissionsRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// TestIamPermissionsResponse: Response message for `TestIamPermissions`
// method.
type TestIamPermissionsResponse struct {
// Permissions: A subset of `TestPermissionsRequest.permissions` that
// the caller is
// allowed.
Permissions []string `json:"permissions,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
type NoMethod TestIamPermissionsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// UpdateCryptoKeyPrimaryVersionRequest: Request message for
// KeyManagementService.UpdateCryptoKeyPrimaryVersion.
type UpdateCryptoKeyPrimaryVersionRequest struct {
// CryptoKeyVersionId: Required. The id of the child CryptoKeyVersion to
// use as primary.
CryptoKeyVersionId string `json:"cryptoKeyVersionId,omitempty"`
// ForceSendFields is a list of field names (e.g. "CryptoKeyVersionId")
// to unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "CryptoKeyVersionId") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *UpdateCryptoKeyPrimaryVersionRequest) MarshalJSON() ([]byte, error) {
type NoMethod UpdateCryptoKeyPrimaryVersionRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// WrappingPublicKey: The public key component of the wrapping key. For
// details of the type of
// key this public key corresponds to, see the ImportMethod.
type WrappingPublicKey struct {
// Pem: The public key, encoded in PEM format. For more information, see
// the [RFC
// 7468](https://tools.ietf.org/html/rfc7468) sections for
// [General
// Considerations](https://tools.ietf.org/html/rfc7468#section-2
// ) and
// [Textual Encoding of Subject Public Key
// Info]
// (https://tools.ietf.org/html/rfc7468#section-13).
Pem string `json:"pem,omitempty"`
// ForceSendFields is a list of field names (e.g. "Pem") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Pem") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *WrappingPublicKey) MarshalJSON() ([]byte, error) {
type NoMethod WrappingPublicKey
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// method id "cloudkms.projects.locations.get":
type ProjectsLocationsGetCall struct {
s *Service
name string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// Get: Gets information about a location.
func (r *ProjectsLocationsService) Get(name string) *ProjectsLocationsGetCall {
c := &ProjectsLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *ProjectsLocationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// IfNoneMatch sets the optional parameter which makes the operation
// fail if the object's ETag matches the given value. This is useful for
// getting updates only after the object has changed since the last
// request. Use googleapi.IsNotModified to check whether the response
// error from Do is the result of In-None-Match.
func (c *ProjectsLocationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetCall {
c.ifNoneMatch_ = entityTag
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *ProjectsLocationsGetCall) Context(ctx context.Context) *ProjectsLocationsGetCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *ProjectsLocationsGetCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *ProjectsLocationsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200728")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
if c.ifNoneMatch_ != "" {
reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
}
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("GET", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "cloudkms.projects.locations.get" call.
// Exactly one of *Location or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Location.ServerResponse.Header or (if a response was returned at
// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
// to check whether the returned error was because
// http.StatusNotModified was returned.
func (c *ProjectsLocationsGetCall) Do(opts ...googleapi.CallOption) (*Location, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Location{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Gets information about a location.",
// "flatPath": "v1/projects/{projectsId}/locations/{locationsId}",
// "httpMethod": "GET",
// "id": "cloudkms.projects.locations.get",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "name": {
// "description": "Resource name for the location.",
// "location": "path",
// "pattern": "^projects/[^/]+/locations/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+name}",
// "response": {
// "$ref": "Location"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform",
// "https://www.googleapis.com/auth/cloudkms"
// ]
// }
}
// method id "cloudkms.projects.locations.list":
type ProjectsLocationsListCall struct {
s *Service
name string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// List: Lists information about the supported locations for this
// service.
func (r *ProjectsLocationsService) List(name string) *ProjectsLocationsListCall {
c := &ProjectsLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
return c
}
// Filter sets the optional parameter "filter": The standard list
// filter.
func (c *ProjectsLocationsListCall) Filter(filter string) *ProjectsLocationsListCall {
c.urlParams_.Set("filter", filter)
return c
}
// PageSize sets the optional parameter "pageSize": The standard list
// page size.
func (c *ProjectsLocationsListCall) PageSize(pageSize int64) *ProjectsLocationsListCall {
c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
return c
}
// PageToken sets the optional parameter "pageToken": The standard list
// page token.
func (c *ProjectsLocationsListCall) PageToken(pageToken string) *ProjectsLocationsListCall {
c.urlParams_.Set("pageToken", pageToken)
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *ProjectsLocationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsListCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// IfNoneMatch sets the optional parameter which makes the operation
// fail if the object's ETag matches the given value. This is useful for
// getting updates only after the object has changed since the last
// request. Use googleapi.IsNotModified to check whether the response
// error from Do is the result of In-None-Match.
func (c *ProjectsLocationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsListCall {
c.ifNoneMatch_ = entityTag
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *ProjectsLocationsListCall) Context(ctx context.Context) *ProjectsLocationsListCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *ProjectsLocationsListCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *ProjectsLocationsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200728")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
if c.ifNoneMatch_ != "" {
reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
}
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/locations")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("GET", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "cloudkms.projects.locations.list" call.
// Exactly one of *ListLocationsResponse or error will be non-nil. Any
// non-2xx status code is an error. Response headers are in either
// *ListLocationsResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was
// because http.StatusNotModified was returned.
func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocationsResponse, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &ListLocationsResponse{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Lists information about the supported locations for this service.",
// "flatPath": "v1/projects/{projectsId}/locations",
// "httpMethod": "GET",
// "id": "cloudkms.projects.locations.list",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "filter": {
// "description": "The standard list filter.",
// "location": "query",
// "type": "string"
// },
// "name": {
// "description": "The resource that owns the locations collection, if applicable.",
// "location": "path",
// "pattern": "^projects/[^/]+$",
// "required": true,
// "type": "string"
// },
// "pageSize": {
// "description": "The standard list page size.",
// "format": "int32",
// "location": "query",
// "type": "integer"
// },
// "pageToken": {
// "description": "The standard list page token.",
// "location": "query",
// "type": "string"
// }
// },
// "path": "v1/{+name}/locations",
// "response": {
// "$ref": "ListLocationsResponse"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform",
// "https://www.googleapis.com/auth/cloudkms"
// ]
// }
}
// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *ProjectsLocationsListCall) Pages(ctx context.Context, f func(*ListLocationsResponse) error) error {
c.ctx_ = ctx
defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
for {
x, err := c.Do()
if err != nil {
return err
}
if err := f(x); err != nil {
return err
}
if x.NextPageToken == "" {
return nil
}
c.PageToken(x.NextPageToken)
}
}
// method id "cloudkms.projects.locations.keyRings.create":
type ProjectsLocationsKeyRingsCreateCall struct {
s *Service
parent string
keyring *KeyRing
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// Create: Create a new KeyRing in a given Project and Location.
func (r *ProjectsLocationsKeyRingsService) Create(parent string, keyring *KeyRing) *ProjectsLocationsKeyRingsCreateCall {
c := &ProjectsLocationsKeyRingsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.parent = parent
c.keyring = keyring
return c
}
// KeyRingId sets the optional parameter "keyRingId": Required. It must
// be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
func (c *ProjectsLocationsKeyRingsCreateCall) KeyRingId(keyRingId string) *ProjectsLocationsKeyRingsCreateCall {
c.urlParams_.Set("keyRingId", keyRingId)
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *ProjectsLocationsKeyRingsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCreateCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *ProjectsLocationsKeyRingsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCreateCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *ProjectsLocationsKeyRingsCreateCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *ProjectsLocationsKeyRingsCreateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200728")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.keyring)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"parent": c.parent,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "cloudkms.projects.locations.keyRings.create" call.
// Exactly one of *KeyRing or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *KeyRing.ServerResponse.Header or (if a response was returned at all)
// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified
// was returned.
func (c *ProjectsLocationsKeyRingsCreateCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &KeyRing{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Create a new KeyRing in a given Project and Location.",
// "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings",
// "httpMethod": "POST",
// "id": "cloudkms.projects.locations.keyRings.create",
// "parameterOrder": [
// "parent"
// ],
// "parameters": {
// "keyRingId": {
// "description": "Required. It must be unique within a location and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`",
// "location": "query",
// "type": "string"
// },
// "parent": {
// "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.",
// "location": "path",
// "pattern": "^projects/[^/]+/locations/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+parent}/keyRings",
// "request": {
// "$ref": "KeyRing"
// },
// "response": {
// "$ref": "KeyRing"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform",
// "https://www.googleapis.com/auth/cloudkms"
// ]
// }
}
// method id "cloudkms.projects.locations.keyRings.get":
type ProjectsLocationsKeyRingsGetCall struct {
s *Service
name string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// Get: Returns metadata for a given KeyRing.
func (r *ProjectsLocationsKeyRingsService) Get(name string) *ProjectsLocationsKeyRingsGetCall {
c := &ProjectsLocationsKeyRingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *ProjectsLocationsKeyRingsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// IfNoneMatch sets the optional parameter which makes the operation
// fail if the object's ETag matches the given value. This is useful for
// getting updates only after the object has changed since the last
// request. Use googleapi.IsNotModified to check whether the response
// error from Do is the result of In-None-Match.
func (c *ProjectsLocationsKeyRingsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetCall {
c.ifNoneMatch_ = entityTag
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *ProjectsLocationsKeyRingsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *ProjectsLocationsKeyRingsGetCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *ProjectsLocationsKeyRingsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200728")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
if c.ifNoneMatch_ != "" {
reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
}
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("GET", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "cloudkms.projects.locations.keyRings.get" call.
// Exactly one of *KeyRing or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *KeyRing.ServerResponse.Header or (if a response was returned at all)
// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
// check whether the returned error was because http.StatusNotModified
// was returned.
func (c *ProjectsLocationsKeyRingsGetCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &KeyRing{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Returns metadata for a given KeyRing.",
// "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}",
// "httpMethod": "GET",
// "id": "cloudkms.projects.locations.keyRings.get",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "name": {
// "description": "Required. The name of the KeyRing to get.",
// "location": "path",
// "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+name}",
// "response": {
// "$ref": "KeyRing"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform",
// "https://www.googleapis.com/auth/cloudkms"
// ]
// }
}
// method id "cloudkms.projects.locations.keyRings.getIamPolicy":
type ProjectsLocationsKeyRingsGetIamPolicyCall struct {
s *Service
resource string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// GetIamPolicy: Gets the access control policy for a resource.
// Returns an empty policy if the resource exists and does not have a
// policy
// set.
func (r *ProjectsLocationsKeyRingsService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsGetIamPolicyCall {
c := &ProjectsLocationsKeyRingsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.resource = resource
return c