diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_dashboard_service_pb.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_dashboard_service_pb.rb index 876f98f0eac1..494165a234c8 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_dashboard_service_pb.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_dashboard_service_pb.rb @@ -11,7 +11,7 @@ require 'google/cloud/kms/v1/resources_pb' -descriptor_data = "\n9google/cloud/kms/inventory/v1/key_dashboard_service.proto\x12\x1dgoogle.cloud.kms.inventory.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/cloud/kms/v1/resources.proto\"\x8d\x01\n\x15ListCryptoKeysRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\"f\n\x16ListCryptoKeysResponse\x12\x33\n\x0b\x63rypto_keys\x18\x01 \x03(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t2\x9b\x02\n\x13KeyDashboardService\x12\xb2\x01\n\x0eListCryptoKeys\x12\x34.google.cloud.kms.inventory.v1.ListCryptoKeysRequest\x1a\x35.google.cloud.kms.inventory.v1.ListCryptoKeysResponse\"3\xda\x41\x06parent\x82\xd3\xe4\x93\x02$\x12\"/v1/{parent=projects/*}/cryptoKeys\x1aO\xca\x41\x1bkmsinventory.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xc3\x01\n!com.google.cloud.kms.inventory.v1B\x18KeyDashboardServiceProtoP\x01Z?cloud.google.com/go/kms/inventory/apiv1/inventorypb;inventorypb\xf8\x01\x01\xaa\x02\x1dGoogle.Cloud.Kms.Inventory.V1\xca\x02\x1dGoogle\\Cloud\\Kms\\Inventory\\V1b\x06proto3" +descriptor_data = "\n9google/cloud/kms/inventory/v1/key_dashboard_service.proto\x12\x1dgoogle.cloud.kms.inventory.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/cloud/kms/v1/resources.proto\"\x8d\x01\n\x15ListCryptoKeysRequest\x12\x43\n\x06parent\x18\x01 \x01(\tB3\xe0\x41\x02\xfa\x41-\n+cloudresourcemanager.googleapis.com/Project\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\"f\n\x16ListCryptoKeysResponse\x12\x33\n\x0b\x63rypto_keys\x18\x01 \x03(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t2\x9b\x02\n\x13KeyDashboardService\x12\xb2\x01\n\x0eListCryptoKeys\x12\x34.google.cloud.kms.inventory.v1.ListCryptoKeysRequest\x1a\x35.google.cloud.kms.inventory.v1.ListCryptoKeysResponse\"3\xda\x41\x06parent\x82\xd3\xe4\x93\x02$\x12\"/v1/{parent=projects/*}/cryptoKeys\x1aO\xca\x41\x1bkmsinventory.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xc0\x01\n!com.google.cloud.kms.inventory.v1B\x18KeyDashboardServiceProtoP\x01Z?cloud.google.com/go/kms/inventory/apiv1/inventorypb;inventorypb\xaa\x02\x1dGoogle.Cloud.Kms.Inventory.V1\xca\x02\x1dGoogle\\Cloud\\Kms\\Inventory\\V1b\x06proto3" pool = Google::Protobuf::DescriptorPool.generated_pool diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/client.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/client.rb index d2daf95a532e..f6211cde5530 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/client.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/client.rb @@ -191,10 +191,16 @@ def logger ## # Returns aggregate information about the resources protected by the given - # Cloud KMS {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. Only resources within - # the same Cloud organization as the key will be returned. The project that - # holds the key must be part of an organization in order for this call to - # succeed. + # Cloud KMS {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. By default, + # summary of resources within the same Cloud organization as the key will be + # returned, which requires the KMS organization service account to be + # configured(refer + # https://docs.cloud.google.com/kms/docs/view-key-usage#required-roles). + # If the KMS organization service account is not configured or key's project + # is not part of an organization, set + # {::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest#fallback_scope fallback_scope} + # to `FALLBACK_SCOPE_PROJECT` to retrieve a summary of protected resources + # within the key's project. # # @overload get_protected_resources_summary(request, options = nil) # Pass arguments to `get_protected_resources_summary` via a request object, either of type @@ -206,7 +212,7 @@ def logger # @param options [::Gapic::CallOptions, ::Hash] # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional. # - # @overload get_protected_resources_summary(name: nil) + # @overload get_protected_resources_summary(name: nil, fallback_scope: nil) # Pass arguments to `get_protected_resources_summary` via keyword arguments. Note that at # least one keyword argument is required. To specify no parameters, or to keep all # the default parameter values, pass an empty Hash as a request object (see above). @@ -214,6 +220,9 @@ def logger # @param name [::String] # Required. The resource name of the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. + # @param fallback_scope [::Google::Cloud::Kms::Inventory::V1::FallbackScope] + # Optional. The scope to use if the kms organization service account is not + # configured. # # @yield [response, operation] Access the result along with the RPC operation # @yieldparam response [::Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary] @@ -281,7 +290,8 @@ def get_protected_resources_summary request, options = nil ## # Returns metadata about the resources protected by the given Cloud KMS - # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the given Cloud organization. + # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the given Cloud + # organization/project. # # @overload search_protected_resources(request, options = nil) # Pass arguments to `search_protected_resources` via a request object, either of type @@ -299,8 +309,14 @@ def get_protected_resources_summary request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param scope [::String] - # Required. Resource name of the organization. - # Example: organizations/123 + # Required. A scope can be an organization or a project. Resources protected + # by the crypto key in provided scope will be returned. + # + # The following values are allowed: + # + # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/12345678") + # * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar") + # * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678") # @param crypto_key [::String] # Required. The resource name of the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/paths.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/paths.rb index 872f5454e8ff..30605e907bac 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/paths.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/paths.rb @@ -39,6 +39,20 @@ def organization_path organization: "organizations/#{organization}" end + ## + # Create a fully-qualified Project resource string. + # + # The resource will be in the following format: + # + # `projects/{project}` + # + # @param project [String] + # + # @return [::String] + def project_path project: + "projects/#{project}" + end + ## # Create a fully-qualified ProtectedResourcesSummary resource string. # diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/client.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/client.rb index 02c8c432b1a3..e88337830b23 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/client.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/client.rb @@ -184,10 +184,16 @@ def logger ## # Returns aggregate information about the resources protected by the given - # Cloud KMS {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. Only resources within - # the same Cloud organization as the key will be returned. The project that - # holds the key must be part of an organization in order for this call to - # succeed. + # Cloud KMS {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. By default, + # summary of resources within the same Cloud organization as the key will be + # returned, which requires the KMS organization service account to be + # configured(refer + # https://docs.cloud.google.com/kms/docs/view-key-usage#required-roles). + # If the KMS organization service account is not configured or key's project + # is not part of an organization, set + # {::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest#fallback_scope fallback_scope} + # to `FALLBACK_SCOPE_PROJECT` to retrieve a summary of protected resources + # within the key's project. # # @overload get_protected_resources_summary(request, options = nil) # Pass arguments to `get_protected_resources_summary` via a request object, either of type @@ -199,7 +205,7 @@ def logger # @param options [::Gapic::CallOptions, ::Hash] # Overrides the default settings for this call, e.g, timeout, retries etc. Optional. # - # @overload get_protected_resources_summary(name: nil) + # @overload get_protected_resources_summary(name: nil, fallback_scope: nil) # Pass arguments to `get_protected_resources_summary` via keyword arguments. Note that at # least one keyword argument is required. To specify no parameters, or to keep all # the default parameter values, pass an empty Hash as a request object (see above). @@ -207,6 +213,9 @@ def logger # @param name [::String] # Required. The resource name of the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. + # @param fallback_scope [::Google::Cloud::Kms::Inventory::V1::FallbackScope] + # Optional. The scope to use if the kms organization service account is not + # configured. # @yield [result, operation] Access the result along with the TransportOperation object # @yieldparam result [::Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary] # @yieldparam operation [::Gapic::Rest::TransportOperation] @@ -267,7 +276,8 @@ def get_protected_resources_summary request, options = nil ## # Returns metadata about the resources protected by the given Cloud KMS - # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the given Cloud organization. + # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the given Cloud + # organization/project. # # @overload search_protected_resources(request, options = nil) # Pass arguments to `search_protected_resources` via a request object, either of type @@ -285,8 +295,14 @@ def get_protected_resources_summary request, options = nil # the default parameter values, pass an empty Hash as a request object (see above). # # @param scope [::String] - # Required. Resource name of the organization. - # Example: organizations/123 + # Required. A scope can be an organization or a project. Resources protected + # by the crypto key in provided scope will be returned. + # + # The following values are allowed: + # + # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/12345678") + # * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar") + # * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678") # @param crypto_key [::String] # Required. The resource name of the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/service_stub.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/service_stub.rb index 8fb80be71d12..ec6d5d953b48 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/service_stub.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service/rest/service_stub.rb @@ -193,6 +193,13 @@ def self.transcode_search_protected_resources_request request_pb ["scope", %r{^organizations/[^/]+/?$}, false] ] ) + .with_bindings( + uri_method: :get, + uri_template: "/v1/{scope}/protectedResources:search", + matches: [ + ["scope", %r{^projects/[^/]+/?$}, false] + ] + ) transcoder.transcode request_pb end end diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_pb.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_pb.rb index ba13ff86a593..809f75595425 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_pb.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_pb.rb @@ -11,7 +11,7 @@ require 'google/protobuf/timestamp_pb' -descriptor_data = "\n8google/cloud/kms/inventory/v1/key_tracking_service.proto\x12\x1dgoogle.cloud.kms.inventory.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"r\n#GetProtectedResourcesSummaryRequest\x12K\n\x04name\x18\x01 \x01(\tB=\xe0\x41\x02\xfa\x41\x37\n5kmsinventory.googleapis.com/ProtectedResourcesSummary\"\xe0\x06\n\x19ProtectedResourcesSummary\x12\x0c\n\x04name\x18\x05 \x01(\t\x12\x16\n\x0eresource_count\x18\x01 \x01(\x03\x12\x15\n\rproject_count\x18\x02 \x01(\x05\x12\x63\n\x0eresource_types\x18\x03 \x03(\x0b\x32K.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.ResourceTypesEntry\x12\x63\n\x0e\x63loud_products\x18\x06 \x03(\x0b\x32K.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.CloudProductsEntry\x12Z\n\tlocations\x18\x04 \x03(\x0b\x32G.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.LocationsEntry\x1a\x34\n\x12ResourceTypesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01\x1a\x34\n\x12\x43loudProductsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01\x1a\x30\n\x0eLocationsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01:\xc1\x02\xea\x41\xbd\x02\n5kmsinventory.googleapis.com/ProtectedResourcesSummary\x12mprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/protectedResourcesSummary\x12\x94\x01projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/protectedResourcesSummary\"\xcd\x01\n\x1fSearchProtectedResourcesRequest\x12G\n\x05scope\x18\x02 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0cloudresourcemanager.googleapis.com/Organization\x12\x1d\n\ncrypto_key\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t\x12\x1b\n\x0eresource_types\x18\x05 \x03(\tB\x03\xe0\x41\x01\"\x8a\x01\n SearchProtectedResourcesResponse\x12M\n\x13protected_resources\x18\x01 \x03(\x0b\x32\x30.google.cloud.kms.inventory.v1.ProtectedResource\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xf9\x03\n\x11ProtectedResource\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07project\x18\x02 \x01(\t\x12\x12\n\nproject_id\x18\t \x01(\t\x12\x15\n\rcloud_product\x18\x08 \x01(\t\x12\x15\n\rresource_type\x18\x03 \x01(\t\x12\x10\n\x08location\x18\x04 \x01(\t\x12L\n\x06labels\x18\x05 \x03(\x0b\x32<.google.cloud.kms.inventory.v1.ProtectedResource.LabelsEntry\x12I\n\x12\x63rypto_key_version\x18\x06 \x01(\tB-\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12J\n\x13\x63rypto_key_versions\x18\n \x03(\tB-\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12\x34\n\x0b\x63reate_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01:\'\xea\x41$\n\x1f\x63loudasset.googleapis.com/Asset\x12\x01*2\xda\x04\n\x12KeyTrackingService\x12\x81\x02\n\x1cGetProtectedResourcesSummary\x12\x42.google.cloud.kms.inventory.v1.GetProtectedResourcesSummaryRequest\x1a\x38.google.cloud.kms.inventory.v1.ProtectedResourcesSummary\"c\xda\x41\x04name\x82\xd3\xe4\x93\x02V\x12T/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}/protectedResourcesSummary\x12\xee\x01\n\x18SearchProtectedResources\x12>.google.cloud.kms.inventory.v1.SearchProtectedResourcesRequest\x1a?.google.cloud.kms.inventory.v1.SearchProtectedResourcesResponse\"Q\xda\x41\x11scope, crypto_key\x82\xd3\xe4\x93\x02\x37\x12\x35/v1/{scope=organizations/*}/protectedResources:search\x1aO\xca\x41\x1bkmsinventory.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xc2\x01\n!com.google.cloud.kms.inventory.v1B\x17KeyTrackingServiceProtoP\x01Z?cloud.google.com/go/kms/inventory/apiv1/inventorypb;inventorypb\xf8\x01\x01\xaa\x02\x1dGoogle.Cloud.Kms.Inventory.V1\xca\x02\x1dGoogle\\Cloud\\Kms\\Inventory\\V1b\x06proto3" +descriptor_data = "\n8google/cloud/kms/inventory/v1/key_tracking_service.proto\x12\x1dgoogle.cloud.kms.inventory.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xbd\x01\n#GetProtectedResourcesSummaryRequest\x12K\n\x04name\x18\x01 \x01(\tB=\xe0\x41\x02\xfa\x41\x37\n5kmsinventory.googleapis.com/ProtectedResourcesSummary\x12I\n\x0e\x66\x61llback_scope\x18\x02 \x01(\x0e\x32,.google.cloud.kms.inventory.v1.FallbackScopeB\x03\xe0\x41\x01\"\x9a\x07\n\x19ProtectedResourcesSummary\x12\x0c\n\x04name\x18\x05 \x01(\t\x12\x16\n\x0eresource_count\x18\x01 \x01(\x03\x12\x15\n\rproject_count\x18\x02 \x01(\x05\x12\x63\n\x0eresource_types\x18\x03 \x03(\x0b\x32K.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.ResourceTypesEntry\x12\x63\n\x0e\x63loud_products\x18\x06 \x03(\x0b\x32K.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.CloudProductsEntry\x12Z\n\tlocations\x18\x04 \x03(\x0b\x32G.google.cloud.kms.inventory.v1.ProtectedResourcesSummary.LocationsEntry\x12\x38\n\x08warnings\x18\x07 \x03(\x0b\x32&.google.cloud.kms.inventory.v1.Warning\x1a\x34\n\x12ResourceTypesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01\x1a\x34\n\x12\x43loudProductsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01\x1a\x30\n\x0eLocationsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\x03:\x02\x38\x01:\xc1\x02\xea\x41\xbd\x02\n5kmsinventory.googleapis.com/ProtectedResourcesSummary\x12mprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/protectedResourcesSummary\x12\x94\x01projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/protectedResourcesSummary\"\xcf\x01\n\x1fSearchProtectedResourcesRequest\x12I\n\x05scope\x18\x02 \x01(\tB:\xe0\x41\x02\xfa\x41\x34\x12\x32kmsinventory.googleapis.com/ProtectedResourceScope\x12\x1d\n\ncrypto_key\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t\x12\x1b\n\x0eresource_types\x18\x05 \x03(\tB\x03\xe0\x41\x01\"\x8a\x01\n SearchProtectedResourcesResponse\x12M\n\x13protected_resources\x18\x01 \x03(\x0b\x32\x30.google.cloud.kms.inventory.v1.ProtectedResource\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\"\xf9\x03\n\x11ProtectedResource\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07project\x18\x02 \x01(\t\x12\x12\n\nproject_id\x18\t \x01(\t\x12\x15\n\rcloud_product\x18\x08 \x01(\t\x12\x15\n\rresource_type\x18\x03 \x01(\t\x12\x10\n\x08location\x18\x04 \x01(\t\x12L\n\x06labels\x18\x05 \x03(\x0b\x32<.google.cloud.kms.inventory.v1.ProtectedResource.LabelsEntry\x12I\n\x12\x63rypto_key_version\x18\x06 \x01(\tB-\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12J\n\x13\x63rypto_key_versions\x18\n \x03(\tB-\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12\x34\n\x0b\x63reate_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01:\'\xea\x41$\n\x1f\x63loudasset.googleapis.com/Asset\x12\x01*\"\x92\x02\n\x07Warning\x12H\n\x0cwarning_code\x18\x01 \x01(\x0e\x32\x32.google.cloud.kms.inventory.v1.Warning.WarningCode\x12\x17\n\x0f\x64isplay_message\x18\x02 \x01(\t\"\xa3\x01\n\x0bWarningCode\x12\x1c\n\x18WARNING_CODE_UNSPECIFIED\x10\x00\x12)\n%INSUFFICIENT_PERMISSIONS_PARTIAL_DATA\x10\x01\x12(\n$RESOURCE_LIMIT_EXCEEDED_PARTIAL_DATA\x10\x02\x12!\n\x1dORG_LESS_PROJECT_PARTIAL_DATA\x10\x03*K\n\rFallbackScope\x12\x1e\n\x1a\x46\x41LLBACK_SCOPE_UNSPECIFIED\x10\x00\x12\x1a\n\x16\x46\x41LLBACK_SCOPE_PROJECT\x10\x01\x32\x8f\x05\n\x12KeyTrackingService\x12\x81\x02\n\x1cGetProtectedResourcesSummary\x12\x42.google.cloud.kms.inventory.v1.GetProtectedResourcesSummaryRequest\x1a\x38.google.cloud.kms.inventory.v1.ProtectedResourcesSummary\"c\xda\x41\x04name\x82\xd3\xe4\x93\x02V\x12T/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}/protectedResourcesSummary\x12\xa3\x02\n\x18SearchProtectedResources\x12>.google.cloud.kms.inventory.v1.SearchProtectedResourcesRequest\x1a?.google.cloud.kms.inventory.v1.SearchProtectedResourcesResponse\"\x85\x01\xda\x41\x11scope, crypto_key\x82\xd3\xe4\x93\x02k\x12\x35/v1/{scope=organizations/*}/protectedResources:searchZ2\x12\x30/v1/{scope=projects/*}/protectedResources:search\x1aO\xca\x41\x1bkmsinventory.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xd7\x02\n!com.google.cloud.kms.inventory.v1B\x17KeyTrackingServiceProtoP\x01Z?cloud.google.com/go/kms/inventory/apiv1/inventorypb;inventorypb\xaa\x02\x1dGoogle.Cloud.Kms.Inventory.V1\xca\x02\x1dGoogle\\Cloud\\Kms\\Inventory\\V1\xea\x41\x94\x01\n2kmsinventory.googleapis.com/ProtectedResourceScope\x12\x33organizations/{organization}/protectedResourceScope\x12)projects/{project}/protectedResourceScopeb\x06proto3" pool = Google::Protobuf::DescriptorPool.generated_pool @@ -48,6 +48,9 @@ module V1 SearchProtectedResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.SearchProtectedResourcesRequest").msgclass SearchProtectedResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.SearchProtectedResourcesResponse").msgclass ProtectedResource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.ProtectedResource").msgclass + Warning = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.Warning").msgclass + Warning::WarningCode = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.Warning.WarningCode").enummodule + FallbackScope = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.inventory.v1.FallbackScope").enummodule end end end diff --git a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_services_pb.rb b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_services_pb.rb index d623f4573606..6f8e722ae182 100644 --- a/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_services_pb.rb +++ b/google-cloud-kms-inventory-v1/lib/google/cloud/kms/inventory/v1/key_tracking_service_services_pb.rb @@ -36,13 +36,20 @@ class Service self.service_name = 'google.cloud.kms.inventory.v1.KeyTrackingService' # Returns aggregate information about the resources protected by the given - # Cloud KMS [CryptoKey][google.cloud.kms.v1.CryptoKey]. Only resources within - # the same Cloud organization as the key will be returned. The project that - # holds the key must be part of an organization in order for this call to - # succeed. + # Cloud KMS [CryptoKey][google.cloud.kms.v1.CryptoKey]. By default, + # summary of resources within the same Cloud organization as the key will be + # returned, which requires the KMS organization service account to be + # configured(refer + # https://docs.cloud.google.com/kms/docs/view-key-usage#required-roles). + # If the KMS organization service account is not configured or key's project + # is not part of an organization, set + # [fallback_scope][google.cloud.kms.inventory.v1.GetProtectedResourcesSummaryRequest.fallback_scope] + # to `FALLBACK_SCOPE_PROJECT` to retrieve a summary of protected resources + # within the key's project. rpc :GetProtectedResourcesSummary, ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest, ::Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary # Returns metadata about the resources protected by the given Cloud KMS - # [CryptoKey][google.cloud.kms.v1.CryptoKey] in the given Cloud organization. + # [CryptoKey][google.cloud.kms.v1.CryptoKey] in the given Cloud + # organization/project. rpc :SearchProtectedResources, ::Google::Cloud::Kms::Inventory::V1::SearchProtectedResourcesRequest, ::Google::Cloud::Kms::Inventory::V1::SearchProtectedResourcesResponse end diff --git a/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/inventory/v1/key_tracking_service.rb b/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/inventory/v1/key_tracking_service.rb index a20f7c96e6dd..7eae9b0540a6 100644 --- a/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/inventory/v1/key_tracking_service.rb +++ b/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/inventory/v1/key_tracking_service.rb @@ -28,13 +28,17 @@ module V1 # @return [::String] # Required. The resource name of the # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. + # @!attribute [rw] fallback_scope + # @return [::Google::Cloud::Kms::Inventory::V1::FallbackScope] + # Optional. The scope to use if the kms organization service account is not + # configured. class GetProtectedResourcesSummaryRequest include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # Aggregate information about the resources protected by a Cloud KMS key in the - # same Cloud organization as the key. + # same Cloud organization/project as the key. # @!attribute [rw] name # @return [::String] # The full name of the ProtectedResourcesSummary resource. @@ -57,6 +61,12 @@ class GetProtectedResourcesSummaryRequest # @!attribute [rw] locations # @return [::Google::Protobuf::Map{::String => ::Integer}] # The number of resources protected by the key grouped by region. + # @!attribute [rw] warnings + # @return [::Array<::Google::Cloud::Kms::Inventory::V1::Warning>] + # Warning messages for the state of response + # {::Google::Cloud::Kms::Inventory::V1::ProtectedResourcesSummary ProtectedResourcesSummary} + # For example, if the organization service account is not configured, + # INSUFFICIENT_PERMISSIONS_PARTIAL_DATA warning will be returned. class ProtectedResourcesSummary include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods @@ -93,8 +103,14 @@ class LocationsEntry # {::Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Client#search_protected_resources KeyTrackingService.SearchProtectedResources}. # @!attribute [rw] scope # @return [::String] - # Required. Resource name of the organization. - # Example: organizations/123 + # Required. A scope can be an organization or a project. Resources protected + # by the crypto key in provided scope will be returned. + # + # The following values are allowed: + # + # * organizations/\\{ORGANIZATION_NUMBER} (e.g., "organizations/12345678") + # * projects/\\{PROJECT_ID} (e.g., "projects/foo-bar") + # * projects/\\{PROJECT_NUMBER} (e.g., "projects/12345678") # @!attribute [rw] crypto_key # @return [::String] # Required. The resource name of the @@ -209,6 +225,56 @@ class LabelsEntry extend ::Google::Protobuf::MessageExts::ClassMethods end end + + # A warning message that indicates potential problems with the response data. + # @!attribute [rw] warning_code + # @return [::Google::Cloud::Kms::Inventory::V1::Warning::WarningCode] + # The specific warning code for the displayed message. + # @!attribute [rw] display_message + # @return [::String] + # The literal message providing context and details about the warnings. + class Warning + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + + # Different types of warnings that can be returned to the user. + # The display_message contains detailed information regarding the + # warning_code. + module WarningCode + # Default value. This value is unused. + WARNING_CODE_UNSPECIFIED = 0 + + # Indicates that the caller or service agent lacks necessary permissions + # to view some of the requested data. The response may be partial. + # Example: + # - KMS organization service agent \\{service_agent_name} lacks the + # `cloudasset.assets.searchAllResources` permission on the scope. + INSUFFICIENT_PERMISSIONS_PARTIAL_DATA = 1 + + # Indicates that a resource limit has been exceeded, resulting in partial + # data. Example: + # - The project has more than 10,000 assets (resources, + # crypto keys, key handles, IAM policies, etc). + RESOURCE_LIMIT_EXCEEDED_PARTIAL_DATA = 2 + + # Indicates that the project exists outside of an organization resource. + # Thus the analysis is only done for the project level data and results + # might be partial. + ORG_LESS_PROJECT_PARTIAL_DATA = 3 + end + end + + # Specifies the scope to use if the organization service agent is not + # configured. + module FallbackScope + # Unspecified scope type. + FALLBACK_SCOPE_UNSPECIFIED = 0 + + # If set to `FALLBACK_SCOPE_PROJECT`, the API will fall back to using key's + # project as request scope if the kms organization service account is not + # configured. + FALLBACK_SCOPE_PROJECT = 1 + end end end end diff --git a/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/v1/resources.rb b/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/v1/resources.rb index f7f745fd5ded..b37b95b72c7d 100644 --- a/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/v1/resources.rb +++ b/google-cloud-kms-inventory-v1/proto_docs/google/cloud/kms/v1/resources.rb @@ -570,13 +570,40 @@ module CryptoKeyVersionAlgorithm # datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/. KEM_XWING = 63 + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at + # security level 1. Randomized version. + PQ_SIGN_ML_DSA_44 = 68 + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at # security level 3. Randomized version. PQ_SIGN_ML_DSA_65 = 56 + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at + # security level 5. Randomized version. + PQ_SIGN_ML_DSA_87 = 69 + # The post-quantum stateless hash-based digital signature algorithm, at # security level 1. Randomized version. PQ_SIGN_SLH_DSA_SHA2_128S = 57 + + # The post-quantum stateless hash-based digital signature algorithm, at + # security level 1. Randomized pre-hash version supporting SHA256 digests. + PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256 = 60 + + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at + # security level 1. Randomized version supporting externally-computed + # message representatives. + PQ_SIGN_ML_DSA_44_EXTERNAL_MU = 70 + + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at + # security level 3. Randomized version supporting externally-computed + # message representatives. + PQ_SIGN_ML_DSA_65_EXTERNAL_MU = 67 + + # The post-quantum Module-Lattice-Based Digital Signature Algorithm, at + # security level 5. Randomized version supporting externally-computed + # message representatives. + PQ_SIGN_ML_DSA_87_EXTERNAL_MU = 71 end # The state of a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, @@ -879,8 +906,7 @@ module PublicKeyFormat # operations are performed. Currently, this field is only populated for keys # stored in HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may # apply to additional {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevels} - # in the future. - # Supported resources: + # in the future. Supported resources: # * `"projects/*/locations/*/singleTenantHsmInstances/*"` class ImportJob include ::Google::Protobuf::MessageExts @@ -1015,6 +1041,32 @@ class KeyAccessJustificationsPolicy extend ::Google::Protobuf::MessageExts::ClassMethods end + # A RetiredResource resource represents the record of a deleted + # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. Its purpose is to provide + # visibility into retained user data and to prevent reuse of these names for + # new {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}. + # @!attribute [r] name + # @return [::String] + # Output only. Identifier. The resource name for this + # {::Google::Cloud::Kms::V1::RetiredResource RetiredResource} in the format + # `projects/*/locations/*/retiredResources/*`. + # @!attribute [r] original_resource + # @return [::String] + # Output only. The full resource name of the original + # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that was deleted in the format + # `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + # @!attribute [r] resource_type + # @return [::String] + # Output only. The resource type of the original deleted resource. + # @!attribute [r] delete_time + # @return [::Google::Protobuf::Timestamp] + # Output only. The time at which the original resource was deleted and this + # RetiredResource record was created. + class RetiredResource + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + # {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} specifies how # cryptographic operations are performed. For more information, see [Protection # levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels). diff --git a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_paths_test.rb b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_paths_test.rb index a644bea4826f..b2d0b314f417 100644 --- a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_paths_test.rb +++ b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_paths_test.rb @@ -53,6 +53,18 @@ def test_organization_path end end + def test_project_path + grpc_channel = ::GRPC::Core::Channel.new "localhost:8888", nil, :this_channel_is_insecure + ::Gapic::ServiceStub.stub :new, DummyStub.new do + client = ::Google::Cloud::Kms::Inventory::V1::KeyTrackingService::Client.new do |config| + config.credentials = grpc_channel + end + + path = client.project_path project: "value0" + assert_equal "projects/value0", path + end + end + def test_protected_resources_summary_path grpc_channel = ::GRPC::Core::Channel.new "localhost:8888", nil, :this_channel_is_insecure ::Gapic::ServiceStub.stub :new, DummyStub.new do diff --git a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_rest_test.rb b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_rest_test.rb index 6c1049b52db7..a43addcb77f9 100644 --- a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_rest_test.rb +++ b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_rest_test.rb @@ -87,6 +87,7 @@ def test_get_protected_resources_summary # Create request parameters for a unary method. name = "hello world" + fallback_scope = :FALLBACK_SCOPE_UNSPECIFIED get_protected_resources_summary_client_stub = ClientStub.new http_response do |_verb, uri:, body:, params:, options:, method_name:| assert options.metadata.key? :"x-goog-api-client" @@ -102,27 +103,27 @@ def test_get_protected_resources_summary end # Use hash object - client.get_protected_resources_summary({ name: name }) do |_result, response| + client.get_protected_resources_summary({ name: name, fallback_scope: fallback_scope }) do |_result, response| assert_equal http_response, response.underlying_op end # Use named arguments - client.get_protected_resources_summary name: name do |_result, response| + client.get_protected_resources_summary name: name, fallback_scope: fallback_scope do |_result, response| assert_equal http_response, response.underlying_op end # Use protobuf object - client.get_protected_resources_summary ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name) do |_result, response| + client.get_protected_resources_summary ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name, fallback_scope: fallback_scope) do |_result, response| assert_equal http_response, response.underlying_op end # Use hash object with options - client.get_protected_resources_summary({ name: name }, call_options) do |_result, response| + client.get_protected_resources_summary({ name: name, fallback_scope: fallback_scope }, call_options) do |_result, response| assert_equal http_response, response.underlying_op end # Use protobuf object with options - client.get_protected_resources_summary(::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name), call_options) do |_result, response| + client.get_protected_resources_summary(::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name, fallback_scope: fallback_scope), call_options) do |_result, response| assert_equal http_response, response.underlying_op end diff --git a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_test.rb b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_test.rb index e186f0685087..b6f92fc5f4a7 100644 --- a/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_test.rb +++ b/google-cloud-kms-inventory-v1/test/google/cloud/kms/inventory/v1/key_tracking_service_test.rb @@ -72,11 +72,13 @@ def test_get_protected_resources_summary # Create request parameters for a unary method. name = "hello world" + fallback_scope = :FALLBACK_SCOPE_UNSPECIFIED get_protected_resources_summary_client_stub = ClientStub.new grpc_response, grpc_operation do |name, request, options:| assert_equal :get_protected_resources_summary, name assert_kind_of ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest, request assert_equal "hello world", request["name"] + assert_equal :FALLBACK_SCOPE_UNSPECIFIED, request["fallback_scope"] refute_nil options end @@ -87,31 +89,31 @@ def test_get_protected_resources_summary end # Use hash object - client.get_protected_resources_summary({ name: name }) do |response, operation| + client.get_protected_resources_summary({ name: name, fallback_scope: fallback_scope }) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use named arguments - client.get_protected_resources_summary name: name do |response, operation| + client.get_protected_resources_summary name: name, fallback_scope: fallback_scope do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use protobuf object - client.get_protected_resources_summary ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name) do |response, operation| + client.get_protected_resources_summary ::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name, fallback_scope: fallback_scope) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use hash object with options - client.get_protected_resources_summary({ name: name }, grpc_options) do |response, operation| + client.get_protected_resources_summary({ name: name, fallback_scope: fallback_scope }, grpc_options) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use protobuf object with options - client.get_protected_resources_summary(::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name), grpc_options) do |response, operation| + client.get_protected_resources_summary(::Google::Cloud::Kms::Inventory::V1::GetProtectedResourcesSummaryRequest.new(name: name, fallback_scope: fallback_scope), grpc_options) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end