cloudkms-gen.go

Documentation: google.golang.org/api/cloudkms/v1

     1  // Copyright 2024 Google LLC.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Code generated file. DO NOT EDIT.
     6  
     7  // Package cloudkms provides access to the Cloud Key Management Service (KMS) API.
     8  //
     9  // This package is DEPRECATED. Use package cloud.google.com/go/kms/apiv1 instead.
    10  //
    11  // For product documentation, see: https://cloud.google.com/kms/
    12  //
    13  // # Library status
    14  //
    15  // These client libraries are officially supported by Google. However, this
    16  // library is considered complete and is in maintenance mode. This means
    17  // that we will address critical bugs and security issues but will not add
    18  // any new features.
    19  //
    20  // When possible, we recommend using our newer
    21  // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go)
    22  // that are still actively being worked and iterated on.
    23  //
    24  // # Creating a client
    25  //
    26  // Usage example:
    27  //
    28  //	import "google.golang.org/api/cloudkms/v1"
    29  //	...
    30  //	ctx := context.Background()
    31  //	cloudkmsService, err := cloudkms.NewService(ctx)
    32  //
    33  // In this example, Google Application Default Credentials are used for
    34  // authentication. For information on how to create and obtain Application
    35  // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
    36  //
    37  // # Other authentication options
    38  //
    39  // By default, all available scopes (see "Constants") are used to authenticate.
    40  // To restrict scopes, use [google.golang.org/api/option.WithScopes]:
    41  //
    42  //	cloudkmsService, err := cloudkms.NewService(ctx, option.WithScopes(cloudkms.CloudkmsScope))
    43  //
    44  // To use an API key for authentication (note: some APIs do not support API
    45  // keys), use [google.golang.org/api/option.WithAPIKey]:
    46  //
    47  //	cloudkmsService, err := cloudkms.NewService(ctx, option.WithAPIKey("AIza..."))
    48  //
    49  // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth
    50  // flow, use [google.golang.org/api/option.WithTokenSource]:
    51  //
    52  //	config := &oauth2.Config{...}
    53  //	// ...
    54  //	token, err := config.Exchange(ctx, ...)
    55  //	cloudkmsService, err := cloudkms.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
    56  //
    57  // See [google.golang.org/api/option.ClientOption] for details on options.
    58  package cloudkms // import "google.golang.org/api/cloudkms/v1"
    59  
    60  import (
    61  	"bytes"
    62  	"context"
    63  	"encoding/json"
    64  	"errors"
    65  	"fmt"
    66  	"io"
    67  	"net/http"
    68  	"net/url"
    69  	"strconv"
    70  	"strings"
    71  
    72  	googleapi "google.golang.org/api/googleapi"
    73  	internal "google.golang.org/api/internal"
    74  	gensupport "google.golang.org/api/internal/gensupport"
    75  	option "google.golang.org/api/option"
    76  	internaloption "google.golang.org/api/option/internaloption"
    77  	htransport "google.golang.org/api/transport/http"
    78  )
    79  
    80  // Always reference these packages, just in case the auto-generated code
    81  // below doesn't.
    82  var _ = bytes.NewBuffer
    83  var _ = strconv.Itoa
    84  var _ = fmt.Sprintf
    85  var _ = json.NewDecoder
    86  var _ = io.Copy
    87  var _ = url.Parse
    88  var _ = gensupport.MarshalJSON
    89  var _ = googleapi.Version
    90  var _ = errors.New
    91  var _ = strings.Replace
    92  var _ = context.Canceled
    93  var _ = internaloption.WithDefaultEndpoint
    94  var _ = internal.Version
    95  
    96  const apiId = "cloudkms:v1"
    97  const apiName = "cloudkms"
    98  const apiVersion = "v1"
    99  const basePath = "https://cloudkms.googleapis.com/"
   100  const basePathTemplate = "https://cloudkms.UNIVERSE_DOMAIN/"
   101  const mtlsBasePath = "https://cloudkms.mtls.googleapis.com/"
   102  
   103  // OAuth2 scopes used by this API.
   104  const (
   105  	// See, edit, configure, and delete your Google Cloud data and see the email
   106  	// address for your Google Account.
   107  	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
   108  
   109  	// View and manage your keys and secrets stored in Cloud Key Management Service
   110  	CloudkmsScope = "https://www.googleapis.com/auth/cloudkms"
   111  )
   112  
   113  // NewService creates a new Service.
   114  func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
   115  	scopesOption := internaloption.WithDefaultScopes(
   116  		"https://www.googleapis.com/auth/cloud-platform",
   117  		"https://www.googleapis.com/auth/cloudkms",
   118  	)
   119  	// NOTE: prepend, so we don't override user-specified scopes.
   120  	opts = append([]option.ClientOption{scopesOption}, opts...)
   121  	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
   122  	opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate))
   123  	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
   124  	opts = append(opts, internaloption.EnableNewAuthLibrary())
   125  	client, endpoint, err := htransport.NewClient(ctx, opts...)
   126  	if err != nil {
   127  		return nil, err
   128  	}
   129  	s, err := New(client)
   130  	if err != nil {
   131  		return nil, err
   132  	}
   133  	if endpoint != "" {
   134  		s.BasePath = endpoint
   135  	}
   136  	return s, nil
   137  }
   138  
   139  // New creates a new Service. It uses the provided http.Client for requests.
   140  //
   141  // Deprecated: please use NewService instead.
   142  // To provide a custom HTTP client, use option.WithHTTPClient.
   143  // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
   144  func New(client *http.Client) (*Service, error) {
   145  	if client == nil {
   146  		return nil, errors.New("client is nil")
   147  	}
   148  	s := &Service{client: client, BasePath: basePath}
   149  	s.Folders = NewFoldersService(s)
   150  	s.Projects = NewProjectsService(s)
   151  	return s, nil
   152  }
   153  
   154  type Service struct {
   155  	client    *http.Client
   156  	BasePath  string // API endpoint base URL
   157  	UserAgent string // optional additional User-Agent fragment
   158  
   159  	Folders *FoldersService
   160  
   161  	Projects *ProjectsService
   162  }
   163  
   164  func (s *Service) userAgent() string {
   165  	if s.UserAgent == "" {
   166  		return googleapi.UserAgent
   167  	}
   168  	return googleapi.UserAgent + " " + s.UserAgent
   169  }
   170  
   171  func NewFoldersService(s *Service) *FoldersService {
   172  	rs := &FoldersService{s: s}
   173  	return rs
   174  }
   175  
   176  type FoldersService struct {
   177  	s *Service
   178  }
   179  
   180  func NewProjectsService(s *Service) *ProjectsService {
   181  	rs := &ProjectsService{s: s}
   182  	rs.Locations = NewProjectsLocationsService(s)
   183  	return rs
   184  }
   185  
   186  type ProjectsService struct {
   187  	s *Service
   188  
   189  	Locations *ProjectsLocationsService
   190  }
   191  
   192  func NewProjectsLocationsService(s *Service) *ProjectsLocationsService {
   193  	rs := &ProjectsLocationsService{s: s}
   194  	rs.EkmConfig = NewProjectsLocationsEkmConfigService(s)
   195  	rs.EkmConnections = NewProjectsLocationsEkmConnectionsService(s)
   196  	rs.KeyHandles = NewProjectsLocationsKeyHandlesService(s)
   197  	rs.KeyRings = NewProjectsLocationsKeyRingsService(s)
   198  	rs.Operations = NewProjectsLocationsOperationsService(s)
   199  	return rs
   200  }
   201  
   202  type ProjectsLocationsService struct {
   203  	s *Service
   204  
   205  	EkmConfig *ProjectsLocationsEkmConfigService
   206  
   207  	EkmConnections *ProjectsLocationsEkmConnectionsService
   208  
   209  	KeyHandles *ProjectsLocationsKeyHandlesService
   210  
   211  	KeyRings *ProjectsLocationsKeyRingsService
   212  
   213  	Operations *ProjectsLocationsOperationsService
   214  }
   215  
   216  func NewProjectsLocationsEkmConfigService(s *Service) *ProjectsLocationsEkmConfigService {
   217  	rs := &ProjectsLocationsEkmConfigService{s: s}
   218  	return rs
   219  }
   220  
   221  type ProjectsLocationsEkmConfigService struct {
   222  	s *Service
   223  }
   224  
   225  func NewProjectsLocationsEkmConnectionsService(s *Service) *ProjectsLocationsEkmConnectionsService {
   226  	rs := &ProjectsLocationsEkmConnectionsService{s: s}
   227  	return rs
   228  }
   229  
   230  type ProjectsLocationsEkmConnectionsService struct {
   231  	s *Service
   232  }
   233  
   234  func NewProjectsLocationsKeyHandlesService(s *Service) *ProjectsLocationsKeyHandlesService {
   235  	rs := &ProjectsLocationsKeyHandlesService{s: s}
   236  	return rs
   237  }
   238  
   239  type ProjectsLocationsKeyHandlesService struct {
   240  	s *Service
   241  }
   242  
   243  func NewProjectsLocationsKeyRingsService(s *Service) *ProjectsLocationsKeyRingsService {
   244  	rs := &ProjectsLocationsKeyRingsService{s: s}
   245  	rs.CryptoKeys = NewProjectsLocationsKeyRingsCryptoKeysService(s)
   246  	rs.ImportJobs = NewProjectsLocationsKeyRingsImportJobsService(s)
   247  	return rs
   248  }
   249  
   250  type ProjectsLocationsKeyRingsService struct {
   251  	s *Service
   252  
   253  	CryptoKeys *ProjectsLocationsKeyRingsCryptoKeysService
   254  
   255  	ImportJobs *ProjectsLocationsKeyRingsImportJobsService
   256  }
   257  
   258  func NewProjectsLocationsKeyRingsCryptoKeysService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysService {
   259  	rs := &ProjectsLocationsKeyRingsCryptoKeysService{s: s}
   260  	rs.CryptoKeyVersions = NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s)
   261  	return rs
   262  }
   263  
   264  type ProjectsLocationsKeyRingsCryptoKeysService struct {
   265  	s *Service
   266  
   267  	CryptoKeyVersions *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService
   268  }
   269  
   270  func NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService {
   271  	rs := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService{s: s}
   272  	return rs
   273  }
   274  
   275  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService struct {
   276  	s *Service
   277  }
   278  
   279  func NewProjectsLocationsKeyRingsImportJobsService(s *Service) *ProjectsLocationsKeyRingsImportJobsService {
   280  	rs := &ProjectsLocationsKeyRingsImportJobsService{s: s}
   281  	return rs
   282  }
   283  
   284  type ProjectsLocationsKeyRingsImportJobsService struct {
   285  	s *Service
   286  }
   287  
   288  func NewProjectsLocationsOperationsService(s *Service) *ProjectsLocationsOperationsService {
   289  	rs := &ProjectsLocationsOperationsService{s: s}
   290  	return rs
   291  }
   292  
   293  type ProjectsLocationsOperationsService struct {
   294  	s *Service
   295  }
   296  
   297  // AsymmetricDecryptRequest: Request message for
   298  // KeyManagementService.AsymmetricDecrypt.
   299  type AsymmetricDecryptRequest struct {
   300  	// Ciphertext: Required. The data encrypted with the named CryptoKeyVersion's
   301  	// public key using OAEP.
   302  	Ciphertext string `json:"ciphertext,omitempty"`
   303  	// CiphertextCrc32c: Optional. An optional CRC32C checksum of the
   304  	// AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will
   305  	// verify the integrity of the received AsymmetricDecryptRequest.ciphertext
   306  	// using this checksum. KeyManagementService will report an error if the
   307  	// checksum verification fails. If you receive a checksum error, your client
   308  	// should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to
   309  	// AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited
   310  	// number of retries. A persistent mismatch may indicate an issue in your
   311  	// computation of the CRC32C checksum. Note: This field is defined as int64 for
   312  	// reasons of compatibility across different languages. However, it is a
   313  	// non-negative integer, which will never exceed 2^32-1, and can be safely
   314  	// downconverted to uint32 in languages that support this type.
   315  	CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
   316  	// ForceSendFields is a list of field names (e.g. "Ciphertext") to
   317  	// unconditionally include in API requests. By default, fields with empty or
   318  	// default values are omitted from API requests. See
   319  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   320  	// details.
   321  	ForceSendFields []string `json:"-"`
   322  	// NullFields is a list of field names (e.g. "Ciphertext") to include in API
   323  	// requests with the JSON null value. By default, fields with empty values are
   324  	// omitted from API requests. See
   325  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   326  	NullFields []string `json:"-"`
   327  }
   328  
   329  func (s *AsymmetricDecryptRequest) MarshalJSON() ([]byte, error) {
   330  	type NoMethod AsymmetricDecryptRequest
   331  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   332  }
   333  
   334  // AsymmetricDecryptResponse: Response message for
   335  // KeyManagementService.AsymmetricDecrypt.
   336  type AsymmetricDecryptResponse struct {
   337  	// Plaintext: The decrypted data originally encrypted with the matching public
   338  	// key.
   339  	Plaintext string `json:"plaintext,omitempty"`
   340  	// PlaintextCrc32c: Integrity verification field. A CRC32C checksum of the
   341  	// returned AsymmetricDecryptResponse.plaintext. An integrity check of
   342  	// AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C
   343  	// checksum of AsymmetricDecryptResponse.plaintext and comparing your results
   344  	// to this field. Discard the response in case of non-matching checksum values,
   345  	// and perform a limited number of retries. A persistent mismatch may indicate
   346  	// an issue in your computation of the CRC32C checksum. Note: This field is
   347  	// defined as int64 for reasons of compatibility across different languages.
   348  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
   349  	// can be safely downconverted to uint32 in languages that support this type.
   350  	PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
   351  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used in
   352  	// decryption.
   353  	//
   354  	// Possible values:
   355  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
   356  	//   "SOFTWARE" - Crypto operations are performed in software.
   357  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
   358  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
   359  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
   360  	// backend.
   361  	ProtectionLevel string `json:"protectionLevel,omitempty"`
   362  	// VerifiedCiphertextCrc32c: Integrity verification field. A flag indicating
   363  	// whether AsymmetricDecryptRequest.ciphertext_crc32c was received by
   364  	// KeyManagementService and used for the integrity verification of the
   365  	// ciphertext. A false value of this field indicates either that
   366  	// AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not
   367  	// delivered to KeyManagementService. If you've set
   368  	// AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false,
   369  	// discard the response and perform a limited number of retries.
   370  	VerifiedCiphertextCrc32c bool `json:"verifiedCiphertextCrc32c,omitempty"`
   371  
   372  	// ServerResponse contains the HTTP response code and headers from the server.
   373  	googleapi.ServerResponse `json:"-"`
   374  	// ForceSendFields is a list of field names (e.g. "Plaintext") to
   375  	// unconditionally include in API requests. By default, fields with empty or
   376  	// default values are omitted from API requests. See
   377  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   378  	// details.
   379  	ForceSendFields []string `json:"-"`
   380  	// NullFields is a list of field names (e.g. "Plaintext") to include in API
   381  	// requests with the JSON null value. By default, fields with empty values are
   382  	// omitted from API requests. See
   383  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   384  	NullFields []string `json:"-"`
   385  }
   386  
   387  func (s *AsymmetricDecryptResponse) MarshalJSON() ([]byte, error) {
   388  	type NoMethod AsymmetricDecryptResponse
   389  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   390  }
   391  
   392  // AsymmetricSignRequest: Request message for
   393  // KeyManagementService.AsymmetricSign.
   394  type AsymmetricSignRequest struct {
   395  	// Data: Optional. The data to sign. It can't be supplied if
   396  	// AsymmetricSignRequest.digest is supplied.
   397  	Data string `json:"data,omitempty"`
   398  	// DataCrc32c: Optional. An optional CRC32C checksum of the
   399  	// AsymmetricSignRequest.data. If specified, KeyManagementService will verify
   400  	// the integrity of the received AsymmetricSignRequest.data using this
   401  	// checksum. KeyManagementService will report an error if the checksum
   402  	// verification fails. If you receive a checksum error, your client should
   403  	// verify that CRC32C(AsymmetricSignRequest.data) is equal to
   404  	// AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of
   405  	// retries. A persistent mismatch may indicate an issue in your computation of
   406  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
   407  	// compatibility across different languages. However, it is a non-negative
   408  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
   409  	// uint32 in languages that support this type.
   410  	DataCrc32c int64 `json:"dataCrc32c,omitempty,string"`
   411  	// Digest: Optional. The digest of the data to sign. The digest must be
   412  	// produced with the same digest algorithm as specified by the key version's
   413  	// algorithm. This field may not be supplied if AsymmetricSignRequest.data is
   414  	// supplied.
   415  	Digest *Digest `json:"digest,omitempty"`
   416  	// DigestCrc32c: Optional. An optional CRC32C checksum of the
   417  	// AsymmetricSignRequest.digest. If specified, KeyManagementService will verify
   418  	// the integrity of the received AsymmetricSignRequest.digest using this
   419  	// checksum. KeyManagementService will report an error if the checksum
   420  	// verification fails. If you receive a checksum error, your client should
   421  	// verify that CRC32C(AsymmetricSignRequest.digest) is equal to
   422  	// AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of
   423  	// retries. A persistent mismatch may indicate an issue in your computation of
   424  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
   425  	// compatibility across different languages. However, it is a non-negative
   426  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
   427  	// uint32 in languages that support this type.
   428  	DigestCrc32c int64 `json:"digestCrc32c,omitempty,string"`
   429  	// ForceSendFields is a list of field names (e.g. "Data") to unconditionally
   430  	// include in API requests. By default, fields with empty or default values are
   431  	// omitted from API requests. See
   432  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   433  	// details.
   434  	ForceSendFields []string `json:"-"`
   435  	// NullFields is a list of field names (e.g. "Data") to include in API requests
   436  	// with the JSON null value. By default, fields with empty values are omitted
   437  	// from API requests. See
   438  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   439  	NullFields []string `json:"-"`
   440  }
   441  
   442  func (s *AsymmetricSignRequest) MarshalJSON() ([]byte, error) {
   443  	type NoMethod AsymmetricSignRequest
   444  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   445  }
   446  
   447  // AsymmetricSignResponse: Response message for
   448  // KeyManagementService.AsymmetricSign.
   449  type AsymmetricSignResponse struct {
   450  	// Name: The resource name of the CryptoKeyVersion used for signing. Check this
   451  	// field to verify that the intended resource was used for signing.
   452  	Name string `json:"name,omitempty"`
   453  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used for
   454  	// signing.
   455  	//
   456  	// Possible values:
   457  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
   458  	//   "SOFTWARE" - Crypto operations are performed in software.
   459  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
   460  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
   461  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
   462  	// backend.
   463  	ProtectionLevel string `json:"protectionLevel,omitempty"`
   464  	// Signature: The created signature.
   465  	Signature string `json:"signature,omitempty"`
   466  	// SignatureCrc32c: Integrity verification field. A CRC32C checksum of the
   467  	// returned AsymmetricSignResponse.signature. An integrity check of
   468  	// AsymmetricSignResponse.signature can be performed by computing the CRC32C
   469  	// checksum of AsymmetricSignResponse.signature and comparing your results to
   470  	// this field. Discard the response in case of non-matching checksum values,
   471  	// and perform a limited number of retries. A persistent mismatch may indicate
   472  	// an issue in your computation of the CRC32C checksum. Note: This field is
   473  	// defined as int64 for reasons of compatibility across different languages.
   474  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
   475  	// can be safely downconverted to uint32 in languages that support this type.
   476  	SignatureCrc32c int64 `json:"signatureCrc32c,omitempty,string"`
   477  	// VerifiedDataCrc32c: Integrity verification field. A flag indicating whether
   478  	// AsymmetricSignRequest.data_crc32c was received by KeyManagementService and
   479  	// used for the integrity verification of the data. A false value of this field
   480  	// indicates either that AsymmetricSignRequest.data_crc32c was left unset or
   481  	// that it was not delivered to KeyManagementService. If you've set
   482  	// AsymmetricSignRequest.data_crc32c but this field is still false, discard the
   483  	// response and perform a limited number of retries.
   484  	VerifiedDataCrc32c bool `json:"verifiedDataCrc32c,omitempty"`
   485  	// VerifiedDigestCrc32c: Integrity verification field. A flag indicating
   486  	// whether AsymmetricSignRequest.digest_crc32c was received by
   487  	// KeyManagementService and used for the integrity verification of the digest.
   488  	// A false value of this field indicates either that
   489  	// AsymmetricSignRequest.digest_crc32c was left unset or that it was not
   490  	// delivered to KeyManagementService. If you've set
   491  	// AsymmetricSignRequest.digest_crc32c but this field is still false, discard
   492  	// the response and perform a limited number of retries.
   493  	VerifiedDigestCrc32c bool `json:"verifiedDigestCrc32c,omitempty"`
   494  
   495  	// ServerResponse contains the HTTP response code and headers from the server.
   496  	googleapi.ServerResponse `json:"-"`
   497  	// ForceSendFields is a list of field names (e.g. "Name") to unconditionally
   498  	// include in API requests. By default, fields with empty or default values are
   499  	// omitted from API requests. See
   500  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   501  	// details.
   502  	ForceSendFields []string `json:"-"`
   503  	// NullFields is a list of field names (e.g. "Name") to include in API requests
   504  	// with the JSON null value. By default, fields with empty values are omitted
   505  	// from API requests. See
   506  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   507  	NullFields []string `json:"-"`
   508  }
   509  
   510  func (s *AsymmetricSignResponse) MarshalJSON() ([]byte, error) {
   511  	type NoMethod AsymmetricSignResponse
   512  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   513  }
   514  
   515  // AuditConfig: Specifies the audit configuration for a service. The
   516  // configuration determines which permission types are logged, and what
   517  // identities, if any, are exempted from logging. An AuditConfig must have one
   518  // or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
   519  // and a specific service, the union of the two AuditConfigs is used for that
   520  // service: the log_types specified in each AuditConfig are enabled, and the
   521  // exempted_members in each AuditLogConfig are exempted. Example Policy with
   522  // multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
   523  // "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [
   524  // "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type":
   525  // "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
   526  // "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
   527  // "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For
   528  // sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
   529  // logging. It also exempts `jose@example.com` from DATA_READ logging, and
   530  // `aliya@example.com` from DATA_WRITE logging.
   531  type AuditConfig struct {
   532  	// AuditLogConfigs: The configuration for logging of each type of permission.
   533  	AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
   534  	// Service: Specifies a service that will be enabled for audit logging. For
   535  	// example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices`
   536  	// is a special value that covers all services.
   537  	Service string `json:"service,omitempty"`
   538  	// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
   539  	// unconditionally include in API requests. By default, fields with empty or
   540  	// default values are omitted from API requests. See
   541  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   542  	// details.
   543  	ForceSendFields []string `json:"-"`
   544  	// NullFields is a list of field names (e.g. "AuditLogConfigs") to include in
   545  	// API requests with the JSON null value. By default, fields with empty values
   546  	// are omitted from API requests. See
   547  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   548  	NullFields []string `json:"-"`
   549  }
   550  
   551  func (s *AuditConfig) MarshalJSON() ([]byte, error) {
   552  	type NoMethod AuditConfig
   553  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   554  }
   555  
   556  // AuditLogConfig: Provides the configuration for logging a type of
   557  // permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ",
   558  // "exempted_members": [ "user:jose@example.com" ] }, { "log_type":
   559  // "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
   560  // exempting jose@example.com from DATA_READ logging.
   561  type AuditLogConfig struct {
   562  	// ExemptedMembers: Specifies the identities that do not cause logging for this
   563  	// type of permission. Follows the same format of Binding.members.
   564  	ExemptedMembers []string `json:"exemptedMembers,omitempty"`
   565  	// LogType: The log type that this config enables.
   566  	//
   567  	// Possible values:
   568  	//   "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
   569  	//   "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
   570  	//   "DATA_WRITE" - Data writes. Example: CloudSQL Users create
   571  	//   "DATA_READ" - Data reads. Example: CloudSQL Users list
   572  	LogType string `json:"logType,omitempty"`
   573  	// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
   574  	// unconditionally include in API requests. By default, fields with empty or
   575  	// default values are omitted from API requests. See
   576  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   577  	// details.
   578  	ForceSendFields []string `json:"-"`
   579  	// NullFields is a list of field names (e.g. "ExemptedMembers") to include in
   580  	// API requests with the JSON null value. By default, fields with empty values
   581  	// are omitted from API requests. See
   582  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   583  	NullFields []string `json:"-"`
   584  }
   585  
   586  func (s *AuditLogConfig) MarshalJSON() ([]byte, error) {
   587  	type NoMethod AuditLogConfig
   588  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   589  }
   590  
   591  // AutokeyConfig: Cloud KMS Autokey configuration for a folder.
   592  type AutokeyConfig struct {
   593  	// KeyProject: Optional. Name of the key project, e.g. `projects/{PROJECT_ID}`
   594  	// or `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new
   595  	// CryptoKey when a KeyHandle is created. On UpdateAutokeyConfig, the caller
   596  	// will require `cloudkms.cryptoKeys.setIamPolicy` permission on this key
   597  	// project. Once configured, for Cloud KMS Autokey to function properly, this
   598  	// key project must have the Cloud KMS API activated and the Cloud KMS Service
   599  	// Agent for this key project must be granted the `cloudkms.admin` role (or
   600  	// pertinent permissions). A request with an empty key project field will clear
   601  	// the configuration.
   602  	KeyProject string `json:"keyProject,omitempty"`
   603  	// Name: Identifier. Name of the AutokeyConfig resource, e.g.
   604  	// `folders/{FOLDER_NUMBER}/autokeyConfig`.
   605  	Name string `json:"name,omitempty"`
   606  
   607  	// ServerResponse contains the HTTP response code and headers from the server.
   608  	googleapi.ServerResponse `json:"-"`
   609  	// ForceSendFields is a list of field names (e.g. "KeyProject") to
   610  	// unconditionally include in API requests. By default, fields with empty or
   611  	// default values are omitted from API requests. See
   612  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   613  	// details.
   614  	ForceSendFields []string `json:"-"`
   615  	// NullFields is a list of field names (e.g. "KeyProject") to include in API
   616  	// requests with the JSON null value. By default, fields with empty values are
   617  	// omitted from API requests. See
   618  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   619  	NullFields []string `json:"-"`
   620  }
   621  
   622  func (s *AutokeyConfig) MarshalJSON() ([]byte, error) {
   623  	type NoMethod AutokeyConfig
   624  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   625  }
   626  
   627  // Binding: Associates `members`, or principals, with a `role`.
   628  type Binding struct {
   629  	// Condition: The condition that is associated with this binding. If the
   630  	// condition evaluates to `true`, then this binding applies to the current
   631  	// request. If the condition evaluates to `false`, then this binding does not
   632  	// apply to the current request. However, a different role binding might grant
   633  	// the same role to one or more of the principals in this binding. To learn
   634  	// which resources support conditions in their IAM policies, see the IAM
   635  	// documentation
   636  	// (https://cloud.google.com/iam/help/conditions/resource-policies).
   637  	Condition *Expr `json:"condition,omitempty"`
   638  	// Members: Specifies the principals requesting access for a Google Cloud
   639  	// resource. `members` can have the following values: * `allUsers`: A special
   640  	// identifier that represents anyone who is on the internet; with or without a
   641  	// Google account. * `allAuthenticatedUsers`: A special identifier that
   642  	// represents anyone who is authenticated with a Google account or a service
   643  	// account. Does not include identities that come from external identity
   644  	// providers (IdPs) through identity federation. * `user:{emailid}`: An email
   645  	// address that represents a specific Google account. For example,
   646  	// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
   647  	// represents a Google service account. For example,
   648  	// `my-other-app@appspot.gserviceaccount.com`. *
   649  	// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
   650  	// identifier for a Kubernetes service account
   651  	// (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
   652  	// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
   653  	// `group:{emailid}`: An email address that represents a Google group. For
   654  	// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain
   655  	// (primary) that represents all the users of that domain. For example,
   656  	// `google.com` or `example.com`. *
   657  	// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub
   658  	// ject/{subject_attribute_value}`: A single identity in a workforce identity
   659  	// pool. *
   660  	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
   661  	// group/{group_id}`: All workforce identities in a group. *
   662  	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
   663  	// attribute.{attribute_name}/{attribute_value}`: All workforce identities with
   664  	// a specific attribute value. *
   665  	// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/
   666  	// *`: All identities in a workforce identity pool. *
   667  	// `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo
   668  	// rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single
   669  	// identity in a workload identity pool. *
   670  	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
   671  	// /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool
   672  	// group. *
   673  	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
   674  	// /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}
   675  	// `: All identities in a workload identity pool with a certain attribute. *
   676  	// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global
   677  	// /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity
   678  	// pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus
   679  	// unique identifier) representing a user that has been recently deleted. For
   680  	// example, `alice@example.com?uid=123456789012345678901`. If the user is
   681  	// recovered, this value reverts to `user:{emailid}` and the recovered user
   682  	// retains the role in the binding. *
   683  	// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
   684  	// unique identifier) representing a service account that has been recently
   685  	// deleted. For example,
   686  	// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the
   687  	// service account is undeleted, this value reverts to
   688  	// `serviceAccount:{emailid}` and the undeleted service account retains the
   689  	// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
   690  	// address (plus unique identifier) representing a Google group that has been
   691  	// recently deleted. For example,
   692  	// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
   693  	// this value reverts to `group:{emailid}` and the recovered group retains the
   694  	// role in the binding. *
   695  	// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool
   696  	// _id}/subject/{subject_attribute_value}`: Deleted single identity in a
   697  	// workforce identity pool. For example,
   698  	// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po
   699  	// ol-id/subject/my-subject-attribute-value`.
   700  	Members []string `json:"members,omitempty"`
   701  	// Role: Role that is assigned to the list of `members`, or principals. For
   702  	// example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview
   703  	// of the IAM roles and permissions, see the IAM documentation
   704  	// (https://cloud.google.com/iam/docs/roles-overview). For a list of the
   705  	// available pre-defined roles, see here
   706  	// (https://cloud.google.com/iam/docs/understanding-roles).
   707  	Role string `json:"role,omitempty"`
   708  	// ForceSendFields is a list of field names (e.g. "Condition") to
   709  	// unconditionally include in API requests. By default, fields with empty or
   710  	// default values are omitted from API requests. See
   711  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   712  	// details.
   713  	ForceSendFields []string `json:"-"`
   714  	// NullFields is a list of field names (e.g. "Condition") to include in API
   715  	// requests with the JSON null value. By default, fields with empty values are
   716  	// omitted from API requests. See
   717  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   718  	NullFields []string `json:"-"`
   719  }
   720  
   721  func (s *Binding) MarshalJSON() ([]byte, error) {
   722  	type NoMethod Binding
   723  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   724  }
   725  
   726  // Certificate: A Certificate represents an X.509 certificate used to
   727  // authenticate HTTPS connections to EKM replicas.
   728  type Certificate struct {
   729  	// Issuer: Output only. The issuer distinguished name in RFC 2253 format. Only
   730  	// present if parsed is true.
   731  	Issuer string `json:"issuer,omitempty"`
   732  	// NotAfterTime: Output only. The certificate is not valid after this time.
   733  	// Only present if parsed is true.
   734  	NotAfterTime string `json:"notAfterTime,omitempty"`
   735  	// NotBeforeTime: Output only. The certificate is not valid before this time.
   736  	// Only present if parsed is true.
   737  	NotBeforeTime string `json:"notBeforeTime,omitempty"`
   738  	// Parsed: Output only. True if the certificate was parsed successfully.
   739  	Parsed bool `json:"parsed,omitempty"`
   740  	// RawDer: Required. The raw certificate bytes in DER format.
   741  	RawDer string `json:"rawDer,omitempty"`
   742  	// SerialNumber: Output only. The certificate serial number as a hex string.
   743  	// Only present if parsed is true.
   744  	SerialNumber string `json:"serialNumber,omitempty"`
   745  	// Sha256Fingerprint: Output only. The SHA-256 certificate fingerprint as a hex
   746  	// string. Only present if parsed is true.
   747  	Sha256Fingerprint string `json:"sha256Fingerprint,omitempty"`
   748  	// Subject: Output only. The subject distinguished name in RFC 2253 format.
   749  	// Only present if parsed is true.
   750  	Subject string `json:"subject,omitempty"`
   751  	// SubjectAlternativeDnsNames: Output only. The subject Alternative DNS names.
   752  	// Only present if parsed is true.
   753  	SubjectAlternativeDnsNames []string `json:"subjectAlternativeDnsNames,omitempty"`
   754  	// ForceSendFields is a list of field names (e.g. "Issuer") to unconditionally
   755  	// include in API requests. By default, fields with empty or default values are
   756  	// omitted from API requests. See
   757  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   758  	// details.
   759  	ForceSendFields []string `json:"-"`
   760  	// NullFields is a list of field names (e.g. "Issuer") to include in API
   761  	// requests with the JSON null value. By default, fields with empty values are
   762  	// omitted from API requests. See
   763  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   764  	NullFields []string `json:"-"`
   765  }
   766  
   767  func (s *Certificate) MarshalJSON() ([]byte, error) {
   768  	type NoMethod Certificate
   769  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   770  }
   771  
   772  // CertificateChains: Certificate chains needed to verify the attestation.
   773  // Certificates in chains are PEM-encoded and are ordered based on
   774  // https://tools.ietf.org/html/rfc5246#section-7.4.2.
   775  type CertificateChains struct {
   776  	// CaviumCerts: Cavium certificate chain corresponding to the attestation.
   777  	CaviumCerts []string `json:"caviumCerts,omitempty"`
   778  	// GoogleCardCerts: Google card certificate chain corresponding to the
   779  	// attestation.
   780  	GoogleCardCerts []string `json:"googleCardCerts,omitempty"`
   781  	// GooglePartitionCerts: Google partition certificate chain corresponding to
   782  	// the attestation.
   783  	GooglePartitionCerts []string `json:"googlePartitionCerts,omitempty"`
   784  	// ForceSendFields is a list of field names (e.g. "CaviumCerts") to
   785  	// unconditionally include in API requests. By default, fields with empty or
   786  	// default values are omitted from API requests. See
   787  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   788  	// details.
   789  	ForceSendFields []string `json:"-"`
   790  	// NullFields is a list of field names (e.g. "CaviumCerts") to include in API
   791  	// requests with the JSON null value. By default, fields with empty values are
   792  	// omitted from API requests. See
   793  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   794  	NullFields []string `json:"-"`
   795  }
   796  
   797  func (s *CertificateChains) MarshalJSON() ([]byte, error) {
   798  	type NoMethod CertificateChains
   799  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   800  }
   801  
   802  // CryptoKey: A CryptoKey represents a logical key that can be used for
   803  // cryptographic operations. A CryptoKey is made up of zero or more versions,
   804  // which represent the actual key material used in cryptographic operations.
   805  type CryptoKey struct {
   806  	// CreateTime: Output only. The time at which this CryptoKey was created.
   807  	CreateTime string `json:"createTime,omitempty"`
   808  	// CryptoKeyBackend: Immutable. The resource name of the backend environment
   809  	// where the key material for all CryptoKeyVersions associated with this
   810  	// CryptoKey reside and where all related cryptographic operations are
   811  	// performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of
   812  	// EXTERNAL_VPC, with the resource name in the format
   813  	// `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive
   814  	// and may apply to additional ProtectionLevels in the future.
   815  	CryptoKeyBackend string `json:"cryptoKeyBackend,omitempty"`
   816  	// DestroyScheduledDuration: Immutable. The period of time that versions of
   817  	// this key spend in the DESTROY_SCHEDULED state before transitioning to
   818  	// DESTROYED. If not specified at creation time, the default duration is 24
   819  	// hours.
   820  	DestroyScheduledDuration string `json:"destroyScheduledDuration,omitempty"`
   821  	// ImportOnly: Immutable. Whether this key may contain imported versions only.
   822  	ImportOnly bool `json:"importOnly,omitempty"`
   823  	// Labels: Labels with user-defined metadata. For more information, see
   824  	// Labeling Keys (https://cloud.google.com/kms/docs/labeling-keys).
   825  	Labels map[string]string `json:"labels,omitempty"`
   826  	// Name: Output only. The resource name for this CryptoKey in the format
   827  	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
   828  	Name string `json:"name,omitempty"`
   829  	// NextRotationTime: At next_rotation_time, the Key Management Service will
   830  	// automatically: 1. Create a new version of this CryptoKey. 2. Mark the new
   831  	// version as primary. Key rotations performed manually via
   832  	// CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect
   833  	// next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic
   834  	// rotation. For other keys, this field must be omitted.
   835  	NextRotationTime string `json:"nextRotationTime,omitempty"`
   836  	// Primary: Output only. A copy of the "primary" CryptoKeyVersion that will be
   837  	// used by Encrypt when this CryptoKey is given in EncryptRequest.name. The
   838  	// CryptoKey's primary version can be updated via
   839  	// UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a
   840  	// primary. For other keys, this field will be omitted.
   841  	Primary *CryptoKeyVersion `json:"primary,omitempty"`
   842  	// Purpose: Immutable. The immutable purpose of this CryptoKey.
   843  	//
   844  	// Possible values:
   845  	//   "CRYPTO_KEY_PURPOSE_UNSPECIFIED" - Not specified.
   846  	//   "ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used with Encrypt
   847  	// and Decrypt.
   848  	//   "ASYMMETRIC_SIGN" - CryptoKeys with this purpose may be used with
   849  	// AsymmetricSign and GetPublicKey.
   850  	//   "ASYMMETRIC_DECRYPT" - CryptoKeys with this purpose may be used with
   851  	// AsymmetricDecrypt and GetPublicKey.
   852  	//   "RAW_ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used with
   853  	// RawEncrypt and RawDecrypt. This purpose is meant to be used for
   854  	// interoperable symmetric encryption and does not support automatic CryptoKey
   855  	// rotation.
   856  	//   "MAC" - CryptoKeys with this purpose may be used with MacSign.
   857  	Purpose string `json:"purpose,omitempty"`
   858  	// RotationPeriod: next_rotation_time will be advanced by this period when the
   859  	// service automatically rotates a key. Must be at least 24 hours and at most
   860  	// 876,000 hours. If rotation_period is set, next_rotation_time must also be
   861  	// set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other
   862  	// keys, this field must be omitted.
   863  	RotationPeriod string `json:"rotationPeriod,omitempty"`
   864  	// VersionTemplate: A template describing settings for new CryptoKeyVersion
   865  	// instances. The properties of new CryptoKeyVersion instances created by
   866  	// either CreateCryptoKeyVersion or auto-rotation are controlled by this
   867  	// template.
   868  	VersionTemplate *CryptoKeyVersionTemplate `json:"versionTemplate,omitempty"`
   869  
   870  	// ServerResponse contains the HTTP response code and headers from the server.
   871  	googleapi.ServerResponse `json:"-"`
   872  	// ForceSendFields is a list of field names (e.g. "CreateTime") to
   873  	// unconditionally include in API requests. By default, fields with empty or
   874  	// default values are omitted from API requests. See
   875  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
   876  	// details.
   877  	ForceSendFields []string `json:"-"`
   878  	// NullFields is a list of field names (e.g. "CreateTime") to include in API
   879  	// requests with the JSON null value. By default, fields with empty values are
   880  	// omitted from API requests. See
   881  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
   882  	NullFields []string `json:"-"`
   883  }
   884  
   885  func (s *CryptoKey) MarshalJSON() ([]byte, error) {
   886  	type NoMethod CryptoKey
   887  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
   888  }
   889  
   890  // CryptoKeyVersion: A CryptoKeyVersion represents an individual cryptographic
   891  // key, and the associated key material. An ENABLED version can be used for
   892  // cryptographic operations. For security reasons, the raw cryptographic key
   893  // material represented by a CryptoKeyVersion can never be viewed or exported.
   894  // It can only be used to encrypt, decrypt, or sign data when an authorized
   895  // user or application invokes Cloud KMS.
   896  type CryptoKeyVersion struct {
   897  	// Algorithm: Output only. The CryptoKeyVersionAlgorithm that this
   898  	// CryptoKeyVersion supports.
   899  	//
   900  	// Possible values:
   901  	//   "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
   902  	//   "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
   903  	//   "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys.
   904  	//   "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys.
   905  	//   "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
   906  	//   "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
   907  	//   "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys.
   908  	//   "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys.
   909  	//   "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest.
   910  	//   "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest.
   911  	//   "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest.
   912  	//   "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest.
   913  	//   "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a
   914  	// SHA256 digest.
   915  	//   "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a
   916  	// SHA256 digest.
   917  	//   "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
   918  	// SHA256 digest.
   919  	//   "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
   920  	// SHA512 digest.
   921  	//   "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding,
   922  	// with a 2048 bit key.
   923  	//   "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding,
   924  	// with a 3072 bit key.
   925  	//   "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding,
   926  	// with a 4096 bit key.
   927  	//   "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256
   928  	// digest.
   929  	//   "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256
   930  	// digest.
   931  	//   "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256
   932  	// digest.
   933  	//   "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512
   934  	// digest.
   935  	//   "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest.
   936  	//   "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest.
   937  	//   "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest.
   938  	//   "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
   939  	// digest. Other hash functions can also be used:
   940  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
   941  	//   "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
   942  	// digest. Other hash functions can also be used:
   943  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
   944  	//   "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This
   945  	// curve is only supported for HSM protection level. Other hash functions can
   946  	// also be used:
   947  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
   948  	//   "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as
   949  	// input).
   950  	//   "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key.
   951  	//   "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key.
   952  	//   "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key.
   953  	//   "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key.
   954  	//   "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key.
   955  	//   "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
   956  	// encryption by an external key manager.
   957  	Algorithm string `json:"algorithm,omitempty"`
   958  	// Attestation: Output only. Statement that was generated and signed by the HSM
   959  	// at key creation time. Use this statement to verify attributes of the key as
   960  	// stored on the HSM, independently of Google. Only provided for key versions
   961  	// with protection_level HSM.
   962  	Attestation *KeyOperationAttestation `json:"attestation,omitempty"`
   963  	// CreateTime: Output only. The time at which this CryptoKeyVersion was
   964  	// created.
   965  	CreateTime string `json:"createTime,omitempty"`
   966  	// DestroyEventTime: Output only. The time this CryptoKeyVersion's key material
   967  	// was destroyed. Only present if state is DESTROYED.
   968  	DestroyEventTime string `json:"destroyEventTime,omitempty"`
   969  	// DestroyTime: Output only. The time this CryptoKeyVersion's key material is
   970  	// scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
   971  	DestroyTime string `json:"destroyTime,omitempty"`
   972  	// ExternalDestructionFailureReason: Output only. The root cause of the most
   973  	// recent external destruction failure. Only present if state is
   974  	// EXTERNAL_DESTRUCTION_FAILED.
   975  	ExternalDestructionFailureReason string `json:"externalDestructionFailureReason,omitempty"`
   976  	// ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a
   977  	// group of additional fields for configuring a CryptoKeyVersion that are
   978  	// specific to the EXTERNAL protection level and EXTERNAL_VPC protection
   979  	// levels.
   980  	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `json:"externalProtectionLevelOptions,omitempty"`
   981  	// GenerateTime: Output only. The time this CryptoKeyVersion's key material was
   982  	// generated.
   983  	GenerateTime string `json:"generateTime,omitempty"`
   984  	// GenerationFailureReason: Output only. The root cause of the most recent
   985  	// generation failure. Only present if state is GENERATION_FAILED.
   986  	GenerationFailureReason string `json:"generationFailureReason,omitempty"`
   987  	// ImportFailureReason: Output only. The root cause of the most recent import
   988  	// failure. Only present if state is IMPORT_FAILED.
   989  	ImportFailureReason string `json:"importFailureReason,omitempty"`
   990  	// ImportJob: Output only. The name of the ImportJob used in the most recent
   991  	// import of this CryptoKeyVersion. Only present if the underlying key material
   992  	// was imported.
   993  	ImportJob string `json:"importJob,omitempty"`
   994  	// ImportTime: Output only. The time at which this CryptoKeyVersion's key
   995  	// material was most recently imported.
   996  	ImportTime string `json:"importTime,omitempty"`
   997  	// Name: Output only. The resource name for this CryptoKeyVersion in the format
   998  	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
   999  	Name string `json:"name,omitempty"`
  1000  	// ProtectionLevel: Output only. The ProtectionLevel describing how crypto
  1001  	// operations are performed with this CryptoKeyVersion.
  1002  	//
  1003  	// Possible values:
  1004  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1005  	//   "SOFTWARE" - Crypto operations are performed in software.
  1006  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1007  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1008  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1009  	// backend.
  1010  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1011  	// ReimportEligible: Output only. Whether or not this key version is eligible
  1012  	// for reimport, by being specified as a target in
  1013  	// ImportCryptoKeyVersionRequest.crypto_key_version.
  1014  	ReimportEligible bool `json:"reimportEligible,omitempty"`
  1015  	// State: The current state of the CryptoKeyVersion.
  1016  	//
  1017  	// Possible values:
  1018  	//   "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" - Not specified.
  1019  	//   "PENDING_GENERATION" - This version is still being generated. It may not
  1020  	// be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically
  1021  	// mark this version ENABLED as soon as the version is ready.
  1022  	//   "ENABLED" - This version may be used for cryptographic operations.
  1023  	//   "DISABLED" - This version may not be used, but the key material is still
  1024  	// available, and the version can be placed back into the ENABLED state.
  1025  	//   "DESTROYED" - This version is destroyed, and the key material is no longer
  1026  	// stored. This version may only become ENABLED again if this version is
  1027  	// reimport_eligible and the original key material is reimported with a call to
  1028  	// KeyManagementService.ImportCryptoKeyVersion.
  1029  	//   "DESTROY_SCHEDULED" - This version is scheduled for destruction, and will
  1030  	// be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the
  1031  	// DISABLED state.
  1032  	//   "PENDING_IMPORT" - This version is still being imported. It may not be
  1033  	// used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark
  1034  	// this version ENABLED as soon as the version is ready.
  1035  	//   "IMPORT_FAILED" - This version was not imported successfully. It may not
  1036  	// be used, enabled, disabled, or destroyed. The submitted key material has
  1037  	// been discarded. Additional details can be found in
  1038  	// CryptoKeyVersion.import_failure_reason.
  1039  	//   "GENERATION_FAILED" - This version was not generated successfully. It may
  1040  	// not be used, enabled, disabled, or destroyed. Additional details can be
  1041  	// found in CryptoKeyVersion.generation_failure_reason.
  1042  	//   "PENDING_EXTERNAL_DESTRUCTION" - This version was destroyed, and it may
  1043  	// not be used or enabled again. Cloud KMS is waiting for the corresponding key
  1044  	// material residing in an external key manager to be destroyed.
  1045  	//   "EXTERNAL_DESTRUCTION_FAILED" - This version was destroyed, and it may not
  1046  	// be used or enabled again. However, Cloud KMS could not confirm that the
  1047  	// corresponding key material residing in an external key manager was
  1048  	// destroyed. Additional details can be found in
  1049  	// CryptoKeyVersion.external_destruction_failure_reason.
  1050  	State string `json:"state,omitempty"`
  1051  
  1052  	// ServerResponse contains the HTTP response code and headers from the server.
  1053  	googleapi.ServerResponse `json:"-"`
  1054  	// ForceSendFields is a list of field names (e.g. "Algorithm") to
  1055  	// unconditionally include in API requests. By default, fields with empty or
  1056  	// default values are omitted from API requests. See
  1057  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1058  	// details.
  1059  	ForceSendFields []string `json:"-"`
  1060  	// NullFields is a list of field names (e.g. "Algorithm") to include in API
  1061  	// requests with the JSON null value. By default, fields with empty values are
  1062  	// omitted from API requests. See
  1063  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1064  	NullFields []string `json:"-"`
  1065  }
  1066  
  1067  func (s *CryptoKeyVersion) MarshalJSON() ([]byte, error) {
  1068  	type NoMethod CryptoKeyVersion
  1069  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1070  }
  1071  
  1072  // CryptoKeyVersionTemplate: A CryptoKeyVersionTemplate specifies the
  1073  // properties to use when creating a new CryptoKeyVersion, either manually with
  1074  // CreateCryptoKeyVersion or automatically as a result of auto-rotation.
  1075  type CryptoKeyVersionTemplate struct {
  1076  	// Algorithm: Required. Algorithm to use when creating a CryptoKeyVersion based
  1077  	// on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION
  1078  	// is implied if both this field is omitted and CryptoKey.purpose is
  1079  	// ENCRYPT_DECRYPT.
  1080  	//
  1081  	// Possible values:
  1082  	//   "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
  1083  	//   "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
  1084  	//   "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys.
  1085  	//   "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys.
  1086  	//   "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
  1087  	//   "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
  1088  	//   "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys.
  1089  	//   "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys.
  1090  	//   "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest.
  1091  	//   "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest.
  1092  	//   "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest.
  1093  	//   "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest.
  1094  	//   "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a
  1095  	// SHA256 digest.
  1096  	//   "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a
  1097  	// SHA256 digest.
  1098  	//   "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  1099  	// SHA256 digest.
  1100  	//   "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  1101  	// SHA512 digest.
  1102  	//   "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding,
  1103  	// with a 2048 bit key.
  1104  	//   "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding,
  1105  	// with a 3072 bit key.
  1106  	//   "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding,
  1107  	// with a 4096 bit key.
  1108  	//   "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256
  1109  	// digest.
  1110  	//   "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256
  1111  	// digest.
  1112  	//   "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256
  1113  	// digest.
  1114  	//   "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512
  1115  	// digest.
  1116  	//   "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest.
  1117  	//   "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest.
  1118  	//   "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest.
  1119  	//   "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
  1120  	// digest. Other hash functions can also be used:
  1121  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1122  	//   "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
  1123  	// digest. Other hash functions can also be used:
  1124  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1125  	//   "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This
  1126  	// curve is only supported for HSM protection level. Other hash functions can
  1127  	// also be used:
  1128  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1129  	//   "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as
  1130  	// input).
  1131  	//   "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key.
  1132  	//   "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key.
  1133  	//   "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key.
  1134  	//   "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key.
  1135  	//   "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key.
  1136  	//   "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
  1137  	// encryption by an external key manager.
  1138  	Algorithm string `json:"algorithm,omitempty"`
  1139  	// ProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion
  1140  	// based on this template. Immutable. Defaults to SOFTWARE.
  1141  	//
  1142  	// Possible values:
  1143  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1144  	//   "SOFTWARE" - Crypto operations are performed in software.
  1145  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1146  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1147  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1148  	// backend.
  1149  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1150  	// ForceSendFields is a list of field names (e.g. "Algorithm") to
  1151  	// unconditionally include in API requests. By default, fields with empty or
  1152  	// default values are omitted from API requests. See
  1153  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1154  	// details.
  1155  	ForceSendFields []string `json:"-"`
  1156  	// NullFields is a list of field names (e.g. "Algorithm") to include in API
  1157  	// requests with the JSON null value. By default, fields with empty values are
  1158  	// omitted from API requests. See
  1159  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1160  	NullFields []string `json:"-"`
  1161  }
  1162  
  1163  func (s *CryptoKeyVersionTemplate) MarshalJSON() ([]byte, error) {
  1164  	type NoMethod CryptoKeyVersionTemplate
  1165  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1166  }
  1167  
  1168  // DecryptRequest: Request message for KeyManagementService.Decrypt.
  1169  type DecryptRequest struct {
  1170  	// AdditionalAuthenticatedData: Optional. Optional data that must match the
  1171  	// data originally supplied in EncryptRequest.additional_authenticated_data.
  1172  	AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
  1173  	// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C checksum of
  1174  	// the DecryptRequest.additional_authenticated_data. If specified,
  1175  	// KeyManagementService will verify the integrity of the received
  1176  	// DecryptRequest.additional_authenticated_data using this checksum.
  1177  	// KeyManagementService will report an error if the checksum verification
  1178  	// fails. If you receive a checksum error, your client should verify that
  1179  	// CRC32C(DecryptRequest.additional_authenticated_data) is equal to
  1180  	// DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a
  1181  	// limited number of retries. A persistent mismatch may indicate an issue in
  1182  	// your computation of the CRC32C checksum. Note: This field is defined as
  1183  	// int64 for reasons of compatibility across different languages. However, it
  1184  	// is a non-negative integer, which will never exceed 2^32-1, and can be safely
  1185  	// downconverted to uint32 in languages that support this type.
  1186  	AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
  1187  	// Ciphertext: Required. The encrypted data originally returned in
  1188  	// EncryptResponse.ciphertext.
  1189  	Ciphertext string `json:"ciphertext,omitempty"`
  1190  	// CiphertextCrc32c: Optional. An optional CRC32C checksum of the
  1191  	// DecryptRequest.ciphertext. If specified, KeyManagementService will verify
  1192  	// the integrity of the received DecryptRequest.ciphertext using this checksum.
  1193  	// KeyManagementService will report an error if the checksum verification
  1194  	// fails. If you receive a checksum error, your client should verify that
  1195  	// CRC32C(DecryptRequest.ciphertext) is equal to
  1196  	// DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of
  1197  	// retries. A persistent mismatch may indicate an issue in your computation of
  1198  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  1199  	// compatibility across different languages. However, it is a non-negative
  1200  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  1201  	// uint32 in languages that support this type.
  1202  	CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
  1203  	// ForceSendFields is a list of field names (e.g.
  1204  	// "AdditionalAuthenticatedData") to unconditionally include in API requests.
  1205  	// By default, fields with empty or default values are omitted from API
  1206  	// requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields
  1207  	// for more details.
  1208  	ForceSendFields []string `json:"-"`
  1209  	// NullFields is a list of field names (e.g. "AdditionalAuthenticatedData") to
  1210  	// include in API requests with the JSON null value. By default, fields with
  1211  	// empty values are omitted from API requests. See
  1212  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1213  	NullFields []string `json:"-"`
  1214  }
  1215  
  1216  func (s *DecryptRequest) MarshalJSON() ([]byte, error) {
  1217  	type NoMethod DecryptRequest
  1218  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1219  }
  1220  
  1221  // DecryptResponse: Response message for KeyManagementService.Decrypt.
  1222  type DecryptResponse struct {
  1223  	// Plaintext: The decrypted data originally supplied in
  1224  	// EncryptRequest.plaintext.
  1225  	Plaintext string `json:"plaintext,omitempty"`
  1226  	// PlaintextCrc32c: Integrity verification field. A CRC32C checksum of the
  1227  	// returned DecryptResponse.plaintext. An integrity check of
  1228  	// DecryptResponse.plaintext can be performed by computing the CRC32C checksum
  1229  	// of DecryptResponse.plaintext and comparing your results to this field.
  1230  	// Discard the response in case of non-matching checksum values, and perform a
  1231  	// limited number of retries. A persistent mismatch may indicate an issue in
  1232  	// your computation of the CRC32C checksum. Note: receiving this response
  1233  	// message indicates that KeyManagementService is able to successfully decrypt
  1234  	// the ciphertext. Note: This field is defined as int64 for reasons of
  1235  	// compatibility across different languages. However, it is a non-negative
  1236  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  1237  	// uint32 in languages that support this type.
  1238  	PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
  1239  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used in
  1240  	// decryption.
  1241  	//
  1242  	// Possible values:
  1243  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1244  	//   "SOFTWARE" - Crypto operations are performed in software.
  1245  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1246  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1247  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1248  	// backend.
  1249  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1250  	// UsedPrimary: Whether the Decryption was performed using the primary key
  1251  	// version.
  1252  	UsedPrimary bool `json:"usedPrimary,omitempty"`
  1253  
  1254  	// ServerResponse contains the HTTP response code and headers from the server.
  1255  	googleapi.ServerResponse `json:"-"`
  1256  	// ForceSendFields is a list of field names (e.g. "Plaintext") to
  1257  	// unconditionally include in API requests. By default, fields with empty or
  1258  	// default values are omitted from API requests. See
  1259  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1260  	// details.
  1261  	ForceSendFields []string `json:"-"`
  1262  	// NullFields is a list of field names (e.g. "Plaintext") to include in API
  1263  	// requests with the JSON null value. By default, fields with empty values are
  1264  	// omitted from API requests. See
  1265  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1266  	NullFields []string `json:"-"`
  1267  }
  1268  
  1269  func (s *DecryptResponse) MarshalJSON() ([]byte, error) {
  1270  	type NoMethod DecryptResponse
  1271  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1272  }
  1273  
  1274  // DestroyCryptoKeyVersionRequest: Request message for
  1275  // KeyManagementService.DestroyCryptoKeyVersion.
  1276  type DestroyCryptoKeyVersionRequest struct {
  1277  }
  1278  
  1279  // Digest: A Digest holds a cryptographic message digest.
  1280  type Digest struct {
  1281  	// Sha256: A message digest produced with the SHA-256 algorithm.
  1282  	Sha256 string `json:"sha256,omitempty"`
  1283  	// Sha384: A message digest produced with the SHA-384 algorithm.
  1284  	Sha384 string `json:"sha384,omitempty"`
  1285  	// Sha512: A message digest produced with the SHA-512 algorithm.
  1286  	Sha512 string `json:"sha512,omitempty"`
  1287  	// ForceSendFields is a list of field names (e.g. "Sha256") to unconditionally
  1288  	// include in API requests. By default, fields with empty or default values are
  1289  	// omitted from API requests. See
  1290  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1291  	// details.
  1292  	ForceSendFields []string `json:"-"`
  1293  	// NullFields is a list of field names (e.g. "Sha256") to include in API
  1294  	// requests with the JSON null value. By default, fields with empty values are
  1295  	// omitted from API requests. See
  1296  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1297  	NullFields []string `json:"-"`
  1298  }
  1299  
  1300  func (s *Digest) MarshalJSON() ([]byte, error) {
  1301  	type NoMethod Digest
  1302  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1303  }
  1304  
  1305  // EkmConfig: An EkmConfig is a singleton resource that represents
  1306  // configuration parameters that apply to all CryptoKeys and CryptoKeyVersions
  1307  // with a ProtectionLevel of EXTERNAL_VPC in a given project and location.
  1308  type EkmConfig struct {
  1309  	// DefaultEkmConnection: Optional. Resource name of the default EkmConnection.
  1310  	// Setting this field to the empty string removes the default.
  1311  	DefaultEkmConnection string `json:"defaultEkmConnection,omitempty"`
  1312  	// Name: Output only. The resource name for the EkmConfig in the format
  1313  	// `projects/*/locations/*/ekmConfig`.
  1314  	Name string `json:"name,omitempty"`
  1315  
  1316  	// ServerResponse contains the HTTP response code and headers from the server.
  1317  	googleapi.ServerResponse `json:"-"`
  1318  	// ForceSendFields is a list of field names (e.g. "DefaultEkmConnection") to
  1319  	// unconditionally include in API requests. By default, fields with empty or
  1320  	// default values are omitted from API requests. See
  1321  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1322  	// details.
  1323  	ForceSendFields []string `json:"-"`
  1324  	// NullFields is a list of field names (e.g. "DefaultEkmConnection") to include
  1325  	// in API requests with the JSON null value. By default, fields with empty
  1326  	// values are omitted from API requests. See
  1327  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1328  	NullFields []string `json:"-"`
  1329  }
  1330  
  1331  func (s *EkmConfig) MarshalJSON() ([]byte, error) {
  1332  	type NoMethod EkmConfig
  1333  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1334  }
  1335  
  1336  // EkmConnection: An EkmConnection represents an individual EKM connection. It
  1337  // can be used for creating CryptoKeys and CryptoKeyVersions with a
  1338  // ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic
  1339  // operations using keys created within the EkmConnection.
  1340  type EkmConnection struct {
  1341  	// CreateTime: Output only. The time at which the EkmConnection was created.
  1342  	CreateTime string `json:"createTime,omitempty"`
  1343  	// CryptoSpacePath: Optional. Identifies the EKM Crypto Space that this
  1344  	// EkmConnection maps to. Note: This field is required if KeyManagementMode is
  1345  	// CLOUD_KMS.
  1346  	CryptoSpacePath string `json:"cryptoSpacePath,omitempty"`
  1347  	// Etag: Optional. Etag of the currently stored EkmConnection.
  1348  	Etag string `json:"etag,omitempty"`
  1349  	// KeyManagementMode: Optional. Describes who can perform control plane
  1350  	// operations on the EKM. If unset, this defaults to MANUAL.
  1351  	//
  1352  	// Possible values:
  1353  	//   "KEY_MANAGEMENT_MODE_UNSPECIFIED" - Not specified.
  1354  	//   "MANUAL" - EKM-side key management operations on CryptoKeys created with
  1355  	// this EkmConnection must be initiated from the EKM directly and cannot be
  1356  	// performed from Cloud KMS. This means that: * When creating a
  1357  	// CryptoKeyVersion associated with this EkmConnection, the caller must supply
  1358  	// the key path of pre-existing external key material that will be linked to
  1359  	// the CryptoKeyVersion. * Destruction of external key material cannot be
  1360  	// requested via the Cloud KMS API and must be performed directly in the EKM. *
  1361  	// Automatic rotation of key material is not supported.
  1362  	//   "CLOUD_KMS" - All CryptoKeys created with this EkmConnection use EKM-side
  1363  	// key management operations initiated from Cloud KMS. This means that: * When
  1364  	// a CryptoKeyVersion associated with this EkmConnection is created, the EKM
  1365  	// automatically generates new key material and a new key path. The caller
  1366  	// cannot supply the key path of pre-existing external key material. *
  1367  	// Destruction of external key material associated with this EkmConnection can
  1368  	// be requested by calling DestroyCryptoKeyVersion. * Automatic rotation of key
  1369  	// material is supported.
  1370  	KeyManagementMode string `json:"keyManagementMode,omitempty"`
  1371  	// Name: Output only. The resource name for the EkmConnection in the format
  1372  	// `projects/*/locations/*/ekmConnections/*`.
  1373  	Name string `json:"name,omitempty"`
  1374  	// ServiceResolvers: A list of ServiceResolvers where the EKM can be reached.
  1375  	// There should be one ServiceResolver per EKM replica. Currently, only a
  1376  	// single ServiceResolver is supported.
  1377  	ServiceResolvers []*ServiceResolver `json:"serviceResolvers,omitempty"`
  1378  
  1379  	// ServerResponse contains the HTTP response code and headers from the server.
  1380  	googleapi.ServerResponse `json:"-"`
  1381  	// ForceSendFields is a list of field names (e.g. "CreateTime") to
  1382  	// unconditionally include in API requests. By default, fields with empty or
  1383  	// default values are omitted from API requests. See
  1384  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1385  	// details.
  1386  	ForceSendFields []string `json:"-"`
  1387  	// NullFields is a list of field names (e.g. "CreateTime") to include in API
  1388  	// requests with the JSON null value. By default, fields with empty values are
  1389  	// omitted from API requests. See
  1390  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1391  	NullFields []string `json:"-"`
  1392  }
  1393  
  1394  func (s *EkmConnection) MarshalJSON() ([]byte, error) {
  1395  	type NoMethod EkmConnection
  1396  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1397  }
  1398  
  1399  // EncryptRequest: Request message for KeyManagementService.Encrypt.
  1400  type EncryptRequest struct {
  1401  	// AdditionalAuthenticatedData: Optional. Optional data that, if specified,
  1402  	// must also be provided during decryption through
  1403  	// DecryptRequest.additional_authenticated_data. The maximum size depends on
  1404  	// the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC
  1405  	// keys the AAD must be no larger than 64KiB. For HSM keys, the combined length
  1406  	// of the plaintext and additional_authenticated_data fields must be no larger
  1407  	// than 8KiB.
  1408  	AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
  1409  	// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C checksum of
  1410  	// the EncryptRequest.additional_authenticated_data. If specified,
  1411  	// KeyManagementService will verify the integrity of the received
  1412  	// EncryptRequest.additional_authenticated_data using this checksum.
  1413  	// KeyManagementService will report an error if the checksum verification
  1414  	// fails. If you receive a checksum error, your client should verify that
  1415  	// CRC32C(EncryptRequest.additional_authenticated_data) is equal to
  1416  	// EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a
  1417  	// limited number of retries. A persistent mismatch may indicate an issue in
  1418  	// your computation of the CRC32C checksum. Note: This field is defined as
  1419  	// int64 for reasons of compatibility across different languages. However, it
  1420  	// is a non-negative integer, which will never exceed 2^32-1, and can be safely
  1421  	// downconverted to uint32 in languages that support this type.
  1422  	AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
  1423  	// Plaintext: Required. The data to encrypt. Must be no larger than 64KiB. The
  1424  	// maximum size depends on the key version's protection_level. For SOFTWARE,
  1425  	// EXTERNAL, and EXTERNAL_VPC keys, the plaintext must be no larger than 64KiB.
  1426  	// For HSM keys, the combined length of the plaintext and
  1427  	// additional_authenticated_data fields must be no larger than 8KiB.
  1428  	Plaintext string `json:"plaintext,omitempty"`
  1429  	// PlaintextCrc32c: Optional. An optional CRC32C checksum of the
  1430  	// EncryptRequest.plaintext. If specified, KeyManagementService will verify the
  1431  	// integrity of the received EncryptRequest.plaintext using this checksum.
  1432  	// KeyManagementService will report an error if the checksum verification
  1433  	// fails. If you receive a checksum error, your client should verify that
  1434  	// CRC32C(EncryptRequest.plaintext) is equal to
  1435  	// EncryptRequest.plaintext_crc32c, and if so, perform a limited number of
  1436  	// retries. A persistent mismatch may indicate an issue in your computation of
  1437  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  1438  	// compatibility across different languages. However, it is a non-negative
  1439  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  1440  	// uint32 in languages that support this type.
  1441  	PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
  1442  	// ForceSendFields is a list of field names (e.g.
  1443  	// "AdditionalAuthenticatedData") to unconditionally include in API requests.
  1444  	// By default, fields with empty or default values are omitted from API
  1445  	// requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields
  1446  	// for more details.
  1447  	ForceSendFields []string `json:"-"`
  1448  	// NullFields is a list of field names (e.g. "AdditionalAuthenticatedData") to
  1449  	// include in API requests with the JSON null value. By default, fields with
  1450  	// empty values are omitted from API requests. See
  1451  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1452  	NullFields []string `json:"-"`
  1453  }
  1454  
  1455  func (s *EncryptRequest) MarshalJSON() ([]byte, error) {
  1456  	type NoMethod EncryptRequest
  1457  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1458  }
  1459  
  1460  // EncryptResponse: Response message for KeyManagementService.Encrypt.
  1461  type EncryptResponse struct {
  1462  	// Ciphertext: The encrypted data.
  1463  	Ciphertext string `json:"ciphertext,omitempty"`
  1464  	// CiphertextCrc32c: Integrity verification field. A CRC32C checksum of the
  1465  	// returned EncryptResponse.ciphertext. An integrity check of
  1466  	// EncryptResponse.ciphertext can be performed by computing the CRC32C checksum
  1467  	// of EncryptResponse.ciphertext and comparing your results to this field.
  1468  	// Discard the response in case of non-matching checksum values, and perform a
  1469  	// limited number of retries. A persistent mismatch may indicate an issue in
  1470  	// your computation of the CRC32C checksum. Note: This field is defined as
  1471  	// int64 for reasons of compatibility across different languages. However, it
  1472  	// is a non-negative integer, which will never exceed 2^32-1, and can be safely
  1473  	// downconverted to uint32 in languages that support this type.
  1474  	CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
  1475  	// Name: The resource name of the CryptoKeyVersion used in encryption. Check
  1476  	// this field to verify that the intended resource was used for encryption.
  1477  	Name string `json:"name,omitempty"`
  1478  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used in
  1479  	// encryption.
  1480  	//
  1481  	// Possible values:
  1482  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1483  	//   "SOFTWARE" - Crypto operations are performed in software.
  1484  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1485  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1486  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1487  	// backend.
  1488  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1489  	// VerifiedAdditionalAuthenticatedDataCrc32c: Integrity verification field. A
  1490  	// flag indicating whether EncryptRequest.additional_authenticated_data_crc32c
  1491  	// was received by KeyManagementService and used for the integrity verification
  1492  	// of the AAD. A false value of this field indicates either that
  1493  	// EncryptRequest.additional_authenticated_data_crc32c was left unset or that
  1494  	// it was not delivered to KeyManagementService. If you've set
  1495  	// EncryptRequest.additional_authenticated_data_crc32c but this field is still
  1496  	// false, discard the response and perform a limited number of retries.
  1497  	VerifiedAdditionalAuthenticatedDataCrc32c bool `json:"verifiedAdditionalAuthenticatedDataCrc32c,omitempty"`
  1498  	// VerifiedPlaintextCrc32c: Integrity verification field. A flag indicating
  1499  	// whether EncryptRequest.plaintext_crc32c was received by KeyManagementService
  1500  	// and used for the integrity verification of the plaintext. A false value of
  1501  	// this field indicates either that EncryptRequest.plaintext_crc32c was left
  1502  	// unset or that it was not delivered to KeyManagementService. If you've set
  1503  	// EncryptRequest.plaintext_crc32c but this field is still false, discard the
  1504  	// response and perform a limited number of retries.
  1505  	VerifiedPlaintextCrc32c bool `json:"verifiedPlaintextCrc32c,omitempty"`
  1506  
  1507  	// ServerResponse contains the HTTP response code and headers from the server.
  1508  	googleapi.ServerResponse `json:"-"`
  1509  	// ForceSendFields is a list of field names (e.g. "Ciphertext") to
  1510  	// unconditionally include in API requests. By default, fields with empty or
  1511  	// default values are omitted from API requests. See
  1512  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1513  	// details.
  1514  	ForceSendFields []string `json:"-"`
  1515  	// NullFields is a list of field names (e.g. "Ciphertext") to include in API
  1516  	// requests with the JSON null value. By default, fields with empty values are
  1517  	// omitted from API requests. See
  1518  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1519  	NullFields []string `json:"-"`
  1520  }
  1521  
  1522  func (s *EncryptResponse) MarshalJSON() ([]byte, error) {
  1523  	type NoMethod EncryptResponse
  1524  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1525  }
  1526  
  1527  // Expr: Represents a textual expression in the Common Expression Language
  1528  // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics
  1529  // of CEL are documented at https://github.com/google/cel-spec. Example
  1530  // (Comparison): title: "Summary size limit" description: "Determines if a
  1531  // summary is less than 100 chars" expression: "document.summary.size() < 100"
  1532  // Example (Equality): title: "Requestor is owner" description: "Determines if
  1533  // requestor is the document owner" expression: "document.owner ==
  1534  // request.auth.claims.email" Example (Logic): title: "Public documents"
  1535  // description: "Determine whether the document should be publicly visible"
  1536  // expression: "document.type != 'private' && document.type != 'internal'"
  1537  // Example (Data Manipulation): title: "Notification string" description:
  1538  // "Create a notification string with a timestamp." expression: "'New message
  1539  // received at ' + string(document.create_time)" The exact variables and
  1540  // functions that may be referenced within an expression are determined by the
  1541  // service that evaluates it. See the service documentation for additional
  1542  // information.
  1543  type Expr struct {
  1544  	// Description: Optional. Description of the expression. This is a longer text
  1545  	// which describes the expression, e.g. when hovered over it in a UI.
  1546  	Description string `json:"description,omitempty"`
  1547  	// Expression: Textual representation of an expression in Common Expression
  1548  	// Language syntax.
  1549  	Expression string `json:"expression,omitempty"`
  1550  	// Location: Optional. String indicating the location of the expression for
  1551  	// error reporting, e.g. a file name and a position in the file.
  1552  	Location string `json:"location,omitempty"`
  1553  	// Title: Optional. Title for the expression, i.e. a short string describing
  1554  	// its purpose. This can be used e.g. in UIs which allow to enter the
  1555  	// expression.
  1556  	Title string `json:"title,omitempty"`
  1557  	// ForceSendFields is a list of field names (e.g. "Description") to
  1558  	// unconditionally include in API requests. By default, fields with empty or
  1559  	// default values are omitted from API requests. See
  1560  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1561  	// details.
  1562  	ForceSendFields []string `json:"-"`
  1563  	// NullFields is a list of field names (e.g. "Description") to include in API
  1564  	// requests with the JSON null value. By default, fields with empty values are
  1565  	// omitted from API requests. See
  1566  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1567  	NullFields []string `json:"-"`
  1568  }
  1569  
  1570  func (s *Expr) MarshalJSON() ([]byte, error) {
  1571  	type NoMethod Expr
  1572  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1573  }
  1574  
  1575  // ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a
  1576  // group of additional fields for configuring a CryptoKeyVersion that are
  1577  // specific to the EXTERNAL protection level and EXTERNAL_VPC protection
  1578  // levels.
  1579  type ExternalProtectionLevelOptions struct {
  1580  	// EkmConnectionKeyPath: The path to the external key material on the EKM when
  1581  	// using EkmConnection e.g., "v0/my/key". Set this field instead of
  1582  	// external_key_uri when using an EkmConnection.
  1583  	EkmConnectionKeyPath string `json:"ekmConnectionKeyPath,omitempty"`
  1584  	// ExternalKeyUri: The URI for an external resource that this CryptoKeyVersion
  1585  	// represents.
  1586  	ExternalKeyUri string `json:"externalKeyUri,omitempty"`
  1587  	// ForceSendFields is a list of field names (e.g. "EkmConnectionKeyPath") to
  1588  	// unconditionally include in API requests. By default, fields with empty or
  1589  	// default values are omitted from API requests. See
  1590  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1591  	// details.
  1592  	ForceSendFields []string `json:"-"`
  1593  	// NullFields is a list of field names (e.g. "EkmConnectionKeyPath") to include
  1594  	// in API requests with the JSON null value. By default, fields with empty
  1595  	// values are omitted from API requests. See
  1596  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1597  	NullFields []string `json:"-"`
  1598  }
  1599  
  1600  func (s *ExternalProtectionLevelOptions) MarshalJSON() ([]byte, error) {
  1601  	type NoMethod ExternalProtectionLevelOptions
  1602  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1603  }
  1604  
  1605  // GenerateRandomBytesRequest: Request message for
  1606  // KeyManagementService.GenerateRandomBytes.
  1607  type GenerateRandomBytesRequest struct {
  1608  	// LengthBytes: The length in bytes of the amount of randomness to retrieve.
  1609  	// Minimum 8 bytes, maximum 1024 bytes.
  1610  	LengthBytes int64 `json:"lengthBytes,omitempty"`
  1611  	// ProtectionLevel: The ProtectionLevel to use when generating the random data.
  1612  	// Currently, only HSM protection level is supported.
  1613  	//
  1614  	// Possible values:
  1615  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1616  	//   "SOFTWARE" - Crypto operations are performed in software.
  1617  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1618  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1619  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1620  	// backend.
  1621  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1622  	// ForceSendFields is a list of field names (e.g. "LengthBytes") to
  1623  	// unconditionally include in API requests. By default, fields with empty or
  1624  	// default values are omitted from API requests. See
  1625  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1626  	// details.
  1627  	ForceSendFields []string `json:"-"`
  1628  	// NullFields is a list of field names (e.g. "LengthBytes") to include in API
  1629  	// requests with the JSON null value. By default, fields with empty values are
  1630  	// omitted from API requests. See
  1631  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1632  	NullFields []string `json:"-"`
  1633  }
  1634  
  1635  func (s *GenerateRandomBytesRequest) MarshalJSON() ([]byte, error) {
  1636  	type NoMethod GenerateRandomBytesRequest
  1637  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1638  }
  1639  
  1640  // GenerateRandomBytesResponse: Response message for
  1641  // KeyManagementService.GenerateRandomBytes.
  1642  type GenerateRandomBytesResponse struct {
  1643  	// Data: The generated data.
  1644  	Data string `json:"data,omitempty"`
  1645  	// DataCrc32c: Integrity verification field. A CRC32C checksum of the returned
  1646  	// GenerateRandomBytesResponse.data. An integrity check of
  1647  	// GenerateRandomBytesResponse.data can be performed by computing the CRC32C
  1648  	// checksum of GenerateRandomBytesResponse.data and comparing your results to
  1649  	// this field. Discard the response in case of non-matching checksum values,
  1650  	// and perform a limited number of retries. A persistent mismatch may indicate
  1651  	// an issue in your computation of the CRC32C checksum. Note: This field is
  1652  	// defined as int64 for reasons of compatibility across different languages.
  1653  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
  1654  	// can be safely downconverted to uint32 in languages that support this type.
  1655  	DataCrc32c int64 `json:"dataCrc32c,omitempty,string"`
  1656  
  1657  	// ServerResponse contains the HTTP response code and headers from the server.
  1658  	googleapi.ServerResponse `json:"-"`
  1659  	// ForceSendFields is a list of field names (e.g. "Data") to unconditionally
  1660  	// include in API requests. By default, fields with empty or default values are
  1661  	// omitted from API requests. See
  1662  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1663  	// details.
  1664  	ForceSendFields []string `json:"-"`
  1665  	// NullFields is a list of field names (e.g. "Data") to include in API requests
  1666  	// with the JSON null value. By default, fields with empty values are omitted
  1667  	// from API requests. See
  1668  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1669  	NullFields []string `json:"-"`
  1670  }
  1671  
  1672  func (s *GenerateRandomBytesResponse) MarshalJSON() ([]byte, error) {
  1673  	type NoMethod GenerateRandomBytesResponse
  1674  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1675  }
  1676  
  1677  // ImportCryptoKeyVersionRequest: Request message for
  1678  // KeyManagementService.ImportCryptoKeyVersion.
  1679  type ImportCryptoKeyVersionRequest struct {
  1680  	// Algorithm: Required. The algorithm of the key being imported. This does not
  1681  	// need to match the version_template of the CryptoKey this version imports
  1682  	// into.
  1683  	//
  1684  	// Possible values:
  1685  	//   "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
  1686  	//   "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
  1687  	//   "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys.
  1688  	//   "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys.
  1689  	//   "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
  1690  	//   "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
  1691  	//   "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys.
  1692  	//   "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys.
  1693  	//   "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest.
  1694  	//   "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest.
  1695  	//   "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest.
  1696  	//   "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest.
  1697  	//   "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a
  1698  	// SHA256 digest.
  1699  	//   "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a
  1700  	// SHA256 digest.
  1701  	//   "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  1702  	// SHA256 digest.
  1703  	//   "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  1704  	// SHA512 digest.
  1705  	//   "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding,
  1706  	// with a 2048 bit key.
  1707  	//   "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding,
  1708  	// with a 3072 bit key.
  1709  	//   "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding,
  1710  	// with a 4096 bit key.
  1711  	//   "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256
  1712  	// digest.
  1713  	//   "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256
  1714  	// digest.
  1715  	//   "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256
  1716  	// digest.
  1717  	//   "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512
  1718  	// digest.
  1719  	//   "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest.
  1720  	//   "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest.
  1721  	//   "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest.
  1722  	//   "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
  1723  	// digest. Other hash functions can also be used:
  1724  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1725  	//   "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
  1726  	// digest. Other hash functions can also be used:
  1727  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1728  	//   "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This
  1729  	// curve is only supported for HSM protection level. Other hash functions can
  1730  	// also be used:
  1731  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  1732  	//   "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as
  1733  	// input).
  1734  	//   "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key.
  1735  	//   "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key.
  1736  	//   "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key.
  1737  	//   "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key.
  1738  	//   "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key.
  1739  	//   "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
  1740  	// encryption by an external key manager.
  1741  	Algorithm string `json:"algorithm,omitempty"`
  1742  	// CryptoKeyVersion: Optional. The optional name of an existing
  1743  	// CryptoKeyVersion to target for an import operation. If this field is not
  1744  	// present, a new CryptoKeyVersion containing the supplied key material is
  1745  	// created. If this field is present, the supplied key material is imported
  1746  	// into the existing CryptoKeyVersion. To import into an existing
  1747  	// CryptoKeyVersion, the CryptoKeyVersion must be a child of
  1748  	// ImportCryptoKeyVersionRequest.parent, have been previously created via
  1749  	// ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The key
  1750  	// material and algorithm must match the previous CryptoKeyVersion exactly if
  1751  	// the CryptoKeyVersion has ever contained key material.
  1752  	CryptoKeyVersion string `json:"cryptoKeyVersion,omitempty"`
  1753  	// ImportJob: Required. The name of the ImportJob that was used to wrap this
  1754  	// key material.
  1755  	ImportJob string `json:"importJob,omitempty"`
  1756  	// RsaAesWrappedKey: Optional. This field has the same meaning as wrapped_key.
  1757  	// Prefer to use that field in new work. Either that field or this field (but
  1758  	// not both) must be specified.
  1759  	RsaAesWrappedKey string `json:"rsaAesWrappedKey,omitempty"`
  1760  	// WrappedKey: Optional. The wrapped key material to import. Before wrapping,
  1761  	// key material must be formatted. If importing symmetric key material, the
  1762  	// expected key material format is plain bytes. If importing asymmetric key
  1763  	// material, the expected key material format is PKCS#8-encoded DER (the
  1764  	// PrivateKeyInfo structure from RFC 5208). When wrapping with import methods
  1765  	// (RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256 or
  1766  	// RSA_OAEP_3072_SHA256_AES_256 or RSA_OAEP_4096_SHA256_AES_256), this field
  1767  	// must contain the concatenation of: 1. An ephemeral AES-256 wrapping key
  1768  	// wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with
  1769  	// SHA-1/SHA-256, and an empty label. 2. The formatted key to be imported,
  1770  	// wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). This format
  1771  	// is the same as the format produced by PKCS#11 mechanism
  1772  	// CKM_RSA_AES_KEY_WRAP. When wrapping with import methods
  1773  	// (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this field must contain the
  1774  	// formatted key to be imported, wrapped with the public_key using RSAES-OAEP
  1775  	// with SHA-256, MGF1 with SHA-256, and an empty label.
  1776  	WrappedKey string `json:"wrappedKey,omitempty"`
  1777  	// ForceSendFields is a list of field names (e.g. "Algorithm") to
  1778  	// unconditionally include in API requests. By default, fields with empty or
  1779  	// default values are omitted from API requests. See
  1780  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1781  	// details.
  1782  	ForceSendFields []string `json:"-"`
  1783  	// NullFields is a list of field names (e.g. "Algorithm") to include in API
  1784  	// requests with the JSON null value. By default, fields with empty values are
  1785  	// omitted from API requests. See
  1786  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1787  	NullFields []string `json:"-"`
  1788  }
  1789  
  1790  func (s *ImportCryptoKeyVersionRequest) MarshalJSON() ([]byte, error) {
  1791  	type NoMethod ImportCryptoKeyVersionRequest
  1792  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1793  }
  1794  
  1795  // ImportJob: An ImportJob can be used to create CryptoKeys and
  1796  // CryptoKeyVersions using pre-existing key material, generated outside of
  1797  // Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping
  1798  // key", which is a public/private key pair. You use the wrapping key to
  1799  // encrypt (also known as wrap) the pre-existing key material to protect it
  1800  // during the import process. The nature of the wrapping key depends on the
  1801  // choice of import_method. When the wrapping key generation is complete, the
  1802  // state will be set to ACTIVE and the public_key can be fetched. The fetched
  1803  // public key can then be used to wrap your pre-existing key material. Once the
  1804  // key material is wrapped, it can be imported into a new CryptoKeyVersion in
  1805  // an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple
  1806  // CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses
  1807  // the private key portion of the wrapping key to unwrap the key material. Only
  1808  // Cloud KMS has access to the private key. An ImportJob expires 3 days after
  1809  // it is created. Once expired, Cloud KMS will no longer be able to import or
  1810  // unwrap any key material that was wrapped with the ImportJob's public key.
  1811  // For more information, see Importing a key
  1812  // (https://cloud.google.com/kms/docs/importing-a-key).
  1813  type ImportJob struct {
  1814  	// Attestation: Output only. Statement that was generated and signed by the key
  1815  	// creator (for example, an HSM) at key creation time. Use this statement to
  1816  	// verify attributes of the key as stored on the HSM, independently of Google.
  1817  	// Only present if the chosen ImportMethod is one with a protection level of
  1818  	// HSM.
  1819  	Attestation *KeyOperationAttestation `json:"attestation,omitempty"`
  1820  	// CreateTime: Output only. The time at which this ImportJob was created.
  1821  	CreateTime string `json:"createTime,omitempty"`
  1822  	// ExpireEventTime: Output only. The time this ImportJob expired. Only present
  1823  	// if state is EXPIRED.
  1824  	ExpireEventTime string `json:"expireEventTime,omitempty"`
  1825  	// ExpireTime: Output only. The time at which this ImportJob is scheduled for
  1826  	// expiration and can no longer be used to import key material.
  1827  	ExpireTime string `json:"expireTime,omitempty"`
  1828  	// GenerateTime: Output only. The time this ImportJob's key material was
  1829  	// generated.
  1830  	GenerateTime string `json:"generateTime,omitempty"`
  1831  	// ImportMethod: Required. Immutable. The wrapping method to be used for
  1832  	// incoming key material.
  1833  	//
  1834  	// Possible values:
  1835  	//   "IMPORT_METHOD_UNSPECIFIED" - Not specified.
  1836  	//   "RSA_OAEP_3072_SHA1_AES_256" - This ImportMethod represents the
  1837  	// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
  1838  	// In summary, this involves wrapping the raw key with an ephemeral AES key,
  1839  	// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
  1840  	// details, see [RSA AES key wrap
  1841  	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-c
  1842  	// urr-v2.40-cos01.html#_Toc408226908).
  1843  	//   "RSA_OAEP_4096_SHA1_AES_256" - This ImportMethod represents the
  1844  	// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
  1845  	// In summary, this involves wrapping the raw key with an ephemeral AES key,
  1846  	// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
  1847  	// details, see [RSA AES key wrap
  1848  	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-c
  1849  	// urr-v2.40-cos01.html#_Toc408226908).
  1850  	//   "RSA_OAEP_3072_SHA256_AES_256" - This ImportMethod represents the
  1851  	// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
  1852  	// In summary, this involves wrapping the raw key with an ephemeral AES key,
  1853  	// and wrapping the ephemeral AES key with a 3072 bit RSA key. For more
  1854  	// details, see [RSA AES key wrap
  1855  	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-c
  1856  	// urr-v2.40-cos01.html#_Toc408226908).
  1857  	//   "RSA_OAEP_4096_SHA256_AES_256" - This ImportMethod represents the
  1858  	// CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard.
  1859  	// In summary, this involves wrapping the raw key with an ephemeral AES key,
  1860  	// and wrapping the ephemeral AES key with a 4096 bit RSA key. For more
  1861  	// details, see [RSA AES key wrap
  1862  	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-c
  1863  	// urr-v2.40-cos01.html#_Toc408226908).
  1864  	//   "RSA_OAEP_3072_SHA256" - This ImportMethod represents RSAES-OAEP with a
  1865  	// 3072 bit RSA key. The key material to be imported is wrapped directly with
  1866  	// the RSA key. Due to technical limitations of RSA wrapping, this method
  1867  	// cannot be used to wrap RSA keys for import.
  1868  	//   "RSA_OAEP_4096_SHA256" - This ImportMethod represents RSAES-OAEP with a
  1869  	// 4096 bit RSA key. The key material to be imported is wrapped directly with
  1870  	// the RSA key. Due to technical limitations of RSA wrapping, this method
  1871  	// cannot be used to wrap RSA keys for import.
  1872  	ImportMethod string `json:"importMethod,omitempty"`
  1873  	// Name: Output only. The resource name for this ImportJob in the format
  1874  	// `projects/*/locations/*/keyRings/*/importJobs/*`.
  1875  	Name string `json:"name,omitempty"`
  1876  	// ProtectionLevel: Required. Immutable. The protection level of the ImportJob.
  1877  	// This must match the protection_level of the version_template on the
  1878  	// CryptoKey you attempt to import into.
  1879  	//
  1880  	// Possible values:
  1881  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  1882  	//   "SOFTWARE" - Crypto operations are performed in software.
  1883  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  1884  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  1885  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  1886  	// backend.
  1887  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  1888  	// PublicKey: Output only. The public key with which to wrap key material prior
  1889  	// to import. Only returned if state is ACTIVE.
  1890  	PublicKey *WrappingPublicKey `json:"publicKey,omitempty"`
  1891  	// State: Output only. The current state of the ImportJob, indicating if it can
  1892  	// be used.
  1893  	//
  1894  	// Possible values:
  1895  	//   "IMPORT_JOB_STATE_UNSPECIFIED" - Not specified.
  1896  	//   "PENDING_GENERATION" - The wrapping key for this job is still being
  1897  	// generated. It may not be used. Cloud KMS will automatically mark this job as
  1898  	// ACTIVE as soon as the wrapping key is generated.
  1899  	//   "ACTIVE" - This job may be used in CreateCryptoKey and
  1900  	// CreateCryptoKeyVersion requests.
  1901  	//   "EXPIRED" - This job can no longer be used and may not leave this state
  1902  	// once entered.
  1903  	State string `json:"state,omitempty"`
  1904  
  1905  	// ServerResponse contains the HTTP response code and headers from the server.
  1906  	googleapi.ServerResponse `json:"-"`
  1907  	// ForceSendFields is a list of field names (e.g. "Attestation") to
  1908  	// unconditionally include in API requests. By default, fields with empty or
  1909  	// default values are omitted from API requests. See
  1910  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1911  	// details.
  1912  	ForceSendFields []string `json:"-"`
  1913  	// NullFields is a list of field names (e.g. "Attestation") to include in API
  1914  	// requests with the JSON null value. By default, fields with empty values are
  1915  	// omitted from API requests. See
  1916  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1917  	NullFields []string `json:"-"`
  1918  }
  1919  
  1920  func (s *ImportJob) MarshalJSON() ([]byte, error) {
  1921  	type NoMethod ImportJob
  1922  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1923  }
  1924  
  1925  // KeyHandle: Resource-oriented representation of a request to Cloud KMS
  1926  // Autokey and the resulting provisioning of a CryptoKey.
  1927  type KeyHandle struct {
  1928  	// KmsKey: Output only. Name of a CryptoKey that has been provisioned for
  1929  	// Customer Managed Encryption Key (CMEK) use in the KeyHandle project and
  1930  	// location for the requested resource type. The CryptoKey project will reflect
  1931  	// the value configured in the AutokeyConfig on the resource project's ancestor
  1932  	// folder at the time of the KeyHandle creation. If more than one ancestor
  1933  	// folder has a configured AutokeyConfig, the nearest of these configurations
  1934  	// is used.
  1935  	KmsKey string `json:"kmsKey,omitempty"`
  1936  	// Name: Output only. Identifier. Name of the KeyHandle resource, e.g.
  1937  	// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
  1938  	Name string `json:"name,omitempty"`
  1939  	// ResourceTypeSelector: Required. Indicates the resource type that the
  1940  	// resulting CryptoKey is meant to protect, e.g.
  1941  	// `{SERVICE}.googleapis.com/{TYPE}`. See documentation for supported resource
  1942  	// types.
  1943  	ResourceTypeSelector string `json:"resourceTypeSelector,omitempty"`
  1944  
  1945  	// ServerResponse contains the HTTP response code and headers from the server.
  1946  	googleapi.ServerResponse `json:"-"`
  1947  	// ForceSendFields is a list of field names (e.g. "KmsKey") to unconditionally
  1948  	// include in API requests. By default, fields with empty or default values are
  1949  	// omitted from API requests. See
  1950  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1951  	// details.
  1952  	ForceSendFields []string `json:"-"`
  1953  	// NullFields is a list of field names (e.g. "KmsKey") to include in API
  1954  	// requests with the JSON null value. By default, fields with empty values are
  1955  	// omitted from API requests. See
  1956  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1957  	NullFields []string `json:"-"`
  1958  }
  1959  
  1960  func (s *KeyHandle) MarshalJSON() ([]byte, error) {
  1961  	type NoMethod KeyHandle
  1962  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  1963  }
  1964  
  1965  // KeyOperationAttestation: Contains an HSM-generated attestation about a key
  1966  // operation. For more information, see [Verifying attestations]
  1967  // (https://cloud.google.com/kms/docs/attest-key).
  1968  type KeyOperationAttestation struct {
  1969  	// CertChains: Output only. The certificate chains needed to validate the
  1970  	// attestation
  1971  	CertChains *CertificateChains `json:"certChains,omitempty"`
  1972  	// Content: Output only. The attestation data provided by the HSM when the key
  1973  	// operation was performed.
  1974  	Content string `json:"content,omitempty"`
  1975  	// Format: Output only. The format of the attestation data.
  1976  	//
  1977  	// Possible values:
  1978  	//   "ATTESTATION_FORMAT_UNSPECIFIED" - Not specified.
  1979  	//   "CAVIUM_V1_COMPRESSED" - Cavium HSM attestation compressed with gzip. Note
  1980  	// that this format is defined by Cavium and subject to change at any time. See
  1981  	// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
  1982  	//   "CAVIUM_V2_COMPRESSED" - Cavium HSM attestation V2 compressed with gzip.
  1983  	// This is a new format introduced in Cavium's version 3.2-08.
  1984  	Format string `json:"format,omitempty"`
  1985  	// ForceSendFields is a list of field names (e.g. "CertChains") to
  1986  	// unconditionally include in API requests. By default, fields with empty or
  1987  	// default values are omitted from API requests. See
  1988  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  1989  	// details.
  1990  	ForceSendFields []string `json:"-"`
  1991  	// NullFields is a list of field names (e.g. "CertChains") to include in API
  1992  	// requests with the JSON null value. By default, fields with empty values are
  1993  	// omitted from API requests. See
  1994  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  1995  	NullFields []string `json:"-"`
  1996  }
  1997  
  1998  func (s *KeyOperationAttestation) MarshalJSON() ([]byte, error) {
  1999  	type NoMethod KeyOperationAttestation
  2000  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2001  }
  2002  
  2003  // KeyRing: A KeyRing is a toplevel logical grouping of CryptoKeys.
  2004  type KeyRing struct {
  2005  	// CreateTime: Output only. The time at which this KeyRing was created.
  2006  	CreateTime string `json:"createTime,omitempty"`
  2007  	// Name: Output only. The resource name for the KeyRing in the format
  2008  	// `projects/*/locations/*/keyRings/*`.
  2009  	Name string `json:"name,omitempty"`
  2010  
  2011  	// ServerResponse contains the HTTP response code and headers from the server.
  2012  	googleapi.ServerResponse `json:"-"`
  2013  	// ForceSendFields is a list of field names (e.g. "CreateTime") to
  2014  	// unconditionally include in API requests. By default, fields with empty or
  2015  	// default values are omitted from API requests. See
  2016  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2017  	// details.
  2018  	ForceSendFields []string `json:"-"`
  2019  	// NullFields is a list of field names (e.g. "CreateTime") to include in API
  2020  	// requests with the JSON null value. By default, fields with empty values are
  2021  	// omitted from API requests. See
  2022  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2023  	NullFields []string `json:"-"`
  2024  }
  2025  
  2026  func (s *KeyRing) MarshalJSON() ([]byte, error) {
  2027  	type NoMethod KeyRing
  2028  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2029  }
  2030  
  2031  // ListCryptoKeyVersionsResponse: Response message for
  2032  // KeyManagementService.ListCryptoKeyVersions.
  2033  type ListCryptoKeyVersionsResponse struct {
  2034  	// CryptoKeyVersions: The list of CryptoKeyVersions.
  2035  	CryptoKeyVersions []*CryptoKeyVersion `json:"cryptoKeyVersions,omitempty"`
  2036  	// NextPageToken: A token to retrieve next page of results. Pass this value in
  2037  	// ListCryptoKeyVersionsRequest.page_token to retrieve the next page of
  2038  	// results.
  2039  	NextPageToken string `json:"nextPageToken,omitempty"`
  2040  	// TotalSize: The total number of CryptoKeyVersions that matched the query.
  2041  	TotalSize int64 `json:"totalSize,omitempty"`
  2042  
  2043  	// ServerResponse contains the HTTP response code and headers from the server.
  2044  	googleapi.ServerResponse `json:"-"`
  2045  	// ForceSendFields is a list of field names (e.g. "CryptoKeyVersions") to
  2046  	// unconditionally include in API requests. By default, fields with empty or
  2047  	// default values are omitted from API requests. See
  2048  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2049  	// details.
  2050  	ForceSendFields []string `json:"-"`
  2051  	// NullFields is a list of field names (e.g. "CryptoKeyVersions") to include in
  2052  	// API requests with the JSON null value. By default, fields with empty values
  2053  	// are omitted from API requests. See
  2054  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2055  	NullFields []string `json:"-"`
  2056  }
  2057  
  2058  func (s *ListCryptoKeyVersionsResponse) MarshalJSON() ([]byte, error) {
  2059  	type NoMethod ListCryptoKeyVersionsResponse
  2060  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2061  }
  2062  
  2063  // ListCryptoKeysResponse: Response message for
  2064  // KeyManagementService.ListCryptoKeys.
  2065  type ListCryptoKeysResponse struct {
  2066  	// CryptoKeys: The list of CryptoKeys.
  2067  	CryptoKeys []*CryptoKey `json:"cryptoKeys,omitempty"`
  2068  	// NextPageToken: A token to retrieve next page of results. Pass this value in
  2069  	// ListCryptoKeysRequest.page_token to retrieve the next page of results.
  2070  	NextPageToken string `json:"nextPageToken,omitempty"`
  2071  	// TotalSize: The total number of CryptoKeys that matched the query.
  2072  	TotalSize int64 `json:"totalSize,omitempty"`
  2073  
  2074  	// ServerResponse contains the HTTP response code and headers from the server.
  2075  	googleapi.ServerResponse `json:"-"`
  2076  	// ForceSendFields is a list of field names (e.g. "CryptoKeys") to
  2077  	// unconditionally include in API requests. By default, fields with empty or
  2078  	// default values are omitted from API requests. See
  2079  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2080  	// details.
  2081  	ForceSendFields []string `json:"-"`
  2082  	// NullFields is a list of field names (e.g. "CryptoKeys") to include in API
  2083  	// requests with the JSON null value. By default, fields with empty values are
  2084  	// omitted from API requests. See
  2085  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2086  	NullFields []string `json:"-"`
  2087  }
  2088  
  2089  func (s *ListCryptoKeysResponse) MarshalJSON() ([]byte, error) {
  2090  	type NoMethod ListCryptoKeysResponse
  2091  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2092  }
  2093  
  2094  // ListEkmConnectionsResponse: Response message for
  2095  // EkmService.ListEkmConnections.
  2096  type ListEkmConnectionsResponse struct {
  2097  	// EkmConnections: The list of EkmConnections.
  2098  	EkmConnections []*EkmConnection `json:"ekmConnections,omitempty"`
  2099  	// NextPageToken: A token to retrieve next page of results. Pass this value in
  2100  	// ListEkmConnectionsRequest.page_token to retrieve the next page of results.
  2101  	NextPageToken string `json:"nextPageToken,omitempty"`
  2102  	// TotalSize: The total number of EkmConnections that matched the query.
  2103  	TotalSize int64 `json:"totalSize,omitempty"`
  2104  
  2105  	// ServerResponse contains the HTTP response code and headers from the server.
  2106  	googleapi.ServerResponse `json:"-"`
  2107  	// ForceSendFields is a list of field names (e.g. "EkmConnections") to
  2108  	// unconditionally include in API requests. By default, fields with empty or
  2109  	// default values are omitted from API requests. See
  2110  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2111  	// details.
  2112  	ForceSendFields []string `json:"-"`
  2113  	// NullFields is a list of field names (e.g. "EkmConnections") to include in
  2114  	// API requests with the JSON null value. By default, fields with empty values
  2115  	// are omitted from API requests. See
  2116  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2117  	NullFields []string `json:"-"`
  2118  }
  2119  
  2120  func (s *ListEkmConnectionsResponse) MarshalJSON() ([]byte, error) {
  2121  	type NoMethod ListEkmConnectionsResponse
  2122  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2123  }
  2124  
  2125  // ListImportJobsResponse: Response message for
  2126  // KeyManagementService.ListImportJobs.
  2127  type ListImportJobsResponse struct {
  2128  	// ImportJobs: The list of ImportJobs.
  2129  	ImportJobs []*ImportJob `json:"importJobs,omitempty"`
  2130  	// NextPageToken: A token to retrieve next page of results. Pass this value in
  2131  	// ListImportJobsRequest.page_token to retrieve the next page of results.
  2132  	NextPageToken string `json:"nextPageToken,omitempty"`
  2133  	// TotalSize: The total number of ImportJobs that matched the query.
  2134  	TotalSize int64 `json:"totalSize,omitempty"`
  2135  
  2136  	// ServerResponse contains the HTTP response code and headers from the server.
  2137  	googleapi.ServerResponse `json:"-"`
  2138  	// ForceSendFields is a list of field names (e.g. "ImportJobs") to
  2139  	// unconditionally include in API requests. By default, fields with empty or
  2140  	// default values are omitted from API requests. See
  2141  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2142  	// details.
  2143  	ForceSendFields []string `json:"-"`
  2144  	// NullFields is a list of field names (e.g. "ImportJobs") to include in API
  2145  	// requests with the JSON null value. By default, fields with empty values are
  2146  	// omitted from API requests. See
  2147  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2148  	NullFields []string `json:"-"`
  2149  }
  2150  
  2151  func (s *ListImportJobsResponse) MarshalJSON() ([]byte, error) {
  2152  	type NoMethod ListImportJobsResponse
  2153  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2154  }
  2155  
  2156  // ListKeyHandlesResponse: Response message for Autokey.ListKeyHandles.
  2157  type ListKeyHandlesResponse struct {
  2158  	// KeyHandles: Resulting KeyHandles.
  2159  	KeyHandles []*KeyHandle `json:"keyHandles,omitempty"`
  2160  
  2161  	// ServerResponse contains the HTTP response code and headers from the server.
  2162  	googleapi.ServerResponse `json:"-"`
  2163  	// ForceSendFields is a list of field names (e.g. "KeyHandles") to
  2164  	// unconditionally include in API requests. By default, fields with empty or
  2165  	// default values are omitted from API requests. See
  2166  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2167  	// details.
  2168  	ForceSendFields []string `json:"-"`
  2169  	// NullFields is a list of field names (e.g. "KeyHandles") to include in API
  2170  	// requests with the JSON null value. By default, fields with empty values are
  2171  	// omitted from API requests. See
  2172  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2173  	NullFields []string `json:"-"`
  2174  }
  2175  
  2176  func (s *ListKeyHandlesResponse) MarshalJSON() ([]byte, error) {
  2177  	type NoMethod ListKeyHandlesResponse
  2178  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2179  }
  2180  
  2181  // ListKeyRingsResponse: Response message for
  2182  // KeyManagementService.ListKeyRings.
  2183  type ListKeyRingsResponse struct {
  2184  	// KeyRings: The list of KeyRings.
  2185  	KeyRings []*KeyRing `json:"keyRings,omitempty"`
  2186  	// NextPageToken: A token to retrieve next page of results. Pass this value in
  2187  	// ListKeyRingsRequest.page_token to retrieve the next page of results.
  2188  	NextPageToken string `json:"nextPageToken,omitempty"`
  2189  	// TotalSize: The total number of KeyRings that matched the query.
  2190  	TotalSize int64 `json:"totalSize,omitempty"`
  2191  
  2192  	// ServerResponse contains the HTTP response code and headers from the server.
  2193  	googleapi.ServerResponse `json:"-"`
  2194  	// ForceSendFields is a list of field names (e.g. "KeyRings") to
  2195  	// unconditionally include in API requests. By default, fields with empty or
  2196  	// default values are omitted from API requests. See
  2197  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2198  	// details.
  2199  	ForceSendFields []string `json:"-"`
  2200  	// NullFields is a list of field names (e.g. "KeyRings") to include in API
  2201  	// requests with the JSON null value. By default, fields with empty values are
  2202  	// omitted from API requests. See
  2203  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2204  	NullFields []string `json:"-"`
  2205  }
  2206  
  2207  func (s *ListKeyRingsResponse) MarshalJSON() ([]byte, error) {
  2208  	type NoMethod ListKeyRingsResponse
  2209  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2210  }
  2211  
  2212  // ListLocationsResponse: The response message for Locations.ListLocations.
  2213  type ListLocationsResponse struct {
  2214  	// Locations: A list of locations that matches the specified filter in the
  2215  	// request.
  2216  	Locations []*Location `json:"locations,omitempty"`
  2217  	// NextPageToken: The standard List next-page token.
  2218  	NextPageToken string `json:"nextPageToken,omitempty"`
  2219  
  2220  	// ServerResponse contains the HTTP response code and headers from the server.
  2221  	googleapi.ServerResponse `json:"-"`
  2222  	// ForceSendFields is a list of field names (e.g. "Locations") to
  2223  	// unconditionally include in API requests. By default, fields with empty or
  2224  	// default values are omitted from API requests. See
  2225  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2226  	// details.
  2227  	ForceSendFields []string `json:"-"`
  2228  	// NullFields is a list of field names (e.g. "Locations") to include in API
  2229  	// requests with the JSON null value. By default, fields with empty values are
  2230  	// omitted from API requests. See
  2231  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2232  	NullFields []string `json:"-"`
  2233  }
  2234  
  2235  func (s *ListLocationsResponse) MarshalJSON() ([]byte, error) {
  2236  	type NoMethod ListLocationsResponse
  2237  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2238  }
  2239  
  2240  // Location: A resource that represents a Google Cloud location.
  2241  type Location struct {
  2242  	// DisplayName: The friendly name for this location, typically a nearby city
  2243  	// name. For example, "Tokyo".
  2244  	DisplayName string `json:"displayName,omitempty"`
  2245  	// Labels: Cross-service attributes for the location. For example
  2246  	// {"cloud.googleapis.com/region": "us-east1"}
  2247  	Labels map[string]string `json:"labels,omitempty"`
  2248  	// LocationId: The canonical id for this location. For example: "us-east1".
  2249  	LocationId string `json:"locationId,omitempty"`
  2250  	// Metadata: Service-specific metadata. For example the available capacity at
  2251  	// the given location.
  2252  	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
  2253  	// Name: Resource name for the location, which may vary between
  2254  	// implementations. For example:
  2255  	// "projects/example-project/locations/us-east1"
  2256  	Name string `json:"name,omitempty"`
  2257  
  2258  	// ServerResponse contains the HTTP response code and headers from the server.
  2259  	googleapi.ServerResponse `json:"-"`
  2260  	// ForceSendFields is a list of field names (e.g. "DisplayName") to
  2261  	// unconditionally include in API requests. By default, fields with empty or
  2262  	// default values are omitted from API requests. See
  2263  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2264  	// details.
  2265  	ForceSendFields []string `json:"-"`
  2266  	// NullFields is a list of field names (e.g. "DisplayName") to include in API
  2267  	// requests with the JSON null value. By default, fields with empty values are
  2268  	// omitted from API requests. See
  2269  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2270  	NullFields []string `json:"-"`
  2271  }
  2272  
  2273  func (s *Location) MarshalJSON() ([]byte, error) {
  2274  	type NoMethod Location
  2275  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2276  }
  2277  
  2278  // LocationMetadata: Cloud KMS metadata for the given
  2279  // google.cloud.location.Location.
  2280  type LocationMetadata struct {
  2281  	// EkmAvailable: Indicates whether CryptoKeys with protection_level EXTERNAL
  2282  	// can be created in this location.
  2283  	EkmAvailable bool `json:"ekmAvailable,omitempty"`
  2284  	// HsmAvailable: Indicates whether CryptoKeys with protection_level HSM can be
  2285  	// created in this location.
  2286  	HsmAvailable bool `json:"hsmAvailable,omitempty"`
  2287  	// ForceSendFields is a list of field names (e.g. "EkmAvailable") to
  2288  	// unconditionally include in API requests. By default, fields with empty or
  2289  	// default values are omitted from API requests. See
  2290  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2291  	// details.
  2292  	ForceSendFields []string `json:"-"`
  2293  	// NullFields is a list of field names (e.g. "EkmAvailable") to include in API
  2294  	// requests with the JSON null value. By default, fields with empty values are
  2295  	// omitted from API requests. See
  2296  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2297  	NullFields []string `json:"-"`
  2298  }
  2299  
  2300  func (s *LocationMetadata) MarshalJSON() ([]byte, error) {
  2301  	type NoMethod LocationMetadata
  2302  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2303  }
  2304  
  2305  // MacSignRequest: Request message for KeyManagementService.MacSign.
  2306  type MacSignRequest struct {
  2307  	// Data: Required. The data to sign. The MAC tag is computed over this data
  2308  	// field based on the specific algorithm.
  2309  	Data string `json:"data,omitempty"`
  2310  	// DataCrc32c: Optional. An optional CRC32C checksum of the
  2311  	// MacSignRequest.data. If specified, KeyManagementService will verify the
  2312  	// integrity of the received MacSignRequest.data using this checksum.
  2313  	// KeyManagementService will report an error if the checksum verification
  2314  	// fails. If you receive a checksum error, your client should verify that
  2315  	// CRC32C(MacSignRequest.data) is equal to MacSignRequest.data_crc32c, and if
  2316  	// so, perform a limited number of retries. A persistent mismatch may indicate
  2317  	// an issue in your computation of the CRC32C checksum. Note: This field is
  2318  	// defined as int64 for reasons of compatibility across different languages.
  2319  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
  2320  	// can be safely downconverted to uint32 in languages that support this type.
  2321  	DataCrc32c int64 `json:"dataCrc32c,omitempty,string"`
  2322  	// ForceSendFields is a list of field names (e.g. "Data") to unconditionally
  2323  	// include in API requests. By default, fields with empty or default values are
  2324  	// omitted from API requests. See
  2325  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2326  	// details.
  2327  	ForceSendFields []string `json:"-"`
  2328  	// NullFields is a list of field names (e.g. "Data") to include in API requests
  2329  	// with the JSON null value. By default, fields with empty values are omitted
  2330  	// from API requests. See
  2331  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2332  	NullFields []string `json:"-"`
  2333  }
  2334  
  2335  func (s *MacSignRequest) MarshalJSON() ([]byte, error) {
  2336  	type NoMethod MacSignRequest
  2337  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2338  }
  2339  
  2340  // MacSignResponse: Response message for KeyManagementService.MacSign.
  2341  type MacSignResponse struct {
  2342  	// Mac: The created signature.
  2343  	Mac string `json:"mac,omitempty"`
  2344  	// MacCrc32c: Integrity verification field. A CRC32C checksum of the returned
  2345  	// MacSignResponse.mac. An integrity check of MacSignResponse.mac can be
  2346  	// performed by computing the CRC32C checksum of MacSignResponse.mac and
  2347  	// comparing your results to this field. Discard the response in case of
  2348  	// non-matching checksum values, and perform a limited number of retries. A
  2349  	// persistent mismatch may indicate an issue in your computation of the CRC32C
  2350  	// checksum. Note: This field is defined as int64 for reasons of compatibility
  2351  	// across different languages. However, it is a non-negative integer, which
  2352  	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
  2353  	// languages that support this type.
  2354  	MacCrc32c int64 `json:"macCrc32c,omitempty,string"`
  2355  	// Name: The resource name of the CryptoKeyVersion used for signing. Check this
  2356  	// field to verify that the intended resource was used for signing.
  2357  	Name string `json:"name,omitempty"`
  2358  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used for
  2359  	// signing.
  2360  	//
  2361  	// Possible values:
  2362  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  2363  	//   "SOFTWARE" - Crypto operations are performed in software.
  2364  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  2365  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  2366  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  2367  	// backend.
  2368  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  2369  	// VerifiedDataCrc32c: Integrity verification field. A flag indicating whether
  2370  	// MacSignRequest.data_crc32c was received by KeyManagementService and used for
  2371  	// the integrity verification of the data. A false value of this field
  2372  	// indicates either that MacSignRequest.data_crc32c was left unset or that it
  2373  	// was not delivered to KeyManagementService. If you've set
  2374  	// MacSignRequest.data_crc32c but this field is still false, discard the
  2375  	// response and perform a limited number of retries.
  2376  	VerifiedDataCrc32c bool `json:"verifiedDataCrc32c,omitempty"`
  2377  
  2378  	// ServerResponse contains the HTTP response code and headers from the server.
  2379  	googleapi.ServerResponse `json:"-"`
  2380  	// ForceSendFields is a list of field names (e.g. "Mac") to unconditionally
  2381  	// include in API requests. By default, fields with empty or default values are
  2382  	// omitted from API requests. See
  2383  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2384  	// details.
  2385  	ForceSendFields []string `json:"-"`
  2386  	// NullFields is a list of field names (e.g. "Mac") to include in API requests
  2387  	// with the JSON null value. By default, fields with empty values are omitted
  2388  	// from API requests. See
  2389  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2390  	NullFields []string `json:"-"`
  2391  }
  2392  
  2393  func (s *MacSignResponse) MarshalJSON() ([]byte, error) {
  2394  	type NoMethod MacSignResponse
  2395  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2396  }
  2397  
  2398  // MacVerifyRequest: Request message for KeyManagementService.MacVerify.
  2399  type MacVerifyRequest struct {
  2400  	// Data: Required. The data used previously as a MacSignRequest.data to
  2401  	// generate the MAC tag.
  2402  	Data string `json:"data,omitempty"`
  2403  	// DataCrc32c: Optional. An optional CRC32C checksum of the
  2404  	// MacVerifyRequest.data. If specified, KeyManagementService will verify the
  2405  	// integrity of the received MacVerifyRequest.data using this checksum.
  2406  	// KeyManagementService will report an error if the checksum verification
  2407  	// fails. If you receive a checksum error, your client should verify that
  2408  	// CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c, and
  2409  	// if so, perform a limited number of retries. A persistent mismatch may
  2410  	// indicate an issue in your computation of the CRC32C checksum. Note: This
  2411  	// field is defined as int64 for reasons of compatibility across different
  2412  	// languages. However, it is a non-negative integer, which will never exceed
  2413  	// 2^32-1, and can be safely downconverted to uint32 in languages that support
  2414  	// this type.
  2415  	DataCrc32c int64 `json:"dataCrc32c,omitempty,string"`
  2416  	// Mac: Required. The signature to verify.
  2417  	Mac string `json:"mac,omitempty"`
  2418  	// MacCrc32c: Optional. An optional CRC32C checksum of the
  2419  	// MacVerifyRequest.mac. If specified, KeyManagementService will verify the
  2420  	// integrity of the received MacVerifyRequest.mac using this checksum.
  2421  	// KeyManagementService will report an error if the checksum verification
  2422  	// fails. If you receive a checksum error, your client should verify that
  2423  	// CRC32C(MacVerifyRequest.tag) is equal to MacVerifyRequest.mac_crc32c, and if
  2424  	// so, perform a limited number of retries. A persistent mismatch may indicate
  2425  	// an issue in your computation of the CRC32C checksum. Note: This field is
  2426  	// defined as int64 for reasons of compatibility across different languages.
  2427  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
  2428  	// can be safely downconverted to uint32 in languages that support this type.
  2429  	MacCrc32c int64 `json:"macCrc32c,omitempty,string"`
  2430  	// ForceSendFields is a list of field names (e.g. "Data") to unconditionally
  2431  	// include in API requests. By default, fields with empty or default values are
  2432  	// omitted from API requests. See
  2433  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2434  	// details.
  2435  	ForceSendFields []string `json:"-"`
  2436  	// NullFields is a list of field names (e.g. "Data") to include in API requests
  2437  	// with the JSON null value. By default, fields with empty values are omitted
  2438  	// from API requests. See
  2439  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2440  	NullFields []string `json:"-"`
  2441  }
  2442  
  2443  func (s *MacVerifyRequest) MarshalJSON() ([]byte, error) {
  2444  	type NoMethod MacVerifyRequest
  2445  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2446  }
  2447  
  2448  // MacVerifyResponse: Response message for KeyManagementService.MacVerify.
  2449  type MacVerifyResponse struct {
  2450  	// Name: The resource name of the CryptoKeyVersion used for verification. Check
  2451  	// this field to verify that the intended resource was used for verification.
  2452  	Name string `json:"name,omitempty"`
  2453  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used for
  2454  	// verification.
  2455  	//
  2456  	// Possible values:
  2457  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  2458  	//   "SOFTWARE" - Crypto operations are performed in software.
  2459  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  2460  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  2461  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  2462  	// backend.
  2463  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  2464  	// Success: This field indicates whether or not the verification operation for
  2465  	// MacVerifyRequest.mac over MacVerifyRequest.data was successful.
  2466  	Success bool `json:"success,omitempty"`
  2467  	// VerifiedDataCrc32c: Integrity verification field. A flag indicating whether
  2468  	// MacVerifyRequest.data_crc32c was received by KeyManagementService and used
  2469  	// for the integrity verification of the data. A false value of this field
  2470  	// indicates either that MacVerifyRequest.data_crc32c was left unset or that it
  2471  	// was not delivered to KeyManagementService. If you've set
  2472  	// MacVerifyRequest.data_crc32c but this field is still false, discard the
  2473  	// response and perform a limited number of retries.
  2474  	VerifiedDataCrc32c bool `json:"verifiedDataCrc32c,omitempty"`
  2475  	// VerifiedMacCrc32c: Integrity verification field. A flag indicating whether
  2476  	// MacVerifyRequest.mac_crc32c was received by KeyManagementService and used
  2477  	// for the integrity verification of the data. A false value of this field
  2478  	// indicates either that MacVerifyRequest.mac_crc32c was left unset or that it
  2479  	// was not delivered to KeyManagementService. If you've set
  2480  	// MacVerifyRequest.mac_crc32c but this field is still false, discard the
  2481  	// response and perform a limited number of retries.
  2482  	VerifiedMacCrc32c bool `json:"verifiedMacCrc32c,omitempty"`
  2483  	// VerifiedSuccessIntegrity: Integrity verification field. This value is used
  2484  	// for the integrity verification of [MacVerifyResponse.success]. If the value
  2485  	// of this field contradicts the value of [MacVerifyResponse.success], discard
  2486  	// the response and perform a limited number of retries.
  2487  	VerifiedSuccessIntegrity bool `json:"verifiedSuccessIntegrity,omitempty"`
  2488  
  2489  	// ServerResponse contains the HTTP response code and headers from the server.
  2490  	googleapi.ServerResponse `json:"-"`
  2491  	// ForceSendFields is a list of field names (e.g. "Name") to unconditionally
  2492  	// include in API requests. By default, fields with empty or default values are
  2493  	// omitted from API requests. See
  2494  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2495  	// details.
  2496  	ForceSendFields []string `json:"-"`
  2497  	// NullFields is a list of field names (e.g. "Name") to include in API requests
  2498  	// with the JSON null value. By default, fields with empty values are omitted
  2499  	// from API requests. See
  2500  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2501  	NullFields []string `json:"-"`
  2502  }
  2503  
  2504  func (s *MacVerifyResponse) MarshalJSON() ([]byte, error) {
  2505  	type NoMethod MacVerifyResponse
  2506  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2507  }
  2508  
  2509  // Operation: This resource represents a long-running operation that is the
  2510  // result of a network API call.
  2511  type Operation struct {
  2512  	// Done: If the value is `false`, it means the operation is still in progress.
  2513  	// If `true`, the operation is completed, and either `error` or `response` is
  2514  	// available.
  2515  	Done bool `json:"done,omitempty"`
  2516  	// Error: The error result of the operation in case of failure or cancellation.
  2517  	Error *Status `json:"error,omitempty"`
  2518  	// Metadata: Service-specific metadata associated with the operation. It
  2519  	// typically contains progress information and common metadata such as create
  2520  	// time. Some services might not provide such metadata. Any method that returns
  2521  	// a long-running operation should document the metadata type, if any.
  2522  	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
  2523  	// Name: The server-assigned name, which is only unique within the same service
  2524  	// that originally returns it. If you use the default HTTP mapping, the `name`
  2525  	// should be a resource name ending with `operations/{unique_id}`.
  2526  	Name string `json:"name,omitempty"`
  2527  	// Response: The normal, successful response of the operation. If the original
  2528  	// method returns no data on success, such as `Delete`, the response is
  2529  	// `google.protobuf.Empty`. If the original method is standard
  2530  	// `Get`/`Create`/`Update`, the response should be the resource. For other
  2531  	// methods, the response should have the type `XxxResponse`, where `Xxx` is the
  2532  	// original method name. For example, if the original method name is
  2533  	// `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
  2534  	Response googleapi.RawMessage `json:"response,omitempty"`
  2535  
  2536  	// ServerResponse contains the HTTP response code and headers from the server.
  2537  	googleapi.ServerResponse `json:"-"`
  2538  	// ForceSendFields is a list of field names (e.g. "Done") to unconditionally
  2539  	// include in API requests. By default, fields with empty or default values are
  2540  	// omitted from API requests. See
  2541  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2542  	// details.
  2543  	ForceSendFields []string `json:"-"`
  2544  	// NullFields is a list of field names (e.g. "Done") to include in API requests
  2545  	// with the JSON null value. By default, fields with empty values are omitted
  2546  	// from API requests. See
  2547  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2548  	NullFields []string `json:"-"`
  2549  }
  2550  
  2551  func (s *Operation) MarshalJSON() ([]byte, error) {
  2552  	type NoMethod Operation
  2553  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2554  }
  2555  
  2556  // Policy: An Identity and Access Management (IAM) policy, which specifies
  2557  // access controls for Google Cloud resources. A `Policy` is a collection of
  2558  // `bindings`. A `binding` binds one or more `members`, or principals, to a
  2559  // single `role`. Principals can be user accounts, service accounts, Google
  2560  // groups, and domains (such as G Suite). A `role` is a named list of
  2561  // permissions; each `role` can be an IAM predefined role or a user-created
  2562  // custom role. For some types of Google Cloud resources, a `binding` can also
  2563  // specify a `condition`, which is a logical expression that allows access to a
  2564  // resource only if the expression evaluates to `true`. A condition can add
  2565  // constraints based on attributes of the request, the resource, or both. To
  2566  // learn which resources support conditions in their IAM policies, see the IAM
  2567  // documentation
  2568  // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON
  2569  // example:** ``` { "bindings": [ { "role":
  2570  // "roles/resourcemanager.organizationAdmin", "members": [
  2571  // "user:mike@example.com", "group:admins@example.com", "domain:google.com",
  2572  // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
  2573  // "roles/resourcemanager.organizationViewer", "members": [
  2574  // "user:eve@example.com" ], "condition": { "title": "expirable access",
  2575  // "description": "Does not grant access after Sep 2020", "expression":
  2576  // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
  2577  // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: -
  2578  // members: - user:mike@example.com - group:admins@example.com -
  2579  // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
  2580  // role: roles/resourcemanager.organizationAdmin - members: -
  2581  // user:eve@example.com role: roles/resourcemanager.organizationViewer
  2582  // condition: title: expirable access description: Does not grant access after
  2583  // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
  2584  // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features,
  2585  // see the IAM documentation (https://cloud.google.com/iam/docs/).
  2586  type Policy struct {
  2587  	// AuditConfigs: Specifies cloud audit logging configuration for this policy.
  2588  	AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
  2589  	// Bindings: Associates a list of `members`, or principals, with a `role`.
  2590  	// Optionally, may specify a `condition` that determines how and when the
  2591  	// `bindings` are applied. Each of the `bindings` must contain at least one
  2592  	// principal. The `bindings` in a `Policy` can refer to up to 1,500 principals;
  2593  	// up to 250 of these principals can be Google groups. Each occurrence of a
  2594  	// principal counts towards these limits. For example, if the `bindings` grant
  2595  	// 50 different roles to `user:alice@example.com`, and not to any other
  2596  	// principal, then you can add another 1,450 principals to the `bindings` in
  2597  	// the `Policy`.
  2598  	Bindings []*Binding `json:"bindings,omitempty"`
  2599  	// Etag: `etag` is used for optimistic concurrency control as a way to help
  2600  	// prevent simultaneous updates of a policy from overwriting each other. It is
  2601  	// strongly suggested that systems make use of the `etag` in the
  2602  	// read-modify-write cycle to perform policy updates in order to avoid race
  2603  	// conditions: An `etag` is returned in the response to `getIamPolicy`, and
  2604  	// systems are expected to put that etag in the request to `setIamPolicy` to
  2605  	// ensure that their change will be applied to the same version of the policy.
  2606  	// **Important:** If you use IAM Conditions, you must include the `etag` field
  2607  	// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
  2608  	// you to overwrite a version `3` policy with a version `1` policy, and all of
  2609  	// the conditions in the version `3` policy are lost.
  2610  	Etag string `json:"etag,omitempty"`
  2611  	// Version: Specifies the format of the policy. Valid values are `0`, `1`, and
  2612  	// `3`. Requests that specify an invalid value are rejected. Any operation that
  2613  	// affects conditional role bindings must specify version `3`. This requirement
  2614  	// applies to the following operations: * Getting a policy that includes a
  2615  	// conditional role binding * Adding a conditional role binding to a policy *
  2616  	// Changing a conditional role binding in a policy * Removing any role binding,
  2617  	// with or without a condition, from a policy that includes conditions
  2618  	// **Important:** If you use IAM Conditions, you must include the `etag` field
  2619  	// whenever you call `setIamPolicy`. If you omit this field, then IAM allows
  2620  	// you to overwrite a version `3` policy with a version `1` policy, and all of
  2621  	// the conditions in the version `3` policy are lost. If a policy does not
  2622  	// include any conditions, operations on that policy may specify any valid
  2623  	// version or leave the field unset. To learn which resources support
  2624  	// conditions in their IAM policies, see the IAM documentation
  2625  	// (https://cloud.google.com/iam/help/conditions/resource-policies).
  2626  	Version int64 `json:"version,omitempty"`
  2627  
  2628  	// ServerResponse contains the HTTP response code and headers from the server.
  2629  	googleapi.ServerResponse `json:"-"`
  2630  	// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
  2631  	// unconditionally include in API requests. By default, fields with empty or
  2632  	// default values are omitted from API requests. See
  2633  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2634  	// details.
  2635  	ForceSendFields []string `json:"-"`
  2636  	// NullFields is a list of field names (e.g. "AuditConfigs") to include in API
  2637  	// requests with the JSON null value. By default, fields with empty values are
  2638  	// omitted from API requests. See
  2639  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2640  	NullFields []string `json:"-"`
  2641  }
  2642  
  2643  func (s *Policy) MarshalJSON() ([]byte, error) {
  2644  	type NoMethod Policy
  2645  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2646  }
  2647  
  2648  // PublicKey: The public keys for a given CryptoKeyVersion. Obtained via
  2649  // GetPublicKey.
  2650  type PublicKey struct {
  2651  	// Algorithm: The Algorithm associated with this key.
  2652  	//
  2653  	// Possible values:
  2654  	//   "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified.
  2655  	//   "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys.
  2656  	//   "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys.
  2657  	//   "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys.
  2658  	//   "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
  2659  	//   "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
  2660  	//   "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys.
  2661  	//   "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys.
  2662  	//   "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest.
  2663  	//   "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest.
  2664  	//   "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest.
  2665  	//   "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest.
  2666  	//   "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a
  2667  	// SHA256 digest.
  2668  	//   "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a
  2669  	// SHA256 digest.
  2670  	//   "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  2671  	// SHA256 digest.
  2672  	//   "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a
  2673  	// SHA512 digest.
  2674  	//   "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding,
  2675  	// with a 2048 bit key.
  2676  	//   "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding,
  2677  	// with a 3072 bit key.
  2678  	//   "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding,
  2679  	// with a 4096 bit key.
  2680  	//   "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256
  2681  	// digest.
  2682  	//   "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256
  2683  	// digest.
  2684  	//   "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256
  2685  	// digest.
  2686  	//   "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512
  2687  	// digest.
  2688  	//   "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest.
  2689  	//   "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest.
  2690  	//   "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest.
  2691  	//   "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256
  2692  	// digest. Other hash functions can also be used:
  2693  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  2694  	//   "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384
  2695  	// digest. Other hash functions can also be used:
  2696  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  2697  	//   "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This
  2698  	// curve is only supported for HSM protection level. Other hash functions can
  2699  	// also be used:
  2700  	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
  2701  	//   "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as
  2702  	// input).
  2703  	//   "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key.
  2704  	//   "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key.
  2705  	//   "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key.
  2706  	//   "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key.
  2707  	//   "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key.
  2708  	//   "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric
  2709  	// encryption by an external key manager.
  2710  	Algorithm string `json:"algorithm,omitempty"`
  2711  	// Name: The name of the CryptoKeyVersion public key. Provided here for
  2712  	// verification. NOTE: This field is in Beta.
  2713  	Name string `json:"name,omitempty"`
  2714  	// Pem: The public key, encoded in PEM format. For more information, see the
  2715  	// RFC 7468 (https://tools.ietf.org/html/rfc7468) sections for General
  2716  	// Considerations (https://tools.ietf.org/html/rfc7468#section-2) and [Textual
  2717  	// Encoding of Subject Public Key Info]
  2718  	// (https://tools.ietf.org/html/rfc7468#section-13).
  2719  	Pem string `json:"pem,omitempty"`
  2720  	// PemCrc32c: Integrity verification field. A CRC32C checksum of the returned
  2721  	// PublicKey.pem. An integrity check of PublicKey.pem can be performed by
  2722  	// computing the CRC32C checksum of PublicKey.pem and comparing your results to
  2723  	// this field. Discard the response in case of non-matching checksum values,
  2724  	// and perform a limited number of retries. A persistent mismatch may indicate
  2725  	// an issue in your computation of the CRC32C checksum. Note: This field is
  2726  	// defined as int64 for reasons of compatibility across different languages.
  2727  	// However, it is a non-negative integer, which will never exceed 2^32-1, and
  2728  	// can be safely downconverted to uint32 in languages that support this type.
  2729  	// NOTE: This field is in Beta.
  2730  	PemCrc32c int64 `json:"pemCrc32c,omitempty,string"`
  2731  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion public key.
  2732  	//
  2733  	// Possible values:
  2734  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  2735  	//   "SOFTWARE" - Crypto operations are performed in software.
  2736  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  2737  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  2738  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  2739  	// backend.
  2740  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  2741  
  2742  	// ServerResponse contains the HTTP response code and headers from the server.
  2743  	googleapi.ServerResponse `json:"-"`
  2744  	// ForceSendFields is a list of field names (e.g. "Algorithm") to
  2745  	// unconditionally include in API requests. By default, fields with empty or
  2746  	// default values are omitted from API requests. See
  2747  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2748  	// details.
  2749  	ForceSendFields []string `json:"-"`
  2750  	// NullFields is a list of field names (e.g. "Algorithm") to include in API
  2751  	// requests with the JSON null value. By default, fields with empty values are
  2752  	// omitted from API requests. See
  2753  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2754  	NullFields []string `json:"-"`
  2755  }
  2756  
  2757  func (s *PublicKey) MarshalJSON() ([]byte, error) {
  2758  	type NoMethod PublicKey
  2759  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2760  }
  2761  
  2762  // RawDecryptRequest: Request message for KeyManagementService.RawDecrypt.
  2763  type RawDecryptRequest struct {
  2764  	// AdditionalAuthenticatedData: Optional. Optional data that must match the
  2765  	// data originally supplied in RawEncryptRequest.additional_authenticated_data.
  2766  	AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
  2767  	// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C checksum of
  2768  	// the RawDecryptRequest.additional_authenticated_data. If specified,
  2769  	// KeyManagementService will verify the integrity of the received
  2770  	// additional_authenticated_data using this checksum. KeyManagementService will
  2771  	// report an error if the checksum verification fails. If you receive a
  2772  	// checksum error, your client should verify that
  2773  	// CRC32C(additional_authenticated_data) is equal to
  2774  	// additional_authenticated_data_crc32c, and if so, perform a limited number of
  2775  	// retries. A persistent mismatch may indicate an issue in your computation of
  2776  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  2777  	// compatibility across different languages. However, it is a non-negative
  2778  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  2779  	// uint32 in languages that support this type.
  2780  	AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
  2781  	// Ciphertext: Required. The encrypted data originally returned in
  2782  	// RawEncryptResponse.ciphertext.
  2783  	Ciphertext string `json:"ciphertext,omitempty"`
  2784  	// CiphertextCrc32c: Optional. An optional CRC32C checksum of the
  2785  	// RawDecryptRequest.ciphertext. If specified, KeyManagementService will verify
  2786  	// the integrity of the received ciphertext using this checksum.
  2787  	// KeyManagementService will report an error if the checksum verification
  2788  	// fails. If you receive a checksum error, your client should verify that
  2789  	// CRC32C(ciphertext) is equal to ciphertext_crc32c, and if so, perform a
  2790  	// limited number of retries. A persistent mismatch may indicate an issue in
  2791  	// your computation of the CRC32C checksum. Note: This field is defined as
  2792  	// int64 for reasons of compatibility across different languages. However, it
  2793  	// is a non-negative integer, which will never exceed 2^32-1, and can be safely
  2794  	// downconverted to uint32 in languages that support this type.
  2795  	CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
  2796  	// InitializationVector: Required. The initialization vector (IV) used during
  2797  	// encryption, which must match the data originally provided in
  2798  	// RawEncryptResponse.initialization_vector.
  2799  	InitializationVector string `json:"initializationVector,omitempty"`
  2800  	// InitializationVectorCrc32c: Optional. An optional CRC32C checksum of the
  2801  	// RawDecryptRequest.initialization_vector. If specified, KeyManagementService
  2802  	// will verify the integrity of the received initialization_vector using this
  2803  	// checksum. KeyManagementService will report an error if the checksum
  2804  	// verification fails. If you receive a checksum error, your client should
  2805  	// verify that CRC32C(initialization_vector) is equal to
  2806  	// initialization_vector_crc32c, and if so, perform a limited number of
  2807  	// retries. A persistent mismatch may indicate an issue in your computation of
  2808  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  2809  	// compatibility across different languages. However, it is a non-negative
  2810  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  2811  	// uint32 in languages that support this type.
  2812  	InitializationVectorCrc32c int64 `json:"initializationVectorCrc32c,omitempty,string"`
  2813  	// TagLength: The length of the authentication tag that is appended to the end
  2814  	// of the ciphertext. If unspecified (0), the default value for the key's
  2815  	// algorithm will be used (for AES-GCM, the default value is 16).
  2816  	TagLength int64 `json:"tagLength,omitempty"`
  2817  	// ForceSendFields is a list of field names (e.g.
  2818  	// "AdditionalAuthenticatedData") to unconditionally include in API requests.
  2819  	// By default, fields with empty or default values are omitted from API
  2820  	// requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields
  2821  	// for more details.
  2822  	ForceSendFields []string `json:"-"`
  2823  	// NullFields is a list of field names (e.g. "AdditionalAuthenticatedData") to
  2824  	// include in API requests with the JSON null value. By default, fields with
  2825  	// empty values are omitted from API requests. See
  2826  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2827  	NullFields []string `json:"-"`
  2828  }
  2829  
  2830  func (s *RawDecryptRequest) MarshalJSON() ([]byte, error) {
  2831  	type NoMethod RawDecryptRequest
  2832  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2833  }
  2834  
  2835  // RawDecryptResponse: Response message for KeyManagementService.RawDecrypt.
  2836  type RawDecryptResponse struct {
  2837  	// Plaintext: The decrypted data.
  2838  	Plaintext string `json:"plaintext,omitempty"`
  2839  	// PlaintextCrc32c: Integrity verification field. A CRC32C checksum of the
  2840  	// returned RawDecryptResponse.plaintext. An integrity check of plaintext can
  2841  	// be performed by computing the CRC32C checksum of plaintext and comparing
  2842  	// your results to this field. Discard the response in case of non-matching
  2843  	// checksum values, and perform a limited number of retries. A persistent
  2844  	// mismatch may indicate an issue in your computation of the CRC32C checksum.
  2845  	// Note: receiving this response message indicates that KeyManagementService is
  2846  	// able to successfully decrypt the ciphertext. Note: This field is defined as
  2847  	// int64 for reasons of compatibility across different languages. However, it
  2848  	// is a non-negative integer, which will never exceed 2^32-1, and can be safely
  2849  	// downconverted to uint32 in languages that support this type.
  2850  	PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
  2851  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used in
  2852  	// decryption.
  2853  	//
  2854  	// Possible values:
  2855  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  2856  	//   "SOFTWARE" - Crypto operations are performed in software.
  2857  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  2858  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  2859  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  2860  	// backend.
  2861  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  2862  	// VerifiedAdditionalAuthenticatedDataCrc32c: Integrity verification field. A
  2863  	// flag indicating whether
  2864  	// RawDecryptRequest.additional_authenticated_data_crc32c was received by
  2865  	// KeyManagementService and used for the integrity verification of
  2866  	// additional_authenticated_data. A false value of this field indicates either
  2867  	// that // RawDecryptRequest.additional_authenticated_data_crc32c was left
  2868  	// unset or that it was not delivered to KeyManagementService. If you've set
  2869  	// RawDecryptRequest.additional_authenticated_data_crc32c but this field is
  2870  	// still false, discard the response and perform a limited number of retries.
  2871  	VerifiedAdditionalAuthenticatedDataCrc32c bool `json:"verifiedAdditionalAuthenticatedDataCrc32c,omitempty"`
  2872  	// VerifiedCiphertextCrc32c: Integrity verification field. A flag indicating
  2873  	// whether RawDecryptRequest.ciphertext_crc32c was received by
  2874  	// KeyManagementService and used for the integrity verification of the
  2875  	// ciphertext. A false value of this field indicates either that
  2876  	// RawDecryptRequest.ciphertext_crc32c was left unset or that it was not
  2877  	// delivered to KeyManagementService. If you've set
  2878  	// RawDecryptRequest.ciphertext_crc32c but this field is still false, discard
  2879  	// the response and perform a limited number of retries.
  2880  	VerifiedCiphertextCrc32c bool `json:"verifiedCiphertextCrc32c,omitempty"`
  2881  	// VerifiedInitializationVectorCrc32c: Integrity verification field. A flag
  2882  	// indicating whether RawDecryptRequest.initialization_vector_crc32c was
  2883  	// received by KeyManagementService and used for the integrity verification of
  2884  	// initialization_vector. A false value of this field indicates either that
  2885  	// RawDecryptRequest.initialization_vector_crc32c was left unset or that it was
  2886  	// not delivered to KeyManagementService. If you've set
  2887  	// RawDecryptRequest.initialization_vector_crc32c but this field is still
  2888  	// false, discard the response and perform a limited number of retries.
  2889  	VerifiedInitializationVectorCrc32c bool `json:"verifiedInitializationVectorCrc32c,omitempty"`
  2890  
  2891  	// ServerResponse contains the HTTP response code and headers from the server.
  2892  	googleapi.ServerResponse `json:"-"`
  2893  	// ForceSendFields is a list of field names (e.g. "Plaintext") to
  2894  	// unconditionally include in API requests. By default, fields with empty or
  2895  	// default values are omitted from API requests. See
  2896  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  2897  	// details.
  2898  	ForceSendFields []string `json:"-"`
  2899  	// NullFields is a list of field names (e.g. "Plaintext") to include in API
  2900  	// requests with the JSON null value. By default, fields with empty values are
  2901  	// omitted from API requests. See
  2902  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2903  	NullFields []string `json:"-"`
  2904  }
  2905  
  2906  func (s *RawDecryptResponse) MarshalJSON() ([]byte, error) {
  2907  	type NoMethod RawDecryptResponse
  2908  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2909  }
  2910  
  2911  // RawEncryptRequest: Request message for KeyManagementService.RawEncrypt.
  2912  type RawEncryptRequest struct {
  2913  	// AdditionalAuthenticatedData: Optional. Optional data that, if specified,
  2914  	// must also be provided during decryption through
  2915  	// RawDecryptRequest.additional_authenticated_data. This field may only be used
  2916  	// in conjunction with an algorithm that accepts additional authenticated data
  2917  	// (for example, AES-GCM). The maximum size depends on the key version's
  2918  	// protection_level. For SOFTWARE keys, the plaintext must be no larger than
  2919  	// 64KiB. For HSM keys, the combined length of the plaintext and
  2920  	// additional_authenticated_data fields must be no larger than 8KiB.
  2921  	AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"`
  2922  	// AdditionalAuthenticatedDataCrc32c: Optional. An optional CRC32C checksum of
  2923  	// the RawEncryptRequest.additional_authenticated_data. If specified,
  2924  	// KeyManagementService will verify the integrity of the received
  2925  	// additional_authenticated_data using this checksum. KeyManagementService will
  2926  	// report an error if the checksum verification fails. If you receive a
  2927  	// checksum error, your client should verify that
  2928  	// CRC32C(additional_authenticated_data) is equal to
  2929  	// additional_authenticated_data_crc32c, and if so, perform a limited number of
  2930  	// retries. A persistent mismatch may indicate an issue in your computation of
  2931  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  2932  	// compatibility across different languages. However, it is a non-negative
  2933  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  2934  	// uint32 in languages that support this type.
  2935  	AdditionalAuthenticatedDataCrc32c int64 `json:"additionalAuthenticatedDataCrc32c,omitempty,string"`
  2936  	// InitializationVector: Optional. A customer-supplied initialization vector
  2937  	// that will be used for encryption. If it is not provided for AES-CBC and
  2938  	// AES-CTR, one will be generated. It will be returned in
  2939  	// RawEncryptResponse.initialization_vector.
  2940  	InitializationVector string `json:"initializationVector,omitempty"`
  2941  	// InitializationVectorCrc32c: Optional. An optional CRC32C checksum of the
  2942  	// RawEncryptRequest.initialization_vector. If specified, KeyManagementService
  2943  	// will verify the integrity of the received initialization_vector using this
  2944  	// checksum. KeyManagementService will report an error if the checksum
  2945  	// verification fails. If you receive a checksum error, your client should
  2946  	// verify that CRC32C(initialization_vector) is equal to
  2947  	// initialization_vector_crc32c, and if so, perform a limited number of
  2948  	// retries. A persistent mismatch may indicate an issue in your computation of
  2949  	// the CRC32C checksum. Note: This field is defined as int64 for reasons of
  2950  	// compatibility across different languages. However, it is a non-negative
  2951  	// integer, which will never exceed 2^32-1, and can be safely downconverted to
  2952  	// uint32 in languages that support this type.
  2953  	InitializationVectorCrc32c int64 `json:"initializationVectorCrc32c,omitempty,string"`
  2954  	// Plaintext: Required. The data to encrypt. Must be no larger than 64KiB. The
  2955  	// maximum size depends on the key version's protection_level. For SOFTWARE
  2956  	// keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined
  2957  	// length of the plaintext and additional_authenticated_data fields must be no
  2958  	// larger than 8KiB.
  2959  	Plaintext string `json:"plaintext,omitempty"`
  2960  	// PlaintextCrc32c: Optional. An optional CRC32C checksum of the
  2961  	// RawEncryptRequest.plaintext. If specified, KeyManagementService will verify
  2962  	// the integrity of the received plaintext using this checksum.
  2963  	// KeyManagementService will report an error if the checksum verification
  2964  	// fails. If you receive a checksum error, your client should verify that
  2965  	// CRC32C(plaintext) is equal to plaintext_crc32c, and if so, perform a limited
  2966  	// number of retries. A persistent mismatch may indicate an issue in your
  2967  	// computation of the CRC32C checksum. Note: This field is defined as int64 for
  2968  	// reasons of compatibility across different languages. However, it is a
  2969  	// non-negative integer, which will never exceed 2^32-1, and can be safely
  2970  	// downconverted to uint32 in languages that support this type.
  2971  	PlaintextCrc32c int64 `json:"plaintextCrc32c,omitempty,string"`
  2972  	// ForceSendFields is a list of field names (e.g.
  2973  	// "AdditionalAuthenticatedData") to unconditionally include in API requests.
  2974  	// By default, fields with empty or default values are omitted from API
  2975  	// requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields
  2976  	// for more details.
  2977  	ForceSendFields []string `json:"-"`
  2978  	// NullFields is a list of field names (e.g. "AdditionalAuthenticatedData") to
  2979  	// include in API requests with the JSON null value. By default, fields with
  2980  	// empty values are omitted from API requests. See
  2981  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  2982  	NullFields []string `json:"-"`
  2983  }
  2984  
  2985  func (s *RawEncryptRequest) MarshalJSON() ([]byte, error) {
  2986  	type NoMethod RawEncryptRequest
  2987  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  2988  }
  2989  
  2990  // RawEncryptResponse: Response message for KeyManagementService.RawEncrypt.
  2991  type RawEncryptResponse struct {
  2992  	// Ciphertext: The encrypted data. In the case of AES-GCM, the authentication
  2993  	// tag is the tag_length bytes at the end of this field.
  2994  	Ciphertext string `json:"ciphertext,omitempty"`
  2995  	// CiphertextCrc32c: Integrity verification field. A CRC32C checksum of the
  2996  	// returned RawEncryptResponse.ciphertext. An integrity check of ciphertext can
  2997  	// be performed by computing the CRC32C checksum of ciphertext and comparing
  2998  	// your results to this field. Discard the response in case of non-matching
  2999  	// checksum values, and perform a limited number of retries. A persistent
  3000  	// mismatch may indicate an issue in your computation of the CRC32C checksum.
  3001  	// Note: This field is defined as int64 for reasons of compatibility across
  3002  	// different languages. However, it is a non-negative integer, which will never
  3003  	// exceed 2^32-1, and can be safely downconverted to uint32 in languages that
  3004  	// support this type.
  3005  	CiphertextCrc32c int64 `json:"ciphertextCrc32c,omitempty,string"`
  3006  	// InitializationVector: The initialization vector (IV) generated by the
  3007  	// service during encryption. This value must be stored and provided in
  3008  	// RawDecryptRequest.initialization_vector at decryption time.
  3009  	InitializationVector string `json:"initializationVector,omitempty"`
  3010  	// InitializationVectorCrc32c: Integrity verification field. A CRC32C checksum
  3011  	// of the returned RawEncryptResponse.initialization_vector. An integrity check
  3012  	// of initialization_vector can be performed by computing the CRC32C checksum
  3013  	// of initialization_vector and comparing your results to this field. Discard
  3014  	// the response in case of non-matching checksum values, and perform a limited
  3015  	// number of retries. A persistent mismatch may indicate an issue in your
  3016  	// computation of the CRC32C checksum. Note: This field is defined as int64 for
  3017  	// reasons of compatibility across different languages. However, it is a
  3018  	// non-negative integer, which will never exceed 2^32-1, and can be safely
  3019  	// downconverted to uint32 in languages that support this type.
  3020  	InitializationVectorCrc32c int64 `json:"initializationVectorCrc32c,omitempty,string"`
  3021  	// Name: The resource name of the CryptoKeyVersion used in encryption. Check
  3022  	// this field to verify that the intended resource was used for encryption.
  3023  	Name string `json:"name,omitempty"`
  3024  	// ProtectionLevel: The ProtectionLevel of the CryptoKeyVersion used in
  3025  	// encryption.
  3026  	//
  3027  	// Possible values:
  3028  	//   "PROTECTION_LEVEL_UNSPECIFIED" - Not specified.
  3029  	//   "SOFTWARE" - Crypto operations are performed in software.
  3030  	//   "HSM" - Crypto operations are performed in a Hardware Security Module.
  3031  	//   "EXTERNAL" - Crypto operations are performed by an external key manager.
  3032  	//   "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC
  3033  	// backend.
  3034  	ProtectionLevel string `json:"protectionLevel,omitempty"`
  3035  	// TagLength: The length of the authentication tag that is appended to the end
  3036  	// of the ciphertext.
  3037  	TagLength int64 `json:"tagLength,omitempty"`
  3038  	// VerifiedAdditionalAuthenticatedDataCrc32c: Integrity verification field. A
  3039  	// flag indicating whether
  3040  	// RawEncryptRequest.additional_authenticated_data_crc32c was received by
  3041  	// KeyManagementService and used for the integrity verification of
  3042  	// additional_authenticated_data. A false value of this field indicates either
  3043  	// that // RawEncryptRequest.additional_authenticated_data_crc32c was left
  3044  	// unset or that it was not delivered to KeyManagementService. If you've set
  3045  	// RawEncryptRequest.additional_authenticated_data_crc32c but this field is
  3046  	// still false, discard the response and perform a limited number of retries.
  3047  	VerifiedAdditionalAuthenticatedDataCrc32c bool `json:"verifiedAdditionalAuthenticatedDataCrc32c,omitempty"`
  3048  	// VerifiedInitializationVectorCrc32c: Integrity verification field. A flag
  3049  	// indicating whether RawEncryptRequest.initialization_vector_crc32c was
  3050  	// received by KeyManagementService and used for the integrity verification of
  3051  	// initialization_vector. A false value of this field indicates either that
  3052  	// RawEncryptRequest.initialization_vector_crc32c was left unset or that it was
  3053  	// not delivered to KeyManagementService. If you've set
  3054  	// RawEncryptRequest.initialization_vector_crc32c but this field is still
  3055  	// false, discard the response and perform a limited number of retries.
  3056  	VerifiedInitializationVectorCrc32c bool `json:"verifiedInitializationVectorCrc32c,omitempty"`
  3057  	// VerifiedPlaintextCrc32c: Integrity verification field. A flag indicating
  3058  	// whether RawEncryptRequest.plaintext_crc32c was received by
  3059  	// KeyManagementService and used for the integrity verification of the
  3060  	// plaintext. A false value of this field indicates either that
  3061  	// RawEncryptRequest.plaintext_crc32c was left unset or that it was not
  3062  	// delivered to KeyManagementService. If you've set
  3063  	// RawEncryptRequest.plaintext_crc32c but this field is still false, discard
  3064  	// the response and perform a limited number of retries.
  3065  	VerifiedPlaintextCrc32c bool `json:"verifiedPlaintextCrc32c,omitempty"`
  3066  
  3067  	// ServerResponse contains the HTTP response code and headers from the server.
  3068  	googleapi.ServerResponse `json:"-"`
  3069  	// ForceSendFields is a list of field names (e.g. "Ciphertext") to
  3070  	// unconditionally include in API requests. By default, fields with empty or
  3071  	// default values are omitted from API requests. See
  3072  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3073  	// details.
  3074  	ForceSendFields []string `json:"-"`
  3075  	// NullFields is a list of field names (e.g. "Ciphertext") to include in API
  3076  	// requests with the JSON null value. By default, fields with empty values are
  3077  	// omitted from API requests. See
  3078  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3079  	NullFields []string `json:"-"`
  3080  }
  3081  
  3082  func (s *RawEncryptResponse) MarshalJSON() ([]byte, error) {
  3083  	type NoMethod RawEncryptResponse
  3084  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3085  }
  3086  
  3087  // RestoreCryptoKeyVersionRequest: Request message for
  3088  // KeyManagementService.RestoreCryptoKeyVersion.
  3089  type RestoreCryptoKeyVersionRequest struct {
  3090  }
  3091  
  3092  // ServiceResolver: A ServiceResolver represents an EKM replica that can be
  3093  // reached within an EkmConnection.
  3094  type ServiceResolver struct {
  3095  	// EndpointFilter: Optional. The filter applied to the endpoints of the
  3096  	// resolved service. If no filter is specified, all endpoints will be
  3097  	// considered. An endpoint will be chosen arbitrarily from the filtered list
  3098  	// for each request. For endpoint filter syntax and examples, see
  3099  	// https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
  3100  	EndpointFilter string `json:"endpointFilter,omitempty"`
  3101  	// Hostname: Required. The hostname of the EKM replica used at TLS and HTTP
  3102  	// layers.
  3103  	Hostname string `json:"hostname,omitempty"`
  3104  	// ServerCertificates: Required. A list of leaf server certificates used to
  3105  	// authenticate HTTPS connections to the EKM replica. Currently, a maximum of
  3106  	// 10 Certificate is supported.
  3107  	ServerCertificates []*Certificate `json:"serverCertificates,omitempty"`
  3108  	// ServiceDirectoryService: Required. The resource name of the Service
  3109  	// Directory service pointing to an EKM replica, in the format
  3110  	// `projects/*/locations/*/namespaces/*/services/*`.
  3111  	ServiceDirectoryService string `json:"serviceDirectoryService,omitempty"`
  3112  	// ForceSendFields is a list of field names (e.g. "EndpointFilter") to
  3113  	// unconditionally include in API requests. By default, fields with empty or
  3114  	// default values are omitted from API requests. See
  3115  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3116  	// details.
  3117  	ForceSendFields []string `json:"-"`
  3118  	// NullFields is a list of field names (e.g. "EndpointFilter") to include in
  3119  	// API requests with the JSON null value. By default, fields with empty values
  3120  	// are omitted from API requests. See
  3121  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3122  	NullFields []string `json:"-"`
  3123  }
  3124  
  3125  func (s *ServiceResolver) MarshalJSON() ([]byte, error) {
  3126  	type NoMethod ServiceResolver
  3127  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3128  }
  3129  
  3130  // SetIamPolicyRequest: Request message for `SetIamPolicy` method.
  3131  type SetIamPolicyRequest struct {
  3132  	// Policy: REQUIRED: The complete policy to be applied to the `resource`. The
  3133  	// size of the policy is limited to a few 10s of KB. An empty policy is a valid
  3134  	// policy but certain Google Cloud services (such as Projects) might reject
  3135  	// them.
  3136  	Policy *Policy `json:"policy,omitempty"`
  3137  	// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the policy to
  3138  	// modify. Only the fields in the mask will be modified. If no mask is
  3139  	// provided, the following default mask is used: `paths: "bindings, etag"
  3140  	UpdateMask string `json:"updateMask,omitempty"`
  3141  	// ForceSendFields is a list of field names (e.g. "Policy") to unconditionally
  3142  	// include in API requests. By default, fields with empty or default values are
  3143  	// omitted from API requests. See
  3144  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3145  	// details.
  3146  	ForceSendFields []string `json:"-"`
  3147  	// NullFields is a list of field names (e.g. "Policy") to include in API
  3148  	// requests with the JSON null value. By default, fields with empty values are
  3149  	// omitted from API requests. See
  3150  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3151  	NullFields []string `json:"-"`
  3152  }
  3153  
  3154  func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
  3155  	type NoMethod SetIamPolicyRequest
  3156  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3157  }
  3158  
  3159  // ShowEffectiveAutokeyConfigResponse: Response message for
  3160  // ShowEffectiveAutokeyConfig.
  3161  type ShowEffectiveAutokeyConfigResponse struct {
  3162  	// KeyProject: Name of the key project configured in the resource project's
  3163  	// folder ancestry.
  3164  	KeyProject string `json:"keyProject,omitempty"`
  3165  
  3166  	// ServerResponse contains the HTTP response code and headers from the server.
  3167  	googleapi.ServerResponse `json:"-"`
  3168  	// ForceSendFields is a list of field names (e.g. "KeyProject") to
  3169  	// unconditionally include in API requests. By default, fields with empty or
  3170  	// default values are omitted from API requests. See
  3171  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3172  	// details.
  3173  	ForceSendFields []string `json:"-"`
  3174  	// NullFields is a list of field names (e.g. "KeyProject") to include in API
  3175  	// requests with the JSON null value. By default, fields with empty values are
  3176  	// omitted from API requests. See
  3177  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3178  	NullFields []string `json:"-"`
  3179  }
  3180  
  3181  func (s *ShowEffectiveAutokeyConfigResponse) MarshalJSON() ([]byte, error) {
  3182  	type NoMethod ShowEffectiveAutokeyConfigResponse
  3183  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3184  }
  3185  
  3186  // Status: The `Status` type defines a logical error model that is suitable for
  3187  // different programming environments, including REST APIs and RPC APIs. It is
  3188  // used by gRPC (https://github.com/grpc). Each `Status` message contains three
  3189  // pieces of data: error code, error message, and error details. You can find
  3190  // out more about this error model and how to work with it in the API Design
  3191  // Guide (https://cloud.google.com/apis/design/errors).
  3192  type Status struct {
  3193  	// Code: The status code, which should be an enum value of google.rpc.Code.
  3194  	Code int64 `json:"code,omitempty"`
  3195  	// Details: A list of messages that carry the error details. There is a common
  3196  	// set of message types for APIs to use.
  3197  	Details []googleapi.RawMessage `json:"details,omitempty"`
  3198  	// Message: A developer-facing error message, which should be in English. Any
  3199  	// user-facing error message should be localized and sent in the
  3200  	// google.rpc.Status.details field, or localized by the client.
  3201  	Message string `json:"message,omitempty"`
  3202  	// ForceSendFields is a list of field names (e.g. "Code") to unconditionally
  3203  	// include in API requests. By default, fields with empty or default values are
  3204  	// omitted from API requests. See
  3205  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3206  	// details.
  3207  	ForceSendFields []string `json:"-"`
  3208  	// NullFields is a list of field names (e.g. "Code") to include in API requests
  3209  	// with the JSON null value. By default, fields with empty values are omitted
  3210  	// from API requests. See
  3211  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3212  	NullFields []string `json:"-"`
  3213  }
  3214  
  3215  func (s *Status) MarshalJSON() ([]byte, error) {
  3216  	type NoMethod Status
  3217  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3218  }
  3219  
  3220  // TestIamPermissionsRequest: Request message for `TestIamPermissions` method.
  3221  type TestIamPermissionsRequest struct {
  3222  	// Permissions: The set of permissions to check for the `resource`. Permissions
  3223  	// with wildcards (such as `*` or `storage.*`) are not allowed. For more
  3224  	// information see IAM Overview
  3225  	// (https://cloud.google.com/iam/docs/overview#permissions).
  3226  	Permissions []string `json:"permissions,omitempty"`
  3227  	// ForceSendFields is a list of field names (e.g. "Permissions") to
  3228  	// unconditionally include in API requests. By default, fields with empty or
  3229  	// default values are omitted from API requests. See
  3230  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3231  	// details.
  3232  	ForceSendFields []string `json:"-"`
  3233  	// NullFields is a list of field names (e.g. "Permissions") to include in API
  3234  	// requests with the JSON null value. By default, fields with empty values are
  3235  	// omitted from API requests. See
  3236  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3237  	NullFields []string `json:"-"`
  3238  }
  3239  
  3240  func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
  3241  	type NoMethod TestIamPermissionsRequest
  3242  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3243  }
  3244  
  3245  // TestIamPermissionsResponse: Response message for `TestIamPermissions`
  3246  // method.
  3247  type TestIamPermissionsResponse struct {
  3248  	// Permissions: A subset of `TestPermissionsRequest.permissions` that the
  3249  	// caller is allowed.
  3250  	Permissions []string `json:"permissions,omitempty"`
  3251  
  3252  	// ServerResponse contains the HTTP response code and headers from the server.
  3253  	googleapi.ServerResponse `json:"-"`
  3254  	// ForceSendFields is a list of field names (e.g. "Permissions") to
  3255  	// unconditionally include in API requests. By default, fields with empty or
  3256  	// default values are omitted from API requests. See
  3257  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3258  	// details.
  3259  	ForceSendFields []string `json:"-"`
  3260  	// NullFields is a list of field names (e.g. "Permissions") to include in API
  3261  	// requests with the JSON null value. By default, fields with empty values are
  3262  	// omitted from API requests. See
  3263  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3264  	NullFields []string `json:"-"`
  3265  }
  3266  
  3267  func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
  3268  	type NoMethod TestIamPermissionsResponse
  3269  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3270  }
  3271  
  3272  // UpdateCryptoKeyPrimaryVersionRequest: Request message for
  3273  // KeyManagementService.UpdateCryptoKeyPrimaryVersion.
  3274  type UpdateCryptoKeyPrimaryVersionRequest struct {
  3275  	// CryptoKeyVersionId: Required. The id of the child CryptoKeyVersion to use as
  3276  	// primary.
  3277  	CryptoKeyVersionId string `json:"cryptoKeyVersionId,omitempty"`
  3278  	// ForceSendFields is a list of field names (e.g. "CryptoKeyVersionId") to
  3279  	// unconditionally include in API requests. By default, fields with empty or
  3280  	// default values are omitted from API requests. See
  3281  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3282  	// details.
  3283  	ForceSendFields []string `json:"-"`
  3284  	// NullFields is a list of field names (e.g. "CryptoKeyVersionId") to include
  3285  	// in API requests with the JSON null value. By default, fields with empty
  3286  	// values are omitted from API requests. See
  3287  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3288  	NullFields []string `json:"-"`
  3289  }
  3290  
  3291  func (s *UpdateCryptoKeyPrimaryVersionRequest) MarshalJSON() ([]byte, error) {
  3292  	type NoMethod UpdateCryptoKeyPrimaryVersionRequest
  3293  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3294  }
  3295  
  3296  // VerifyConnectivityResponse: Response message for
  3297  // EkmService.VerifyConnectivity.
  3298  type VerifyConnectivityResponse struct {
  3299  	// ServerResponse contains the HTTP response code and headers from the server.
  3300  	googleapi.ServerResponse `json:"-"`
  3301  }
  3302  
  3303  // WrappingPublicKey: The public key component of the wrapping key. For details
  3304  // of the type of key this public key corresponds to, see the ImportMethod.
  3305  type WrappingPublicKey struct {
  3306  	// Pem: The public key, encoded in PEM format. For more information, see the
  3307  	// RFC 7468 (https://tools.ietf.org/html/rfc7468) sections for General
  3308  	// Considerations (https://tools.ietf.org/html/rfc7468#section-2) and [Textual
  3309  	// Encoding of Subject Public Key Info]
  3310  	// (https://tools.ietf.org/html/rfc7468#section-13).
  3311  	Pem string `json:"pem,omitempty"`
  3312  	// ForceSendFields is a list of field names (e.g. "Pem") to unconditionally
  3313  	// include in API requests. By default, fields with empty or default values are
  3314  	// omitted from API requests. See
  3315  	// https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more
  3316  	// details.
  3317  	ForceSendFields []string `json:"-"`
  3318  	// NullFields is a list of field names (e.g. "Pem") to include in API requests
  3319  	// with the JSON null value. By default, fields with empty values are omitted
  3320  	// from API requests. See
  3321  	// https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details.
  3322  	NullFields []string `json:"-"`
  3323  }
  3324  
  3325  func (s *WrappingPublicKey) MarshalJSON() ([]byte, error) {
  3326  	type NoMethod WrappingPublicKey
  3327  	return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields)
  3328  }
  3329  
  3330  type FoldersGetAutokeyConfigCall struct {
  3331  	s            *Service
  3332  	name         string
  3333  	urlParams_   gensupport.URLParams
  3334  	ifNoneMatch_ string
  3335  	ctx_         context.Context
  3336  	header_      http.Header
  3337  }
  3338  
  3339  // GetAutokeyConfig: Returns the AutokeyConfig for a folder.
  3340  //
  3341  //   - name: Name of the AutokeyConfig resource, e.g.
  3342  //     `folders/{FOLDER_NUMBER}/autokeyConfig`.
  3343  func (r *FoldersService) GetAutokeyConfig(name string) *FoldersGetAutokeyConfigCall {
  3344  	c := &FoldersGetAutokeyConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3345  	c.name = name
  3346  	return c
  3347  }
  3348  
  3349  // Fields allows partial responses to be retrieved. See
  3350  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3351  // details.
  3352  func (c *FoldersGetAutokeyConfigCall) Fields(s ...googleapi.Field) *FoldersGetAutokeyConfigCall {
  3353  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3354  	return c
  3355  }
  3356  
  3357  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  3358  // object's ETag matches the given value. This is useful for getting updates
  3359  // only after the object has changed since the last request.
  3360  func (c *FoldersGetAutokeyConfigCall) IfNoneMatch(entityTag string) *FoldersGetAutokeyConfigCall {
  3361  	c.ifNoneMatch_ = entityTag
  3362  	return c
  3363  }
  3364  
  3365  // Context sets the context to be used in this call's Do method.
  3366  func (c *FoldersGetAutokeyConfigCall) Context(ctx context.Context) *FoldersGetAutokeyConfigCall {
  3367  	c.ctx_ = ctx
  3368  	return c
  3369  }
  3370  
  3371  // Header returns a http.Header that can be modified by the caller to add
  3372  // headers to the request.
  3373  func (c *FoldersGetAutokeyConfigCall) Header() http.Header {
  3374  	if c.header_ == nil {
  3375  		c.header_ = make(http.Header)
  3376  	}
  3377  	return c.header_
  3378  }
  3379  
  3380  func (c *FoldersGetAutokeyConfigCall) doRequest(alt string) (*http.Response, error) {
  3381  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  3382  	if c.ifNoneMatch_ != "" {
  3383  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  3384  	}
  3385  	var body io.Reader = nil
  3386  	c.urlParams_.Set("alt", alt)
  3387  	c.urlParams_.Set("prettyPrint", "false")
  3388  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  3389  	urls += "?" + c.urlParams_.Encode()
  3390  	req, err := http.NewRequest("GET", urls, body)
  3391  	if err != nil {
  3392  		return nil, err
  3393  	}
  3394  	req.Header = reqHeaders
  3395  	googleapi.Expand(req.URL, map[string]string{
  3396  		"name": c.name,
  3397  	})
  3398  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3399  }
  3400  
  3401  // Do executes the "cloudkms.folders.getAutokeyConfig" call.
  3402  // Any non-2xx status code is an error. Response headers are in either
  3403  // *AutokeyConfig.ServerResponse.Header or (if a response was returned at all)
  3404  // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  3405  // whether the returned error was because http.StatusNotModified was returned.
  3406  func (c *FoldersGetAutokeyConfigCall) Do(opts ...googleapi.CallOption) (*AutokeyConfig, error) {
  3407  	gensupport.SetOptions(c.urlParams_, opts...)
  3408  	res, err := c.doRequest("json")
  3409  	if res != nil && res.StatusCode == http.StatusNotModified {
  3410  		if res.Body != nil {
  3411  			res.Body.Close()
  3412  		}
  3413  		return nil, gensupport.WrapError(&googleapi.Error{
  3414  			Code:   res.StatusCode,
  3415  			Header: res.Header,
  3416  		})
  3417  	}
  3418  	if err != nil {
  3419  		return nil, err
  3420  	}
  3421  	defer googleapi.CloseBody(res)
  3422  	if err := googleapi.CheckResponse(res); err != nil {
  3423  		return nil, gensupport.WrapError(err)
  3424  	}
  3425  	ret := &AutokeyConfig{
  3426  		ServerResponse: googleapi.ServerResponse{
  3427  			Header:         res.Header,
  3428  			HTTPStatusCode: res.StatusCode,
  3429  		},
  3430  	}
  3431  	target := &ret
  3432  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3433  		return nil, err
  3434  	}
  3435  	return ret, nil
  3436  }
  3437  
  3438  type FoldersUpdateAutokeyConfigCall struct {
  3439  	s             *Service
  3440  	name          string
  3441  	autokeyconfig *AutokeyConfig
  3442  	urlParams_    gensupport.URLParams
  3443  	ctx_          context.Context
  3444  	header_       http.Header
  3445  }
  3446  
  3447  // UpdateAutokeyConfig: Updates the AutokeyConfig for a folder. The caller must
  3448  // have both `cloudkms.autokeyConfigs.update` permission on the parent folder
  3449  // and `cloudkms.cryptoKeys.setIamPolicy` permission on the provided key
  3450  // project. A KeyHandle creation in the folder's descendant projects will use
  3451  // this configuration to determine where to create the resulting CryptoKey.
  3452  //
  3453  //   - name: Identifier. Name of the AutokeyConfig resource, e.g.
  3454  //     `folders/{FOLDER_NUMBER}/autokeyConfig`.
  3455  func (r *FoldersService) UpdateAutokeyConfig(name string, autokeyconfig *AutokeyConfig) *FoldersUpdateAutokeyConfigCall {
  3456  	c := &FoldersUpdateAutokeyConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3457  	c.name = name
  3458  	c.autokeyconfig = autokeyconfig
  3459  	return c
  3460  }
  3461  
  3462  // UpdateMask sets the optional parameter "updateMask": Required. Masks which
  3463  // fields of the AutokeyConfig to update, e.g. `keyProject`.
  3464  func (c *FoldersUpdateAutokeyConfigCall) UpdateMask(updateMask string) *FoldersUpdateAutokeyConfigCall {
  3465  	c.urlParams_.Set("updateMask", updateMask)
  3466  	return c
  3467  }
  3468  
  3469  // Fields allows partial responses to be retrieved. See
  3470  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3471  // details.
  3472  func (c *FoldersUpdateAutokeyConfigCall) Fields(s ...googleapi.Field) *FoldersUpdateAutokeyConfigCall {
  3473  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3474  	return c
  3475  }
  3476  
  3477  // Context sets the context to be used in this call's Do method.
  3478  func (c *FoldersUpdateAutokeyConfigCall) Context(ctx context.Context) *FoldersUpdateAutokeyConfigCall {
  3479  	c.ctx_ = ctx
  3480  	return c
  3481  }
  3482  
  3483  // Header returns a http.Header that can be modified by the caller to add
  3484  // headers to the request.
  3485  func (c *FoldersUpdateAutokeyConfigCall) Header() http.Header {
  3486  	if c.header_ == nil {
  3487  		c.header_ = make(http.Header)
  3488  	}
  3489  	return c.header_
  3490  }
  3491  
  3492  func (c *FoldersUpdateAutokeyConfigCall) doRequest(alt string) (*http.Response, error) {
  3493  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  3494  	var body io.Reader = nil
  3495  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.autokeyconfig)
  3496  	if err != nil {
  3497  		return nil, err
  3498  	}
  3499  	c.urlParams_.Set("alt", alt)
  3500  	c.urlParams_.Set("prettyPrint", "false")
  3501  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  3502  	urls += "?" + c.urlParams_.Encode()
  3503  	req, err := http.NewRequest("PATCH", urls, body)
  3504  	if err != nil {
  3505  		return nil, err
  3506  	}
  3507  	req.Header = reqHeaders
  3508  	googleapi.Expand(req.URL, map[string]string{
  3509  		"name": c.name,
  3510  	})
  3511  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3512  }
  3513  
  3514  // Do executes the "cloudkms.folders.updateAutokeyConfig" call.
  3515  // Any non-2xx status code is an error. Response headers are in either
  3516  // *AutokeyConfig.ServerResponse.Header or (if a response was returned at all)
  3517  // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  3518  // whether the returned error was because http.StatusNotModified was returned.
  3519  func (c *FoldersUpdateAutokeyConfigCall) Do(opts ...googleapi.CallOption) (*AutokeyConfig, error) {
  3520  	gensupport.SetOptions(c.urlParams_, opts...)
  3521  	res, err := c.doRequest("json")
  3522  	if res != nil && res.StatusCode == http.StatusNotModified {
  3523  		if res.Body != nil {
  3524  			res.Body.Close()
  3525  		}
  3526  		return nil, gensupport.WrapError(&googleapi.Error{
  3527  			Code:   res.StatusCode,
  3528  			Header: res.Header,
  3529  		})
  3530  	}
  3531  	if err != nil {
  3532  		return nil, err
  3533  	}
  3534  	defer googleapi.CloseBody(res)
  3535  	if err := googleapi.CheckResponse(res); err != nil {
  3536  		return nil, gensupport.WrapError(err)
  3537  	}
  3538  	ret := &AutokeyConfig{
  3539  		ServerResponse: googleapi.ServerResponse{
  3540  			Header:         res.Header,
  3541  			HTTPStatusCode: res.StatusCode,
  3542  		},
  3543  	}
  3544  	target := &ret
  3545  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3546  		return nil, err
  3547  	}
  3548  	return ret, nil
  3549  }
  3550  
  3551  type ProjectsShowEffectiveAutokeyConfigCall struct {
  3552  	s            *Service
  3553  	parent       string
  3554  	urlParams_   gensupport.URLParams
  3555  	ifNoneMatch_ string
  3556  	ctx_         context.Context
  3557  	header_      http.Header
  3558  }
  3559  
  3560  // ShowEffectiveAutokeyConfig: Returns the effective Cloud KMS Autokey
  3561  // configuration for a given project.
  3562  //
  3563  //   - parent: Name of the resource project to the show effective Cloud KMS
  3564  //     Autokey configuration for. This may be helpful for interrogating the
  3565  //     effect of nested folder configurations on a given resource project.
  3566  func (r *ProjectsService) ShowEffectiveAutokeyConfig(parent string) *ProjectsShowEffectiveAutokeyConfigCall {
  3567  	c := &ProjectsShowEffectiveAutokeyConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3568  	c.parent = parent
  3569  	return c
  3570  }
  3571  
  3572  // Fields allows partial responses to be retrieved. See
  3573  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3574  // details.
  3575  func (c *ProjectsShowEffectiveAutokeyConfigCall) Fields(s ...googleapi.Field) *ProjectsShowEffectiveAutokeyConfigCall {
  3576  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3577  	return c
  3578  }
  3579  
  3580  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  3581  // object's ETag matches the given value. This is useful for getting updates
  3582  // only after the object has changed since the last request.
  3583  func (c *ProjectsShowEffectiveAutokeyConfigCall) IfNoneMatch(entityTag string) *ProjectsShowEffectiveAutokeyConfigCall {
  3584  	c.ifNoneMatch_ = entityTag
  3585  	return c
  3586  }
  3587  
  3588  // Context sets the context to be used in this call's Do method.
  3589  func (c *ProjectsShowEffectiveAutokeyConfigCall) Context(ctx context.Context) *ProjectsShowEffectiveAutokeyConfigCall {
  3590  	c.ctx_ = ctx
  3591  	return c
  3592  }
  3593  
  3594  // Header returns a http.Header that can be modified by the caller to add
  3595  // headers to the request.
  3596  func (c *ProjectsShowEffectiveAutokeyConfigCall) Header() http.Header {
  3597  	if c.header_ == nil {
  3598  		c.header_ = make(http.Header)
  3599  	}
  3600  	return c.header_
  3601  }
  3602  
  3603  func (c *ProjectsShowEffectiveAutokeyConfigCall) doRequest(alt string) (*http.Response, error) {
  3604  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  3605  	if c.ifNoneMatch_ != "" {
  3606  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  3607  	}
  3608  	var body io.Reader = nil
  3609  	c.urlParams_.Set("alt", alt)
  3610  	c.urlParams_.Set("prettyPrint", "false")
  3611  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}:showEffectiveAutokeyConfig")
  3612  	urls += "?" + c.urlParams_.Encode()
  3613  	req, err := http.NewRequest("GET", urls, body)
  3614  	if err != nil {
  3615  		return nil, err
  3616  	}
  3617  	req.Header = reqHeaders
  3618  	googleapi.Expand(req.URL, map[string]string{
  3619  		"parent": c.parent,
  3620  	})
  3621  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3622  }
  3623  
  3624  // Do executes the "cloudkms.projects.showEffectiveAutokeyConfig" call.
  3625  // Any non-2xx status code is an error. Response headers are in either
  3626  // *ShowEffectiveAutokeyConfigResponse.ServerResponse.Header or (if a response
  3627  // was returned at all) in error.(*googleapi.Error).Header. Use
  3628  // googleapi.IsNotModified to check whether the returned error was because
  3629  // http.StatusNotModified was returned.
  3630  func (c *ProjectsShowEffectiveAutokeyConfigCall) Do(opts ...googleapi.CallOption) (*ShowEffectiveAutokeyConfigResponse, error) {
  3631  	gensupport.SetOptions(c.urlParams_, opts...)
  3632  	res, err := c.doRequest("json")
  3633  	if res != nil && res.StatusCode == http.StatusNotModified {
  3634  		if res.Body != nil {
  3635  			res.Body.Close()
  3636  		}
  3637  		return nil, gensupport.WrapError(&googleapi.Error{
  3638  			Code:   res.StatusCode,
  3639  			Header: res.Header,
  3640  		})
  3641  	}
  3642  	if err != nil {
  3643  		return nil, err
  3644  	}
  3645  	defer googleapi.CloseBody(res)
  3646  	if err := googleapi.CheckResponse(res); err != nil {
  3647  		return nil, gensupport.WrapError(err)
  3648  	}
  3649  	ret := &ShowEffectiveAutokeyConfigResponse{
  3650  		ServerResponse: googleapi.ServerResponse{
  3651  			Header:         res.Header,
  3652  			HTTPStatusCode: res.StatusCode,
  3653  		},
  3654  	}
  3655  	target := &ret
  3656  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3657  		return nil, err
  3658  	}
  3659  	return ret, nil
  3660  }
  3661  
  3662  type ProjectsLocationsGenerateRandomBytesCall struct {
  3663  	s                          *Service
  3664  	location                   string
  3665  	generaterandombytesrequest *GenerateRandomBytesRequest
  3666  	urlParams_                 gensupport.URLParams
  3667  	ctx_                       context.Context
  3668  	header_                    http.Header
  3669  }
  3670  
  3671  // GenerateRandomBytes: Generate random bytes using the Cloud KMS randomness
  3672  // source in the provided location.
  3673  //
  3674  //   - location: The project-specific location in which to generate random bytes.
  3675  //     For example, "projects/my-project/locations/us-central1".
  3676  func (r *ProjectsLocationsService) GenerateRandomBytes(location string, generaterandombytesrequest *GenerateRandomBytesRequest) *ProjectsLocationsGenerateRandomBytesCall {
  3677  	c := &ProjectsLocationsGenerateRandomBytesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3678  	c.location = location
  3679  	c.generaterandombytesrequest = generaterandombytesrequest
  3680  	return c
  3681  }
  3682  
  3683  // Fields allows partial responses to be retrieved. See
  3684  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3685  // details.
  3686  func (c *ProjectsLocationsGenerateRandomBytesCall) Fields(s ...googleapi.Field) *ProjectsLocationsGenerateRandomBytesCall {
  3687  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3688  	return c
  3689  }
  3690  
  3691  // Context sets the context to be used in this call's Do method.
  3692  func (c *ProjectsLocationsGenerateRandomBytesCall) Context(ctx context.Context) *ProjectsLocationsGenerateRandomBytesCall {
  3693  	c.ctx_ = ctx
  3694  	return c
  3695  }
  3696  
  3697  // Header returns a http.Header that can be modified by the caller to add
  3698  // headers to the request.
  3699  func (c *ProjectsLocationsGenerateRandomBytesCall) Header() http.Header {
  3700  	if c.header_ == nil {
  3701  		c.header_ = make(http.Header)
  3702  	}
  3703  	return c.header_
  3704  }
  3705  
  3706  func (c *ProjectsLocationsGenerateRandomBytesCall) doRequest(alt string) (*http.Response, error) {
  3707  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  3708  	var body io.Reader = nil
  3709  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.generaterandombytesrequest)
  3710  	if err != nil {
  3711  		return nil, err
  3712  	}
  3713  	c.urlParams_.Set("alt", alt)
  3714  	c.urlParams_.Set("prettyPrint", "false")
  3715  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+location}:generateRandomBytes")
  3716  	urls += "?" + c.urlParams_.Encode()
  3717  	req, err := http.NewRequest("POST", urls, body)
  3718  	if err != nil {
  3719  		return nil, err
  3720  	}
  3721  	req.Header = reqHeaders
  3722  	googleapi.Expand(req.URL, map[string]string{
  3723  		"location": c.location,
  3724  	})
  3725  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3726  }
  3727  
  3728  // Do executes the "cloudkms.projects.locations.generateRandomBytes" call.
  3729  // Any non-2xx status code is an error. Response headers are in either
  3730  // *GenerateRandomBytesResponse.ServerResponse.Header or (if a response was
  3731  // returned at all) in error.(*googleapi.Error).Header. Use
  3732  // googleapi.IsNotModified to check whether the returned error was because
  3733  // http.StatusNotModified was returned.
  3734  func (c *ProjectsLocationsGenerateRandomBytesCall) Do(opts ...googleapi.CallOption) (*GenerateRandomBytesResponse, error) {
  3735  	gensupport.SetOptions(c.urlParams_, opts...)
  3736  	res, err := c.doRequest("json")
  3737  	if res != nil && res.StatusCode == http.StatusNotModified {
  3738  		if res.Body != nil {
  3739  			res.Body.Close()
  3740  		}
  3741  		return nil, gensupport.WrapError(&googleapi.Error{
  3742  			Code:   res.StatusCode,
  3743  			Header: res.Header,
  3744  		})
  3745  	}
  3746  	if err != nil {
  3747  		return nil, err
  3748  	}
  3749  	defer googleapi.CloseBody(res)
  3750  	if err := googleapi.CheckResponse(res); err != nil {
  3751  		return nil, gensupport.WrapError(err)
  3752  	}
  3753  	ret := &GenerateRandomBytesResponse{
  3754  		ServerResponse: googleapi.ServerResponse{
  3755  			Header:         res.Header,
  3756  			HTTPStatusCode: res.StatusCode,
  3757  		},
  3758  	}
  3759  	target := &ret
  3760  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3761  		return nil, err
  3762  	}
  3763  	return ret, nil
  3764  }
  3765  
  3766  type ProjectsLocationsGetCall struct {
  3767  	s            *Service
  3768  	name         string
  3769  	urlParams_   gensupport.URLParams
  3770  	ifNoneMatch_ string
  3771  	ctx_         context.Context
  3772  	header_      http.Header
  3773  }
  3774  
  3775  // Get: Gets information about a location.
  3776  //
  3777  // - name: Resource name for the location.
  3778  func (r *ProjectsLocationsService) Get(name string) *ProjectsLocationsGetCall {
  3779  	c := &ProjectsLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3780  	c.name = name
  3781  	return c
  3782  }
  3783  
  3784  // Fields allows partial responses to be retrieved. See
  3785  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3786  // details.
  3787  func (c *ProjectsLocationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetCall {
  3788  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3789  	return c
  3790  }
  3791  
  3792  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  3793  // object's ETag matches the given value. This is useful for getting updates
  3794  // only after the object has changed since the last request.
  3795  func (c *ProjectsLocationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetCall {
  3796  	c.ifNoneMatch_ = entityTag
  3797  	return c
  3798  }
  3799  
  3800  // Context sets the context to be used in this call's Do method.
  3801  func (c *ProjectsLocationsGetCall) Context(ctx context.Context) *ProjectsLocationsGetCall {
  3802  	c.ctx_ = ctx
  3803  	return c
  3804  }
  3805  
  3806  // Header returns a http.Header that can be modified by the caller to add
  3807  // headers to the request.
  3808  func (c *ProjectsLocationsGetCall) Header() http.Header {
  3809  	if c.header_ == nil {
  3810  		c.header_ = make(http.Header)
  3811  	}
  3812  	return c.header_
  3813  }
  3814  
  3815  func (c *ProjectsLocationsGetCall) doRequest(alt string) (*http.Response, error) {
  3816  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  3817  	if c.ifNoneMatch_ != "" {
  3818  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  3819  	}
  3820  	var body io.Reader = nil
  3821  	c.urlParams_.Set("alt", alt)
  3822  	c.urlParams_.Set("prettyPrint", "false")
  3823  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  3824  	urls += "?" + c.urlParams_.Encode()
  3825  	req, err := http.NewRequest("GET", urls, body)
  3826  	if err != nil {
  3827  		return nil, err
  3828  	}
  3829  	req.Header = reqHeaders
  3830  	googleapi.Expand(req.URL, map[string]string{
  3831  		"name": c.name,
  3832  	})
  3833  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3834  }
  3835  
  3836  // Do executes the "cloudkms.projects.locations.get" call.
  3837  // Any non-2xx status code is an error. Response headers are in either
  3838  // *Location.ServerResponse.Header or (if a response was returned at all) in
  3839  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  3840  // whether the returned error was because http.StatusNotModified was returned.
  3841  func (c *ProjectsLocationsGetCall) Do(opts ...googleapi.CallOption) (*Location, error) {
  3842  	gensupport.SetOptions(c.urlParams_, opts...)
  3843  	res, err := c.doRequest("json")
  3844  	if res != nil && res.StatusCode == http.StatusNotModified {
  3845  		if res.Body != nil {
  3846  			res.Body.Close()
  3847  		}
  3848  		return nil, gensupport.WrapError(&googleapi.Error{
  3849  			Code:   res.StatusCode,
  3850  			Header: res.Header,
  3851  		})
  3852  	}
  3853  	if err != nil {
  3854  		return nil, err
  3855  	}
  3856  	defer googleapi.CloseBody(res)
  3857  	if err := googleapi.CheckResponse(res); err != nil {
  3858  		return nil, gensupport.WrapError(err)
  3859  	}
  3860  	ret := &Location{
  3861  		ServerResponse: googleapi.ServerResponse{
  3862  			Header:         res.Header,
  3863  			HTTPStatusCode: res.StatusCode,
  3864  		},
  3865  	}
  3866  	target := &ret
  3867  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3868  		return nil, err
  3869  	}
  3870  	return ret, nil
  3871  }
  3872  
  3873  type ProjectsLocationsGetEkmConfigCall struct {
  3874  	s            *Service
  3875  	name         string
  3876  	urlParams_   gensupport.URLParams
  3877  	ifNoneMatch_ string
  3878  	ctx_         context.Context
  3879  	header_      http.Header
  3880  }
  3881  
  3882  // GetEkmConfig: Returns the EkmConfig singleton resource for a given project
  3883  // and location.
  3884  //
  3885  // - name: The name of the EkmConfig to get.
  3886  func (r *ProjectsLocationsService) GetEkmConfig(name string) *ProjectsLocationsGetEkmConfigCall {
  3887  	c := &ProjectsLocationsGetEkmConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3888  	c.name = name
  3889  	return c
  3890  }
  3891  
  3892  // Fields allows partial responses to be retrieved. See
  3893  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  3894  // details.
  3895  func (c *ProjectsLocationsGetEkmConfigCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetEkmConfigCall {
  3896  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  3897  	return c
  3898  }
  3899  
  3900  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  3901  // object's ETag matches the given value. This is useful for getting updates
  3902  // only after the object has changed since the last request.
  3903  func (c *ProjectsLocationsGetEkmConfigCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetEkmConfigCall {
  3904  	c.ifNoneMatch_ = entityTag
  3905  	return c
  3906  }
  3907  
  3908  // Context sets the context to be used in this call's Do method.
  3909  func (c *ProjectsLocationsGetEkmConfigCall) Context(ctx context.Context) *ProjectsLocationsGetEkmConfigCall {
  3910  	c.ctx_ = ctx
  3911  	return c
  3912  }
  3913  
  3914  // Header returns a http.Header that can be modified by the caller to add
  3915  // headers to the request.
  3916  func (c *ProjectsLocationsGetEkmConfigCall) Header() http.Header {
  3917  	if c.header_ == nil {
  3918  		c.header_ = make(http.Header)
  3919  	}
  3920  	return c.header_
  3921  }
  3922  
  3923  func (c *ProjectsLocationsGetEkmConfigCall) doRequest(alt string) (*http.Response, error) {
  3924  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  3925  	if c.ifNoneMatch_ != "" {
  3926  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  3927  	}
  3928  	var body io.Reader = nil
  3929  	c.urlParams_.Set("alt", alt)
  3930  	c.urlParams_.Set("prettyPrint", "false")
  3931  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  3932  	urls += "?" + c.urlParams_.Encode()
  3933  	req, err := http.NewRequest("GET", urls, body)
  3934  	if err != nil {
  3935  		return nil, err
  3936  	}
  3937  	req.Header = reqHeaders
  3938  	googleapi.Expand(req.URL, map[string]string{
  3939  		"name": c.name,
  3940  	})
  3941  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  3942  }
  3943  
  3944  // Do executes the "cloudkms.projects.locations.getEkmConfig" call.
  3945  // Any non-2xx status code is an error. Response headers are in either
  3946  // *EkmConfig.ServerResponse.Header or (if a response was returned at all) in
  3947  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  3948  // whether the returned error was because http.StatusNotModified was returned.
  3949  func (c *ProjectsLocationsGetEkmConfigCall) Do(opts ...googleapi.CallOption) (*EkmConfig, error) {
  3950  	gensupport.SetOptions(c.urlParams_, opts...)
  3951  	res, err := c.doRequest("json")
  3952  	if res != nil && res.StatusCode == http.StatusNotModified {
  3953  		if res.Body != nil {
  3954  			res.Body.Close()
  3955  		}
  3956  		return nil, gensupport.WrapError(&googleapi.Error{
  3957  			Code:   res.StatusCode,
  3958  			Header: res.Header,
  3959  		})
  3960  	}
  3961  	if err != nil {
  3962  		return nil, err
  3963  	}
  3964  	defer googleapi.CloseBody(res)
  3965  	if err := googleapi.CheckResponse(res); err != nil {
  3966  		return nil, gensupport.WrapError(err)
  3967  	}
  3968  	ret := &EkmConfig{
  3969  		ServerResponse: googleapi.ServerResponse{
  3970  			Header:         res.Header,
  3971  			HTTPStatusCode: res.StatusCode,
  3972  		},
  3973  	}
  3974  	target := &ret
  3975  	if err := gensupport.DecodeResponse(target, res); err != nil {
  3976  		return nil, err
  3977  	}
  3978  	return ret, nil
  3979  }
  3980  
  3981  type ProjectsLocationsListCall struct {
  3982  	s            *Service
  3983  	name         string
  3984  	urlParams_   gensupport.URLParams
  3985  	ifNoneMatch_ string
  3986  	ctx_         context.Context
  3987  	header_      http.Header
  3988  }
  3989  
  3990  // List: Lists information about the supported locations for this service.
  3991  //
  3992  // - name: The resource that owns the locations collection, if applicable.
  3993  func (r *ProjectsLocationsService) List(name string) *ProjectsLocationsListCall {
  3994  	c := &ProjectsLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  3995  	c.name = name
  3996  	return c
  3997  }
  3998  
  3999  // Filter sets the optional parameter "filter": A filter to narrow down results
  4000  // to a preferred subset. The filtering language accepts strings like
  4001  // "displayName=tokyo", and is documented in more detail in AIP-160
  4002  // (https://google.aip.dev/160).
  4003  func (c *ProjectsLocationsListCall) Filter(filter string) *ProjectsLocationsListCall {
  4004  	c.urlParams_.Set("filter", filter)
  4005  	return c
  4006  }
  4007  
  4008  // PageSize sets the optional parameter "pageSize": The maximum number of
  4009  // results to return. If not set, the service selects a default.
  4010  func (c *ProjectsLocationsListCall) PageSize(pageSize int64) *ProjectsLocationsListCall {
  4011  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  4012  	return c
  4013  }
  4014  
  4015  // PageToken sets the optional parameter "pageToken": A page token received
  4016  // from the `next_page_token` field in the response. Send that page token to
  4017  // receive the subsequent page.
  4018  func (c *ProjectsLocationsListCall) PageToken(pageToken string) *ProjectsLocationsListCall {
  4019  	c.urlParams_.Set("pageToken", pageToken)
  4020  	return c
  4021  }
  4022  
  4023  // Fields allows partial responses to be retrieved. See
  4024  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4025  // details.
  4026  func (c *ProjectsLocationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsListCall {
  4027  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4028  	return c
  4029  }
  4030  
  4031  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  4032  // object's ETag matches the given value. This is useful for getting updates
  4033  // only after the object has changed since the last request.
  4034  func (c *ProjectsLocationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsListCall {
  4035  	c.ifNoneMatch_ = entityTag
  4036  	return c
  4037  }
  4038  
  4039  // Context sets the context to be used in this call's Do method.
  4040  func (c *ProjectsLocationsListCall) Context(ctx context.Context) *ProjectsLocationsListCall {
  4041  	c.ctx_ = ctx
  4042  	return c
  4043  }
  4044  
  4045  // Header returns a http.Header that can be modified by the caller to add
  4046  // headers to the request.
  4047  func (c *ProjectsLocationsListCall) Header() http.Header {
  4048  	if c.header_ == nil {
  4049  		c.header_ = make(http.Header)
  4050  	}
  4051  	return c.header_
  4052  }
  4053  
  4054  func (c *ProjectsLocationsListCall) doRequest(alt string) (*http.Response, error) {
  4055  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  4056  	if c.ifNoneMatch_ != "" {
  4057  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  4058  	}
  4059  	var body io.Reader = nil
  4060  	c.urlParams_.Set("alt", alt)
  4061  	c.urlParams_.Set("prettyPrint", "false")
  4062  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/locations")
  4063  	urls += "?" + c.urlParams_.Encode()
  4064  	req, err := http.NewRequest("GET", urls, body)
  4065  	if err != nil {
  4066  		return nil, err
  4067  	}
  4068  	req.Header = reqHeaders
  4069  	googleapi.Expand(req.URL, map[string]string{
  4070  		"name": c.name,
  4071  	})
  4072  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4073  }
  4074  
  4075  // Do executes the "cloudkms.projects.locations.list" call.
  4076  // Any non-2xx status code is an error. Response headers are in either
  4077  // *ListLocationsResponse.ServerResponse.Header or (if a response was returned
  4078  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  4079  // check whether the returned error was because http.StatusNotModified was
  4080  // returned.
  4081  func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocationsResponse, error) {
  4082  	gensupport.SetOptions(c.urlParams_, opts...)
  4083  	res, err := c.doRequest("json")
  4084  	if res != nil && res.StatusCode == http.StatusNotModified {
  4085  		if res.Body != nil {
  4086  			res.Body.Close()
  4087  		}
  4088  		return nil, gensupport.WrapError(&googleapi.Error{
  4089  			Code:   res.StatusCode,
  4090  			Header: res.Header,
  4091  		})
  4092  	}
  4093  	if err != nil {
  4094  		return nil, err
  4095  	}
  4096  	defer googleapi.CloseBody(res)
  4097  	if err := googleapi.CheckResponse(res); err != nil {
  4098  		return nil, gensupport.WrapError(err)
  4099  	}
  4100  	ret := &ListLocationsResponse{
  4101  		ServerResponse: googleapi.ServerResponse{
  4102  			Header:         res.Header,
  4103  			HTTPStatusCode: res.StatusCode,
  4104  		},
  4105  	}
  4106  	target := &ret
  4107  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4108  		return nil, err
  4109  	}
  4110  	return ret, nil
  4111  }
  4112  
  4113  // Pages invokes f for each page of results.
  4114  // A non-nil error returned from f will halt the iteration.
  4115  // The provided context supersedes any context provided to the Context method.
  4116  func (c *ProjectsLocationsListCall) Pages(ctx context.Context, f func(*ListLocationsResponse) error) error {
  4117  	c.ctx_ = ctx
  4118  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  4119  	for {
  4120  		x, err := c.Do()
  4121  		if err != nil {
  4122  			return err
  4123  		}
  4124  		if err := f(x); err != nil {
  4125  			return err
  4126  		}
  4127  		if x.NextPageToken == "" {
  4128  			return nil
  4129  		}
  4130  		c.PageToken(x.NextPageToken)
  4131  	}
  4132  }
  4133  
  4134  type ProjectsLocationsUpdateEkmConfigCall struct {
  4135  	s          *Service
  4136  	name       string
  4137  	ekmconfig  *EkmConfig
  4138  	urlParams_ gensupport.URLParams
  4139  	ctx_       context.Context
  4140  	header_    http.Header
  4141  }
  4142  
  4143  // UpdateEkmConfig: Updates the EkmConfig singleton resource for a given
  4144  // project and location.
  4145  //
  4146  //   - name: Output only. The resource name for the EkmConfig in the format
  4147  //     `projects/*/locations/*/ekmConfig`.
  4148  func (r *ProjectsLocationsService) UpdateEkmConfig(name string, ekmconfig *EkmConfig) *ProjectsLocationsUpdateEkmConfigCall {
  4149  	c := &ProjectsLocationsUpdateEkmConfigCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4150  	c.name = name
  4151  	c.ekmconfig = ekmconfig
  4152  	return c
  4153  }
  4154  
  4155  // UpdateMask sets the optional parameter "updateMask": Required. List of
  4156  // fields to be updated in this request.
  4157  func (c *ProjectsLocationsUpdateEkmConfigCall) UpdateMask(updateMask string) *ProjectsLocationsUpdateEkmConfigCall {
  4158  	c.urlParams_.Set("updateMask", updateMask)
  4159  	return c
  4160  }
  4161  
  4162  // Fields allows partial responses to be retrieved. See
  4163  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4164  // details.
  4165  func (c *ProjectsLocationsUpdateEkmConfigCall) Fields(s ...googleapi.Field) *ProjectsLocationsUpdateEkmConfigCall {
  4166  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4167  	return c
  4168  }
  4169  
  4170  // Context sets the context to be used in this call's Do method.
  4171  func (c *ProjectsLocationsUpdateEkmConfigCall) Context(ctx context.Context) *ProjectsLocationsUpdateEkmConfigCall {
  4172  	c.ctx_ = ctx
  4173  	return c
  4174  }
  4175  
  4176  // Header returns a http.Header that can be modified by the caller to add
  4177  // headers to the request.
  4178  func (c *ProjectsLocationsUpdateEkmConfigCall) Header() http.Header {
  4179  	if c.header_ == nil {
  4180  		c.header_ = make(http.Header)
  4181  	}
  4182  	return c.header_
  4183  }
  4184  
  4185  func (c *ProjectsLocationsUpdateEkmConfigCall) doRequest(alt string) (*http.Response, error) {
  4186  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  4187  	var body io.Reader = nil
  4188  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.ekmconfig)
  4189  	if err != nil {
  4190  		return nil, err
  4191  	}
  4192  	c.urlParams_.Set("alt", alt)
  4193  	c.urlParams_.Set("prettyPrint", "false")
  4194  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  4195  	urls += "?" + c.urlParams_.Encode()
  4196  	req, err := http.NewRequest("PATCH", urls, body)
  4197  	if err != nil {
  4198  		return nil, err
  4199  	}
  4200  	req.Header = reqHeaders
  4201  	googleapi.Expand(req.URL, map[string]string{
  4202  		"name": c.name,
  4203  	})
  4204  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4205  }
  4206  
  4207  // Do executes the "cloudkms.projects.locations.updateEkmConfig" call.
  4208  // Any non-2xx status code is an error. Response headers are in either
  4209  // *EkmConfig.ServerResponse.Header or (if a response was returned at all) in
  4210  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4211  // whether the returned error was because http.StatusNotModified was returned.
  4212  func (c *ProjectsLocationsUpdateEkmConfigCall) Do(opts ...googleapi.CallOption) (*EkmConfig, error) {
  4213  	gensupport.SetOptions(c.urlParams_, opts...)
  4214  	res, err := c.doRequest("json")
  4215  	if res != nil && res.StatusCode == http.StatusNotModified {
  4216  		if res.Body != nil {
  4217  			res.Body.Close()
  4218  		}
  4219  		return nil, gensupport.WrapError(&googleapi.Error{
  4220  			Code:   res.StatusCode,
  4221  			Header: res.Header,
  4222  		})
  4223  	}
  4224  	if err != nil {
  4225  		return nil, err
  4226  	}
  4227  	defer googleapi.CloseBody(res)
  4228  	if err := googleapi.CheckResponse(res); err != nil {
  4229  		return nil, gensupport.WrapError(err)
  4230  	}
  4231  	ret := &EkmConfig{
  4232  		ServerResponse: googleapi.ServerResponse{
  4233  			Header:         res.Header,
  4234  			HTTPStatusCode: res.StatusCode,
  4235  		},
  4236  	}
  4237  	target := &ret
  4238  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4239  		return nil, err
  4240  	}
  4241  	return ret, nil
  4242  }
  4243  
  4244  type ProjectsLocationsEkmConfigGetIamPolicyCall struct {
  4245  	s            *Service
  4246  	resource     string
  4247  	urlParams_   gensupport.URLParams
  4248  	ifNoneMatch_ string
  4249  	ctx_         context.Context
  4250  	header_      http.Header
  4251  }
  4252  
  4253  // GetIamPolicy: Gets the access control policy for a resource. Returns an
  4254  // empty policy if the resource exists and does not have a policy set.
  4255  //
  4256  //   - resource: REQUIRED: The resource for which the policy is being requested.
  4257  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  4258  //     for the appropriate value for this field.
  4259  func (r *ProjectsLocationsEkmConfigService) GetIamPolicy(resource string) *ProjectsLocationsEkmConfigGetIamPolicyCall {
  4260  	c := &ProjectsLocationsEkmConfigGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4261  	c.resource = resource
  4262  	return c
  4263  }
  4264  
  4265  // OptionsRequestedPolicyVersion sets the optional parameter
  4266  // "options.requestedPolicyVersion": The maximum policy version that will be
  4267  // used to format the policy. Valid values are 0, 1, and 3. Requests specifying
  4268  // an invalid value will be rejected. Requests for policies with any
  4269  // conditional role bindings must specify version 3. Policies with no
  4270  // conditional role bindings may specify any valid value or leave the field
  4271  // unset. The policy in the response might use the policy version that you
  4272  // specified, or it might use a lower policy version. For example, if you
  4273  // specify version 3, but the policy has no conditional role bindings, the
  4274  // response uses version 1. To learn which resources support conditions in
  4275  // their IAM policies, see the IAM documentation
  4276  // (https://cloud.google.com/iam/help/conditions/resource-policies).
  4277  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsEkmConfigGetIamPolicyCall {
  4278  	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
  4279  	return c
  4280  }
  4281  
  4282  // Fields allows partial responses to be retrieved. See
  4283  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4284  // details.
  4285  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConfigGetIamPolicyCall {
  4286  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4287  	return c
  4288  }
  4289  
  4290  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  4291  // object's ETag matches the given value. This is useful for getting updates
  4292  // only after the object has changed since the last request.
  4293  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConfigGetIamPolicyCall {
  4294  	c.ifNoneMatch_ = entityTag
  4295  	return c
  4296  }
  4297  
  4298  // Context sets the context to be used in this call's Do method.
  4299  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsEkmConfigGetIamPolicyCall {
  4300  	c.ctx_ = ctx
  4301  	return c
  4302  }
  4303  
  4304  // Header returns a http.Header that can be modified by the caller to add
  4305  // headers to the request.
  4306  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) Header() http.Header {
  4307  	if c.header_ == nil {
  4308  		c.header_ = make(http.Header)
  4309  	}
  4310  	return c.header_
  4311  }
  4312  
  4313  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  4314  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  4315  	if c.ifNoneMatch_ != "" {
  4316  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  4317  	}
  4318  	var body io.Reader = nil
  4319  	c.urlParams_.Set("alt", alt)
  4320  	c.urlParams_.Set("prettyPrint", "false")
  4321  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
  4322  	urls += "?" + c.urlParams_.Encode()
  4323  	req, err := http.NewRequest("GET", urls, body)
  4324  	if err != nil {
  4325  		return nil, err
  4326  	}
  4327  	req.Header = reqHeaders
  4328  	googleapi.Expand(req.URL, map[string]string{
  4329  		"resource": c.resource,
  4330  	})
  4331  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4332  }
  4333  
  4334  // Do executes the "cloudkms.projects.locations.ekmConfig.getIamPolicy" call.
  4335  // Any non-2xx status code is an error. Response headers are in either
  4336  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  4337  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4338  // whether the returned error was because http.StatusNotModified was returned.
  4339  func (c *ProjectsLocationsEkmConfigGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  4340  	gensupport.SetOptions(c.urlParams_, opts...)
  4341  	res, err := c.doRequest("json")
  4342  	if res != nil && res.StatusCode == http.StatusNotModified {
  4343  		if res.Body != nil {
  4344  			res.Body.Close()
  4345  		}
  4346  		return nil, gensupport.WrapError(&googleapi.Error{
  4347  			Code:   res.StatusCode,
  4348  			Header: res.Header,
  4349  		})
  4350  	}
  4351  	if err != nil {
  4352  		return nil, err
  4353  	}
  4354  	defer googleapi.CloseBody(res)
  4355  	if err := googleapi.CheckResponse(res); err != nil {
  4356  		return nil, gensupport.WrapError(err)
  4357  	}
  4358  	ret := &Policy{
  4359  		ServerResponse: googleapi.ServerResponse{
  4360  			Header:         res.Header,
  4361  			HTTPStatusCode: res.StatusCode,
  4362  		},
  4363  	}
  4364  	target := &ret
  4365  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4366  		return nil, err
  4367  	}
  4368  	return ret, nil
  4369  }
  4370  
  4371  type ProjectsLocationsEkmConfigSetIamPolicyCall struct {
  4372  	s                   *Service
  4373  	resource            string
  4374  	setiampolicyrequest *SetIamPolicyRequest
  4375  	urlParams_          gensupport.URLParams
  4376  	ctx_                context.Context
  4377  	header_             http.Header
  4378  }
  4379  
  4380  // SetIamPolicy: Sets the access control policy on the specified resource.
  4381  // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
  4382  // and `PERMISSION_DENIED` errors.
  4383  //
  4384  //   - resource: REQUIRED: The resource for which the policy is being specified.
  4385  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  4386  //     for the appropriate value for this field.
  4387  func (r *ProjectsLocationsEkmConfigService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsEkmConfigSetIamPolicyCall {
  4388  	c := &ProjectsLocationsEkmConfigSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4389  	c.resource = resource
  4390  	c.setiampolicyrequest = setiampolicyrequest
  4391  	return c
  4392  }
  4393  
  4394  // Fields allows partial responses to be retrieved. See
  4395  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4396  // details.
  4397  func (c *ProjectsLocationsEkmConfigSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConfigSetIamPolicyCall {
  4398  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4399  	return c
  4400  }
  4401  
  4402  // Context sets the context to be used in this call's Do method.
  4403  func (c *ProjectsLocationsEkmConfigSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsEkmConfigSetIamPolicyCall {
  4404  	c.ctx_ = ctx
  4405  	return c
  4406  }
  4407  
  4408  // Header returns a http.Header that can be modified by the caller to add
  4409  // headers to the request.
  4410  func (c *ProjectsLocationsEkmConfigSetIamPolicyCall) Header() http.Header {
  4411  	if c.header_ == nil {
  4412  		c.header_ = make(http.Header)
  4413  	}
  4414  	return c.header_
  4415  }
  4416  
  4417  func (c *ProjectsLocationsEkmConfigSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  4418  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  4419  	var body io.Reader = nil
  4420  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
  4421  	if err != nil {
  4422  		return nil, err
  4423  	}
  4424  	c.urlParams_.Set("alt", alt)
  4425  	c.urlParams_.Set("prettyPrint", "false")
  4426  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
  4427  	urls += "?" + c.urlParams_.Encode()
  4428  	req, err := http.NewRequest("POST", urls, body)
  4429  	if err != nil {
  4430  		return nil, err
  4431  	}
  4432  	req.Header = reqHeaders
  4433  	googleapi.Expand(req.URL, map[string]string{
  4434  		"resource": c.resource,
  4435  	})
  4436  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4437  }
  4438  
  4439  // Do executes the "cloudkms.projects.locations.ekmConfig.setIamPolicy" call.
  4440  // Any non-2xx status code is an error. Response headers are in either
  4441  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  4442  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4443  // whether the returned error was because http.StatusNotModified was returned.
  4444  func (c *ProjectsLocationsEkmConfigSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  4445  	gensupport.SetOptions(c.urlParams_, opts...)
  4446  	res, err := c.doRequest("json")
  4447  	if res != nil && res.StatusCode == http.StatusNotModified {
  4448  		if res.Body != nil {
  4449  			res.Body.Close()
  4450  		}
  4451  		return nil, gensupport.WrapError(&googleapi.Error{
  4452  			Code:   res.StatusCode,
  4453  			Header: res.Header,
  4454  		})
  4455  	}
  4456  	if err != nil {
  4457  		return nil, err
  4458  	}
  4459  	defer googleapi.CloseBody(res)
  4460  	if err := googleapi.CheckResponse(res); err != nil {
  4461  		return nil, gensupport.WrapError(err)
  4462  	}
  4463  	ret := &Policy{
  4464  		ServerResponse: googleapi.ServerResponse{
  4465  			Header:         res.Header,
  4466  			HTTPStatusCode: res.StatusCode,
  4467  		},
  4468  	}
  4469  	target := &ret
  4470  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4471  		return nil, err
  4472  	}
  4473  	return ret, nil
  4474  }
  4475  
  4476  type ProjectsLocationsEkmConfigTestIamPermissionsCall struct {
  4477  	s                         *Service
  4478  	resource                  string
  4479  	testiampermissionsrequest *TestIamPermissionsRequest
  4480  	urlParams_                gensupport.URLParams
  4481  	ctx_                      context.Context
  4482  	header_                   http.Header
  4483  }
  4484  
  4485  // TestIamPermissions: Returns permissions that a caller has on the specified
  4486  // resource. If the resource does not exist, this will return an empty set of
  4487  // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
  4488  // used for building permission-aware UIs and command-line tools, not for
  4489  // authorization checking. This operation may "fail open" without warning.
  4490  //
  4491  //   - resource: REQUIRED: The resource for which the policy detail is being
  4492  //     requested. See Resource names
  4493  //     (https://cloud.google.com/apis/design/resource_names) for the appropriate
  4494  //     value for this field.
  4495  func (r *ProjectsLocationsEkmConfigService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsEkmConfigTestIamPermissionsCall {
  4496  	c := &ProjectsLocationsEkmConfigTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4497  	c.resource = resource
  4498  	c.testiampermissionsrequest = testiampermissionsrequest
  4499  	return c
  4500  }
  4501  
  4502  // Fields allows partial responses to be retrieved. See
  4503  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4504  // details.
  4505  func (c *ProjectsLocationsEkmConfigTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConfigTestIamPermissionsCall {
  4506  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4507  	return c
  4508  }
  4509  
  4510  // Context sets the context to be used in this call's Do method.
  4511  func (c *ProjectsLocationsEkmConfigTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsEkmConfigTestIamPermissionsCall {
  4512  	c.ctx_ = ctx
  4513  	return c
  4514  }
  4515  
  4516  // Header returns a http.Header that can be modified by the caller to add
  4517  // headers to the request.
  4518  func (c *ProjectsLocationsEkmConfigTestIamPermissionsCall) Header() http.Header {
  4519  	if c.header_ == nil {
  4520  		c.header_ = make(http.Header)
  4521  	}
  4522  	return c.header_
  4523  }
  4524  
  4525  func (c *ProjectsLocationsEkmConfigTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
  4526  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  4527  	var body io.Reader = nil
  4528  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
  4529  	if err != nil {
  4530  		return nil, err
  4531  	}
  4532  	c.urlParams_.Set("alt", alt)
  4533  	c.urlParams_.Set("prettyPrint", "false")
  4534  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
  4535  	urls += "?" + c.urlParams_.Encode()
  4536  	req, err := http.NewRequest("POST", urls, body)
  4537  	if err != nil {
  4538  		return nil, err
  4539  	}
  4540  	req.Header = reqHeaders
  4541  	googleapi.Expand(req.URL, map[string]string{
  4542  		"resource": c.resource,
  4543  	})
  4544  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4545  }
  4546  
  4547  // Do executes the "cloudkms.projects.locations.ekmConfig.testIamPermissions" call.
  4548  // Any non-2xx status code is an error. Response headers are in either
  4549  // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
  4550  // returned at all) in error.(*googleapi.Error).Header. Use
  4551  // googleapi.IsNotModified to check whether the returned error was because
  4552  // http.StatusNotModified was returned.
  4553  func (c *ProjectsLocationsEkmConfigTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
  4554  	gensupport.SetOptions(c.urlParams_, opts...)
  4555  	res, err := c.doRequest("json")
  4556  	if res != nil && res.StatusCode == http.StatusNotModified {
  4557  		if res.Body != nil {
  4558  			res.Body.Close()
  4559  		}
  4560  		return nil, gensupport.WrapError(&googleapi.Error{
  4561  			Code:   res.StatusCode,
  4562  			Header: res.Header,
  4563  		})
  4564  	}
  4565  	if err != nil {
  4566  		return nil, err
  4567  	}
  4568  	defer googleapi.CloseBody(res)
  4569  	if err := googleapi.CheckResponse(res); err != nil {
  4570  		return nil, gensupport.WrapError(err)
  4571  	}
  4572  	ret := &TestIamPermissionsResponse{
  4573  		ServerResponse: googleapi.ServerResponse{
  4574  			Header:         res.Header,
  4575  			HTTPStatusCode: res.StatusCode,
  4576  		},
  4577  	}
  4578  	target := &ret
  4579  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4580  		return nil, err
  4581  	}
  4582  	return ret, nil
  4583  }
  4584  
  4585  type ProjectsLocationsEkmConnectionsCreateCall struct {
  4586  	s             *Service
  4587  	parent        string
  4588  	ekmconnection *EkmConnection
  4589  	urlParams_    gensupport.URLParams
  4590  	ctx_          context.Context
  4591  	header_       http.Header
  4592  }
  4593  
  4594  // Create: Creates a new EkmConnection in a given Project and Location.
  4595  //
  4596  //   - parent: The resource name of the location associated with the
  4597  //     EkmConnection, in the format `projects/*/locations/*`.
  4598  func (r *ProjectsLocationsEkmConnectionsService) Create(parent string, ekmconnection *EkmConnection) *ProjectsLocationsEkmConnectionsCreateCall {
  4599  	c := &ProjectsLocationsEkmConnectionsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4600  	c.parent = parent
  4601  	c.ekmconnection = ekmconnection
  4602  	return c
  4603  }
  4604  
  4605  // EkmConnectionId sets the optional parameter "ekmConnectionId": Required. It
  4606  // must be unique within a location and match the regular expression
  4607  // `[a-zA-Z0-9_-]{1,63}`.
  4608  func (c *ProjectsLocationsEkmConnectionsCreateCall) EkmConnectionId(ekmConnectionId string) *ProjectsLocationsEkmConnectionsCreateCall {
  4609  	c.urlParams_.Set("ekmConnectionId", ekmConnectionId)
  4610  	return c
  4611  }
  4612  
  4613  // Fields allows partial responses to be retrieved. See
  4614  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4615  // details.
  4616  func (c *ProjectsLocationsEkmConnectionsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsCreateCall {
  4617  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4618  	return c
  4619  }
  4620  
  4621  // Context sets the context to be used in this call's Do method.
  4622  func (c *ProjectsLocationsEkmConnectionsCreateCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsCreateCall {
  4623  	c.ctx_ = ctx
  4624  	return c
  4625  }
  4626  
  4627  // Header returns a http.Header that can be modified by the caller to add
  4628  // headers to the request.
  4629  func (c *ProjectsLocationsEkmConnectionsCreateCall) Header() http.Header {
  4630  	if c.header_ == nil {
  4631  		c.header_ = make(http.Header)
  4632  	}
  4633  	return c.header_
  4634  }
  4635  
  4636  func (c *ProjectsLocationsEkmConnectionsCreateCall) doRequest(alt string) (*http.Response, error) {
  4637  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  4638  	var body io.Reader = nil
  4639  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.ekmconnection)
  4640  	if err != nil {
  4641  		return nil, err
  4642  	}
  4643  	c.urlParams_.Set("alt", alt)
  4644  	c.urlParams_.Set("prettyPrint", "false")
  4645  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/ekmConnections")
  4646  	urls += "?" + c.urlParams_.Encode()
  4647  	req, err := http.NewRequest("POST", urls, body)
  4648  	if err != nil {
  4649  		return nil, err
  4650  	}
  4651  	req.Header = reqHeaders
  4652  	googleapi.Expand(req.URL, map[string]string{
  4653  		"parent": c.parent,
  4654  	})
  4655  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4656  }
  4657  
  4658  // Do executes the "cloudkms.projects.locations.ekmConnections.create" call.
  4659  // Any non-2xx status code is an error. Response headers are in either
  4660  // *EkmConnection.ServerResponse.Header or (if a response was returned at all)
  4661  // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4662  // whether the returned error was because http.StatusNotModified was returned.
  4663  func (c *ProjectsLocationsEkmConnectionsCreateCall) Do(opts ...googleapi.CallOption) (*EkmConnection, error) {
  4664  	gensupport.SetOptions(c.urlParams_, opts...)
  4665  	res, err := c.doRequest("json")
  4666  	if res != nil && res.StatusCode == http.StatusNotModified {
  4667  		if res.Body != nil {
  4668  			res.Body.Close()
  4669  		}
  4670  		return nil, gensupport.WrapError(&googleapi.Error{
  4671  			Code:   res.StatusCode,
  4672  			Header: res.Header,
  4673  		})
  4674  	}
  4675  	if err != nil {
  4676  		return nil, err
  4677  	}
  4678  	defer googleapi.CloseBody(res)
  4679  	if err := googleapi.CheckResponse(res); err != nil {
  4680  		return nil, gensupport.WrapError(err)
  4681  	}
  4682  	ret := &EkmConnection{
  4683  		ServerResponse: googleapi.ServerResponse{
  4684  			Header:         res.Header,
  4685  			HTTPStatusCode: res.StatusCode,
  4686  		},
  4687  	}
  4688  	target := &ret
  4689  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4690  		return nil, err
  4691  	}
  4692  	return ret, nil
  4693  }
  4694  
  4695  type ProjectsLocationsEkmConnectionsGetCall struct {
  4696  	s            *Service
  4697  	name         string
  4698  	urlParams_   gensupport.URLParams
  4699  	ifNoneMatch_ string
  4700  	ctx_         context.Context
  4701  	header_      http.Header
  4702  }
  4703  
  4704  // Get: Returns metadata for a given EkmConnection.
  4705  //
  4706  // - name: The name of the EkmConnection to get.
  4707  func (r *ProjectsLocationsEkmConnectionsService) Get(name string) *ProjectsLocationsEkmConnectionsGetCall {
  4708  	c := &ProjectsLocationsEkmConnectionsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4709  	c.name = name
  4710  	return c
  4711  }
  4712  
  4713  // Fields allows partial responses to be retrieved. See
  4714  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4715  // details.
  4716  func (c *ProjectsLocationsEkmConnectionsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsGetCall {
  4717  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4718  	return c
  4719  }
  4720  
  4721  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  4722  // object's ETag matches the given value. This is useful for getting updates
  4723  // only after the object has changed since the last request.
  4724  func (c *ProjectsLocationsEkmConnectionsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConnectionsGetCall {
  4725  	c.ifNoneMatch_ = entityTag
  4726  	return c
  4727  }
  4728  
  4729  // Context sets the context to be used in this call's Do method.
  4730  func (c *ProjectsLocationsEkmConnectionsGetCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsGetCall {
  4731  	c.ctx_ = ctx
  4732  	return c
  4733  }
  4734  
  4735  // Header returns a http.Header that can be modified by the caller to add
  4736  // headers to the request.
  4737  func (c *ProjectsLocationsEkmConnectionsGetCall) Header() http.Header {
  4738  	if c.header_ == nil {
  4739  		c.header_ = make(http.Header)
  4740  	}
  4741  	return c.header_
  4742  }
  4743  
  4744  func (c *ProjectsLocationsEkmConnectionsGetCall) doRequest(alt string) (*http.Response, error) {
  4745  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  4746  	if c.ifNoneMatch_ != "" {
  4747  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  4748  	}
  4749  	var body io.Reader = nil
  4750  	c.urlParams_.Set("alt", alt)
  4751  	c.urlParams_.Set("prettyPrint", "false")
  4752  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  4753  	urls += "?" + c.urlParams_.Encode()
  4754  	req, err := http.NewRequest("GET", urls, body)
  4755  	if err != nil {
  4756  		return nil, err
  4757  	}
  4758  	req.Header = reqHeaders
  4759  	googleapi.Expand(req.URL, map[string]string{
  4760  		"name": c.name,
  4761  	})
  4762  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4763  }
  4764  
  4765  // Do executes the "cloudkms.projects.locations.ekmConnections.get" call.
  4766  // Any non-2xx status code is an error. Response headers are in either
  4767  // *EkmConnection.ServerResponse.Header or (if a response was returned at all)
  4768  // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4769  // whether the returned error was because http.StatusNotModified was returned.
  4770  func (c *ProjectsLocationsEkmConnectionsGetCall) Do(opts ...googleapi.CallOption) (*EkmConnection, error) {
  4771  	gensupport.SetOptions(c.urlParams_, opts...)
  4772  	res, err := c.doRequest("json")
  4773  	if res != nil && res.StatusCode == http.StatusNotModified {
  4774  		if res.Body != nil {
  4775  			res.Body.Close()
  4776  		}
  4777  		return nil, gensupport.WrapError(&googleapi.Error{
  4778  			Code:   res.StatusCode,
  4779  			Header: res.Header,
  4780  		})
  4781  	}
  4782  	if err != nil {
  4783  		return nil, err
  4784  	}
  4785  	defer googleapi.CloseBody(res)
  4786  	if err := googleapi.CheckResponse(res); err != nil {
  4787  		return nil, gensupport.WrapError(err)
  4788  	}
  4789  	ret := &EkmConnection{
  4790  		ServerResponse: googleapi.ServerResponse{
  4791  			Header:         res.Header,
  4792  			HTTPStatusCode: res.StatusCode,
  4793  		},
  4794  	}
  4795  	target := &ret
  4796  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4797  		return nil, err
  4798  	}
  4799  	return ret, nil
  4800  }
  4801  
  4802  type ProjectsLocationsEkmConnectionsGetIamPolicyCall struct {
  4803  	s            *Service
  4804  	resource     string
  4805  	urlParams_   gensupport.URLParams
  4806  	ifNoneMatch_ string
  4807  	ctx_         context.Context
  4808  	header_      http.Header
  4809  }
  4810  
  4811  // GetIamPolicy: Gets the access control policy for a resource. Returns an
  4812  // empty policy if the resource exists and does not have a policy set.
  4813  //
  4814  //   - resource: REQUIRED: The resource for which the policy is being requested.
  4815  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  4816  //     for the appropriate value for this field.
  4817  func (r *ProjectsLocationsEkmConnectionsService) GetIamPolicy(resource string) *ProjectsLocationsEkmConnectionsGetIamPolicyCall {
  4818  	c := &ProjectsLocationsEkmConnectionsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4819  	c.resource = resource
  4820  	return c
  4821  }
  4822  
  4823  // OptionsRequestedPolicyVersion sets the optional parameter
  4824  // "options.requestedPolicyVersion": The maximum policy version that will be
  4825  // used to format the policy. Valid values are 0, 1, and 3. Requests specifying
  4826  // an invalid value will be rejected. Requests for policies with any
  4827  // conditional role bindings must specify version 3. Policies with no
  4828  // conditional role bindings may specify any valid value or leave the field
  4829  // unset. The policy in the response might use the policy version that you
  4830  // specified, or it might use a lower policy version. For example, if you
  4831  // specify version 3, but the policy has no conditional role bindings, the
  4832  // response uses version 1. To learn which resources support conditions in
  4833  // their IAM policies, see the IAM documentation
  4834  // (https://cloud.google.com/iam/help/conditions/resource-policies).
  4835  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsEkmConnectionsGetIamPolicyCall {
  4836  	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
  4837  	return c
  4838  }
  4839  
  4840  // Fields allows partial responses to be retrieved. See
  4841  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4842  // details.
  4843  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsGetIamPolicyCall {
  4844  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4845  	return c
  4846  }
  4847  
  4848  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  4849  // object's ETag matches the given value. This is useful for getting updates
  4850  // only after the object has changed since the last request.
  4851  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConnectionsGetIamPolicyCall {
  4852  	c.ifNoneMatch_ = entityTag
  4853  	return c
  4854  }
  4855  
  4856  // Context sets the context to be used in this call's Do method.
  4857  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsGetIamPolicyCall {
  4858  	c.ctx_ = ctx
  4859  	return c
  4860  }
  4861  
  4862  // Header returns a http.Header that can be modified by the caller to add
  4863  // headers to the request.
  4864  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) Header() http.Header {
  4865  	if c.header_ == nil {
  4866  		c.header_ = make(http.Header)
  4867  	}
  4868  	return c.header_
  4869  }
  4870  
  4871  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  4872  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  4873  	if c.ifNoneMatch_ != "" {
  4874  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  4875  	}
  4876  	var body io.Reader = nil
  4877  	c.urlParams_.Set("alt", alt)
  4878  	c.urlParams_.Set("prettyPrint", "false")
  4879  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
  4880  	urls += "?" + c.urlParams_.Encode()
  4881  	req, err := http.NewRequest("GET", urls, body)
  4882  	if err != nil {
  4883  		return nil, err
  4884  	}
  4885  	req.Header = reqHeaders
  4886  	googleapi.Expand(req.URL, map[string]string{
  4887  		"resource": c.resource,
  4888  	})
  4889  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  4890  }
  4891  
  4892  // Do executes the "cloudkms.projects.locations.ekmConnections.getIamPolicy" call.
  4893  // Any non-2xx status code is an error. Response headers are in either
  4894  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  4895  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  4896  // whether the returned error was because http.StatusNotModified was returned.
  4897  func (c *ProjectsLocationsEkmConnectionsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  4898  	gensupport.SetOptions(c.urlParams_, opts...)
  4899  	res, err := c.doRequest("json")
  4900  	if res != nil && res.StatusCode == http.StatusNotModified {
  4901  		if res.Body != nil {
  4902  			res.Body.Close()
  4903  		}
  4904  		return nil, gensupport.WrapError(&googleapi.Error{
  4905  			Code:   res.StatusCode,
  4906  			Header: res.Header,
  4907  		})
  4908  	}
  4909  	if err != nil {
  4910  		return nil, err
  4911  	}
  4912  	defer googleapi.CloseBody(res)
  4913  	if err := googleapi.CheckResponse(res); err != nil {
  4914  		return nil, gensupport.WrapError(err)
  4915  	}
  4916  	ret := &Policy{
  4917  		ServerResponse: googleapi.ServerResponse{
  4918  			Header:         res.Header,
  4919  			HTTPStatusCode: res.StatusCode,
  4920  		},
  4921  	}
  4922  	target := &ret
  4923  	if err := gensupport.DecodeResponse(target, res); err != nil {
  4924  		return nil, err
  4925  	}
  4926  	return ret, nil
  4927  }
  4928  
  4929  type ProjectsLocationsEkmConnectionsListCall struct {
  4930  	s            *Service
  4931  	parent       string
  4932  	urlParams_   gensupport.URLParams
  4933  	ifNoneMatch_ string
  4934  	ctx_         context.Context
  4935  	header_      http.Header
  4936  }
  4937  
  4938  // List: Lists EkmConnections.
  4939  //
  4940  //   - parent: The resource name of the location associated with the
  4941  //     EkmConnections to list, in the format `projects/*/locations/*`.
  4942  func (r *ProjectsLocationsEkmConnectionsService) List(parent string) *ProjectsLocationsEkmConnectionsListCall {
  4943  	c := &ProjectsLocationsEkmConnectionsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  4944  	c.parent = parent
  4945  	return c
  4946  }
  4947  
  4948  // Filter sets the optional parameter "filter": Only include resources that
  4949  // match the filter in the response. For more information, see Sorting and
  4950  // filtering list results
  4951  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  4952  func (c *ProjectsLocationsEkmConnectionsListCall) Filter(filter string) *ProjectsLocationsEkmConnectionsListCall {
  4953  	c.urlParams_.Set("filter", filter)
  4954  	return c
  4955  }
  4956  
  4957  // OrderBy sets the optional parameter "orderBy": Specify how the results
  4958  // should be sorted. If not specified, the results will be sorted in the
  4959  // default order. For more information, see Sorting and filtering list results
  4960  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  4961  func (c *ProjectsLocationsEkmConnectionsListCall) OrderBy(orderBy string) *ProjectsLocationsEkmConnectionsListCall {
  4962  	c.urlParams_.Set("orderBy", orderBy)
  4963  	return c
  4964  }
  4965  
  4966  // PageSize sets the optional parameter "pageSize": Optional limit on the
  4967  // number of EkmConnections to include in the response. Further EkmConnections
  4968  // can subsequently be obtained by including the
  4969  // ListEkmConnectionsResponse.next_page_token in a subsequent request. If
  4970  // unspecified, the server will pick an appropriate default.
  4971  func (c *ProjectsLocationsEkmConnectionsListCall) PageSize(pageSize int64) *ProjectsLocationsEkmConnectionsListCall {
  4972  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  4973  	return c
  4974  }
  4975  
  4976  // PageToken sets the optional parameter "pageToken": Optional pagination
  4977  // token, returned earlier via ListEkmConnectionsResponse.next_page_token.
  4978  func (c *ProjectsLocationsEkmConnectionsListCall) PageToken(pageToken string) *ProjectsLocationsEkmConnectionsListCall {
  4979  	c.urlParams_.Set("pageToken", pageToken)
  4980  	return c
  4981  }
  4982  
  4983  // Fields allows partial responses to be retrieved. See
  4984  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  4985  // details.
  4986  func (c *ProjectsLocationsEkmConnectionsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsListCall {
  4987  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  4988  	return c
  4989  }
  4990  
  4991  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  4992  // object's ETag matches the given value. This is useful for getting updates
  4993  // only after the object has changed since the last request.
  4994  func (c *ProjectsLocationsEkmConnectionsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConnectionsListCall {
  4995  	c.ifNoneMatch_ = entityTag
  4996  	return c
  4997  }
  4998  
  4999  // Context sets the context to be used in this call's Do method.
  5000  func (c *ProjectsLocationsEkmConnectionsListCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsListCall {
  5001  	c.ctx_ = ctx
  5002  	return c
  5003  }
  5004  
  5005  // Header returns a http.Header that can be modified by the caller to add
  5006  // headers to the request.
  5007  func (c *ProjectsLocationsEkmConnectionsListCall) Header() http.Header {
  5008  	if c.header_ == nil {
  5009  		c.header_ = make(http.Header)
  5010  	}
  5011  	return c.header_
  5012  }
  5013  
  5014  func (c *ProjectsLocationsEkmConnectionsListCall) doRequest(alt string) (*http.Response, error) {
  5015  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  5016  	if c.ifNoneMatch_ != "" {
  5017  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  5018  	}
  5019  	var body io.Reader = nil
  5020  	c.urlParams_.Set("alt", alt)
  5021  	c.urlParams_.Set("prettyPrint", "false")
  5022  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/ekmConnections")
  5023  	urls += "?" + c.urlParams_.Encode()
  5024  	req, err := http.NewRequest("GET", urls, body)
  5025  	if err != nil {
  5026  		return nil, err
  5027  	}
  5028  	req.Header = reqHeaders
  5029  	googleapi.Expand(req.URL, map[string]string{
  5030  		"parent": c.parent,
  5031  	})
  5032  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5033  }
  5034  
  5035  // Do executes the "cloudkms.projects.locations.ekmConnections.list" call.
  5036  // Any non-2xx status code is an error. Response headers are in either
  5037  // *ListEkmConnectionsResponse.ServerResponse.Header or (if a response was
  5038  // returned at all) in error.(*googleapi.Error).Header. Use
  5039  // googleapi.IsNotModified to check whether the returned error was because
  5040  // http.StatusNotModified was returned.
  5041  func (c *ProjectsLocationsEkmConnectionsListCall) Do(opts ...googleapi.CallOption) (*ListEkmConnectionsResponse, error) {
  5042  	gensupport.SetOptions(c.urlParams_, opts...)
  5043  	res, err := c.doRequest("json")
  5044  	if res != nil && res.StatusCode == http.StatusNotModified {
  5045  		if res.Body != nil {
  5046  			res.Body.Close()
  5047  		}
  5048  		return nil, gensupport.WrapError(&googleapi.Error{
  5049  			Code:   res.StatusCode,
  5050  			Header: res.Header,
  5051  		})
  5052  	}
  5053  	if err != nil {
  5054  		return nil, err
  5055  	}
  5056  	defer googleapi.CloseBody(res)
  5057  	if err := googleapi.CheckResponse(res); err != nil {
  5058  		return nil, gensupport.WrapError(err)
  5059  	}
  5060  	ret := &ListEkmConnectionsResponse{
  5061  		ServerResponse: googleapi.ServerResponse{
  5062  			Header:         res.Header,
  5063  			HTTPStatusCode: res.StatusCode,
  5064  		},
  5065  	}
  5066  	target := &ret
  5067  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5068  		return nil, err
  5069  	}
  5070  	return ret, nil
  5071  }
  5072  
  5073  // Pages invokes f for each page of results.
  5074  // A non-nil error returned from f will halt the iteration.
  5075  // The provided context supersedes any context provided to the Context method.
  5076  func (c *ProjectsLocationsEkmConnectionsListCall) Pages(ctx context.Context, f func(*ListEkmConnectionsResponse) error) error {
  5077  	c.ctx_ = ctx
  5078  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  5079  	for {
  5080  		x, err := c.Do()
  5081  		if err != nil {
  5082  			return err
  5083  		}
  5084  		if err := f(x); err != nil {
  5085  			return err
  5086  		}
  5087  		if x.NextPageToken == "" {
  5088  			return nil
  5089  		}
  5090  		c.PageToken(x.NextPageToken)
  5091  	}
  5092  }
  5093  
  5094  type ProjectsLocationsEkmConnectionsPatchCall struct {
  5095  	s             *Service
  5096  	name          string
  5097  	ekmconnection *EkmConnection
  5098  	urlParams_    gensupport.URLParams
  5099  	ctx_          context.Context
  5100  	header_       http.Header
  5101  }
  5102  
  5103  // Patch: Updates an EkmConnection's metadata.
  5104  //
  5105  //   - name: Output only. The resource name for the EkmConnection in the format
  5106  //     `projects/*/locations/*/ekmConnections/*`.
  5107  func (r *ProjectsLocationsEkmConnectionsService) Patch(name string, ekmconnection *EkmConnection) *ProjectsLocationsEkmConnectionsPatchCall {
  5108  	c := &ProjectsLocationsEkmConnectionsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5109  	c.name = name
  5110  	c.ekmconnection = ekmconnection
  5111  	return c
  5112  }
  5113  
  5114  // UpdateMask sets the optional parameter "updateMask": Required. List of
  5115  // fields to be updated in this request.
  5116  func (c *ProjectsLocationsEkmConnectionsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsEkmConnectionsPatchCall {
  5117  	c.urlParams_.Set("updateMask", updateMask)
  5118  	return c
  5119  }
  5120  
  5121  // Fields allows partial responses to be retrieved. See
  5122  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5123  // details.
  5124  func (c *ProjectsLocationsEkmConnectionsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsPatchCall {
  5125  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5126  	return c
  5127  }
  5128  
  5129  // Context sets the context to be used in this call's Do method.
  5130  func (c *ProjectsLocationsEkmConnectionsPatchCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsPatchCall {
  5131  	c.ctx_ = ctx
  5132  	return c
  5133  }
  5134  
  5135  // Header returns a http.Header that can be modified by the caller to add
  5136  // headers to the request.
  5137  func (c *ProjectsLocationsEkmConnectionsPatchCall) Header() http.Header {
  5138  	if c.header_ == nil {
  5139  		c.header_ = make(http.Header)
  5140  	}
  5141  	return c.header_
  5142  }
  5143  
  5144  func (c *ProjectsLocationsEkmConnectionsPatchCall) doRequest(alt string) (*http.Response, error) {
  5145  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  5146  	var body io.Reader = nil
  5147  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.ekmconnection)
  5148  	if err != nil {
  5149  		return nil, err
  5150  	}
  5151  	c.urlParams_.Set("alt", alt)
  5152  	c.urlParams_.Set("prettyPrint", "false")
  5153  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  5154  	urls += "?" + c.urlParams_.Encode()
  5155  	req, err := http.NewRequest("PATCH", urls, body)
  5156  	if err != nil {
  5157  		return nil, err
  5158  	}
  5159  	req.Header = reqHeaders
  5160  	googleapi.Expand(req.URL, map[string]string{
  5161  		"name": c.name,
  5162  	})
  5163  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5164  }
  5165  
  5166  // Do executes the "cloudkms.projects.locations.ekmConnections.patch" call.
  5167  // Any non-2xx status code is an error. Response headers are in either
  5168  // *EkmConnection.ServerResponse.Header or (if a response was returned at all)
  5169  // in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  5170  // whether the returned error was because http.StatusNotModified was returned.
  5171  func (c *ProjectsLocationsEkmConnectionsPatchCall) Do(opts ...googleapi.CallOption) (*EkmConnection, error) {
  5172  	gensupport.SetOptions(c.urlParams_, opts...)
  5173  	res, err := c.doRequest("json")
  5174  	if res != nil && res.StatusCode == http.StatusNotModified {
  5175  		if res.Body != nil {
  5176  			res.Body.Close()
  5177  		}
  5178  		return nil, gensupport.WrapError(&googleapi.Error{
  5179  			Code:   res.StatusCode,
  5180  			Header: res.Header,
  5181  		})
  5182  	}
  5183  	if err != nil {
  5184  		return nil, err
  5185  	}
  5186  	defer googleapi.CloseBody(res)
  5187  	if err := googleapi.CheckResponse(res); err != nil {
  5188  		return nil, gensupport.WrapError(err)
  5189  	}
  5190  	ret := &EkmConnection{
  5191  		ServerResponse: googleapi.ServerResponse{
  5192  			Header:         res.Header,
  5193  			HTTPStatusCode: res.StatusCode,
  5194  		},
  5195  	}
  5196  	target := &ret
  5197  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5198  		return nil, err
  5199  	}
  5200  	return ret, nil
  5201  }
  5202  
  5203  type ProjectsLocationsEkmConnectionsSetIamPolicyCall struct {
  5204  	s                   *Service
  5205  	resource            string
  5206  	setiampolicyrequest *SetIamPolicyRequest
  5207  	urlParams_          gensupport.URLParams
  5208  	ctx_                context.Context
  5209  	header_             http.Header
  5210  }
  5211  
  5212  // SetIamPolicy: Sets the access control policy on the specified resource.
  5213  // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
  5214  // and `PERMISSION_DENIED` errors.
  5215  //
  5216  //   - resource: REQUIRED: The resource for which the policy is being specified.
  5217  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  5218  //     for the appropriate value for this field.
  5219  func (r *ProjectsLocationsEkmConnectionsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsEkmConnectionsSetIamPolicyCall {
  5220  	c := &ProjectsLocationsEkmConnectionsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5221  	c.resource = resource
  5222  	c.setiampolicyrequest = setiampolicyrequest
  5223  	return c
  5224  }
  5225  
  5226  // Fields allows partial responses to be retrieved. See
  5227  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5228  // details.
  5229  func (c *ProjectsLocationsEkmConnectionsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsSetIamPolicyCall {
  5230  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5231  	return c
  5232  }
  5233  
  5234  // Context sets the context to be used in this call's Do method.
  5235  func (c *ProjectsLocationsEkmConnectionsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsSetIamPolicyCall {
  5236  	c.ctx_ = ctx
  5237  	return c
  5238  }
  5239  
  5240  // Header returns a http.Header that can be modified by the caller to add
  5241  // headers to the request.
  5242  func (c *ProjectsLocationsEkmConnectionsSetIamPolicyCall) Header() http.Header {
  5243  	if c.header_ == nil {
  5244  		c.header_ = make(http.Header)
  5245  	}
  5246  	return c.header_
  5247  }
  5248  
  5249  func (c *ProjectsLocationsEkmConnectionsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  5250  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  5251  	var body io.Reader = nil
  5252  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
  5253  	if err != nil {
  5254  		return nil, err
  5255  	}
  5256  	c.urlParams_.Set("alt", alt)
  5257  	c.urlParams_.Set("prettyPrint", "false")
  5258  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
  5259  	urls += "?" + c.urlParams_.Encode()
  5260  	req, err := http.NewRequest("POST", urls, body)
  5261  	if err != nil {
  5262  		return nil, err
  5263  	}
  5264  	req.Header = reqHeaders
  5265  	googleapi.Expand(req.URL, map[string]string{
  5266  		"resource": c.resource,
  5267  	})
  5268  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5269  }
  5270  
  5271  // Do executes the "cloudkms.projects.locations.ekmConnections.setIamPolicy" call.
  5272  // Any non-2xx status code is an error. Response headers are in either
  5273  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  5274  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  5275  // whether the returned error was because http.StatusNotModified was returned.
  5276  func (c *ProjectsLocationsEkmConnectionsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  5277  	gensupport.SetOptions(c.urlParams_, opts...)
  5278  	res, err := c.doRequest("json")
  5279  	if res != nil && res.StatusCode == http.StatusNotModified {
  5280  		if res.Body != nil {
  5281  			res.Body.Close()
  5282  		}
  5283  		return nil, gensupport.WrapError(&googleapi.Error{
  5284  			Code:   res.StatusCode,
  5285  			Header: res.Header,
  5286  		})
  5287  	}
  5288  	if err != nil {
  5289  		return nil, err
  5290  	}
  5291  	defer googleapi.CloseBody(res)
  5292  	if err := googleapi.CheckResponse(res); err != nil {
  5293  		return nil, gensupport.WrapError(err)
  5294  	}
  5295  	ret := &Policy{
  5296  		ServerResponse: googleapi.ServerResponse{
  5297  			Header:         res.Header,
  5298  			HTTPStatusCode: res.StatusCode,
  5299  		},
  5300  	}
  5301  	target := &ret
  5302  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5303  		return nil, err
  5304  	}
  5305  	return ret, nil
  5306  }
  5307  
  5308  type ProjectsLocationsEkmConnectionsTestIamPermissionsCall struct {
  5309  	s                         *Service
  5310  	resource                  string
  5311  	testiampermissionsrequest *TestIamPermissionsRequest
  5312  	urlParams_                gensupport.URLParams
  5313  	ctx_                      context.Context
  5314  	header_                   http.Header
  5315  }
  5316  
  5317  // TestIamPermissions: Returns permissions that a caller has on the specified
  5318  // resource. If the resource does not exist, this will return an empty set of
  5319  // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
  5320  // used for building permission-aware UIs and command-line tools, not for
  5321  // authorization checking. This operation may "fail open" without warning.
  5322  //
  5323  //   - resource: REQUIRED: The resource for which the policy detail is being
  5324  //     requested. See Resource names
  5325  //     (https://cloud.google.com/apis/design/resource_names) for the appropriate
  5326  //     value for this field.
  5327  func (r *ProjectsLocationsEkmConnectionsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsEkmConnectionsTestIamPermissionsCall {
  5328  	c := &ProjectsLocationsEkmConnectionsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5329  	c.resource = resource
  5330  	c.testiampermissionsrequest = testiampermissionsrequest
  5331  	return c
  5332  }
  5333  
  5334  // Fields allows partial responses to be retrieved. See
  5335  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5336  // details.
  5337  func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsTestIamPermissionsCall {
  5338  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5339  	return c
  5340  }
  5341  
  5342  // Context sets the context to be used in this call's Do method.
  5343  func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsTestIamPermissionsCall {
  5344  	c.ctx_ = ctx
  5345  	return c
  5346  }
  5347  
  5348  // Header returns a http.Header that can be modified by the caller to add
  5349  // headers to the request.
  5350  func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) Header() http.Header {
  5351  	if c.header_ == nil {
  5352  		c.header_ = make(http.Header)
  5353  	}
  5354  	return c.header_
  5355  }
  5356  
  5357  func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
  5358  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  5359  	var body io.Reader = nil
  5360  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
  5361  	if err != nil {
  5362  		return nil, err
  5363  	}
  5364  	c.urlParams_.Set("alt", alt)
  5365  	c.urlParams_.Set("prettyPrint", "false")
  5366  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
  5367  	urls += "?" + c.urlParams_.Encode()
  5368  	req, err := http.NewRequest("POST", urls, body)
  5369  	if err != nil {
  5370  		return nil, err
  5371  	}
  5372  	req.Header = reqHeaders
  5373  	googleapi.Expand(req.URL, map[string]string{
  5374  		"resource": c.resource,
  5375  	})
  5376  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5377  }
  5378  
  5379  // Do executes the "cloudkms.projects.locations.ekmConnections.testIamPermissions" call.
  5380  // Any non-2xx status code is an error. Response headers are in either
  5381  // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
  5382  // returned at all) in error.(*googleapi.Error).Header. Use
  5383  // googleapi.IsNotModified to check whether the returned error was because
  5384  // http.StatusNotModified was returned.
  5385  func (c *ProjectsLocationsEkmConnectionsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
  5386  	gensupport.SetOptions(c.urlParams_, opts...)
  5387  	res, err := c.doRequest("json")
  5388  	if res != nil && res.StatusCode == http.StatusNotModified {
  5389  		if res.Body != nil {
  5390  			res.Body.Close()
  5391  		}
  5392  		return nil, gensupport.WrapError(&googleapi.Error{
  5393  			Code:   res.StatusCode,
  5394  			Header: res.Header,
  5395  		})
  5396  	}
  5397  	if err != nil {
  5398  		return nil, err
  5399  	}
  5400  	defer googleapi.CloseBody(res)
  5401  	if err := googleapi.CheckResponse(res); err != nil {
  5402  		return nil, gensupport.WrapError(err)
  5403  	}
  5404  	ret := &TestIamPermissionsResponse{
  5405  		ServerResponse: googleapi.ServerResponse{
  5406  			Header:         res.Header,
  5407  			HTTPStatusCode: res.StatusCode,
  5408  		},
  5409  	}
  5410  	target := &ret
  5411  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5412  		return nil, err
  5413  	}
  5414  	return ret, nil
  5415  }
  5416  
  5417  type ProjectsLocationsEkmConnectionsVerifyConnectivityCall struct {
  5418  	s            *Service
  5419  	name         string
  5420  	urlParams_   gensupport.URLParams
  5421  	ifNoneMatch_ string
  5422  	ctx_         context.Context
  5423  	header_      http.Header
  5424  }
  5425  
  5426  // VerifyConnectivity: Verifies that Cloud KMS can successfully connect to the
  5427  // external key manager specified by an EkmConnection. If there is an error
  5428  // connecting to the EKM, this method returns a FAILED_PRECONDITION status
  5429  // containing structured information as described at
  5430  // https://cloud.google.com/kms/docs/reference/ekm_errors.
  5431  //
  5432  // - name: The name of the EkmConnection to verify.
  5433  func (r *ProjectsLocationsEkmConnectionsService) VerifyConnectivity(name string) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall {
  5434  	c := &ProjectsLocationsEkmConnectionsVerifyConnectivityCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5435  	c.name = name
  5436  	return c
  5437  }
  5438  
  5439  // Fields allows partial responses to be retrieved. See
  5440  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5441  // details.
  5442  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Fields(s ...googleapi.Field) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall {
  5443  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5444  	return c
  5445  }
  5446  
  5447  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  5448  // object's ETag matches the given value. This is useful for getting updates
  5449  // only after the object has changed since the last request.
  5450  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) IfNoneMatch(entityTag string) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall {
  5451  	c.ifNoneMatch_ = entityTag
  5452  	return c
  5453  }
  5454  
  5455  // Context sets the context to be used in this call's Do method.
  5456  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Context(ctx context.Context) *ProjectsLocationsEkmConnectionsVerifyConnectivityCall {
  5457  	c.ctx_ = ctx
  5458  	return c
  5459  }
  5460  
  5461  // Header returns a http.Header that can be modified by the caller to add
  5462  // headers to the request.
  5463  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Header() http.Header {
  5464  	if c.header_ == nil {
  5465  		c.header_ = make(http.Header)
  5466  	}
  5467  	return c.header_
  5468  }
  5469  
  5470  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) doRequest(alt string) (*http.Response, error) {
  5471  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  5472  	if c.ifNoneMatch_ != "" {
  5473  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  5474  	}
  5475  	var body io.Reader = nil
  5476  	c.urlParams_.Set("alt", alt)
  5477  	c.urlParams_.Set("prettyPrint", "false")
  5478  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:verifyConnectivity")
  5479  	urls += "?" + c.urlParams_.Encode()
  5480  	req, err := http.NewRequest("GET", urls, body)
  5481  	if err != nil {
  5482  		return nil, err
  5483  	}
  5484  	req.Header = reqHeaders
  5485  	googleapi.Expand(req.URL, map[string]string{
  5486  		"name": c.name,
  5487  	})
  5488  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5489  }
  5490  
  5491  // Do executes the "cloudkms.projects.locations.ekmConnections.verifyConnectivity" call.
  5492  // Any non-2xx status code is an error. Response headers are in either
  5493  // *VerifyConnectivityResponse.ServerResponse.Header or (if a response was
  5494  // returned at all) in error.(*googleapi.Error).Header. Use
  5495  // googleapi.IsNotModified to check whether the returned error was because
  5496  // http.StatusNotModified was returned.
  5497  func (c *ProjectsLocationsEkmConnectionsVerifyConnectivityCall) Do(opts ...googleapi.CallOption) (*VerifyConnectivityResponse, error) {
  5498  	gensupport.SetOptions(c.urlParams_, opts...)
  5499  	res, err := c.doRequest("json")
  5500  	if res != nil && res.StatusCode == http.StatusNotModified {
  5501  		if res.Body != nil {
  5502  			res.Body.Close()
  5503  		}
  5504  		return nil, gensupport.WrapError(&googleapi.Error{
  5505  			Code:   res.StatusCode,
  5506  			Header: res.Header,
  5507  		})
  5508  	}
  5509  	if err != nil {
  5510  		return nil, err
  5511  	}
  5512  	defer googleapi.CloseBody(res)
  5513  	if err := googleapi.CheckResponse(res); err != nil {
  5514  		return nil, gensupport.WrapError(err)
  5515  	}
  5516  	ret := &VerifyConnectivityResponse{
  5517  		ServerResponse: googleapi.ServerResponse{
  5518  			Header:         res.Header,
  5519  			HTTPStatusCode: res.StatusCode,
  5520  		},
  5521  	}
  5522  	target := &ret
  5523  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5524  		return nil, err
  5525  	}
  5526  	return ret, nil
  5527  }
  5528  
  5529  type ProjectsLocationsKeyHandlesCreateCall struct {
  5530  	s          *Service
  5531  	parent     string
  5532  	keyhandle  *KeyHandle
  5533  	urlParams_ gensupport.URLParams
  5534  	ctx_       context.Context
  5535  	header_    http.Header
  5536  }
  5537  
  5538  // Create: Creates a new KeyHandle, triggering the provisioning of a new
  5539  // CryptoKey for CMEK use with the given resource type in the configured key
  5540  // project and the same location. GetOperation should be used to resolve the
  5541  // resulting long-running operation and get the resulting KeyHandle and
  5542  // CryptoKey.
  5543  //
  5544  //   - parent: Name of the resource project and location to create the KeyHandle
  5545  //     in, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`.
  5546  func (r *ProjectsLocationsKeyHandlesService) Create(parent string, keyhandle *KeyHandle) *ProjectsLocationsKeyHandlesCreateCall {
  5547  	c := &ProjectsLocationsKeyHandlesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5548  	c.parent = parent
  5549  	c.keyhandle = keyhandle
  5550  	return c
  5551  }
  5552  
  5553  // KeyHandleId sets the optional parameter "keyHandleId": Id of the KeyHandle.
  5554  // Must be unique to the resource project and location. If not provided by the
  5555  // caller, a new UUID is used.
  5556  func (c *ProjectsLocationsKeyHandlesCreateCall) KeyHandleId(keyHandleId string) *ProjectsLocationsKeyHandlesCreateCall {
  5557  	c.urlParams_.Set("keyHandleId", keyHandleId)
  5558  	return c
  5559  }
  5560  
  5561  // Fields allows partial responses to be retrieved. See
  5562  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5563  // details.
  5564  func (c *ProjectsLocationsKeyHandlesCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyHandlesCreateCall {
  5565  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5566  	return c
  5567  }
  5568  
  5569  // Context sets the context to be used in this call's Do method.
  5570  func (c *ProjectsLocationsKeyHandlesCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyHandlesCreateCall {
  5571  	c.ctx_ = ctx
  5572  	return c
  5573  }
  5574  
  5575  // Header returns a http.Header that can be modified by the caller to add
  5576  // headers to the request.
  5577  func (c *ProjectsLocationsKeyHandlesCreateCall) Header() http.Header {
  5578  	if c.header_ == nil {
  5579  		c.header_ = make(http.Header)
  5580  	}
  5581  	return c.header_
  5582  }
  5583  
  5584  func (c *ProjectsLocationsKeyHandlesCreateCall) doRequest(alt string) (*http.Response, error) {
  5585  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  5586  	var body io.Reader = nil
  5587  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.keyhandle)
  5588  	if err != nil {
  5589  		return nil, err
  5590  	}
  5591  	c.urlParams_.Set("alt", alt)
  5592  	c.urlParams_.Set("prettyPrint", "false")
  5593  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyHandles")
  5594  	urls += "?" + c.urlParams_.Encode()
  5595  	req, err := http.NewRequest("POST", urls, body)
  5596  	if err != nil {
  5597  		return nil, err
  5598  	}
  5599  	req.Header = reqHeaders
  5600  	googleapi.Expand(req.URL, map[string]string{
  5601  		"parent": c.parent,
  5602  	})
  5603  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5604  }
  5605  
  5606  // Do executes the "cloudkms.projects.locations.keyHandles.create" call.
  5607  // Any non-2xx status code is an error. Response headers are in either
  5608  // *Operation.ServerResponse.Header or (if a response was returned at all) in
  5609  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  5610  // whether the returned error was because http.StatusNotModified was returned.
  5611  func (c *ProjectsLocationsKeyHandlesCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
  5612  	gensupport.SetOptions(c.urlParams_, opts...)
  5613  	res, err := c.doRequest("json")
  5614  	if res != nil && res.StatusCode == http.StatusNotModified {
  5615  		if res.Body != nil {
  5616  			res.Body.Close()
  5617  		}
  5618  		return nil, gensupport.WrapError(&googleapi.Error{
  5619  			Code:   res.StatusCode,
  5620  			Header: res.Header,
  5621  		})
  5622  	}
  5623  	if err != nil {
  5624  		return nil, err
  5625  	}
  5626  	defer googleapi.CloseBody(res)
  5627  	if err := googleapi.CheckResponse(res); err != nil {
  5628  		return nil, gensupport.WrapError(err)
  5629  	}
  5630  	ret := &Operation{
  5631  		ServerResponse: googleapi.ServerResponse{
  5632  			Header:         res.Header,
  5633  			HTTPStatusCode: res.StatusCode,
  5634  		},
  5635  	}
  5636  	target := &ret
  5637  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5638  		return nil, err
  5639  	}
  5640  	return ret, nil
  5641  }
  5642  
  5643  type ProjectsLocationsKeyHandlesGetCall struct {
  5644  	s            *Service
  5645  	name         string
  5646  	urlParams_   gensupport.URLParams
  5647  	ifNoneMatch_ string
  5648  	ctx_         context.Context
  5649  	header_      http.Header
  5650  }
  5651  
  5652  // Get: Returns the KeyHandle.
  5653  //
  5654  //   - name: Name of the KeyHandle resource, e.g.
  5655  //     `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
  5656  func (r *ProjectsLocationsKeyHandlesService) Get(name string) *ProjectsLocationsKeyHandlesGetCall {
  5657  	c := &ProjectsLocationsKeyHandlesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5658  	c.name = name
  5659  	return c
  5660  }
  5661  
  5662  // Fields allows partial responses to be retrieved. See
  5663  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5664  // details.
  5665  func (c *ProjectsLocationsKeyHandlesGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyHandlesGetCall {
  5666  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5667  	return c
  5668  }
  5669  
  5670  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  5671  // object's ETag matches the given value. This is useful for getting updates
  5672  // only after the object has changed since the last request.
  5673  func (c *ProjectsLocationsKeyHandlesGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyHandlesGetCall {
  5674  	c.ifNoneMatch_ = entityTag
  5675  	return c
  5676  }
  5677  
  5678  // Context sets the context to be used in this call's Do method.
  5679  func (c *ProjectsLocationsKeyHandlesGetCall) Context(ctx context.Context) *ProjectsLocationsKeyHandlesGetCall {
  5680  	c.ctx_ = ctx
  5681  	return c
  5682  }
  5683  
  5684  // Header returns a http.Header that can be modified by the caller to add
  5685  // headers to the request.
  5686  func (c *ProjectsLocationsKeyHandlesGetCall) Header() http.Header {
  5687  	if c.header_ == nil {
  5688  		c.header_ = make(http.Header)
  5689  	}
  5690  	return c.header_
  5691  }
  5692  
  5693  func (c *ProjectsLocationsKeyHandlesGetCall) doRequest(alt string) (*http.Response, error) {
  5694  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  5695  	if c.ifNoneMatch_ != "" {
  5696  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  5697  	}
  5698  	var body io.Reader = nil
  5699  	c.urlParams_.Set("alt", alt)
  5700  	c.urlParams_.Set("prettyPrint", "false")
  5701  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  5702  	urls += "?" + c.urlParams_.Encode()
  5703  	req, err := http.NewRequest("GET", urls, body)
  5704  	if err != nil {
  5705  		return nil, err
  5706  	}
  5707  	req.Header = reqHeaders
  5708  	googleapi.Expand(req.URL, map[string]string{
  5709  		"name": c.name,
  5710  	})
  5711  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5712  }
  5713  
  5714  // Do executes the "cloudkms.projects.locations.keyHandles.get" call.
  5715  // Any non-2xx status code is an error. Response headers are in either
  5716  // *KeyHandle.ServerResponse.Header or (if a response was returned at all) in
  5717  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  5718  // whether the returned error was because http.StatusNotModified was returned.
  5719  func (c *ProjectsLocationsKeyHandlesGetCall) Do(opts ...googleapi.CallOption) (*KeyHandle, error) {
  5720  	gensupport.SetOptions(c.urlParams_, opts...)
  5721  	res, err := c.doRequest("json")
  5722  	if res != nil && res.StatusCode == http.StatusNotModified {
  5723  		if res.Body != nil {
  5724  			res.Body.Close()
  5725  		}
  5726  		return nil, gensupport.WrapError(&googleapi.Error{
  5727  			Code:   res.StatusCode,
  5728  			Header: res.Header,
  5729  		})
  5730  	}
  5731  	if err != nil {
  5732  		return nil, err
  5733  	}
  5734  	defer googleapi.CloseBody(res)
  5735  	if err := googleapi.CheckResponse(res); err != nil {
  5736  		return nil, gensupport.WrapError(err)
  5737  	}
  5738  	ret := &KeyHandle{
  5739  		ServerResponse: googleapi.ServerResponse{
  5740  			Header:         res.Header,
  5741  			HTTPStatusCode: res.StatusCode,
  5742  		},
  5743  	}
  5744  	target := &ret
  5745  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5746  		return nil, err
  5747  	}
  5748  	return ret, nil
  5749  }
  5750  
  5751  type ProjectsLocationsKeyHandlesListCall struct {
  5752  	s            *Service
  5753  	parent       string
  5754  	urlParams_   gensupport.URLParams
  5755  	ifNoneMatch_ string
  5756  	ctx_         context.Context
  5757  	header_      http.Header
  5758  }
  5759  
  5760  // List: Lists KeyHandles.
  5761  //
  5762  //   - parent: Name of the resource project and location from which to list
  5763  //     KeyHandles, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}`.
  5764  func (r *ProjectsLocationsKeyHandlesService) List(parent string) *ProjectsLocationsKeyHandlesListCall {
  5765  	c := &ProjectsLocationsKeyHandlesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5766  	c.parent = parent
  5767  	return c
  5768  }
  5769  
  5770  // Filter sets the optional parameter "filter": Filter to apply when listing
  5771  // KeyHandles, e.g. `resource_type_selector="{SERVICE}.googleapis.com/{TYPE}".
  5772  func (c *ProjectsLocationsKeyHandlesListCall) Filter(filter string) *ProjectsLocationsKeyHandlesListCall {
  5773  	c.urlParams_.Set("filter", filter)
  5774  	return c
  5775  }
  5776  
  5777  // Fields allows partial responses to be retrieved. See
  5778  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5779  // details.
  5780  func (c *ProjectsLocationsKeyHandlesListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyHandlesListCall {
  5781  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5782  	return c
  5783  }
  5784  
  5785  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  5786  // object's ETag matches the given value. This is useful for getting updates
  5787  // only after the object has changed since the last request.
  5788  func (c *ProjectsLocationsKeyHandlesListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyHandlesListCall {
  5789  	c.ifNoneMatch_ = entityTag
  5790  	return c
  5791  }
  5792  
  5793  // Context sets the context to be used in this call's Do method.
  5794  func (c *ProjectsLocationsKeyHandlesListCall) Context(ctx context.Context) *ProjectsLocationsKeyHandlesListCall {
  5795  	c.ctx_ = ctx
  5796  	return c
  5797  }
  5798  
  5799  // Header returns a http.Header that can be modified by the caller to add
  5800  // headers to the request.
  5801  func (c *ProjectsLocationsKeyHandlesListCall) Header() http.Header {
  5802  	if c.header_ == nil {
  5803  		c.header_ = make(http.Header)
  5804  	}
  5805  	return c.header_
  5806  }
  5807  
  5808  func (c *ProjectsLocationsKeyHandlesListCall) doRequest(alt string) (*http.Response, error) {
  5809  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  5810  	if c.ifNoneMatch_ != "" {
  5811  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  5812  	}
  5813  	var body io.Reader = nil
  5814  	c.urlParams_.Set("alt", alt)
  5815  	c.urlParams_.Set("prettyPrint", "false")
  5816  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyHandles")
  5817  	urls += "?" + c.urlParams_.Encode()
  5818  	req, err := http.NewRequest("GET", urls, body)
  5819  	if err != nil {
  5820  		return nil, err
  5821  	}
  5822  	req.Header = reqHeaders
  5823  	googleapi.Expand(req.URL, map[string]string{
  5824  		"parent": c.parent,
  5825  	})
  5826  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5827  }
  5828  
  5829  // Do executes the "cloudkms.projects.locations.keyHandles.list" call.
  5830  // Any non-2xx status code is an error. Response headers are in either
  5831  // *ListKeyHandlesResponse.ServerResponse.Header or (if a response was returned
  5832  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  5833  // check whether the returned error was because http.StatusNotModified was
  5834  // returned.
  5835  func (c *ProjectsLocationsKeyHandlesListCall) Do(opts ...googleapi.CallOption) (*ListKeyHandlesResponse, error) {
  5836  	gensupport.SetOptions(c.urlParams_, opts...)
  5837  	res, err := c.doRequest("json")
  5838  	if res != nil && res.StatusCode == http.StatusNotModified {
  5839  		if res.Body != nil {
  5840  			res.Body.Close()
  5841  		}
  5842  		return nil, gensupport.WrapError(&googleapi.Error{
  5843  			Code:   res.StatusCode,
  5844  			Header: res.Header,
  5845  		})
  5846  	}
  5847  	if err != nil {
  5848  		return nil, err
  5849  	}
  5850  	defer googleapi.CloseBody(res)
  5851  	if err := googleapi.CheckResponse(res); err != nil {
  5852  		return nil, gensupport.WrapError(err)
  5853  	}
  5854  	ret := &ListKeyHandlesResponse{
  5855  		ServerResponse: googleapi.ServerResponse{
  5856  			Header:         res.Header,
  5857  			HTTPStatusCode: res.StatusCode,
  5858  		},
  5859  	}
  5860  	target := &ret
  5861  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5862  		return nil, err
  5863  	}
  5864  	return ret, nil
  5865  }
  5866  
  5867  type ProjectsLocationsKeyRingsCreateCall struct {
  5868  	s          *Service
  5869  	parent     string
  5870  	keyring    *KeyRing
  5871  	urlParams_ gensupport.URLParams
  5872  	ctx_       context.Context
  5873  	header_    http.Header
  5874  }
  5875  
  5876  // Create: Create a new KeyRing in a given Project and Location.
  5877  //
  5878  //   - parent: The resource name of the location associated with the KeyRings, in
  5879  //     the format `projects/*/locations/*`.
  5880  func (r *ProjectsLocationsKeyRingsService) Create(parent string, keyring *KeyRing) *ProjectsLocationsKeyRingsCreateCall {
  5881  	c := &ProjectsLocationsKeyRingsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5882  	c.parent = parent
  5883  	c.keyring = keyring
  5884  	return c
  5885  }
  5886  
  5887  // KeyRingId sets the optional parameter "keyRingId": Required. It must be
  5888  // unique within a location and match the regular expression
  5889  // `[a-zA-Z0-9_-]{1,63}`
  5890  func (c *ProjectsLocationsKeyRingsCreateCall) KeyRingId(keyRingId string) *ProjectsLocationsKeyRingsCreateCall {
  5891  	c.urlParams_.Set("keyRingId", keyRingId)
  5892  	return c
  5893  }
  5894  
  5895  // Fields allows partial responses to be retrieved. See
  5896  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5897  // details.
  5898  func (c *ProjectsLocationsKeyRingsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCreateCall {
  5899  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  5900  	return c
  5901  }
  5902  
  5903  // Context sets the context to be used in this call's Do method.
  5904  func (c *ProjectsLocationsKeyRingsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCreateCall {
  5905  	c.ctx_ = ctx
  5906  	return c
  5907  }
  5908  
  5909  // Header returns a http.Header that can be modified by the caller to add
  5910  // headers to the request.
  5911  func (c *ProjectsLocationsKeyRingsCreateCall) Header() http.Header {
  5912  	if c.header_ == nil {
  5913  		c.header_ = make(http.Header)
  5914  	}
  5915  	return c.header_
  5916  }
  5917  
  5918  func (c *ProjectsLocationsKeyRingsCreateCall) doRequest(alt string) (*http.Response, error) {
  5919  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  5920  	var body io.Reader = nil
  5921  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.keyring)
  5922  	if err != nil {
  5923  		return nil, err
  5924  	}
  5925  	c.urlParams_.Set("alt", alt)
  5926  	c.urlParams_.Set("prettyPrint", "false")
  5927  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings")
  5928  	urls += "?" + c.urlParams_.Encode()
  5929  	req, err := http.NewRequest("POST", urls, body)
  5930  	if err != nil {
  5931  		return nil, err
  5932  	}
  5933  	req.Header = reqHeaders
  5934  	googleapi.Expand(req.URL, map[string]string{
  5935  		"parent": c.parent,
  5936  	})
  5937  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  5938  }
  5939  
  5940  // Do executes the "cloudkms.projects.locations.keyRings.create" call.
  5941  // Any non-2xx status code is an error. Response headers are in either
  5942  // *KeyRing.ServerResponse.Header or (if a response was returned at all) in
  5943  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  5944  // whether the returned error was because http.StatusNotModified was returned.
  5945  func (c *ProjectsLocationsKeyRingsCreateCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) {
  5946  	gensupport.SetOptions(c.urlParams_, opts...)
  5947  	res, err := c.doRequest("json")
  5948  	if res != nil && res.StatusCode == http.StatusNotModified {
  5949  		if res.Body != nil {
  5950  			res.Body.Close()
  5951  		}
  5952  		return nil, gensupport.WrapError(&googleapi.Error{
  5953  			Code:   res.StatusCode,
  5954  			Header: res.Header,
  5955  		})
  5956  	}
  5957  	if err != nil {
  5958  		return nil, err
  5959  	}
  5960  	defer googleapi.CloseBody(res)
  5961  	if err := googleapi.CheckResponse(res); err != nil {
  5962  		return nil, gensupport.WrapError(err)
  5963  	}
  5964  	ret := &KeyRing{
  5965  		ServerResponse: googleapi.ServerResponse{
  5966  			Header:         res.Header,
  5967  			HTTPStatusCode: res.StatusCode,
  5968  		},
  5969  	}
  5970  	target := &ret
  5971  	if err := gensupport.DecodeResponse(target, res); err != nil {
  5972  		return nil, err
  5973  	}
  5974  	return ret, nil
  5975  }
  5976  
  5977  type ProjectsLocationsKeyRingsGetCall struct {
  5978  	s            *Service
  5979  	name         string
  5980  	urlParams_   gensupport.URLParams
  5981  	ifNoneMatch_ string
  5982  	ctx_         context.Context
  5983  	header_      http.Header
  5984  }
  5985  
  5986  // Get: Returns metadata for a given KeyRing.
  5987  //
  5988  // - name: The name of the KeyRing to get.
  5989  func (r *ProjectsLocationsKeyRingsService) Get(name string) *ProjectsLocationsKeyRingsGetCall {
  5990  	c := &ProjectsLocationsKeyRingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  5991  	c.name = name
  5992  	return c
  5993  }
  5994  
  5995  // Fields allows partial responses to be retrieved. See
  5996  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  5997  // details.
  5998  func (c *ProjectsLocationsKeyRingsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetCall {
  5999  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6000  	return c
  6001  }
  6002  
  6003  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  6004  // object's ETag matches the given value. This is useful for getting updates
  6005  // only after the object has changed since the last request.
  6006  func (c *ProjectsLocationsKeyRingsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetCall {
  6007  	c.ifNoneMatch_ = entityTag
  6008  	return c
  6009  }
  6010  
  6011  // Context sets the context to be used in this call's Do method.
  6012  func (c *ProjectsLocationsKeyRingsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetCall {
  6013  	c.ctx_ = ctx
  6014  	return c
  6015  }
  6016  
  6017  // Header returns a http.Header that can be modified by the caller to add
  6018  // headers to the request.
  6019  func (c *ProjectsLocationsKeyRingsGetCall) Header() http.Header {
  6020  	if c.header_ == nil {
  6021  		c.header_ = make(http.Header)
  6022  	}
  6023  	return c.header_
  6024  }
  6025  
  6026  func (c *ProjectsLocationsKeyRingsGetCall) doRequest(alt string) (*http.Response, error) {
  6027  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  6028  	if c.ifNoneMatch_ != "" {
  6029  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  6030  	}
  6031  	var body io.Reader = nil
  6032  	c.urlParams_.Set("alt", alt)
  6033  	c.urlParams_.Set("prettyPrint", "false")
  6034  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  6035  	urls += "?" + c.urlParams_.Encode()
  6036  	req, err := http.NewRequest("GET", urls, body)
  6037  	if err != nil {
  6038  		return nil, err
  6039  	}
  6040  	req.Header = reqHeaders
  6041  	googleapi.Expand(req.URL, map[string]string{
  6042  		"name": c.name,
  6043  	})
  6044  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6045  }
  6046  
  6047  // Do executes the "cloudkms.projects.locations.keyRings.get" call.
  6048  // Any non-2xx status code is an error. Response headers are in either
  6049  // *KeyRing.ServerResponse.Header or (if a response was returned at all) in
  6050  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  6051  // whether the returned error was because http.StatusNotModified was returned.
  6052  func (c *ProjectsLocationsKeyRingsGetCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) {
  6053  	gensupport.SetOptions(c.urlParams_, opts...)
  6054  	res, err := c.doRequest("json")
  6055  	if res != nil && res.StatusCode == http.StatusNotModified {
  6056  		if res.Body != nil {
  6057  			res.Body.Close()
  6058  		}
  6059  		return nil, gensupport.WrapError(&googleapi.Error{
  6060  			Code:   res.StatusCode,
  6061  			Header: res.Header,
  6062  		})
  6063  	}
  6064  	if err != nil {
  6065  		return nil, err
  6066  	}
  6067  	defer googleapi.CloseBody(res)
  6068  	if err := googleapi.CheckResponse(res); err != nil {
  6069  		return nil, gensupport.WrapError(err)
  6070  	}
  6071  	ret := &KeyRing{
  6072  		ServerResponse: googleapi.ServerResponse{
  6073  			Header:         res.Header,
  6074  			HTTPStatusCode: res.StatusCode,
  6075  		},
  6076  	}
  6077  	target := &ret
  6078  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6079  		return nil, err
  6080  	}
  6081  	return ret, nil
  6082  }
  6083  
  6084  type ProjectsLocationsKeyRingsGetIamPolicyCall struct {
  6085  	s            *Service
  6086  	resource     string
  6087  	urlParams_   gensupport.URLParams
  6088  	ifNoneMatch_ string
  6089  	ctx_         context.Context
  6090  	header_      http.Header
  6091  }
  6092  
  6093  // GetIamPolicy: Gets the access control policy for a resource. Returns an
  6094  // empty policy if the resource exists and does not have a policy set.
  6095  //
  6096  //   - resource: REQUIRED: The resource for which the policy is being requested.
  6097  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  6098  //     for the appropriate value for this field.
  6099  func (r *ProjectsLocationsKeyRingsService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsGetIamPolicyCall {
  6100  	c := &ProjectsLocationsKeyRingsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6101  	c.resource = resource
  6102  	return c
  6103  }
  6104  
  6105  // OptionsRequestedPolicyVersion sets the optional parameter
  6106  // "options.requestedPolicyVersion": The maximum policy version that will be
  6107  // used to format the policy. Valid values are 0, 1, and 3. Requests specifying
  6108  // an invalid value will be rejected. Requests for policies with any
  6109  // conditional role bindings must specify version 3. Policies with no
  6110  // conditional role bindings may specify any valid value or leave the field
  6111  // unset. The policy in the response might use the policy version that you
  6112  // specified, or it might use a lower policy version. For example, if you
  6113  // specify version 3, but the policy has no conditional role bindings, the
  6114  // response uses version 1. To learn which resources support conditions in
  6115  // their IAM policies, see the IAM documentation
  6116  // (https://cloud.google.com/iam/help/conditions/resource-policies).
  6117  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsKeyRingsGetIamPolicyCall {
  6118  	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
  6119  	return c
  6120  }
  6121  
  6122  // Fields allows partial responses to be retrieved. See
  6123  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6124  // details.
  6125  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetIamPolicyCall {
  6126  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6127  	return c
  6128  }
  6129  
  6130  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  6131  // object's ETag matches the given value. This is useful for getting updates
  6132  // only after the object has changed since the last request.
  6133  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetIamPolicyCall {
  6134  	c.ifNoneMatch_ = entityTag
  6135  	return c
  6136  }
  6137  
  6138  // Context sets the context to be used in this call's Do method.
  6139  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetIamPolicyCall {
  6140  	c.ctx_ = ctx
  6141  	return c
  6142  }
  6143  
  6144  // Header returns a http.Header that can be modified by the caller to add
  6145  // headers to the request.
  6146  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Header() http.Header {
  6147  	if c.header_ == nil {
  6148  		c.header_ = make(http.Header)
  6149  	}
  6150  	return c.header_
  6151  }
  6152  
  6153  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  6154  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  6155  	if c.ifNoneMatch_ != "" {
  6156  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  6157  	}
  6158  	var body io.Reader = nil
  6159  	c.urlParams_.Set("alt", alt)
  6160  	c.urlParams_.Set("prettyPrint", "false")
  6161  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
  6162  	urls += "?" + c.urlParams_.Encode()
  6163  	req, err := http.NewRequest("GET", urls, body)
  6164  	if err != nil {
  6165  		return nil, err
  6166  	}
  6167  	req.Header = reqHeaders
  6168  	googleapi.Expand(req.URL, map[string]string{
  6169  		"resource": c.resource,
  6170  	})
  6171  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6172  }
  6173  
  6174  // Do executes the "cloudkms.projects.locations.keyRings.getIamPolicy" call.
  6175  // Any non-2xx status code is an error. Response headers are in either
  6176  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  6177  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  6178  // whether the returned error was because http.StatusNotModified was returned.
  6179  func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  6180  	gensupport.SetOptions(c.urlParams_, opts...)
  6181  	res, err := c.doRequest("json")
  6182  	if res != nil && res.StatusCode == http.StatusNotModified {
  6183  		if res.Body != nil {
  6184  			res.Body.Close()
  6185  		}
  6186  		return nil, gensupport.WrapError(&googleapi.Error{
  6187  			Code:   res.StatusCode,
  6188  			Header: res.Header,
  6189  		})
  6190  	}
  6191  	if err != nil {
  6192  		return nil, err
  6193  	}
  6194  	defer googleapi.CloseBody(res)
  6195  	if err := googleapi.CheckResponse(res); err != nil {
  6196  		return nil, gensupport.WrapError(err)
  6197  	}
  6198  	ret := &Policy{
  6199  		ServerResponse: googleapi.ServerResponse{
  6200  			Header:         res.Header,
  6201  			HTTPStatusCode: res.StatusCode,
  6202  		},
  6203  	}
  6204  	target := &ret
  6205  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6206  		return nil, err
  6207  	}
  6208  	return ret, nil
  6209  }
  6210  
  6211  type ProjectsLocationsKeyRingsListCall struct {
  6212  	s            *Service
  6213  	parent       string
  6214  	urlParams_   gensupport.URLParams
  6215  	ifNoneMatch_ string
  6216  	ctx_         context.Context
  6217  	header_      http.Header
  6218  }
  6219  
  6220  // List: Lists KeyRings.
  6221  //
  6222  //   - parent: The resource name of the location associated with the KeyRings, in
  6223  //     the format `projects/*/locations/*`.
  6224  func (r *ProjectsLocationsKeyRingsService) List(parent string) *ProjectsLocationsKeyRingsListCall {
  6225  	c := &ProjectsLocationsKeyRingsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6226  	c.parent = parent
  6227  	return c
  6228  }
  6229  
  6230  // Filter sets the optional parameter "filter": Only include resources that
  6231  // match the filter in the response. For more information, see Sorting and
  6232  // filtering list results
  6233  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  6234  func (c *ProjectsLocationsKeyRingsListCall) Filter(filter string) *ProjectsLocationsKeyRingsListCall {
  6235  	c.urlParams_.Set("filter", filter)
  6236  	return c
  6237  }
  6238  
  6239  // OrderBy sets the optional parameter "orderBy": Specify how the results
  6240  // should be sorted. If not specified, the results will be sorted in the
  6241  // default order. For more information, see Sorting and filtering list results
  6242  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  6243  func (c *ProjectsLocationsKeyRingsListCall) OrderBy(orderBy string) *ProjectsLocationsKeyRingsListCall {
  6244  	c.urlParams_.Set("orderBy", orderBy)
  6245  	return c
  6246  }
  6247  
  6248  // PageSize sets the optional parameter "pageSize": Optional limit on the
  6249  // number of KeyRings to include in the response. Further KeyRings can
  6250  // subsequently be obtained by including the
  6251  // ListKeyRingsResponse.next_page_token in a subsequent request. If
  6252  // unspecified, the server will pick an appropriate default.
  6253  func (c *ProjectsLocationsKeyRingsListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsListCall {
  6254  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  6255  	return c
  6256  }
  6257  
  6258  // PageToken sets the optional parameter "pageToken": Optional pagination
  6259  // token, returned earlier via ListKeyRingsResponse.next_page_token.
  6260  func (c *ProjectsLocationsKeyRingsListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsListCall {
  6261  	c.urlParams_.Set("pageToken", pageToken)
  6262  	return c
  6263  }
  6264  
  6265  // Fields allows partial responses to be retrieved. See
  6266  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6267  // details.
  6268  func (c *ProjectsLocationsKeyRingsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsListCall {
  6269  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6270  	return c
  6271  }
  6272  
  6273  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  6274  // object's ETag matches the given value. This is useful for getting updates
  6275  // only after the object has changed since the last request.
  6276  func (c *ProjectsLocationsKeyRingsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsListCall {
  6277  	c.ifNoneMatch_ = entityTag
  6278  	return c
  6279  }
  6280  
  6281  // Context sets the context to be used in this call's Do method.
  6282  func (c *ProjectsLocationsKeyRingsListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsListCall {
  6283  	c.ctx_ = ctx
  6284  	return c
  6285  }
  6286  
  6287  // Header returns a http.Header that can be modified by the caller to add
  6288  // headers to the request.
  6289  func (c *ProjectsLocationsKeyRingsListCall) Header() http.Header {
  6290  	if c.header_ == nil {
  6291  		c.header_ = make(http.Header)
  6292  	}
  6293  	return c.header_
  6294  }
  6295  
  6296  func (c *ProjectsLocationsKeyRingsListCall) doRequest(alt string) (*http.Response, error) {
  6297  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  6298  	if c.ifNoneMatch_ != "" {
  6299  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  6300  	}
  6301  	var body io.Reader = nil
  6302  	c.urlParams_.Set("alt", alt)
  6303  	c.urlParams_.Set("prettyPrint", "false")
  6304  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings")
  6305  	urls += "?" + c.urlParams_.Encode()
  6306  	req, err := http.NewRequest("GET", urls, body)
  6307  	if err != nil {
  6308  		return nil, err
  6309  	}
  6310  	req.Header = reqHeaders
  6311  	googleapi.Expand(req.URL, map[string]string{
  6312  		"parent": c.parent,
  6313  	})
  6314  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6315  }
  6316  
  6317  // Do executes the "cloudkms.projects.locations.keyRings.list" call.
  6318  // Any non-2xx status code is an error. Response headers are in either
  6319  // *ListKeyRingsResponse.ServerResponse.Header or (if a response was returned
  6320  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  6321  // check whether the returned error was because http.StatusNotModified was
  6322  // returned.
  6323  func (c *ProjectsLocationsKeyRingsListCall) Do(opts ...googleapi.CallOption) (*ListKeyRingsResponse, error) {
  6324  	gensupport.SetOptions(c.urlParams_, opts...)
  6325  	res, err := c.doRequest("json")
  6326  	if res != nil && res.StatusCode == http.StatusNotModified {
  6327  		if res.Body != nil {
  6328  			res.Body.Close()
  6329  		}
  6330  		return nil, gensupport.WrapError(&googleapi.Error{
  6331  			Code:   res.StatusCode,
  6332  			Header: res.Header,
  6333  		})
  6334  	}
  6335  	if err != nil {
  6336  		return nil, err
  6337  	}
  6338  	defer googleapi.CloseBody(res)
  6339  	if err := googleapi.CheckResponse(res); err != nil {
  6340  		return nil, gensupport.WrapError(err)
  6341  	}
  6342  	ret := &ListKeyRingsResponse{
  6343  		ServerResponse: googleapi.ServerResponse{
  6344  			Header:         res.Header,
  6345  			HTTPStatusCode: res.StatusCode,
  6346  		},
  6347  	}
  6348  	target := &ret
  6349  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6350  		return nil, err
  6351  	}
  6352  	return ret, nil
  6353  }
  6354  
  6355  // Pages invokes f for each page of results.
  6356  // A non-nil error returned from f will halt the iteration.
  6357  // The provided context supersedes any context provided to the Context method.
  6358  func (c *ProjectsLocationsKeyRingsListCall) Pages(ctx context.Context, f func(*ListKeyRingsResponse) error) error {
  6359  	c.ctx_ = ctx
  6360  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  6361  	for {
  6362  		x, err := c.Do()
  6363  		if err != nil {
  6364  			return err
  6365  		}
  6366  		if err := f(x); err != nil {
  6367  			return err
  6368  		}
  6369  		if x.NextPageToken == "" {
  6370  			return nil
  6371  		}
  6372  		c.PageToken(x.NextPageToken)
  6373  	}
  6374  }
  6375  
  6376  type ProjectsLocationsKeyRingsSetIamPolicyCall struct {
  6377  	s                   *Service
  6378  	resource            string
  6379  	setiampolicyrequest *SetIamPolicyRequest
  6380  	urlParams_          gensupport.URLParams
  6381  	ctx_                context.Context
  6382  	header_             http.Header
  6383  }
  6384  
  6385  // SetIamPolicy: Sets the access control policy on the specified resource.
  6386  // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
  6387  // and `PERMISSION_DENIED` errors.
  6388  //
  6389  //   - resource: REQUIRED: The resource for which the policy is being specified.
  6390  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  6391  //     for the appropriate value for this field.
  6392  func (r *ProjectsLocationsKeyRingsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsKeyRingsSetIamPolicyCall {
  6393  	c := &ProjectsLocationsKeyRingsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6394  	c.resource = resource
  6395  	c.setiampolicyrequest = setiampolicyrequest
  6396  	return c
  6397  }
  6398  
  6399  // Fields allows partial responses to be retrieved. See
  6400  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6401  // details.
  6402  func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsSetIamPolicyCall {
  6403  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6404  	return c
  6405  }
  6406  
  6407  // Context sets the context to be used in this call's Do method.
  6408  func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsSetIamPolicyCall {
  6409  	c.ctx_ = ctx
  6410  	return c
  6411  }
  6412  
  6413  // Header returns a http.Header that can be modified by the caller to add
  6414  // headers to the request.
  6415  func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Header() http.Header {
  6416  	if c.header_ == nil {
  6417  		c.header_ = make(http.Header)
  6418  	}
  6419  	return c.header_
  6420  }
  6421  
  6422  func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  6423  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  6424  	var body io.Reader = nil
  6425  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
  6426  	if err != nil {
  6427  		return nil, err
  6428  	}
  6429  	c.urlParams_.Set("alt", alt)
  6430  	c.urlParams_.Set("prettyPrint", "false")
  6431  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
  6432  	urls += "?" + c.urlParams_.Encode()
  6433  	req, err := http.NewRequest("POST", urls, body)
  6434  	if err != nil {
  6435  		return nil, err
  6436  	}
  6437  	req.Header = reqHeaders
  6438  	googleapi.Expand(req.URL, map[string]string{
  6439  		"resource": c.resource,
  6440  	})
  6441  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6442  }
  6443  
  6444  // Do executes the "cloudkms.projects.locations.keyRings.setIamPolicy" call.
  6445  // Any non-2xx status code is an error. Response headers are in either
  6446  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  6447  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  6448  // whether the returned error was because http.StatusNotModified was returned.
  6449  func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  6450  	gensupport.SetOptions(c.urlParams_, opts...)
  6451  	res, err := c.doRequest("json")
  6452  	if res != nil && res.StatusCode == http.StatusNotModified {
  6453  		if res.Body != nil {
  6454  			res.Body.Close()
  6455  		}
  6456  		return nil, gensupport.WrapError(&googleapi.Error{
  6457  			Code:   res.StatusCode,
  6458  			Header: res.Header,
  6459  		})
  6460  	}
  6461  	if err != nil {
  6462  		return nil, err
  6463  	}
  6464  	defer googleapi.CloseBody(res)
  6465  	if err := googleapi.CheckResponse(res); err != nil {
  6466  		return nil, gensupport.WrapError(err)
  6467  	}
  6468  	ret := &Policy{
  6469  		ServerResponse: googleapi.ServerResponse{
  6470  			Header:         res.Header,
  6471  			HTTPStatusCode: res.StatusCode,
  6472  		},
  6473  	}
  6474  	target := &ret
  6475  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6476  		return nil, err
  6477  	}
  6478  	return ret, nil
  6479  }
  6480  
  6481  type ProjectsLocationsKeyRingsTestIamPermissionsCall struct {
  6482  	s                         *Service
  6483  	resource                  string
  6484  	testiampermissionsrequest *TestIamPermissionsRequest
  6485  	urlParams_                gensupport.URLParams
  6486  	ctx_                      context.Context
  6487  	header_                   http.Header
  6488  }
  6489  
  6490  // TestIamPermissions: Returns permissions that a caller has on the specified
  6491  // resource. If the resource does not exist, this will return an empty set of
  6492  // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
  6493  // used for building permission-aware UIs and command-line tools, not for
  6494  // authorization checking. This operation may "fail open" without warning.
  6495  //
  6496  //   - resource: REQUIRED: The resource for which the policy detail is being
  6497  //     requested. See Resource names
  6498  //     (https://cloud.google.com/apis/design/resource_names) for the appropriate
  6499  //     value for this field.
  6500  func (r *ProjectsLocationsKeyRingsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsKeyRingsTestIamPermissionsCall {
  6501  	c := &ProjectsLocationsKeyRingsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6502  	c.resource = resource
  6503  	c.testiampermissionsrequest = testiampermissionsrequest
  6504  	return c
  6505  }
  6506  
  6507  // Fields allows partial responses to be retrieved. See
  6508  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6509  // details.
  6510  func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsTestIamPermissionsCall {
  6511  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6512  	return c
  6513  }
  6514  
  6515  // Context sets the context to be used in this call's Do method.
  6516  func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsTestIamPermissionsCall {
  6517  	c.ctx_ = ctx
  6518  	return c
  6519  }
  6520  
  6521  // Header returns a http.Header that can be modified by the caller to add
  6522  // headers to the request.
  6523  func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Header() http.Header {
  6524  	if c.header_ == nil {
  6525  		c.header_ = make(http.Header)
  6526  	}
  6527  	return c.header_
  6528  }
  6529  
  6530  func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
  6531  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  6532  	var body io.Reader = nil
  6533  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
  6534  	if err != nil {
  6535  		return nil, err
  6536  	}
  6537  	c.urlParams_.Set("alt", alt)
  6538  	c.urlParams_.Set("prettyPrint", "false")
  6539  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
  6540  	urls += "?" + c.urlParams_.Encode()
  6541  	req, err := http.NewRequest("POST", urls, body)
  6542  	if err != nil {
  6543  		return nil, err
  6544  	}
  6545  	req.Header = reqHeaders
  6546  	googleapi.Expand(req.URL, map[string]string{
  6547  		"resource": c.resource,
  6548  	})
  6549  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6550  }
  6551  
  6552  // Do executes the "cloudkms.projects.locations.keyRings.testIamPermissions" call.
  6553  // Any non-2xx status code is an error. Response headers are in either
  6554  // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
  6555  // returned at all) in error.(*googleapi.Error).Header. Use
  6556  // googleapi.IsNotModified to check whether the returned error was because
  6557  // http.StatusNotModified was returned.
  6558  func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
  6559  	gensupport.SetOptions(c.urlParams_, opts...)
  6560  	res, err := c.doRequest("json")
  6561  	if res != nil && res.StatusCode == http.StatusNotModified {
  6562  		if res.Body != nil {
  6563  			res.Body.Close()
  6564  		}
  6565  		return nil, gensupport.WrapError(&googleapi.Error{
  6566  			Code:   res.StatusCode,
  6567  			Header: res.Header,
  6568  		})
  6569  	}
  6570  	if err != nil {
  6571  		return nil, err
  6572  	}
  6573  	defer googleapi.CloseBody(res)
  6574  	if err := googleapi.CheckResponse(res); err != nil {
  6575  		return nil, gensupport.WrapError(err)
  6576  	}
  6577  	ret := &TestIamPermissionsResponse{
  6578  		ServerResponse: googleapi.ServerResponse{
  6579  			Header:         res.Header,
  6580  			HTTPStatusCode: res.StatusCode,
  6581  		},
  6582  	}
  6583  	target := &ret
  6584  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6585  		return nil, err
  6586  	}
  6587  	return ret, nil
  6588  }
  6589  
  6590  type ProjectsLocationsKeyRingsCryptoKeysCreateCall struct {
  6591  	s          *Service
  6592  	parent     string
  6593  	cryptokey  *CryptoKey
  6594  	urlParams_ gensupport.URLParams
  6595  	ctx_       context.Context
  6596  	header_    http.Header
  6597  }
  6598  
  6599  // Create: Create a new CryptoKey within a KeyRing. CryptoKey.purpose and
  6600  // CryptoKey.version_template.algorithm are required.
  6601  //
  6602  // - parent: The name of the KeyRing associated with the CryptoKeys.
  6603  func (r *ProjectsLocationsKeyRingsCryptoKeysService) Create(parent string, cryptokey *CryptoKey) *ProjectsLocationsKeyRingsCryptoKeysCreateCall {
  6604  	c := &ProjectsLocationsKeyRingsCryptoKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6605  	c.parent = parent
  6606  	c.cryptokey = cryptokey
  6607  	return c
  6608  }
  6609  
  6610  // CryptoKeyId sets the optional parameter "cryptoKeyId": Required. It must be
  6611  // unique within a KeyRing and match the regular expression
  6612  // `[a-zA-Z0-9_-]{1,63}`
  6613  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) CryptoKeyId(cryptoKeyId string) *ProjectsLocationsKeyRingsCryptoKeysCreateCall {
  6614  	c.urlParams_.Set("cryptoKeyId", cryptoKeyId)
  6615  	return c
  6616  }
  6617  
  6618  // SkipInitialVersionCreation sets the optional parameter
  6619  // "skipInitialVersionCreation": If set to true, the request will create a
  6620  // CryptoKey without any CryptoKeyVersions. You must manually call
  6621  // CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this
  6622  // CryptoKey.
  6623  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) SkipInitialVersionCreation(skipInitialVersionCreation bool) *ProjectsLocationsKeyRingsCryptoKeysCreateCall {
  6624  	c.urlParams_.Set("skipInitialVersionCreation", fmt.Sprint(skipInitialVersionCreation))
  6625  	return c
  6626  }
  6627  
  6628  // Fields allows partial responses to be retrieved. See
  6629  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6630  // details.
  6631  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCreateCall {
  6632  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6633  	return c
  6634  }
  6635  
  6636  // Context sets the context to be used in this call's Do method.
  6637  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCreateCall {
  6638  	c.ctx_ = ctx
  6639  	return c
  6640  }
  6641  
  6642  // Header returns a http.Header that can be modified by the caller to add
  6643  // headers to the request.
  6644  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Header() http.Header {
  6645  	if c.header_ == nil {
  6646  		c.header_ = make(http.Header)
  6647  	}
  6648  	return c.header_
  6649  }
  6650  
  6651  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) doRequest(alt string) (*http.Response, error) {
  6652  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  6653  	var body io.Reader = nil
  6654  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokey)
  6655  	if err != nil {
  6656  		return nil, err
  6657  	}
  6658  	c.urlParams_.Set("alt", alt)
  6659  	c.urlParams_.Set("prettyPrint", "false")
  6660  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeys")
  6661  	urls += "?" + c.urlParams_.Encode()
  6662  	req, err := http.NewRequest("POST", urls, body)
  6663  	if err != nil {
  6664  		return nil, err
  6665  	}
  6666  	req.Header = reqHeaders
  6667  	googleapi.Expand(req.URL, map[string]string{
  6668  		"parent": c.parent,
  6669  	})
  6670  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6671  }
  6672  
  6673  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.create" call.
  6674  // Any non-2xx status code is an error. Response headers are in either
  6675  // *CryptoKey.ServerResponse.Header or (if a response was returned at all) in
  6676  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  6677  // whether the returned error was because http.StatusNotModified was returned.
  6678  func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) {
  6679  	gensupport.SetOptions(c.urlParams_, opts...)
  6680  	res, err := c.doRequest("json")
  6681  	if res != nil && res.StatusCode == http.StatusNotModified {
  6682  		if res.Body != nil {
  6683  			res.Body.Close()
  6684  		}
  6685  		return nil, gensupport.WrapError(&googleapi.Error{
  6686  			Code:   res.StatusCode,
  6687  			Header: res.Header,
  6688  		})
  6689  	}
  6690  	if err != nil {
  6691  		return nil, err
  6692  	}
  6693  	defer googleapi.CloseBody(res)
  6694  	if err := googleapi.CheckResponse(res); err != nil {
  6695  		return nil, gensupport.WrapError(err)
  6696  	}
  6697  	ret := &CryptoKey{
  6698  		ServerResponse: googleapi.ServerResponse{
  6699  			Header:         res.Header,
  6700  			HTTPStatusCode: res.StatusCode,
  6701  		},
  6702  	}
  6703  	target := &ret
  6704  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6705  		return nil, err
  6706  	}
  6707  	return ret, nil
  6708  }
  6709  
  6710  type ProjectsLocationsKeyRingsCryptoKeysDecryptCall struct {
  6711  	s              *Service
  6712  	name           string
  6713  	decryptrequest *DecryptRequest
  6714  	urlParams_     gensupport.URLParams
  6715  	ctx_           context.Context
  6716  	header_        http.Header
  6717  }
  6718  
  6719  // Decrypt: Decrypts data that was protected by Encrypt. The CryptoKey.purpose
  6720  // must be ENCRYPT_DECRYPT.
  6721  //
  6722  //   - name: The resource name of the CryptoKey to use for decryption. The server
  6723  //     will choose the appropriate version.
  6724  func (r *ProjectsLocationsKeyRingsCryptoKeysService) Decrypt(name string, decryptrequest *DecryptRequest) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall {
  6725  	c := &ProjectsLocationsKeyRingsCryptoKeysDecryptCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6726  	c.name = name
  6727  	c.decryptrequest = decryptrequest
  6728  	return c
  6729  }
  6730  
  6731  // Fields allows partial responses to be retrieved. See
  6732  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6733  // details.
  6734  func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall {
  6735  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6736  	return c
  6737  }
  6738  
  6739  // Context sets the context to be used in this call's Do method.
  6740  func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall {
  6741  	c.ctx_ = ctx
  6742  	return c
  6743  }
  6744  
  6745  // Header returns a http.Header that can be modified by the caller to add
  6746  // headers to the request.
  6747  func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Header() http.Header {
  6748  	if c.header_ == nil {
  6749  		c.header_ = make(http.Header)
  6750  	}
  6751  	return c.header_
  6752  }
  6753  
  6754  func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) doRequest(alt string) (*http.Response, error) {
  6755  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  6756  	var body io.Reader = nil
  6757  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.decryptrequest)
  6758  	if err != nil {
  6759  		return nil, err
  6760  	}
  6761  	c.urlParams_.Set("alt", alt)
  6762  	c.urlParams_.Set("prettyPrint", "false")
  6763  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:decrypt")
  6764  	urls += "?" + c.urlParams_.Encode()
  6765  	req, err := http.NewRequest("POST", urls, body)
  6766  	if err != nil {
  6767  		return nil, err
  6768  	}
  6769  	req.Header = reqHeaders
  6770  	googleapi.Expand(req.URL, map[string]string{
  6771  		"name": c.name,
  6772  	})
  6773  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6774  }
  6775  
  6776  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.decrypt" call.
  6777  // Any non-2xx status code is an error. Response headers are in either
  6778  // *DecryptResponse.ServerResponse.Header or (if a response was returned at
  6779  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  6780  // check whether the returned error was because http.StatusNotModified was
  6781  // returned.
  6782  func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Do(opts ...googleapi.CallOption) (*DecryptResponse, error) {
  6783  	gensupport.SetOptions(c.urlParams_, opts...)
  6784  	res, err := c.doRequest("json")
  6785  	if res != nil && res.StatusCode == http.StatusNotModified {
  6786  		if res.Body != nil {
  6787  			res.Body.Close()
  6788  		}
  6789  		return nil, gensupport.WrapError(&googleapi.Error{
  6790  			Code:   res.StatusCode,
  6791  			Header: res.Header,
  6792  		})
  6793  	}
  6794  	if err != nil {
  6795  		return nil, err
  6796  	}
  6797  	defer googleapi.CloseBody(res)
  6798  	if err := googleapi.CheckResponse(res); err != nil {
  6799  		return nil, gensupport.WrapError(err)
  6800  	}
  6801  	ret := &DecryptResponse{
  6802  		ServerResponse: googleapi.ServerResponse{
  6803  			Header:         res.Header,
  6804  			HTTPStatusCode: res.StatusCode,
  6805  		},
  6806  	}
  6807  	target := &ret
  6808  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6809  		return nil, err
  6810  	}
  6811  	return ret, nil
  6812  }
  6813  
  6814  type ProjectsLocationsKeyRingsCryptoKeysEncryptCall struct {
  6815  	s              *Service
  6816  	name           string
  6817  	encryptrequest *EncryptRequest
  6818  	urlParams_     gensupport.URLParams
  6819  	ctx_           context.Context
  6820  	header_        http.Header
  6821  }
  6822  
  6823  // Encrypt: Encrypts data, so that it can only be recovered by a call to
  6824  // Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
  6825  //
  6826  //   - name: The resource name of the CryptoKey or CryptoKeyVersion to use for
  6827  //     encryption. If a CryptoKey is specified, the server will use its primary
  6828  //     version.
  6829  func (r *ProjectsLocationsKeyRingsCryptoKeysService) Encrypt(name string, encryptrequest *EncryptRequest) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall {
  6830  	c := &ProjectsLocationsKeyRingsCryptoKeysEncryptCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6831  	c.name = name
  6832  	c.encryptrequest = encryptrequest
  6833  	return c
  6834  }
  6835  
  6836  // Fields allows partial responses to be retrieved. See
  6837  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6838  // details.
  6839  func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall {
  6840  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6841  	return c
  6842  }
  6843  
  6844  // Context sets the context to be used in this call's Do method.
  6845  func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall {
  6846  	c.ctx_ = ctx
  6847  	return c
  6848  }
  6849  
  6850  // Header returns a http.Header that can be modified by the caller to add
  6851  // headers to the request.
  6852  func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Header() http.Header {
  6853  	if c.header_ == nil {
  6854  		c.header_ = make(http.Header)
  6855  	}
  6856  	return c.header_
  6857  }
  6858  
  6859  func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) doRequest(alt string) (*http.Response, error) {
  6860  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  6861  	var body io.Reader = nil
  6862  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.encryptrequest)
  6863  	if err != nil {
  6864  		return nil, err
  6865  	}
  6866  	c.urlParams_.Set("alt", alt)
  6867  	c.urlParams_.Set("prettyPrint", "false")
  6868  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:encrypt")
  6869  	urls += "?" + c.urlParams_.Encode()
  6870  	req, err := http.NewRequest("POST", urls, body)
  6871  	if err != nil {
  6872  		return nil, err
  6873  	}
  6874  	req.Header = reqHeaders
  6875  	googleapi.Expand(req.URL, map[string]string{
  6876  		"name": c.name,
  6877  	})
  6878  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6879  }
  6880  
  6881  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.encrypt" call.
  6882  // Any non-2xx status code is an error. Response headers are in either
  6883  // *EncryptResponse.ServerResponse.Header or (if a response was returned at
  6884  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  6885  // check whether the returned error was because http.StatusNotModified was
  6886  // returned.
  6887  func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Do(opts ...googleapi.CallOption) (*EncryptResponse, error) {
  6888  	gensupport.SetOptions(c.urlParams_, opts...)
  6889  	res, err := c.doRequest("json")
  6890  	if res != nil && res.StatusCode == http.StatusNotModified {
  6891  		if res.Body != nil {
  6892  			res.Body.Close()
  6893  		}
  6894  		return nil, gensupport.WrapError(&googleapi.Error{
  6895  			Code:   res.StatusCode,
  6896  			Header: res.Header,
  6897  		})
  6898  	}
  6899  	if err != nil {
  6900  		return nil, err
  6901  	}
  6902  	defer googleapi.CloseBody(res)
  6903  	if err := googleapi.CheckResponse(res); err != nil {
  6904  		return nil, gensupport.WrapError(err)
  6905  	}
  6906  	ret := &EncryptResponse{
  6907  		ServerResponse: googleapi.ServerResponse{
  6908  			Header:         res.Header,
  6909  			HTTPStatusCode: res.StatusCode,
  6910  		},
  6911  	}
  6912  	target := &ret
  6913  	if err := gensupport.DecodeResponse(target, res); err != nil {
  6914  		return nil, err
  6915  	}
  6916  	return ret, nil
  6917  }
  6918  
  6919  type ProjectsLocationsKeyRingsCryptoKeysGetCall struct {
  6920  	s            *Service
  6921  	name         string
  6922  	urlParams_   gensupport.URLParams
  6923  	ifNoneMatch_ string
  6924  	ctx_         context.Context
  6925  	header_      http.Header
  6926  }
  6927  
  6928  // Get: Returns metadata for a given CryptoKey, as well as its primary
  6929  // CryptoKeyVersion.
  6930  //
  6931  // - name: The name of the CryptoKey to get.
  6932  func (r *ProjectsLocationsKeyRingsCryptoKeysService) Get(name string) *ProjectsLocationsKeyRingsCryptoKeysGetCall {
  6933  	c := &ProjectsLocationsKeyRingsCryptoKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  6934  	c.name = name
  6935  	return c
  6936  }
  6937  
  6938  // Fields allows partial responses to be retrieved. See
  6939  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  6940  // details.
  6941  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysGetCall {
  6942  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  6943  	return c
  6944  }
  6945  
  6946  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  6947  // object's ETag matches the given value. This is useful for getting updates
  6948  // only after the object has changed since the last request.
  6949  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysGetCall {
  6950  	c.ifNoneMatch_ = entityTag
  6951  	return c
  6952  }
  6953  
  6954  // Context sets the context to be used in this call's Do method.
  6955  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysGetCall {
  6956  	c.ctx_ = ctx
  6957  	return c
  6958  }
  6959  
  6960  // Header returns a http.Header that can be modified by the caller to add
  6961  // headers to the request.
  6962  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Header() http.Header {
  6963  	if c.header_ == nil {
  6964  		c.header_ = make(http.Header)
  6965  	}
  6966  	return c.header_
  6967  }
  6968  
  6969  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) doRequest(alt string) (*http.Response, error) {
  6970  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  6971  	if c.ifNoneMatch_ != "" {
  6972  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  6973  	}
  6974  	var body io.Reader = nil
  6975  	c.urlParams_.Set("alt", alt)
  6976  	c.urlParams_.Set("prettyPrint", "false")
  6977  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  6978  	urls += "?" + c.urlParams_.Encode()
  6979  	req, err := http.NewRequest("GET", urls, body)
  6980  	if err != nil {
  6981  		return nil, err
  6982  	}
  6983  	req.Header = reqHeaders
  6984  	googleapi.Expand(req.URL, map[string]string{
  6985  		"name": c.name,
  6986  	})
  6987  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  6988  }
  6989  
  6990  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.get" call.
  6991  // Any non-2xx status code is an error. Response headers are in either
  6992  // *CryptoKey.ServerResponse.Header or (if a response was returned at all) in
  6993  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  6994  // whether the returned error was because http.StatusNotModified was returned.
  6995  func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) {
  6996  	gensupport.SetOptions(c.urlParams_, opts...)
  6997  	res, err := c.doRequest("json")
  6998  	if res != nil && res.StatusCode == http.StatusNotModified {
  6999  		if res.Body != nil {
  7000  			res.Body.Close()
  7001  		}
  7002  		return nil, gensupport.WrapError(&googleapi.Error{
  7003  			Code:   res.StatusCode,
  7004  			Header: res.Header,
  7005  		})
  7006  	}
  7007  	if err != nil {
  7008  		return nil, err
  7009  	}
  7010  	defer googleapi.CloseBody(res)
  7011  	if err := googleapi.CheckResponse(res); err != nil {
  7012  		return nil, gensupport.WrapError(err)
  7013  	}
  7014  	ret := &CryptoKey{
  7015  		ServerResponse: googleapi.ServerResponse{
  7016  			Header:         res.Header,
  7017  			HTTPStatusCode: res.StatusCode,
  7018  		},
  7019  	}
  7020  	target := &ret
  7021  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7022  		return nil, err
  7023  	}
  7024  	return ret, nil
  7025  }
  7026  
  7027  type ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall struct {
  7028  	s            *Service
  7029  	resource     string
  7030  	urlParams_   gensupport.URLParams
  7031  	ifNoneMatch_ string
  7032  	ctx_         context.Context
  7033  	header_      http.Header
  7034  }
  7035  
  7036  // GetIamPolicy: Gets the access control policy for a resource. Returns an
  7037  // empty policy if the resource exists and does not have a policy set.
  7038  //
  7039  //   - resource: REQUIRED: The resource for which the policy is being requested.
  7040  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  7041  //     for the appropriate value for this field.
  7042  func (r *ProjectsLocationsKeyRingsCryptoKeysService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall {
  7043  	c := &ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7044  	c.resource = resource
  7045  	return c
  7046  }
  7047  
  7048  // OptionsRequestedPolicyVersion sets the optional parameter
  7049  // "options.requestedPolicyVersion": The maximum policy version that will be
  7050  // used to format the policy. Valid values are 0, 1, and 3. Requests specifying
  7051  // an invalid value will be rejected. Requests for policies with any
  7052  // conditional role bindings must specify version 3. Policies with no
  7053  // conditional role bindings may specify any valid value or leave the field
  7054  // unset. The policy in the response might use the policy version that you
  7055  // specified, or it might use a lower policy version. For example, if you
  7056  // specify version 3, but the policy has no conditional role bindings, the
  7057  // response uses version 1. To learn which resources support conditions in
  7058  // their IAM policies, see the IAM documentation
  7059  // (https://cloud.google.com/iam/help/conditions/resource-policies).
  7060  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall {
  7061  	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
  7062  	return c
  7063  }
  7064  
  7065  // Fields allows partial responses to be retrieved. See
  7066  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7067  // details.
  7068  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall {
  7069  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7070  	return c
  7071  }
  7072  
  7073  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  7074  // object's ETag matches the given value. This is useful for getting updates
  7075  // only after the object has changed since the last request.
  7076  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall {
  7077  	c.ifNoneMatch_ = entityTag
  7078  	return c
  7079  }
  7080  
  7081  // Context sets the context to be used in this call's Do method.
  7082  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall {
  7083  	c.ctx_ = ctx
  7084  	return c
  7085  }
  7086  
  7087  // Header returns a http.Header that can be modified by the caller to add
  7088  // headers to the request.
  7089  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Header() http.Header {
  7090  	if c.header_ == nil {
  7091  		c.header_ = make(http.Header)
  7092  	}
  7093  	return c.header_
  7094  }
  7095  
  7096  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  7097  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  7098  	if c.ifNoneMatch_ != "" {
  7099  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  7100  	}
  7101  	var body io.Reader = nil
  7102  	c.urlParams_.Set("alt", alt)
  7103  	c.urlParams_.Set("prettyPrint", "false")
  7104  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
  7105  	urls += "?" + c.urlParams_.Encode()
  7106  	req, err := http.NewRequest("GET", urls, body)
  7107  	if err != nil {
  7108  		return nil, err
  7109  	}
  7110  	req.Header = reqHeaders
  7111  	googleapi.Expand(req.URL, map[string]string{
  7112  		"resource": c.resource,
  7113  	})
  7114  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7115  }
  7116  
  7117  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy" call.
  7118  // Any non-2xx status code is an error. Response headers are in either
  7119  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  7120  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  7121  // whether the returned error was because http.StatusNotModified was returned.
  7122  func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  7123  	gensupport.SetOptions(c.urlParams_, opts...)
  7124  	res, err := c.doRequest("json")
  7125  	if res != nil && res.StatusCode == http.StatusNotModified {
  7126  		if res.Body != nil {
  7127  			res.Body.Close()
  7128  		}
  7129  		return nil, gensupport.WrapError(&googleapi.Error{
  7130  			Code:   res.StatusCode,
  7131  			Header: res.Header,
  7132  		})
  7133  	}
  7134  	if err != nil {
  7135  		return nil, err
  7136  	}
  7137  	defer googleapi.CloseBody(res)
  7138  	if err := googleapi.CheckResponse(res); err != nil {
  7139  		return nil, gensupport.WrapError(err)
  7140  	}
  7141  	ret := &Policy{
  7142  		ServerResponse: googleapi.ServerResponse{
  7143  			Header:         res.Header,
  7144  			HTTPStatusCode: res.StatusCode,
  7145  		},
  7146  	}
  7147  	target := &ret
  7148  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7149  		return nil, err
  7150  	}
  7151  	return ret, nil
  7152  }
  7153  
  7154  type ProjectsLocationsKeyRingsCryptoKeysListCall struct {
  7155  	s            *Service
  7156  	parent       string
  7157  	urlParams_   gensupport.URLParams
  7158  	ifNoneMatch_ string
  7159  	ctx_         context.Context
  7160  	header_      http.Header
  7161  }
  7162  
  7163  // List: Lists CryptoKeys.
  7164  //
  7165  //   - parent: The resource name of the KeyRing to list, in the format
  7166  //     `projects/*/locations/*/keyRings/*`.
  7167  func (r *ProjectsLocationsKeyRingsCryptoKeysService) List(parent string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7168  	c := &ProjectsLocationsKeyRingsCryptoKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7169  	c.parent = parent
  7170  	return c
  7171  }
  7172  
  7173  // Filter sets the optional parameter "filter": Only include resources that
  7174  // match the filter in the response. For more information, see Sorting and
  7175  // filtering list results
  7176  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  7177  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Filter(filter string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7178  	c.urlParams_.Set("filter", filter)
  7179  	return c
  7180  }
  7181  
  7182  // OrderBy sets the optional parameter "orderBy": Specify how the results
  7183  // should be sorted. If not specified, the results will be sorted in the
  7184  // default order. For more information, see Sorting and filtering list results
  7185  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  7186  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) OrderBy(orderBy string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7187  	c.urlParams_.Set("orderBy", orderBy)
  7188  	return c
  7189  }
  7190  
  7191  // PageSize sets the optional parameter "pageSize": Optional limit on the
  7192  // number of CryptoKeys to include in the response. Further CryptoKeys can
  7193  // subsequently be obtained by including the
  7194  // ListCryptoKeysResponse.next_page_token in a subsequent request. If
  7195  // unspecified, the server will pick an appropriate default.
  7196  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7197  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  7198  	return c
  7199  }
  7200  
  7201  // PageToken sets the optional parameter "pageToken": Optional pagination
  7202  // token, returned earlier via ListCryptoKeysResponse.next_page_token.
  7203  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7204  	c.urlParams_.Set("pageToken", pageToken)
  7205  	return c
  7206  }
  7207  
  7208  // VersionView sets the optional parameter "versionView": The fields of the
  7209  // primary version to include in the response.
  7210  //
  7211  // Possible values:
  7212  //
  7213  //	"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" - Default view for each
  7214  //
  7215  // CryptoKeyVersion. Does not include the attestation field.
  7216  //
  7217  //	"FULL" - Provides all fields in each CryptoKeyVersion, including the
  7218  //
  7219  // attestation.
  7220  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) VersionView(versionView string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7221  	c.urlParams_.Set("versionView", versionView)
  7222  	return c
  7223  }
  7224  
  7225  // Fields allows partial responses to be retrieved. See
  7226  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7227  // details.
  7228  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7229  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7230  	return c
  7231  }
  7232  
  7233  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  7234  // object's ETag matches the given value. This is useful for getting updates
  7235  // only after the object has changed since the last request.
  7236  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7237  	c.ifNoneMatch_ = entityTag
  7238  	return c
  7239  }
  7240  
  7241  // Context sets the context to be used in this call's Do method.
  7242  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysListCall {
  7243  	c.ctx_ = ctx
  7244  	return c
  7245  }
  7246  
  7247  // Header returns a http.Header that can be modified by the caller to add
  7248  // headers to the request.
  7249  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Header() http.Header {
  7250  	if c.header_ == nil {
  7251  		c.header_ = make(http.Header)
  7252  	}
  7253  	return c.header_
  7254  }
  7255  
  7256  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) doRequest(alt string) (*http.Response, error) {
  7257  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  7258  	if c.ifNoneMatch_ != "" {
  7259  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  7260  	}
  7261  	var body io.Reader = nil
  7262  	c.urlParams_.Set("alt", alt)
  7263  	c.urlParams_.Set("prettyPrint", "false")
  7264  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeys")
  7265  	urls += "?" + c.urlParams_.Encode()
  7266  	req, err := http.NewRequest("GET", urls, body)
  7267  	if err != nil {
  7268  		return nil, err
  7269  	}
  7270  	req.Header = reqHeaders
  7271  	googleapi.Expand(req.URL, map[string]string{
  7272  		"parent": c.parent,
  7273  	})
  7274  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7275  }
  7276  
  7277  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.list" call.
  7278  // Any non-2xx status code is an error. Response headers are in either
  7279  // *ListCryptoKeysResponse.ServerResponse.Header or (if a response was returned
  7280  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  7281  // check whether the returned error was because http.StatusNotModified was
  7282  // returned.
  7283  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Do(opts ...googleapi.CallOption) (*ListCryptoKeysResponse, error) {
  7284  	gensupport.SetOptions(c.urlParams_, opts...)
  7285  	res, err := c.doRequest("json")
  7286  	if res != nil && res.StatusCode == http.StatusNotModified {
  7287  		if res.Body != nil {
  7288  			res.Body.Close()
  7289  		}
  7290  		return nil, gensupport.WrapError(&googleapi.Error{
  7291  			Code:   res.StatusCode,
  7292  			Header: res.Header,
  7293  		})
  7294  	}
  7295  	if err != nil {
  7296  		return nil, err
  7297  	}
  7298  	defer googleapi.CloseBody(res)
  7299  	if err := googleapi.CheckResponse(res); err != nil {
  7300  		return nil, gensupport.WrapError(err)
  7301  	}
  7302  	ret := &ListCryptoKeysResponse{
  7303  		ServerResponse: googleapi.ServerResponse{
  7304  			Header:         res.Header,
  7305  			HTTPStatusCode: res.StatusCode,
  7306  		},
  7307  	}
  7308  	target := &ret
  7309  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7310  		return nil, err
  7311  	}
  7312  	return ret, nil
  7313  }
  7314  
  7315  // Pages invokes f for each page of results.
  7316  // A non-nil error returned from f will halt the iteration.
  7317  // The provided context supersedes any context provided to the Context method.
  7318  func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Pages(ctx context.Context, f func(*ListCryptoKeysResponse) error) error {
  7319  	c.ctx_ = ctx
  7320  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  7321  	for {
  7322  		x, err := c.Do()
  7323  		if err != nil {
  7324  			return err
  7325  		}
  7326  		if err := f(x); err != nil {
  7327  			return err
  7328  		}
  7329  		if x.NextPageToken == "" {
  7330  			return nil
  7331  		}
  7332  		c.PageToken(x.NextPageToken)
  7333  	}
  7334  }
  7335  
  7336  type ProjectsLocationsKeyRingsCryptoKeysPatchCall struct {
  7337  	s          *Service
  7338  	name       string
  7339  	cryptokey  *CryptoKey
  7340  	urlParams_ gensupport.URLParams
  7341  	ctx_       context.Context
  7342  	header_    http.Header
  7343  }
  7344  
  7345  // Patch: Update a CryptoKey.
  7346  //
  7347  //   - name: Output only. The resource name for this CryptoKey in the format
  7348  //     `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
  7349  func (r *ProjectsLocationsKeyRingsCryptoKeysService) Patch(name string, cryptokey *CryptoKey) *ProjectsLocationsKeyRingsCryptoKeysPatchCall {
  7350  	c := &ProjectsLocationsKeyRingsCryptoKeysPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7351  	c.name = name
  7352  	c.cryptokey = cryptokey
  7353  	return c
  7354  }
  7355  
  7356  // UpdateMask sets the optional parameter "updateMask": Required. List of
  7357  // fields to be updated in this request.
  7358  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) UpdateMask(updateMask string) *ProjectsLocationsKeyRingsCryptoKeysPatchCall {
  7359  	c.urlParams_.Set("updateMask", updateMask)
  7360  	return c
  7361  }
  7362  
  7363  // Fields allows partial responses to be retrieved. See
  7364  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7365  // details.
  7366  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysPatchCall {
  7367  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7368  	return c
  7369  }
  7370  
  7371  // Context sets the context to be used in this call's Do method.
  7372  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysPatchCall {
  7373  	c.ctx_ = ctx
  7374  	return c
  7375  }
  7376  
  7377  // Header returns a http.Header that can be modified by the caller to add
  7378  // headers to the request.
  7379  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Header() http.Header {
  7380  	if c.header_ == nil {
  7381  		c.header_ = make(http.Header)
  7382  	}
  7383  	return c.header_
  7384  }
  7385  
  7386  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) doRequest(alt string) (*http.Response, error) {
  7387  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7388  	var body io.Reader = nil
  7389  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokey)
  7390  	if err != nil {
  7391  		return nil, err
  7392  	}
  7393  	c.urlParams_.Set("alt", alt)
  7394  	c.urlParams_.Set("prettyPrint", "false")
  7395  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  7396  	urls += "?" + c.urlParams_.Encode()
  7397  	req, err := http.NewRequest("PATCH", urls, body)
  7398  	if err != nil {
  7399  		return nil, err
  7400  	}
  7401  	req.Header = reqHeaders
  7402  	googleapi.Expand(req.URL, map[string]string{
  7403  		"name": c.name,
  7404  	})
  7405  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7406  }
  7407  
  7408  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.patch" call.
  7409  // Any non-2xx status code is an error. Response headers are in either
  7410  // *CryptoKey.ServerResponse.Header or (if a response was returned at all) in
  7411  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  7412  // whether the returned error was because http.StatusNotModified was returned.
  7413  func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) {
  7414  	gensupport.SetOptions(c.urlParams_, opts...)
  7415  	res, err := c.doRequest("json")
  7416  	if res != nil && res.StatusCode == http.StatusNotModified {
  7417  		if res.Body != nil {
  7418  			res.Body.Close()
  7419  		}
  7420  		return nil, gensupport.WrapError(&googleapi.Error{
  7421  			Code:   res.StatusCode,
  7422  			Header: res.Header,
  7423  		})
  7424  	}
  7425  	if err != nil {
  7426  		return nil, err
  7427  	}
  7428  	defer googleapi.CloseBody(res)
  7429  	if err := googleapi.CheckResponse(res); err != nil {
  7430  		return nil, gensupport.WrapError(err)
  7431  	}
  7432  	ret := &CryptoKey{
  7433  		ServerResponse: googleapi.ServerResponse{
  7434  			Header:         res.Header,
  7435  			HTTPStatusCode: res.StatusCode,
  7436  		},
  7437  	}
  7438  	target := &ret
  7439  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7440  		return nil, err
  7441  	}
  7442  	return ret, nil
  7443  }
  7444  
  7445  type ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall struct {
  7446  	s                   *Service
  7447  	resource            string
  7448  	setiampolicyrequest *SetIamPolicyRequest
  7449  	urlParams_          gensupport.URLParams
  7450  	ctx_                context.Context
  7451  	header_             http.Header
  7452  }
  7453  
  7454  // SetIamPolicy: Sets the access control policy on the specified resource.
  7455  // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
  7456  // and `PERMISSION_DENIED` errors.
  7457  //
  7458  //   - resource: REQUIRED: The resource for which the policy is being specified.
  7459  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  7460  //     for the appropriate value for this field.
  7461  func (r *ProjectsLocationsKeyRingsCryptoKeysService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall {
  7462  	c := &ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7463  	c.resource = resource
  7464  	c.setiampolicyrequest = setiampolicyrequest
  7465  	return c
  7466  }
  7467  
  7468  // Fields allows partial responses to be retrieved. See
  7469  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7470  // details.
  7471  func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall {
  7472  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7473  	return c
  7474  }
  7475  
  7476  // Context sets the context to be used in this call's Do method.
  7477  func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall {
  7478  	c.ctx_ = ctx
  7479  	return c
  7480  }
  7481  
  7482  // Header returns a http.Header that can be modified by the caller to add
  7483  // headers to the request.
  7484  func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Header() http.Header {
  7485  	if c.header_ == nil {
  7486  		c.header_ = make(http.Header)
  7487  	}
  7488  	return c.header_
  7489  }
  7490  
  7491  func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  7492  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7493  	var body io.Reader = nil
  7494  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
  7495  	if err != nil {
  7496  		return nil, err
  7497  	}
  7498  	c.urlParams_.Set("alt", alt)
  7499  	c.urlParams_.Set("prettyPrint", "false")
  7500  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
  7501  	urls += "?" + c.urlParams_.Encode()
  7502  	req, err := http.NewRequest("POST", urls, body)
  7503  	if err != nil {
  7504  		return nil, err
  7505  	}
  7506  	req.Header = reqHeaders
  7507  	googleapi.Expand(req.URL, map[string]string{
  7508  		"resource": c.resource,
  7509  	})
  7510  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7511  }
  7512  
  7513  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy" call.
  7514  // Any non-2xx status code is an error. Response headers are in either
  7515  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  7516  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  7517  // whether the returned error was because http.StatusNotModified was returned.
  7518  func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  7519  	gensupport.SetOptions(c.urlParams_, opts...)
  7520  	res, err := c.doRequest("json")
  7521  	if res != nil && res.StatusCode == http.StatusNotModified {
  7522  		if res.Body != nil {
  7523  			res.Body.Close()
  7524  		}
  7525  		return nil, gensupport.WrapError(&googleapi.Error{
  7526  			Code:   res.StatusCode,
  7527  			Header: res.Header,
  7528  		})
  7529  	}
  7530  	if err != nil {
  7531  		return nil, err
  7532  	}
  7533  	defer googleapi.CloseBody(res)
  7534  	if err := googleapi.CheckResponse(res); err != nil {
  7535  		return nil, gensupport.WrapError(err)
  7536  	}
  7537  	ret := &Policy{
  7538  		ServerResponse: googleapi.ServerResponse{
  7539  			Header:         res.Header,
  7540  			HTTPStatusCode: res.StatusCode,
  7541  		},
  7542  	}
  7543  	target := &ret
  7544  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7545  		return nil, err
  7546  	}
  7547  	return ret, nil
  7548  }
  7549  
  7550  type ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall struct {
  7551  	s                         *Service
  7552  	resource                  string
  7553  	testiampermissionsrequest *TestIamPermissionsRequest
  7554  	urlParams_                gensupport.URLParams
  7555  	ctx_                      context.Context
  7556  	header_                   http.Header
  7557  }
  7558  
  7559  // TestIamPermissions: Returns permissions that a caller has on the specified
  7560  // resource. If the resource does not exist, this will return an empty set of
  7561  // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
  7562  // used for building permission-aware UIs and command-line tools, not for
  7563  // authorization checking. This operation may "fail open" without warning.
  7564  //
  7565  //   - resource: REQUIRED: The resource for which the policy detail is being
  7566  //     requested. See Resource names
  7567  //     (https://cloud.google.com/apis/design/resource_names) for the appropriate
  7568  //     value for this field.
  7569  func (r *ProjectsLocationsKeyRingsCryptoKeysService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall {
  7570  	c := &ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7571  	c.resource = resource
  7572  	c.testiampermissionsrequest = testiampermissionsrequest
  7573  	return c
  7574  }
  7575  
  7576  // Fields allows partial responses to be retrieved. See
  7577  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7578  // details.
  7579  func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall {
  7580  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7581  	return c
  7582  }
  7583  
  7584  // Context sets the context to be used in this call's Do method.
  7585  func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall {
  7586  	c.ctx_ = ctx
  7587  	return c
  7588  }
  7589  
  7590  // Header returns a http.Header that can be modified by the caller to add
  7591  // headers to the request.
  7592  func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Header() http.Header {
  7593  	if c.header_ == nil {
  7594  		c.header_ = make(http.Header)
  7595  	}
  7596  	return c.header_
  7597  }
  7598  
  7599  func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
  7600  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7601  	var body io.Reader = nil
  7602  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
  7603  	if err != nil {
  7604  		return nil, err
  7605  	}
  7606  	c.urlParams_.Set("alt", alt)
  7607  	c.urlParams_.Set("prettyPrint", "false")
  7608  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
  7609  	urls += "?" + c.urlParams_.Encode()
  7610  	req, err := http.NewRequest("POST", urls, body)
  7611  	if err != nil {
  7612  		return nil, err
  7613  	}
  7614  	req.Header = reqHeaders
  7615  	googleapi.Expand(req.URL, map[string]string{
  7616  		"resource": c.resource,
  7617  	})
  7618  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7619  }
  7620  
  7621  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions" call.
  7622  // Any non-2xx status code is an error. Response headers are in either
  7623  // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
  7624  // returned at all) in error.(*googleapi.Error).Header. Use
  7625  // googleapi.IsNotModified to check whether the returned error was because
  7626  // http.StatusNotModified was returned.
  7627  func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
  7628  	gensupport.SetOptions(c.urlParams_, opts...)
  7629  	res, err := c.doRequest("json")
  7630  	if res != nil && res.StatusCode == http.StatusNotModified {
  7631  		if res.Body != nil {
  7632  			res.Body.Close()
  7633  		}
  7634  		return nil, gensupport.WrapError(&googleapi.Error{
  7635  			Code:   res.StatusCode,
  7636  			Header: res.Header,
  7637  		})
  7638  	}
  7639  	if err != nil {
  7640  		return nil, err
  7641  	}
  7642  	defer googleapi.CloseBody(res)
  7643  	if err := googleapi.CheckResponse(res); err != nil {
  7644  		return nil, gensupport.WrapError(err)
  7645  	}
  7646  	ret := &TestIamPermissionsResponse{
  7647  		ServerResponse: googleapi.ServerResponse{
  7648  			Header:         res.Header,
  7649  			HTTPStatusCode: res.StatusCode,
  7650  		},
  7651  	}
  7652  	target := &ret
  7653  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7654  		return nil, err
  7655  	}
  7656  	return ret, nil
  7657  }
  7658  
  7659  type ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall struct {
  7660  	s                                    *Service
  7661  	name                                 string
  7662  	updatecryptokeyprimaryversionrequest *UpdateCryptoKeyPrimaryVersionRequest
  7663  	urlParams_                           gensupport.URLParams
  7664  	ctx_                                 context.Context
  7665  	header_                              http.Header
  7666  }
  7667  
  7668  // UpdatePrimaryVersion: Update the version of a CryptoKey that will be used in
  7669  // Encrypt. Returns an error if called on a key whose purpose is not
  7670  // ENCRYPT_DECRYPT.
  7671  //
  7672  // - name: The resource name of the CryptoKey to update.
  7673  func (r *ProjectsLocationsKeyRingsCryptoKeysService) UpdatePrimaryVersion(name string, updatecryptokeyprimaryversionrequest *UpdateCryptoKeyPrimaryVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall {
  7674  	c := &ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7675  	c.name = name
  7676  	c.updatecryptokeyprimaryversionrequest = updatecryptokeyprimaryversionrequest
  7677  	return c
  7678  }
  7679  
  7680  // Fields allows partial responses to be retrieved. See
  7681  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7682  // details.
  7683  func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall {
  7684  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7685  	return c
  7686  }
  7687  
  7688  // Context sets the context to be used in this call's Do method.
  7689  func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall {
  7690  	c.ctx_ = ctx
  7691  	return c
  7692  }
  7693  
  7694  // Header returns a http.Header that can be modified by the caller to add
  7695  // headers to the request.
  7696  func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Header() http.Header {
  7697  	if c.header_ == nil {
  7698  		c.header_ = make(http.Header)
  7699  	}
  7700  	return c.header_
  7701  }
  7702  
  7703  func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) doRequest(alt string) (*http.Response, error) {
  7704  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7705  	var body io.Reader = nil
  7706  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.updatecryptokeyprimaryversionrequest)
  7707  	if err != nil {
  7708  		return nil, err
  7709  	}
  7710  	c.urlParams_.Set("alt", alt)
  7711  	c.urlParams_.Set("prettyPrint", "false")
  7712  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:updatePrimaryVersion")
  7713  	urls += "?" + c.urlParams_.Encode()
  7714  	req, err := http.NewRequest("POST", urls, body)
  7715  	if err != nil {
  7716  		return nil, err
  7717  	}
  7718  	req.Header = reqHeaders
  7719  	googleapi.Expand(req.URL, map[string]string{
  7720  		"name": c.name,
  7721  	})
  7722  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7723  }
  7724  
  7725  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion" call.
  7726  // Any non-2xx status code is an error. Response headers are in either
  7727  // *CryptoKey.ServerResponse.Header or (if a response was returned at all) in
  7728  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  7729  // whether the returned error was because http.StatusNotModified was returned.
  7730  func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) {
  7731  	gensupport.SetOptions(c.urlParams_, opts...)
  7732  	res, err := c.doRequest("json")
  7733  	if res != nil && res.StatusCode == http.StatusNotModified {
  7734  		if res.Body != nil {
  7735  			res.Body.Close()
  7736  		}
  7737  		return nil, gensupport.WrapError(&googleapi.Error{
  7738  			Code:   res.StatusCode,
  7739  			Header: res.Header,
  7740  		})
  7741  	}
  7742  	if err != nil {
  7743  		return nil, err
  7744  	}
  7745  	defer googleapi.CloseBody(res)
  7746  	if err := googleapi.CheckResponse(res); err != nil {
  7747  		return nil, gensupport.WrapError(err)
  7748  	}
  7749  	ret := &CryptoKey{
  7750  		ServerResponse: googleapi.ServerResponse{
  7751  			Header:         res.Header,
  7752  			HTTPStatusCode: res.StatusCode,
  7753  		},
  7754  	}
  7755  	target := &ret
  7756  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7757  		return nil, err
  7758  	}
  7759  	return ret, nil
  7760  }
  7761  
  7762  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall struct {
  7763  	s                        *Service
  7764  	name                     string
  7765  	asymmetricdecryptrequest *AsymmetricDecryptRequest
  7766  	urlParams_               gensupport.URLParams
  7767  	ctx_                     context.Context
  7768  	header_                  http.Header
  7769  }
  7770  
  7771  // AsymmetricDecrypt: Decrypts data that was encrypted with a public key
  7772  // retrieved from GetPublicKey corresponding to a CryptoKeyVersion with
  7773  // CryptoKey.purpose ASYMMETRIC_DECRYPT.
  7774  //
  7775  // - name: The resource name of the CryptoKeyVersion to use for decryption.
  7776  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) AsymmetricDecrypt(name string, asymmetricdecryptrequest *AsymmetricDecryptRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall {
  7777  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7778  	c.name = name
  7779  	c.asymmetricdecryptrequest = asymmetricdecryptrequest
  7780  	return c
  7781  }
  7782  
  7783  // Fields allows partial responses to be retrieved. See
  7784  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7785  // details.
  7786  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall {
  7787  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7788  	return c
  7789  }
  7790  
  7791  // Context sets the context to be used in this call's Do method.
  7792  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall {
  7793  	c.ctx_ = ctx
  7794  	return c
  7795  }
  7796  
  7797  // Header returns a http.Header that can be modified by the caller to add
  7798  // headers to the request.
  7799  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall) Header() http.Header {
  7800  	if c.header_ == nil {
  7801  		c.header_ = make(http.Header)
  7802  	}
  7803  	return c.header_
  7804  }
  7805  
  7806  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall) doRequest(alt string) (*http.Response, error) {
  7807  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7808  	var body io.Reader = nil
  7809  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.asymmetricdecryptrequest)
  7810  	if err != nil {
  7811  		return nil, err
  7812  	}
  7813  	c.urlParams_.Set("alt", alt)
  7814  	c.urlParams_.Set("prettyPrint", "false")
  7815  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:asymmetricDecrypt")
  7816  	urls += "?" + c.urlParams_.Encode()
  7817  	req, err := http.NewRequest("POST", urls, body)
  7818  	if err != nil {
  7819  		return nil, err
  7820  	}
  7821  	req.Header = reqHeaders
  7822  	googleapi.Expand(req.URL, map[string]string{
  7823  		"name": c.name,
  7824  	})
  7825  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7826  }
  7827  
  7828  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricDecrypt" call.
  7829  // Any non-2xx status code is an error. Response headers are in either
  7830  // *AsymmetricDecryptResponse.ServerResponse.Header or (if a response was
  7831  // returned at all) in error.(*googleapi.Error).Header. Use
  7832  // googleapi.IsNotModified to check whether the returned error was because
  7833  // http.StatusNotModified was returned.
  7834  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricDecryptCall) Do(opts ...googleapi.CallOption) (*AsymmetricDecryptResponse, error) {
  7835  	gensupport.SetOptions(c.urlParams_, opts...)
  7836  	res, err := c.doRequest("json")
  7837  	if res != nil && res.StatusCode == http.StatusNotModified {
  7838  		if res.Body != nil {
  7839  			res.Body.Close()
  7840  		}
  7841  		return nil, gensupport.WrapError(&googleapi.Error{
  7842  			Code:   res.StatusCode,
  7843  			Header: res.Header,
  7844  		})
  7845  	}
  7846  	if err != nil {
  7847  		return nil, err
  7848  	}
  7849  	defer googleapi.CloseBody(res)
  7850  	if err := googleapi.CheckResponse(res); err != nil {
  7851  		return nil, gensupport.WrapError(err)
  7852  	}
  7853  	ret := &AsymmetricDecryptResponse{
  7854  		ServerResponse: googleapi.ServerResponse{
  7855  			Header:         res.Header,
  7856  			HTTPStatusCode: res.StatusCode,
  7857  		},
  7858  	}
  7859  	target := &ret
  7860  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7861  		return nil, err
  7862  	}
  7863  	return ret, nil
  7864  }
  7865  
  7866  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall struct {
  7867  	s                     *Service
  7868  	name                  string
  7869  	asymmetricsignrequest *AsymmetricSignRequest
  7870  	urlParams_            gensupport.URLParams
  7871  	ctx_                  context.Context
  7872  	header_               http.Header
  7873  }
  7874  
  7875  // AsymmetricSign: Signs data using a CryptoKeyVersion with CryptoKey.purpose
  7876  // ASYMMETRIC_SIGN, producing a signature that can be verified with the public
  7877  // key retrieved from GetPublicKey.
  7878  //
  7879  // - name: The resource name of the CryptoKeyVersion to use for signing.
  7880  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) AsymmetricSign(name string, asymmetricsignrequest *AsymmetricSignRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall {
  7881  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7882  	c.name = name
  7883  	c.asymmetricsignrequest = asymmetricsignrequest
  7884  	return c
  7885  }
  7886  
  7887  // Fields allows partial responses to be retrieved. See
  7888  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7889  // details.
  7890  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall {
  7891  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7892  	return c
  7893  }
  7894  
  7895  // Context sets the context to be used in this call's Do method.
  7896  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall {
  7897  	c.ctx_ = ctx
  7898  	return c
  7899  }
  7900  
  7901  // Header returns a http.Header that can be modified by the caller to add
  7902  // headers to the request.
  7903  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall) Header() http.Header {
  7904  	if c.header_ == nil {
  7905  		c.header_ = make(http.Header)
  7906  	}
  7907  	return c.header_
  7908  }
  7909  
  7910  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall) doRequest(alt string) (*http.Response, error) {
  7911  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  7912  	var body io.Reader = nil
  7913  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.asymmetricsignrequest)
  7914  	if err != nil {
  7915  		return nil, err
  7916  	}
  7917  	c.urlParams_.Set("alt", alt)
  7918  	c.urlParams_.Set("prettyPrint", "false")
  7919  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:asymmetricSign")
  7920  	urls += "?" + c.urlParams_.Encode()
  7921  	req, err := http.NewRequest("POST", urls, body)
  7922  	if err != nil {
  7923  		return nil, err
  7924  	}
  7925  	req.Header = reqHeaders
  7926  	googleapi.Expand(req.URL, map[string]string{
  7927  		"name": c.name,
  7928  	})
  7929  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  7930  }
  7931  
  7932  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.asymmetricSign" call.
  7933  // Any non-2xx status code is an error. Response headers are in either
  7934  // *AsymmetricSignResponse.ServerResponse.Header or (if a response was returned
  7935  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  7936  // check whether the returned error was because http.StatusNotModified was
  7937  // returned.
  7938  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsAsymmetricSignCall) Do(opts ...googleapi.CallOption) (*AsymmetricSignResponse, error) {
  7939  	gensupport.SetOptions(c.urlParams_, opts...)
  7940  	res, err := c.doRequest("json")
  7941  	if res != nil && res.StatusCode == http.StatusNotModified {
  7942  		if res.Body != nil {
  7943  			res.Body.Close()
  7944  		}
  7945  		return nil, gensupport.WrapError(&googleapi.Error{
  7946  			Code:   res.StatusCode,
  7947  			Header: res.Header,
  7948  		})
  7949  	}
  7950  	if err != nil {
  7951  		return nil, err
  7952  	}
  7953  	defer googleapi.CloseBody(res)
  7954  	if err := googleapi.CheckResponse(res); err != nil {
  7955  		return nil, gensupport.WrapError(err)
  7956  	}
  7957  	ret := &AsymmetricSignResponse{
  7958  		ServerResponse: googleapi.ServerResponse{
  7959  			Header:         res.Header,
  7960  			HTTPStatusCode: res.StatusCode,
  7961  		},
  7962  	}
  7963  	target := &ret
  7964  	if err := gensupport.DecodeResponse(target, res); err != nil {
  7965  		return nil, err
  7966  	}
  7967  	return ret, nil
  7968  }
  7969  
  7970  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall struct {
  7971  	s                *Service
  7972  	parent           string
  7973  	cryptokeyversion *CryptoKeyVersion
  7974  	urlParams_       gensupport.URLParams
  7975  	ctx_             context.Context
  7976  	header_          http.Header
  7977  }
  7978  
  7979  // Create: Create a new CryptoKeyVersion in a CryptoKey. The server will assign
  7980  // the next sequential id. If unset, state will be set to ENABLED.
  7981  //
  7982  // - parent: The name of the CryptoKey associated with the CryptoKeyVersions.
  7983  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Create(parent string, cryptokeyversion *CryptoKeyVersion) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall {
  7984  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  7985  	c.parent = parent
  7986  	c.cryptokeyversion = cryptokeyversion
  7987  	return c
  7988  }
  7989  
  7990  // Fields allows partial responses to be retrieved. See
  7991  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  7992  // details.
  7993  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall {
  7994  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  7995  	return c
  7996  }
  7997  
  7998  // Context sets the context to be used in this call's Do method.
  7999  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall {
  8000  	c.ctx_ = ctx
  8001  	return c
  8002  }
  8003  
  8004  // Header returns a http.Header that can be modified by the caller to add
  8005  // headers to the request.
  8006  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Header() http.Header {
  8007  	if c.header_ == nil {
  8008  		c.header_ = make(http.Header)
  8009  	}
  8010  	return c.header_
  8011  }
  8012  
  8013  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) doRequest(alt string) (*http.Response, error) {
  8014  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8015  	var body io.Reader = nil
  8016  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokeyversion)
  8017  	if err != nil {
  8018  		return nil, err
  8019  	}
  8020  	c.urlParams_.Set("alt", alt)
  8021  	c.urlParams_.Set("prettyPrint", "false")
  8022  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeyVersions")
  8023  	urls += "?" + c.urlParams_.Encode()
  8024  	req, err := http.NewRequest("POST", urls, body)
  8025  	if err != nil {
  8026  		return nil, err
  8027  	}
  8028  	req.Header = reqHeaders
  8029  	googleapi.Expand(req.URL, map[string]string{
  8030  		"parent": c.parent,
  8031  	})
  8032  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8033  }
  8034  
  8035  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create" call.
  8036  // Any non-2xx status code is an error. Response headers are in either
  8037  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  8038  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8039  // check whether the returned error was because http.StatusNotModified was
  8040  // returned.
  8041  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  8042  	gensupport.SetOptions(c.urlParams_, opts...)
  8043  	res, err := c.doRequest("json")
  8044  	if res != nil && res.StatusCode == http.StatusNotModified {
  8045  		if res.Body != nil {
  8046  			res.Body.Close()
  8047  		}
  8048  		return nil, gensupport.WrapError(&googleapi.Error{
  8049  			Code:   res.StatusCode,
  8050  			Header: res.Header,
  8051  		})
  8052  	}
  8053  	if err != nil {
  8054  		return nil, err
  8055  	}
  8056  	defer googleapi.CloseBody(res)
  8057  	if err := googleapi.CheckResponse(res); err != nil {
  8058  		return nil, gensupport.WrapError(err)
  8059  	}
  8060  	ret := &CryptoKeyVersion{
  8061  		ServerResponse: googleapi.ServerResponse{
  8062  			Header:         res.Header,
  8063  			HTTPStatusCode: res.StatusCode,
  8064  		},
  8065  	}
  8066  	target := &ret
  8067  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8068  		return nil, err
  8069  	}
  8070  	return ret, nil
  8071  }
  8072  
  8073  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall struct {
  8074  	s                              *Service
  8075  	name                           string
  8076  	destroycryptokeyversionrequest *DestroyCryptoKeyVersionRequest
  8077  	urlParams_                     gensupport.URLParams
  8078  	ctx_                           context.Context
  8079  	header_                        http.Header
  8080  }
  8081  
  8082  // Destroy: Schedule a CryptoKeyVersion for destruction. Upon calling this
  8083  // method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and
  8084  // destroy_time will be set to the time destroy_scheduled_duration in the
  8085  // future. At that time, the state will automatically change to DESTROYED, and
  8086  // the key material will be irrevocably destroyed. Before the destroy_time is
  8087  // reached, RestoreCryptoKeyVersion may be called to reverse the process.
  8088  //
  8089  // - name: The resource name of the CryptoKeyVersion to destroy.
  8090  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Destroy(name string, destroycryptokeyversionrequest *DestroyCryptoKeyVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall {
  8091  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8092  	c.name = name
  8093  	c.destroycryptokeyversionrequest = destroycryptokeyversionrequest
  8094  	return c
  8095  }
  8096  
  8097  // Fields allows partial responses to be retrieved. See
  8098  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8099  // details.
  8100  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall {
  8101  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8102  	return c
  8103  }
  8104  
  8105  // Context sets the context to be used in this call's Do method.
  8106  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall {
  8107  	c.ctx_ = ctx
  8108  	return c
  8109  }
  8110  
  8111  // Header returns a http.Header that can be modified by the caller to add
  8112  // headers to the request.
  8113  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Header() http.Header {
  8114  	if c.header_ == nil {
  8115  		c.header_ = make(http.Header)
  8116  	}
  8117  	return c.header_
  8118  }
  8119  
  8120  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) doRequest(alt string) (*http.Response, error) {
  8121  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8122  	var body io.Reader = nil
  8123  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.destroycryptokeyversionrequest)
  8124  	if err != nil {
  8125  		return nil, err
  8126  	}
  8127  	c.urlParams_.Set("alt", alt)
  8128  	c.urlParams_.Set("prettyPrint", "false")
  8129  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:destroy")
  8130  	urls += "?" + c.urlParams_.Encode()
  8131  	req, err := http.NewRequest("POST", urls, body)
  8132  	if err != nil {
  8133  		return nil, err
  8134  	}
  8135  	req.Header = reqHeaders
  8136  	googleapi.Expand(req.URL, map[string]string{
  8137  		"name": c.name,
  8138  	})
  8139  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8140  }
  8141  
  8142  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy" call.
  8143  // Any non-2xx status code is an error. Response headers are in either
  8144  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  8145  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8146  // check whether the returned error was because http.StatusNotModified was
  8147  // returned.
  8148  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  8149  	gensupport.SetOptions(c.urlParams_, opts...)
  8150  	res, err := c.doRequest("json")
  8151  	if res != nil && res.StatusCode == http.StatusNotModified {
  8152  		if res.Body != nil {
  8153  			res.Body.Close()
  8154  		}
  8155  		return nil, gensupport.WrapError(&googleapi.Error{
  8156  			Code:   res.StatusCode,
  8157  			Header: res.Header,
  8158  		})
  8159  	}
  8160  	if err != nil {
  8161  		return nil, err
  8162  	}
  8163  	defer googleapi.CloseBody(res)
  8164  	if err := googleapi.CheckResponse(res); err != nil {
  8165  		return nil, gensupport.WrapError(err)
  8166  	}
  8167  	ret := &CryptoKeyVersion{
  8168  		ServerResponse: googleapi.ServerResponse{
  8169  			Header:         res.Header,
  8170  			HTTPStatusCode: res.StatusCode,
  8171  		},
  8172  	}
  8173  	target := &ret
  8174  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8175  		return nil, err
  8176  	}
  8177  	return ret, nil
  8178  }
  8179  
  8180  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall struct {
  8181  	s            *Service
  8182  	name         string
  8183  	urlParams_   gensupport.URLParams
  8184  	ifNoneMatch_ string
  8185  	ctx_         context.Context
  8186  	header_      http.Header
  8187  }
  8188  
  8189  // Get: Returns metadata for a given CryptoKeyVersion.
  8190  //
  8191  // - name: The name of the CryptoKeyVersion to get.
  8192  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Get(name string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall {
  8193  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8194  	c.name = name
  8195  	return c
  8196  }
  8197  
  8198  // Fields allows partial responses to be retrieved. See
  8199  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8200  // details.
  8201  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall {
  8202  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8203  	return c
  8204  }
  8205  
  8206  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  8207  // object's ETag matches the given value. This is useful for getting updates
  8208  // only after the object has changed since the last request.
  8209  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall {
  8210  	c.ifNoneMatch_ = entityTag
  8211  	return c
  8212  }
  8213  
  8214  // Context sets the context to be used in this call's Do method.
  8215  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall {
  8216  	c.ctx_ = ctx
  8217  	return c
  8218  }
  8219  
  8220  // Header returns a http.Header that can be modified by the caller to add
  8221  // headers to the request.
  8222  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Header() http.Header {
  8223  	if c.header_ == nil {
  8224  		c.header_ = make(http.Header)
  8225  	}
  8226  	return c.header_
  8227  }
  8228  
  8229  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) doRequest(alt string) (*http.Response, error) {
  8230  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  8231  	if c.ifNoneMatch_ != "" {
  8232  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  8233  	}
  8234  	var body io.Reader = nil
  8235  	c.urlParams_.Set("alt", alt)
  8236  	c.urlParams_.Set("prettyPrint", "false")
  8237  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  8238  	urls += "?" + c.urlParams_.Encode()
  8239  	req, err := http.NewRequest("GET", urls, body)
  8240  	if err != nil {
  8241  		return nil, err
  8242  	}
  8243  	req.Header = reqHeaders
  8244  	googleapi.Expand(req.URL, map[string]string{
  8245  		"name": c.name,
  8246  	})
  8247  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8248  }
  8249  
  8250  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get" call.
  8251  // Any non-2xx status code is an error. Response headers are in either
  8252  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  8253  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8254  // check whether the returned error was because http.StatusNotModified was
  8255  // returned.
  8256  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  8257  	gensupport.SetOptions(c.urlParams_, opts...)
  8258  	res, err := c.doRequest("json")
  8259  	if res != nil && res.StatusCode == http.StatusNotModified {
  8260  		if res.Body != nil {
  8261  			res.Body.Close()
  8262  		}
  8263  		return nil, gensupport.WrapError(&googleapi.Error{
  8264  			Code:   res.StatusCode,
  8265  			Header: res.Header,
  8266  		})
  8267  	}
  8268  	if err != nil {
  8269  		return nil, err
  8270  	}
  8271  	defer googleapi.CloseBody(res)
  8272  	if err := googleapi.CheckResponse(res); err != nil {
  8273  		return nil, gensupport.WrapError(err)
  8274  	}
  8275  	ret := &CryptoKeyVersion{
  8276  		ServerResponse: googleapi.ServerResponse{
  8277  			Header:         res.Header,
  8278  			HTTPStatusCode: res.StatusCode,
  8279  		},
  8280  	}
  8281  	target := &ret
  8282  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8283  		return nil, err
  8284  	}
  8285  	return ret, nil
  8286  }
  8287  
  8288  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall struct {
  8289  	s            *Service
  8290  	name         string
  8291  	urlParams_   gensupport.URLParams
  8292  	ifNoneMatch_ string
  8293  	ctx_         context.Context
  8294  	header_      http.Header
  8295  }
  8296  
  8297  // GetPublicKey: Returns the public key for the given CryptoKeyVersion. The
  8298  // CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
  8299  //
  8300  // - name: The name of the CryptoKeyVersion public key to get.
  8301  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) GetPublicKey(name string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall {
  8302  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8303  	c.name = name
  8304  	return c
  8305  }
  8306  
  8307  // Fields allows partial responses to be retrieved. See
  8308  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8309  // details.
  8310  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall {
  8311  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8312  	return c
  8313  }
  8314  
  8315  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  8316  // object's ETag matches the given value. This is useful for getting updates
  8317  // only after the object has changed since the last request.
  8318  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall {
  8319  	c.ifNoneMatch_ = entityTag
  8320  	return c
  8321  }
  8322  
  8323  // Context sets the context to be used in this call's Do method.
  8324  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall {
  8325  	c.ctx_ = ctx
  8326  	return c
  8327  }
  8328  
  8329  // Header returns a http.Header that can be modified by the caller to add
  8330  // headers to the request.
  8331  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) Header() http.Header {
  8332  	if c.header_ == nil {
  8333  		c.header_ = make(http.Header)
  8334  	}
  8335  	return c.header_
  8336  }
  8337  
  8338  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) doRequest(alt string) (*http.Response, error) {
  8339  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  8340  	if c.ifNoneMatch_ != "" {
  8341  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  8342  	}
  8343  	var body io.Reader = nil
  8344  	c.urlParams_.Set("alt", alt)
  8345  	c.urlParams_.Set("prettyPrint", "false")
  8346  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/publicKey")
  8347  	urls += "?" + c.urlParams_.Encode()
  8348  	req, err := http.NewRequest("GET", urls, body)
  8349  	if err != nil {
  8350  		return nil, err
  8351  	}
  8352  	req.Header = reqHeaders
  8353  	googleapi.Expand(req.URL, map[string]string{
  8354  		"name": c.name,
  8355  	})
  8356  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8357  }
  8358  
  8359  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.getPublicKey" call.
  8360  // Any non-2xx status code is an error. Response headers are in either
  8361  // *PublicKey.ServerResponse.Header or (if a response was returned at all) in
  8362  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  8363  // whether the returned error was because http.StatusNotModified was returned.
  8364  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetPublicKeyCall) Do(opts ...googleapi.CallOption) (*PublicKey, error) {
  8365  	gensupport.SetOptions(c.urlParams_, opts...)
  8366  	res, err := c.doRequest("json")
  8367  	if res != nil && res.StatusCode == http.StatusNotModified {
  8368  		if res.Body != nil {
  8369  			res.Body.Close()
  8370  		}
  8371  		return nil, gensupport.WrapError(&googleapi.Error{
  8372  			Code:   res.StatusCode,
  8373  			Header: res.Header,
  8374  		})
  8375  	}
  8376  	if err != nil {
  8377  		return nil, err
  8378  	}
  8379  	defer googleapi.CloseBody(res)
  8380  	if err := googleapi.CheckResponse(res); err != nil {
  8381  		return nil, gensupport.WrapError(err)
  8382  	}
  8383  	ret := &PublicKey{
  8384  		ServerResponse: googleapi.ServerResponse{
  8385  			Header:         res.Header,
  8386  			HTTPStatusCode: res.StatusCode,
  8387  		},
  8388  	}
  8389  	target := &ret
  8390  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8391  		return nil, err
  8392  	}
  8393  	return ret, nil
  8394  }
  8395  
  8396  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall struct {
  8397  	s                             *Service
  8398  	parent                        string
  8399  	importcryptokeyversionrequest *ImportCryptoKeyVersionRequest
  8400  	urlParams_                    gensupport.URLParams
  8401  	ctx_                          context.Context
  8402  	header_                       http.Header
  8403  }
  8404  
  8405  // Import: Import wrapped key material into a CryptoKeyVersion. All requests
  8406  // must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in
  8407  // the request, key material will be reimported into that version. Otherwise, a
  8408  // new version will be created, and will be assigned the next sequential id
  8409  // within the CryptoKey.
  8410  //
  8411  //   - parent: The name of the CryptoKey to be imported into. The create
  8412  //     permission is only required on this key when creating a new
  8413  //     CryptoKeyVersion.
  8414  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Import(parent string, importcryptokeyversionrequest *ImportCryptoKeyVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall {
  8415  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8416  	c.parent = parent
  8417  	c.importcryptokeyversionrequest = importcryptokeyversionrequest
  8418  	return c
  8419  }
  8420  
  8421  // Fields allows partial responses to be retrieved. See
  8422  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8423  // details.
  8424  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall {
  8425  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8426  	return c
  8427  }
  8428  
  8429  // Context sets the context to be used in this call's Do method.
  8430  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall {
  8431  	c.ctx_ = ctx
  8432  	return c
  8433  }
  8434  
  8435  // Header returns a http.Header that can be modified by the caller to add
  8436  // headers to the request.
  8437  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall) Header() http.Header {
  8438  	if c.header_ == nil {
  8439  		c.header_ = make(http.Header)
  8440  	}
  8441  	return c.header_
  8442  }
  8443  
  8444  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall) doRequest(alt string) (*http.Response, error) {
  8445  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8446  	var body io.Reader = nil
  8447  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.importcryptokeyversionrequest)
  8448  	if err != nil {
  8449  		return nil, err
  8450  	}
  8451  	c.urlParams_.Set("alt", alt)
  8452  	c.urlParams_.Set("prettyPrint", "false")
  8453  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeyVersions:import")
  8454  	urls += "?" + c.urlParams_.Encode()
  8455  	req, err := http.NewRequest("POST", urls, body)
  8456  	if err != nil {
  8457  		return nil, err
  8458  	}
  8459  	req.Header = reqHeaders
  8460  	googleapi.Expand(req.URL, map[string]string{
  8461  		"parent": c.parent,
  8462  	})
  8463  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8464  }
  8465  
  8466  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.import" call.
  8467  // Any non-2xx status code is an error. Response headers are in either
  8468  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  8469  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8470  // check whether the returned error was because http.StatusNotModified was
  8471  // returned.
  8472  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsImportCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  8473  	gensupport.SetOptions(c.urlParams_, opts...)
  8474  	res, err := c.doRequest("json")
  8475  	if res != nil && res.StatusCode == http.StatusNotModified {
  8476  		if res.Body != nil {
  8477  			res.Body.Close()
  8478  		}
  8479  		return nil, gensupport.WrapError(&googleapi.Error{
  8480  			Code:   res.StatusCode,
  8481  			Header: res.Header,
  8482  		})
  8483  	}
  8484  	if err != nil {
  8485  		return nil, err
  8486  	}
  8487  	defer googleapi.CloseBody(res)
  8488  	if err := googleapi.CheckResponse(res); err != nil {
  8489  		return nil, gensupport.WrapError(err)
  8490  	}
  8491  	ret := &CryptoKeyVersion{
  8492  		ServerResponse: googleapi.ServerResponse{
  8493  			Header:         res.Header,
  8494  			HTTPStatusCode: res.StatusCode,
  8495  		},
  8496  	}
  8497  	target := &ret
  8498  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8499  		return nil, err
  8500  	}
  8501  	return ret, nil
  8502  }
  8503  
  8504  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall struct {
  8505  	s            *Service
  8506  	parent       string
  8507  	urlParams_   gensupport.URLParams
  8508  	ifNoneMatch_ string
  8509  	ctx_         context.Context
  8510  	header_      http.Header
  8511  }
  8512  
  8513  // List: Lists CryptoKeyVersions.
  8514  //
  8515  //   - parent: The resource name of the CryptoKey to list, in the format
  8516  //     `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
  8517  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) List(parent string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8518  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8519  	c.parent = parent
  8520  	return c
  8521  }
  8522  
  8523  // Filter sets the optional parameter "filter": Only include resources that
  8524  // match the filter in the response. For more information, see Sorting and
  8525  // filtering list results
  8526  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  8527  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Filter(filter string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8528  	c.urlParams_.Set("filter", filter)
  8529  	return c
  8530  }
  8531  
  8532  // OrderBy sets the optional parameter "orderBy": Specify how the results
  8533  // should be sorted. If not specified, the results will be sorted in the
  8534  // default order. For more information, see Sorting and filtering list results
  8535  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  8536  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) OrderBy(orderBy string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8537  	c.urlParams_.Set("orderBy", orderBy)
  8538  	return c
  8539  }
  8540  
  8541  // PageSize sets the optional parameter "pageSize": Optional limit on the
  8542  // number of CryptoKeyVersions to include in the response. Further
  8543  // CryptoKeyVersions can subsequently be obtained by including the
  8544  // ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If
  8545  // unspecified, the server will pick an appropriate default.
  8546  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8547  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  8548  	return c
  8549  }
  8550  
  8551  // PageToken sets the optional parameter "pageToken": Optional pagination
  8552  // token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.
  8553  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8554  	c.urlParams_.Set("pageToken", pageToken)
  8555  	return c
  8556  }
  8557  
  8558  // View sets the optional parameter "view": The fields to include in the
  8559  // response.
  8560  //
  8561  // Possible values:
  8562  //
  8563  //	"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED" - Default view for each
  8564  //
  8565  // CryptoKeyVersion. Does not include the attestation field.
  8566  //
  8567  //	"FULL" - Provides all fields in each CryptoKeyVersion, including the
  8568  //
  8569  // attestation.
  8570  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) View(view string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8571  	c.urlParams_.Set("view", view)
  8572  	return c
  8573  }
  8574  
  8575  // Fields allows partial responses to be retrieved. See
  8576  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8577  // details.
  8578  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8579  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8580  	return c
  8581  }
  8582  
  8583  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  8584  // object's ETag matches the given value. This is useful for getting updates
  8585  // only after the object has changed since the last request.
  8586  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8587  	c.ifNoneMatch_ = entityTag
  8588  	return c
  8589  }
  8590  
  8591  // Context sets the context to be used in this call's Do method.
  8592  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall {
  8593  	c.ctx_ = ctx
  8594  	return c
  8595  }
  8596  
  8597  // Header returns a http.Header that can be modified by the caller to add
  8598  // headers to the request.
  8599  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Header() http.Header {
  8600  	if c.header_ == nil {
  8601  		c.header_ = make(http.Header)
  8602  	}
  8603  	return c.header_
  8604  }
  8605  
  8606  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) doRequest(alt string) (*http.Response, error) {
  8607  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  8608  	if c.ifNoneMatch_ != "" {
  8609  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  8610  	}
  8611  	var body io.Reader = nil
  8612  	c.urlParams_.Set("alt", alt)
  8613  	c.urlParams_.Set("prettyPrint", "false")
  8614  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeyVersions")
  8615  	urls += "?" + c.urlParams_.Encode()
  8616  	req, err := http.NewRequest("GET", urls, body)
  8617  	if err != nil {
  8618  		return nil, err
  8619  	}
  8620  	req.Header = reqHeaders
  8621  	googleapi.Expand(req.URL, map[string]string{
  8622  		"parent": c.parent,
  8623  	})
  8624  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8625  }
  8626  
  8627  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list" call.
  8628  // Any non-2xx status code is an error. Response headers are in either
  8629  // *ListCryptoKeyVersionsResponse.ServerResponse.Header or (if a response was
  8630  // returned at all) in error.(*googleapi.Error).Header. Use
  8631  // googleapi.IsNotModified to check whether the returned error was because
  8632  // http.StatusNotModified was returned.
  8633  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Do(opts ...googleapi.CallOption) (*ListCryptoKeyVersionsResponse, error) {
  8634  	gensupport.SetOptions(c.urlParams_, opts...)
  8635  	res, err := c.doRequest("json")
  8636  	if res != nil && res.StatusCode == http.StatusNotModified {
  8637  		if res.Body != nil {
  8638  			res.Body.Close()
  8639  		}
  8640  		return nil, gensupport.WrapError(&googleapi.Error{
  8641  			Code:   res.StatusCode,
  8642  			Header: res.Header,
  8643  		})
  8644  	}
  8645  	if err != nil {
  8646  		return nil, err
  8647  	}
  8648  	defer googleapi.CloseBody(res)
  8649  	if err := googleapi.CheckResponse(res); err != nil {
  8650  		return nil, gensupport.WrapError(err)
  8651  	}
  8652  	ret := &ListCryptoKeyVersionsResponse{
  8653  		ServerResponse: googleapi.ServerResponse{
  8654  			Header:         res.Header,
  8655  			HTTPStatusCode: res.StatusCode,
  8656  		},
  8657  	}
  8658  	target := &ret
  8659  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8660  		return nil, err
  8661  	}
  8662  	return ret, nil
  8663  }
  8664  
  8665  // Pages invokes f for each page of results.
  8666  // A non-nil error returned from f will halt the iteration.
  8667  // The provided context supersedes any context provided to the Context method.
  8668  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Pages(ctx context.Context, f func(*ListCryptoKeyVersionsResponse) error) error {
  8669  	c.ctx_ = ctx
  8670  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  8671  	for {
  8672  		x, err := c.Do()
  8673  		if err != nil {
  8674  			return err
  8675  		}
  8676  		if err := f(x); err != nil {
  8677  			return err
  8678  		}
  8679  		if x.NextPageToken == "" {
  8680  			return nil
  8681  		}
  8682  		c.PageToken(x.NextPageToken)
  8683  	}
  8684  }
  8685  
  8686  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall struct {
  8687  	s              *Service
  8688  	name           string
  8689  	macsignrequest *MacSignRequest
  8690  	urlParams_     gensupport.URLParams
  8691  	ctx_           context.Context
  8692  	header_        http.Header
  8693  }
  8694  
  8695  // MacSign: Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC,
  8696  // producing a tag that can be verified by another source with the same key.
  8697  //
  8698  // - name: The resource name of the CryptoKeyVersion to use for signing.
  8699  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) MacSign(name string, macsignrequest *MacSignRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall {
  8700  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8701  	c.name = name
  8702  	c.macsignrequest = macsignrequest
  8703  	return c
  8704  }
  8705  
  8706  // Fields allows partial responses to be retrieved. See
  8707  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8708  // details.
  8709  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall {
  8710  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8711  	return c
  8712  }
  8713  
  8714  // Context sets the context to be used in this call's Do method.
  8715  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall {
  8716  	c.ctx_ = ctx
  8717  	return c
  8718  }
  8719  
  8720  // Header returns a http.Header that can be modified by the caller to add
  8721  // headers to the request.
  8722  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall) Header() http.Header {
  8723  	if c.header_ == nil {
  8724  		c.header_ = make(http.Header)
  8725  	}
  8726  	return c.header_
  8727  }
  8728  
  8729  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall) doRequest(alt string) (*http.Response, error) {
  8730  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8731  	var body io.Reader = nil
  8732  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.macsignrequest)
  8733  	if err != nil {
  8734  		return nil, err
  8735  	}
  8736  	c.urlParams_.Set("alt", alt)
  8737  	c.urlParams_.Set("prettyPrint", "false")
  8738  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:macSign")
  8739  	urls += "?" + c.urlParams_.Encode()
  8740  	req, err := http.NewRequest("POST", urls, body)
  8741  	if err != nil {
  8742  		return nil, err
  8743  	}
  8744  	req.Header = reqHeaders
  8745  	googleapi.Expand(req.URL, map[string]string{
  8746  		"name": c.name,
  8747  	})
  8748  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8749  }
  8750  
  8751  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.macSign" call.
  8752  // Any non-2xx status code is an error. Response headers are in either
  8753  // *MacSignResponse.ServerResponse.Header or (if a response was returned at
  8754  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8755  // check whether the returned error was because http.StatusNotModified was
  8756  // returned.
  8757  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacSignCall) Do(opts ...googleapi.CallOption) (*MacSignResponse, error) {
  8758  	gensupport.SetOptions(c.urlParams_, opts...)
  8759  	res, err := c.doRequest("json")
  8760  	if res != nil && res.StatusCode == http.StatusNotModified {
  8761  		if res.Body != nil {
  8762  			res.Body.Close()
  8763  		}
  8764  		return nil, gensupport.WrapError(&googleapi.Error{
  8765  			Code:   res.StatusCode,
  8766  			Header: res.Header,
  8767  		})
  8768  	}
  8769  	if err != nil {
  8770  		return nil, err
  8771  	}
  8772  	defer googleapi.CloseBody(res)
  8773  	if err := googleapi.CheckResponse(res); err != nil {
  8774  		return nil, gensupport.WrapError(err)
  8775  	}
  8776  	ret := &MacSignResponse{
  8777  		ServerResponse: googleapi.ServerResponse{
  8778  			Header:         res.Header,
  8779  			HTTPStatusCode: res.StatusCode,
  8780  		},
  8781  	}
  8782  	target := &ret
  8783  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8784  		return nil, err
  8785  	}
  8786  	return ret, nil
  8787  }
  8788  
  8789  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall struct {
  8790  	s                *Service
  8791  	name             string
  8792  	macverifyrequest *MacVerifyRequest
  8793  	urlParams_       gensupport.URLParams
  8794  	ctx_             context.Context
  8795  	header_          http.Header
  8796  }
  8797  
  8798  // MacVerify: Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose
  8799  // MAC, and returns a response that indicates whether or not the verification
  8800  // was successful.
  8801  //
  8802  // - name: The resource name of the CryptoKeyVersion to use for verification.
  8803  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) MacVerify(name string, macverifyrequest *MacVerifyRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall {
  8804  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8805  	c.name = name
  8806  	c.macverifyrequest = macverifyrequest
  8807  	return c
  8808  }
  8809  
  8810  // Fields allows partial responses to be retrieved. See
  8811  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8812  // details.
  8813  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall {
  8814  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8815  	return c
  8816  }
  8817  
  8818  // Context sets the context to be used in this call's Do method.
  8819  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall {
  8820  	c.ctx_ = ctx
  8821  	return c
  8822  }
  8823  
  8824  // Header returns a http.Header that can be modified by the caller to add
  8825  // headers to the request.
  8826  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall) Header() http.Header {
  8827  	if c.header_ == nil {
  8828  		c.header_ = make(http.Header)
  8829  	}
  8830  	return c.header_
  8831  }
  8832  
  8833  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall) doRequest(alt string) (*http.Response, error) {
  8834  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8835  	var body io.Reader = nil
  8836  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.macverifyrequest)
  8837  	if err != nil {
  8838  		return nil, err
  8839  	}
  8840  	c.urlParams_.Set("alt", alt)
  8841  	c.urlParams_.Set("prettyPrint", "false")
  8842  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:macVerify")
  8843  	urls += "?" + c.urlParams_.Encode()
  8844  	req, err := http.NewRequest("POST", urls, body)
  8845  	if err != nil {
  8846  		return nil, err
  8847  	}
  8848  	req.Header = reqHeaders
  8849  	googleapi.Expand(req.URL, map[string]string{
  8850  		"name": c.name,
  8851  	})
  8852  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8853  }
  8854  
  8855  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.macVerify" call.
  8856  // Any non-2xx status code is an error. Response headers are in either
  8857  // *MacVerifyResponse.ServerResponse.Header or (if a response was returned at
  8858  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8859  // check whether the returned error was because http.StatusNotModified was
  8860  // returned.
  8861  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsMacVerifyCall) Do(opts ...googleapi.CallOption) (*MacVerifyResponse, error) {
  8862  	gensupport.SetOptions(c.urlParams_, opts...)
  8863  	res, err := c.doRequest("json")
  8864  	if res != nil && res.StatusCode == http.StatusNotModified {
  8865  		if res.Body != nil {
  8866  			res.Body.Close()
  8867  		}
  8868  		return nil, gensupport.WrapError(&googleapi.Error{
  8869  			Code:   res.StatusCode,
  8870  			Header: res.Header,
  8871  		})
  8872  	}
  8873  	if err != nil {
  8874  		return nil, err
  8875  	}
  8876  	defer googleapi.CloseBody(res)
  8877  	if err := googleapi.CheckResponse(res); err != nil {
  8878  		return nil, gensupport.WrapError(err)
  8879  	}
  8880  	ret := &MacVerifyResponse{
  8881  		ServerResponse: googleapi.ServerResponse{
  8882  			Header:         res.Header,
  8883  			HTTPStatusCode: res.StatusCode,
  8884  		},
  8885  	}
  8886  	target := &ret
  8887  	if err := gensupport.DecodeResponse(target, res); err != nil {
  8888  		return nil, err
  8889  	}
  8890  	return ret, nil
  8891  }
  8892  
  8893  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall struct {
  8894  	s                *Service
  8895  	name             string
  8896  	cryptokeyversion *CryptoKeyVersion
  8897  	urlParams_       gensupport.URLParams
  8898  	ctx_             context.Context
  8899  	header_          http.Header
  8900  }
  8901  
  8902  // Patch: Update a CryptoKeyVersion's metadata. state may be changed between
  8903  // ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and
  8904  // RestoreCryptoKeyVersion to move between other states.
  8905  //
  8906  //   - name: Output only. The resource name for this CryptoKeyVersion in the
  8907  //     format
  8908  //     `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  8909  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Patch(name string, cryptokeyversion *CryptoKeyVersion) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall {
  8910  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  8911  	c.name = name
  8912  	c.cryptokeyversion = cryptokeyversion
  8913  	return c
  8914  }
  8915  
  8916  // UpdateMask sets the optional parameter "updateMask": Required. List of
  8917  // fields to be updated in this request.
  8918  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall {
  8919  	c.urlParams_.Set("updateMask", updateMask)
  8920  	return c
  8921  }
  8922  
  8923  // Fields allows partial responses to be retrieved. See
  8924  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  8925  // details.
  8926  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall {
  8927  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  8928  	return c
  8929  }
  8930  
  8931  // Context sets the context to be used in this call's Do method.
  8932  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall {
  8933  	c.ctx_ = ctx
  8934  	return c
  8935  }
  8936  
  8937  // Header returns a http.Header that can be modified by the caller to add
  8938  // headers to the request.
  8939  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Header() http.Header {
  8940  	if c.header_ == nil {
  8941  		c.header_ = make(http.Header)
  8942  	}
  8943  	return c.header_
  8944  }
  8945  
  8946  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) doRequest(alt string) (*http.Response, error) {
  8947  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  8948  	var body io.Reader = nil
  8949  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokeyversion)
  8950  	if err != nil {
  8951  		return nil, err
  8952  	}
  8953  	c.urlParams_.Set("alt", alt)
  8954  	c.urlParams_.Set("prettyPrint", "false")
  8955  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  8956  	urls += "?" + c.urlParams_.Encode()
  8957  	req, err := http.NewRequest("PATCH", urls, body)
  8958  	if err != nil {
  8959  		return nil, err
  8960  	}
  8961  	req.Header = reqHeaders
  8962  	googleapi.Expand(req.URL, map[string]string{
  8963  		"name": c.name,
  8964  	})
  8965  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  8966  }
  8967  
  8968  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch" call.
  8969  // Any non-2xx status code is an error. Response headers are in either
  8970  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  8971  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  8972  // check whether the returned error was because http.StatusNotModified was
  8973  // returned.
  8974  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  8975  	gensupport.SetOptions(c.urlParams_, opts...)
  8976  	res, err := c.doRequest("json")
  8977  	if res != nil && res.StatusCode == http.StatusNotModified {
  8978  		if res.Body != nil {
  8979  			res.Body.Close()
  8980  		}
  8981  		return nil, gensupport.WrapError(&googleapi.Error{
  8982  			Code:   res.StatusCode,
  8983  			Header: res.Header,
  8984  		})
  8985  	}
  8986  	if err != nil {
  8987  		return nil, err
  8988  	}
  8989  	defer googleapi.CloseBody(res)
  8990  	if err := googleapi.CheckResponse(res); err != nil {
  8991  		return nil, gensupport.WrapError(err)
  8992  	}
  8993  	ret := &CryptoKeyVersion{
  8994  		ServerResponse: googleapi.ServerResponse{
  8995  			Header:         res.Header,
  8996  			HTTPStatusCode: res.StatusCode,
  8997  		},
  8998  	}
  8999  	target := &ret
  9000  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9001  		return nil, err
  9002  	}
  9003  	return ret, nil
  9004  }
  9005  
  9006  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall struct {
  9007  	s                 *Service
  9008  	name              string
  9009  	rawdecryptrequest *RawDecryptRequest
  9010  	urlParams_        gensupport.URLParams
  9011  	ctx_              context.Context
  9012  	header_           http.Header
  9013  }
  9014  
  9015  // RawDecrypt: Decrypts data that was originally encrypted using a raw
  9016  // cryptographic mechanism. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
  9017  //
  9018  // - name: The resource name of the CryptoKeyVersion to use for decryption.
  9019  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) RawDecrypt(name string, rawdecryptrequest *RawDecryptRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall {
  9020  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9021  	c.name = name
  9022  	c.rawdecryptrequest = rawdecryptrequest
  9023  	return c
  9024  }
  9025  
  9026  // Fields allows partial responses to be retrieved. See
  9027  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9028  // details.
  9029  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall {
  9030  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9031  	return c
  9032  }
  9033  
  9034  // Context sets the context to be used in this call's Do method.
  9035  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall {
  9036  	c.ctx_ = ctx
  9037  	return c
  9038  }
  9039  
  9040  // Header returns a http.Header that can be modified by the caller to add
  9041  // headers to the request.
  9042  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall) Header() http.Header {
  9043  	if c.header_ == nil {
  9044  		c.header_ = make(http.Header)
  9045  	}
  9046  	return c.header_
  9047  }
  9048  
  9049  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall) doRequest(alt string) (*http.Response, error) {
  9050  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9051  	var body io.Reader = nil
  9052  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.rawdecryptrequest)
  9053  	if err != nil {
  9054  		return nil, err
  9055  	}
  9056  	c.urlParams_.Set("alt", alt)
  9057  	c.urlParams_.Set("prettyPrint", "false")
  9058  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:rawDecrypt")
  9059  	urls += "?" + c.urlParams_.Encode()
  9060  	req, err := http.NewRequest("POST", urls, body)
  9061  	if err != nil {
  9062  		return nil, err
  9063  	}
  9064  	req.Header = reqHeaders
  9065  	googleapi.Expand(req.URL, map[string]string{
  9066  		"name": c.name,
  9067  	})
  9068  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9069  }
  9070  
  9071  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.rawDecrypt" call.
  9072  // Any non-2xx status code is an error. Response headers are in either
  9073  // *RawDecryptResponse.ServerResponse.Header or (if a response was returned at
  9074  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  9075  // check whether the returned error was because http.StatusNotModified was
  9076  // returned.
  9077  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawDecryptCall) Do(opts ...googleapi.CallOption) (*RawDecryptResponse, error) {
  9078  	gensupport.SetOptions(c.urlParams_, opts...)
  9079  	res, err := c.doRequest("json")
  9080  	if res != nil && res.StatusCode == http.StatusNotModified {
  9081  		if res.Body != nil {
  9082  			res.Body.Close()
  9083  		}
  9084  		return nil, gensupport.WrapError(&googleapi.Error{
  9085  			Code:   res.StatusCode,
  9086  			Header: res.Header,
  9087  		})
  9088  	}
  9089  	if err != nil {
  9090  		return nil, err
  9091  	}
  9092  	defer googleapi.CloseBody(res)
  9093  	if err := googleapi.CheckResponse(res); err != nil {
  9094  		return nil, gensupport.WrapError(err)
  9095  	}
  9096  	ret := &RawDecryptResponse{
  9097  		ServerResponse: googleapi.ServerResponse{
  9098  			Header:         res.Header,
  9099  			HTTPStatusCode: res.StatusCode,
  9100  		},
  9101  	}
  9102  	target := &ret
  9103  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9104  		return nil, err
  9105  	}
  9106  	return ret, nil
  9107  }
  9108  
  9109  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall struct {
  9110  	s                 *Service
  9111  	name              string
  9112  	rawencryptrequest *RawEncryptRequest
  9113  	urlParams_        gensupport.URLParams
  9114  	ctx_              context.Context
  9115  	header_           http.Header
  9116  }
  9117  
  9118  // RawEncrypt: Encrypts data using portable cryptographic primitives. Most
  9119  // users should choose Encrypt and Decrypt rather than their raw counterparts.
  9120  // The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
  9121  //
  9122  // - name: The resource name of the CryptoKeyVersion to use for encryption.
  9123  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) RawEncrypt(name string, rawencryptrequest *RawEncryptRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall {
  9124  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9125  	c.name = name
  9126  	c.rawencryptrequest = rawencryptrequest
  9127  	return c
  9128  }
  9129  
  9130  // Fields allows partial responses to be retrieved. See
  9131  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9132  // details.
  9133  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall {
  9134  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9135  	return c
  9136  }
  9137  
  9138  // Context sets the context to be used in this call's Do method.
  9139  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall {
  9140  	c.ctx_ = ctx
  9141  	return c
  9142  }
  9143  
  9144  // Header returns a http.Header that can be modified by the caller to add
  9145  // headers to the request.
  9146  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall) Header() http.Header {
  9147  	if c.header_ == nil {
  9148  		c.header_ = make(http.Header)
  9149  	}
  9150  	return c.header_
  9151  }
  9152  
  9153  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall) doRequest(alt string) (*http.Response, error) {
  9154  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9155  	var body io.Reader = nil
  9156  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.rawencryptrequest)
  9157  	if err != nil {
  9158  		return nil, err
  9159  	}
  9160  	c.urlParams_.Set("alt", alt)
  9161  	c.urlParams_.Set("prettyPrint", "false")
  9162  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:rawEncrypt")
  9163  	urls += "?" + c.urlParams_.Encode()
  9164  	req, err := http.NewRequest("POST", urls, body)
  9165  	if err != nil {
  9166  		return nil, err
  9167  	}
  9168  	req.Header = reqHeaders
  9169  	googleapi.Expand(req.URL, map[string]string{
  9170  		"name": c.name,
  9171  	})
  9172  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9173  }
  9174  
  9175  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.rawEncrypt" call.
  9176  // Any non-2xx status code is an error. Response headers are in either
  9177  // *RawEncryptResponse.ServerResponse.Header or (if a response was returned at
  9178  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  9179  // check whether the returned error was because http.StatusNotModified was
  9180  // returned.
  9181  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRawEncryptCall) Do(opts ...googleapi.CallOption) (*RawEncryptResponse, error) {
  9182  	gensupport.SetOptions(c.urlParams_, opts...)
  9183  	res, err := c.doRequest("json")
  9184  	if res != nil && res.StatusCode == http.StatusNotModified {
  9185  		if res.Body != nil {
  9186  			res.Body.Close()
  9187  		}
  9188  		return nil, gensupport.WrapError(&googleapi.Error{
  9189  			Code:   res.StatusCode,
  9190  			Header: res.Header,
  9191  		})
  9192  	}
  9193  	if err != nil {
  9194  		return nil, err
  9195  	}
  9196  	defer googleapi.CloseBody(res)
  9197  	if err := googleapi.CheckResponse(res); err != nil {
  9198  		return nil, gensupport.WrapError(err)
  9199  	}
  9200  	ret := &RawEncryptResponse{
  9201  		ServerResponse: googleapi.ServerResponse{
  9202  			Header:         res.Header,
  9203  			HTTPStatusCode: res.StatusCode,
  9204  		},
  9205  	}
  9206  	target := &ret
  9207  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9208  		return nil, err
  9209  	}
  9210  	return ret, nil
  9211  }
  9212  
  9213  type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall struct {
  9214  	s                              *Service
  9215  	name                           string
  9216  	restorecryptokeyversionrequest *RestoreCryptoKeyVersionRequest
  9217  	urlParams_                     gensupport.URLParams
  9218  	ctx_                           context.Context
  9219  	header_                        http.Header
  9220  }
  9221  
  9222  // Restore: Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. Upon
  9223  // restoration of the CryptoKeyVersion, state will be set to DISABLED, and
  9224  // destroy_time will be cleared.
  9225  //
  9226  // - name: The resource name of the CryptoKeyVersion to restore.
  9227  func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Restore(name string, restorecryptokeyversionrequest *RestoreCryptoKeyVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall {
  9228  	c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9229  	c.name = name
  9230  	c.restorecryptokeyversionrequest = restorecryptokeyversionrequest
  9231  	return c
  9232  }
  9233  
  9234  // Fields allows partial responses to be retrieved. See
  9235  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9236  // details.
  9237  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall {
  9238  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9239  	return c
  9240  }
  9241  
  9242  // Context sets the context to be used in this call's Do method.
  9243  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall {
  9244  	c.ctx_ = ctx
  9245  	return c
  9246  }
  9247  
  9248  // Header returns a http.Header that can be modified by the caller to add
  9249  // headers to the request.
  9250  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Header() http.Header {
  9251  	if c.header_ == nil {
  9252  		c.header_ = make(http.Header)
  9253  	}
  9254  	return c.header_
  9255  }
  9256  
  9257  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) doRequest(alt string) (*http.Response, error) {
  9258  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9259  	var body io.Reader = nil
  9260  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.restorecryptokeyversionrequest)
  9261  	if err != nil {
  9262  		return nil, err
  9263  	}
  9264  	c.urlParams_.Set("alt", alt)
  9265  	c.urlParams_.Set("prettyPrint", "false")
  9266  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:restore")
  9267  	urls += "?" + c.urlParams_.Encode()
  9268  	req, err := http.NewRequest("POST", urls, body)
  9269  	if err != nil {
  9270  		return nil, err
  9271  	}
  9272  	req.Header = reqHeaders
  9273  	googleapi.Expand(req.URL, map[string]string{
  9274  		"name": c.name,
  9275  	})
  9276  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9277  }
  9278  
  9279  // Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore" call.
  9280  // Any non-2xx status code is an error. Response headers are in either
  9281  // *CryptoKeyVersion.ServerResponse.Header or (if a response was returned at
  9282  // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  9283  // check whether the returned error was because http.StatusNotModified was
  9284  // returned.
  9285  func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) {
  9286  	gensupport.SetOptions(c.urlParams_, opts...)
  9287  	res, err := c.doRequest("json")
  9288  	if res != nil && res.StatusCode == http.StatusNotModified {
  9289  		if res.Body != nil {
  9290  			res.Body.Close()
  9291  		}
  9292  		return nil, gensupport.WrapError(&googleapi.Error{
  9293  			Code:   res.StatusCode,
  9294  			Header: res.Header,
  9295  		})
  9296  	}
  9297  	if err != nil {
  9298  		return nil, err
  9299  	}
  9300  	defer googleapi.CloseBody(res)
  9301  	if err := googleapi.CheckResponse(res); err != nil {
  9302  		return nil, gensupport.WrapError(err)
  9303  	}
  9304  	ret := &CryptoKeyVersion{
  9305  		ServerResponse: googleapi.ServerResponse{
  9306  			Header:         res.Header,
  9307  			HTTPStatusCode: res.StatusCode,
  9308  		},
  9309  	}
  9310  	target := &ret
  9311  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9312  		return nil, err
  9313  	}
  9314  	return ret, nil
  9315  }
  9316  
  9317  type ProjectsLocationsKeyRingsImportJobsCreateCall struct {
  9318  	s          *Service
  9319  	parent     string
  9320  	importjob  *ImportJob
  9321  	urlParams_ gensupport.URLParams
  9322  	ctx_       context.Context
  9323  	header_    http.Header
  9324  }
  9325  
  9326  // Create: Create a new ImportJob within a KeyRing. ImportJob.import_method is
  9327  // required.
  9328  //
  9329  // - parent: The name of the KeyRing associated with the ImportJobs.
  9330  func (r *ProjectsLocationsKeyRingsImportJobsService) Create(parent string, importjob *ImportJob) *ProjectsLocationsKeyRingsImportJobsCreateCall {
  9331  	c := &ProjectsLocationsKeyRingsImportJobsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9332  	c.parent = parent
  9333  	c.importjob = importjob
  9334  	return c
  9335  }
  9336  
  9337  // ImportJobId sets the optional parameter "importJobId": Required. It must be
  9338  // unique within a KeyRing and match the regular expression
  9339  // `[a-zA-Z0-9_-]{1,63}`
  9340  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) ImportJobId(importJobId string) *ProjectsLocationsKeyRingsImportJobsCreateCall {
  9341  	c.urlParams_.Set("importJobId", importJobId)
  9342  	return c
  9343  }
  9344  
  9345  // Fields allows partial responses to be retrieved. See
  9346  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9347  // details.
  9348  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsCreateCall {
  9349  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9350  	return c
  9351  }
  9352  
  9353  // Context sets the context to be used in this call's Do method.
  9354  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsCreateCall {
  9355  	c.ctx_ = ctx
  9356  	return c
  9357  }
  9358  
  9359  // Header returns a http.Header that can be modified by the caller to add
  9360  // headers to the request.
  9361  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) Header() http.Header {
  9362  	if c.header_ == nil {
  9363  		c.header_ = make(http.Header)
  9364  	}
  9365  	return c.header_
  9366  }
  9367  
  9368  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) doRequest(alt string) (*http.Response, error) {
  9369  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9370  	var body io.Reader = nil
  9371  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.importjob)
  9372  	if err != nil {
  9373  		return nil, err
  9374  	}
  9375  	c.urlParams_.Set("alt", alt)
  9376  	c.urlParams_.Set("prettyPrint", "false")
  9377  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/importJobs")
  9378  	urls += "?" + c.urlParams_.Encode()
  9379  	req, err := http.NewRequest("POST", urls, body)
  9380  	if err != nil {
  9381  		return nil, err
  9382  	}
  9383  	req.Header = reqHeaders
  9384  	googleapi.Expand(req.URL, map[string]string{
  9385  		"parent": c.parent,
  9386  	})
  9387  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9388  }
  9389  
  9390  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.create" call.
  9391  // Any non-2xx status code is an error. Response headers are in either
  9392  // *ImportJob.ServerResponse.Header or (if a response was returned at all) in
  9393  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  9394  // whether the returned error was because http.StatusNotModified was returned.
  9395  func (c *ProjectsLocationsKeyRingsImportJobsCreateCall) Do(opts ...googleapi.CallOption) (*ImportJob, error) {
  9396  	gensupport.SetOptions(c.urlParams_, opts...)
  9397  	res, err := c.doRequest("json")
  9398  	if res != nil && res.StatusCode == http.StatusNotModified {
  9399  		if res.Body != nil {
  9400  			res.Body.Close()
  9401  		}
  9402  		return nil, gensupport.WrapError(&googleapi.Error{
  9403  			Code:   res.StatusCode,
  9404  			Header: res.Header,
  9405  		})
  9406  	}
  9407  	if err != nil {
  9408  		return nil, err
  9409  	}
  9410  	defer googleapi.CloseBody(res)
  9411  	if err := googleapi.CheckResponse(res); err != nil {
  9412  		return nil, gensupport.WrapError(err)
  9413  	}
  9414  	ret := &ImportJob{
  9415  		ServerResponse: googleapi.ServerResponse{
  9416  			Header:         res.Header,
  9417  			HTTPStatusCode: res.StatusCode,
  9418  		},
  9419  	}
  9420  	target := &ret
  9421  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9422  		return nil, err
  9423  	}
  9424  	return ret, nil
  9425  }
  9426  
  9427  type ProjectsLocationsKeyRingsImportJobsGetCall struct {
  9428  	s            *Service
  9429  	name         string
  9430  	urlParams_   gensupport.URLParams
  9431  	ifNoneMatch_ string
  9432  	ctx_         context.Context
  9433  	header_      http.Header
  9434  }
  9435  
  9436  // Get: Returns metadata for a given ImportJob.
  9437  //
  9438  // - name: The name of the ImportJob to get.
  9439  func (r *ProjectsLocationsKeyRingsImportJobsService) Get(name string) *ProjectsLocationsKeyRingsImportJobsGetCall {
  9440  	c := &ProjectsLocationsKeyRingsImportJobsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9441  	c.name = name
  9442  	return c
  9443  }
  9444  
  9445  // Fields allows partial responses to be retrieved. See
  9446  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9447  // details.
  9448  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsGetCall {
  9449  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9450  	return c
  9451  }
  9452  
  9453  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  9454  // object's ETag matches the given value. This is useful for getting updates
  9455  // only after the object has changed since the last request.
  9456  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsImportJobsGetCall {
  9457  	c.ifNoneMatch_ = entityTag
  9458  	return c
  9459  }
  9460  
  9461  // Context sets the context to be used in this call's Do method.
  9462  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsGetCall {
  9463  	c.ctx_ = ctx
  9464  	return c
  9465  }
  9466  
  9467  // Header returns a http.Header that can be modified by the caller to add
  9468  // headers to the request.
  9469  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) Header() http.Header {
  9470  	if c.header_ == nil {
  9471  		c.header_ = make(http.Header)
  9472  	}
  9473  	return c.header_
  9474  }
  9475  
  9476  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) doRequest(alt string) (*http.Response, error) {
  9477  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  9478  	if c.ifNoneMatch_ != "" {
  9479  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  9480  	}
  9481  	var body io.Reader = nil
  9482  	c.urlParams_.Set("alt", alt)
  9483  	c.urlParams_.Set("prettyPrint", "false")
  9484  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
  9485  	urls += "?" + c.urlParams_.Encode()
  9486  	req, err := http.NewRequest("GET", urls, body)
  9487  	if err != nil {
  9488  		return nil, err
  9489  	}
  9490  	req.Header = reqHeaders
  9491  	googleapi.Expand(req.URL, map[string]string{
  9492  		"name": c.name,
  9493  	})
  9494  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9495  }
  9496  
  9497  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.get" call.
  9498  // Any non-2xx status code is an error. Response headers are in either
  9499  // *ImportJob.ServerResponse.Header or (if a response was returned at all) in
  9500  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  9501  // whether the returned error was because http.StatusNotModified was returned.
  9502  func (c *ProjectsLocationsKeyRingsImportJobsGetCall) Do(opts ...googleapi.CallOption) (*ImportJob, error) {
  9503  	gensupport.SetOptions(c.urlParams_, opts...)
  9504  	res, err := c.doRequest("json")
  9505  	if res != nil && res.StatusCode == http.StatusNotModified {
  9506  		if res.Body != nil {
  9507  			res.Body.Close()
  9508  		}
  9509  		return nil, gensupport.WrapError(&googleapi.Error{
  9510  			Code:   res.StatusCode,
  9511  			Header: res.Header,
  9512  		})
  9513  	}
  9514  	if err != nil {
  9515  		return nil, err
  9516  	}
  9517  	defer googleapi.CloseBody(res)
  9518  	if err := googleapi.CheckResponse(res); err != nil {
  9519  		return nil, gensupport.WrapError(err)
  9520  	}
  9521  	ret := &ImportJob{
  9522  		ServerResponse: googleapi.ServerResponse{
  9523  			Header:         res.Header,
  9524  			HTTPStatusCode: res.StatusCode,
  9525  		},
  9526  	}
  9527  	target := &ret
  9528  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9529  		return nil, err
  9530  	}
  9531  	return ret, nil
  9532  }
  9533  
  9534  type ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall struct {
  9535  	s            *Service
  9536  	resource     string
  9537  	urlParams_   gensupport.URLParams
  9538  	ifNoneMatch_ string
  9539  	ctx_         context.Context
  9540  	header_      http.Header
  9541  }
  9542  
  9543  // GetIamPolicy: Gets the access control policy for a resource. Returns an
  9544  // empty policy if the resource exists and does not have a policy set.
  9545  //
  9546  //   - resource: REQUIRED: The resource for which the policy is being requested.
  9547  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  9548  //     for the appropriate value for this field.
  9549  func (r *ProjectsLocationsKeyRingsImportJobsService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall {
  9550  	c := &ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9551  	c.resource = resource
  9552  	return c
  9553  }
  9554  
  9555  // OptionsRequestedPolicyVersion sets the optional parameter
  9556  // "options.requestedPolicyVersion": The maximum policy version that will be
  9557  // used to format the policy. Valid values are 0, 1, and 3. Requests specifying
  9558  // an invalid value will be rejected. Requests for policies with any
  9559  // conditional role bindings must specify version 3. Policies with no
  9560  // conditional role bindings may specify any valid value or leave the field
  9561  // unset. The policy in the response might use the policy version that you
  9562  // specified, or it might use a lower policy version. For example, if you
  9563  // specify version 3, but the policy has no conditional role bindings, the
  9564  // response uses version 1. To learn which resources support conditions in
  9565  // their IAM policies, see the IAM documentation
  9566  // (https://cloud.google.com/iam/help/conditions/resource-policies).
  9567  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall {
  9568  	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
  9569  	return c
  9570  }
  9571  
  9572  // Fields allows partial responses to be retrieved. See
  9573  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9574  // details.
  9575  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall {
  9576  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9577  	return c
  9578  }
  9579  
  9580  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  9581  // object's ETag matches the given value. This is useful for getting updates
  9582  // only after the object has changed since the last request.
  9583  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall {
  9584  	c.ifNoneMatch_ = entityTag
  9585  	return c
  9586  }
  9587  
  9588  // Context sets the context to be used in this call's Do method.
  9589  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall {
  9590  	c.ctx_ = ctx
  9591  	return c
  9592  }
  9593  
  9594  // Header returns a http.Header that can be modified by the caller to add
  9595  // headers to the request.
  9596  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) Header() http.Header {
  9597  	if c.header_ == nil {
  9598  		c.header_ = make(http.Header)
  9599  	}
  9600  	return c.header_
  9601  }
  9602  
  9603  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  9604  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  9605  	if c.ifNoneMatch_ != "" {
  9606  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  9607  	}
  9608  	var body io.Reader = nil
  9609  	c.urlParams_.Set("alt", alt)
  9610  	c.urlParams_.Set("prettyPrint", "false")
  9611  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
  9612  	urls += "?" + c.urlParams_.Encode()
  9613  	req, err := http.NewRequest("GET", urls, body)
  9614  	if err != nil {
  9615  		return nil, err
  9616  	}
  9617  	req.Header = reqHeaders
  9618  	googleapi.Expand(req.URL, map[string]string{
  9619  		"resource": c.resource,
  9620  	})
  9621  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9622  }
  9623  
  9624  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.getIamPolicy" call.
  9625  // Any non-2xx status code is an error. Response headers are in either
  9626  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  9627  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  9628  // whether the returned error was because http.StatusNotModified was returned.
  9629  func (c *ProjectsLocationsKeyRingsImportJobsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  9630  	gensupport.SetOptions(c.urlParams_, opts...)
  9631  	res, err := c.doRequest("json")
  9632  	if res != nil && res.StatusCode == http.StatusNotModified {
  9633  		if res.Body != nil {
  9634  			res.Body.Close()
  9635  		}
  9636  		return nil, gensupport.WrapError(&googleapi.Error{
  9637  			Code:   res.StatusCode,
  9638  			Header: res.Header,
  9639  		})
  9640  	}
  9641  	if err != nil {
  9642  		return nil, err
  9643  	}
  9644  	defer googleapi.CloseBody(res)
  9645  	if err := googleapi.CheckResponse(res); err != nil {
  9646  		return nil, gensupport.WrapError(err)
  9647  	}
  9648  	ret := &Policy{
  9649  		ServerResponse: googleapi.ServerResponse{
  9650  			Header:         res.Header,
  9651  			HTTPStatusCode: res.StatusCode,
  9652  		},
  9653  	}
  9654  	target := &ret
  9655  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9656  		return nil, err
  9657  	}
  9658  	return ret, nil
  9659  }
  9660  
  9661  type ProjectsLocationsKeyRingsImportJobsListCall struct {
  9662  	s            *Service
  9663  	parent       string
  9664  	urlParams_   gensupport.URLParams
  9665  	ifNoneMatch_ string
  9666  	ctx_         context.Context
  9667  	header_      http.Header
  9668  }
  9669  
  9670  // List: Lists ImportJobs.
  9671  //
  9672  //   - parent: The resource name of the KeyRing to list, in the format
  9673  //     `projects/*/locations/*/keyRings/*`.
  9674  func (r *ProjectsLocationsKeyRingsImportJobsService) List(parent string) *ProjectsLocationsKeyRingsImportJobsListCall {
  9675  	c := &ProjectsLocationsKeyRingsImportJobsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9676  	c.parent = parent
  9677  	return c
  9678  }
  9679  
  9680  // Filter sets the optional parameter "filter": Only include resources that
  9681  // match the filter in the response. For more information, see Sorting and
  9682  // filtering list results
  9683  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  9684  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Filter(filter string) *ProjectsLocationsKeyRingsImportJobsListCall {
  9685  	c.urlParams_.Set("filter", filter)
  9686  	return c
  9687  }
  9688  
  9689  // OrderBy sets the optional parameter "orderBy": Specify how the results
  9690  // should be sorted. If not specified, the results will be sorted in the
  9691  // default order. For more information, see Sorting and filtering list results
  9692  // (https://cloud.google.com/kms/docs/sorting-and-filtering).
  9693  func (c *ProjectsLocationsKeyRingsImportJobsListCall) OrderBy(orderBy string) *ProjectsLocationsKeyRingsImportJobsListCall {
  9694  	c.urlParams_.Set("orderBy", orderBy)
  9695  	return c
  9696  }
  9697  
  9698  // PageSize sets the optional parameter "pageSize": Optional limit on the
  9699  // number of ImportJobs to include in the response. Further ImportJobs can
  9700  // subsequently be obtained by including the
  9701  // ListImportJobsResponse.next_page_token in a subsequent request. If
  9702  // unspecified, the server will pick an appropriate default.
  9703  func (c *ProjectsLocationsKeyRingsImportJobsListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsImportJobsListCall {
  9704  	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
  9705  	return c
  9706  }
  9707  
  9708  // PageToken sets the optional parameter "pageToken": Optional pagination
  9709  // token, returned earlier via ListImportJobsResponse.next_page_token.
  9710  func (c *ProjectsLocationsKeyRingsImportJobsListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsImportJobsListCall {
  9711  	c.urlParams_.Set("pageToken", pageToken)
  9712  	return c
  9713  }
  9714  
  9715  // Fields allows partial responses to be retrieved. See
  9716  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9717  // details.
  9718  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsListCall {
  9719  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9720  	return c
  9721  }
  9722  
  9723  // IfNoneMatch sets an optional parameter which makes the operation fail if the
  9724  // object's ETag matches the given value. This is useful for getting updates
  9725  // only after the object has changed since the last request.
  9726  func (c *ProjectsLocationsKeyRingsImportJobsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsImportJobsListCall {
  9727  	c.ifNoneMatch_ = entityTag
  9728  	return c
  9729  }
  9730  
  9731  // Context sets the context to be used in this call's Do method.
  9732  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsListCall {
  9733  	c.ctx_ = ctx
  9734  	return c
  9735  }
  9736  
  9737  // Header returns a http.Header that can be modified by the caller to add
  9738  // headers to the request.
  9739  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Header() http.Header {
  9740  	if c.header_ == nil {
  9741  		c.header_ = make(http.Header)
  9742  	}
  9743  	return c.header_
  9744  }
  9745  
  9746  func (c *ProjectsLocationsKeyRingsImportJobsListCall) doRequest(alt string) (*http.Response, error) {
  9747  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
  9748  	if c.ifNoneMatch_ != "" {
  9749  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
  9750  	}
  9751  	var body io.Reader = nil
  9752  	c.urlParams_.Set("alt", alt)
  9753  	c.urlParams_.Set("prettyPrint", "false")
  9754  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/importJobs")
  9755  	urls += "?" + c.urlParams_.Encode()
  9756  	req, err := http.NewRequest("GET", urls, body)
  9757  	if err != nil {
  9758  		return nil, err
  9759  	}
  9760  	req.Header = reqHeaders
  9761  	googleapi.Expand(req.URL, map[string]string{
  9762  		"parent": c.parent,
  9763  	})
  9764  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9765  }
  9766  
  9767  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.list" call.
  9768  // Any non-2xx status code is an error. Response headers are in either
  9769  // *ListImportJobsResponse.ServerResponse.Header or (if a response was returned
  9770  // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
  9771  // check whether the returned error was because http.StatusNotModified was
  9772  // returned.
  9773  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Do(opts ...googleapi.CallOption) (*ListImportJobsResponse, error) {
  9774  	gensupport.SetOptions(c.urlParams_, opts...)
  9775  	res, err := c.doRequest("json")
  9776  	if res != nil && res.StatusCode == http.StatusNotModified {
  9777  		if res.Body != nil {
  9778  			res.Body.Close()
  9779  		}
  9780  		return nil, gensupport.WrapError(&googleapi.Error{
  9781  			Code:   res.StatusCode,
  9782  			Header: res.Header,
  9783  		})
  9784  	}
  9785  	if err != nil {
  9786  		return nil, err
  9787  	}
  9788  	defer googleapi.CloseBody(res)
  9789  	if err := googleapi.CheckResponse(res); err != nil {
  9790  		return nil, gensupport.WrapError(err)
  9791  	}
  9792  	ret := &ListImportJobsResponse{
  9793  		ServerResponse: googleapi.ServerResponse{
  9794  			Header:         res.Header,
  9795  			HTTPStatusCode: res.StatusCode,
  9796  		},
  9797  	}
  9798  	target := &ret
  9799  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9800  		return nil, err
  9801  	}
  9802  	return ret, nil
  9803  }
  9804  
  9805  // Pages invokes f for each page of results.
  9806  // A non-nil error returned from f will halt the iteration.
  9807  // The provided context supersedes any context provided to the Context method.
  9808  func (c *ProjectsLocationsKeyRingsImportJobsListCall) Pages(ctx context.Context, f func(*ListImportJobsResponse) error) error {
  9809  	c.ctx_ = ctx
  9810  	defer c.PageToken(c.urlParams_.Get("pageToken"))
  9811  	for {
  9812  		x, err := c.Do()
  9813  		if err != nil {
  9814  			return err
  9815  		}
  9816  		if err := f(x); err != nil {
  9817  			return err
  9818  		}
  9819  		if x.NextPageToken == "" {
  9820  			return nil
  9821  		}
  9822  		c.PageToken(x.NextPageToken)
  9823  	}
  9824  }
  9825  
  9826  type ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall struct {
  9827  	s                   *Service
  9828  	resource            string
  9829  	setiampolicyrequest *SetIamPolicyRequest
  9830  	urlParams_          gensupport.URLParams
  9831  	ctx_                context.Context
  9832  	header_             http.Header
  9833  }
  9834  
  9835  // SetIamPolicy: Sets the access control policy on the specified resource.
  9836  // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`,
  9837  // and `PERMISSION_DENIED` errors.
  9838  //
  9839  //   - resource: REQUIRED: The resource for which the policy is being specified.
  9840  //     See Resource names (https://cloud.google.com/apis/design/resource_names)
  9841  //     for the appropriate value for this field.
  9842  func (r *ProjectsLocationsKeyRingsImportJobsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall {
  9843  	c := &ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9844  	c.resource = resource
  9845  	c.setiampolicyrequest = setiampolicyrequest
  9846  	return c
  9847  }
  9848  
  9849  // Fields allows partial responses to be retrieved. See
  9850  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9851  // details.
  9852  func (c *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall {
  9853  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9854  	return c
  9855  }
  9856  
  9857  // Context sets the context to be used in this call's Do method.
  9858  func (c *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall {
  9859  	c.ctx_ = ctx
  9860  	return c
  9861  }
  9862  
  9863  // Header returns a http.Header that can be modified by the caller to add
  9864  // headers to the request.
  9865  func (c *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall) Header() http.Header {
  9866  	if c.header_ == nil {
  9867  		c.header_ = make(http.Header)
  9868  	}
  9869  	return c.header_
  9870  }
  9871  
  9872  func (c *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
  9873  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9874  	var body io.Reader = nil
  9875  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
  9876  	if err != nil {
  9877  		return nil, err
  9878  	}
  9879  	c.urlParams_.Set("alt", alt)
  9880  	c.urlParams_.Set("prettyPrint", "false")
  9881  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
  9882  	urls += "?" + c.urlParams_.Encode()
  9883  	req, err := http.NewRequest("POST", urls, body)
  9884  	if err != nil {
  9885  		return nil, err
  9886  	}
  9887  	req.Header = reqHeaders
  9888  	googleapi.Expand(req.URL, map[string]string{
  9889  		"resource": c.resource,
  9890  	})
  9891  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
  9892  }
  9893  
  9894  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.setIamPolicy" call.
  9895  // Any non-2xx status code is an error. Response headers are in either
  9896  // *Policy.ServerResponse.Header or (if a response was returned at all) in
  9897  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
  9898  // whether the returned error was because http.StatusNotModified was returned.
  9899  func (c *ProjectsLocationsKeyRingsImportJobsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
  9900  	gensupport.SetOptions(c.urlParams_, opts...)
  9901  	res, err := c.doRequest("json")
  9902  	if res != nil && res.StatusCode == http.StatusNotModified {
  9903  		if res.Body != nil {
  9904  			res.Body.Close()
  9905  		}
  9906  		return nil, gensupport.WrapError(&googleapi.Error{
  9907  			Code:   res.StatusCode,
  9908  			Header: res.Header,
  9909  		})
  9910  	}
  9911  	if err != nil {
  9912  		return nil, err
  9913  	}
  9914  	defer googleapi.CloseBody(res)
  9915  	if err := googleapi.CheckResponse(res); err != nil {
  9916  		return nil, gensupport.WrapError(err)
  9917  	}
  9918  	ret := &Policy{
  9919  		ServerResponse: googleapi.ServerResponse{
  9920  			Header:         res.Header,
  9921  			HTTPStatusCode: res.StatusCode,
  9922  		},
  9923  	}
  9924  	target := &ret
  9925  	if err := gensupport.DecodeResponse(target, res); err != nil {
  9926  		return nil, err
  9927  	}
  9928  	return ret, nil
  9929  }
  9930  
  9931  type ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall struct {
  9932  	s                         *Service
  9933  	resource                  string
  9934  	testiampermissionsrequest *TestIamPermissionsRequest
  9935  	urlParams_                gensupport.URLParams
  9936  	ctx_                      context.Context
  9937  	header_                   http.Header
  9938  }
  9939  
  9940  // TestIamPermissions: Returns permissions that a caller has on the specified
  9941  // resource. If the resource does not exist, this will return an empty set of
  9942  // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be
  9943  // used for building permission-aware UIs and command-line tools, not for
  9944  // authorization checking. This operation may "fail open" without warning.
  9945  //
  9946  //   - resource: REQUIRED: The resource for which the policy detail is being
  9947  //     requested. See Resource names
  9948  //     (https://cloud.google.com/apis/design/resource_names) for the appropriate
  9949  //     value for this field.
  9950  func (r *ProjectsLocationsKeyRingsImportJobsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall {
  9951  	c := &ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
  9952  	c.resource = resource
  9953  	c.testiampermissionsrequest = testiampermissionsrequest
  9954  	return c
  9955  }
  9956  
  9957  // Fields allows partial responses to be retrieved. See
  9958  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
  9959  // details.
  9960  func (c *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall {
  9961  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
  9962  	return c
  9963  }
  9964  
  9965  // Context sets the context to be used in this call's Do method.
  9966  func (c *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall {
  9967  	c.ctx_ = ctx
  9968  	return c
  9969  }
  9970  
  9971  // Header returns a http.Header that can be modified by the caller to add
  9972  // headers to the request.
  9973  func (c *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall) Header() http.Header {
  9974  	if c.header_ == nil {
  9975  		c.header_ = make(http.Header)
  9976  	}
  9977  	return c.header_
  9978  }
  9979  
  9980  func (c *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
  9981  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_)
  9982  	var body io.Reader = nil
  9983  	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
  9984  	if err != nil {
  9985  		return nil, err
  9986  	}
  9987  	c.urlParams_.Set("alt", alt)
  9988  	c.urlParams_.Set("prettyPrint", "false")
  9989  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
  9990  	urls += "?" + c.urlParams_.Encode()
  9991  	req, err := http.NewRequest("POST", urls, body)
  9992  	if err != nil {
  9993  		return nil, err
  9994  	}
  9995  	req.Header = reqHeaders
  9996  	googleapi.Expand(req.URL, map[string]string{
  9997  		"resource": c.resource,
  9998  	})
  9999  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 10000  }
 10001  
 10002  // Do executes the "cloudkms.projects.locations.keyRings.importJobs.testIamPermissions" call.
 10003  // Any non-2xx status code is an error. Response headers are in either
 10004  // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was
 10005  // returned at all) in error.(*googleapi.Error).Header. Use
 10006  // googleapi.IsNotModified to check whether the returned error was because
 10007  // http.StatusNotModified was returned.
 10008  func (c *ProjectsLocationsKeyRingsImportJobsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
 10009  	gensupport.SetOptions(c.urlParams_, opts...)
 10010  	res, err := c.doRequest("json")
 10011  	if res != nil && res.StatusCode == http.StatusNotModified {
 10012  		if res.Body != nil {
 10013  			res.Body.Close()
 10014  		}
 10015  		return nil, gensupport.WrapError(&googleapi.Error{
 10016  			Code:   res.StatusCode,
 10017  			Header: res.Header,
 10018  		})
 10019  	}
 10020  	if err != nil {
 10021  		return nil, err
 10022  	}
 10023  	defer googleapi.CloseBody(res)
 10024  	if err := googleapi.CheckResponse(res); err != nil {
 10025  		return nil, gensupport.WrapError(err)
 10026  	}
 10027  	ret := &TestIamPermissionsResponse{
 10028  		ServerResponse: googleapi.ServerResponse{
 10029  			Header:         res.Header,
 10030  			HTTPStatusCode: res.StatusCode,
 10031  		},
 10032  	}
 10033  	target := &ret
 10034  	if err := gensupport.DecodeResponse(target, res); err != nil {
 10035  		return nil, err
 10036  	}
 10037  	return ret, nil
 10038  }
 10039  
 10040  type ProjectsLocationsOperationsGetCall struct {
 10041  	s            *Service
 10042  	name         string
 10043  	urlParams_   gensupport.URLParams
 10044  	ifNoneMatch_ string
 10045  	ctx_         context.Context
 10046  	header_      http.Header
 10047  }
 10048  
 10049  // Get: Gets the latest state of a long-running operation. Clients can use this
 10050  // method to poll the operation result at intervals as recommended by the API
 10051  // service.
 10052  //
 10053  // - name: The name of the operation resource.
 10054  func (r *ProjectsLocationsOperationsService) Get(name string) *ProjectsLocationsOperationsGetCall {
 10055  	c := &ProjectsLocationsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
 10056  	c.name = name
 10057  	return c
 10058  }
 10059  
 10060  // Fields allows partial responses to be retrieved. See
 10061  // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more
 10062  // details.
 10063  func (c *ProjectsLocationsOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsOperationsGetCall {
 10064  	c.urlParams_.Set("fields", googleapi.CombineFields(s))
 10065  	return c
 10066  }
 10067  
 10068  // IfNoneMatch sets an optional parameter which makes the operation fail if the
 10069  // object's ETag matches the given value. This is useful for getting updates
 10070  // only after the object has changed since the last request.
 10071  func (c *ProjectsLocationsOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsOperationsGetCall {
 10072  	c.ifNoneMatch_ = entityTag
 10073  	return c
 10074  }
 10075  
 10076  // Context sets the context to be used in this call's Do method.
 10077  func (c *ProjectsLocationsOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsOperationsGetCall {
 10078  	c.ctx_ = ctx
 10079  	return c
 10080  }
 10081  
 10082  // Header returns a http.Header that can be modified by the caller to add
 10083  // headers to the request.
 10084  func (c *ProjectsLocationsOperationsGetCall) Header() http.Header {
 10085  	if c.header_ == nil {
 10086  		c.header_ = make(http.Header)
 10087  	}
 10088  	return c.header_
 10089  }
 10090  
 10091  func (c *ProjectsLocationsOperationsGetCall) doRequest(alt string) (*http.Response, error) {
 10092  	reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_)
 10093  	if c.ifNoneMatch_ != "" {
 10094  		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
 10095  	}
 10096  	var body io.Reader = nil
 10097  	c.urlParams_.Set("alt", alt)
 10098  	c.urlParams_.Set("prettyPrint", "false")
 10099  	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
 10100  	urls += "?" + c.urlParams_.Encode()
 10101  	req, err := http.NewRequest("GET", urls, body)
 10102  	if err != nil {
 10103  		return nil, err
 10104  	}
 10105  	req.Header = reqHeaders
 10106  	googleapi.Expand(req.URL, map[string]string{
 10107  		"name": c.name,
 10108  	})
 10109  	return gensupport.SendRequest(c.ctx_, c.s.client, req)
 10110  }
 10111  
 10112  // Do executes the "cloudkms.projects.locations.operations.get" call.
 10113  // Any non-2xx status code is an error. Response headers are in either
 10114  // *Operation.ServerResponse.Header or (if a response was returned at all) in
 10115  // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
 10116  // whether the returned error was because http.StatusNotModified was returned.
 10117  func (c *ProjectsLocationsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
 10118  	gensupport.SetOptions(c.urlParams_, opts...)
 10119  	res, err := c.doRequest("json")
 10120  	if res != nil && res.StatusCode == http.StatusNotModified {
 10121  		if res.Body != nil {
 10122  			res.Body.Close()
 10123  		}
 10124  		return nil, gensupport.WrapError(&googleapi.Error{
 10125  			Code:   res.StatusCode,
 10126  			Header: res.Header,
 10127  		})
 10128  	}
 10129  	if err != nil {
 10130  		return nil, err
 10131  	}
 10132  	defer googleapi.CloseBody(res)
 10133  	if err := googleapi.CheckResponse(res); err != nil {
 10134  		return nil, gensupport.WrapError(err)
 10135  	}
 10136  	ret := &Operation{
 10137  		ServerResponse: googleapi.ServerResponse{
 10138  			Header:         res.Header,
 10139  			HTTPStatusCode: res.StatusCode,
 10140  		},
 10141  	}
 10142  	target := &ret
 10143  	if err := gensupport.DecodeResponse(target, res); err != nil {
 10144  		return nil, err
 10145  	}
 10146  	return ret, nil
 10147  }
 10148
View as plain text