1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package kmsinventory provides access to the KMS Inventory API. 8 // 9 // For product documentation, see: https://cloud.google.com/kms/ 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/kmsinventory/v1" 27 // ... 28 // ctx := context.Background() 29 // kmsinventoryService, err := kmsinventory.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // kmsinventoryService, err := kmsinventory.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // kmsinventoryService, err := kmsinventory.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package kmsinventory // import "google.golang.org/api/kmsinventory/v1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "kmsinventory:v1" 90 const apiName = "kmsinventory" 91 const apiVersion = "v1" 92 const basePath = "https://kmsinventory.googleapis.com/" 93 const basePathTemplate = "https://kmsinventory.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://kmsinventory.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.Organizations = NewOrganizationsService(s) 139 s.Projects = NewProjectsService(s) 140 return s, nil 141 } 142 143 type Service struct { 144 client *http.Client 145 BasePath string // API endpoint base URL 146 UserAgent string // optional additional User-Agent fragment 147 148 Organizations *OrganizationsService 149 150 Projects *ProjectsService 151 } 152 153 func (s *Service) userAgent() string { 154 if s.UserAgent == "" { 155 return googleapi.UserAgent 156 } 157 return googleapi.UserAgent + " " + s.UserAgent 158 } 159 160 func NewOrganizationsService(s *Service) *OrganizationsService { 161 rs := &OrganizationsService{s: s} 162 rs.ProtectedResources = NewOrganizationsProtectedResourcesService(s) 163 return rs 164 } 165 166 type OrganizationsService struct { 167 s *Service 168 169 ProtectedResources *OrganizationsProtectedResourcesService 170 } 171 172 func NewOrganizationsProtectedResourcesService(s *Service) *OrganizationsProtectedResourcesService { 173 rs := &OrganizationsProtectedResourcesService{s: s} 174 return rs 175 } 176 177 type OrganizationsProtectedResourcesService struct { 178 s *Service 179 } 180 181 func NewProjectsService(s *Service) *ProjectsService { 182 rs := &ProjectsService{s: s} 183 rs.CryptoKeys = NewProjectsCryptoKeysService(s) 184 rs.Locations = NewProjectsLocationsService(s) 185 return rs 186 } 187 188 type ProjectsService struct { 189 s *Service 190 191 CryptoKeys *ProjectsCryptoKeysService 192 193 Locations *ProjectsLocationsService 194 } 195 196 func NewProjectsCryptoKeysService(s *Service) *ProjectsCryptoKeysService { 197 rs := &ProjectsCryptoKeysService{s: s} 198 return rs 199 } 200 201 type ProjectsCryptoKeysService struct { 202 s *Service 203 } 204 205 func NewProjectsLocationsService(s *Service) *ProjectsLocationsService { 206 rs := &ProjectsLocationsService{s: s} 207 rs.KeyRings = NewProjectsLocationsKeyRingsService(s) 208 return rs 209 } 210 211 type ProjectsLocationsService struct { 212 s *Service 213 214 KeyRings *ProjectsLocationsKeyRingsService 215 } 216 217 func NewProjectsLocationsKeyRingsService(s *Service) *ProjectsLocationsKeyRingsService { 218 rs := &ProjectsLocationsKeyRingsService{s: s} 219 rs.CryptoKeys = NewProjectsLocationsKeyRingsCryptoKeysService(s) 220 return rs 221 } 222 223 type ProjectsLocationsKeyRingsService struct { 224 s *Service 225 226 CryptoKeys *ProjectsLocationsKeyRingsCryptoKeysService 227 } 228 229 func NewProjectsLocationsKeyRingsCryptoKeysService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysService { 230 rs := &ProjectsLocationsKeyRingsCryptoKeysService{s: s} 231 return rs 232 } 233 234 type ProjectsLocationsKeyRingsCryptoKeysService struct { 235 s *Service 236 } 237 238 // GoogleCloudKmsInventoryV1ListCryptoKeysResponse: Response message for 239 // KeyDashboardService.ListCryptoKeys. 240 type GoogleCloudKmsInventoryV1ListCryptoKeysResponse struct { 241 // CryptoKeys: The list of CryptoKeys. 242 CryptoKeys []*GoogleCloudKmsV1CryptoKey `json:"cryptoKeys,omitempty"` 243 // NextPageToken: The page token returned from the previous response if the 244 // next page is desired. 245 NextPageToken string `json:"nextPageToken,omitempty"` 246 247 // ServerResponse contains the HTTP response code and headers from the server. 248 googleapi.ServerResponse `json:"-"` 249 // ForceSendFields is a list of field names (e.g. "CryptoKeys") to 250 // unconditionally include in API requests. By default, fields with empty or 251 // default values are omitted from API requests. See 252 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 253 // details. 254 ForceSendFields []string `json:"-"` 255 // NullFields is a list of field names (e.g. "CryptoKeys") to include in API 256 // requests with the JSON null value. By default, fields with empty values are 257 // omitted from API requests. See 258 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 259 NullFields []string `json:"-"` 260 } 261 262 func (s *GoogleCloudKmsInventoryV1ListCryptoKeysResponse) MarshalJSON() ([]byte, error) { 263 type NoMethod GoogleCloudKmsInventoryV1ListCryptoKeysResponse 264 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 265 } 266 267 // GoogleCloudKmsInventoryV1ProtectedResource: Metadata about a resource 268 // protected by a Cloud KMS key. 269 type GoogleCloudKmsInventoryV1ProtectedResource struct { 270 // CloudProduct: The Cloud product that owns the resource. Example: `compute` 271 CloudProduct string `json:"cloudProduct,omitempty"` 272 // CreateTime: Output only. The time at which this resource was created. The 273 // granularity is in seconds. Timestamp.nanos will always be 0. 274 CreateTime string `json:"createTime,omitempty"` 275 // CryptoKeyVersion: The name of the Cloud KMS CryptoKeyVersion 276 // (https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions?hl=en) 277 // used to protect this resource via CMEK. This field is empty if the Google 278 // Cloud product owning the resource does not provide key version data to Asset 279 // Inventory. If there are multiple key versions protecting the resource, then 280 // this is same value as the first element of crypto_key_versions. 281 CryptoKeyVersion string `json:"cryptoKeyVersion,omitempty"` 282 // CryptoKeyVersions: The names of the Cloud KMS CryptoKeyVersion 283 // (https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions?hl=en) 284 // used to protect this resource via CMEK. This field is empty if the Google 285 // Cloud product owning the resource does not provide key versions data to 286 // Asset Inventory. The first element of this field is stored in 287 // crypto_key_version. 288 CryptoKeyVersions []string `json:"cryptoKeyVersions,omitempty"` 289 // Labels: A key-value pair of the resource's labels (v1) to their values. 290 Labels map[string]string `json:"labels,omitempty"` 291 // Location: Location can be `global`, regional like `us-east1`, or zonal like 292 // `us-west1-b`. 293 Location string `json:"location,omitempty"` 294 // Name: The full resource name of the resource. Example: 295 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 296 // nce1`. 297 Name string `json:"name,omitempty"` 298 // Project: Format: `projects/{PROJECT_NUMBER}`. 299 Project string `json:"project,omitempty"` 300 // ProjectId: The ID of the project that owns the resource. 301 ProjectId string `json:"projectId,omitempty"` 302 // ResourceType: Example: `compute.googleapis.com/Disk` 303 ResourceType string `json:"resourceType,omitempty"` 304 // ForceSendFields is a list of field names (e.g. "CloudProduct") to 305 // unconditionally include in API requests. By default, fields with empty or 306 // default values are omitted from API requests. See 307 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 308 // details. 309 ForceSendFields []string `json:"-"` 310 // NullFields is a list of field names (e.g. "CloudProduct") to include in API 311 // requests with the JSON null value. By default, fields with empty values are 312 // omitted from API requests. See 313 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 314 NullFields []string `json:"-"` 315 } 316 317 func (s *GoogleCloudKmsInventoryV1ProtectedResource) MarshalJSON() ([]byte, error) { 318 type NoMethod GoogleCloudKmsInventoryV1ProtectedResource 319 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 320 } 321 322 // GoogleCloudKmsInventoryV1ProtectedResourcesSummary: Aggregate information 323 // about the resources protected by a Cloud KMS key in the same Cloud 324 // organization as the key. 325 type GoogleCloudKmsInventoryV1ProtectedResourcesSummary struct { 326 // CloudProducts: The number of resources protected by the key grouped by Cloud 327 // product. 328 CloudProducts map[string]string `json:"cloudProducts,omitempty"` 329 // Locations: The number of resources protected by the key grouped by region. 330 Locations map[string]string `json:"locations,omitempty"` 331 // Name: The full name of the ProtectedResourcesSummary resource. Example: 332 // projects/test-project/locations/us/keyRings/test-keyring/cryptoKeys/test-key/ 333 // protectedResourcesSummary 334 Name string `json:"name,omitempty"` 335 // ProjectCount: The number of distinct Cloud projects in the same Cloud 336 // organization as the key that have resources protected by the key. 337 ProjectCount int64 `json:"projectCount,omitempty"` 338 // ResourceCount: The total number of protected resources in the same Cloud 339 // organization as the key. 340 ResourceCount int64 `json:"resourceCount,omitempty,string"` 341 // ResourceTypes: The number of resources protected by the key grouped by 342 // resource type. 343 ResourceTypes map[string]string `json:"resourceTypes,omitempty"` 344 345 // ServerResponse contains the HTTP response code and headers from the server. 346 googleapi.ServerResponse `json:"-"` 347 // ForceSendFields is a list of field names (e.g. "CloudProducts") to 348 // unconditionally include in API requests. By default, fields with empty or 349 // default values are omitted from API requests. See 350 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 351 // details. 352 ForceSendFields []string `json:"-"` 353 // NullFields is a list of field names (e.g. "CloudProducts") to include in API 354 // requests with the JSON null value. By default, fields with empty values are 355 // omitted from API requests. See 356 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 357 NullFields []string `json:"-"` 358 } 359 360 func (s *GoogleCloudKmsInventoryV1ProtectedResourcesSummary) MarshalJSON() ([]byte, error) { 361 type NoMethod GoogleCloudKmsInventoryV1ProtectedResourcesSummary 362 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 363 } 364 365 // GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse: Response message 366 // for KeyTrackingService.SearchProtectedResources. 367 type GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse struct { 368 // NextPageToken: A token that can be sent as `page_token` to retrieve the next 369 // page. If this field is omitted, there are no subsequent pages. 370 NextPageToken string `json:"nextPageToken,omitempty"` 371 // ProtectedResources: Protected resources for this page. 372 ProtectedResources []*GoogleCloudKmsInventoryV1ProtectedResource `json:"protectedResources,omitempty"` 373 374 // ServerResponse contains the HTTP response code and headers from the server. 375 googleapi.ServerResponse `json:"-"` 376 // ForceSendFields is a list of field names (e.g. "NextPageToken") to 377 // unconditionally include in API requests. By default, fields with empty or 378 // default values are omitted from API requests. See 379 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 380 // details. 381 ForceSendFields []string `json:"-"` 382 // NullFields is a list of field names (e.g. "NextPageToken") to include in API 383 // requests with the JSON null value. By default, fields with empty values are 384 // omitted from API requests. See 385 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 386 NullFields []string `json:"-"` 387 } 388 389 func (s *GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse) MarshalJSON() ([]byte, error) { 390 type NoMethod GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse 391 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 392 } 393 394 // GoogleCloudKmsV1CryptoKey: A CryptoKey represents a logical key that can be 395 // used for cryptographic operations. A CryptoKey is made up of zero or more 396 // versions, which represent the actual key material used in cryptographic 397 // operations. 398 type GoogleCloudKmsV1CryptoKey struct { 399 // CreateTime: Output only. The time at which this CryptoKey was created. 400 CreateTime string `json:"createTime,omitempty"` 401 // CryptoKeyBackend: Immutable. The resource name of the backend environment 402 // where the key material for all CryptoKeyVersions associated with this 403 // CryptoKey reside and where all related cryptographic operations are 404 // performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of 405 // EXTERNAL_VPC, with the resource name in the format 406 // `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive 407 // and may apply to additional ProtectionLevels in the future. 408 CryptoKeyBackend string `json:"cryptoKeyBackend,omitempty"` 409 // DestroyScheduledDuration: Immutable. The period of time that versions of 410 // this key spend in the DESTROY_SCHEDULED state before transitioning to 411 // DESTROYED. If not specified at creation time, the default duration is 24 412 // hours. 413 DestroyScheduledDuration string `json:"destroyScheduledDuration,omitempty"` 414 // ImportOnly: Immutable. Whether this key may contain imported versions only. 415 ImportOnly bool `json:"importOnly,omitempty"` 416 // Labels: Labels with user-defined metadata. For more information, see 417 // Labeling Keys (https://cloud.google.com/kms/docs/labeling-keys). 418 Labels map[string]string `json:"labels,omitempty"` 419 // Name: Output only. The resource name for this CryptoKey in the format 420 // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. 421 Name string `json:"name,omitempty"` 422 // NextRotationTime: At next_rotation_time, the Key Management Service will 423 // automatically: 1. Create a new version of this CryptoKey. 2. Mark the new 424 // version as primary. Key rotations performed manually via 425 // CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect 426 // next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic 427 // rotation. For other keys, this field must be omitted. 428 NextRotationTime string `json:"nextRotationTime,omitempty"` 429 // Primary: Output only. A copy of the "primary" CryptoKeyVersion that will be 430 // used by Encrypt when this CryptoKey is given in EncryptRequest.name. The 431 // CryptoKey's primary version can be updated via 432 // UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a 433 // primary. For other keys, this field will be omitted. 434 Primary *GoogleCloudKmsV1CryptoKeyVersion `json:"primary,omitempty"` 435 // Purpose: Immutable. The immutable purpose of this CryptoKey. 436 // 437 // Possible values: 438 // "CRYPTO_KEY_PURPOSE_UNSPECIFIED" - Not specified. 439 // "ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used with Encrypt 440 // and Decrypt. 441 // "ASYMMETRIC_SIGN" - CryptoKeys with this purpose may be used with 442 // AsymmetricSign and GetPublicKey. 443 // "ASYMMETRIC_DECRYPT" - CryptoKeys with this purpose may be used with 444 // AsymmetricDecrypt and GetPublicKey. 445 // "RAW_ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used with 446 // RawEncrypt and RawDecrypt. This purpose is meant to be used for 447 // interoperable symmetric encryption and does not support automatic CryptoKey 448 // rotation. 449 // "MAC" - CryptoKeys with this purpose may be used with MacSign. 450 Purpose string `json:"purpose,omitempty"` 451 // RotationPeriod: next_rotation_time will be advanced by this period when the 452 // service automatically rotates a key. Must be at least 24 hours and at most 453 // 876,000 hours. If rotation_period is set, next_rotation_time must also be 454 // set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other 455 // keys, this field must be omitted. 456 RotationPeriod string `json:"rotationPeriod,omitempty"` 457 // VersionTemplate: A template describing settings for new CryptoKeyVersion 458 // instances. The properties of new CryptoKeyVersion instances created by 459 // either CreateCryptoKeyVersion or auto-rotation are controlled by this 460 // template. 461 VersionTemplate *GoogleCloudKmsV1CryptoKeyVersionTemplate `json:"versionTemplate,omitempty"` 462 // ForceSendFields is a list of field names (e.g. "CreateTime") to 463 // unconditionally include in API requests. By default, fields with empty or 464 // default values are omitted from API requests. See 465 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 466 // details. 467 ForceSendFields []string `json:"-"` 468 // NullFields is a list of field names (e.g. "CreateTime") to include in API 469 // requests with the JSON null value. By default, fields with empty values are 470 // omitted from API requests. See 471 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 472 NullFields []string `json:"-"` 473 } 474 475 func (s *GoogleCloudKmsV1CryptoKey) MarshalJSON() ([]byte, error) { 476 type NoMethod GoogleCloudKmsV1CryptoKey 477 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 478 } 479 480 // GoogleCloudKmsV1CryptoKeyVersion: A CryptoKeyVersion represents an 481 // individual cryptographic key, and the associated key material. An ENABLED 482 // version can be used for cryptographic operations. For security reasons, the 483 // raw cryptographic key material represented by a CryptoKeyVersion can never 484 // be viewed or exported. It can only be used to encrypt, decrypt, or sign data 485 // when an authorized user or application invokes Cloud KMS. 486 type GoogleCloudKmsV1CryptoKeyVersion struct { 487 // Algorithm: Output only. The CryptoKeyVersionAlgorithm that this 488 // CryptoKeyVersion supports. 489 // 490 // Possible values: 491 // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. 492 // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. 493 // "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys. 494 // "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys. 495 // "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. 496 // "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. 497 // "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys. 498 // "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys. 499 // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest. 500 // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest. 501 // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest. 502 // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest. 503 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a 504 // SHA256 digest. 505 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a 506 // SHA256 digest. 507 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 508 // SHA256 digest. 509 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 510 // SHA512 digest. 511 // "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding, 512 // with a 2048 bit key. 513 // "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding, 514 // with a 3072 bit key. 515 // "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding, 516 // with a 4096 bit key. 517 // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256 518 // digest. 519 // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256 520 // digest. 521 // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256 522 // digest. 523 // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512 524 // digest. 525 // "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest. 526 // "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest. 527 // "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest. 528 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 529 // digest. Other hash functions can also be used: 530 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 531 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 532 // digest. Other hash functions can also be used: 533 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 534 // "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This 535 // curve is only supported for HSM protection level. Other hash functions can 536 // also be used: 537 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 538 // "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as 539 // input). 540 // "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key. 541 // "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key. 542 // "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key. 543 // "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key. 544 // "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key. 545 // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric 546 // encryption by an external key manager. 547 Algorithm string `json:"algorithm,omitempty"` 548 // Attestation: Output only. Statement that was generated and signed by the HSM 549 // at key creation time. Use this statement to verify attributes of the key as 550 // stored on the HSM, independently of Google. Only provided for key versions 551 // with protection_level HSM. 552 Attestation *GoogleCloudKmsV1KeyOperationAttestation `json:"attestation,omitempty"` 553 // CreateTime: Output only. The time at which this CryptoKeyVersion was 554 // created. 555 CreateTime string `json:"createTime,omitempty"` 556 // DestroyEventTime: Output only. The time this CryptoKeyVersion's key material 557 // was destroyed. Only present if state is DESTROYED. 558 DestroyEventTime string `json:"destroyEventTime,omitempty"` 559 // DestroyTime: Output only. The time this CryptoKeyVersion's key material is 560 // scheduled for destruction. Only present if state is DESTROY_SCHEDULED. 561 DestroyTime string `json:"destroyTime,omitempty"` 562 // ExternalDestructionFailureReason: Output only. The root cause of the most 563 // recent external destruction failure. Only present if state is 564 // EXTERNAL_DESTRUCTION_FAILED. 565 ExternalDestructionFailureReason string `json:"externalDestructionFailureReason,omitempty"` 566 // ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a 567 // group of additional fields for configuring a CryptoKeyVersion that are 568 // specific to the EXTERNAL protection level and EXTERNAL_VPC protection 569 // levels. 570 ExternalProtectionLevelOptions *GoogleCloudKmsV1ExternalProtectionLevelOptions `json:"externalProtectionLevelOptions,omitempty"` 571 // GenerateTime: Output only. The time this CryptoKeyVersion's key material was 572 // generated. 573 GenerateTime string `json:"generateTime,omitempty"` 574 // GenerationFailureReason: Output only. The root cause of the most recent 575 // generation failure. Only present if state is GENERATION_FAILED. 576 GenerationFailureReason string `json:"generationFailureReason,omitempty"` 577 // ImportFailureReason: Output only. The root cause of the most recent import 578 // failure. Only present if state is IMPORT_FAILED. 579 ImportFailureReason string `json:"importFailureReason,omitempty"` 580 // ImportJob: Output only. The name of the ImportJob used in the most recent 581 // import of this CryptoKeyVersion. Only present if the underlying key material 582 // was imported. 583 ImportJob string `json:"importJob,omitempty"` 584 // ImportTime: Output only. The time at which this CryptoKeyVersion's key 585 // material was most recently imported. 586 ImportTime string `json:"importTime,omitempty"` 587 // Name: Output only. The resource name for this CryptoKeyVersion in the format 588 // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. 589 Name string `json:"name,omitempty"` 590 // ProtectionLevel: Output only. The ProtectionLevel describing how crypto 591 // operations are performed with this CryptoKeyVersion. 592 // 593 // Possible values: 594 // "PROTECTION_LEVEL_UNSPECIFIED" - Not specified. 595 // "SOFTWARE" - Crypto operations are performed in software. 596 // "HSM" - Crypto operations are performed in a Hardware Security Module. 597 // "EXTERNAL" - Crypto operations are performed by an external key manager. 598 // "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC 599 // backend. 600 ProtectionLevel string `json:"protectionLevel,omitempty"` 601 // ReimportEligible: Output only. Whether or not this key version is eligible 602 // for reimport, by being specified as a target in 603 // ImportCryptoKeyVersionRequest.crypto_key_version. 604 ReimportEligible bool `json:"reimportEligible,omitempty"` 605 // State: The current state of the CryptoKeyVersion. 606 // 607 // Possible values: 608 // "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" - Not specified. 609 // "PENDING_GENERATION" - This version is still being generated. It may not 610 // be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically 611 // mark this version ENABLED as soon as the version is ready. 612 // "ENABLED" - This version may be used for cryptographic operations. 613 // "DISABLED" - This version may not be used, but the key material is still 614 // available, and the version can be placed back into the ENABLED state. 615 // "DESTROYED" - This version is destroyed, and the key material is no longer 616 // stored. This version may only become ENABLED again if this version is 617 // reimport_eligible and the original key material is reimported with a call to 618 // KeyManagementService.ImportCryptoKeyVersion. 619 // "DESTROY_SCHEDULED" - This version is scheduled for destruction, and will 620 // be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the 621 // DISABLED state. 622 // "PENDING_IMPORT" - This version is still being imported. It may not be 623 // used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark 624 // this version ENABLED as soon as the version is ready. 625 // "IMPORT_FAILED" - This version was not imported successfully. It may not 626 // be used, enabled, disabled, or destroyed. The submitted key material has 627 // been discarded. Additional details can be found in 628 // CryptoKeyVersion.import_failure_reason. 629 // "GENERATION_FAILED" - This version was not generated successfully. It may 630 // not be used, enabled, disabled, or destroyed. Additional details can be 631 // found in CryptoKeyVersion.generation_failure_reason. 632 // "PENDING_EXTERNAL_DESTRUCTION" - This version was destroyed, and it may 633 // not be used or enabled again. Cloud KMS is waiting for the corresponding key 634 // material residing in an external key manager to be destroyed. 635 // "EXTERNAL_DESTRUCTION_FAILED" - This version was destroyed, and it may not 636 // be used or enabled again. However, Cloud KMS could not confirm that the 637 // corresponding key material residing in an external key manager was 638 // destroyed. Additional details can be found in 639 // CryptoKeyVersion.external_destruction_failure_reason. 640 State string `json:"state,omitempty"` 641 // ForceSendFields is a list of field names (e.g. "Algorithm") to 642 // unconditionally include in API requests. By default, fields with empty or 643 // default values are omitted from API requests. See 644 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 645 // details. 646 ForceSendFields []string `json:"-"` 647 // NullFields is a list of field names (e.g. "Algorithm") to include in API 648 // requests with the JSON null value. By default, fields with empty values are 649 // omitted from API requests. See 650 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 651 NullFields []string `json:"-"` 652 } 653 654 func (s *GoogleCloudKmsV1CryptoKeyVersion) MarshalJSON() ([]byte, error) { 655 type NoMethod GoogleCloudKmsV1CryptoKeyVersion 656 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 657 } 658 659 // GoogleCloudKmsV1CryptoKeyVersionTemplate: A CryptoKeyVersionTemplate 660 // specifies the properties to use when creating a new CryptoKeyVersion, either 661 // manually with CreateCryptoKeyVersion or automatically as a result of 662 // auto-rotation. 663 type GoogleCloudKmsV1CryptoKeyVersionTemplate struct { 664 // Algorithm: Required. Algorithm to use when creating a CryptoKeyVersion based 665 // on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION 666 // is implied if both this field is omitted and CryptoKey.purpose is 667 // ENCRYPT_DECRYPT. 668 // 669 // Possible values: 670 // "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" - Not specified. 671 // "GOOGLE_SYMMETRIC_ENCRYPTION" - Creates symmetric encryption keys. 672 // "AES_128_GCM" - AES-GCM (Galois Counter Mode) using 128-bit keys. 673 // "AES_256_GCM" - AES-GCM (Galois Counter Mode) using 256-bit keys. 674 // "AES_128_CBC" - AES-CBC (Cipher Block Chaining Mode) using 128-bit keys. 675 // "AES_256_CBC" - AES-CBC (Cipher Block Chaining Mode) using 256-bit keys. 676 // "AES_128_CTR" - AES-CTR (Counter Mode) using 128-bit keys. 677 // "AES_256_CTR" - AES-CTR (Counter Mode) using 256-bit keys. 678 // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest. 679 // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest. 680 // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest. 681 // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest. 682 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a 683 // SHA256 digest. 684 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a 685 // SHA256 digest. 686 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 687 // SHA256 digest. 688 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 689 // SHA512 digest. 690 // "RSA_SIGN_RAW_PKCS1_2048" - RSASSA-PKCS1-v1_5 signing without encoding, 691 // with a 2048 bit key. 692 // "RSA_SIGN_RAW_PKCS1_3072" - RSASSA-PKCS1-v1_5 signing without encoding, 693 // with a 3072 bit key. 694 // "RSA_SIGN_RAW_PKCS1_4096" - RSASSA-PKCS1-v1_5 signing without encoding, 695 // with a 4096 bit key. 696 // "RSA_DECRYPT_OAEP_2048_SHA256" - RSAES-OAEP 2048 bit key with a SHA256 697 // digest. 698 // "RSA_DECRYPT_OAEP_3072_SHA256" - RSAES-OAEP 3072 bit key with a SHA256 699 // digest. 700 // "RSA_DECRYPT_OAEP_4096_SHA256" - RSAES-OAEP 4096 bit key with a SHA256 701 // digest. 702 // "RSA_DECRYPT_OAEP_4096_SHA512" - RSAES-OAEP 4096 bit key with a SHA512 703 // digest. 704 // "RSA_DECRYPT_OAEP_2048_SHA1" - RSAES-OAEP 2048 bit key with a SHA1 digest. 705 // "RSA_DECRYPT_OAEP_3072_SHA1" - RSAES-OAEP 3072 bit key with a SHA1 digest. 706 // "RSA_DECRYPT_OAEP_4096_SHA1" - RSAES-OAEP 4096 bit key with a SHA1 digest. 707 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 708 // digest. Other hash functions can also be used: 709 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 710 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 711 // digest. Other hash functions can also be used: 712 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 713 // "EC_SIGN_SECP256K1_SHA256" - ECDSA on the non-NIST secp256k1 curve. This 714 // curve is only supported for HSM protection level. Other hash functions can 715 // also be used: 716 // https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms 717 // "EC_SIGN_ED25519" - EdDSA on the Curve25519 in pure mode (taking data as 718 // input). 719 // "HMAC_SHA256" - HMAC-SHA256 signing with a 256 bit key. 720 // "HMAC_SHA1" - HMAC-SHA1 signing with a 160 bit key. 721 // "HMAC_SHA384" - HMAC-SHA384 signing with a 384 bit key. 722 // "HMAC_SHA512" - HMAC-SHA512 signing with a 512 bit key. 723 // "HMAC_SHA224" - HMAC-SHA224 signing with a 224 bit key. 724 // "EXTERNAL_SYMMETRIC_ENCRYPTION" - Algorithm representing symmetric 725 // encryption by an external key manager. 726 Algorithm string `json:"algorithm,omitempty"` 727 // ProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion 728 // based on this template. Immutable. Defaults to SOFTWARE. 729 // 730 // Possible values: 731 // "PROTECTION_LEVEL_UNSPECIFIED" - Not specified. 732 // "SOFTWARE" - Crypto operations are performed in software. 733 // "HSM" - Crypto operations are performed in a Hardware Security Module. 734 // "EXTERNAL" - Crypto operations are performed by an external key manager. 735 // "EXTERNAL_VPC" - Crypto operations are performed in an EKM-over-VPC 736 // backend. 737 ProtectionLevel string `json:"protectionLevel,omitempty"` 738 // ForceSendFields is a list of field names (e.g. "Algorithm") to 739 // unconditionally include in API requests. By default, fields with empty or 740 // default values are omitted from API requests. See 741 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 742 // details. 743 ForceSendFields []string `json:"-"` 744 // NullFields is a list of field names (e.g. "Algorithm") to include in API 745 // requests with the JSON null value. By default, fields with empty values are 746 // omitted from API requests. See 747 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 748 NullFields []string `json:"-"` 749 } 750 751 func (s *GoogleCloudKmsV1CryptoKeyVersionTemplate) MarshalJSON() ([]byte, error) { 752 type NoMethod GoogleCloudKmsV1CryptoKeyVersionTemplate 753 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 754 } 755 756 // GoogleCloudKmsV1ExternalProtectionLevelOptions: 757 // ExternalProtectionLevelOptions stores a group of additional fields for 758 // configuring a CryptoKeyVersion that are specific to the EXTERNAL protection 759 // level and EXTERNAL_VPC protection levels. 760 type GoogleCloudKmsV1ExternalProtectionLevelOptions struct { 761 // EkmConnectionKeyPath: The path to the external key material on the EKM when 762 // using EkmConnection e.g., "v0/my/key". Set this field instead of 763 // external_key_uri when using an EkmConnection. 764 EkmConnectionKeyPath string `json:"ekmConnectionKeyPath,omitempty"` 765 // ExternalKeyUri: The URI for an external resource that this CryptoKeyVersion 766 // represents. 767 ExternalKeyUri string `json:"externalKeyUri,omitempty"` 768 // ForceSendFields is a list of field names (e.g. "EkmConnectionKeyPath") to 769 // unconditionally include in API requests. By default, fields with empty or 770 // default values are omitted from API requests. See 771 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 772 // details. 773 ForceSendFields []string `json:"-"` 774 // NullFields is a list of field names (e.g. "EkmConnectionKeyPath") to include 775 // in API requests with the JSON null value. By default, fields with empty 776 // values are omitted from API requests. See 777 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 778 NullFields []string `json:"-"` 779 } 780 781 func (s *GoogleCloudKmsV1ExternalProtectionLevelOptions) MarshalJSON() ([]byte, error) { 782 type NoMethod GoogleCloudKmsV1ExternalProtectionLevelOptions 783 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 784 } 785 786 // GoogleCloudKmsV1KeyOperationAttestation: Contains an HSM-generated 787 // attestation about a key operation. For more information, see [Verifying 788 // attestations] (https://cloud.google.com/kms/docs/attest-key). 789 type GoogleCloudKmsV1KeyOperationAttestation struct { 790 // CertChains: Output only. The certificate chains needed to validate the 791 // attestation 792 CertChains *GoogleCloudKmsV1KeyOperationAttestationCertificateChains `json:"certChains,omitempty"` 793 // Content: Output only. The attestation data provided by the HSM when the key 794 // operation was performed. 795 Content string `json:"content,omitempty"` 796 // Format: Output only. The format of the attestation data. 797 // 798 // Possible values: 799 // "ATTESTATION_FORMAT_UNSPECIFIED" - Not specified. 800 // "CAVIUM_V1_COMPRESSED" - Cavium HSM attestation compressed with gzip. Note 801 // that this format is defined by Cavium and subject to change at any time. See 802 // https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html. 803 // "CAVIUM_V2_COMPRESSED" - Cavium HSM attestation V2 compressed with gzip. 804 // This is a new format introduced in Cavium's version 3.2-08. 805 Format string `json:"format,omitempty"` 806 // ForceSendFields is a list of field names (e.g. "CertChains") to 807 // unconditionally include in API requests. By default, fields with empty or 808 // default values are omitted from API requests. See 809 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 810 // details. 811 ForceSendFields []string `json:"-"` 812 // NullFields is a list of field names (e.g. "CertChains") to include in API 813 // requests with the JSON null value. By default, fields with empty values are 814 // omitted from API requests. See 815 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 816 NullFields []string `json:"-"` 817 } 818 819 func (s *GoogleCloudKmsV1KeyOperationAttestation) MarshalJSON() ([]byte, error) { 820 type NoMethod GoogleCloudKmsV1KeyOperationAttestation 821 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 822 } 823 824 // GoogleCloudKmsV1KeyOperationAttestationCertificateChains: Certificate chains 825 // needed to verify the attestation. Certificates in chains are PEM-encoded and 826 // are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. 827 type GoogleCloudKmsV1KeyOperationAttestationCertificateChains struct { 828 // CaviumCerts: Cavium certificate chain corresponding to the attestation. 829 CaviumCerts []string `json:"caviumCerts,omitempty"` 830 // GoogleCardCerts: Google card certificate chain corresponding to the 831 // attestation. 832 GoogleCardCerts []string `json:"googleCardCerts,omitempty"` 833 // GooglePartitionCerts: Google partition certificate chain corresponding to 834 // the attestation. 835 GooglePartitionCerts []string `json:"googlePartitionCerts,omitempty"` 836 // ForceSendFields is a list of field names (e.g. "CaviumCerts") to 837 // unconditionally include in API requests. By default, fields with empty or 838 // default values are omitted from API requests. See 839 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 840 // details. 841 ForceSendFields []string `json:"-"` 842 // NullFields is a list of field names (e.g. "CaviumCerts") to include in API 843 // requests with the JSON null value. By default, fields with empty values are 844 // omitted from API requests. See 845 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 846 NullFields []string `json:"-"` 847 } 848 849 func (s *GoogleCloudKmsV1KeyOperationAttestationCertificateChains) MarshalJSON() ([]byte, error) { 850 type NoMethod GoogleCloudKmsV1KeyOperationAttestationCertificateChains 851 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 852 } 853 854 type OrganizationsProtectedResourcesSearchCall struct { 855 s *Service 856 scope string 857 urlParams_ gensupport.URLParams 858 ifNoneMatch_ string 859 ctx_ context.Context 860 header_ http.Header 861 } 862 863 // Search: Returns metadata about the resources protected by the given Cloud 864 // KMS CryptoKey in the given Cloud organization. 865 // 866 // - scope: Resource name of the organization. Example: organizations/123. 867 func (r *OrganizationsProtectedResourcesService) Search(scope string) *OrganizationsProtectedResourcesSearchCall { 868 c := &OrganizationsProtectedResourcesSearchCall{s: r.s, urlParams_: make(gensupport.URLParams)} 869 c.scope = scope 870 return c 871 } 872 873 // CryptoKey sets the optional parameter "cryptoKey": Required. The resource 874 // name of the CryptoKey. 875 func (c *OrganizationsProtectedResourcesSearchCall) CryptoKey(cryptoKey string) *OrganizationsProtectedResourcesSearchCall { 876 c.urlParams_.Set("cryptoKey", cryptoKey) 877 return c 878 } 879 880 // PageSize sets the optional parameter "pageSize": The maximum number of 881 // resources to return. The service may return fewer than this value. If 882 // unspecified, at most 500 resources will be returned. The maximum value is 883 // 500; values above 500 will be coerced to 500. 884 func (c *OrganizationsProtectedResourcesSearchCall) PageSize(pageSize int64) *OrganizationsProtectedResourcesSearchCall { 885 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 886 return c 887 } 888 889 // PageToken sets the optional parameter "pageToken": A page token, received 890 // from a previous KeyTrackingService.SearchProtectedResources call. Provide 891 // this to retrieve the subsequent page. When paginating, all other parameters 892 // provided to KeyTrackingService.SearchProtectedResources must match the call 893 // that provided the page token. 894 func (c *OrganizationsProtectedResourcesSearchCall) PageToken(pageToken string) *OrganizationsProtectedResourcesSearchCall { 895 c.urlParams_.Set("pageToken", pageToken) 896 return c 897 } 898 899 // ResourceTypes sets the optional parameter "resourceTypes": A list of 900 // resource types that this request searches for. If empty, it will search all 901 // the trackable resource types 902 // (https://cloud.google.com/kms/docs/view-key-usage#tracked-resource-types). 903 // Regular expressions are also supported. For example: * 904 // `compute.googleapis.com.*` snapshots resources whose type starts with 905 // `compute.googleapis.com`. * `.*Image` snapshots resources whose type ends 906 // with `Image`. * `.*Image.*` snapshots resources whose type contains `Image`. 907 // See RE2 (https://github.com/google/re2/wiki/Syntax) for all supported 908 // regular expression syntax. If the regular expression does not match any 909 // supported resource type, an INVALID_ARGUMENT error will be returned. 910 func (c *OrganizationsProtectedResourcesSearchCall) ResourceTypes(resourceTypes ...string) *OrganizationsProtectedResourcesSearchCall { 911 c.urlParams_.SetMulti("resourceTypes", append([]string{}, resourceTypes...)) 912 return c 913 } 914 915 // Fields allows partial responses to be retrieved. See 916 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 917 // details. 918 func (c *OrganizationsProtectedResourcesSearchCall) Fields(s ...googleapi.Field) *OrganizationsProtectedResourcesSearchCall { 919 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 920 return c 921 } 922 923 // IfNoneMatch sets an optional parameter which makes the operation fail if the 924 // object's ETag matches the given value. This is useful for getting updates 925 // only after the object has changed since the last request. 926 func (c *OrganizationsProtectedResourcesSearchCall) IfNoneMatch(entityTag string) *OrganizationsProtectedResourcesSearchCall { 927 c.ifNoneMatch_ = entityTag 928 return c 929 } 930 931 // Context sets the context to be used in this call's Do method. 932 func (c *OrganizationsProtectedResourcesSearchCall) Context(ctx context.Context) *OrganizationsProtectedResourcesSearchCall { 933 c.ctx_ = ctx 934 return c 935 } 936 937 // Header returns a http.Header that can be modified by the caller to add 938 // headers to the request. 939 func (c *OrganizationsProtectedResourcesSearchCall) Header() http.Header { 940 if c.header_ == nil { 941 c.header_ = make(http.Header) 942 } 943 return c.header_ 944 } 945 946 func (c *OrganizationsProtectedResourcesSearchCall) doRequest(alt string) (*http.Response, error) { 947 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 948 if c.ifNoneMatch_ != "" { 949 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 950 } 951 var body io.Reader = nil 952 c.urlParams_.Set("alt", alt) 953 c.urlParams_.Set("prettyPrint", "false") 954 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+scope}/protectedResources:search") 955 urls += "?" + c.urlParams_.Encode() 956 req, err := http.NewRequest("GET", urls, body) 957 if err != nil { 958 return nil, err 959 } 960 req.Header = reqHeaders 961 googleapi.Expand(req.URL, map[string]string{ 962 "scope": c.scope, 963 }) 964 return gensupport.SendRequest(c.ctx_, c.s.client, req) 965 } 966 967 // Do executes the "kmsinventory.organizations.protectedResources.search" call. 968 // Any non-2xx status code is an error. Response headers are in either 969 // *GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse.ServerResponse.Hea 970 // der or (if a response was returned at all) in 971 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 972 // whether the returned error was because http.StatusNotModified was returned. 973 func (c *OrganizationsProtectedResourcesSearchCall) Do(opts ...googleapi.CallOption) (*GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse, error) { 974 gensupport.SetOptions(c.urlParams_, opts...) 975 res, err := c.doRequest("json") 976 if res != nil && res.StatusCode == http.StatusNotModified { 977 if res.Body != nil { 978 res.Body.Close() 979 } 980 return nil, gensupport.WrapError(&googleapi.Error{ 981 Code: res.StatusCode, 982 Header: res.Header, 983 }) 984 } 985 if err != nil { 986 return nil, err 987 } 988 defer googleapi.CloseBody(res) 989 if err := googleapi.CheckResponse(res); err != nil { 990 return nil, gensupport.WrapError(err) 991 } 992 ret := &GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse{ 993 ServerResponse: googleapi.ServerResponse{ 994 Header: res.Header, 995 HTTPStatusCode: res.StatusCode, 996 }, 997 } 998 target := &ret 999 if err := gensupport.DecodeResponse(target, res); err != nil { 1000 return nil, err 1001 } 1002 return ret, nil 1003 } 1004 1005 // Pages invokes f for each page of results. 1006 // A non-nil error returned from f will halt the iteration. 1007 // The provided context supersedes any context provided to the Context method. 1008 func (c *OrganizationsProtectedResourcesSearchCall) Pages(ctx context.Context, f func(*GoogleCloudKmsInventoryV1SearchProtectedResourcesResponse) error) error { 1009 c.ctx_ = ctx 1010 defer c.PageToken(c.urlParams_.Get("pageToken")) 1011 for { 1012 x, err := c.Do() 1013 if err != nil { 1014 return err 1015 } 1016 if err := f(x); err != nil { 1017 return err 1018 } 1019 if x.NextPageToken == "" { 1020 return nil 1021 } 1022 c.PageToken(x.NextPageToken) 1023 } 1024 } 1025 1026 type ProjectsCryptoKeysListCall struct { 1027 s *Service 1028 parent string 1029 urlParams_ gensupport.URLParams 1030 ifNoneMatch_ string 1031 ctx_ context.Context 1032 header_ http.Header 1033 } 1034 1035 // List: Returns cryptographic keys managed by Cloud KMS in a given Cloud 1036 // project. Note that this data is sourced from snapshots, meaning it may not 1037 // completely reflect the actual state of key metadata at call time. 1038 // 1039 // - parent: The Google Cloud project for which to retrieve key metadata, in 1040 // the format `projects/*`. 1041 func (r *ProjectsCryptoKeysService) List(parent string) *ProjectsCryptoKeysListCall { 1042 c := &ProjectsCryptoKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1043 c.parent = parent 1044 return c 1045 } 1046 1047 // PageSize sets the optional parameter "pageSize": The maximum number of keys 1048 // to return. The service may return fewer than this value. If unspecified, at 1049 // most 1000 keys will be returned. The maximum value is 1000; values above 1050 // 1000 will be coerced to 1000. 1051 func (c *ProjectsCryptoKeysListCall) PageSize(pageSize int64) *ProjectsCryptoKeysListCall { 1052 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 1053 return c 1054 } 1055 1056 // PageToken sets the optional parameter "pageToken": Pass this into a 1057 // subsequent request in order to receive the next page of results. 1058 func (c *ProjectsCryptoKeysListCall) PageToken(pageToken string) *ProjectsCryptoKeysListCall { 1059 c.urlParams_.Set("pageToken", pageToken) 1060 return c 1061 } 1062 1063 // Fields allows partial responses to be retrieved. See 1064 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1065 // details. 1066 func (c *ProjectsCryptoKeysListCall) Fields(s ...googleapi.Field) *ProjectsCryptoKeysListCall { 1067 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1068 return c 1069 } 1070 1071 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1072 // object's ETag matches the given value. This is useful for getting updates 1073 // only after the object has changed since the last request. 1074 func (c *ProjectsCryptoKeysListCall) IfNoneMatch(entityTag string) *ProjectsCryptoKeysListCall { 1075 c.ifNoneMatch_ = entityTag 1076 return c 1077 } 1078 1079 // Context sets the context to be used in this call's Do method. 1080 func (c *ProjectsCryptoKeysListCall) Context(ctx context.Context) *ProjectsCryptoKeysListCall { 1081 c.ctx_ = ctx 1082 return c 1083 } 1084 1085 // Header returns a http.Header that can be modified by the caller to add 1086 // headers to the request. 1087 func (c *ProjectsCryptoKeysListCall) Header() http.Header { 1088 if c.header_ == nil { 1089 c.header_ = make(http.Header) 1090 } 1091 return c.header_ 1092 } 1093 1094 func (c *ProjectsCryptoKeysListCall) doRequest(alt string) (*http.Response, error) { 1095 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1096 if c.ifNoneMatch_ != "" { 1097 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1098 } 1099 var body io.Reader = nil 1100 c.urlParams_.Set("alt", alt) 1101 c.urlParams_.Set("prettyPrint", "false") 1102 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeys") 1103 urls += "?" + c.urlParams_.Encode() 1104 req, err := http.NewRequest("GET", urls, body) 1105 if err != nil { 1106 return nil, err 1107 } 1108 req.Header = reqHeaders 1109 googleapi.Expand(req.URL, map[string]string{ 1110 "parent": c.parent, 1111 }) 1112 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1113 } 1114 1115 // Do executes the "kmsinventory.projects.cryptoKeys.list" call. 1116 // Any non-2xx status code is an error. Response headers are in either 1117 // *GoogleCloudKmsInventoryV1ListCryptoKeysResponse.ServerResponse.Header or 1118 // (if a response was returned at all) in error.(*googleapi.Error).Header. Use 1119 // googleapi.IsNotModified to check whether the returned error was because 1120 // http.StatusNotModified was returned. 1121 func (c *ProjectsCryptoKeysListCall) Do(opts ...googleapi.CallOption) (*GoogleCloudKmsInventoryV1ListCryptoKeysResponse, error) { 1122 gensupport.SetOptions(c.urlParams_, opts...) 1123 res, err := c.doRequest("json") 1124 if res != nil && res.StatusCode == http.StatusNotModified { 1125 if res.Body != nil { 1126 res.Body.Close() 1127 } 1128 return nil, gensupport.WrapError(&googleapi.Error{ 1129 Code: res.StatusCode, 1130 Header: res.Header, 1131 }) 1132 } 1133 if err != nil { 1134 return nil, err 1135 } 1136 defer googleapi.CloseBody(res) 1137 if err := googleapi.CheckResponse(res); err != nil { 1138 return nil, gensupport.WrapError(err) 1139 } 1140 ret := &GoogleCloudKmsInventoryV1ListCryptoKeysResponse{ 1141 ServerResponse: googleapi.ServerResponse{ 1142 Header: res.Header, 1143 HTTPStatusCode: res.StatusCode, 1144 }, 1145 } 1146 target := &ret 1147 if err := gensupport.DecodeResponse(target, res); err != nil { 1148 return nil, err 1149 } 1150 return ret, nil 1151 } 1152 1153 // Pages invokes f for each page of results. 1154 // A non-nil error returned from f will halt the iteration. 1155 // The provided context supersedes any context provided to the Context method. 1156 func (c *ProjectsCryptoKeysListCall) Pages(ctx context.Context, f func(*GoogleCloudKmsInventoryV1ListCryptoKeysResponse) error) error { 1157 c.ctx_ = ctx 1158 defer c.PageToken(c.urlParams_.Get("pageToken")) 1159 for { 1160 x, err := c.Do() 1161 if err != nil { 1162 return err 1163 } 1164 if err := f(x); err != nil { 1165 return err 1166 } 1167 if x.NextPageToken == "" { 1168 return nil 1169 } 1170 c.PageToken(x.NextPageToken) 1171 } 1172 } 1173 1174 type ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall struct { 1175 s *Service 1176 name string 1177 urlParams_ gensupport.URLParams 1178 ifNoneMatch_ string 1179 ctx_ context.Context 1180 header_ http.Header 1181 } 1182 1183 // GetProtectedResourcesSummary: Returns aggregate information about the 1184 // resources protected by the given Cloud KMS CryptoKey. Only resources within 1185 // the same Cloud organization as the key will be returned. The project that 1186 // holds the key must be part of an organization in order for this call to 1187 // succeed. 1188 // 1189 // - name: The resource name of the CryptoKey. 1190 func (r *ProjectsLocationsKeyRingsCryptoKeysService) GetProtectedResourcesSummary(name string) *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall { 1191 c := &ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1192 c.name = name 1193 return c 1194 } 1195 1196 // Fields allows partial responses to be retrieved. See 1197 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1198 // details. 1199 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall { 1200 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1201 return c 1202 } 1203 1204 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1205 // object's ETag matches the given value. This is useful for getting updates 1206 // only after the object has changed since the last request. 1207 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall { 1208 c.ifNoneMatch_ = entityTag 1209 return c 1210 } 1211 1212 // Context sets the context to be used in this call's Do method. 1213 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall { 1214 c.ctx_ = ctx 1215 return c 1216 } 1217 1218 // Header returns a http.Header that can be modified by the caller to add 1219 // headers to the request. 1220 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) Header() http.Header { 1221 if c.header_ == nil { 1222 c.header_ = make(http.Header) 1223 } 1224 return c.header_ 1225 } 1226 1227 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) doRequest(alt string) (*http.Response, error) { 1228 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1229 if c.ifNoneMatch_ != "" { 1230 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1231 } 1232 var body io.Reader = nil 1233 c.urlParams_.Set("alt", alt) 1234 c.urlParams_.Set("prettyPrint", "false") 1235 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/protectedResourcesSummary") 1236 urls += "?" + c.urlParams_.Encode() 1237 req, err := http.NewRequest("GET", urls, body) 1238 if err != nil { 1239 return nil, err 1240 } 1241 req.Header = reqHeaders 1242 googleapi.Expand(req.URL, map[string]string{ 1243 "name": c.name, 1244 }) 1245 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1246 } 1247 1248 // Do executes the "kmsinventory.projects.locations.keyRings.cryptoKeys.getProtectedResourcesSummary" call. 1249 // Any non-2xx status code is an error. Response headers are in either 1250 // *GoogleCloudKmsInventoryV1ProtectedResourcesSummary.ServerResponse.Header or 1251 // (if a response was returned at all) in error.(*googleapi.Error).Header. Use 1252 // googleapi.IsNotModified to check whether the returned error was because 1253 // http.StatusNotModified was returned. 1254 func (c *ProjectsLocationsKeyRingsCryptoKeysGetProtectedResourcesSummaryCall) Do(opts ...googleapi.CallOption) (*GoogleCloudKmsInventoryV1ProtectedResourcesSummary, error) { 1255 gensupport.SetOptions(c.urlParams_, opts...) 1256 res, err := c.doRequest("json") 1257 if res != nil && res.StatusCode == http.StatusNotModified { 1258 if res.Body != nil { 1259 res.Body.Close() 1260 } 1261 return nil, gensupport.WrapError(&googleapi.Error{ 1262 Code: res.StatusCode, 1263 Header: res.Header, 1264 }) 1265 } 1266 if err != nil { 1267 return nil, err 1268 } 1269 defer googleapi.CloseBody(res) 1270 if err := googleapi.CheckResponse(res); err != nil { 1271 return nil, gensupport.WrapError(err) 1272 } 1273 ret := &GoogleCloudKmsInventoryV1ProtectedResourcesSummary{ 1274 ServerResponse: googleapi.ServerResponse{ 1275 Header: res.Header, 1276 HTTPStatusCode: res.StatusCode, 1277 }, 1278 } 1279 target := &ret 1280 if err := gensupport.DecodeResponse(target, res); err != nil { 1281 return nil, err 1282 } 1283 return ret, nil 1284 } 1285