google_cloud_kms_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Cloud Key Management Service (KMS) API.
20///
21/// # Example
22/// ```
23/// # async fn sample() -> gax::client_builder::Result<()> {
24/// # use google_cloud_kms_v1::client::Autokey;
25/// let client = Autokey::builder().build().await?;
26/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
27/// # Ok(()) }
28/// ```
29///
30/// # Service Description
31///
32/// Provides interfaces for using [Cloud KMS
33/// Autokey](https://cloud.google.com/kms/help/autokey) to provision new
34/// [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer Managed
35/// Encryption Key (CMEK) use, on-demand. To support certain client tooling, this
36/// feature is modeled around a [KeyHandle][google.cloud.kms.v1.KeyHandle]
37/// resource: creating a [KeyHandle][google.cloud.kms.v1.KeyHandle] in a resource
38/// project and given location triggers Cloud KMS Autokey to provision a
39/// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the configured key project and
40/// the same location.
41///
42/// Prior to use in a given resource project,
43/// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]
44/// should have been called on an ancestor folder, setting the key project where
45/// Cloud KMS Autokey should create new
46/// [CryptoKeys][google.cloud.kms.v1.CryptoKey]. See documentation for additional
47/// prerequisites. To check what key project, if any, is currently configured on
48/// a resource project's ancestor folder, see
49/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
50///
51/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
52/// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
53/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
54/// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
55///
56/// # Configuration
57///
58/// To configure `Autokey` use the `with_*` methods in the type returned
59/// by [builder()][Autokey::builder]. The default configuration should
60/// work for most applications. Common configuration changes include
61///
62/// * [with_endpoint()]: by default this client uses the global default endpoint
63/// (`https://cloudkms.googleapis.com`). Applications using regional
64/// endpoints or running in restricted networks (e.g. a network configured
65// with [Private Google Access with VPC Service Controls]) may want to
66/// override this default.
67/// * [with_credentials()]: by default this client uses
68/// [Application Default Credentials]. Applications using custom
69/// authentication may need to override this default.
70///
71/// [with_endpoint()]: super::builder::autokey::ClientBuilder::with_endpoint
72/// [with_credentials()]: super::builder::autokey::ClientBuilder::credentials
73/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
74/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
75///
76/// # Pooling and Cloning
77///
78/// `Autokey` holds a connection pool internally, it is advised to
79/// create one and the reuse it. You do not need to wrap `Autokey` in
80/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
81/// already uses an `Arc` internally.
82#[derive(Clone, Debug)]
83pub struct Autokey {
84 inner: std::sync::Arc<dyn super::stub::dynamic::Autokey>,
85}
86
87impl Autokey {
88 /// Returns a builder for [Autokey].
89 ///
90 /// ```
91 /// # async fn sample() -> gax::client_builder::Result<()> {
92 /// # use google_cloud_kms_v1::client::Autokey;
93 /// let client = Autokey::builder().build().await?;
94 /// # Ok(()) }
95 /// ```
96 pub fn builder() -> super::builder::autokey::ClientBuilder {
97 gax::client_builder::internal::new_builder(super::builder::autokey::client::Factory)
98 }
99
100 /// Creates a new client from the provided stub.
101 ///
102 /// The most common case for calling this function is in tests mocking the
103 /// client's behavior.
104 pub fn from_stub<T>(stub: T) -> Self
105 where
106 T: super::stub::Autokey + 'static,
107 {
108 Self {
109 inner: std::sync::Arc::new(stub),
110 }
111 }
112
113 pub(crate) async fn new(
114 config: gaxi::options::ClientConfig,
115 ) -> gax::client_builder::Result<Self> {
116 let inner = Self::build_inner(config).await?;
117 Ok(Self { inner })
118 }
119
120 async fn build_inner(
121 conf: gaxi::options::ClientConfig,
122 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::Autokey>> {
123 if gaxi::options::tracing_enabled(&conf) {
124 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
125 }
126 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
127 }
128
129 async fn build_transport(
130 conf: gaxi::options::ClientConfig,
131 ) -> gax::client_builder::Result<impl super::stub::Autokey> {
132 super::transport::Autokey::new(conf).await
133 }
134
135 async fn build_with_tracing(
136 conf: gaxi::options::ClientConfig,
137 ) -> gax::client_builder::Result<impl super::stub::Autokey> {
138 Self::build_transport(conf)
139 .await
140 .map(super::tracing::Autokey::new)
141 }
142
143 /// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
144 /// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
145 /// use with the given resource type in the configured key project and the same
146 /// location. [GetOperation][google.longrunning.Operations.GetOperation] should
147 /// be used to resolve the resulting long-running operation and get the
148 /// resulting [KeyHandle][google.cloud.kms.v1.KeyHandle] and
149 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
150 ///
151 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
152 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
153 ///
154 /// # Long running operations
155 ///
156 /// This method is used to start, and/or poll a [long-running Operation].
157 /// The [Working with long-running operations] chapter in the [user guide]
158 /// covers these operations in detail.
159 ///
160 /// [long-running operation]: https://google.aip.dev/151
161 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
162 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
163 pub fn create_key_handle(&self) -> super::builder::autokey::CreateKeyHandle {
164 super::builder::autokey::CreateKeyHandle::new(self.inner.clone())
165 }
166
167 /// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
168 ///
169 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
170 pub fn get_key_handle(&self) -> super::builder::autokey::GetKeyHandle {
171 super::builder::autokey::GetKeyHandle::new(self.inner.clone())
172 }
173
174 /// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
175 ///
176 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
177 pub fn list_key_handles(&self) -> super::builder::autokey::ListKeyHandles {
178 super::builder::autokey::ListKeyHandles::new(self.inner.clone())
179 }
180
181 /// Lists information about the supported locations for this service.
182 pub fn list_locations(&self) -> super::builder::autokey::ListLocations {
183 super::builder::autokey::ListLocations::new(self.inner.clone())
184 }
185
186 /// Gets information about a location.
187 pub fn get_location(&self) -> super::builder::autokey::GetLocation {
188 super::builder::autokey::GetLocation::new(self.inner.clone())
189 }
190
191 /// Sets the access control policy on the specified resource. Replaces
192 /// any existing policy.
193 ///
194 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
195 /// errors.
196 pub fn set_iam_policy(&self) -> super::builder::autokey::SetIamPolicy {
197 super::builder::autokey::SetIamPolicy::new(self.inner.clone())
198 }
199
200 /// Gets the access control policy for a resource. Returns an empty policy
201 /// if the resource exists and does not have a policy set.
202 pub fn get_iam_policy(&self) -> super::builder::autokey::GetIamPolicy {
203 super::builder::autokey::GetIamPolicy::new(self.inner.clone())
204 }
205
206 /// Returns permissions that a caller has on the specified resource. If the
207 /// resource does not exist, this will return an empty set of
208 /// permissions, not a `NOT_FOUND` error.
209 ///
210 /// Note: This operation is designed to be used for building
211 /// permission-aware UIs and command-line tools, not for authorization
212 /// checking. This operation may "fail open" without warning.
213 pub fn test_iam_permissions(&self) -> super::builder::autokey::TestIamPermissions {
214 super::builder::autokey::TestIamPermissions::new(self.inner.clone())
215 }
216
217 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
218 ///
219 /// [google.longrunning.Operations]: longrunning::client::Operations
220 pub fn get_operation(&self) -> super::builder::autokey::GetOperation {
221 super::builder::autokey::GetOperation::new(self.inner.clone())
222 }
223}
224
225/// Implements a client for the Cloud Key Management Service (KMS) API.
226///
227/// # Example
228/// ```
229/// # async fn sample() -> gax::client_builder::Result<()> {
230/// # use google_cloud_kms_v1::client::AutokeyAdmin;
231/// let client = AutokeyAdmin::builder().build().await?;
232/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
233/// # Ok(()) }
234/// ```
235///
236/// # Service Description
237///
238/// Provides interfaces for managing [Cloud KMS
239/// Autokey](https://cloud.google.com/kms/help/autokey) folder-level
240/// configurations. A configuration is inherited by all descendent projects. A
241/// configuration at one folder overrides any other configurations in its
242/// ancestry. Setting a configuration on a folder is a prerequisite for Cloud KMS
243/// Autokey, so that users working in a descendant project can request
244/// provisioned [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer
245/// Managed Encryption Key (CMEK) use, on-demand.
246///
247/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
248///
249/// # Configuration
250///
251/// To configure `AutokeyAdmin` use the `with_*` methods in the type returned
252/// by [builder()][AutokeyAdmin::builder]. The default configuration should
253/// work for most applications. Common configuration changes include
254///
255/// * [with_endpoint()]: by default this client uses the global default endpoint
256/// (`https://cloudkms.googleapis.com`). Applications using regional
257/// endpoints or running in restricted networks (e.g. a network configured
258// with [Private Google Access with VPC Service Controls]) may want to
259/// override this default.
260/// * [with_credentials()]: by default this client uses
261/// [Application Default Credentials]. Applications using custom
262/// authentication may need to override this default.
263///
264/// [with_endpoint()]: super::builder::autokey_admin::ClientBuilder::with_endpoint
265/// [with_credentials()]: super::builder::autokey_admin::ClientBuilder::credentials
266/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
267/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
268///
269/// # Pooling and Cloning
270///
271/// `AutokeyAdmin` holds a connection pool internally, it is advised to
272/// create one and the reuse it. You do not need to wrap `AutokeyAdmin` in
273/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
274/// already uses an `Arc` internally.
275#[derive(Clone, Debug)]
276pub struct AutokeyAdmin {
277 inner: std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>,
278}
279
280impl AutokeyAdmin {
281 /// Returns a builder for [AutokeyAdmin].
282 ///
283 /// ```
284 /// # async fn sample() -> gax::client_builder::Result<()> {
285 /// # use google_cloud_kms_v1::client::AutokeyAdmin;
286 /// let client = AutokeyAdmin::builder().build().await?;
287 /// # Ok(()) }
288 /// ```
289 pub fn builder() -> super::builder::autokey_admin::ClientBuilder {
290 gax::client_builder::internal::new_builder(super::builder::autokey_admin::client::Factory)
291 }
292
293 /// Creates a new client from the provided stub.
294 ///
295 /// The most common case for calling this function is in tests mocking the
296 /// client's behavior.
297 pub fn from_stub<T>(stub: T) -> Self
298 where
299 T: super::stub::AutokeyAdmin + 'static,
300 {
301 Self {
302 inner: std::sync::Arc::new(stub),
303 }
304 }
305
306 pub(crate) async fn new(
307 config: gaxi::options::ClientConfig,
308 ) -> gax::client_builder::Result<Self> {
309 let inner = Self::build_inner(config).await?;
310 Ok(Self { inner })
311 }
312
313 async fn build_inner(
314 conf: gaxi::options::ClientConfig,
315 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>> {
316 if gaxi::options::tracing_enabled(&conf) {
317 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
318 }
319 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
320 }
321
322 async fn build_transport(
323 conf: gaxi::options::ClientConfig,
324 ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
325 super::transport::AutokeyAdmin::new(conf).await
326 }
327
328 async fn build_with_tracing(
329 conf: gaxi::options::ClientConfig,
330 ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
331 Self::build_transport(conf)
332 .await
333 .map(super::tracing::AutokeyAdmin::new)
334 }
335
336 /// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
337 /// folder. The caller must have both `cloudkms.autokeyConfigs.update`
338 /// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
339 /// permission on the provided key project. A
340 /// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
341 /// descendant projects will use this configuration to determine where to
342 /// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
343 ///
344 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
345 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
346 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
347 pub fn update_autokey_config(&self) -> super::builder::autokey_admin::UpdateAutokeyConfig {
348 super::builder::autokey_admin::UpdateAutokeyConfig::new(self.inner.clone())
349 }
350
351 /// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
352 /// folder.
353 ///
354 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
355 pub fn get_autokey_config(&self) -> super::builder::autokey_admin::GetAutokeyConfig {
356 super::builder::autokey_admin::GetAutokeyConfig::new(self.inner.clone())
357 }
358
359 /// Returns the effective Cloud KMS Autokey configuration for a given project.
360 pub fn show_effective_autokey_config(
361 &self,
362 ) -> super::builder::autokey_admin::ShowEffectiveAutokeyConfig {
363 super::builder::autokey_admin::ShowEffectiveAutokeyConfig::new(self.inner.clone())
364 }
365
366 /// Lists information about the supported locations for this service.
367 pub fn list_locations(&self) -> super::builder::autokey_admin::ListLocations {
368 super::builder::autokey_admin::ListLocations::new(self.inner.clone())
369 }
370
371 /// Gets information about a location.
372 pub fn get_location(&self) -> super::builder::autokey_admin::GetLocation {
373 super::builder::autokey_admin::GetLocation::new(self.inner.clone())
374 }
375
376 /// Sets the access control policy on the specified resource. Replaces
377 /// any existing policy.
378 ///
379 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
380 /// errors.
381 pub fn set_iam_policy(&self) -> super::builder::autokey_admin::SetIamPolicy {
382 super::builder::autokey_admin::SetIamPolicy::new(self.inner.clone())
383 }
384
385 /// Gets the access control policy for a resource. Returns an empty policy
386 /// if the resource exists and does not have a policy set.
387 pub fn get_iam_policy(&self) -> super::builder::autokey_admin::GetIamPolicy {
388 super::builder::autokey_admin::GetIamPolicy::new(self.inner.clone())
389 }
390
391 /// Returns permissions that a caller has on the specified resource. If the
392 /// resource does not exist, this will return an empty set of
393 /// permissions, not a `NOT_FOUND` error.
394 ///
395 /// Note: This operation is designed to be used for building
396 /// permission-aware UIs and command-line tools, not for authorization
397 /// checking. This operation may "fail open" without warning.
398 pub fn test_iam_permissions(&self) -> super::builder::autokey_admin::TestIamPermissions {
399 super::builder::autokey_admin::TestIamPermissions::new(self.inner.clone())
400 }
401
402 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
403 ///
404 /// [google.longrunning.Operations]: longrunning::client::Operations
405 pub fn get_operation(&self) -> super::builder::autokey_admin::GetOperation {
406 super::builder::autokey_admin::GetOperation::new(self.inner.clone())
407 }
408}
409
410/// Implements a client for the Cloud Key Management Service (KMS) API.
411///
412/// # Example
413/// ```
414/// # async fn sample() -> gax::client_builder::Result<()> {
415/// # use google_cloud_kms_v1::client::EkmService;
416/// let client = EkmService::builder().build().await?;
417/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
418/// # Ok(()) }
419/// ```
420///
421/// # Service Description
422///
423/// Google Cloud Key Management EKM Service
424///
425/// Manages external cryptographic keys and operations using those keys.
426/// Implements a REST model with the following objects:
427///
428/// * [EkmConnection][google.cloud.kms.v1.EkmConnection]
429///
430/// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
431///
432/// # Configuration
433///
434/// To configure `EkmService` use the `with_*` methods in the type returned
435/// by [builder()][EkmService::builder]. The default configuration should
436/// work for most applications. Common configuration changes include
437///
438/// * [with_endpoint()]: by default this client uses the global default endpoint
439/// (`https://cloudkms.googleapis.com`). Applications using regional
440/// endpoints or running in restricted networks (e.g. a network configured
441// with [Private Google Access with VPC Service Controls]) may want to
442/// override this default.
443/// * [with_credentials()]: by default this client uses
444/// [Application Default Credentials]. Applications using custom
445/// authentication may need to override this default.
446///
447/// [with_endpoint()]: super::builder::ekm_service::ClientBuilder::with_endpoint
448/// [with_credentials()]: super::builder::ekm_service::ClientBuilder::credentials
449/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
450/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
451///
452/// # Pooling and Cloning
453///
454/// `EkmService` holds a connection pool internally, it is advised to
455/// create one and the reuse it. You do not need to wrap `EkmService` in
456/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
457/// already uses an `Arc` internally.
458#[derive(Clone, Debug)]
459pub struct EkmService {
460 inner: std::sync::Arc<dyn super::stub::dynamic::EkmService>,
461}
462
463impl EkmService {
464 /// Returns a builder for [EkmService].
465 ///
466 /// ```
467 /// # async fn sample() -> gax::client_builder::Result<()> {
468 /// # use google_cloud_kms_v1::client::EkmService;
469 /// let client = EkmService::builder().build().await?;
470 /// # Ok(()) }
471 /// ```
472 pub fn builder() -> super::builder::ekm_service::ClientBuilder {
473 gax::client_builder::internal::new_builder(super::builder::ekm_service::client::Factory)
474 }
475
476 /// Creates a new client from the provided stub.
477 ///
478 /// The most common case for calling this function is in tests mocking the
479 /// client's behavior.
480 pub fn from_stub<T>(stub: T) -> Self
481 where
482 T: super::stub::EkmService + 'static,
483 {
484 Self {
485 inner: std::sync::Arc::new(stub),
486 }
487 }
488
489 pub(crate) async fn new(
490 config: gaxi::options::ClientConfig,
491 ) -> gax::client_builder::Result<Self> {
492 let inner = Self::build_inner(config).await?;
493 Ok(Self { inner })
494 }
495
496 async fn build_inner(
497 conf: gaxi::options::ClientConfig,
498 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::EkmService>> {
499 if gaxi::options::tracing_enabled(&conf) {
500 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
501 }
502 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
503 }
504
505 async fn build_transport(
506 conf: gaxi::options::ClientConfig,
507 ) -> gax::client_builder::Result<impl super::stub::EkmService> {
508 super::transport::EkmService::new(conf).await
509 }
510
511 async fn build_with_tracing(
512 conf: gaxi::options::ClientConfig,
513 ) -> gax::client_builder::Result<impl super::stub::EkmService> {
514 Self::build_transport(conf)
515 .await
516 .map(super::tracing::EkmService::new)
517 }
518
519 /// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
520 ///
521 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
522 pub fn list_ekm_connections(&self) -> super::builder::ekm_service::ListEkmConnections {
523 super::builder::ekm_service::ListEkmConnections::new(self.inner.clone())
524 }
525
526 /// Returns metadata for a given
527 /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
528 ///
529 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
530 pub fn get_ekm_connection(&self) -> super::builder::ekm_service::GetEkmConnection {
531 super::builder::ekm_service::GetEkmConnection::new(self.inner.clone())
532 }
533
534 /// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
535 /// Project and Location.
536 ///
537 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
538 pub fn create_ekm_connection(&self) -> super::builder::ekm_service::CreateEkmConnection {
539 super::builder::ekm_service::CreateEkmConnection::new(self.inner.clone())
540 }
541
542 /// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
543 ///
544 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
545 pub fn update_ekm_connection(&self) -> super::builder::ekm_service::UpdateEkmConnection {
546 super::builder::ekm_service::UpdateEkmConnection::new(self.inner.clone())
547 }
548
549 /// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
550 /// for a given project and location.
551 ///
552 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
553 pub fn get_ekm_config(&self) -> super::builder::ekm_service::GetEkmConfig {
554 super::builder::ekm_service::GetEkmConfig::new(self.inner.clone())
555 }
556
557 /// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
558 /// for a given project and location.
559 ///
560 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
561 pub fn update_ekm_config(&self) -> super::builder::ekm_service::UpdateEkmConfig {
562 super::builder::ekm_service::UpdateEkmConfig::new(self.inner.clone())
563 }
564
565 /// Verifies that Cloud KMS can successfully connect to the external key
566 /// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
567 /// If there is an error connecting to the EKM, this method returns a
568 /// FAILED_PRECONDITION status containing structured information as described
569 /// at <https://cloud.google.com/kms/docs/reference/ekm_errors>.
570 ///
571 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
572 pub fn verify_connectivity(&self) -> super::builder::ekm_service::VerifyConnectivity {
573 super::builder::ekm_service::VerifyConnectivity::new(self.inner.clone())
574 }
575
576 /// Lists information about the supported locations for this service.
577 pub fn list_locations(&self) -> super::builder::ekm_service::ListLocations {
578 super::builder::ekm_service::ListLocations::new(self.inner.clone())
579 }
580
581 /// Gets information about a location.
582 pub fn get_location(&self) -> super::builder::ekm_service::GetLocation {
583 super::builder::ekm_service::GetLocation::new(self.inner.clone())
584 }
585
586 /// Sets the access control policy on the specified resource. Replaces
587 /// any existing policy.
588 ///
589 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
590 /// errors.
591 pub fn set_iam_policy(&self) -> super::builder::ekm_service::SetIamPolicy {
592 super::builder::ekm_service::SetIamPolicy::new(self.inner.clone())
593 }
594
595 /// Gets the access control policy for a resource. Returns an empty policy
596 /// if the resource exists and does not have a policy set.
597 pub fn get_iam_policy(&self) -> super::builder::ekm_service::GetIamPolicy {
598 super::builder::ekm_service::GetIamPolicy::new(self.inner.clone())
599 }
600
601 /// Returns permissions that a caller has on the specified resource. If the
602 /// resource does not exist, this will return an empty set of
603 /// permissions, not a `NOT_FOUND` error.
604 ///
605 /// Note: This operation is designed to be used for building
606 /// permission-aware UIs and command-line tools, not for authorization
607 /// checking. This operation may "fail open" without warning.
608 pub fn test_iam_permissions(&self) -> super::builder::ekm_service::TestIamPermissions {
609 super::builder::ekm_service::TestIamPermissions::new(self.inner.clone())
610 }
611
612 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
613 ///
614 /// [google.longrunning.Operations]: longrunning::client::Operations
615 pub fn get_operation(&self) -> super::builder::ekm_service::GetOperation {
616 super::builder::ekm_service::GetOperation::new(self.inner.clone())
617 }
618}
619
620/// Implements a client for the Cloud Key Management Service (KMS) API.
621///
622/// # Example
623/// ```
624/// # async fn sample() -> gax::client_builder::Result<()> {
625/// # use google_cloud_kms_v1::client::HsmManagement;
626/// let client = HsmManagement::builder().build().await?;
627/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
628/// # Ok(()) }
629/// ```
630///
631/// # Service Description
632///
633/// Google Cloud HSM Management Service
634///
635/// Provides interfaces for managing HSM instances.
636///
637/// Implements a REST model with the following objects:
638///
639/// * [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]
640/// * [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
641///
642/// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
643/// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
644///
645/// # Configuration
646///
647/// To configure `HsmManagement` use the `with_*` methods in the type returned
648/// by [builder()][HsmManagement::builder]. The default configuration should
649/// work for most applications. Common configuration changes include
650///
651/// * [with_endpoint()]: by default this client uses the global default endpoint
652/// (`https://cloudkms.googleapis.com`). Applications using regional
653/// endpoints or running in restricted networks (e.g. a network configured
654// with [Private Google Access with VPC Service Controls]) may want to
655/// override this default.
656/// * [with_credentials()]: by default this client uses
657/// [Application Default Credentials]. Applications using custom
658/// authentication may need to override this default.
659///
660/// [with_endpoint()]: super::builder::hsm_management::ClientBuilder::with_endpoint
661/// [with_credentials()]: super::builder::hsm_management::ClientBuilder::credentials
662/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
663/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
664///
665/// # Pooling and Cloning
666///
667/// `HsmManagement` holds a connection pool internally, it is advised to
668/// create one and the reuse it. You do not need to wrap `HsmManagement` in
669/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
670/// already uses an `Arc` internally.
671#[derive(Clone, Debug)]
672pub struct HsmManagement {
673 inner: std::sync::Arc<dyn super::stub::dynamic::HsmManagement>,
674}
675
676impl HsmManagement {
677 /// Returns a builder for [HsmManagement].
678 ///
679 /// ```
680 /// # async fn sample() -> gax::client_builder::Result<()> {
681 /// # use google_cloud_kms_v1::client::HsmManagement;
682 /// let client = HsmManagement::builder().build().await?;
683 /// # Ok(()) }
684 /// ```
685 pub fn builder() -> super::builder::hsm_management::ClientBuilder {
686 gax::client_builder::internal::new_builder(super::builder::hsm_management::client::Factory)
687 }
688
689 /// Creates a new client from the provided stub.
690 ///
691 /// The most common case for calling this function is in tests mocking the
692 /// client's behavior.
693 pub fn from_stub<T>(stub: T) -> Self
694 where
695 T: super::stub::HsmManagement + 'static,
696 {
697 Self {
698 inner: std::sync::Arc::new(stub),
699 }
700 }
701
702 pub(crate) async fn new(
703 config: gaxi::options::ClientConfig,
704 ) -> gax::client_builder::Result<Self> {
705 let inner = Self::build_inner(config).await?;
706 Ok(Self { inner })
707 }
708
709 async fn build_inner(
710 conf: gaxi::options::ClientConfig,
711 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::HsmManagement>> {
712 if gaxi::options::tracing_enabled(&conf) {
713 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
714 }
715 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
716 }
717
718 async fn build_transport(
719 conf: gaxi::options::ClientConfig,
720 ) -> gax::client_builder::Result<impl super::stub::HsmManagement> {
721 super::transport::HsmManagement::new(conf).await
722 }
723
724 async fn build_with_tracing(
725 conf: gaxi::options::ClientConfig,
726 ) -> gax::client_builder::Result<impl super::stub::HsmManagement> {
727 Self::build_transport(conf)
728 .await
729 .map(super::tracing::HsmManagement::new)
730 }
731
732 /// Lists
733 /// [SingleTenantHsmInstances][google.cloud.kms.v1.SingleTenantHsmInstance].
734 ///
735 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
736 pub fn list_single_tenant_hsm_instances(
737 &self,
738 ) -> super::builder::hsm_management::ListSingleTenantHsmInstances {
739 super::builder::hsm_management::ListSingleTenantHsmInstances::new(self.inner.clone())
740 }
741
742 /// Returns metadata for a given
743 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance].
744 ///
745 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
746 pub fn get_single_tenant_hsm_instance(
747 &self,
748 ) -> super::builder::hsm_management::GetSingleTenantHsmInstance {
749 super::builder::hsm_management::GetSingleTenantHsmInstance::new(self.inner.clone())
750 }
751
752 /// Creates a new
753 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance] in a
754 /// given Project and Location. User must create a RegisterTwoFactorAuthKeys
755 /// proposal with this single-tenant HSM instance to finish setup of the
756 /// instance.
757 ///
758 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
759 ///
760 /// # Long running operations
761 ///
762 /// This method is used to start, and/or poll a [long-running Operation].
763 /// The [Working with long-running operations] chapter in the [user guide]
764 /// covers these operations in detail.
765 ///
766 /// [long-running operation]: https://google.aip.dev/151
767 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
768 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
769 pub fn create_single_tenant_hsm_instance(
770 &self,
771 ) -> super::builder::hsm_management::CreateSingleTenantHsmInstance {
772 super::builder::hsm_management::CreateSingleTenantHsmInstance::new(self.inner.clone())
773 }
774
775 /// Creates a new
776 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
777 /// for a given
778 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance].
779 ///
780 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
781 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
782 ///
783 /// # Long running operations
784 ///
785 /// This method is used to start, and/or poll a [long-running Operation].
786 /// The [Working with long-running operations] chapter in the [user guide]
787 /// covers these operations in detail.
788 ///
789 /// [long-running operation]: https://google.aip.dev/151
790 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
791 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
792 pub fn create_single_tenant_hsm_instance_proposal(
793 &self,
794 ) -> super::builder::hsm_management::CreateSingleTenantHsmInstanceProposal {
795 super::builder::hsm_management::CreateSingleTenantHsmInstanceProposal::new(
796 self.inner.clone(),
797 )
798 }
799
800 /// Approves a
801 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
802 /// for a given
803 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]. The
804 /// proposal must be in the
805 /// [PENDING][google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.PENDING]
806 /// state.
807 ///
808 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
809 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
810 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.PENDING]: crate::model::single_tenant_hsm_instance_proposal::State::Pending
811 pub fn approve_single_tenant_hsm_instance_proposal(
812 &self,
813 ) -> super::builder::hsm_management::ApproveSingleTenantHsmInstanceProposal {
814 super::builder::hsm_management::ApproveSingleTenantHsmInstanceProposal::new(
815 self.inner.clone(),
816 )
817 }
818
819 /// Executes a
820 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
821 /// for a given
822 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]. The
823 /// proposal must be in the
824 /// [APPROVED][google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.APPROVED]
825 /// state.
826 ///
827 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
828 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
829 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.APPROVED]: crate::model::single_tenant_hsm_instance_proposal::State::Approved
830 ///
831 /// # Long running operations
832 ///
833 /// This method is used to start, and/or poll a [long-running Operation].
834 /// The [Working with long-running operations] chapter in the [user guide]
835 /// covers these operations in detail.
836 ///
837 /// [long-running operation]: https://google.aip.dev/151
838 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
839 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
840 pub fn execute_single_tenant_hsm_instance_proposal(
841 &self,
842 ) -> super::builder::hsm_management::ExecuteSingleTenantHsmInstanceProposal {
843 super::builder::hsm_management::ExecuteSingleTenantHsmInstanceProposal::new(
844 self.inner.clone(),
845 )
846 }
847
848 /// Returns metadata for a given
849 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
850 ///
851 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
852 pub fn get_single_tenant_hsm_instance_proposal(
853 &self,
854 ) -> super::builder::hsm_management::GetSingleTenantHsmInstanceProposal {
855 super::builder::hsm_management::GetSingleTenantHsmInstanceProposal::new(self.inner.clone())
856 }
857
858 /// Lists
859 /// [SingleTenantHsmInstanceProposals][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
860 ///
861 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
862 pub fn list_single_tenant_hsm_instance_proposals(
863 &self,
864 ) -> super::builder::hsm_management::ListSingleTenantHsmInstanceProposals {
865 super::builder::hsm_management::ListSingleTenantHsmInstanceProposals::new(
866 self.inner.clone(),
867 )
868 }
869
870 /// Deletes a
871 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
872 ///
873 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
874 pub fn delete_single_tenant_hsm_instance_proposal(
875 &self,
876 ) -> super::builder::hsm_management::DeleteSingleTenantHsmInstanceProposal {
877 super::builder::hsm_management::DeleteSingleTenantHsmInstanceProposal::new(
878 self.inner.clone(),
879 )
880 }
881
882 /// Lists information about the supported locations for this service.
883 pub fn list_locations(&self) -> super::builder::hsm_management::ListLocations {
884 super::builder::hsm_management::ListLocations::new(self.inner.clone())
885 }
886
887 /// Gets information about a location.
888 pub fn get_location(&self) -> super::builder::hsm_management::GetLocation {
889 super::builder::hsm_management::GetLocation::new(self.inner.clone())
890 }
891
892 /// Sets the access control policy on the specified resource. Replaces
893 /// any existing policy.
894 ///
895 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
896 /// errors.
897 pub fn set_iam_policy(&self) -> super::builder::hsm_management::SetIamPolicy {
898 super::builder::hsm_management::SetIamPolicy::new(self.inner.clone())
899 }
900
901 /// Gets the access control policy for a resource. Returns an empty policy
902 /// if the resource exists and does not have a policy set.
903 pub fn get_iam_policy(&self) -> super::builder::hsm_management::GetIamPolicy {
904 super::builder::hsm_management::GetIamPolicy::new(self.inner.clone())
905 }
906
907 /// Returns permissions that a caller has on the specified resource. If the
908 /// resource does not exist, this will return an empty set of
909 /// permissions, not a `NOT_FOUND` error.
910 ///
911 /// Note: This operation is designed to be used for building
912 /// permission-aware UIs and command-line tools, not for authorization
913 /// checking. This operation may "fail open" without warning.
914 pub fn test_iam_permissions(&self) -> super::builder::hsm_management::TestIamPermissions {
915 super::builder::hsm_management::TestIamPermissions::new(self.inner.clone())
916 }
917
918 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
919 ///
920 /// [google.longrunning.Operations]: longrunning::client::Operations
921 pub fn get_operation(&self) -> super::builder::hsm_management::GetOperation {
922 super::builder::hsm_management::GetOperation::new(self.inner.clone())
923 }
924}
925
926/// Implements a client for the Cloud Key Management Service (KMS) API.
927///
928/// # Example
929/// ```
930/// # async fn sample() -> gax::client_builder::Result<()> {
931/// # use google_cloud_kms_v1::client::KeyManagementService;
932/// let client = KeyManagementService::builder().build().await?;
933/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
934/// # Ok(()) }
935/// ```
936///
937/// # Service Description
938///
939/// Google Cloud Key Management Service
940///
941/// Manages cryptographic keys and operations using those keys. Implements a REST
942/// model with the following objects:
943///
944/// * [KeyRing][google.cloud.kms.v1.KeyRing]
945/// * [CryptoKey][google.cloud.kms.v1.CryptoKey]
946/// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
947/// * [ImportJob][google.cloud.kms.v1.ImportJob]
948///
949/// If you are using manual gRPC libraries, see
950/// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
951///
952/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
953/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
954/// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
955/// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
956///
957/// # Configuration
958///
959/// To configure `KeyManagementService` use the `with_*` methods in the type returned
960/// by [builder()][KeyManagementService::builder]. The default configuration should
961/// work for most applications. Common configuration changes include
962///
963/// * [with_endpoint()]: by default this client uses the global default endpoint
964/// (`https://cloudkms.googleapis.com`). Applications using regional
965/// endpoints or running in restricted networks (e.g. a network configured
966// with [Private Google Access with VPC Service Controls]) may want to
967/// override this default.
968/// * [with_credentials()]: by default this client uses
969/// [Application Default Credentials]. Applications using custom
970/// authentication may need to override this default.
971///
972/// [with_endpoint()]: super::builder::key_management_service::ClientBuilder::with_endpoint
973/// [with_credentials()]: super::builder::key_management_service::ClientBuilder::credentials
974/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
975/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
976///
977/// # Pooling and Cloning
978///
979/// `KeyManagementService` holds a connection pool internally, it is advised to
980/// create one and the reuse it. You do not need to wrap `KeyManagementService` in
981/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
982/// already uses an `Arc` internally.
983#[derive(Clone, Debug)]
984pub struct KeyManagementService {
985 inner: std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>,
986}
987
988impl KeyManagementService {
989 /// Returns a builder for [KeyManagementService].
990 ///
991 /// ```
992 /// # async fn sample() -> gax::client_builder::Result<()> {
993 /// # use google_cloud_kms_v1::client::KeyManagementService;
994 /// let client = KeyManagementService::builder().build().await?;
995 /// # Ok(()) }
996 /// ```
997 pub fn builder() -> super::builder::key_management_service::ClientBuilder {
998 gax::client_builder::internal::new_builder(
999 super::builder::key_management_service::client::Factory,
1000 )
1001 }
1002
1003 /// Creates a new client from the provided stub.
1004 ///
1005 /// The most common case for calling this function is in tests mocking the
1006 /// client's behavior.
1007 pub fn from_stub<T>(stub: T) -> Self
1008 where
1009 T: super::stub::KeyManagementService + 'static,
1010 {
1011 Self {
1012 inner: std::sync::Arc::new(stub),
1013 }
1014 }
1015
1016 pub(crate) async fn new(
1017 config: gaxi::options::ClientConfig,
1018 ) -> gax::client_builder::Result<Self> {
1019 let inner = Self::build_inner(config).await?;
1020 Ok(Self { inner })
1021 }
1022
1023 async fn build_inner(
1024 conf: gaxi::options::ClientConfig,
1025 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>>
1026 {
1027 if gaxi::options::tracing_enabled(&conf) {
1028 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
1029 }
1030 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
1031 }
1032
1033 async fn build_transport(
1034 conf: gaxi::options::ClientConfig,
1035 ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
1036 super::transport::KeyManagementService::new(conf).await
1037 }
1038
1039 async fn build_with_tracing(
1040 conf: gaxi::options::ClientConfig,
1041 ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
1042 Self::build_transport(conf)
1043 .await
1044 .map(super::tracing::KeyManagementService::new)
1045 }
1046
1047 /// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
1048 ///
1049 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1050 pub fn list_key_rings(&self) -> super::builder::key_management_service::ListKeyRings {
1051 super::builder::key_management_service::ListKeyRings::new(self.inner.clone())
1052 }
1053
1054 /// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
1055 ///
1056 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1057 pub fn list_crypto_keys(&self) -> super::builder::key_management_service::ListCryptoKeys {
1058 super::builder::key_management_service::ListCryptoKeys::new(self.inner.clone())
1059 }
1060
1061 /// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
1062 ///
1063 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1064 pub fn list_crypto_key_versions(
1065 &self,
1066 ) -> super::builder::key_management_service::ListCryptoKeyVersions {
1067 super::builder::key_management_service::ListCryptoKeyVersions::new(self.inner.clone())
1068 }
1069
1070 /// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
1071 ///
1072 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1073 pub fn list_import_jobs(&self) -> super::builder::key_management_service::ListImportJobs {
1074 super::builder::key_management_service::ListImportJobs::new(self.inner.clone())
1075 }
1076
1077 /// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
1078 ///
1079 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1080 pub fn get_key_ring(&self) -> super::builder::key_management_service::GetKeyRing {
1081 super::builder::key_management_service::GetKeyRing::new(self.inner.clone())
1082 }
1083
1084 /// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
1085 /// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
1086 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1087 ///
1088 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1089 /// [google.cloud.kms.v1.CryptoKey.primary]: crate::model::CryptoKey::primary
1090 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1091 pub fn get_crypto_key(&self) -> super::builder::key_management_service::GetCryptoKey {
1092 super::builder::key_management_service::GetCryptoKey::new(self.inner.clone())
1093 }
1094
1095 /// Returns metadata for a given
1096 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1097 ///
1098 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1099 pub fn get_crypto_key_version(
1100 &self,
1101 ) -> super::builder::key_management_service::GetCryptoKeyVersion {
1102 super::builder::key_management_service::GetCryptoKeyVersion::new(self.inner.clone())
1103 }
1104
1105 /// Returns the public key for the given
1106 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
1107 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1108 /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
1109 /// or
1110 /// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
1111 ///
1112 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricDecrypt
1113 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricSign
1114 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1115 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1116 pub fn get_public_key(&self) -> super::builder::key_management_service::GetPublicKey {
1117 super::builder::key_management_service::GetPublicKey::new(self.inner.clone())
1118 }
1119
1120 /// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
1121 ///
1122 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1123 pub fn get_import_job(&self) -> super::builder::key_management_service::GetImportJob {
1124 super::builder::key_management_service::GetImportJob::new(self.inner.clone())
1125 }
1126
1127 /// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
1128 /// Location.
1129 ///
1130 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1131 pub fn create_key_ring(&self) -> super::builder::key_management_service::CreateKeyRing {
1132 super::builder::key_management_service::CreateKeyRing::new(self.inner.clone())
1133 }
1134
1135 /// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
1136 /// [KeyRing][google.cloud.kms.v1.KeyRing].
1137 ///
1138 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
1139 /// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
1140 /// are required.
1141 ///
1142 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1143 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1144 /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]: crate::model::CryptoKeyVersionTemplate::algorithm
1145 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1146 pub fn create_crypto_key(&self) -> super::builder::key_management_service::CreateCryptoKey {
1147 super::builder::key_management_service::CreateCryptoKey::new(self.inner.clone())
1148 }
1149
1150 /// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
1151 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
1152 ///
1153 /// The server will assign the next sequential id. If unset,
1154 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
1155 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
1156 ///
1157 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1158 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1159 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
1160 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1161 pub fn create_crypto_key_version(
1162 &self,
1163 ) -> super::builder::key_management_service::CreateCryptoKeyVersion {
1164 super::builder::key_management_service::CreateCryptoKeyVersion::new(self.inner.clone())
1165 }
1166
1167 /// Import wrapped key material into a
1168 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1169 ///
1170 /// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
1171 /// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
1172 /// specified in the request, key material will be reimported into that
1173 /// version. Otherwise, a new version will be created, and will be assigned the
1174 /// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
1175 ///
1176 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1177 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1178 pub fn import_crypto_key_version(
1179 &self,
1180 ) -> super::builder::key_management_service::ImportCryptoKeyVersion {
1181 super::builder::key_management_service::ImportCryptoKeyVersion::new(self.inner.clone())
1182 }
1183
1184 /// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
1185 /// [KeyRing][google.cloud.kms.v1.KeyRing].
1186 ///
1187 /// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
1188 /// required.
1189 ///
1190 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1191 /// [google.cloud.kms.v1.ImportJob.import_method]: crate::model::ImportJob::import_method
1192 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1193 pub fn create_import_job(&self) -> super::builder::key_management_service::CreateImportJob {
1194 super::builder::key_management_service::CreateImportJob::new(self.inner.clone())
1195 }
1196
1197 /// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
1198 ///
1199 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1200 pub fn update_crypto_key(&self) -> super::builder::key_management_service::UpdateCryptoKey {
1201 super::builder::key_management_service::UpdateCryptoKey::new(self.inner.clone())
1202 }
1203
1204 /// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
1205 /// metadata.
1206 ///
1207 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
1208 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
1209 /// and
1210 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
1211 /// using this method. See
1212 /// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
1213 /// and
1214 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
1215 /// to move between other states.
1216 ///
1217 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1218 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
1219 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
1220 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1221 /// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
1222 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
1223 pub fn update_crypto_key_version(
1224 &self,
1225 ) -> super::builder::key_management_service::UpdateCryptoKeyVersion {
1226 super::builder::key_management_service::UpdateCryptoKeyVersion::new(self.inner.clone())
1227 }
1228
1229 /// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
1230 /// will be used in
1231 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
1232 ///
1233 /// Returns an error if called on a key whose purpose is not
1234 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1235 ///
1236 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1237 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1238 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1239 pub fn update_crypto_key_primary_version(
1240 &self,
1241 ) -> super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion {
1242 super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion::new(
1243 self.inner.clone(),
1244 )
1245 }
1246
1247 /// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
1248 /// destruction.
1249 ///
1250 /// Upon calling this method,
1251 /// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
1252 /// be set to
1253 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
1254 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
1255 /// be set to the time
1256 /// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
1257 /// in the future. At that time, the
1258 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
1259 /// change to
1260 /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
1261 /// and the key material will be irrevocably destroyed.
1262 ///
1263 /// Before the
1264 /// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
1265 /// reached,
1266 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
1267 /// may be called to reverse the process.
1268 ///
1269 /// [google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]: crate::model::CryptoKey::destroy_scheduled_duration
1270 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1271 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
1272 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
1273 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
1274 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1275 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
1276 pub fn destroy_crypto_key_version(
1277 &self,
1278 ) -> super::builder::key_management_service::DestroyCryptoKeyVersion {
1279 super::builder::key_management_service::DestroyCryptoKeyVersion::new(self.inner.clone())
1280 }
1281
1282 /// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
1283 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
1284 /// state.
1285 ///
1286 /// Upon restoration of the CryptoKeyVersion,
1287 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
1288 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
1289 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
1290 /// be cleared.
1291 ///
1292 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1293 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
1294 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
1295 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
1296 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1297 pub fn restore_crypto_key_version(
1298 &self,
1299 ) -> super::builder::key_management_service::RestoreCryptoKeyVersion {
1300 super::builder::key_management_service::RestoreCryptoKeyVersion::new(self.inner.clone())
1301 }
1302
1303 /// Encrypts data, so that it can only be recovered by a call to
1304 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
1305 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1306 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1307 ///
1308 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1309 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1310 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1311 pub fn encrypt(&self) -> super::builder::key_management_service::Encrypt {
1312 super::builder::key_management_service::Encrypt::new(self.inner.clone())
1313 }
1314
1315 /// Decrypts data that was protected by
1316 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
1317 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1318 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1319 ///
1320 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1321 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1322 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1323 pub fn decrypt(&self) -> super::builder::key_management_service::Decrypt {
1324 super::builder::key_management_service::Decrypt::new(self.inner.clone())
1325 }
1326
1327 /// Encrypts data using portable cryptographic primitives. Most users should
1328 /// choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
1329 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
1330 /// their raw counterparts. The
1331 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1332 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1333 ///
1334 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1335 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1336 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1337 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1338 pub fn raw_encrypt(&self) -> super::builder::key_management_service::RawEncrypt {
1339 super::builder::key_management_service::RawEncrypt::new(self.inner.clone())
1340 }
1341
1342 /// Decrypts data that was originally encrypted using a raw cryptographic
1343 /// mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1344 /// must be
1345 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1346 ///
1347 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1348 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1349 pub fn raw_decrypt(&self) -> super::builder::key_management_service::RawDecrypt {
1350 super::builder::key_management_service::RawDecrypt::new(self.inner.clone())
1351 }
1352
1353 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1354 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1355 /// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
1356 /// key retrieved from
1357 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
1358 ///
1359 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1360 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1361 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1362 pub fn asymmetric_sign(&self) -> super::builder::key_management_service::AsymmetricSign {
1363 super::builder::key_management_service::AsymmetricSign::new(self.inner.clone())
1364 }
1365
1366 /// Decrypts data that was encrypted with a public key retrieved from
1367 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1368 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1369 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1370 /// ASYMMETRIC_DECRYPT.
1371 ///
1372 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1373 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1374 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1375 pub fn asymmetric_decrypt(&self) -> super::builder::key_management_service::AsymmetricDecrypt {
1376 super::builder::key_management_service::AsymmetricDecrypt::new(self.inner.clone())
1377 }
1378
1379 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1380 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
1381 /// producing a tag that can be verified by another source with the same key.
1382 ///
1383 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1384 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1385 pub fn mac_sign(&self) -> super::builder::key_management_service::MacSign {
1386 super::builder::key_management_service::MacSign::new(self.inner.clone())
1387 }
1388
1389 /// Verifies MAC tag using a
1390 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
1391 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
1392 /// a response that indicates whether or not the verification was successful.
1393 ///
1394 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1395 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1396 pub fn mac_verify(&self) -> super::builder::key_management_service::MacVerify {
1397 super::builder::key_management_service::MacVerify::new(self.inner.clone())
1398 }
1399
1400 /// Decapsulates data that was encapsulated with a public key retrieved from
1401 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1402 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1403 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1404 /// KEY_ENCAPSULATION.
1405 ///
1406 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1407 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1408 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1409 pub fn decapsulate(&self) -> super::builder::key_management_service::Decapsulate {
1410 super::builder::key_management_service::Decapsulate::new(self.inner.clone())
1411 }
1412
1413 /// Generate random bytes using the Cloud KMS randomness source in the provided
1414 /// location.
1415 pub fn generate_random_bytes(
1416 &self,
1417 ) -> super::builder::key_management_service::GenerateRandomBytes {
1418 super::builder::key_management_service::GenerateRandomBytes::new(self.inner.clone())
1419 }
1420
1421 /// Lists information about the supported locations for this service.
1422 pub fn list_locations(&self) -> super::builder::key_management_service::ListLocations {
1423 super::builder::key_management_service::ListLocations::new(self.inner.clone())
1424 }
1425
1426 /// Gets information about a location.
1427 pub fn get_location(&self) -> super::builder::key_management_service::GetLocation {
1428 super::builder::key_management_service::GetLocation::new(self.inner.clone())
1429 }
1430
1431 /// Sets the access control policy on the specified resource. Replaces
1432 /// any existing policy.
1433 ///
1434 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
1435 /// errors.
1436 pub fn set_iam_policy(&self) -> super::builder::key_management_service::SetIamPolicy {
1437 super::builder::key_management_service::SetIamPolicy::new(self.inner.clone())
1438 }
1439
1440 /// Gets the access control policy for a resource. Returns an empty policy
1441 /// if the resource exists and does not have a policy set.
1442 pub fn get_iam_policy(&self) -> super::builder::key_management_service::GetIamPolicy {
1443 super::builder::key_management_service::GetIamPolicy::new(self.inner.clone())
1444 }
1445
1446 /// Returns permissions that a caller has on the specified resource. If the
1447 /// resource does not exist, this will return an empty set of
1448 /// permissions, not a `NOT_FOUND` error.
1449 ///
1450 /// Note: This operation is designed to be used for building
1451 /// permission-aware UIs and command-line tools, not for authorization
1452 /// checking. This operation may "fail open" without warning.
1453 pub fn test_iam_permissions(
1454 &self,
1455 ) -> super::builder::key_management_service::TestIamPermissions {
1456 super::builder::key_management_service::TestIamPermissions::new(self.inner.clone())
1457 }
1458
1459 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
1460 ///
1461 /// [google.longrunning.Operations]: longrunning::client::Operations
1462 pub fn get_operation(&self) -> super::builder::key_management_service::GetOperation {
1463 super::builder::key_management_service::GetOperation::new(self.inner.clone())
1464 }
1465}