google_cloud_kms_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Cloud Key Management Service (KMS) API.
20///
21/// # Example
22/// ```
23/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
24/// # use google_cloud_kms_v1::client::Autokey;
25/// let client = Autokey::builder().build().await?;
26/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
27/// # Ok(()) }
28/// ```
29///
30/// # Service Description
31///
32/// Provides interfaces for using [Cloud KMS
33/// Autokey](https://cloud.google.com/kms/help/autokey) to provision new
34/// [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer Managed
35/// Encryption Key (CMEK) use, on-demand. To support certain client tooling, this
36/// feature is modeled around a [KeyHandle][google.cloud.kms.v1.KeyHandle]
37/// resource: creating a [KeyHandle][google.cloud.kms.v1.KeyHandle] in a resource
38/// project and given location triggers Cloud KMS Autokey to provision a
39/// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the configured key project and
40/// the same location.
41///
42/// Prior to use in a given resource project,
43/// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]
44/// should have been called on an ancestor folder, setting the key project where
45/// Cloud KMS Autokey should create new
46/// [CryptoKeys][google.cloud.kms.v1.CryptoKey]. See documentation for additional
47/// prerequisites. To check what key project, if any, is currently configured on
48/// a resource project's ancestor folder, see
49/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
50///
51/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
52/// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
53/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
54/// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
55///
56/// # Configuration
57///
58/// To configure `Autokey` use the `with_*` methods in the type returned
59/// by [builder()][Autokey::builder]. The default configuration should
60/// work for most applications. Common configuration changes include
61///
62/// * [with_endpoint()]: by default this client uses the global default endpoint
63/// (`https://cloudkms.googleapis.com`). Applications using regional
64/// endpoints or running in restricted networks (e.g. a network configured
65// with [Private Google Access with VPC Service Controls]) may want to
66/// override this default.
67/// * [with_credentials()]: by default this client uses
68/// [Application Default Credentials]. Applications using custom
69/// authentication may need to override this default.
70///
71/// [with_endpoint()]: super::builder::autokey::ClientBuilder::with_endpoint
72/// [with_credentials()]: super::builder::autokey::ClientBuilder::credentials
73/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
74/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
75///
76/// # Pooling and Cloning
77///
78/// `Autokey` holds a connection pool internally, it is advised to
79/// create one and the reuse it. You do not need to wrap `Autokey` in
80/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
81/// already uses an `Arc` internally.
82#[derive(Clone, Debug)]
83pub struct Autokey {
84 inner: std::sync::Arc<dyn super::stub::dynamic::Autokey>,
85}
86
87impl Autokey {
88 /// Returns a builder for [Autokey].
89 ///
90 /// ```
91 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
92 /// # use google_cloud_kms_v1::client::Autokey;
93 /// let client = Autokey::builder().build().await?;
94 /// # Ok(()) }
95 /// ```
96 pub fn builder() -> super::builder::autokey::ClientBuilder {
97 crate::new_client_builder(super::builder::autokey::client::Factory)
98 }
99
100 /// Creates a new client from the provided stub.
101 ///
102 /// The most common case for calling this function is in tests mocking the
103 /// client's behavior.
104 pub fn from_stub<T>(stub: T) -> Self
105 where
106 T: super::stub::Autokey + 'static,
107 {
108 Self {
109 inner: std::sync::Arc::new(stub),
110 }
111 }
112
113 pub(crate) async fn new(
114 config: gaxi::options::ClientConfig,
115 ) -> crate::ClientBuilderResult<Self> {
116 let inner = Self::build_inner(config).await?;
117 Ok(Self { inner })
118 }
119
120 async fn build_inner(
121 conf: gaxi::options::ClientConfig,
122 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::Autokey>> {
123 if gaxi::options::tracing_enabled(&conf) {
124 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
125 }
126 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
127 }
128
129 async fn build_transport(
130 conf: gaxi::options::ClientConfig,
131 ) -> crate::ClientBuilderResult<impl super::stub::Autokey> {
132 super::transport::Autokey::new(conf).await
133 }
134
135 async fn build_with_tracing(
136 conf: gaxi::options::ClientConfig,
137 ) -> crate::ClientBuilderResult<impl super::stub::Autokey> {
138 Self::build_transport(conf)
139 .await
140 .map(super::tracing::Autokey::new)
141 }
142
143 /// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
144 /// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
145 /// use with the given resource type in the configured key project and the same
146 /// location. [GetOperation][google.longrunning.Operations.GetOperation] should
147 /// be used to resolve the resulting long-running operation and get the
148 /// resulting [KeyHandle][google.cloud.kms.v1.KeyHandle] and
149 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
150 ///
151 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
152 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
153 ///
154 /// # Long running operations
155 ///
156 /// This method is used to start, and/or poll a [long-running Operation].
157 /// The [Working with long-running operations] chapter in the [user guide]
158 /// covers these operations in detail.
159 ///
160 /// [long-running operation]: https://google.aip.dev/151
161 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
162 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
163 pub fn create_key_handle(&self) -> super::builder::autokey::CreateKeyHandle {
164 super::builder::autokey::CreateKeyHandle::new(self.inner.clone())
165 }
166
167 /// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
168 ///
169 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
170 pub fn get_key_handle(&self) -> super::builder::autokey::GetKeyHandle {
171 super::builder::autokey::GetKeyHandle::new(self.inner.clone())
172 }
173
174 /// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
175 ///
176 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
177 pub fn list_key_handles(&self) -> super::builder::autokey::ListKeyHandles {
178 super::builder::autokey::ListKeyHandles::new(self.inner.clone())
179 }
180
181 /// Lists information about the supported locations for this service.
182 pub fn list_locations(&self) -> super::builder::autokey::ListLocations {
183 super::builder::autokey::ListLocations::new(self.inner.clone())
184 }
185
186 /// Gets information about a location.
187 pub fn get_location(&self) -> super::builder::autokey::GetLocation {
188 super::builder::autokey::GetLocation::new(self.inner.clone())
189 }
190
191 /// Sets the access control policy on the specified resource. Replaces
192 /// any existing policy.
193 ///
194 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
195 /// errors.
196 pub fn set_iam_policy(&self) -> super::builder::autokey::SetIamPolicy {
197 super::builder::autokey::SetIamPolicy::new(self.inner.clone())
198 }
199
200 /// Gets the access control policy for a resource. Returns an empty policy
201 /// if the resource exists and does not have a policy set.
202 pub fn get_iam_policy(&self) -> super::builder::autokey::GetIamPolicy {
203 super::builder::autokey::GetIamPolicy::new(self.inner.clone())
204 }
205
206 /// Returns permissions that a caller has on the specified resource. If the
207 /// resource does not exist, this will return an empty set of
208 /// permissions, not a `NOT_FOUND` error.
209 ///
210 /// Note: This operation is designed to be used for building
211 /// permission-aware UIs and command-line tools, not for authorization
212 /// checking. This operation may "fail open" without warning.
213 pub fn test_iam_permissions(&self) -> super::builder::autokey::TestIamPermissions {
214 super::builder::autokey::TestIamPermissions::new(self.inner.clone())
215 }
216
217 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
218 ///
219 /// [google.longrunning.Operations]: google-cloud-longrunning::client::Operations
220 pub fn get_operation(&self) -> super::builder::autokey::GetOperation {
221 super::builder::autokey::GetOperation::new(self.inner.clone())
222 }
223}
224
225/// Implements a client for the Cloud Key Management Service (KMS) API.
226///
227/// # Example
228/// ```
229/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
230/// # use google_cloud_kms_v1::client::AutokeyAdmin;
231/// let client = AutokeyAdmin::builder().build().await?;
232/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
233/// # Ok(()) }
234/// ```
235///
236/// # Service Description
237///
238/// Provides interfaces for managing [Cloud KMS
239/// Autokey](https://cloud.google.com/kms/help/autokey) folder-level
240/// configurations. A configuration is inherited by all descendent projects. A
241/// configuration at one folder overrides any other configurations in its
242/// ancestry. Setting a configuration on a folder is a prerequisite for Cloud KMS
243/// Autokey, so that users working in a descendant project can request
244/// provisioned [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer
245/// Managed Encryption Key (CMEK) use, on-demand.
246///
247/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
248///
249/// # Configuration
250///
251/// To configure `AutokeyAdmin` use the `with_*` methods in the type returned
252/// by [builder()][AutokeyAdmin::builder]. The default configuration should
253/// work for most applications. Common configuration changes include
254///
255/// * [with_endpoint()]: by default this client uses the global default endpoint
256/// (`https://cloudkms.googleapis.com`). Applications using regional
257/// endpoints or running in restricted networks (e.g. a network configured
258// with [Private Google Access with VPC Service Controls]) may want to
259/// override this default.
260/// * [with_credentials()]: by default this client uses
261/// [Application Default Credentials]. Applications using custom
262/// authentication may need to override this default.
263///
264/// [with_endpoint()]: super::builder::autokey_admin::ClientBuilder::with_endpoint
265/// [with_credentials()]: super::builder::autokey_admin::ClientBuilder::credentials
266/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
267/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
268///
269/// # Pooling and Cloning
270///
271/// `AutokeyAdmin` holds a connection pool internally, it is advised to
272/// create one and the reuse it. You do not need to wrap `AutokeyAdmin` in
273/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
274/// already uses an `Arc` internally.
275#[derive(Clone, Debug)]
276pub struct AutokeyAdmin {
277 inner: std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>,
278}
279
280impl AutokeyAdmin {
281 /// Returns a builder for [AutokeyAdmin].
282 ///
283 /// ```
284 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
285 /// # use google_cloud_kms_v1::client::AutokeyAdmin;
286 /// let client = AutokeyAdmin::builder().build().await?;
287 /// # Ok(()) }
288 /// ```
289 pub fn builder() -> super::builder::autokey_admin::ClientBuilder {
290 crate::new_client_builder(super::builder::autokey_admin::client::Factory)
291 }
292
293 /// Creates a new client from the provided stub.
294 ///
295 /// The most common case for calling this function is in tests mocking the
296 /// client's behavior.
297 pub fn from_stub<T>(stub: T) -> Self
298 where
299 T: super::stub::AutokeyAdmin + 'static,
300 {
301 Self {
302 inner: std::sync::Arc::new(stub),
303 }
304 }
305
306 pub(crate) async fn new(
307 config: gaxi::options::ClientConfig,
308 ) -> crate::ClientBuilderResult<Self> {
309 let inner = Self::build_inner(config).await?;
310 Ok(Self { inner })
311 }
312
313 async fn build_inner(
314 conf: gaxi::options::ClientConfig,
315 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>> {
316 if gaxi::options::tracing_enabled(&conf) {
317 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
318 }
319 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
320 }
321
322 async fn build_transport(
323 conf: gaxi::options::ClientConfig,
324 ) -> crate::ClientBuilderResult<impl super::stub::AutokeyAdmin> {
325 super::transport::AutokeyAdmin::new(conf).await
326 }
327
328 async fn build_with_tracing(
329 conf: gaxi::options::ClientConfig,
330 ) -> crate::ClientBuilderResult<impl super::stub::AutokeyAdmin> {
331 Self::build_transport(conf)
332 .await
333 .map(super::tracing::AutokeyAdmin::new)
334 }
335
336 /// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
337 /// folder. The caller must have both `cloudkms.autokeyConfigs.update`
338 /// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
339 /// permission on the provided key project. A
340 /// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
341 /// descendant projects will use this configuration to determine where to
342 /// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
343 ///
344 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
345 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
346 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
347 pub fn update_autokey_config(&self) -> super::builder::autokey_admin::UpdateAutokeyConfig {
348 super::builder::autokey_admin::UpdateAutokeyConfig::new(self.inner.clone())
349 }
350
351 /// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
352 /// folder.
353 ///
354 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
355 pub fn get_autokey_config(&self) -> super::builder::autokey_admin::GetAutokeyConfig {
356 super::builder::autokey_admin::GetAutokeyConfig::new(self.inner.clone())
357 }
358
359 /// Returns the effective Cloud KMS Autokey configuration for a given project.
360 pub fn show_effective_autokey_config(
361 &self,
362 ) -> super::builder::autokey_admin::ShowEffectiveAutokeyConfig {
363 super::builder::autokey_admin::ShowEffectiveAutokeyConfig::new(self.inner.clone())
364 }
365
366 /// Lists information about the supported locations for this service.
367 pub fn list_locations(&self) -> super::builder::autokey_admin::ListLocations {
368 super::builder::autokey_admin::ListLocations::new(self.inner.clone())
369 }
370
371 /// Gets information about a location.
372 pub fn get_location(&self) -> super::builder::autokey_admin::GetLocation {
373 super::builder::autokey_admin::GetLocation::new(self.inner.clone())
374 }
375
376 /// Sets the access control policy on the specified resource. Replaces
377 /// any existing policy.
378 ///
379 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
380 /// errors.
381 pub fn set_iam_policy(&self) -> super::builder::autokey_admin::SetIamPolicy {
382 super::builder::autokey_admin::SetIamPolicy::new(self.inner.clone())
383 }
384
385 /// Gets the access control policy for a resource. Returns an empty policy
386 /// if the resource exists and does not have a policy set.
387 pub fn get_iam_policy(&self) -> super::builder::autokey_admin::GetIamPolicy {
388 super::builder::autokey_admin::GetIamPolicy::new(self.inner.clone())
389 }
390
391 /// Returns permissions that a caller has on the specified resource. If the
392 /// resource does not exist, this will return an empty set of
393 /// permissions, not a `NOT_FOUND` error.
394 ///
395 /// Note: This operation is designed to be used for building
396 /// permission-aware UIs and command-line tools, not for authorization
397 /// checking. This operation may "fail open" without warning.
398 pub fn test_iam_permissions(&self) -> super::builder::autokey_admin::TestIamPermissions {
399 super::builder::autokey_admin::TestIamPermissions::new(self.inner.clone())
400 }
401
402 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
403 ///
404 /// [google.longrunning.Operations]: google-cloud-longrunning::client::Operations
405 pub fn get_operation(&self) -> super::builder::autokey_admin::GetOperation {
406 super::builder::autokey_admin::GetOperation::new(self.inner.clone())
407 }
408}
409
410/// Implements a client for the Cloud Key Management Service (KMS) API.
411///
412/// # Example
413/// ```
414/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
415/// # use google_cloud_kms_v1::client::EkmService;
416/// let client = EkmService::builder().build().await?;
417/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
418/// # Ok(()) }
419/// ```
420///
421/// # Service Description
422///
423/// Google Cloud Key Management EKM Service
424///
425/// Manages external cryptographic keys and operations using those keys.
426/// Implements a REST model with the following objects:
427///
428/// * [EkmConnection][google.cloud.kms.v1.EkmConnection]
429///
430/// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
431///
432/// # Configuration
433///
434/// To configure `EkmService` use the `with_*` methods in the type returned
435/// by [builder()][EkmService::builder]. The default configuration should
436/// work for most applications. Common configuration changes include
437///
438/// * [with_endpoint()]: by default this client uses the global default endpoint
439/// (`https://cloudkms.googleapis.com`). Applications using regional
440/// endpoints or running in restricted networks (e.g. a network configured
441// with [Private Google Access with VPC Service Controls]) may want to
442/// override this default.
443/// * [with_credentials()]: by default this client uses
444/// [Application Default Credentials]. Applications using custom
445/// authentication may need to override this default.
446///
447/// [with_endpoint()]: super::builder::ekm_service::ClientBuilder::with_endpoint
448/// [with_credentials()]: super::builder::ekm_service::ClientBuilder::credentials
449/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
450/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
451///
452/// # Pooling and Cloning
453///
454/// `EkmService` holds a connection pool internally, it is advised to
455/// create one and the reuse it. You do not need to wrap `EkmService` in
456/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
457/// already uses an `Arc` internally.
458#[derive(Clone, Debug)]
459pub struct EkmService {
460 inner: std::sync::Arc<dyn super::stub::dynamic::EkmService>,
461}
462
463impl EkmService {
464 /// Returns a builder for [EkmService].
465 ///
466 /// ```
467 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
468 /// # use google_cloud_kms_v1::client::EkmService;
469 /// let client = EkmService::builder().build().await?;
470 /// # Ok(()) }
471 /// ```
472 pub fn builder() -> super::builder::ekm_service::ClientBuilder {
473 crate::new_client_builder(super::builder::ekm_service::client::Factory)
474 }
475
476 /// Creates a new client from the provided stub.
477 ///
478 /// The most common case for calling this function is in tests mocking the
479 /// client's behavior.
480 pub fn from_stub<T>(stub: T) -> Self
481 where
482 T: super::stub::EkmService + 'static,
483 {
484 Self {
485 inner: std::sync::Arc::new(stub),
486 }
487 }
488
489 pub(crate) async fn new(
490 config: gaxi::options::ClientConfig,
491 ) -> crate::ClientBuilderResult<Self> {
492 let inner = Self::build_inner(config).await?;
493 Ok(Self { inner })
494 }
495
496 async fn build_inner(
497 conf: gaxi::options::ClientConfig,
498 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::EkmService>> {
499 if gaxi::options::tracing_enabled(&conf) {
500 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
501 }
502 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
503 }
504
505 async fn build_transport(
506 conf: gaxi::options::ClientConfig,
507 ) -> crate::ClientBuilderResult<impl super::stub::EkmService> {
508 super::transport::EkmService::new(conf).await
509 }
510
511 async fn build_with_tracing(
512 conf: gaxi::options::ClientConfig,
513 ) -> crate::ClientBuilderResult<impl super::stub::EkmService> {
514 Self::build_transport(conf)
515 .await
516 .map(super::tracing::EkmService::new)
517 }
518
519 /// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
520 ///
521 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
522 pub fn list_ekm_connections(&self) -> super::builder::ekm_service::ListEkmConnections {
523 super::builder::ekm_service::ListEkmConnections::new(self.inner.clone())
524 }
525
526 /// Returns metadata for a given
527 /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
528 ///
529 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
530 pub fn get_ekm_connection(&self) -> super::builder::ekm_service::GetEkmConnection {
531 super::builder::ekm_service::GetEkmConnection::new(self.inner.clone())
532 }
533
534 /// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
535 /// Project and Location.
536 ///
537 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
538 pub fn create_ekm_connection(&self) -> super::builder::ekm_service::CreateEkmConnection {
539 super::builder::ekm_service::CreateEkmConnection::new(self.inner.clone())
540 }
541
542 /// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
543 ///
544 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
545 pub fn update_ekm_connection(&self) -> super::builder::ekm_service::UpdateEkmConnection {
546 super::builder::ekm_service::UpdateEkmConnection::new(self.inner.clone())
547 }
548
549 /// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
550 /// for a given project and location.
551 ///
552 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
553 pub fn get_ekm_config(&self) -> super::builder::ekm_service::GetEkmConfig {
554 super::builder::ekm_service::GetEkmConfig::new(self.inner.clone())
555 }
556
557 /// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
558 /// for a given project and location.
559 ///
560 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
561 pub fn update_ekm_config(&self) -> super::builder::ekm_service::UpdateEkmConfig {
562 super::builder::ekm_service::UpdateEkmConfig::new(self.inner.clone())
563 }
564
565 /// Verifies that Cloud KMS can successfully connect to the external key
566 /// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
567 /// If there is an error connecting to the EKM, this method returns a
568 /// FAILED_PRECONDITION status containing structured information as described
569 /// at <https://cloud.google.com/kms/docs/reference/ekm_errors>.
570 ///
571 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
572 pub fn verify_connectivity(&self) -> super::builder::ekm_service::VerifyConnectivity {
573 super::builder::ekm_service::VerifyConnectivity::new(self.inner.clone())
574 }
575
576 /// Lists information about the supported locations for this service.
577 pub fn list_locations(&self) -> super::builder::ekm_service::ListLocations {
578 super::builder::ekm_service::ListLocations::new(self.inner.clone())
579 }
580
581 /// Gets information about a location.
582 pub fn get_location(&self) -> super::builder::ekm_service::GetLocation {
583 super::builder::ekm_service::GetLocation::new(self.inner.clone())
584 }
585
586 /// Sets the access control policy on the specified resource. Replaces
587 /// any existing policy.
588 ///
589 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
590 /// errors.
591 pub fn set_iam_policy(&self) -> super::builder::ekm_service::SetIamPolicy {
592 super::builder::ekm_service::SetIamPolicy::new(self.inner.clone())
593 }
594
595 /// Gets the access control policy for a resource. Returns an empty policy
596 /// if the resource exists and does not have a policy set.
597 pub fn get_iam_policy(&self) -> super::builder::ekm_service::GetIamPolicy {
598 super::builder::ekm_service::GetIamPolicy::new(self.inner.clone())
599 }
600
601 /// Returns permissions that a caller has on the specified resource. If the
602 /// resource does not exist, this will return an empty set of
603 /// permissions, not a `NOT_FOUND` error.
604 ///
605 /// Note: This operation is designed to be used for building
606 /// permission-aware UIs and command-line tools, not for authorization
607 /// checking. This operation may "fail open" without warning.
608 pub fn test_iam_permissions(&self) -> super::builder::ekm_service::TestIamPermissions {
609 super::builder::ekm_service::TestIamPermissions::new(self.inner.clone())
610 }
611
612 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
613 ///
614 /// [google.longrunning.Operations]: google-cloud-longrunning::client::Operations
615 pub fn get_operation(&self) -> super::builder::ekm_service::GetOperation {
616 super::builder::ekm_service::GetOperation::new(self.inner.clone())
617 }
618}
619
620/// Implements a client for the Cloud Key Management Service (KMS) API.
621///
622/// # Example
623/// ```
624/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
625/// # use google_cloud_kms_v1::client::HsmManagement;
626/// let client = HsmManagement::builder().build().await?;
627/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
628/// # Ok(()) }
629/// ```
630///
631/// # Service Description
632///
633/// Google Cloud HSM Management Service
634///
635/// Provides interfaces for managing HSM instances.
636///
637/// Implements a REST model with the following objects:
638///
639/// * [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]
640/// * [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
641///
642/// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
643/// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
644///
645/// # Configuration
646///
647/// To configure `HsmManagement` use the `with_*` methods in the type returned
648/// by [builder()][HsmManagement::builder]. The default configuration should
649/// work for most applications. Common configuration changes include
650///
651/// * [with_endpoint()]: by default this client uses the global default endpoint
652/// (`https://cloudkms.googleapis.com`). Applications using regional
653/// endpoints or running in restricted networks (e.g. a network configured
654// with [Private Google Access with VPC Service Controls]) may want to
655/// override this default.
656/// * [with_credentials()]: by default this client uses
657/// [Application Default Credentials]. Applications using custom
658/// authentication may need to override this default.
659///
660/// [with_endpoint()]: super::builder::hsm_management::ClientBuilder::with_endpoint
661/// [with_credentials()]: super::builder::hsm_management::ClientBuilder::credentials
662/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
663/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
664///
665/// # Pooling and Cloning
666///
667/// `HsmManagement` holds a connection pool internally, it is advised to
668/// create one and the reuse it. You do not need to wrap `HsmManagement` in
669/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
670/// already uses an `Arc` internally.
671#[derive(Clone, Debug)]
672pub struct HsmManagement {
673 inner: std::sync::Arc<dyn super::stub::dynamic::HsmManagement>,
674}
675
676impl HsmManagement {
677 /// Returns a builder for [HsmManagement].
678 ///
679 /// ```
680 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
681 /// # use google_cloud_kms_v1::client::HsmManagement;
682 /// let client = HsmManagement::builder().build().await?;
683 /// # Ok(()) }
684 /// ```
685 pub fn builder() -> super::builder::hsm_management::ClientBuilder {
686 crate::new_client_builder(super::builder::hsm_management::client::Factory)
687 }
688
689 /// Creates a new client from the provided stub.
690 ///
691 /// The most common case for calling this function is in tests mocking the
692 /// client's behavior.
693 pub fn from_stub<T>(stub: T) -> Self
694 where
695 T: super::stub::HsmManagement + 'static,
696 {
697 Self {
698 inner: std::sync::Arc::new(stub),
699 }
700 }
701
702 pub(crate) async fn new(
703 config: gaxi::options::ClientConfig,
704 ) -> crate::ClientBuilderResult<Self> {
705 let inner = Self::build_inner(config).await?;
706 Ok(Self { inner })
707 }
708
709 async fn build_inner(
710 conf: gaxi::options::ClientConfig,
711 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::HsmManagement>> {
712 if gaxi::options::tracing_enabled(&conf) {
713 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
714 }
715 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
716 }
717
718 async fn build_transport(
719 conf: gaxi::options::ClientConfig,
720 ) -> crate::ClientBuilderResult<impl super::stub::HsmManagement> {
721 super::transport::HsmManagement::new(conf).await
722 }
723
724 async fn build_with_tracing(
725 conf: gaxi::options::ClientConfig,
726 ) -> crate::ClientBuilderResult<impl super::stub::HsmManagement> {
727 Self::build_transport(conf)
728 .await
729 .map(super::tracing::HsmManagement::new)
730 }
731
732 /// Lists
733 /// [SingleTenantHsmInstances][google.cloud.kms.v1.SingleTenantHsmInstance].
734 ///
735 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
736 pub fn list_single_tenant_hsm_instances(
737 &self,
738 ) -> super::builder::hsm_management::ListSingleTenantHsmInstances {
739 super::builder::hsm_management::ListSingleTenantHsmInstances::new(self.inner.clone())
740 }
741
742 /// Returns metadata for a given
743 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance].
744 ///
745 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
746 pub fn get_single_tenant_hsm_instance(
747 &self,
748 ) -> super::builder::hsm_management::GetSingleTenantHsmInstance {
749 super::builder::hsm_management::GetSingleTenantHsmInstance::new(self.inner.clone())
750 }
751
752 /// Creates a new
753 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance] in a
754 /// given Project and Location. User must create a RegisterTwoFactorAuthKeys
755 /// proposal with this single-tenant HSM instance to finish setup of the
756 /// instance.
757 ///
758 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
759 ///
760 /// # Long running operations
761 ///
762 /// This method is used to start, and/or poll a [long-running Operation].
763 /// The [Working with long-running operations] chapter in the [user guide]
764 /// covers these operations in detail.
765 ///
766 /// [long-running operation]: https://google.aip.dev/151
767 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
768 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
769 pub fn create_single_tenant_hsm_instance(
770 &self,
771 ) -> super::builder::hsm_management::CreateSingleTenantHsmInstance {
772 super::builder::hsm_management::CreateSingleTenantHsmInstance::new(self.inner.clone())
773 }
774
775 /// Creates a new
776 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
777 /// for a given
778 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance].
779 ///
780 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
781 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
782 ///
783 /// # Long running operations
784 ///
785 /// This method is used to start, and/or poll a [long-running Operation].
786 /// The [Working with long-running operations] chapter in the [user guide]
787 /// covers these operations in detail.
788 ///
789 /// [long-running operation]: https://google.aip.dev/151
790 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
791 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
792 pub fn create_single_tenant_hsm_instance_proposal(
793 &self,
794 ) -> super::builder::hsm_management::CreateSingleTenantHsmInstanceProposal {
795 super::builder::hsm_management::CreateSingleTenantHsmInstanceProposal::new(
796 self.inner.clone(),
797 )
798 }
799
800 /// Approves a
801 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
802 /// for a given
803 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]. The
804 /// proposal must be in the
805 /// [PENDING][google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.PENDING]
806 /// state.
807 ///
808 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
809 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
810 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.PENDING]: crate::model::single_tenant_hsm_instance_proposal::State::Pending
811 pub fn approve_single_tenant_hsm_instance_proposal(
812 &self,
813 ) -> super::builder::hsm_management::ApproveSingleTenantHsmInstanceProposal {
814 super::builder::hsm_management::ApproveSingleTenantHsmInstanceProposal::new(
815 self.inner.clone(),
816 )
817 }
818
819 /// Executes a
820 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal]
821 /// for a given
822 /// [SingleTenantHsmInstance][google.cloud.kms.v1.SingleTenantHsmInstance]. The
823 /// proposal must be in the
824 /// [APPROVED][google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.APPROVED]
825 /// state.
826 ///
827 /// [google.cloud.kms.v1.SingleTenantHsmInstance]: crate::model::SingleTenantHsmInstance
828 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
829 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal.State.APPROVED]: crate::model::single_tenant_hsm_instance_proposal::State::Approved
830 ///
831 /// # Long running operations
832 ///
833 /// This method is used to start, and/or poll a [long-running Operation].
834 /// The [Working with long-running operations] chapter in the [user guide]
835 /// covers these operations in detail.
836 ///
837 /// [long-running operation]: https://google.aip.dev/151
838 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
839 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
840 pub fn execute_single_tenant_hsm_instance_proposal(
841 &self,
842 ) -> super::builder::hsm_management::ExecuteSingleTenantHsmInstanceProposal {
843 super::builder::hsm_management::ExecuteSingleTenantHsmInstanceProposal::new(
844 self.inner.clone(),
845 )
846 }
847
848 /// Returns metadata for a given
849 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
850 ///
851 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
852 pub fn get_single_tenant_hsm_instance_proposal(
853 &self,
854 ) -> super::builder::hsm_management::GetSingleTenantHsmInstanceProposal {
855 super::builder::hsm_management::GetSingleTenantHsmInstanceProposal::new(self.inner.clone())
856 }
857
858 /// Lists
859 /// [SingleTenantHsmInstanceProposals][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
860 ///
861 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
862 pub fn list_single_tenant_hsm_instance_proposals(
863 &self,
864 ) -> super::builder::hsm_management::ListSingleTenantHsmInstanceProposals {
865 super::builder::hsm_management::ListSingleTenantHsmInstanceProposals::new(
866 self.inner.clone(),
867 )
868 }
869
870 /// Deletes a
871 /// [SingleTenantHsmInstanceProposal][google.cloud.kms.v1.SingleTenantHsmInstanceProposal].
872 ///
873 /// [google.cloud.kms.v1.SingleTenantHsmInstanceProposal]: crate::model::SingleTenantHsmInstanceProposal
874 pub fn delete_single_tenant_hsm_instance_proposal(
875 &self,
876 ) -> super::builder::hsm_management::DeleteSingleTenantHsmInstanceProposal {
877 super::builder::hsm_management::DeleteSingleTenantHsmInstanceProposal::new(
878 self.inner.clone(),
879 )
880 }
881
882 /// Lists information about the supported locations for this service.
883 pub fn list_locations(&self) -> super::builder::hsm_management::ListLocations {
884 super::builder::hsm_management::ListLocations::new(self.inner.clone())
885 }
886
887 /// Gets information about a location.
888 pub fn get_location(&self) -> super::builder::hsm_management::GetLocation {
889 super::builder::hsm_management::GetLocation::new(self.inner.clone())
890 }
891
892 /// Sets the access control policy on the specified resource. Replaces
893 /// any existing policy.
894 ///
895 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
896 /// errors.
897 pub fn set_iam_policy(&self) -> super::builder::hsm_management::SetIamPolicy {
898 super::builder::hsm_management::SetIamPolicy::new(self.inner.clone())
899 }
900
901 /// Gets the access control policy for a resource. Returns an empty policy
902 /// if the resource exists and does not have a policy set.
903 pub fn get_iam_policy(&self) -> super::builder::hsm_management::GetIamPolicy {
904 super::builder::hsm_management::GetIamPolicy::new(self.inner.clone())
905 }
906
907 /// Returns permissions that a caller has on the specified resource. If the
908 /// resource does not exist, this will return an empty set of
909 /// permissions, not a `NOT_FOUND` error.
910 ///
911 /// Note: This operation is designed to be used for building
912 /// permission-aware UIs and command-line tools, not for authorization
913 /// checking. This operation may "fail open" without warning.
914 pub fn test_iam_permissions(&self) -> super::builder::hsm_management::TestIamPermissions {
915 super::builder::hsm_management::TestIamPermissions::new(self.inner.clone())
916 }
917
918 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
919 ///
920 /// [google.longrunning.Operations]: google-cloud-longrunning::client::Operations
921 pub fn get_operation(&self) -> super::builder::hsm_management::GetOperation {
922 super::builder::hsm_management::GetOperation::new(self.inner.clone())
923 }
924}
925
926/// Implements a client for the Cloud Key Management Service (KMS) API.
927///
928/// # Example
929/// ```
930/// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
931/// # use google_cloud_kms_v1::client::KeyManagementService;
932/// let client = KeyManagementService::builder().build().await?;
933/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
934/// # Ok(()) }
935/// ```
936///
937/// # Service Description
938///
939/// Google Cloud Key Management Service
940///
941/// Manages cryptographic keys and operations using those keys. Implements a REST
942/// model with the following objects:
943///
944/// * [KeyRing][google.cloud.kms.v1.KeyRing]
945/// * [CryptoKey][google.cloud.kms.v1.CryptoKey]
946/// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
947/// * [ImportJob][google.cloud.kms.v1.ImportJob]
948///
949/// If you are using manual gRPC libraries, see
950/// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
951///
952/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
953/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
954/// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
955/// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
956///
957/// # Configuration
958///
959/// To configure `KeyManagementService` use the `with_*` methods in the type returned
960/// by [builder()][KeyManagementService::builder]. The default configuration should
961/// work for most applications. Common configuration changes include
962///
963/// * [with_endpoint()]: by default this client uses the global default endpoint
964/// (`https://cloudkms.googleapis.com`). Applications using regional
965/// endpoints or running in restricted networks (e.g. a network configured
966// with [Private Google Access with VPC Service Controls]) may want to
967/// override this default.
968/// * [with_credentials()]: by default this client uses
969/// [Application Default Credentials]. Applications using custom
970/// authentication may need to override this default.
971///
972/// [with_endpoint()]: super::builder::key_management_service::ClientBuilder::with_endpoint
973/// [with_credentials()]: super::builder::key_management_service::ClientBuilder::credentials
974/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
975/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
976///
977/// # Pooling and Cloning
978///
979/// `KeyManagementService` holds a connection pool internally, it is advised to
980/// create one and the reuse it. You do not need to wrap `KeyManagementService` in
981/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
982/// already uses an `Arc` internally.
983#[derive(Clone, Debug)]
984pub struct KeyManagementService {
985 inner: std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>,
986}
987
988impl KeyManagementService {
989 /// Returns a builder for [KeyManagementService].
990 ///
991 /// ```
992 /// # async fn sample() -> google_cloud_gax::client_builder::Result<()> {
993 /// # use google_cloud_kms_v1::client::KeyManagementService;
994 /// let client = KeyManagementService::builder().build().await?;
995 /// # Ok(()) }
996 /// ```
997 pub fn builder() -> super::builder::key_management_service::ClientBuilder {
998 crate::new_client_builder(super::builder::key_management_service::client::Factory)
999 }
1000
1001 /// Creates a new client from the provided stub.
1002 ///
1003 /// The most common case for calling this function is in tests mocking the
1004 /// client's behavior.
1005 pub fn from_stub<T>(stub: T) -> Self
1006 where
1007 T: super::stub::KeyManagementService + 'static,
1008 {
1009 Self {
1010 inner: std::sync::Arc::new(stub),
1011 }
1012 }
1013
1014 pub(crate) async fn new(
1015 config: gaxi::options::ClientConfig,
1016 ) -> crate::ClientBuilderResult<Self> {
1017 let inner = Self::build_inner(config).await?;
1018 Ok(Self { inner })
1019 }
1020
1021 async fn build_inner(
1022 conf: gaxi::options::ClientConfig,
1023 ) -> crate::ClientBuilderResult<std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>>
1024 {
1025 if gaxi::options::tracing_enabled(&conf) {
1026 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
1027 }
1028 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
1029 }
1030
1031 async fn build_transport(
1032 conf: gaxi::options::ClientConfig,
1033 ) -> crate::ClientBuilderResult<impl super::stub::KeyManagementService> {
1034 super::transport::KeyManagementService::new(conf).await
1035 }
1036
1037 async fn build_with_tracing(
1038 conf: gaxi::options::ClientConfig,
1039 ) -> crate::ClientBuilderResult<impl super::stub::KeyManagementService> {
1040 Self::build_transport(conf)
1041 .await
1042 .map(super::tracing::KeyManagementService::new)
1043 }
1044
1045 /// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
1046 ///
1047 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1048 pub fn list_key_rings(&self) -> super::builder::key_management_service::ListKeyRings {
1049 super::builder::key_management_service::ListKeyRings::new(self.inner.clone())
1050 }
1051
1052 /// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
1053 ///
1054 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1055 pub fn list_crypto_keys(&self) -> super::builder::key_management_service::ListCryptoKeys {
1056 super::builder::key_management_service::ListCryptoKeys::new(self.inner.clone())
1057 }
1058
1059 /// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
1060 ///
1061 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1062 pub fn list_crypto_key_versions(
1063 &self,
1064 ) -> super::builder::key_management_service::ListCryptoKeyVersions {
1065 super::builder::key_management_service::ListCryptoKeyVersions::new(self.inner.clone())
1066 }
1067
1068 /// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
1069 ///
1070 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1071 pub fn list_import_jobs(&self) -> super::builder::key_management_service::ListImportJobs {
1072 super::builder::key_management_service::ListImportJobs::new(self.inner.clone())
1073 }
1074
1075 /// Lists the [RetiredResources][google.cloud.kms.v1.RetiredResource] which are
1076 /// the records of deleted [CryptoKeys][google.cloud.kms.v1.CryptoKey].
1077 /// RetiredResources prevent the reuse of these resource names after deletion.
1078 ///
1079 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1080 /// [google.cloud.kms.v1.RetiredResource]: crate::model::RetiredResource
1081 pub fn list_retired_resources(
1082 &self,
1083 ) -> super::builder::key_management_service::ListRetiredResources {
1084 super::builder::key_management_service::ListRetiredResources::new(self.inner.clone())
1085 }
1086
1087 /// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
1088 ///
1089 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1090 pub fn get_key_ring(&self) -> super::builder::key_management_service::GetKeyRing {
1091 super::builder::key_management_service::GetKeyRing::new(self.inner.clone())
1092 }
1093
1094 /// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
1095 /// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
1096 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1097 ///
1098 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1099 /// [google.cloud.kms.v1.CryptoKey.primary]: crate::model::CryptoKey::primary
1100 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1101 pub fn get_crypto_key(&self) -> super::builder::key_management_service::GetCryptoKey {
1102 super::builder::key_management_service::GetCryptoKey::new(self.inner.clone())
1103 }
1104
1105 /// Returns metadata for a given
1106 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1107 ///
1108 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1109 pub fn get_crypto_key_version(
1110 &self,
1111 ) -> super::builder::key_management_service::GetCryptoKeyVersion {
1112 super::builder::key_management_service::GetCryptoKeyVersion::new(self.inner.clone())
1113 }
1114
1115 /// Returns the public key for the given
1116 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
1117 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1118 /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
1119 /// or
1120 /// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
1121 ///
1122 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricDecrypt
1123 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricSign
1124 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1125 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1126 pub fn get_public_key(&self) -> super::builder::key_management_service::GetPublicKey {
1127 super::builder::key_management_service::GetPublicKey::new(self.inner.clone())
1128 }
1129
1130 /// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
1131 ///
1132 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1133 pub fn get_import_job(&self) -> super::builder::key_management_service::GetImportJob {
1134 super::builder::key_management_service::GetImportJob::new(self.inner.clone())
1135 }
1136
1137 /// Retrieves a specific [RetiredResource][google.cloud.kms.v1.RetiredResource]
1138 /// resource, which represents the record of a deleted
1139 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
1140 ///
1141 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1142 /// [google.cloud.kms.v1.RetiredResource]: crate::model::RetiredResource
1143 pub fn get_retired_resource(
1144 &self,
1145 ) -> super::builder::key_management_service::GetRetiredResource {
1146 super::builder::key_management_service::GetRetiredResource::new(self.inner.clone())
1147 }
1148
1149 /// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
1150 /// Location.
1151 ///
1152 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1153 pub fn create_key_ring(&self) -> super::builder::key_management_service::CreateKeyRing {
1154 super::builder::key_management_service::CreateKeyRing::new(self.inner.clone())
1155 }
1156
1157 /// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
1158 /// [KeyRing][google.cloud.kms.v1.KeyRing].
1159 ///
1160 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
1161 /// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
1162 /// are required.
1163 ///
1164 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1165 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1166 /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]: crate::model::CryptoKeyVersionTemplate::algorithm
1167 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1168 pub fn create_crypto_key(&self) -> super::builder::key_management_service::CreateCryptoKey {
1169 super::builder::key_management_service::CreateCryptoKey::new(self.inner.clone())
1170 }
1171
1172 /// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
1173 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
1174 ///
1175 /// The server will assign the next sequential id. If unset,
1176 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
1177 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
1178 ///
1179 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1180 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1181 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
1182 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1183 pub fn create_crypto_key_version(
1184 &self,
1185 ) -> super::builder::key_management_service::CreateCryptoKeyVersion {
1186 super::builder::key_management_service::CreateCryptoKeyVersion::new(self.inner.clone())
1187 }
1188
1189 /// Permanently deletes the given [CryptoKey][google.cloud.kms.v1.CryptoKey].
1190 /// All child [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] must
1191 /// have been previously deleted using
1192 /// [KeyManagementService.DeleteCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DeleteCryptoKeyVersion].
1193 /// The specified crypto key will be immediately and permanently deleted upon
1194 /// calling this method. This action cannot be undone.
1195 ///
1196 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1197 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1198 /// [google.cloud.kms.v1.KeyManagementService.DeleteCryptoKeyVersion]: crate::client::KeyManagementService::delete_crypto_key_version
1199 ///
1200 /// # Long running operations
1201 ///
1202 /// This method is used to start, and/or poll a [long-running Operation].
1203 /// The [Working with long-running operations] chapter in the [user guide]
1204 /// covers these operations in detail.
1205 ///
1206 /// [long-running operation]: https://google.aip.dev/151
1207 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
1208 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
1209 pub fn delete_crypto_key(&self) -> super::builder::key_management_service::DeleteCryptoKey {
1210 super::builder::key_management_service::DeleteCryptoKey::new(self.inner.clone())
1211 }
1212
1213 /// Permanently deletes the given
1214 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only possible if
1215 /// the version has not been previously imported and if its
1216 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is one of
1217 /// [DESTROYED][CryptoKeyVersionState.DESTROYED],
1218 /// [IMPORT_FAILED][CryptoKeyVersionState.IMPORT_FAILED], or
1219 /// [GENERATION_FAILED][CryptoKeyVersionState.GENERATION_FAILED].
1220 /// Successfully imported
1221 /// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] cannot be deleted
1222 /// at this time. The specified version will be immediately and permanently
1223 /// deleted upon calling this method. This action cannot be undone.
1224 ///
1225 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1226 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1227 ///
1228 /// # Long running operations
1229 ///
1230 /// This method is used to start, and/or poll a [long-running Operation].
1231 /// The [Working with long-running operations] chapter in the [user guide]
1232 /// covers these operations in detail.
1233 ///
1234 /// [long-running operation]: https://google.aip.dev/151
1235 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
1236 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
1237 pub fn delete_crypto_key_version(
1238 &self,
1239 ) -> super::builder::key_management_service::DeleteCryptoKeyVersion {
1240 super::builder::key_management_service::DeleteCryptoKeyVersion::new(self.inner.clone())
1241 }
1242
1243 /// Import wrapped key material into a
1244 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
1245 ///
1246 /// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
1247 /// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
1248 /// specified in the request, key material will be reimported into that
1249 /// version. Otherwise, a new version will be created, and will be assigned the
1250 /// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
1251 ///
1252 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1253 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1254 pub fn import_crypto_key_version(
1255 &self,
1256 ) -> super::builder::key_management_service::ImportCryptoKeyVersion {
1257 super::builder::key_management_service::ImportCryptoKeyVersion::new(self.inner.clone())
1258 }
1259
1260 /// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
1261 /// [KeyRing][google.cloud.kms.v1.KeyRing].
1262 ///
1263 /// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
1264 /// required.
1265 ///
1266 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
1267 /// [google.cloud.kms.v1.ImportJob.import_method]: crate::model::ImportJob::import_method
1268 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
1269 pub fn create_import_job(&self) -> super::builder::key_management_service::CreateImportJob {
1270 super::builder::key_management_service::CreateImportJob::new(self.inner.clone())
1271 }
1272
1273 /// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
1274 ///
1275 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1276 pub fn update_crypto_key(&self) -> super::builder::key_management_service::UpdateCryptoKey {
1277 super::builder::key_management_service::UpdateCryptoKey::new(self.inner.clone())
1278 }
1279
1280 /// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
1281 /// metadata.
1282 ///
1283 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
1284 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
1285 /// and
1286 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
1287 /// using this method. See
1288 /// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
1289 /// and
1290 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
1291 /// to move between other states.
1292 ///
1293 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1294 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
1295 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
1296 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1297 /// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
1298 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
1299 pub fn update_crypto_key_version(
1300 &self,
1301 ) -> super::builder::key_management_service::UpdateCryptoKeyVersion {
1302 super::builder::key_management_service::UpdateCryptoKeyVersion::new(self.inner.clone())
1303 }
1304
1305 /// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
1306 /// will be used in
1307 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
1308 ///
1309 /// Returns an error if called on a key whose purpose is not
1310 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1311 ///
1312 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
1313 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1314 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1315 pub fn update_crypto_key_primary_version(
1316 &self,
1317 ) -> super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion {
1318 super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion::new(
1319 self.inner.clone(),
1320 )
1321 }
1322
1323 /// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
1324 /// destruction.
1325 ///
1326 /// Upon calling this method,
1327 /// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
1328 /// be set to
1329 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
1330 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
1331 /// be set to the time
1332 /// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
1333 /// in the future. At that time, the
1334 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
1335 /// change to
1336 /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
1337 /// and the key material will be irrevocably destroyed.
1338 ///
1339 /// Before the
1340 /// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
1341 /// reached,
1342 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
1343 /// may be called to reverse the process.
1344 ///
1345 /// [google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]: crate::model::CryptoKey::destroy_scheduled_duration
1346 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1347 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
1348 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
1349 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
1350 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1351 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
1352 pub fn destroy_crypto_key_version(
1353 &self,
1354 ) -> super::builder::key_management_service::DestroyCryptoKeyVersion {
1355 super::builder::key_management_service::DestroyCryptoKeyVersion::new(self.inner.clone())
1356 }
1357
1358 /// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
1359 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
1360 /// state.
1361 ///
1362 /// Upon restoration of the CryptoKeyVersion,
1363 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
1364 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
1365 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
1366 /// be cleared.
1367 ///
1368 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1369 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
1370 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
1371 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
1372 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
1373 pub fn restore_crypto_key_version(
1374 &self,
1375 ) -> super::builder::key_management_service::RestoreCryptoKeyVersion {
1376 super::builder::key_management_service::RestoreCryptoKeyVersion::new(self.inner.clone())
1377 }
1378
1379 /// Encrypts data, so that it can only be recovered by a call to
1380 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
1381 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1382 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1383 ///
1384 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1385 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1386 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1387 pub fn encrypt(&self) -> super::builder::key_management_service::Encrypt {
1388 super::builder::key_management_service::Encrypt::new(self.inner.clone())
1389 }
1390
1391 /// Decrypts data that was protected by
1392 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
1393 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1394 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1395 ///
1396 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1397 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1398 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1399 pub fn decrypt(&self) -> super::builder::key_management_service::Decrypt {
1400 super::builder::key_management_service::Decrypt::new(self.inner.clone())
1401 }
1402
1403 /// Encrypts data using portable cryptographic primitives. Most users should
1404 /// choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
1405 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
1406 /// their raw counterparts. The
1407 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1408 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1409 ///
1410 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1411 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1412 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1413 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1414 pub fn raw_encrypt(&self) -> super::builder::key_management_service::RawEncrypt {
1415 super::builder::key_management_service::RawEncrypt::new(self.inner.clone())
1416 }
1417
1418 /// Decrypts data that was originally encrypted using a raw cryptographic
1419 /// mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1420 /// must be
1421 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1422 ///
1423 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1424 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1425 pub fn raw_decrypt(&self) -> super::builder::key_management_service::RawDecrypt {
1426 super::builder::key_management_service::RawDecrypt::new(self.inner.clone())
1427 }
1428
1429 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1430 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1431 /// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
1432 /// key retrieved from
1433 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
1434 ///
1435 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1436 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1437 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1438 pub fn asymmetric_sign(&self) -> super::builder::key_management_service::AsymmetricSign {
1439 super::builder::key_management_service::AsymmetricSign::new(self.inner.clone())
1440 }
1441
1442 /// Decrypts data that was encrypted with a public key retrieved from
1443 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1444 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1445 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1446 /// ASYMMETRIC_DECRYPT.
1447 ///
1448 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1449 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1450 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1451 pub fn asymmetric_decrypt(&self) -> super::builder::key_management_service::AsymmetricDecrypt {
1452 super::builder::key_management_service::AsymmetricDecrypt::new(self.inner.clone())
1453 }
1454
1455 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1456 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
1457 /// producing a tag that can be verified by another source with the same key.
1458 ///
1459 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1460 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1461 pub fn mac_sign(&self) -> super::builder::key_management_service::MacSign {
1462 super::builder::key_management_service::MacSign::new(self.inner.clone())
1463 }
1464
1465 /// Verifies MAC tag using a
1466 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
1467 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
1468 /// a response that indicates whether or not the verification was successful.
1469 ///
1470 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1471 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1472 pub fn mac_verify(&self) -> super::builder::key_management_service::MacVerify {
1473 super::builder::key_management_service::MacVerify::new(self.inner.clone())
1474 }
1475
1476 /// Decapsulates data that was encapsulated with a public key retrieved from
1477 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1478 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1479 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1480 /// KEY_ENCAPSULATION.
1481 ///
1482 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1483 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1484 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1485 pub fn decapsulate(&self) -> super::builder::key_management_service::Decapsulate {
1486 super::builder::key_management_service::Decapsulate::new(self.inner.clone())
1487 }
1488
1489 /// Generate random bytes using the Cloud KMS randomness source in the provided
1490 /// location.
1491 pub fn generate_random_bytes(
1492 &self,
1493 ) -> super::builder::key_management_service::GenerateRandomBytes {
1494 super::builder::key_management_service::GenerateRandomBytes::new(self.inner.clone())
1495 }
1496
1497 /// Lists information about the supported locations for this service.
1498 pub fn list_locations(&self) -> super::builder::key_management_service::ListLocations {
1499 super::builder::key_management_service::ListLocations::new(self.inner.clone())
1500 }
1501
1502 /// Gets information about a location.
1503 pub fn get_location(&self) -> super::builder::key_management_service::GetLocation {
1504 super::builder::key_management_service::GetLocation::new(self.inner.clone())
1505 }
1506
1507 /// Sets the access control policy on the specified resource. Replaces
1508 /// any existing policy.
1509 ///
1510 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
1511 /// errors.
1512 pub fn set_iam_policy(&self) -> super::builder::key_management_service::SetIamPolicy {
1513 super::builder::key_management_service::SetIamPolicy::new(self.inner.clone())
1514 }
1515
1516 /// Gets the access control policy for a resource. Returns an empty policy
1517 /// if the resource exists and does not have a policy set.
1518 pub fn get_iam_policy(&self) -> super::builder::key_management_service::GetIamPolicy {
1519 super::builder::key_management_service::GetIamPolicy::new(self.inner.clone())
1520 }
1521
1522 /// Returns permissions that a caller has on the specified resource. If the
1523 /// resource does not exist, this will return an empty set of
1524 /// permissions, not a `NOT_FOUND` error.
1525 ///
1526 /// Note: This operation is designed to be used for building
1527 /// permission-aware UIs and command-line tools, not for authorization
1528 /// checking. This operation may "fail open" without warning.
1529 pub fn test_iam_permissions(
1530 &self,
1531 ) -> super::builder::key_management_service::TestIamPermissions {
1532 super::builder::key_management_service::TestIamPermissions::new(self.inner.clone())
1533 }
1534
1535 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
1536 ///
1537 /// [google.longrunning.Operations]: google-cloud-longrunning::client::Operations
1538 pub fn get_operation(&self) -> super::builder::key_management_service::GetOperation {
1539 super::builder::key_management_service::GetOperation::new(self.inner.clone())
1540 }
1541}