google_cloud_kms_v1/client.rs
1// Copyright 2025 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15// Code generated by sidekick. DO NOT EDIT.
16#![allow(rustdoc::redundant_explicit_links)]
17#![allow(rustdoc::broken_intra_doc_links)]
18
19/// Implements a client for the Cloud Key Management Service (KMS) API.
20///
21/// # Example
22/// ```
23/// # tokio_test::block_on(async {
24/// # use google_cloud_kms_v1::client::Autokey;
25/// let client = Autokey::builder().build().await?;
26/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
27/// # gax::client_builder::Result::<()>::Ok(()) });
28/// ```
29///
30/// # Service Description
31///
32/// Provides interfaces for using [Cloud KMS
33/// Autokey](https://cloud.google.com/kms/help/autokey) to provision new
34/// [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer Managed
35/// Encryption Key (CMEK) use, on-demand. To support certain client tooling, this
36/// feature is modeled around a [KeyHandle][google.cloud.kms.v1.KeyHandle]
37/// resource: creating a [KeyHandle][google.cloud.kms.v1.KeyHandle] in a resource
38/// project and given location triggers Cloud KMS Autokey to provision a
39/// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the configured key project and
40/// the same location.
41///
42/// Prior to use in a given resource project,
43/// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]
44/// should have been called on an ancestor folder, setting the key project where
45/// Cloud KMS Autokey should create new
46/// [CryptoKeys][google.cloud.kms.v1.CryptoKey]. See documentation for additional
47/// prerequisites. To check what key project, if any, is currently configured on
48/// a resource project's ancestor folder, see
49/// [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
50///
51/// [google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]: crate::client::AutokeyAdmin::show_effective_autokey_config
52/// [google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]: crate::client::AutokeyAdmin::update_autokey_config
53/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
54/// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
55///
56/// # Configuration
57///
58/// To configure `Autokey` use the `with_*` methods in the type returned
59/// by [builder()][Autokey::builder]. The default configuration should
60/// work for most applications. Common configuration changes include
61///
62/// * [with_endpoint()]: by default this client uses the global default endpoint
63/// (`https://cloudkms.googleapis.com`). Applications using regional
64/// endpoints or running in restricted networks (e.g. a network configured
65// with [Private Google Access with VPC Service Controls]) may want to
66/// override this default.
67/// * [with_credentials()]: by default this client uses
68/// [Application Default Credentials]. Applications using custom
69/// authentication may need to override this default.
70///
71/// [with_endpoint()]: super::builder::autokey::ClientBuilder::with_endpoint
72/// [with_credentials()]: super::builder::autokey::ClientBuilder::credentials
73/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
74/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
75///
76/// # Pooling and Cloning
77///
78/// `Autokey` holds a connection pool internally, it is advised to
79/// create one and the reuse it. You do not need to wrap `Autokey` in
80/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
81/// already uses an `Arc` internally.
82#[derive(Clone, Debug)]
83pub struct Autokey {
84 inner: std::sync::Arc<dyn super::stub::dynamic::Autokey>,
85}
86
87impl Autokey {
88 /// Returns a builder for [Autokey].
89 ///
90 /// ```
91 /// # tokio_test::block_on(async {
92 /// # use google_cloud_kms_v1::client::Autokey;
93 /// let client = Autokey::builder().build().await?;
94 /// # gax::client_builder::Result::<()>::Ok(()) });
95 /// ```
96 pub fn builder() -> super::builder::autokey::ClientBuilder {
97 gax::client_builder::internal::new_builder(super::builder::autokey::client::Factory)
98 }
99
100 /// Creates a new client from the provided stub.
101 ///
102 /// The most common case for calling this function is in tests mocking the
103 /// client's behavior.
104 pub fn from_stub<T>(stub: T) -> Self
105 where
106 T: super::stub::Autokey + 'static,
107 {
108 Self {
109 inner: std::sync::Arc::new(stub),
110 }
111 }
112
113 pub(crate) async fn new(
114 config: gaxi::options::ClientConfig,
115 ) -> gax::client_builder::Result<Self> {
116 let inner = Self::build_inner(config).await?;
117 Ok(Self { inner })
118 }
119
120 async fn build_inner(
121 conf: gaxi::options::ClientConfig,
122 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::Autokey>> {
123 if gaxi::options::tracing_enabled(&conf) {
124 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
125 }
126 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
127 }
128
129 async fn build_transport(
130 conf: gaxi::options::ClientConfig,
131 ) -> gax::client_builder::Result<impl super::stub::Autokey> {
132 super::transport::Autokey::new(conf).await
133 }
134
135 async fn build_with_tracing(
136 conf: gaxi::options::ClientConfig,
137 ) -> gax::client_builder::Result<impl super::stub::Autokey> {
138 Self::build_transport(conf)
139 .await
140 .map(super::tracing::Autokey::new)
141 }
142
143 /// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
144 /// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
145 /// use with the given resource type in the configured key project and the same
146 /// location. [GetOperation][google.longrunning.Operations.GetOperation] should
147 /// be used to resolve the resulting long-running operation and get the
148 /// resulting [KeyHandle][google.cloud.kms.v1.KeyHandle] and
149 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
150 ///
151 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
152 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
153 ///
154 /// # Long running operations
155 ///
156 /// This method is used to start, and/or poll a [long-running Operation].
157 /// The [Working with long-running operations] chapter in the [user guide]
158 /// covers these operations in detail.
159 ///
160 /// [long-running operation]: https://google.aip.dev/151
161 /// [user guide]: https://googleapis.github.io/google-cloud-rust/
162 /// [working with long-running operations]: https://googleapis.github.io/google-cloud-rust/working_with_long_running_operations.html
163 pub fn create_key_handle(&self) -> super::builder::autokey::CreateKeyHandle {
164 super::builder::autokey::CreateKeyHandle::new(self.inner.clone())
165 }
166
167 /// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
168 ///
169 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
170 pub fn get_key_handle(&self) -> super::builder::autokey::GetKeyHandle {
171 super::builder::autokey::GetKeyHandle::new(self.inner.clone())
172 }
173
174 /// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
175 ///
176 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
177 pub fn list_key_handles(&self) -> super::builder::autokey::ListKeyHandles {
178 super::builder::autokey::ListKeyHandles::new(self.inner.clone())
179 }
180
181 /// Lists information about the supported locations for this service.
182 pub fn list_locations(&self) -> super::builder::autokey::ListLocations {
183 super::builder::autokey::ListLocations::new(self.inner.clone())
184 }
185
186 /// Gets information about a location.
187 pub fn get_location(&self) -> super::builder::autokey::GetLocation {
188 super::builder::autokey::GetLocation::new(self.inner.clone())
189 }
190
191 /// Sets the access control policy on the specified resource. Replaces
192 /// any existing policy.
193 ///
194 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
195 /// errors.
196 pub fn set_iam_policy(&self) -> super::builder::autokey::SetIamPolicy {
197 super::builder::autokey::SetIamPolicy::new(self.inner.clone())
198 }
199
200 /// Gets the access control policy for a resource. Returns an empty policy
201 /// if the resource exists and does not have a policy set.
202 pub fn get_iam_policy(&self) -> super::builder::autokey::GetIamPolicy {
203 super::builder::autokey::GetIamPolicy::new(self.inner.clone())
204 }
205
206 /// Returns permissions that a caller has on the specified resource. If the
207 /// resource does not exist, this will return an empty set of
208 /// permissions, not a `NOT_FOUND` error.
209 ///
210 /// Note: This operation is designed to be used for building
211 /// permission-aware UIs and command-line tools, not for authorization
212 /// checking. This operation may "fail open" without warning.
213 pub fn test_iam_permissions(&self) -> super::builder::autokey::TestIamPermissions {
214 super::builder::autokey::TestIamPermissions::new(self.inner.clone())
215 }
216
217 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
218 ///
219 /// [google.longrunning.Operations]: longrunning::client::Operations
220 pub fn get_operation(&self) -> super::builder::autokey::GetOperation {
221 super::builder::autokey::GetOperation::new(self.inner.clone())
222 }
223}
224
225/// Implements a client for the Cloud Key Management Service (KMS) API.
226///
227/// # Example
228/// ```
229/// # tokio_test::block_on(async {
230/// # use google_cloud_kms_v1::client::AutokeyAdmin;
231/// let client = AutokeyAdmin::builder().build().await?;
232/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
233/// # gax::client_builder::Result::<()>::Ok(()) });
234/// ```
235///
236/// # Service Description
237///
238/// Provides interfaces for managing [Cloud KMS
239/// Autokey](https://cloud.google.com/kms/help/autokey) folder-level
240/// configurations. A configuration is inherited by all descendent projects. A
241/// configuration at one folder overrides any other configurations in its
242/// ancestry. Setting a configuration on a folder is a prerequisite for Cloud KMS
243/// Autokey, so that users working in a descendant project can request
244/// provisioned [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer
245/// Managed Encryption Key (CMEK) use, on-demand.
246///
247/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
248///
249/// # Configuration
250///
251/// To configure `AutokeyAdmin` use the `with_*` methods in the type returned
252/// by [builder()][AutokeyAdmin::builder]. The default configuration should
253/// work for most applications. Common configuration changes include
254///
255/// * [with_endpoint()]: by default this client uses the global default endpoint
256/// (`https://cloudkms.googleapis.com`). Applications using regional
257/// endpoints or running in restricted networks (e.g. a network configured
258// with [Private Google Access with VPC Service Controls]) may want to
259/// override this default.
260/// * [with_credentials()]: by default this client uses
261/// [Application Default Credentials]. Applications using custom
262/// authentication may need to override this default.
263///
264/// [with_endpoint()]: super::builder::autokey_admin::ClientBuilder::with_endpoint
265/// [with_credentials()]: super::builder::autokey_admin::ClientBuilder::credentials
266/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
267/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
268///
269/// # Pooling and Cloning
270///
271/// `AutokeyAdmin` holds a connection pool internally, it is advised to
272/// create one and the reuse it. You do not need to wrap `AutokeyAdmin` in
273/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
274/// already uses an `Arc` internally.
275#[derive(Clone, Debug)]
276pub struct AutokeyAdmin {
277 inner: std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>,
278}
279
280impl AutokeyAdmin {
281 /// Returns a builder for [AutokeyAdmin].
282 ///
283 /// ```
284 /// # tokio_test::block_on(async {
285 /// # use google_cloud_kms_v1::client::AutokeyAdmin;
286 /// let client = AutokeyAdmin::builder().build().await?;
287 /// # gax::client_builder::Result::<()>::Ok(()) });
288 /// ```
289 pub fn builder() -> super::builder::autokey_admin::ClientBuilder {
290 gax::client_builder::internal::new_builder(super::builder::autokey_admin::client::Factory)
291 }
292
293 /// Creates a new client from the provided stub.
294 ///
295 /// The most common case for calling this function is in tests mocking the
296 /// client's behavior.
297 pub fn from_stub<T>(stub: T) -> Self
298 where
299 T: super::stub::AutokeyAdmin + 'static,
300 {
301 Self {
302 inner: std::sync::Arc::new(stub),
303 }
304 }
305
306 pub(crate) async fn new(
307 config: gaxi::options::ClientConfig,
308 ) -> gax::client_builder::Result<Self> {
309 let inner = Self::build_inner(config).await?;
310 Ok(Self { inner })
311 }
312
313 async fn build_inner(
314 conf: gaxi::options::ClientConfig,
315 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::AutokeyAdmin>> {
316 if gaxi::options::tracing_enabled(&conf) {
317 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
318 }
319 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
320 }
321
322 async fn build_transport(
323 conf: gaxi::options::ClientConfig,
324 ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
325 super::transport::AutokeyAdmin::new(conf).await
326 }
327
328 async fn build_with_tracing(
329 conf: gaxi::options::ClientConfig,
330 ) -> gax::client_builder::Result<impl super::stub::AutokeyAdmin> {
331 Self::build_transport(conf)
332 .await
333 .map(super::tracing::AutokeyAdmin::new)
334 }
335
336 /// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
337 /// folder. The caller must have both `cloudkms.autokeyConfigs.update`
338 /// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
339 /// permission on the provided key project. A
340 /// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
341 /// descendant projects will use this configuration to determine where to
342 /// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
343 ///
344 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
345 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
346 /// [google.cloud.kms.v1.KeyHandle]: crate::model::KeyHandle
347 pub fn update_autokey_config(&self) -> super::builder::autokey_admin::UpdateAutokeyConfig {
348 super::builder::autokey_admin::UpdateAutokeyConfig::new(self.inner.clone())
349 }
350
351 /// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
352 /// folder.
353 ///
354 /// [google.cloud.kms.v1.AutokeyConfig]: crate::model::AutokeyConfig
355 pub fn get_autokey_config(&self) -> super::builder::autokey_admin::GetAutokeyConfig {
356 super::builder::autokey_admin::GetAutokeyConfig::new(self.inner.clone())
357 }
358
359 /// Returns the effective Cloud KMS Autokey configuration for a given project.
360 pub fn show_effective_autokey_config(
361 &self,
362 ) -> super::builder::autokey_admin::ShowEffectiveAutokeyConfig {
363 super::builder::autokey_admin::ShowEffectiveAutokeyConfig::new(self.inner.clone())
364 }
365
366 /// Lists information about the supported locations for this service.
367 pub fn list_locations(&self) -> super::builder::autokey_admin::ListLocations {
368 super::builder::autokey_admin::ListLocations::new(self.inner.clone())
369 }
370
371 /// Gets information about a location.
372 pub fn get_location(&self) -> super::builder::autokey_admin::GetLocation {
373 super::builder::autokey_admin::GetLocation::new(self.inner.clone())
374 }
375
376 /// Sets the access control policy on the specified resource. Replaces
377 /// any existing policy.
378 ///
379 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
380 /// errors.
381 pub fn set_iam_policy(&self) -> super::builder::autokey_admin::SetIamPolicy {
382 super::builder::autokey_admin::SetIamPolicy::new(self.inner.clone())
383 }
384
385 /// Gets the access control policy for a resource. Returns an empty policy
386 /// if the resource exists and does not have a policy set.
387 pub fn get_iam_policy(&self) -> super::builder::autokey_admin::GetIamPolicy {
388 super::builder::autokey_admin::GetIamPolicy::new(self.inner.clone())
389 }
390
391 /// Returns permissions that a caller has on the specified resource. If the
392 /// resource does not exist, this will return an empty set of
393 /// permissions, not a `NOT_FOUND` error.
394 ///
395 /// Note: This operation is designed to be used for building
396 /// permission-aware UIs and command-line tools, not for authorization
397 /// checking. This operation may "fail open" without warning.
398 pub fn test_iam_permissions(&self) -> super::builder::autokey_admin::TestIamPermissions {
399 super::builder::autokey_admin::TestIamPermissions::new(self.inner.clone())
400 }
401
402 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
403 ///
404 /// [google.longrunning.Operations]: longrunning::client::Operations
405 pub fn get_operation(&self) -> super::builder::autokey_admin::GetOperation {
406 super::builder::autokey_admin::GetOperation::new(self.inner.clone())
407 }
408}
409
410/// Implements a client for the Cloud Key Management Service (KMS) API.
411///
412/// # Example
413/// ```
414/// # tokio_test::block_on(async {
415/// # use google_cloud_kms_v1::client::EkmService;
416/// let client = EkmService::builder().build().await?;
417/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
418/// # gax::client_builder::Result::<()>::Ok(()) });
419/// ```
420///
421/// # Service Description
422///
423/// Google Cloud Key Management EKM Service
424///
425/// Manages external cryptographic keys and operations using those keys.
426/// Implements a REST model with the following objects:
427///
428/// * [EkmConnection][google.cloud.kms.v1.EkmConnection]
429///
430/// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
431///
432/// # Configuration
433///
434/// To configure `EkmService` use the `with_*` methods in the type returned
435/// by [builder()][EkmService::builder]. The default configuration should
436/// work for most applications. Common configuration changes include
437///
438/// * [with_endpoint()]: by default this client uses the global default endpoint
439/// (`https://cloudkms.googleapis.com`). Applications using regional
440/// endpoints or running in restricted networks (e.g. a network configured
441// with [Private Google Access with VPC Service Controls]) may want to
442/// override this default.
443/// * [with_credentials()]: by default this client uses
444/// [Application Default Credentials]. Applications using custom
445/// authentication may need to override this default.
446///
447/// [with_endpoint()]: super::builder::ekm_service::ClientBuilder::with_endpoint
448/// [with_credentials()]: super::builder::ekm_service::ClientBuilder::credentials
449/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
450/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
451///
452/// # Pooling and Cloning
453///
454/// `EkmService` holds a connection pool internally, it is advised to
455/// create one and the reuse it. You do not need to wrap `EkmService` in
456/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
457/// already uses an `Arc` internally.
458#[derive(Clone, Debug)]
459pub struct EkmService {
460 inner: std::sync::Arc<dyn super::stub::dynamic::EkmService>,
461}
462
463impl EkmService {
464 /// Returns a builder for [EkmService].
465 ///
466 /// ```
467 /// # tokio_test::block_on(async {
468 /// # use google_cloud_kms_v1::client::EkmService;
469 /// let client = EkmService::builder().build().await?;
470 /// # gax::client_builder::Result::<()>::Ok(()) });
471 /// ```
472 pub fn builder() -> super::builder::ekm_service::ClientBuilder {
473 gax::client_builder::internal::new_builder(super::builder::ekm_service::client::Factory)
474 }
475
476 /// Creates a new client from the provided stub.
477 ///
478 /// The most common case for calling this function is in tests mocking the
479 /// client's behavior.
480 pub fn from_stub<T>(stub: T) -> Self
481 where
482 T: super::stub::EkmService + 'static,
483 {
484 Self {
485 inner: std::sync::Arc::new(stub),
486 }
487 }
488
489 pub(crate) async fn new(
490 config: gaxi::options::ClientConfig,
491 ) -> gax::client_builder::Result<Self> {
492 let inner = Self::build_inner(config).await?;
493 Ok(Self { inner })
494 }
495
496 async fn build_inner(
497 conf: gaxi::options::ClientConfig,
498 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::EkmService>> {
499 if gaxi::options::tracing_enabled(&conf) {
500 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
501 }
502 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
503 }
504
505 async fn build_transport(
506 conf: gaxi::options::ClientConfig,
507 ) -> gax::client_builder::Result<impl super::stub::EkmService> {
508 super::transport::EkmService::new(conf).await
509 }
510
511 async fn build_with_tracing(
512 conf: gaxi::options::ClientConfig,
513 ) -> gax::client_builder::Result<impl super::stub::EkmService> {
514 Self::build_transport(conf)
515 .await
516 .map(super::tracing::EkmService::new)
517 }
518
519 /// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
520 ///
521 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
522 pub fn list_ekm_connections(&self) -> super::builder::ekm_service::ListEkmConnections {
523 super::builder::ekm_service::ListEkmConnections::new(self.inner.clone())
524 }
525
526 /// Returns metadata for a given
527 /// [EkmConnection][google.cloud.kms.v1.EkmConnection].
528 ///
529 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
530 pub fn get_ekm_connection(&self) -> super::builder::ekm_service::GetEkmConnection {
531 super::builder::ekm_service::GetEkmConnection::new(self.inner.clone())
532 }
533
534 /// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
535 /// Project and Location.
536 ///
537 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
538 pub fn create_ekm_connection(&self) -> super::builder::ekm_service::CreateEkmConnection {
539 super::builder::ekm_service::CreateEkmConnection::new(self.inner.clone())
540 }
541
542 /// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
543 ///
544 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
545 pub fn update_ekm_connection(&self) -> super::builder::ekm_service::UpdateEkmConnection {
546 super::builder::ekm_service::UpdateEkmConnection::new(self.inner.clone())
547 }
548
549 /// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
550 /// for a given project and location.
551 ///
552 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
553 pub fn get_ekm_config(&self) -> super::builder::ekm_service::GetEkmConfig {
554 super::builder::ekm_service::GetEkmConfig::new(self.inner.clone())
555 }
556
557 /// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
558 /// for a given project and location.
559 ///
560 /// [google.cloud.kms.v1.EkmConfig]: crate::model::EkmConfig
561 pub fn update_ekm_config(&self) -> super::builder::ekm_service::UpdateEkmConfig {
562 super::builder::ekm_service::UpdateEkmConfig::new(self.inner.clone())
563 }
564
565 /// Verifies that Cloud KMS can successfully connect to the external key
566 /// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
567 /// If there is an error connecting to the EKM, this method returns a
568 /// FAILED_PRECONDITION status containing structured information as described
569 /// at <https://cloud.google.com/kms/docs/reference/ekm_errors>.
570 ///
571 /// [google.cloud.kms.v1.EkmConnection]: crate::model::EkmConnection
572 pub fn verify_connectivity(&self) -> super::builder::ekm_service::VerifyConnectivity {
573 super::builder::ekm_service::VerifyConnectivity::new(self.inner.clone())
574 }
575
576 /// Lists information about the supported locations for this service.
577 pub fn list_locations(&self) -> super::builder::ekm_service::ListLocations {
578 super::builder::ekm_service::ListLocations::new(self.inner.clone())
579 }
580
581 /// Gets information about a location.
582 pub fn get_location(&self) -> super::builder::ekm_service::GetLocation {
583 super::builder::ekm_service::GetLocation::new(self.inner.clone())
584 }
585
586 /// Sets the access control policy on the specified resource. Replaces
587 /// any existing policy.
588 ///
589 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
590 /// errors.
591 pub fn set_iam_policy(&self) -> super::builder::ekm_service::SetIamPolicy {
592 super::builder::ekm_service::SetIamPolicy::new(self.inner.clone())
593 }
594
595 /// Gets the access control policy for a resource. Returns an empty policy
596 /// if the resource exists and does not have a policy set.
597 pub fn get_iam_policy(&self) -> super::builder::ekm_service::GetIamPolicy {
598 super::builder::ekm_service::GetIamPolicy::new(self.inner.clone())
599 }
600
601 /// Returns permissions that a caller has on the specified resource. If the
602 /// resource does not exist, this will return an empty set of
603 /// permissions, not a `NOT_FOUND` error.
604 ///
605 /// Note: This operation is designed to be used for building
606 /// permission-aware UIs and command-line tools, not for authorization
607 /// checking. This operation may "fail open" without warning.
608 pub fn test_iam_permissions(&self) -> super::builder::ekm_service::TestIamPermissions {
609 super::builder::ekm_service::TestIamPermissions::new(self.inner.clone())
610 }
611
612 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
613 ///
614 /// [google.longrunning.Operations]: longrunning::client::Operations
615 pub fn get_operation(&self) -> super::builder::ekm_service::GetOperation {
616 super::builder::ekm_service::GetOperation::new(self.inner.clone())
617 }
618}
619
620/// Implements a client for the Cloud Key Management Service (KMS) API.
621///
622/// # Example
623/// ```
624/// # tokio_test::block_on(async {
625/// # use google_cloud_kms_v1::client::KeyManagementService;
626/// let client = KeyManagementService::builder().build().await?;
627/// // use `client` to make requests to the Cloud Key Management Service (KMS) API.
628/// # gax::client_builder::Result::<()>::Ok(()) });
629/// ```
630///
631/// # Service Description
632///
633/// Google Cloud Key Management Service
634///
635/// Manages cryptographic keys and operations using those keys. Implements a REST
636/// model with the following objects:
637///
638/// * [KeyRing][google.cloud.kms.v1.KeyRing]
639/// * [CryptoKey][google.cloud.kms.v1.CryptoKey]
640/// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
641/// * [ImportJob][google.cloud.kms.v1.ImportJob]
642///
643/// If you are using manual gRPC libraries, see
644/// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
645///
646/// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
647/// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
648/// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
649/// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
650///
651/// # Configuration
652///
653/// To configure `KeyManagementService` use the `with_*` methods in the type returned
654/// by [builder()][KeyManagementService::builder]. The default configuration should
655/// work for most applications. Common configuration changes include
656///
657/// * [with_endpoint()]: by default this client uses the global default endpoint
658/// (`https://cloudkms.googleapis.com`). Applications using regional
659/// endpoints or running in restricted networks (e.g. a network configured
660// with [Private Google Access with VPC Service Controls]) may want to
661/// override this default.
662/// * [with_credentials()]: by default this client uses
663/// [Application Default Credentials]. Applications using custom
664/// authentication may need to override this default.
665///
666/// [with_endpoint()]: super::builder::key_management_service::ClientBuilder::with_endpoint
667/// [with_credentials()]: super::builder::key_management_service::ClientBuilder::credentials
668/// [Private Google Access with VPC Service Controls]: https://cloud.google.com/vpc-service-controls/docs/private-connectivity
669/// [Application Default Credentials]: https://cloud.google.com/docs/authentication#adc
670///
671/// # Pooling and Cloning
672///
673/// `KeyManagementService` holds a connection pool internally, it is advised to
674/// create one and the reuse it. You do not need to wrap `KeyManagementService` in
675/// an [Rc](std::rc::Rc) or [Arc](std::sync::Arc) to reuse it, because it
676/// already uses an `Arc` internally.
677#[derive(Clone, Debug)]
678pub struct KeyManagementService {
679 inner: std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>,
680}
681
682impl KeyManagementService {
683 /// Returns a builder for [KeyManagementService].
684 ///
685 /// ```
686 /// # tokio_test::block_on(async {
687 /// # use google_cloud_kms_v1::client::KeyManagementService;
688 /// let client = KeyManagementService::builder().build().await?;
689 /// # gax::client_builder::Result::<()>::Ok(()) });
690 /// ```
691 pub fn builder() -> super::builder::key_management_service::ClientBuilder {
692 gax::client_builder::internal::new_builder(
693 super::builder::key_management_service::client::Factory,
694 )
695 }
696
697 /// Creates a new client from the provided stub.
698 ///
699 /// The most common case for calling this function is in tests mocking the
700 /// client's behavior.
701 pub fn from_stub<T>(stub: T) -> Self
702 where
703 T: super::stub::KeyManagementService + 'static,
704 {
705 Self {
706 inner: std::sync::Arc::new(stub),
707 }
708 }
709
710 pub(crate) async fn new(
711 config: gaxi::options::ClientConfig,
712 ) -> gax::client_builder::Result<Self> {
713 let inner = Self::build_inner(config).await?;
714 Ok(Self { inner })
715 }
716
717 async fn build_inner(
718 conf: gaxi::options::ClientConfig,
719 ) -> gax::client_builder::Result<std::sync::Arc<dyn super::stub::dynamic::KeyManagementService>>
720 {
721 if gaxi::options::tracing_enabled(&conf) {
722 return Ok(std::sync::Arc::new(Self::build_with_tracing(conf).await?));
723 }
724 Ok(std::sync::Arc::new(Self::build_transport(conf).await?))
725 }
726
727 async fn build_transport(
728 conf: gaxi::options::ClientConfig,
729 ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
730 super::transport::KeyManagementService::new(conf).await
731 }
732
733 async fn build_with_tracing(
734 conf: gaxi::options::ClientConfig,
735 ) -> gax::client_builder::Result<impl super::stub::KeyManagementService> {
736 Self::build_transport(conf)
737 .await
738 .map(super::tracing::KeyManagementService::new)
739 }
740
741 /// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
742 ///
743 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
744 pub fn list_key_rings(&self) -> super::builder::key_management_service::ListKeyRings {
745 super::builder::key_management_service::ListKeyRings::new(self.inner.clone())
746 }
747
748 /// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
749 ///
750 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
751 pub fn list_crypto_keys(&self) -> super::builder::key_management_service::ListCryptoKeys {
752 super::builder::key_management_service::ListCryptoKeys::new(self.inner.clone())
753 }
754
755 /// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
756 ///
757 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
758 pub fn list_crypto_key_versions(
759 &self,
760 ) -> super::builder::key_management_service::ListCryptoKeyVersions {
761 super::builder::key_management_service::ListCryptoKeyVersions::new(self.inner.clone())
762 }
763
764 /// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
765 ///
766 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
767 pub fn list_import_jobs(&self) -> super::builder::key_management_service::ListImportJobs {
768 super::builder::key_management_service::ListImportJobs::new(self.inner.clone())
769 }
770
771 /// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
772 ///
773 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
774 pub fn get_key_ring(&self) -> super::builder::key_management_service::GetKeyRing {
775 super::builder::key_management_service::GetKeyRing::new(self.inner.clone())
776 }
777
778 /// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
779 /// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
780 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
781 ///
782 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
783 /// [google.cloud.kms.v1.CryptoKey.primary]: crate::model::CryptoKey::primary
784 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
785 pub fn get_crypto_key(&self) -> super::builder::key_management_service::GetCryptoKey {
786 super::builder::key_management_service::GetCryptoKey::new(self.inner.clone())
787 }
788
789 /// Returns metadata for a given
790 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
791 ///
792 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
793 pub fn get_crypto_key_version(
794 &self,
795 ) -> super::builder::key_management_service::GetCryptoKeyVersion {
796 super::builder::key_management_service::GetCryptoKeyVersion::new(self.inner.clone())
797 }
798
799 /// Returns the public key for the given
800 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
801 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
802 /// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
803 /// or
804 /// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
805 ///
806 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricDecrypt
807 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]: crate::model::crypto_key::CryptoKeyPurpose::AsymmetricSign
808 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
809 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
810 pub fn get_public_key(&self) -> super::builder::key_management_service::GetPublicKey {
811 super::builder::key_management_service::GetPublicKey::new(self.inner.clone())
812 }
813
814 /// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
815 ///
816 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
817 pub fn get_import_job(&self) -> super::builder::key_management_service::GetImportJob {
818 super::builder::key_management_service::GetImportJob::new(self.inner.clone())
819 }
820
821 /// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
822 /// Location.
823 ///
824 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
825 pub fn create_key_ring(&self) -> super::builder::key_management_service::CreateKeyRing {
826 super::builder::key_management_service::CreateKeyRing::new(self.inner.clone())
827 }
828
829 /// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
830 /// [KeyRing][google.cloud.kms.v1.KeyRing].
831 ///
832 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
833 /// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
834 /// are required.
835 ///
836 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
837 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
838 /// [google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]: crate::model::CryptoKeyVersionTemplate::algorithm
839 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
840 pub fn create_crypto_key(&self) -> super::builder::key_management_service::CreateCryptoKey {
841 super::builder::key_management_service::CreateCryptoKey::new(self.inner.clone())
842 }
843
844 /// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
845 /// [CryptoKey][google.cloud.kms.v1.CryptoKey].
846 ///
847 /// The server will assign the next sequential id. If unset,
848 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
849 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
850 ///
851 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
852 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
853 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
854 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
855 pub fn create_crypto_key_version(
856 &self,
857 ) -> super::builder::key_management_service::CreateCryptoKeyVersion {
858 super::builder::key_management_service::CreateCryptoKeyVersion::new(self.inner.clone())
859 }
860
861 /// Import wrapped key material into a
862 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
863 ///
864 /// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
865 /// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
866 /// specified in the request, key material will be reimported into that
867 /// version. Otherwise, a new version will be created, and will be assigned the
868 /// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
869 ///
870 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
871 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
872 pub fn import_crypto_key_version(
873 &self,
874 ) -> super::builder::key_management_service::ImportCryptoKeyVersion {
875 super::builder::key_management_service::ImportCryptoKeyVersion::new(self.inner.clone())
876 }
877
878 /// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
879 /// [KeyRing][google.cloud.kms.v1.KeyRing].
880 ///
881 /// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
882 /// required.
883 ///
884 /// [google.cloud.kms.v1.ImportJob]: crate::model::ImportJob
885 /// [google.cloud.kms.v1.ImportJob.import_method]: crate::model::ImportJob::import_method
886 /// [google.cloud.kms.v1.KeyRing]: crate::model::KeyRing
887 pub fn create_import_job(&self) -> super::builder::key_management_service::CreateImportJob {
888 super::builder::key_management_service::CreateImportJob::new(self.inner.clone())
889 }
890
891 /// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
892 ///
893 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
894 pub fn update_crypto_key(&self) -> super::builder::key_management_service::UpdateCryptoKey {
895 super::builder::key_management_service::UpdateCryptoKey::new(self.inner.clone())
896 }
897
898 /// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
899 /// metadata.
900 ///
901 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
902 /// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
903 /// and
904 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
905 /// using this method. See
906 /// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
907 /// and
908 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
909 /// to move between other states.
910 ///
911 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
912 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
913 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Enabled
914 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
915 /// [google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]: crate::client::KeyManagementService::destroy_crypto_key_version
916 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
917 pub fn update_crypto_key_version(
918 &self,
919 ) -> super::builder::key_management_service::UpdateCryptoKeyVersion {
920 super::builder::key_management_service::UpdateCryptoKeyVersion::new(self.inner.clone())
921 }
922
923 /// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
924 /// will be used in
925 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
926 ///
927 /// Returns an error if called on a key whose purpose is not
928 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
929 ///
930 /// [google.cloud.kms.v1.CryptoKey]: crate::model::CryptoKey
931 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
932 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
933 pub fn update_crypto_key_primary_version(
934 &self,
935 ) -> super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion {
936 super::builder::key_management_service::UpdateCryptoKeyPrimaryVersion::new(
937 self.inner.clone(),
938 )
939 }
940
941 /// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
942 /// destruction.
943 ///
944 /// Upon calling this method,
945 /// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
946 /// be set to
947 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
948 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
949 /// be set to the time
950 /// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
951 /// in the future. At that time, the
952 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
953 /// change to
954 /// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
955 /// and the key material will be irrevocably destroyed.
956 ///
957 /// Before the
958 /// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
959 /// reached,
960 /// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
961 /// may be called to reverse the process.
962 ///
963 /// [google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]: crate::model::CryptoKey::destroy_scheduled_duration
964 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
965 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]: crate::model::crypto_key_version::CryptoKeyVersionState::Destroyed
966 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
967 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
968 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
969 /// [google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]: crate::client::KeyManagementService::restore_crypto_key_version
970 pub fn destroy_crypto_key_version(
971 &self,
972 ) -> super::builder::key_management_service::DestroyCryptoKeyVersion {
973 super::builder::key_management_service::DestroyCryptoKeyVersion::new(self.inner.clone())
974 }
975
976 /// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
977 /// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
978 /// state.
979 ///
980 /// Upon restoration of the CryptoKeyVersion,
981 /// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
982 /// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
983 /// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
984 /// be cleared.
985 ///
986 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
987 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]: crate::model::crypto_key_version::CryptoKeyVersionState::DestroyScheduled
988 /// [google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]: crate::model::crypto_key_version::CryptoKeyVersionState::Disabled
989 /// [google.cloud.kms.v1.CryptoKeyVersion.destroy_time]: crate::model::CryptoKeyVersion::destroy_time
990 /// [google.cloud.kms.v1.CryptoKeyVersion.state]: crate::model::CryptoKeyVersion::state
991 pub fn restore_crypto_key_version(
992 &self,
993 ) -> super::builder::key_management_service::RestoreCryptoKeyVersion {
994 super::builder::key_management_service::RestoreCryptoKeyVersion::new(self.inner.clone())
995 }
996
997 /// Encrypts data, so that it can only be recovered by a call to
998 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
999 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1000 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1001 ///
1002 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1003 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1004 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1005 pub fn encrypt(&self) -> super::builder::key_management_service::Encrypt {
1006 super::builder::key_management_service::Encrypt::new(self.inner.clone())
1007 }
1008
1009 /// Decrypts data that was protected by
1010 /// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
1011 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1012 /// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
1013 ///
1014 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::EncryptDecrypt
1015 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1016 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1017 pub fn decrypt(&self) -> super::builder::key_management_service::Decrypt {
1018 super::builder::key_management_service::Decrypt::new(self.inner.clone())
1019 }
1020
1021 /// Encrypts data using portable cryptographic primitives. Most users should
1022 /// choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
1023 /// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
1024 /// their raw counterparts. The
1025 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
1026 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1027 ///
1028 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1029 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1030 /// [google.cloud.kms.v1.KeyManagementService.Decrypt]: crate::client::KeyManagementService::decrypt
1031 /// [google.cloud.kms.v1.KeyManagementService.Encrypt]: crate::client::KeyManagementService::encrypt
1032 pub fn raw_encrypt(&self) -> super::builder::key_management_service::RawEncrypt {
1033 super::builder::key_management_service::RawEncrypt::new(self.inner.clone())
1034 }
1035
1036 /// Decrypts data that was originally encrypted using a raw cryptographic
1037 /// mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1038 /// must be
1039 /// [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
1040 ///
1041 /// [google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]: crate::model::crypto_key::CryptoKeyPurpose::RawEncryptDecrypt
1042 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1043 pub fn raw_decrypt(&self) -> super::builder::key_management_service::RawDecrypt {
1044 super::builder::key_management_service::RawDecrypt::new(self.inner.clone())
1045 }
1046
1047 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1048 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1049 /// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
1050 /// key retrieved from
1051 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
1052 ///
1053 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1054 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1055 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1056 pub fn asymmetric_sign(&self) -> super::builder::key_management_service::AsymmetricSign {
1057 super::builder::key_management_service::AsymmetricSign::new(self.inner.clone())
1058 }
1059
1060 /// Decrypts data that was encrypted with a public key retrieved from
1061 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1062 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1063 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1064 /// ASYMMETRIC_DECRYPT.
1065 ///
1066 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1067 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1068 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1069 pub fn asymmetric_decrypt(&self) -> super::builder::key_management_service::AsymmetricDecrypt {
1070 super::builder::key_management_service::AsymmetricDecrypt::new(self.inner.clone())
1071 }
1072
1073 /// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1074 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
1075 /// producing a tag that can be verified by another source with the same key.
1076 ///
1077 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1078 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1079 pub fn mac_sign(&self) -> super::builder::key_management_service::MacSign {
1080 super::builder::key_management_service::MacSign::new(self.inner.clone())
1081 }
1082
1083 /// Verifies MAC tag using a
1084 /// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
1085 /// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
1086 /// a response that indicates whether or not the verification was successful.
1087 ///
1088 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1089 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1090 pub fn mac_verify(&self) -> super::builder::key_management_service::MacVerify {
1091 super::builder::key_management_service::MacVerify::new(self.inner.clone())
1092 }
1093
1094 /// Decapsulates data that was encapsulated with a public key retrieved from
1095 /// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
1096 /// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
1097 /// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
1098 /// KEY_ENCAPSULATION.
1099 ///
1100 /// [google.cloud.kms.v1.CryptoKey.purpose]: crate::model::CryptoKey::purpose
1101 /// [google.cloud.kms.v1.CryptoKeyVersion]: crate::model::CryptoKeyVersion
1102 /// [google.cloud.kms.v1.KeyManagementService.GetPublicKey]: crate::client::KeyManagementService::get_public_key
1103 pub fn decapsulate(&self) -> super::builder::key_management_service::Decapsulate {
1104 super::builder::key_management_service::Decapsulate::new(self.inner.clone())
1105 }
1106
1107 /// Generate random bytes using the Cloud KMS randomness source in the provided
1108 /// location.
1109 pub fn generate_random_bytes(
1110 &self,
1111 ) -> super::builder::key_management_service::GenerateRandomBytes {
1112 super::builder::key_management_service::GenerateRandomBytes::new(self.inner.clone())
1113 }
1114
1115 /// Lists information about the supported locations for this service.
1116 pub fn list_locations(&self) -> super::builder::key_management_service::ListLocations {
1117 super::builder::key_management_service::ListLocations::new(self.inner.clone())
1118 }
1119
1120 /// Gets information about a location.
1121 pub fn get_location(&self) -> super::builder::key_management_service::GetLocation {
1122 super::builder::key_management_service::GetLocation::new(self.inner.clone())
1123 }
1124
1125 /// Sets the access control policy on the specified resource. Replaces
1126 /// any existing policy.
1127 ///
1128 /// Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
1129 /// errors.
1130 pub fn set_iam_policy(&self) -> super::builder::key_management_service::SetIamPolicy {
1131 super::builder::key_management_service::SetIamPolicy::new(self.inner.clone())
1132 }
1133
1134 /// Gets the access control policy for a resource. Returns an empty policy
1135 /// if the resource exists and does not have a policy set.
1136 pub fn get_iam_policy(&self) -> super::builder::key_management_service::GetIamPolicy {
1137 super::builder::key_management_service::GetIamPolicy::new(self.inner.clone())
1138 }
1139
1140 /// Returns permissions that a caller has on the specified resource. If the
1141 /// resource does not exist, this will return an empty set of
1142 /// permissions, not a `NOT_FOUND` error.
1143 ///
1144 /// Note: This operation is designed to be used for building
1145 /// permission-aware UIs and command-line tools, not for authorization
1146 /// checking. This operation may "fail open" without warning.
1147 pub fn test_iam_permissions(
1148 &self,
1149 ) -> super::builder::key_management_service::TestIamPermissions {
1150 super::builder::key_management_service::TestIamPermissions::new(self.inner.clone())
1151 }
1152
1153 /// Provides the [Operations][google.longrunning.Operations] service functionality in this service.
1154 ///
1155 /// [google.longrunning.Operations]: longrunning::client::Operations
1156 pub fn get_operation(&self) -> super::builder::key_management_service::GetOperation {
1157 super::builder::key_management_service::GetOperation::new(self.inner.clone())
1158 }
1159}