Skip to content

Commit f85d344

Browse files
feat: support external-μ in the Digest (googleapis#33827)
* feat: add a variable to SingleTenantHsmInstanceCreate to control whether future key portability features will be usable on the instance PiperOrigin-RevId: 897676455 Source-Link: googleapis/googleapis@bc600b8 Source-Link: https://github.com/googleapis/googleapis-gen/commit/85de36821652045b39e5279a42bbb32fa27dab81 Copy-Tag: eyJwIjoiZ29vZ2xlLWNsb3VkLWttcy12MS8uT3dsQm90LnlhbWwiLCJoIjoiODVkZTM2ODIxNjUyMDQ1YjM5ZTUyNzlhNDJiYmIzMmZhMjdkYWI4MSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * feat: support external-μ in the Digest PiperOrigin-RevId: 897686352 Source-Link: googleapis/googleapis@7fbf256 Source-Link: https://github.com/googleapis/googleapis-gen/commit/333010db6f4001914b013ae569b3419eb77fd1e1 Copy-Tag: eyJwIjoiZ29vZ2xlLWNsb3VkLWttcy12MS8uT3dsQm90LnlhbWwiLCJoIjoiMzMzMDEwZGI2ZjQwMDE5MTRiMDEzYWU1NjliMzQxOWViNzdmZDFlMSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent 263a701 commit f85d344

6 files changed

Lines changed: 181 additions & 39 deletions

File tree

google-cloud-kms-v1/lib/google/cloud/kms/v1/hsm_management_pb.rb

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

google-cloud-kms-v1/lib/google/cloud/kms/v1/service_pb.rb

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

google-cloud-kms-v1/proto_docs/google/api/client.rb

Lines changed: 149 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ module Api
3131
# @!attribute [rw] selective_gapic_generation
3232
# @return [::Google::Api::SelectiveGapicGeneration]
3333
# Configuration for which RPCs should be generated in the GAPIC client.
34+
#
35+
# Note: This field should not be used in most cases.
3436
class CommonLanguageSettings
3537
include ::Google::Protobuf::MessageExts
3638
extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -141,9 +143,10 @@ class Publishing
141143
#
142144
# Example of a YAML configuration::
143145
#
144-
# publishing:
145-
# java_settings:
146-
# library_package: com.google.cloud.pubsub.v1
146+
# publishing:
147+
# library_settings:
148+
# java_settings:
149+
# library_package: com.google.cloud.pubsub.v1
147150
# @!attribute [rw] service_class_names
148151
# @return [::Google::Protobuf::Map{::String => ::String}]
149152
# Configure the Java class name to use instead of the service's for its
@@ -155,11 +158,11 @@ class Publishing
155158
#
156159
# Example of a YAML configuration::
157160
#
158-
# publishing:
159-
# java_settings:
160-
# service_class_names:
161-
# - google.pubsub.v1.Publisher: TopicAdmin
162-
# - google.pubsub.v1.Subscriber: SubscriptionAdmin
161+
# publishing:
162+
# java_settings:
163+
# service_class_names:
164+
# - google.pubsub.v1.Publisher: TopicAdmin
165+
# - google.pubsub.v1.Subscriber: SubscriptionAdmin
163166
# @!attribute [rw] common
164167
# @return [::Google::Api::CommonLanguageSettings]
165168
# Some settings.
@@ -190,6 +193,20 @@ class CppSettings
190193
# @!attribute [rw] common
191194
# @return [::Google::Api::CommonLanguageSettings]
192195
# Some settings.
196+
# @!attribute [rw] library_package
197+
# @return [::String]
198+
# The package name to use in Php. Clobbers the php_namespace option
199+
# set in the protobuf. This should be used **only** by APIs
200+
# who have already set the language_settings.php.package_name" field
201+
# in gapic.yaml. API teams should use the protobuf php_namespace option
202+
# where possible.
203+
#
204+
# Example of a YAML configuration::
205+
#
206+
# publishing:
207+
# library_settings:
208+
# php_settings:
209+
# library_package: Google\Cloud\PubSub\V1
193210
class PhpSettings
194211
include ::Google::Protobuf::MessageExts
195212
extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -318,10 +335,12 @@ class RubySettings
318335
# service names and values are the name to be used for the service client
319336
# and call options.
320337
#
321-
# publishing:
322-
# go_settings:
323-
# renamed_services:
324-
# Publisher: TopicAdmin
338+
# Example:
339+
#
340+
# publishing:
341+
# go_settings:
342+
# renamed_services:
343+
# Publisher: TopicAdmin
325344
class GoSettings
326345
include ::Google::Protobuf::MessageExts
327346
extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -344,10 +363,10 @@ class RenamedServicesEntry
344363
#
345364
# Example:
346365
#
347-
# publishing:
348-
# method_settings:
349-
# - selector: google.storage.control.v2.StorageControl.CreateFolder
350-
# # method settings for CreateFolder...
366+
# publishing:
367+
# method_settings:
368+
# - selector: google.storage.control.v2.StorageControl.CreateFolder
369+
# # method settings for CreateFolder...
351370
# @!attribute [rw] long_running
352371
# @return [::Google::Api::MethodSettings::LongRunning]
353372
# Describes settings to use for long-running operations when generating
@@ -356,14 +375,14 @@ class RenamedServicesEntry
356375
#
357376
# Example of a YAML configuration::
358377
#
359-
# publishing:
360-
# method_settings:
361-
# - selector: google.cloud.speech.v2.Speech.BatchRecognize
362-
# long_running:
363-
# initial_poll_delay: 60s # 1 minute
364-
# poll_delay_multiplier: 1.5
365-
# max_poll_delay: 360s # 6 minutes
366-
# total_poll_timeout: 54000s # 90 minutes
378+
# publishing:
379+
# method_settings:
380+
# - selector: google.cloud.speech.v2.Speech.BatchRecognize
381+
# long_running:
382+
# initial_poll_delay: 60s # 1 minute
383+
# poll_delay_multiplier: 1.5
384+
# max_poll_delay: 360s # 6 minutes
385+
# total_poll_timeout: 54000s # 90 minutes
367386
# @!attribute [rw] auto_populated_fields
368387
# @return [::Array<::String>]
369388
# List of top-level fields of the request message, that should be
@@ -372,11 +391,24 @@ class RenamedServicesEntry
372391
#
373392
# Example of a YAML configuration:
374393
#
375-
# publishing:
376-
# method_settings:
377-
# - selector: google.example.v1.ExampleService.CreateExample
378-
# auto_populated_fields:
379-
# - request_id
394+
# publishing:
395+
# method_settings:
396+
# - selector: google.example.v1.ExampleService.CreateExample
397+
# auto_populated_fields:
398+
# - request_id
399+
# @!attribute [rw] batching
400+
# @return [::Google::Api::BatchingConfigProto]
401+
# Batching configuration for an API method in client libraries.
402+
#
403+
# Example of a YAML configuration:
404+
#
405+
# publishing:
406+
# method_settings:
407+
# - selector: google.example.v1.ExampleService.BatchCreateExample
408+
# batching:
409+
# element_count_threshold: 1000
410+
# request_byte_threshold: 100000000
411+
# delay_threshold_millis: 10
380412
class MethodSettings
381413
include ::Google::Protobuf::MessageExts
382414
extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -411,6 +443,8 @@ class LongRunning
411443

412444
# This message is used to configure the generation of a subset of the RPCs in
413445
# a service for client libraries.
446+
#
447+
# Note: This feature should not be used in most cases.
414448
# @!attribute [rw] methods
415449
# @return [::Array<::String>]
416450
# An allowlist of the fully qualified names of RPCs that should be included
@@ -428,6 +462,77 @@ class SelectiveGapicGeneration
428462
extend ::Google::Protobuf::MessageExts::ClassMethods
429463
end
430464

465+
# `BatchingConfigProto` defines the batching configuration for an API method.
466+
# @!attribute [rw] thresholds
467+
# @return [::Google::Api::BatchingSettingsProto]
468+
# The thresholds which trigger a batched request to be sent.
469+
# @!attribute [rw] batch_descriptor
470+
# @return [::Google::Api::BatchingDescriptorProto]
471+
# The request and response fields used in batching.
472+
class BatchingConfigProto
473+
include ::Google::Protobuf::MessageExts
474+
extend ::Google::Protobuf::MessageExts::ClassMethods
475+
end
476+
477+
# `BatchingSettingsProto` specifies a set of batching thresholds, each of
478+
# which acts as a trigger to send a batch of messages as a request. At least
479+
# one threshold must be positive nonzero.
480+
# @!attribute [rw] element_count_threshold
481+
# @return [::Integer]
482+
# The number of elements of a field collected into a batch which, if
483+
# exceeded, causes the batch to be sent.
484+
# @!attribute [rw] request_byte_threshold
485+
# @return [::Integer]
486+
# The aggregated size of the batched field which, if exceeded, causes the
487+
# batch to be sent. This size is computed by aggregating the sizes of the
488+
# request field to be batched, not of the entire request message.
489+
# @!attribute [rw] delay_threshold
490+
# @return [::Google::Protobuf::Duration]
491+
# The duration after which a batch should be sent, starting from the addition
492+
# of the first message to that batch.
493+
# @!attribute [rw] element_count_limit
494+
# @return [::Integer]
495+
# The maximum number of elements collected in a batch that could be accepted
496+
# by server.
497+
# @!attribute [rw] request_byte_limit
498+
# @return [::Integer]
499+
# The maximum size of the request that could be accepted by server.
500+
# @!attribute [rw] flow_control_element_limit
501+
# @return [::Integer]
502+
# The maximum number of elements allowed by flow control.
503+
# @!attribute [rw] flow_control_byte_limit
504+
# @return [::Integer]
505+
# The maximum size of data allowed by flow control.
506+
# @!attribute [rw] flow_control_limit_exceeded_behavior
507+
# @return [::Google::Api::FlowControlLimitExceededBehaviorProto]
508+
# The behavior to take when the flow control limit is exceeded.
509+
class BatchingSettingsProto
510+
include ::Google::Protobuf::MessageExts
511+
extend ::Google::Protobuf::MessageExts::ClassMethods
512+
end
513+
514+
# `BatchingDescriptorProto` specifies the fields of the request message to be
515+
# used for batching, and, optionally, the fields of the response message to be
516+
# used for demultiplexing.
517+
# @!attribute [rw] batched_field
518+
# @return [::String]
519+
# The repeated field in the request message to be aggregated by batching.
520+
# @!attribute [rw] discriminator_fields
521+
# @return [::Array<::String>]
522+
# A list of the fields in the request message. Two requests will be batched
523+
# together only if the values of every field specified in
524+
# `request_discriminator_fields` is equal between the two requests.
525+
# @!attribute [rw] subresponse_field
526+
# @return [::String]
527+
# Optional. When present, indicates the field in the response message to be
528+
# used to demultiplex the response into multiple response messages, in
529+
# correspondence with the multiple request messages originally batched
530+
# together.
531+
class BatchingDescriptorProto
532+
include ::Google::Protobuf::MessageExts
533+
extend ::Google::Protobuf::MessageExts::ClassMethods
534+
end
535+
431536
# The organization for which the client libraries are being published.
432537
# Affects the url where generated docs are published, etc.
433538
module ClientLibraryOrganization
@@ -469,5 +574,20 @@ module ClientLibraryDestination
469574
# Publish the library to package managers like nuget.org and npmjs.com.
470575
PACKAGE_MANAGER = 20
471576
end
577+
578+
# The behavior to take when the flow control limit is exceeded.
579+
module FlowControlLimitExceededBehaviorProto
580+
# Default behavior, system-defined.
581+
UNSET_BEHAVIOR = 0
582+
583+
# Stop operation, raise error.
584+
THROW_EXCEPTION = 1
585+
586+
# Pause operation until limit clears.
587+
BLOCK = 2
588+
589+
# Continue operation, disregard limit.
590+
IGNORE = 3
591+
end
472592
end
473593
end

google-cloud-kms-v1/proto_docs/google/cloud/kms/v1/hsm_management.rb

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,12 @@ module V1
6666
# before this time otherwise the
6767
# {::Google::Cloud::Kms::V1::SingleTenantHsmInstance SingleTenantHsmInstance} will
6868
# become disabled.
69+
# @!attribute [rw] key_portability_enabled
70+
# @return [::Boolean]
71+
# Optional. Immutable. Indicates whether key portability is enabled for the
72+
# {::Google::Cloud::Kms::V1::SingleTenantHsmInstance SingleTenantHsmInstance}.
73+
# This can only be set at creation time. Key portability features are
74+
# disabled by default and not yet available in GA.
6975
class SingleTenantHsmInstance
7076
include ::Google::Protobuf::MessageExts
7177
extend ::Google::Protobuf::MessageExts::ClassMethods

google-cloud-kms-v1/proto_docs/google/cloud/kms/v1/resources.rb

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,10 @@ class KeyRing
152152
# justification codes.
153153
# https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes
154154
# By default, this field is absent, and all justification codes are allowed.
155+
# If the
156+
# `key_access_justifications_policy.allowed_access_reasons`
157+
# is empty (zero allowed justification code), all encrypt, decrypt, and sign
158+
# operations will fail.
155159
class CryptoKey
156160
include ::Google::Protobuf::MessageExts
157161
extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1028,14 +1032,18 @@ class ExternalProtectionLevelOptions
10281032
# {::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy KeyAccessJustificationsPolicy}
10291033
# specifies zero or more allowed
10301034
# {::Google::Cloud::Kms::V1::AccessReason AccessReason} values for encrypt, decrypt,
1031-
# and sign operations on a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1035+
# and sign operations on a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
1036+
# [KeyAccessJustificationsPolicyConfig][google.cloud.kms.v1.KeyAccessJustificationsPolicyConfig]
1037+
# (the default Key Access Justifications policy).
10321038
# @!attribute [rw] allowed_access_reasons
10331039
# @return [::Array<::Google::Cloud::Kms::V1::AccessReason>]
10341040
# The list of allowed reasons for access to a
1035-
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. Zero allowed access reasons
1036-
# means all encrypt, decrypt, and sign operations for the
1037-
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with this policy will
1038-
# fail.
1041+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. Note that empty
1042+
# allowed_access_reasons has a different meaning depending on where this
1043+
# message appears. If this is under
1044+
# [KeyAccessJustificationsPolicyConfig][google.cloud.kms.v1.KeyAccessJustificationsPolicyConfig],
1045+
# it means allow-all. If this is under
1046+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, it means deny-all.
10391047
class KeyAccessJustificationsPolicy
10401048
include ::Google::Protobuf::MessageExts
10411049
extend ::Google::Protobuf::MessageExts::ClassMethods

google-cloud-kms-v1/proto_docs/google/cloud/kms/v1/service.rb

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1839,17 +1839,25 @@ class GenerateRandomBytesResponse
18391839
# @return [::String]
18401840
# A message digest produced with the SHA-256 algorithm.
18411841
#
1842-
# Note: The following fields are mutually exclusive: `sha256`, `sha384`, `sha512`. If a field in that set is populated, all other fields in the set will automatically be cleared.
1842+
# Note: The following fields are mutually exclusive: `sha256`, `sha384`, `sha512`, `external_mu`. If a field in that set is populated, all other fields in the set will automatically be cleared.
18431843
# @!attribute [rw] sha384
18441844
# @return [::String]
18451845
# A message digest produced with the SHA-384 algorithm.
18461846
#
1847-
# Note: The following fields are mutually exclusive: `sha384`, `sha256`, `sha512`. If a field in that set is populated, all other fields in the set will automatically be cleared.
1847+
# Note: The following fields are mutually exclusive: `sha384`, `sha256`, `sha512`, `external_mu`. If a field in that set is populated, all other fields in the set will automatically be cleared.
18481848
# @!attribute [rw] sha512
18491849
# @return [::String]
18501850
# A message digest produced with the SHA-512 algorithm.
18511851
#
1852-
# Note: The following fields are mutually exclusive: `sha512`, `sha256`, `sha384`. If a field in that set is populated, all other fields in the set will automatically be cleared.
1852+
# Note: The following fields are mutually exclusive: `sha512`, `sha256`, `sha384`, `external_mu`. If a field in that set is populated, all other fields in the set will automatically be cleared.
1853+
# @!attribute [rw] external_mu
1854+
# @return [::String]
1855+
# A message digest produced with SHAKE-256, to be used with ML-DSA
1856+
# external-μ algorithms only. See "message representative" note in
1857+
# section 6.2, algorithm 7 of the FIPS-204 standard:
1858+
# https://doi.org/10.6028/nist.fips.204
1859+
#
1860+
# Note: The following fields are mutually exclusive: `external_mu`, `sha256`, `sha384`, `sha512`. If a field in that set is populated, all other fields in the set will automatically be cleared.
18531861
class Digest
18541862
include ::Google::Protobuf::MessageExts
18551863
extend ::Google::Protobuf::MessageExts::ClassMethods

0 commit comments

Comments
 (0)