feat: add support for Cloud EKM to the Cloud KMS service and resource protos (#306)

This PR was generated using Autosynth. 🌈

Synth log will be available here:
https://source.cloud.google.com/results/invocations/9c94202f-63a5-4df0-9d76-871a00f99b85/targets

Author: yoshi-automation

packages/google-cloud-kms/.jsdoc.js

@@ -40,7 +40,7 @@ module.exports = {
     includePattern: '\\.js$'
   },
   templates: {
-    copyright: 'Copyright 2019 Google, LLC.',
+    copyright: 'Copyright 2020 Google LLC',
     includeDate: false,
     sourceFiles: false,
     systemName: '@google-cloud/kms',

packages/google-cloud-kms/.mocharc.json

@@ -0,0 +1,5 @@
+{
+  "enable-source-maps": true,
+  "throw-deprecation": true,
+  "timeout": 10000
+}

packages/google-cloud-kms/.prettierrc.js

@@ -4,7 +4,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//      http://www.apache.org/licenses/LICENSE-2.0
+//      https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,

packages/google-cloud-kms/protos/google/cloud/kms/v1/resources.proto

@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,11 +16,11 @@ syntax = "proto3";
 
 package google.cloud.kms.v1;
 
-import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
 
 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.Kms.V1";
@@ -284,6 +284,9 @@ message CryptoKeyVersion {
 
     // ECDSA on the NIST P-384 curve with a SHA384 digest.
     EC_SIGN_P384_SHA384 = 13;
+
+    // Algorithm representing symmetric encryption by an external key manager.
+    EXTERNAL_SYMMETRIC_ENCRYPTION = 18;
   }
 
   // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.
@@ -390,11 +393,21 @@ message CryptoKeyVersion {
   // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
   // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
   string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // ExternalProtectionLevelOptions stores a group of additional fields for
+  // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
+  // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
+  ExternalProtectionLevelOptions external_protection_level_options = 17;
 }
 
 // The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via
 // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
 message PublicKey {
+  option (google.api.resource) = {
+    type: "cloudkms.googleapis.com/PublicKey"
+    pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey"
+  };
+
   // The public key, encoded in PEM format. For more information, see the
   // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
   // [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
@@ -560,3 +573,11 @@ enum ProtectionLevel {
   // Crypto operations are performed by an external key manager.
   EXTERNAL = 3;
 }
+
+// ExternalProtectionLevelOptions stores a group of additional fields for
+// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
+// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
+message ExternalProtectionLevelOptions {
+  // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
+  string external_key_uri = 1;
+}

packages/google-cloud-kms/protos/google/cloud/kms/v1/service.proto

@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -870,4 +870,9 @@ message LocationMetadata {
   // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
   // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location.
   bool hsm_available = 1;
+
+  // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
+  // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
+  // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location.
+  bool ekm_available = 2;
 }

packages/google-cloud-kms/protos/protos.d.ts

@@ -5798,6 +5798,9 @@ export namespace google {
 
                     /** CryptoKeyVersion importFailureReason */
                     importFailureReason?: (string|null);
+
+                    /** CryptoKeyVersion externalProtectionLevelOptions */
+                    externalProtectionLevelOptions?: (google.cloud.kms.v1.IExternalProtectionLevelOptions|null);
                 }
 
                 /** Represents a CryptoKeyVersion. */
@@ -5845,6 +5848,9 @@ export namespace google {
                     /** CryptoKeyVersion importFailureReason. */
                     public importFailureReason: string;
 
+                    /** CryptoKeyVersion externalProtectionLevelOptions. */
+                    public externalProtectionLevelOptions?: (google.cloud.kms.v1.IExternalProtectionLevelOptions|null);
+
                     /**
                      * Creates a new CryptoKeyVersion instance using the specified properties.
                      * @param [properties] Properties to set
@@ -5935,7 +5941,8 @@ export namespace google {
                         RSA_DECRYPT_OAEP_4096_SHA256 = 10,
                         RSA_DECRYPT_OAEP_4096_SHA512 = 17,
                         EC_SIGN_P256_SHA256 = 12,
-                        EC_SIGN_P384_SHA384 = 13
+                        EC_SIGN_P384_SHA384 = 13,
+                        EXTERNAL_SYMMETRIC_ENCRYPTION = 18
                     }
 
                     /** CryptoKeyVersionState enum. */
@@ -6313,6 +6320,96 @@ export namespace google {
                     EXTERNAL = 3
                 }
 
+                /** Properties of an ExternalProtectionLevelOptions. */
+                interface IExternalProtectionLevelOptions {
+
+                    /** ExternalProtectionLevelOptions externalKeyUri */
+                    externalKeyUri?: (string|null);
+                }
+
+                /** Represents an ExternalProtectionLevelOptions. */
+                class ExternalProtectionLevelOptions implements IExternalProtectionLevelOptions {
+
+                    /**
+                     * Constructs a new ExternalProtectionLevelOptions.
+                     * @param [properties] Properties to set
+                     */
+                    constructor(properties?: google.cloud.kms.v1.IExternalProtectionLevelOptions);
+
+                    /** ExternalProtectionLevelOptions externalKeyUri. */
+                    public externalKeyUri: string;
+
+                    /**
+                     * Creates a new ExternalProtectionLevelOptions instance using the specified properties.
+                     * @param [properties] Properties to set
+                     * @returns ExternalProtectionLevelOptions instance
+                     */
+                    public static create(properties?: google.cloud.kms.v1.IExternalProtectionLevelOptions): google.cloud.kms.v1.ExternalProtectionLevelOptions;
+
+                    /**
+                     * Encodes the specified ExternalProtectionLevelOptions message. Does not implicitly {@link google.cloud.kms.v1.ExternalProtectionLevelOptions.verify|verify} messages.
+                     * @param message ExternalProtectionLevelOptions message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encode(message: google.cloud.kms.v1.IExternalProtectionLevelOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Encodes the specified ExternalProtectionLevelOptions message, length delimited. Does not implicitly {@link google.cloud.kms.v1.ExternalProtectionLevelOptions.verify|verify} messages.
+                     * @param message ExternalProtectionLevelOptions message or plain object to encode
+                     * @param [writer] Writer to encode to
+                     * @returns Writer
+                     */
+                    public static encodeDelimited(message: google.cloud.kms.v1.IExternalProtectionLevelOptions, writer?: $protobuf.Writer): $protobuf.Writer;
+
+                    /**
+                     * Decodes an ExternalProtectionLevelOptions message from the specified reader or buffer.
+                     * @param reader Reader or buffer to decode from
+                     * @param [length] Message length if known beforehand
+                     * @returns ExternalProtectionLevelOptions
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decode(reader: ($protobuf.Reader|Uint8Array), length?: number): google.cloud.kms.v1.ExternalProtectionLevelOptions;
+
+                    /**
+                     * Decodes an ExternalProtectionLevelOptions message from the specified reader or buffer, length delimited.
+                     * @param reader Reader or buffer to decode from
+                     * @returns ExternalProtectionLevelOptions
+                     * @throws {Error} If the payload is not a reader or valid buffer
+                     * @throws {$protobuf.util.ProtocolError} If required fields are missing
+                     */
+                    public static decodeDelimited(reader: ($protobuf.Reader|Uint8Array)): google.cloud.kms.v1.ExternalProtectionLevelOptions;
+
+                    /**
+                     * Verifies an ExternalProtectionLevelOptions message.
+                     * @param message Plain object to verify
+                     * @returns `null` if valid, otherwise the reason why it is not
+                     */
+                    public static verify(message: { [k: string]: any }): (string|null);
+
+                    /**
+                     * Creates an ExternalProtectionLevelOptions message from a plain object. Also converts values to their respective internal types.
+                     * @param object Plain object
+                     * @returns ExternalProtectionLevelOptions
+                     */
+                    public static fromObject(object: { [k: string]: any }): google.cloud.kms.v1.ExternalProtectionLevelOptions;
+
+                    /**
+                     * Creates a plain object from an ExternalProtectionLevelOptions message. Also converts values to other types if specified.
+                     * @param message ExternalProtectionLevelOptions
+                     * @param [options] Conversion options
+                     * @returns Plain object
+                     */
+                    public static toObject(message: google.cloud.kms.v1.ExternalProtectionLevelOptions, options?: $protobuf.IConversionOptions): { [k: string]: any };
+
+                    /**
+                     * Converts this ExternalProtectionLevelOptions to JSON.
+                     * @returns JSON object
+                     */
+                    public toJSON(): { [k: string]: any };
+                }
+
                 /** Represents a KeyManagementService */
                 class KeyManagementService extends $protobuf.rpc.Service {
 
@@ -10005,6 +10102,9 @@ export namespace google {
 
                     /** LocationMetadata hsmAvailable */
                     hsmAvailable?: (boolean|null);
+
+                    /** LocationMetadata ekmAvailable */
+                    ekmAvailable?: (boolean|null);
                 }
 
                 /** Represents a LocationMetadata. */
@@ -10019,6 +10119,9 @@ export namespace google {
                     /** LocationMetadata hsmAvailable. */
                     public hsmAvailable: boolean;
 
+                    /** LocationMetadata ekmAvailable. */
+                    public ekmAvailable: boolean;
+
                     /**
                      * Creates a new LocationMetadata instance using the specified properties.
                      * @param [properties] Properties to set