feat(cloudkms): update the api

yoshi-automation · yoshi-automation · commit 283d4b3bc010 · 2025-02-25T07:08:17.000Z
#### cloudkms:v1

The following keys were added:
- resources.projects.resources.locations.resources.keyRings.resources.cryptoKeys.resources.cryptoKeyVersions.methods.getPublicKey.parameters.publicKeyFormat (Total Keys: 2)
- schemas.ChecksummedData (Total Keys: 6)
- schemas.PublicKey.properties.publicKey (Total Keys: 2)
diff --git a/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html b/docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html
@@ -93,7 +93,7 @@ <h2>Instance Methods</h2>
   <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
 <p class="firstline">Returns metadata for a given CryptoKeyVersion.</p>
 <p class="toc_element">
-  <code><a href="#getPublicKey">getPublicKey(name, x__xgafv=None)</a></code></p>
+  <code><a href="#getPublicKey">getPublicKey(name, publicKeyFormat=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.</p>
 <p class="toc_element">
   <code><a href="#import_">import_(parent, body=None, x__xgafv=None)</a></code></p>
@@ -395,11 +395,16 @@ <h3>Method Details</h3>
 </div>
 
 <div class="method">
-    <code class="details" id="getPublicKey">getPublicKey(name, x__xgafv=None)</code>
+    <code class="details" id="getPublicKey">getPublicKey(name, publicKeyFormat=None, x__xgafv=None)</code>
   <pre>Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
 
 Args:
   name: string, Required. The name of the CryptoKeyVersion public key to get. (required)
+  publicKeyFormat: string, Optional. The PublicKey format specified by the user. This field is required for PQC algorithms. If specified, the public key will be exported through the public_key field in the requested format. Otherwise, the pem field will be populated for non-PQC algorithms, and an error will be returned for PQC algorithms.
+    Allowed values
+      PUBLIC_KEY_FORMAT_UNSPECIFIED - If the public_key_format field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated. Otherwise, the public key will be exported through the public_key field in the requested format.
+      PEM - The returned public key will be encoded in PEM format. See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13) for more information.
+      NIST_PQC - This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205).
   x__xgafv: string, V1 error format.
     Allowed values
       1 - v1 error format
@@ -412,8 +417,13 @@ <h3>Method Details</h3>
   &quot;algorithm&quot;: &quot;A String&quot;, # The Algorithm associated with this key.
   &quot;name&quot;: &quot;A String&quot;, # The name of the CryptoKeyVersion public key. Provided here for verification. NOTE: This field is in Beta.
   &quot;pem&quot;: &quot;A String&quot;, # The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).
-  &quot;pemCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
+  &quot;pemCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
   &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion public key.
+  &quot;publicKey&quot;: { # Data with integrity verification field. # This field contains the public key (with integrity verification), formatted according to the public_key_format field.
+    &quot;crc32cChecksum&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned ChecksummedData.data. An integrity check of ChecksummedData.data can be performed by computing the CRC32C checksum of ChecksummedData.data and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type.
+    &quot;data&quot;: &quot;A String&quot;, # Raw Data.
+  },
+  &quot;publicKeyFormat&quot;: &quot;A String&quot;, # The PublicKey format specified by the customer through the public_key_format field.
 }</pre>
 </div>
 
diff --git a/googleapiclient/discovery_cache/documents/cloudkms.v1.json b/googleapiclient/discovery_cache/documents/cloudkms.v1.json
@@ -1615,6 +1615,21 @@
 "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
 "required": true,
 "type": "string"
+},
+"publicKeyFormat": {
+"description": "Optional. The PublicKey format specified by the user. This field is required for PQC algorithms. If specified, the public key will be exported through the public_key field in the requested format. Otherwise, the pem field will be populated for non-PQC algorithms, and an error will be returned for PQC algorithms.",
+"enum": [
+"PUBLIC_KEY_FORMAT_UNSPECIFIED",
+"PEM",
+"NIST_PQC"
+],
+"enumDescriptions": [
+"If the public_key_format field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated. Otherwise, the public key will be exported through the public_key field in the requested format.",
+"The returned public key will be encoded in PEM format. See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13) for more information.",
+"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205)."
+],
+"location": "query",
+"type": "string"
 }
 },
 "path": "v1/{+name}/publicKey",
@@ -2137,7 +2152,7 @@
 }
 }
 },
-"revision": "20250102",
+"revision": "20250213",
 "rootUrl": "https://cloudkms.googleapis.com/",
 "schemas": {
 "AsymmetricDecryptRequest": {
@@ -2456,6 +2471,23 @@
 },
 "type": "object"
 },
+"ChecksummedData": {
+"description": "Data with integrity verification field.",
+"id": "ChecksummedData",
+"properties": {
+"crc32cChecksum": {
+"description": "Integrity verification field. A CRC32C checksum of the returned ChecksummedData.data. An integrity check of ChecksummedData.data can be performed by computing the CRC32C checksum of ChecksummedData.data and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type.",
+"format": "int64",
+"type": "string"
+},
+"data": {
+"description": "Raw Data.",
+"format": "byte",
+"type": "string"
+}
+},
+"type": "object"
+},
 "CryptoKey": {
 "description": "A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.",
 "id": "CryptoKey",
@@ -2579,7 +2611,9 @@
 "HMAC_SHA384",
 "HMAC_SHA512",
 "HMAC_SHA224",
-"EXTERNAL_SYMMETRIC_ENCRYPTION"
+"EXTERNAL_SYMMETRIC_ENCRYPTION",
+"PQ_SIGN_ML_DSA_65",
+"PQ_SIGN_SLH_DSA_SHA2_128S"
 ],
 "enumDescriptions": [
 "Not specified.",
@@ -2617,7 +2651,9 @@
 "HMAC-SHA384 signing with a 384 bit key.",
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
-"Algorithm representing symmetric encryption by an external key manager."
+"Algorithm representing symmetric encryption by an external key manager.",
+"The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
+"The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version."
 ],
 "readOnly": true,
 "type": "string"
@@ -2785,7 +2821,9 @@
 "HMAC_SHA384",
 "HMAC_SHA512",
 "HMAC_SHA224",
-"EXTERNAL_SYMMETRIC_ENCRYPTION"
+"EXTERNAL_SYMMETRIC_ENCRYPTION",
+"PQ_SIGN_ML_DSA_65",
+"PQ_SIGN_SLH_DSA_SHA2_128S"
 ],
 "enumDescriptions": [
 "Not specified.",
@@ -2823,7 +2861,9 @@
 "HMAC-SHA384 signing with a 384 bit key.",
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
-"Algorithm representing symmetric encryption by an external key manager."
+"Algorithm representing symmetric encryption by an external key manager.",
+"The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
+"The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version."
 ],
 "type": "string"
 },
@@ -3206,7 +3246,9 @@
 "HMAC_SHA384",
 "HMAC_SHA512",
 "HMAC_SHA224",
-"EXTERNAL_SYMMETRIC_ENCRYPTION"
+"EXTERNAL_SYMMETRIC_ENCRYPTION",
+"PQ_SIGN_ML_DSA_65",
+"PQ_SIGN_SLH_DSA_SHA2_128S"
 ],
 "enumDescriptions": [
 "Not specified.",
@@ -3244,7 +3286,9 @@
 "HMAC-SHA384 signing with a 384 bit key.",
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
-"Algorithm representing symmetric encryption by an external key manager."
+"Algorithm representing symmetric encryption by an external key manager.",
+"The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
+"The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version."
 ],
 "type": "string"
 },
@@ -3925,7 +3969,9 @@
 "HMAC_SHA384",
 "HMAC_SHA512",
 "HMAC_SHA224",
-"EXTERNAL_SYMMETRIC_ENCRYPTION"
+"EXTERNAL_SYMMETRIC_ENCRYPTION",
+"PQ_SIGN_ML_DSA_65",
+"PQ_SIGN_SLH_DSA_SHA2_128S"
 ],
 "enumDescriptions": [
 "Not specified.",
@@ -3963,7 +4009,9 @@
 "HMAC-SHA384 signing with a 384 bit key.",
 "HMAC-SHA512 signing with a 512 bit key.",
 "HMAC-SHA224 signing with a 224 bit key.",
-"Algorithm representing symmetric encryption by an external key manager."
+"Algorithm representing symmetric encryption by an external key manager.",
+"The post-quantum Module-Lattice-Based Digital Signature Algorithm, at security level 3. Randomized version.",
+"The post-quantum stateless hash-based digital signature algorithm, at security level 1. Randomized version."
 ],
 "type": "string"
 },
@@ -3976,7 +4024,7 @@
 "type": "string"
 },
 "pemCrc32c": {
-"description": "Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.",
+"description": "Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed `2^32-1`, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.",
 "format": "int64",
 "type": "string"
 },
@@ -3997,6 +4045,24 @@
 "Crypto operations are performed in an EKM-over-VPC backend."
 ],
 "type": "string"
+},
+"publicKey": {
+"$ref": "ChecksummedData",
+"description": "This field contains the public key (with integrity verification), formatted according to the public_key_format field."
+},
+"publicKeyFormat": {
+"description": "The PublicKey format specified by the customer through the public_key_format field.",
+"enum": [
+"PUBLIC_KEY_FORMAT_UNSPECIFIED",
+"PEM",
+"NIST_PQC"
+],
+"enumDescriptions": [
+"If the public_key_format field is not specified: - For PQC algorithms, an error will be returned. - For non-PQC algorithms, the default format is PEM, and the field pem will be populated. Otherwise, the public key will be exported through the public_key field in the requested format.",
+"The returned public key will be encoded in PEM format. See the [RFC7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13) for more information.",
+"This is supported only for PQC algorithms. The key material is returned in the format defined by NIST PQC standards (FIPS 203, FIPS 204, and FIPS 205)."
+],
+"type": "string"
 }
 },
 "type": "object"
