feat(cloudkms): update the api

#### cloudkms:v1

The following keys were added:
- resources.projects.resources.locations.methods.getEkmConfig (Total Keys: 11)
- resources.projects.resources.locations.methods.updateEkmConfig (Total Keys: 15)
- schemas.CryptoKeyVersion.properties.externalDestructionFailureReason (Total Keys: 2)
- schemas.CryptoKeyVersion.properties.generationFailureReason (Total Keys: 2)
- schemas.EkmConfig (Total Keys: 5)
- schemas.EkmConnection.properties.cryptoSpacePath.type (Total Keys: 1)
- schemas.EkmConnection.properties.keyManagementMode.type (Total Keys: 1)

Author: yoshi-automation

docs/dyn/cloudkms_v1.projects.locations.ekmConnections.html

@@ -118,7 +118,9 @@ <h3>Method Details</h3>
 
 { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+  &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
   &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+  &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
   &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
   &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
     { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
@@ -155,7 +157,9 @@ <h3>Method Details</h3>
 
     { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+  &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
   &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+  &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
   &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
   &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
     { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
@@ -198,7 +202,9 @@ <h3>Method Details</h3>
 
     { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+  &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
   &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+  &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
   &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
   &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
     { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
@@ -295,7 +301,9 @@ <h3>Method Details</h3>
   &quot;ekmConnections&quot;: [ # The list of EkmConnections.
     { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
       &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+      &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
       &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+      &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
       &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
       &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
         { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
@@ -351,7 +359,9 @@ <h3>Method Details</h3>
 
 { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+  &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
   &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+  &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
   &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
   &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
     { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
@@ -388,7 +398,9 @@ <h3>Method Details</h3>
 
     { # An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which the EkmConnection was created.
+  &quot;cryptoSpacePath&quot;: &quot;A String&quot;, # Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
   &quot;etag&quot;: &quot;A String&quot;, # Optional. Etag of the currently stored EkmConnection.
+  &quot;keyManagementMode&quot;: &quot;A String&quot;, # Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
   &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.
   &quot;serviceResolvers&quot;: [ # A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
     { # A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.

docs/dyn/cloudkms_v1.projects.locations.html

@@ -98,12 +98,18 @@ <h2>Instance Methods</h2>
 <p class="toc_element">
   <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
 <p class="firstline">Gets information about a location.</p>
+<p class="toc_element">
+  <code><a href="#getEkmConfig">getEkmConfig(name, x__xgafv=None)</a></code></p>
+<p class="firstline">Returns the EkmConfig singleton resource for a given project and location.</p>
 <p class="toc_element">
   <code><a href="#list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
 <p class="firstline">Lists information about the supported locations for this service.</p>
 <p class="toc_element">
   <code><a href="#list_next">list_next()</a></code></p>
 <p class="firstline">Retrieves the next page of results.</p>
+<p class="toc_element">
+  <code><a href="#updateEkmConfig">updateEkmConfig(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
+<p class="firstline">Updates the EkmConfig singleton resource for a given project and location.</p>
 <h3>Method Details</h3>
 <div class="method">
     <code class="details" id="close">close()</code>
@@ -165,6 +171,26 @@ <h3>Method Details</h3>
 }</pre>
 </div>
 
+<div class="method">
+    <code class="details" id="getEkmConfig">getEkmConfig(name, x__xgafv=None)</code>
+  <pre>Returns the EkmConfig singleton resource for a given project and location.
+
+Args:
+  name: string, Required. The name of the EkmConfig to get. (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.
+  &quot;defaultEkmConnection&quot;: &quot;A String&quot;, # Optional. Resource name of the default EkmConnection. Setting this field to the empty string removes the default.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`.
+}</pre>
+</div>
+
 <div class="method">
     <code class="details" id="list">list(name, filter=None, pageSize=None, pageToken=None, x__xgafv=None)</code>
   <pre>Lists information about the supported locations for this service.
@@ -214,4 +240,33 @@ <h3>Method Details</h3>
         </pre>
 </div>
 
+<div class="method">
+    <code class="details" id="updateEkmConfig">updateEkmConfig(name, body=None, updateMask=None, x__xgafv=None)</code>
+  <pre>Updates the EkmConfig singleton resource for a given project and location.
+
+Args:
+  name: string, Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.
+  &quot;defaultEkmConnection&quot;: &quot;A String&quot;, # Optional. Resource name of the default EkmConnection. Setting this field to the empty string removes the default.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`.
+}
+
+  updateMask: string, Required. List of fields to be updated in this request.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.
+  &quot;defaultEkmConnection&quot;: &quot;A String&quot;, # Optional. Resource name of the default EkmConnection. Setting this field to the empty string removes the default.
+  &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`.
+}</pre>
+</div>
+
 </body></html>

docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html

@@ -219,11 +219,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -261,11 +263,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -316,11 +320,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -365,11 +371,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -448,11 +456,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -507,11 +517,13 @@ <h3>Method Details</h3>
       &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
       &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
       &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+      &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
       &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
         &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
         &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
       },
       &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+      &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
       &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
       &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
       &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -634,11 +646,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -677,11 +691,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -732,11 +748,13 @@ <h3>Method Details</h3>
   &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
   &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
   &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+  &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
   &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
     &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
     &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
   },
   &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+  &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
   &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
   &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
   &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.

docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html

@@ -160,11 +160,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -221,11 +223,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -353,11 +357,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -477,11 +483,13 @@ <h3>Method Details</h3>
         &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
         &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
         &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+        &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
         &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
           &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
           &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
         },
         &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+        &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
         &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
         &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
         &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -556,11 +564,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -616,11 +626,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.
@@ -804,11 +816,13 @@ <h3>Method Details</h3>
     &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
     &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
     &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
+    &quot;externalDestructionFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
     &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
       &quot;ekmConnectionKeyPath&quot;: &quot;A String&quot;, # The path to the external key material on the EKM when using EkmConnection e.g., &quot;v0/my/key&quot;. Set this field instead of external_key_uri when using an EkmConnection.
       &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
     },
     &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
+    &quot;generationFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
     &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
     &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
     &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was most recently imported.

googleapiclient/discovery_cache/documents/cloudkms.v1.json

@@ -167,6 +167,32 @@
                 "https://www.googleapis.com/auth/cloudkms"
               ]
             },
+            "getEkmConfig": {
+              "description": "Returns the EkmConfig singleton resource for a given project and location.",
+              "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConfig",
+              "httpMethod": "GET",
+              "id": "cloudkms.projects.locations.getEkmConfig",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Required. The name of the EkmConfig to get.",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/locations/[^/]+/ekmConfig$",
+                  "required": true,
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "response": {
+                "$ref": "EkmConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/cloudkms"
+              ]
+            },
             "list": {
               "description": "Lists information about the supported locations for this service.",
               "flatPath": "v1/projects/{projectsId}/locations",
@@ -208,6 +234,41 @@
                 "https://www.googleapis.com/auth/cloud-platform",
                 "https://www.googleapis.com/auth/cloudkms"
               ]
+            },
+            "updateEkmConfig": {
+              "description": "Updates the EkmConfig singleton resource for a given project and location.",
+              "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/ekmConfig",
+              "httpMethod": "PATCH",
+              "id": "cloudkms.projects.locations.updateEkmConfig",
+              "parameterOrder": [
+                "name"
+              ],
+              "parameters": {
+                "name": {
+                  "description": "Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`.",
+                  "location": "path",
+                  "pattern": "^projects/[^/]+/locations/[^/]+/ekmConfig$",
+                  "required": true,
+                  "type": "string"
+                },
+                "updateMask": {
+                  "description": "Required. List of fields to be updated in this request.",
+                  "format": "google-fieldmask",
+                  "location": "query",
+                  "type": "string"
+                }
+              },
+              "path": "v1/{+name}",
+              "request": {
+                "$ref": "EkmConfig"
+              },
+              "response": {
+                "$ref": "EkmConfig"
+              },
+              "scopes": [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/cloudkms"
+              ]
             }
           },
           "resources": {
@@ -1676,7 +1737,7 @@
       }
     }
   },
-  "revision": "20230224",
+  "revision": "20230307",
   "rootUrl": "https://cloudkms.googleapis.com/",
   "schemas": {
     "AsymmetricDecryptRequest": {
@@ -2132,6 +2193,11 @@
           "readOnly": true,
           "type": "string"
         },
+        "externalDestructionFailureReason": {
+          "description": "Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.",
+          "readOnly": true,
+          "type": "string"
+        },
         "externalProtectionLevelOptions": {
           "$ref": "ExternalProtectionLevelOptions",
           "description": "ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels."
@@ -2142,6 +2208,11 @@
           "readOnly": true,
           "type": "string"
         },
+        "generationFailureReason": {
+          "description": "Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.",
+          "readOnly": true,
+          "type": "string"
+        },
         "importFailureReason": {
           "description": "Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.",
           "readOnly": true,
@@ -2197,7 +2268,10 @@
             "DESTROYED",
             "DESTROY_SCHEDULED",
             "PENDING_IMPORT",
-            "IMPORT_FAILED"
+            "IMPORT_FAILED",
+            "GENERATION_FAILED",
+            "PENDING_EXTERNAL_DESTRUCTION",
+            "EXTERNAL_DESTRUCTION_FAILED"
           ],
           "enumDescriptions": [
             "Not specified.",
@@ -2207,7 +2281,10 @@
             "This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.",
             "This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.",
             "This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.",
-            "This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason."
+            "This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.",
+            "This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.",
+            "This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.",
+            "This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason."
           ],
           "type": "string"
         }
@@ -2399,6 +2476,22 @@
       },
       "type": "object"
     },
+    "EkmConfig": {
+      "description": "An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.",
+      "id": "EkmConfig",
+      "properties": {
+        "defaultEkmConnection": {
+          "description": "Optional. Resource name of the default EkmConnection. Setting this field to the empty string removes the default.",
+          "type": "string"
+        },
+        "name": {
+          "description": "Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`.",
+          "readOnly": true,
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "EkmConnection": {
       "description": "An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.",
       "id": "EkmConnection",
@@ -2409,10 +2502,28 @@
           "readOnly": true,
           "type": "string"
         },
+        "cryptoSpacePath": {
+          "description": "Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.",
+          "type": "string"
+        },
         "etag": {
           "description": "Optional. Etag of the currently stored EkmConnection.",
           "type": "string"
         },
+        "keyManagementMode": {
+          "description": "Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.",
+          "enum": [
+            "KEY_MANAGEMENT_MODE_UNSPECIFIED",
+            "MANUAL",
+            "CLOUD_KMS"
+          ],
+          "enumDescriptions": [
+            "Not specified.",
+            "EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that: * When creating a CryptoKeyVersion associated with this EkmConnection, the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion. * Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM. * Automatic rotation of key material is not supported.",
+            "All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that: * When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material. * Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion. * Automatic rotation of key material is supported."
+          ],
+          "type": "string"
+        },
         "name": {
           "description": "Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`.",
           "readOnly": true,