xref: /aosp_15_r20/external/googleapis/google/cloud/kms/v1/cloudkms_v1.yaml (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1type: google.api.Service
2config_version: 3
3name: cloudkms.googleapis.com
4title: Cloud Key Management Service (KMS) API
5
6apis:
7- name: google.cloud.kms.v1.EkmService
8- name: google.cloud.kms.v1.KeyManagementService
9- name: google.cloud.location.Locations
10- name: google.iam.v1.IAMPolicy
11- name: google.longrunning.Operations
12
13types:
14- name: google.cloud.kms.v1.LocationMetadata
15
16documentation:
17  summary: |-
18    Manages keys and performs cryptographic operations in a central cloud
19    service, for direct use by other cloud resources and applications.
20  rules:
21  - selector: google.cloud.location.Locations.GetLocation
22    description: Gets information about a location.
23
24  - selector: google.cloud.location.Locations.ListLocations
25    description: Lists information about the supported locations for this service.
26
27  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
28    description: |-
29      Gets the access control policy for a resource. Returns an empty policy
30      if the resource exists and does not have a policy set.
31
32  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
33    description: |-
34      Sets the access control policy on the specified resource. Replaces
35      any existing policy.
36
37      Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
38      errors.
39
40  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
41    description: |-
42      Returns permissions that a caller has on the specified resource. If the
43      resource does not exist, this will return an empty set of
44      permissions, not a `NOT_FOUND` error.
45
46      Note: This operation is designed to be used for building
47      permission-aware UIs and command-line tools, not for authorization
48      checking. This operation may "fail open" without warning.
49
50http:
51  rules:
52  - selector: google.cloud.location.Locations.GetLocation
53    get: '/v1/{name=projects/*/locations/*}'
54  - selector: google.cloud.location.Locations.ListLocations
55    get: '/v1/{name=projects/*}/locations'
56  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
57    get: '/v1/{resource=projects/*/locations/*/keyRings/*}:getIamPolicy'
58    additional_bindings:
59    - get: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy'
60    - get: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:getIamPolicy'
61    - get: '/v1/{resource=projects/*/locations/*/ekmConfig}:getIamPolicy'
62    - get: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:getIamPolicy'
63  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
64    post: '/v1/{resource=projects/*/locations/*/keyRings/*}:setIamPolicy'
65    body: '*'
66    additional_bindings:
67    - post: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy'
68      body: '*'
69    - post: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:setIamPolicy'
70      body: '*'
71    - post: '/v1/{resource=projects/*/locations/*/ekmConfig}:setIamPolicy'
72      body: '*'
73    - post: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:setIamPolicy'
74      body: '*'
75  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
76    post: '/v1/{resource=projects/*/locations/*/keyRings/*}:testIamPermissions'
77    body: '*'
78    additional_bindings:
79    - post: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions'
80      body: '*'
81    - post: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:testIamPermissions'
82      body: '*'
83    - post: '/v1/{resource=projects/*/locations/*/ekmConfig}:testIamPermissions'
84      body: '*'
85    - post: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:testIamPermissions'
86      body: '*'
87
88authentication:
89  rules:
90  - selector: 'google.cloud.kms.v1.EkmService.*'
91    oauth:
92      canonical_scopes: |-
93        https://www.googleapis.com/auth/cloud-platform,
94        https://www.googleapis.com/auth/cloudkms
95  - selector: 'google.cloud.kms.v1.KeyManagementService.*'
96    oauth:
97      canonical_scopes: |-
98        https://www.googleapis.com/auth/cloud-platform,
99        https://www.googleapis.com/auth/cloudkms
100  - selector: google.cloud.location.Locations.GetLocation
101    oauth:
102      canonical_scopes: |-
103        https://www.googleapis.com/auth/cloud-platform,
104        https://www.googleapis.com/auth/cloudkms
105  - selector: google.cloud.location.Locations.ListLocations
106    oauth:
107      canonical_scopes: |-
108        https://www.googleapis.com/auth/cloud-platform,
109        https://www.googleapis.com/auth/cloudkms
110  - selector: 'google.iam.v1.IAMPolicy.*'
111    oauth:
112      canonical_scopes: |-
113        https://www.googleapis.com/auth/cloud-platform,
114        https://www.googleapis.com/auth/cloudkms
115