public final class CmekSettings extends GeneratedMessageV3 implements CmekSettingsOrBuilder
Describes the customer-managed encryption key (CMEK) settings associated with
a project, folder, organization, billing account, or flexible resource.
Note: CMEK for the Logs Router can currently only be configured for GCP
organizations. Once configured, it applies to all projects and folders in the
GCP organization.
See Enabling CMEK for Logs
Router for
more information.
Protobuf type google.logging.v2.CmekSettings
Static Fields
KMS_KEY_NAME_FIELD_NUMBER
public static final int KMS_KEY_NAME_FIELD_NUMBER
Field Value
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
Field Value
SERVICE_ACCOUNT_ID_FIELD_NUMBER
public static final int SERVICE_ACCOUNT_ID_FIELD_NUMBER
Field Value
Static Methods
getDefaultInstance()
public static CmekSettings getDefaultInstance()
Returns
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns
newBuilder()
public static CmekSettings.Builder newBuilder()
Returns
newBuilder(CmekSettings prototype)
public static CmekSettings.Builder newBuilder(CmekSettings prototype)
Parameter
Returns
public static CmekSettings parseDelimitedFrom(InputStream input)
Parameter
Returns
Exceptions
public static CmekSettings parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(byte[] data)
public static CmekSettings parseFrom(byte[] data)
Parameter
Name | Description |
data | byte[]
|
Returns
Exceptions
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static CmekSettings parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteString data)
public static CmekSettings parseFrom(ByteString data)
Parameter
Returns
Exceptions
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static CmekSettings parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static CmekSettings parseFrom(CodedInputStream input)
Parameter
Returns
Exceptions
public static CmekSettings parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static CmekSettings parseFrom(InputStream input)
Parameter
Returns
Exceptions
public static CmekSettings parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteBuffer data)
public static CmekSettings parseFrom(ByteBuffer data)
Parameter
Returns
Exceptions
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static CmekSettings parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parser()
public static Parser<CmekSettings> parser()
Returns
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter
Returns
Overrides
getDefaultInstanceForType()
public CmekSettings getDefaultInstanceForType()
Returns
getKmsKeyName()
public String getKmsKeyName()
The resource name for the configured Cloud KMS key.
KMS key name format:
"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
For example:
"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"
To enable CMEK for the Logs Router, set this field to a valid
kms_key_name
for which the associated service account has the required
roles/cloudkms.cryptoKeyEncrypterDecrypter
role assigned for the key.
The Cloud KMS key used by the Log Router can be updated by changing the
kms_key_name
to a new valid key name. Encryption operations that are in
progress will be completed with the key that was in use when they started.
Decryption operations will be completed using the key that was used at the
time of encryption unless access to that key has been revoked.
To disable CMEK for the Logs Router, set this field to an empty string.
See Enabling CMEK for Logs
Router
for more information.
string kms_key_name = 2;
Returns
Type | Description |
String | The kmsKeyName.
|
getKmsKeyNameBytes()
public ByteString getKmsKeyNameBytes()
The resource name for the configured Cloud KMS key.
KMS key name format:
"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]"
For example:
"projects/my-project-id/locations/my-region/keyRings/key-ring-name/cryptoKeys/key-name"
To enable CMEK for the Logs Router, set this field to a valid
kms_key_name
for which the associated service account has the required
roles/cloudkms.cryptoKeyEncrypterDecrypter
role assigned for the key.
The Cloud KMS key used by the Log Router can be updated by changing the
kms_key_name
to a new valid key name. Encryption operations that are in
progress will be completed with the key that was in use when they started.
Decryption operations will be completed using the key that was used at the
time of encryption unless access to that key has been revoked.
To disable CMEK for the Logs Router, set this field to an empty string.
See Enabling CMEK for Logs
Router
for more information.
string kms_key_name = 2;
Returns
Type | Description |
ByteString | The bytes for kmsKeyName.
|
getName()
Output only. The resource name of the CMEK settings.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns
Type | Description |
String | The name.
|
getNameBytes()
public ByteString getNameBytes()
Output only. The resource name of the CMEK settings.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns
getParserForType()
public Parser<CmekSettings> getParserForType()
Returns
Overrides
getSerializedSize()
public int getSerializedSize()
Returns
Overrides
getServiceAccountId()
public String getServiceAccountId()
Output only. The service account that will be used by the Logs Router to access your
Cloud KMS key.
Before enabling CMEK for Logs Router, you must first assign the role
roles/cloudkms.cryptoKeyEncrypterDecrypter
to the service account that
the Logs Router will use to access your Cloud KMS key. Use
GetCmekSettings to
obtain the service account ID.
See Enabling CMEK for Logs
Router
for more information.
string service_account_id = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns
Type | Description |
String | The serviceAccountId.
|
getServiceAccountIdBytes()
public ByteString getServiceAccountIdBytes()
Output only. The service account that will be used by the Logs Router to access your
Cloud KMS key.
Before enabling CMEK for Logs Router, you must first assign the role
roles/cloudkms.cryptoKeyEncrypterDecrypter
to the service account that
the Logs Router will use to access your Cloud KMS key. Use
GetCmekSettings to
obtain the service account ID.
See Enabling CMEK for Logs
Router
for more information.
string service_account_id = 3 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns
Type | Description |
ByteString | The bytes for serviceAccountId.
|
getUnknownFields()
public final UnknownFieldSet getUnknownFields()
Returns
Overrides
hashCode()
Returns
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Overrides
isInitialized()
public final boolean isInitialized()
Returns
Overrides
newBuilderForType()
public CmekSettings.Builder newBuilderForType()
Returns
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected CmekSettings.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Returns
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Returns
Overrides
toBuilder()
public CmekSettings.Builder toBuilder()
Returns
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Parameter
Overrides
Exceptions