Class: Google::Apis::LoggingV2::CmekSettings

Inherits:

Object

• Object
• Google::Apis::LoggingV2::CmekSettings

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/logging_v2/classes.rb,
lib/google/apis/logging_v2/representations.rb,
lib/google/apis/logging_v2/representations.rb

Overview

Describes the customer-managed encryption key (CMEK) settings associated with a project, folder, organization, billing account, or flexible resource.Note: CMEK for the Log Router can currently only be configured for Google Cloud organizations. Once configured, it applies to all projects and folders in the Google Cloud organization.See Enabling CMEK for Log Router (https://cloud. google.com/logging/docs/routing/managed-encryption) for more information.

Instance Attribute Summary

• #kms_key_name ⇒ String

  Optional.

• #kms_key_version_name ⇒ String

  Output only.

• #name ⇒ String

  Output only.

• #service_account_id ⇒ String

  Output only.

Instance Method Summary

• #initialize(**args) ⇒ CmekSettings constructor

  A new instance of CmekSettings.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ CmekSettings

Returns a new instance of CmekSettings.

# File 'lib/google/apis/logging_v2/classes.rb', line 423

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#kms_key_name ⇒ String

Optional. The resource name for the configured Cloud KMS key.KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/ cryptoKeys/[KEY]" For example:"projects/my-project/locations/us-central1/ keyRings/my-ring/cryptoKeys/my-key"To enable CMEK for the Log Router, set this field to a valid kms_key_name for which the associated service account has the needed cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.The Cloud KMS key used by the Log Router can be updated by changing the kms_key_name to a new valid key name or disabled by setting the key name to an empty string. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.To disable CMEK for the Log Router, set this field to an empty string.See Enabling CMEK for Log Router (https://cloud. google.com/logging/docs/routing/managed-encryption) for more information. Corresponds to the JSON property kmsKeyName

Returns:

• (String)

# File 'lib/google/apis/logging_v2/classes.rb', line 394

def kms_key_name
  @kms_key_name
end

#kms_key_version_name ⇒ String

Output only. The CryptoKeyVersion resource name for the configured Cloud KMS key.KMS key name format: "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[ KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]" For example:"projects/ my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/ cryptoKeyVersions/1"This is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version. If this field is populated, the kms_key is tied to a specific CryptoKeyVersion. Corresponds to the JSON property kmsKeyVersionName

Returns:

• (String)

# File 'lib/google/apis/logging_v2/classes.rb', line 406

def kms_key_version_name
  @kms_key_version_name
end

#name ⇒ String

Output only. The resource name of the CMEK settings. Corresponds to the JSON property name

Returns:

• (String)

# File 'lib/google/apis/logging_v2/classes.rb', line 411

def name
  @name
end

#service_account_id ⇒ String

Output only. The service account that will be used by the Log Router to access your Cloud KMS key.Before enabling CMEK for Log Router, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account that the Log Router will use to access your Cloud KMS key. Use GetCmekSettings to obtain the service account ID.See Enabling CMEK for Log Router (https://cloud. google.com/logging/docs/routing/managed-encryption) for more information. Corresponds to the JSON property serviceAccountId

Returns:

• (String)

# File 'lib/google/apis/logging_v2/classes.rb', line 421

def service_account_id
  @service_account_id
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/logging_v2/classes.rb', line 428

def update!(**args)
  @kms_key_name = args[:kms_key_name] if args.key?(:kms_key_name)
  @kms_key_version_name = args[:kms_key_version_name] if args.key?(:kms_key_version_name)
  @name = args[:name] if args.key?(:name)
  @service_account_id = args[:service_account_id] if args.key?(:service_account_id)
end