chore(cloudkms): update the api

#### cloudkms:v1

The following keys were deleted:
- schemas.Binding.properties.bindingId (Total Keys: 1)

The following keys were added:
- schemas.AsymmetricDecryptResponse.properties.protectionLevel (Total Keys: 1)
- schemas.AsymmetricSignResponse.properties.protectionLevel (Total Keys: 1)
- schemas.DecryptResponse.properties.protectionLevel (Total Keys: 1)
- schemas.DecryptResponse.properties.usedPrimary (Total Keys: 1)
- schemas.EncryptResponse.properties.protectionLevel (Total Keys: 1)
- schemas.PublicKey.properties.protectionLevel (Total Keys: 1)

Author: yoshi-automation

docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html

@@ -136,6 +136,7 @@ <h3>Method Details</h3>
     { # Response message for KeyManagementService.AsymmetricDecrypt.
   &quot;plaintext&quot;: &quot;A String&quot;, # The decrypted data originally encrypted with the matching public key.
   &quot;plaintextCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An integrity check of AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
+  &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion used in decryption.
   &quot;verifiedCiphertextCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
 }</pre>
 </div>
@@ -150,7 +151,7 @@ <h3>Method Details</h3>
     The object takes the form of:
 
 { # Request message for KeyManagementService.AsymmetricSign.
-  &quot;digest&quot;: { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version&#x27;s algorithm.
+  &quot;digest&quot;: { # A Digest holds a cryptographic message digest. # Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version&#x27;s algorithm.
     &quot;sha256&quot;: &quot;A String&quot;, # A message digest produced with the SHA-256 algorithm.
     &quot;sha384&quot;: &quot;A String&quot;, # A message digest produced with the SHA-384 algorithm.
     &quot;sha512&quot;: &quot;A String&quot;, # A message digest produced with the SHA-512 algorithm.
@@ -168,6 +169,7 @@ <h3>Method Details</h3>
 
     { # Response message for KeyManagementService.AsymmetricSign.
   &quot;name&quot;: &quot;A String&quot;, # The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing. NOTE: This field is in Beta.
+  &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion used for signing.
   &quot;signature&quot;: &quot;A String&quot;, # The created signature.
   &quot;signatureCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned AsymmetricSignResponse.signature. An integrity check of AsymmetricSignResponse.signature can be performed by computing the CRC32C checksum of AsymmetricSignResponse.signature and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
   &quot;verifiedDigestCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether AsymmetricSignRequest.digest_crc32c was received by KeyManagementService and used for the integrity verification of the digest. A false value of this field indicates either that AsymmetricSignRequest.digest_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set AsymmetricSignRequest.digest_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
@@ -380,6 +382,7 @@ <h3>Method Details</h3>
   &quot;name&quot;: &quot;A String&quot;, # The name of the CryptoKeyVersion public key. Provided here for verification. NOTE: This field is in Beta.
   &quot;pem&quot;: &quot;A String&quot;, # The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).
   &quot;pemCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
+  &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion public key.
 }</pre>
 </div>
 

docs/dyn/cloudkms_v1.projects.locations.keyRings.cryptoKeys.html

@@ -260,6 +260,8 @@ <h3>Method Details</h3>
     { # Response message for KeyManagementService.Decrypt.
   &quot;plaintext&quot;: &quot;A String&quot;, # The decrypted data originally supplied in EncryptRequest.plaintext.
   &quot;plaintextCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned DecryptResponse.plaintext. An integrity check of DecryptResponse.plaintext can be performed by computing the CRC32C checksum of DecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that KeyManagementService is able to successfully decrypt the ciphertext. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
+  &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion used in decryption.
+  &quot;usedPrimary&quot;: True or False, # Whether the Decryption was performed using the primary key version.
 }</pre>
 </div>
 
@@ -291,6 +293,7 @@ <h3>Method Details</h3>
   &quot;ciphertext&quot;: &quot;A String&quot;, # The encrypted data.
   &quot;ciphertextCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned EncryptResponse.ciphertext. An integrity check of EncryptResponse.ciphertext can be performed by computing the CRC32C checksum of EncryptResponse.ciphertext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
   &quot;name&quot;: &quot;A String&quot;, # The resource name of the CryptoKeyVersion used in encryption. Check this field to verify that the intended resource was used for encryption.
+  &quot;protectionLevel&quot;: &quot;A String&quot;, # The ProtectionLevel of the CryptoKeyVersion used in encryption.
   &quot;verifiedAdditionalAuthenticatedDataCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether EncryptRequest.additional_authenticated_data_crc32c was received by KeyManagementService and used for the integrity verification of the AAD. A false value of this field indicates either that EncryptRequest.additional_authenticated_data_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set EncryptRequest.additional_authenticated_data_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
   &quot;verifiedPlaintextCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether EncryptRequest.plaintext_crc32c was received by KeyManagementService and used for the integrity verification of the plaintext. A false value of this field indicates either that EncryptRequest.plaintext_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set EncryptRequest.plaintext_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
 }</pre>
@@ -388,7 +391,6 @@ <h3>Method Details</h3>
   ],
   &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
     { # Associates `members` with a `role`.
-      &quot;bindingId&quot;: &quot;A String&quot;,
       &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: &quot;Summary size limit&quot; description: &quot;Determines if a summary is less than 100 chars&quot; expression: &quot;document.summary.size() &lt; 100&quot; Example (Equality): title: &quot;Requestor is owner&quot; description: &quot;Determines if requestor is the document owner&quot; expression: &quot;document.owner == request.auth.claims.email&quot; Example (Logic): title: &quot;Public documents&quot; description: &quot;Determine whether the document should be publicly visible&quot; expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot; Example (Data Manipulation): title: &quot;Notification string&quot; description: &quot;Create a notification string with a timestamp.&quot; expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot; The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language syntax.
@@ -632,7 +634,6 @@ <h3>Method Details</h3>
     ],
     &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
       { # Associates `members` with a `role`.
-        &quot;bindingId&quot;: &quot;A String&quot;,
         &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: &quot;Summary size limit&quot; description: &quot;Determines if a summary is less than 100 chars&quot; expression: &quot;document.summary.size() &lt; 100&quot; Example (Equality): title: &quot;Requestor is owner&quot; description: &quot;Determines if requestor is the document owner&quot; expression: &quot;document.owner == request.auth.claims.email&quot; Example (Logic): title: &quot;Public documents&quot; description: &quot;Determine whether the document should be publicly visible&quot; expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot; Example (Data Manipulation): title: &quot;Notification string&quot; description: &quot;Create a notification string with a timestamp.&quot; expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot; The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
           &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
           &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language syntax.
@@ -675,7 +676,6 @@ <h3>Method Details</h3>
   ],
   &quot;bindings&quot;: [ # Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.
     { # Associates `members` with a `role`.
-      &quot;bindingId&quot;: &quot;A String&quot;,
       &quot;condition&quot;: { # Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: &quot;Summary size limit&quot; description: &quot;Determines if a summary is less than 100 chars&quot; expression: &quot;document.summary.size() &lt; 100&quot; Example (Equality): title: &quot;Requestor is owner&quot; description: &quot;Determines if requestor is the document owner&quot; expression: &quot;document.owner == request.auth.claims.email&quot; Example (Logic): title: &quot;Public documents&quot; description: &quot;Determine whether the document should be publicly visible&quot; expression: &quot;document.type != &#x27;private&#x27; &amp;&amp; document.type != &#x27;internal&#x27;&quot; Example (Data Manipulation): title: &quot;Notification string&quot; description: &quot;Create a notification string with a timestamp.&quot; expression: &quot;&#x27;New message received at &#x27; + string(document.create_time)&quot; The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. # The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
         &quot;description&quot;: &quot;A String&quot;, # Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
         &quot;expression&quot;: &quot;A String&quot;, # Textual representation of an expression in Common Expression Language syntax.