chore: regenerate cloudkms client (googleapis#31298)

Generated in GitHub action: https://togithub.com/googleapis/googleapis/google-api-java-client-services/actions/workflows/codegen.yaml

Author: yoshi-code-bot

clients/google-api-services-cloudkms/v1/2.0.0/README.md

@@ -22,7 +22,7 @@ Add the following lines to your `pom.xml` file:
     <dependency>
       <groupId>com.google.apis</groupId>
       <artifactId>google-api-services-cloudkms</artifactId>
-      <version>v1-rev20260219-2.0.0</version>
+      <version>v1-rev20260312-2.0.0</version>
     </dependency>
   </dependencies>
 </project>
@@ -35,7 +35,7 @@ repositories {
   mavenCentral()
 }
 dependencies {
-  implementation 'com.google.apis:google-api-services-cloudkms:v1-rev20260219-2.0.0'
+  implementation 'com.google.apis:google-api-services-cloudkms:v1-rev20260312-2.0.0'
 }
 ```
 

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/CloudKMS.java

@@ -74,7 +74,9 @@ public final class CryptoKey extends com.google.api.client.json.GenericJson {
    * will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if
    * rejected by the policy. The policy is defined by specifying zero or more allowed justification
    * codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-
-   * codes By default, this field is absent, and all justification codes are allowed.
+   * codes By default, this field is absent, and all justification codes are allowed. If the
+   * `key_access_justifications_policy.allowed_access_reasons` is empty (zero allowed justification
+   * code), all encrypt, decrypt, and sign operations will fail.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
@@ -233,7 +235,9 @@ public CryptoKey setImportOnly(java.lang.Boolean importOnly) {
    * will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if
    * rejected by the policy. The policy is defined by specifying zero or more allowed justification
    * codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-
-   * codes By default, this field is absent, and all justification codes are allowed.
+   * codes By default, this field is absent, and all justification codes are allowed. If the
+   * `key_access_justifications_policy.allowed_access_reasons` is empty (zero allowed justification
+   * code), all encrypt, decrypt, and sign operations will fail.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsPolicy getKeyAccessJustificationsPolicy() {
@@ -246,7 +250,9 @@ public KeyAccessJustificationsPolicy getKeyAccessJustificationsPolicy() {
    * will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if
    * rejected by the policy. The policy is defined by specifying zero or more allowed justification
    * codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-
-   * codes By default, this field is absent, and all justification codes are allowed.
+   * codes By default, this field is absent, and all justification codes are allowed. If the
+   * `key_access_justifications_policy.allowed_access_reasons` is empty (zero allowed justification
+   * code), all encrypt, decrypt, and sign operations will fail.
    * @param keyAccessJustificationsPolicy keyAccessJustificationsPolicy or {@code null} for none
    */
   public CryptoKey setKeyAccessJustificationsPolicy(KeyAccessJustificationsPolicy keyAccessJustificationsPolicy) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/CryptoKey.java

@@ -17,7 +17,8 @@
 package com.google.api.services.cloudkms.v1.model;
 
 /**
- * The configuration of a protection level for a project's Key Access Justifications enrollment.
+ * Represents the configuration of a protection level for a project's Key Access Justifications
+ * enrollment.
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
  * transmitted over HTTP when working with the Cloud Key Management Service (KMS) API. For a
@@ -31,29 +32,29 @@
 public final class KeyAccessJustificationsEnrollmentConfig extends com.google.api.client.json.GenericJson {
 
   /**
-   * Whether the project has KAJ logging enabled.
+   * Indicates whether the project has KAJ logging enabled.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.lang.Boolean auditLogging;
 
   /**
-   * Whether the project is enrolled in KAJ policy enforcement.
+   * Indicates whether the project is enrolled in KAJ policy enforcement.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.lang.Boolean policyEnforcement;
 
   /**
-   * Whether the project has KAJ logging enabled.
+   * Indicates whether the project has KAJ logging enabled.
    * @return value or {@code null} for none
    */
   public java.lang.Boolean getAuditLogging() {
     return auditLogging;
   }
 
   /**
-   * Whether the project has KAJ logging enabled.
+   * Indicates whether the project has KAJ logging enabled.
    * @param auditLogging auditLogging or {@code null} for none
    */
   public KeyAccessJustificationsEnrollmentConfig setAuditLogging(java.lang.Boolean auditLogging) {
@@ -62,15 +63,15 @@ public KeyAccessJustificationsEnrollmentConfig setAuditLogging(java.lang.Boolean
   }
 
   /**
-   * Whether the project is enrolled in KAJ policy enforcement.
+   * Indicates whether the project is enrolled in KAJ policy enforcement.
    * @return value or {@code null} for none
    */
   public java.lang.Boolean getPolicyEnforcement() {
     return policyEnforcement;
   }
 
   /**
-   * Whether the project is enrolled in KAJ policy enforcement.
+   * Indicates whether the project is enrolled in KAJ policy enforcement.
    * @param policyEnforcement policyEnforcement or {@code null} for none
    */
   public KeyAccessJustificationsEnrollmentConfig setPolicyEnforcement(java.lang.Boolean policyEnforcement) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/KeyAccessJustificationsEnrollmentConfig.java

@@ -18,7 +18,8 @@
 
 /**
  * A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason values for encrypt,
- * decrypt, and sign operations on a CryptoKey.
+ * decrypt, and sign operations on a CryptoKey or KeyAccessJustificationsPolicyConfig (the default
+ * Key Access Justifications policy).
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
  * transmitted over HTTP when working with the Cloud Key Management Service (KMS) API. For a
@@ -32,25 +33,31 @@
 public final class KeyAccessJustificationsPolicy extends com.google.api.client.json.GenericJson {
 
   /**
-   * The list of allowed reasons for access to a CryptoKey. Zero allowed access reasons means all
-   * encrypt, decrypt, and sign operations for the CryptoKey associated with this policy will fail.
+   * The list of allowed reasons for access to a CryptoKey. Note that empty allowed_access_reasons
+   * has a different meaning depending on where this message appears. If this is under
+   * KeyAccessJustificationsPolicyConfig, it means allow-all. If this is under CryptoKey, it means
+   * deny-all.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.util.List<java.lang.String> allowedAccessReasons;
 
   /**
-   * The list of allowed reasons for access to a CryptoKey. Zero allowed access reasons means all
-   * encrypt, decrypt, and sign operations for the CryptoKey associated with this policy will fail.
+   * The list of allowed reasons for access to a CryptoKey. Note that empty allowed_access_reasons
+   * has a different meaning depending on where this message appears. If this is under
+   * KeyAccessJustificationsPolicyConfig, it means allow-all. If this is under CryptoKey, it means
+   * deny-all.
    * @return value or {@code null} for none
    */
   public java.util.List<java.lang.String> getAllowedAccessReasons() {
     return allowedAccessReasons;
   }
 
   /**
-   * The list of allowed reasons for access to a CryptoKey. Zero allowed access reasons means all
-   * encrypt, decrypt, and sign operations for the CryptoKey associated with this policy will fail.
+   * The list of allowed reasons for access to a CryptoKey. Note that empty allowed_access_reasons
+   * has a different meaning depending on where this message appears. If this is under
+   * KeyAccessJustificationsPolicyConfig, it means allow-all. If this is under CryptoKey, it means
+   * deny-all.
    * @param allowedAccessReasons allowedAccessReasons or {@code null} for none
    */
   public KeyAccessJustificationsPolicy setAllowedAccessReasons(java.util.List<java.lang.String> allowedAccessReasons) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/KeyAccessJustificationsPolicy.java

@@ -17,7 +17,7 @@
 package com.google.api.services.cloudkms.v1.model;
 
 /**
- * A singleton configuration for Key Access Justifications policies.
+ * Represents a singleton configuration for Key Access Justifications policies.
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
  * transmitted over HTTP when working with the Cloud Key Management Service (KMS) API. For a
@@ -31,36 +31,45 @@
 public final class KeyAccessJustificationsPolicyConfig extends com.google.api.client.json.GenericJson {
 
   /**
-   * Optional. The default key access justification policy used when a CryptoKey is created in this
-   * folder. This is only used when a Key Access Justifications policy is not provided in the
-   * CreateCryptoKeyRequest. This overrides any default policies in its ancestry.
+   * Optional. Specifies the default key access justifications (KAJ) policy used when a CryptoKey is
+   * created in this folder. This is only used when a Key Access Justifications policy is not
+   * provided in the CreateCryptoKeyRequest. This overrides any default policies in its ancestry. If
+   * this field is unset, or is set but contains an empty allowed_access_reasons list, no default
+   * Key Access Justifications (KAJ) policy configuration is active. In this scenario, all newly
+   * created keys will default to an "allow-all" policy.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private KeyAccessJustificationsPolicy defaultKeyAccessJustificationPolicy;
 
   /**
-   * Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in the format of
-   * "{organizations|folders|projects}/kajPolicyConfig".
+   * Identifier. Represents the resource name for this KeyAccessJustificationsPolicyConfig in the
+   * format of "{organizations|folders|projects}/kajPolicyConfig".
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private java.lang.String name;
 
   /**
-   * Optional. The default key access justification policy used when a CryptoKey is created in this
-   * folder. This is only used when a Key Access Justifications policy is not provided in the
-   * CreateCryptoKeyRequest. This overrides any default policies in its ancestry.
+   * Optional. Specifies the default key access justifications (KAJ) policy used when a CryptoKey is
+   * created in this folder. This is only used when a Key Access Justifications policy is not
+   * provided in the CreateCryptoKeyRequest. This overrides any default policies in its ancestry. If
+   * this field is unset, or is set but contains an empty allowed_access_reasons list, no default
+   * Key Access Justifications (KAJ) policy configuration is active. In this scenario, all newly
+   * created keys will default to an "allow-all" policy.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsPolicy getDefaultKeyAccessJustificationPolicy() {
     return defaultKeyAccessJustificationPolicy;
   }
 
   /**
-   * Optional. The default key access justification policy used when a CryptoKey is created in this
-   * folder. This is only used when a Key Access Justifications policy is not provided in the
-   * CreateCryptoKeyRequest. This overrides any default policies in its ancestry.
+   * Optional. Specifies the default key access justifications (KAJ) policy used when a CryptoKey is
+   * created in this folder. This is only used when a Key Access Justifications policy is not
+   * provided in the CreateCryptoKeyRequest. This overrides any default policies in its ancestry. If
+   * this field is unset, or is set but contains an empty allowed_access_reasons list, no default
+   * Key Access Justifications (KAJ) policy configuration is active. In this scenario, all newly
+   * created keys will default to an "allow-all" policy.
    * @param defaultKeyAccessJustificationPolicy defaultKeyAccessJustificationPolicy or {@code null} for none
    */
   public KeyAccessJustificationsPolicyConfig setDefaultKeyAccessJustificationPolicy(KeyAccessJustificationsPolicy defaultKeyAccessJustificationPolicy) {
@@ -69,17 +78,17 @@ public KeyAccessJustificationsPolicyConfig setDefaultKeyAccessJustificationPolic
   }
 
   /**
-   * Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in the format of
-   * "{organizations|folders|projects}/kajPolicyConfig".
+   * Identifier. Represents the resource name for this KeyAccessJustificationsPolicyConfig in the
+   * format of "{organizations|folders|projects}/kajPolicyConfig".
    * @return value or {@code null} for none
    */
   public java.lang.String getName() {
     return name;
   }
 
   /**
-   * Identifier. The resource name for this KeyAccessJustificationsPolicyConfig in the format of
-   * "{organizations|folders|projects}/kajPolicyConfig".
+   * Identifier. Represents the resource name for this KeyAccessJustificationsPolicyConfig in the
+   * format of "{organizations|folders|projects}/kajPolicyConfig".
    * @param name name or {@code null} for none
    */
   public KeyAccessJustificationsPolicyConfig setName(java.lang.String name) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/KeyAccessJustificationsPolicyConfig.java

@@ -17,7 +17,7 @@
 package com.google.api.services.cloudkms.v1.model;
 
 /**
- * Response message for
+ * Represents a response message for
  * KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsEnrollmentConfig
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
@@ -32,36 +32,36 @@
 public final class ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse extends com.google.api.client.json.GenericJson {
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for external keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for external keys.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private KeyAccessJustificationsEnrollmentConfig externalConfig;
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private KeyAccessJustificationsEnrollmentConfig hardwareConfig;
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for software keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for software keys.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private KeyAccessJustificationsEnrollmentConfig softwareConfig;
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for external keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for external keys.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsEnrollmentConfig getExternalConfig() {
     return externalConfig;
   }
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for external keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for external keys.
    * @param externalConfig externalConfig or {@code null} for none
    */
   public ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse setExternalConfig(KeyAccessJustificationsEnrollmentConfig externalConfig) {
@@ -70,15 +70,15 @@ public ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse setExternalC
   }
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsEnrollmentConfig getHardwareConfig() {
     return hardwareConfig;
   }
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for hardware keys.
    * @param hardwareConfig hardwareConfig or {@code null} for none
    */
   public ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse setHardwareConfig(KeyAccessJustificationsEnrollmentConfig hardwareConfig) {
@@ -87,15 +87,15 @@ public ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse setHardwareC
   }
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for software keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for software keys.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsEnrollmentConfig getSoftwareConfig() {
     return softwareConfig;
   }
 
   /**
-   * The effective KeyAccessJustificationsEnrollmentConfig for software keys.
+   * Contains the effective KeyAccessJustificationsEnrollmentConfig for software keys.
    * @param softwareConfig softwareConfig or {@code null} for none
    */
   public ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse setSoftwareConfig(KeyAccessJustificationsEnrollmentConfig softwareConfig) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse.java

@@ -17,7 +17,7 @@
 package com.google.api.services.cloudkms.v1.model;
 
 /**
- * Response message for
+ * Represents a response message for
  * KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsPolicyConfig.
  *
  * <p> This is the Java data model class that specifies how to parse/serialize into the JSON that is
@@ -32,22 +32,22 @@
 public final class ShowEffectiveKeyAccessJustificationsPolicyConfigResponse extends com.google.api.client.json.GenericJson {
 
   /**
-   * The effective KeyAccessJustificationsPolicyConfig.
+   * Contains the effective KeyAccessJustificationsPolicyConfig.
    * The value may be {@code null}.
    */
   @com.google.api.client.util.Key
   private KeyAccessJustificationsPolicyConfig effectiveKajPolicy;
 
   /**
-   * The effective KeyAccessJustificationsPolicyConfig.
+   * Contains the effective KeyAccessJustificationsPolicyConfig.
    * @return value or {@code null} for none
    */
   public KeyAccessJustificationsPolicyConfig getEffectiveKajPolicy() {
     return effectiveKajPolicy;
   }
 
   /**
-   * The effective KeyAccessJustificationsPolicyConfig.
+   * Contains the effective KeyAccessJustificationsPolicyConfig.
    * @param effectiveKajPolicy effectiveKajPolicy or {@code null} for none
    */
   public ShowEffectiveKeyAccessJustificationsPolicyConfigResponse setEffectiveKajPolicy(KeyAccessJustificationsPolicyConfig effectiveKajPolicy) {

clients/google-api-services-cloudkms/v1/2.0.0/com/google/api/services/cloudkms/v1/model/ShowEffectiveKeyAccessJustificationsPolicyConfigResponse.java

@@ -8,8 +8,8 @@
 
   <groupId>com.google.apis</groupId>
   <artifactId>google-api-services-cloudkms</artifactId>
-  <version>v1-rev20260219-2.0.0</version>
-  <name>Cloud Key Management Service (KMS) API v1-rev20260219-2.0.0</name>
+  <version>v1-rev20260312-2.0.0</version>
+  <name>Cloud Key Management Service (KMS) API v1-rev20260312-2.0.0</name>
   <packaging>jar</packaging>
 
   <inceptionYear>2011</inceptionYear>

clients/google-api-services-cloudkms/v1/2.0.0/pom.xml

@@ -22,7 +22,7 @@ Add the following lines to your `pom.xml` file:
     <dependency>
       <groupId>com.google.apis</groupId>
       <artifactId>google-api-services-cloudkms</artifactId>
-      <version>v1-rev20260219-2.0.0</version>
+      <version>v1-rev20260312-2.0.0</version>
     </dependency>
   </dependencies>
 </project>
@@ -35,7 +35,7 @@ repositories {
   mavenCentral()
 }
 dependencies {
-  implementation 'com.google.apis:google-api-services-cloudkms:v1-rev20260219-2.0.0'
+  implementation 'com.google.apis:google-api-services-cloudkms:v1-rev20260312-2.0.0'
 }
 ```