feat!: Update definition of RewriteObjectRequest to bring to parity w…

…ith JSON API support

PiperOrigin-RevId: 425656197

google/storage/v2/storage.proto

@@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -923,6 +923,13 @@ message QueryWriteStatusResponse {
 }
 
 // Request message for RewriteObject.
+// If the source object is encrypted using a Customer-Supplied Encryption Key
+// the key information must be provided in the copy_source_encryption_algorithm,
+// copy_source_encryption_key_bytes, and copy_source_encryption_key_sha256_bytes
+// fields. If the destination object should be encrypted the keying information
+// should be provided in the encryption_algorithm, encryption_key_bytes, and
+// encryption_key_sha256_bytes fields of the
+// common_object_request_params.customer_encryption field.
 message RewriteObjectRequest {
   // Immutable. The name of the destination object. Nearly any sequence of unicode
   // characters is valid. See
@@ -941,14 +948,19 @@ message RewriteObjectRequest {
     }
   ];
 
-  // Metadata of customer-supplied encryption key for the destination object, if
-  // the object is to be encrypted by such a key.
-  CustomerEncryption destination_customer_encryption = 26;
+  // The name of the Cloud KMS key that will be used to encrypt the destination
+  // object. The Cloud KMS key must be located in same location as the object.
+  // If the parameter is not specified, the request uses the destination
+  // bucket's default encryption key, if any, or else the Google-managed
+  // encryption key.
+  string destination_kms_key = 27 [(google.api.resource_reference) = {
+                                     type: "cloudkms.googleapis.com/CryptoKey"
+                                   }];
 
   // Properties of the destination, post-rewrite object.
-  // The `name`, `bucket`, and `customer_encryption` fields must not be
-  // populated (these values are specified in the `destination_name`,
-  // `destination_bucket`, and `destination_customer_encryption` fields).
+  // The `name`, `bucket` and `kms_key` fields must not be populated (these
+  // values are specified in the `destination_name`, `destination_bucket`, and
+  // `destination_kms_key` fields).
   // If `destination` is present it will be used to construct the destination
   // object's metadata; otherwise the destination object's metadata will be
   // copied from the source object.
@@ -1019,15 +1031,18 @@ message RewriteObjectRequest {
   // `rewriteToken` is invalid.
   int64 max_bytes_rewritten_per_call = 15;
 
-  // The algorithm used to encrypt the source object, if any.
+  // The algorithm used to encrypt the source object, if any. Used if the source
+  // object was encrypted with a Customer-Supplied Encryption Key.
   string copy_source_encryption_algorithm = 16;
 
-  // The encryption key used to encrypt the source object, if any.
-  // In raw bytes format (not base64-encoded).
+  // The raw bytes (not base64-encoded) AES-256 encryption key used to encrypt
+  // the source object, if it was encrypted with a Customer-Supplied Encryption
+  // Key.
   bytes copy_source_encryption_key_bytes = 21;
 
-  // The SHA-256 hash of the key used to encrypt the source object, if any.
-  // In raw bytes format (not base64-encoded).
+  // The raw bytes (not base64-encoded) SHA256 hash of the encryption key used
+  // to encrypt the source object, if it was encrypted with a Customer-Supplied
+  // Encryption Key.
   bytes copy_source_encryption_key_sha256_bytes = 22;
 
   // A set of parameters common to Storage API requests concerning an object.
@@ -1257,15 +1272,16 @@ message UpdateHmacKeyRequest {
 
 // Parameters that can be passed to any object request.
 message CommonObjectRequestParams {
-  // Encryption algorithm used with Customer-Supplied Encryption Keys feature.
+  // Encryption algorithm used with the Customer-Supplied Encryption Keys
+  // feature.
   string encryption_algorithm = 1;
 
-  // Encryption key used with Customer-Supplied Encryption Keys feature.
+  // Encryption key used with the Customer-Supplied Encryption Keys feature.
   // In raw bytes format (not base64-encoded).
   bytes encryption_key_bytes = 4;
 
-  // SHA256 hash of encryption key used with Customer-Supplied Encryption Keys
-  // feature.
+  // SHA256 hash of encryption key used with the Customer-Supplied Encryption
+  // Keys feature.
   bytes encryption_key_sha256_bytes = 5;
 }
 
@@ -1406,8 +1422,8 @@ message Bucket {
 
   // Encryption properties of a bucket.
   message Encryption {
-    // A Cloud KMS key that will be used to encrypt objects inserted into this
-    // bucket, if no encryption method is specified.
+    // The name of the Cloud KMS key that will be used to encrypt objects
+    // inserted into this bucket, if no encryption method is specified.
     string default_kms_key = 1 [(google.api.resource_reference) = {
                                   type: "cloudkms.googleapis.com/CryptoKey"
                                 }];
@@ -1852,8 +1868,8 @@ message Notification {
   string payload_format = 6 [(google.api.field_behavior) = REQUIRED];
 }
 
-// Describes the customer-specified mechanism used to store an Object's data at
-// rest.
+// Describes the Customer-Supplied Encryption Key mechanism used to store an
+// Object's data at rest.
 message CustomerEncryption {
   // The encryption algorithm.
   string encryption_algorithm = 1;
@@ -2008,7 +2024,7 @@ message Object {
   // [FieldViolation][google.rpc.BadRequest.FieldViolation].
   Owner owner = 24 [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Metadata of customer-supplied encryption key, if the object is encrypted by
+  // Metadata of Customer-Supplied Encryption Key, if the object is encrypted by
   // such a key.
   CustomerEncryption customer_encryption = 25;