Method: organizations.updateCmekSettings

Updates the Log Router CMEK settings for the given resource.

Note: CMEK for the Log Router can currently only be configured for Google Cloud organizations. Once configured, it applies to all projects and folders in the Google Cloud organization.

v2.updateCmekSettings fails when any of the following are true:

  • The value of kmsKeyName is invalid.
  • The associated service account doesn't have the required roles/cloudkms.cryptoKeyEncrypterDecrypter role assigned for the key.
  • Access to the key is disabled.

See Enabling CMEK for Log Router for more information.

HTTP request

PATCH https://logging.googleapis.com/v2/{name=organizations/*}/cmekSettings

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

Required. The resource name for the CMEK settings to update.

"projects/[PROJECT_ID]/cmekSettings"
"organizations/[ORGANIZATION_ID]/cmekSettings"
"billingAccounts/[BILLING_ACCOUNT_ID]/cmekSettings"
"folders/[FOLDER_ID]/cmekSettings"

For example:

"organizations/12345/cmekSettings"

Note: CMEK for the Log Router can currently only be configured for Google Cloud organizations. Once configured, it applies to all projects and folders in the Google Cloud organization.

Authorization requires the following IAM permission on the specified resource name:

  • logging.cmekSettings.get

Query parameters

Parameters
updateMask

string (FieldMask format)

Optional. Field mask identifying which fields from cmekSettings should be updated. A field will be overwritten if and only if it is in the update mask. Output only fields cannot be updated.

See FieldMask for more information.

For example: "updateMask=kmsKeyName"

This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".

Request body

The request body contains an instance of CmekSettings.

Response body

If successful, the response body contains an instance of CmekSettings.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/logging.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.