- On January 1, 2020 this library will no longer support Python 2 on the latest released version. - Previously released library versions will continue to be available. For more information please + As of January 1, 2020 this library no longer supports Python 2 on the latest released version. + Library versions released prior to that date will continue to be available. For more information please visit Python 2 support on Google Cloud.
{% block body %} {% endblock %} diff --git a/docs/conf.py b/docs/conf.py index 098ce468..b1a1e95d 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -38,21 +38,18 @@ "sphinx.ext.napoleon", "sphinx.ext.todo", "sphinx.ext.viewcode", + "recommonmark", ] # autodoc/autosummary flags autoclass_content = "both" -autodoc_default_flags = ["members"] +autodoc_default_options = {"members": True} autosummary_generate = True # Add any paths that contain templates here, relative to this directory. templates_path = ["_templates"] -# Allow markdown includes (so releases.md can include CHANGLEOG.md) -# http://www.sphinx-doc.org/en/master/markdown.html -source_parsers = {".md": "recommonmark.parser.CommonMarkParser"} - # The suffix(es) of source filenames. # You can specify multiple suffix as a list of string: # source_suffix = ['.rst', '.md'] @@ -293,7 +290,7 @@ # One entry per manual page. List of tuples # (source start file, name, description, authors, manual section). man_pages = [ - (master_doc, "google-cloud-kms", u"google-cloud-kms Documentation", [author], 1) + (master_doc, "google-cloud-kms", u"google-cloud-kms Documentation", [author], 1,) ] # If true, show URL addresses after external links. @@ -334,7 +331,7 @@ intersphinx_mapping = { "python": ("http://python.readthedocs.org/en/latest/", None), "google-auth": ("https://google-auth.readthedocs.io/en/stable", None), - "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None), + "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None,), "grpc": ("https://grpc.io/grpc/python/", None), } diff --git a/docs/gapic/v1/api.rst b/docs/gapic/v1/api.rst deleted file mode 100644 index cb91e858..00000000 --- a/docs/gapic/v1/api.rst +++ /dev/null @@ -1,6 +0,0 @@ -Client for Cloud Key Management Service (KMS) API -================================================= - -.. automodule:: google.cloud.kms_v1 - :members: - :inherited-members: \ No newline at end of file diff --git a/docs/gapic/v1/types.rst b/docs/gapic/v1/types.rst deleted file mode 100644 index b0484622..00000000 --- a/docs/gapic/v1/types.rst +++ /dev/null @@ -1,5 +0,0 @@ -Types for Cloud Key Management Service (KMS) API Client -======================================================= - -.. automodule:: google.cloud.kms_v1.types - :members: \ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst index 9307e8ff..8fc633c2 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -7,8 +7,19 @@ API Reference .. toctree:: :maxdepth: 2 - gapic/v1/api - gapic/v1/types + kms_v1/services + kms_v1/types + + +Migration Guide +--------------- + +See the guide below for instructions on migrating to the 2.x release of this library. + +.. toctree:: + :maxdepth: 2 + + UPGRADING Changelog diff --git a/docs/kms_v1/services.rst b/docs/kms_v1/services.rst new file mode 100644 index 00000000..93db565f --- /dev/null +++ b/docs/kms_v1/services.rst @@ -0,0 +1,6 @@ +Services for Google Cloud Kms v1 API +==================================== + +.. automodule:: google.cloud.kms_v1.services.key_management_service + :members: + :inherited-members: diff --git a/docs/kms_v1/types.rst b/docs/kms_v1/types.rst new file mode 100644 index 00000000..401cef20 --- /dev/null +++ b/docs/kms_v1/types.rst @@ -0,0 +1,5 @@ +Types for Google Cloud Kms v1 API +================================= + +.. automodule:: google.cloud.kms_v1.types + :members: diff --git a/google/cloud/kms.py b/google/cloud/kms.py deleted file mode 100644 index 8aa4cdb0..00000000 --- a/google/cloud/kms.py +++ /dev/null @@ -1,25 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -from __future__ import absolute_import - -from google.cloud.kms_v1 import KeyManagementServiceClient -from google.cloud.kms_v1 import enums -from google.cloud.kms_v1 import types - - -__all__ = ("enums", "types", "KeyManagementServiceClient") diff --git a/google/cloud/kms/__init__.py b/google/cloud/kms/__init__.py new file mode 100644 index 00000000..10e86d90 --- /dev/null +++ b/google/cloud/kms/__init__.py @@ -0,0 +1,112 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from google.cloud.kms_v1.services.key_management_service.async_client import ( + KeyManagementServiceAsyncClient, +) +from google.cloud.kms_v1.services.key_management_service.client import ( + KeyManagementServiceClient, +) +from google.cloud.kms_v1.types.resources import CryptoKey +from google.cloud.kms_v1.types.resources import CryptoKeyVersion +from google.cloud.kms_v1.types.resources import CryptoKeyVersionTemplate +from google.cloud.kms_v1.types.resources import ExternalProtectionLevelOptions +from google.cloud.kms_v1.types.resources import ImportJob +from google.cloud.kms_v1.types.resources import KeyOperationAttestation +from google.cloud.kms_v1.types.resources import KeyRing +from google.cloud.kms_v1.types.resources import ProtectionLevel +from google.cloud.kms_v1.types.resources import PublicKey +from google.cloud.kms_v1.types.service import AsymmetricDecryptRequest +from google.cloud.kms_v1.types.service import AsymmetricDecryptResponse +from google.cloud.kms_v1.types.service import AsymmetricSignRequest +from google.cloud.kms_v1.types.service import AsymmetricSignResponse +from google.cloud.kms_v1.types.service import CreateCryptoKeyRequest +from google.cloud.kms_v1.types.service import CreateCryptoKeyVersionRequest +from google.cloud.kms_v1.types.service import CreateImportJobRequest +from google.cloud.kms_v1.types.service import CreateKeyRingRequest +from google.cloud.kms_v1.types.service import DecryptRequest +from google.cloud.kms_v1.types.service import DecryptResponse +from google.cloud.kms_v1.types.service import DestroyCryptoKeyVersionRequest +from google.cloud.kms_v1.types.service import Digest +from google.cloud.kms_v1.types.service import EncryptRequest +from google.cloud.kms_v1.types.service import EncryptResponse +from google.cloud.kms_v1.types.service import GetCryptoKeyRequest +from google.cloud.kms_v1.types.service import GetCryptoKeyVersionRequest +from google.cloud.kms_v1.types.service import GetImportJobRequest +from google.cloud.kms_v1.types.service import GetKeyRingRequest +from google.cloud.kms_v1.types.service import GetPublicKeyRequest +from google.cloud.kms_v1.types.service import ImportCryptoKeyVersionRequest +from google.cloud.kms_v1.types.service import ListCryptoKeyVersionsRequest +from google.cloud.kms_v1.types.service import ListCryptoKeyVersionsResponse +from google.cloud.kms_v1.types.service import ListCryptoKeysRequest +from google.cloud.kms_v1.types.service import ListCryptoKeysResponse +from google.cloud.kms_v1.types.service import ListImportJobsRequest +from google.cloud.kms_v1.types.service import ListImportJobsResponse +from google.cloud.kms_v1.types.service import ListKeyRingsRequest +from google.cloud.kms_v1.types.service import ListKeyRingsResponse +from google.cloud.kms_v1.types.service import LocationMetadata +from google.cloud.kms_v1.types.service import RestoreCryptoKeyVersionRequest +from google.cloud.kms_v1.types.service import UpdateCryptoKeyPrimaryVersionRequest +from google.cloud.kms_v1.types.service import UpdateCryptoKeyRequest +from google.cloud.kms_v1.types.service import UpdateCryptoKeyVersionRequest + +__all__ = ( + "AsymmetricDecryptRequest", + "AsymmetricDecryptResponse", + "AsymmetricSignRequest", + "AsymmetricSignResponse", + "CreateCryptoKeyRequest", + "CreateCryptoKeyVersionRequest", + "CreateImportJobRequest", + "CreateKeyRingRequest", + "CryptoKey", + "CryptoKeyVersion", + "CryptoKeyVersionTemplate", + "DecryptRequest", + "DecryptResponse", + "DestroyCryptoKeyVersionRequest", + "Digest", + "EncryptRequest", + "EncryptResponse", + "ExternalProtectionLevelOptions", + "GetCryptoKeyRequest", + "GetCryptoKeyVersionRequest", + "GetImportJobRequest", + "GetKeyRingRequest", + "GetPublicKeyRequest", + "ImportCryptoKeyVersionRequest", + "ImportJob", + "KeyManagementServiceAsyncClient", + "KeyManagementServiceClient", + "KeyOperationAttestation", + "KeyRing", + "ListCryptoKeyVersionsRequest", + "ListCryptoKeyVersionsResponse", + "ListCryptoKeysRequest", + "ListCryptoKeysResponse", + "ListImportJobsRequest", + "ListImportJobsResponse", + "ListKeyRingsRequest", + "ListKeyRingsResponse", + "LocationMetadata", + "ProtectionLevel", + "PublicKey", + "RestoreCryptoKeyVersionRequest", + "UpdateCryptoKeyPrimaryVersionRequest", + "UpdateCryptoKeyRequest", + "UpdateCryptoKeyVersionRequest", +) diff --git a/google/cloud/kms/py.typed b/google/cloud/kms/py.typed new file mode 100644 index 00000000..3720b5f2 --- /dev/null +++ b/google/cloud/kms/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-kms package uses inline types. diff --git a/google/cloud/kms_v1/__init__.py b/google/cloud/kms_v1/__init__.py index 73099d6d..a68d1c3b 100644 --- a/google/cloud/kms_v1/__init__.py +++ b/google/cloud/kms_v1/__init__.py @@ -1,43 +1,107 @@ # -*- coding: utf-8 -*- -# + # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# https://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# - -from __future__ import absolute_import -import sys -import warnings - -from google.cloud.kms_v1 import types -from google.cloud.kms_v1.gapic import enums -from google.cloud.kms_v1.gapic import key_management_service_client - - -if sys.version_info[:2] == (2, 7): - message = ( - "A future version of this library will drop support for Python 2.7." - "More details about Python 2 support for Google Cloud Client Libraries" - "can be found at https://cloud.google.com/python/docs/python2-sunset/" - ) - warnings.warn(message, DeprecationWarning) - - -class KeyManagementServiceClient( - key_management_service_client.KeyManagementServiceClient -): - __doc__ = key_management_service_client.KeyManagementServiceClient.__doc__ - enums = enums +from .services.key_management_service import KeyManagementServiceClient +from .types.resources import CryptoKey +from .types.resources import CryptoKeyVersion +from .types.resources import CryptoKeyVersionTemplate +from .types.resources import ExternalProtectionLevelOptions +from .types.resources import ImportJob +from .types.resources import KeyOperationAttestation +from .types.resources import KeyRing +from .types.resources import ProtectionLevel +from .types.resources import PublicKey +from .types.service import AsymmetricDecryptRequest +from .types.service import AsymmetricDecryptResponse +from .types.service import AsymmetricSignRequest +from .types.service import AsymmetricSignResponse +from .types.service import CreateCryptoKeyRequest +from .types.service import CreateCryptoKeyVersionRequest +from .types.service import CreateImportJobRequest +from .types.service import CreateKeyRingRequest +from .types.service import DecryptRequest +from .types.service import DecryptResponse +from .types.service import DestroyCryptoKeyVersionRequest +from .types.service import Digest +from .types.service import EncryptRequest +from .types.service import EncryptResponse +from .types.service import GetCryptoKeyRequest +from .types.service import GetCryptoKeyVersionRequest +from .types.service import GetImportJobRequest +from .types.service import GetKeyRingRequest +from .types.service import GetPublicKeyRequest +from .types.service import ImportCryptoKeyVersionRequest +from .types.service import ListCryptoKeyVersionsRequest +from .types.service import ListCryptoKeyVersionsResponse +from .types.service import ListCryptoKeysRequest +from .types.service import ListCryptoKeysResponse +from .types.service import ListImportJobsRequest +from .types.service import ListImportJobsResponse +from .types.service import ListKeyRingsRequest +from .types.service import ListKeyRingsResponse +from .types.service import LocationMetadata +from .types.service import RestoreCryptoKeyVersionRequest +from .types.service import UpdateCryptoKeyPrimaryVersionRequest +from .types.service import UpdateCryptoKeyRequest +from .types.service import UpdateCryptoKeyVersionRequest -__all__ = ("enums", "types", "KeyManagementServiceClient") +__all__ = ( + "AsymmetricDecryptRequest", + "AsymmetricDecryptResponse", + "AsymmetricSignRequest", + "AsymmetricSignResponse", + "CreateCryptoKeyRequest", + "CreateCryptoKeyVersionRequest", + "CreateImportJobRequest", + "CreateKeyRingRequest", + "CryptoKey", + "CryptoKeyVersion", + "CryptoKeyVersionTemplate", + "DecryptRequest", + "DecryptResponse", + "DestroyCryptoKeyVersionRequest", + "Digest", + "EncryptRequest", + "EncryptResponse", + "ExternalProtectionLevelOptions", + "GetCryptoKeyRequest", + "GetCryptoKeyVersionRequest", + "GetImportJobRequest", + "GetKeyRingRequest", + "GetPublicKeyRequest", + "ImportCryptoKeyVersionRequest", + "ImportJob", + "KeyOperationAttestation", + "KeyRing", + "ListCryptoKeyVersionsRequest", + "ListCryptoKeyVersionsResponse", + "ListCryptoKeysRequest", + "ListCryptoKeysResponse", + "ListImportJobsRequest", + "ListImportJobsResponse", + "ListKeyRingsRequest", + "ListKeyRingsResponse", + "LocationMetadata", + "ProtectionLevel", + "PublicKey", + "RestoreCryptoKeyVersionRequest", + "UpdateCryptoKeyPrimaryVersionRequest", + "UpdateCryptoKeyRequest", + "UpdateCryptoKeyVersionRequest", + "KeyManagementServiceClient", +) diff --git a/google/cloud/kms_v1/gapic/__init__.py b/google/cloud/kms_v1/gapic/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/google/cloud/kms_v1/gapic/enums.py b/google/cloud/kms_v1/gapic/enums.py deleted file mode 100644 index cf27deeb..00000000 --- a/google/cloud/kms_v1/gapic/enums.py +++ /dev/null @@ -1,252 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Wrappers for protocol buffer enum types.""" - -import enum - - -class ProtectionLevel(enum.IntEnum): - """ - ``ProtectionLevel`` specifies how cryptographic operations are - performed. For more information, see [Protection levels] - (https://cloud.google.com/kms/docs/algorithms#protection\_levels). - - Attributes: - PROTECTION_LEVEL_UNSPECIFIED (int): Not specified. - SOFTWARE (int): Crypto operations are performed in software. - HSM (int): Crypto operations are performed in a Hardware Security Module. - EXTERNAL (int): Crypto operations are performed by an external key manager. - """ - - PROTECTION_LEVEL_UNSPECIFIED = 0 - SOFTWARE = 1 - HSM = 2 - EXTERNAL = 3 - - -class CryptoKey(object): - class CryptoKeyPurpose(enum.IntEnum): - """ - ``CryptoKeyPurpose`` describes the cryptographic capabilities of a - ``CryptoKey``. A given key can only be used for the operations allowed - by its purpose. For more information, see `Key - purposes `__. - - Attributes: - CRYPTO_KEY_PURPOSE_UNSPECIFIED (int): Not specified. - ENCRYPT_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with ``Encrypt`` and - ``Decrypt``. - ASYMMETRIC_SIGN (int): ``CryptoKeys`` with this purpose may be used with ``AsymmetricSign`` and - ``GetPublicKey``. - ASYMMETRIC_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with ``AsymmetricDecrypt`` - and ``GetPublicKey``. - """ - - CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0 - ENCRYPT_DECRYPT = 1 - ASYMMETRIC_SIGN = 5 - ASYMMETRIC_DECRYPT = 6 - - -class CryptoKeyVersion(object): - class CryptoKeyVersionAlgorithm(enum.IntEnum): - """ - The algorithm of the ``CryptoKeyVersion``, indicating what parameters - must be used for each cryptographic operation. - - The ``GOOGLE_SYMMETRIC_ENCRYPTION`` algorithm is usable with - ``CryptoKey.purpose`` ``ENCRYPT_DECRYPT``. - - Algorithms beginning with "RSA\_SIGN\_" are usable with - ``CryptoKey.purpose`` ``ASYMMETRIC_SIGN``. - - The fields in the name after "RSA\_SIGN\_" correspond to the following - parameters: padding algorithm, modulus bit length, and digest algorithm. - - For PSS, the salt length used is equal to the length of digest - algorithm. For example, ``RSA_SIGN_PSS_2048_SHA256`` will use PSS with a - salt length of 256 bits or 32 bytes. - - Algorithms beginning with "RSA\_DECRYPT\_" are usable with - ``CryptoKey.purpose`` ``ASYMMETRIC_DECRYPT``. - - The fields in the name after "RSA\_DECRYPT\_" correspond to the - following parameters: padding algorithm, modulus bit length, and digest - algorithm. - - Algorithms beginning with "EC\_SIGN\_" are usable with - ``CryptoKey.purpose`` ``ASYMMETRIC_SIGN``. - - The fields in the name after "EC\_SIGN\_" correspond to the following - parameters: elliptic curve, digest algorithm. - - For more information, see [Key purposes and algorithms] - (https://cloud.google.com/kms/docs/algorithms). - - Attributes: - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED (int): Not specified. - GOOGLE_SYMMETRIC_ENCRYPTION (int): Creates symmetric encryption keys. - RSA_SIGN_PSS_2048_SHA256 (int): RSASSA-PSS 2048 bit key with a SHA256 digest. - RSA_SIGN_PSS_3072_SHA256 (int): RSASSA-PSS 3072 bit key with a SHA256 digest. - RSA_SIGN_PSS_4096_SHA256 (int): RSASSA-PSS 4096 bit key with a SHA256 digest. - RSA_SIGN_PSS_4096_SHA512 (int): RSASSA-PSS 4096 bit key with a SHA512 digest. - RSA_SIGN_PKCS1_2048_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 2048 bit key and a SHA256 digest. - RSA_SIGN_PKCS1_3072_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 3072 bit key and a SHA256 digest. - RSA_SIGN_PKCS1_4096_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 4096 bit key and a SHA256 digest. - RSA_SIGN_PKCS1_4096_SHA512 (int): RSASSA-PKCS1-v1\_5 with a 4096 bit key and a SHA512 digest. - RSA_DECRYPT_OAEP_2048_SHA256 (int): RSAES-OAEP 2048 bit key with a SHA256 digest. - RSA_DECRYPT_OAEP_3072_SHA256 (int): RSAES-OAEP 3072 bit key with a SHA256 digest. - RSA_DECRYPT_OAEP_4096_SHA256 (int): RSAES-OAEP 4096 bit key with a SHA256 digest. - RSA_DECRYPT_OAEP_4096_SHA512 (int): RSAES-OAEP 4096 bit key with a SHA512 digest. - EC_SIGN_P256_SHA256 (int): ECDSA on the NIST P-256 curve with a SHA256 digest. - EC_SIGN_P384_SHA384 (int): ECDSA on the NIST P-384 curve with a SHA384 digest. - EXTERNAL_SYMMETRIC_ENCRYPTION (int): Algorithm representing symmetric encryption by an external key manager. - """ - - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0 - GOOGLE_SYMMETRIC_ENCRYPTION = 1 - RSA_SIGN_PSS_2048_SHA256 = 2 - RSA_SIGN_PSS_3072_SHA256 = 3 - RSA_SIGN_PSS_4096_SHA256 = 4 - RSA_SIGN_PSS_4096_SHA512 = 15 - RSA_SIGN_PKCS1_2048_SHA256 = 5 - RSA_SIGN_PKCS1_3072_SHA256 = 6 - RSA_SIGN_PKCS1_4096_SHA256 = 7 - RSA_SIGN_PKCS1_4096_SHA512 = 16 - RSA_DECRYPT_OAEP_2048_SHA256 = 8 - RSA_DECRYPT_OAEP_3072_SHA256 = 9 - RSA_DECRYPT_OAEP_4096_SHA256 = 10 - RSA_DECRYPT_OAEP_4096_SHA512 = 17 - EC_SIGN_P256_SHA256 = 12 - EC_SIGN_P384_SHA384 = 13 - EXTERNAL_SYMMETRIC_ENCRYPTION = 18 - - class CryptoKeyVersionState(enum.IntEnum): - """ - The state of a ``CryptoKeyVersion``, indicating if it can be used. - - Attributes: - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED (int): Not specified. - PENDING_GENERATION (int): This version is still being generated. It may not be used, enabled, - disabled, or destroyed yet. Cloud KMS will automatically mark this - version ``ENABLED`` as soon as the version is ready. - ENABLED (int): This version may be used for cryptographic operations. - DISABLED (int): This version may not be used, but the key material is still available, - and the version can be placed back into the ``ENABLED`` state. - DESTROYED (int): This version is destroyed, and the key material is no longer stored. - A version may not leave this state once entered. - DESTROY_SCHEDULED (int): This version is scheduled for destruction, and will be destroyed soon. - Call ``RestoreCryptoKeyVersion`` to put it back into the ``DISABLED`` - state. - PENDING_IMPORT (int): This version is still being imported. It may not be used, enabled, - disabled, or destroyed yet. Cloud KMS will automatically mark this - version ``ENABLED`` as soon as the version is ready. - IMPORT_FAILED (int): This version was not imported successfully. It may not be used, enabled, - disabled, or destroyed. The submitted key material has been discarded. - Additional details can be found in - ``CryptoKeyVersion.import_failure_reason``. - """ - - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0 - PENDING_GENERATION = 5 - ENABLED = 1 - DISABLED = 2 - DESTROYED = 3 - DESTROY_SCHEDULED = 4 - PENDING_IMPORT = 6 - IMPORT_FAILED = 7 - - class CryptoKeyVersionView(enum.IntEnum): - """ - A view for ``CryptoKeyVersion``\ s. Controls the level of detail - returned for ``CryptoKeyVersions`` in - ``KeyManagementService.ListCryptoKeyVersions`` and - ``KeyManagementService.ListCryptoKeys``. - - Attributes: - CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED (int): Default view for each ``CryptoKeyVersion``. Does not include the - ``attestation`` field. - FULL (int): Provides all fields in each ``CryptoKeyVersion``, including the - ``attestation``. - """ - - CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0 - FULL = 1 - - -class ImportJob(object): - class ImportJobState(enum.IntEnum): - """ - The state of the ``ImportJob``, indicating if it can be used. - - Attributes: - IMPORT_JOB_STATE_UNSPECIFIED (int): Not specified. - PENDING_GENERATION (int): The wrapping key for this job is still being generated. It may not be - used. Cloud KMS will automatically mark this job as ``ACTIVE`` as soon - as the wrapping key is generated. - ACTIVE (int): This job may be used in ``CreateCryptoKey`` and - ``CreateCryptoKeyVersion`` requests. - EXPIRED (int): This job can no longer be used and may not leave this state once entered. - """ - - IMPORT_JOB_STATE_UNSPECIFIED = 0 - PENDING_GENERATION = 1 - ACTIVE = 2 - EXPIRED = 3 - - class ImportMethod(enum.IntEnum): - """ - ``ImportMethod`` describes the key wrapping method chosen for this - ``ImportJob``. - - Attributes: - IMPORT_METHOD_UNSPECIFIED (int): Not specified. - RSA_OAEP_3072_SHA1_AES_256 (int): This ImportMethod represents the CKM\_RSA\_AES\_KEY\_WRAP key wrapping - scheme defined in the PKCS #11 standard. In summary, this involves - wrapping the raw key with an ephemeral AES key, and wrapping the - ephemeral AES key with a 3072 bit RSA key. For more details, see `RSA - AES key wrap - mechanism `__. - RSA_OAEP_4096_SHA1_AES_256 (int): This ImportMethod represents the CKM\_RSA\_AES\_KEY\_WRAP key wrapping - scheme defined in the PKCS #11 standard. In summary, this involves - wrapping the raw key with an ephemeral AES key, and wrapping the - ephemeral AES key with a 4096 bit RSA key. For more details, see `RSA - AES key wrap - mechanism `__. - """ - - IMPORT_METHOD_UNSPECIFIED = 0 - RSA_OAEP_3072_SHA1_AES_256 = 1 - RSA_OAEP_4096_SHA1_AES_256 = 2 - - -class KeyOperationAttestation(object): - class AttestationFormat(enum.IntEnum): - """ - Attestation formats provided by the HSM. - - Attributes: - ATTESTATION_FORMAT_UNSPECIFIED (int): Not specified. - CAVIUM_V1_COMPRESSED (int): Cavium HSM attestation compressed with gzip. Note that this format is - defined by Cavium and subject to change at any time. - CAVIUM_V2_COMPRESSED (int): Cavium HSM attestation V2 compressed with gzip. This is a new format - introduced in Cavium's version 3.2-08. - """ - - ATTESTATION_FORMAT_UNSPECIFIED = 0 - CAVIUM_V1_COMPRESSED = 3 - CAVIUM_V2_COMPRESSED = 4 diff --git a/google/cloud/kms_v1/gapic/key_management_service_client.py b/google/cloud/kms_v1/gapic/key_management_service_client.py deleted file mode 100644 index 1a5632cf..00000000 --- a/google/cloud/kms_v1/gapic/key_management_service_client.py +++ /dev/null @@ -1,2556 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Accesses the google.cloud.kms.v1 KeyManagementService API.""" - -import functools -import pkg_resources -import warnings - -from google.oauth2 import service_account -import google.api_core.client_options -import google.api_core.gapic_v1.client_info -import google.api_core.gapic_v1.config -import google.api_core.gapic_v1.method -import google.api_core.gapic_v1.routing_header -import google.api_core.grpc_helpers -import google.api_core.page_iterator -import google.api_core.path_template -import google.api_core.protobuf_helpers -import grpc - -from google.cloud.kms_v1.gapic import enums -from google.cloud.kms_v1.gapic import key_management_service_client_config -from google.cloud.kms_v1.gapic.transports import key_management_service_grpc_transport -from google.cloud.kms_v1.proto import resources_pb2 -from google.cloud.kms_v1.proto import service_pb2 -from google.cloud.kms_v1.proto import service_pb2_grpc -from google.iam.v1 import iam_policy_pb2 -from google.iam.v1 import iam_policy_pb2_grpc -from google.iam.v1 import options_pb2 -from google.iam.v1 import policy_pb2 -from google.protobuf import field_mask_pb2 - - -_GAPIC_LIBRARY_VERSION = pkg_resources.get_distribution("google-cloud-kms").version - - -class KeyManagementServiceClient(object): - """ - Google Cloud Key Management Service - - Manages cryptographic keys and operations using those keys. Implements a - REST model with the following objects: - - - ``KeyRing`` - - ``CryptoKey`` - - ``CryptoKeyVersion`` - - ``ImportJob`` - - If you are using manual gRPC libraries, see `Using gRPC with Cloud - KMS `__. - """ - - SERVICE_ADDRESS = "cloudkms.googleapis.com:443" - """The default address of the service.""" - - # The name of the interface for this client. This is the key used to - # find the method configuration in the client_config dictionary. - _INTERFACE_NAME = "google.cloud.kms.v1.KeyManagementService" - - @classmethod - def from_service_account_file(cls, filename, *args, **kwargs): - """Creates an instance of this client using the provided credentials - file. - - Args: - filename (str): The path to the service account private key json - file. - args: Additional arguments to pass to the constructor. - kwargs: Additional arguments to pass to the constructor. - - Returns: - KeyManagementServiceClient: The constructed client. - """ - credentials = service_account.Credentials.from_service_account_file(filename) - kwargs["credentials"] = credentials - return cls(*args, **kwargs) - - from_service_account_json = from_service_account_file - - @classmethod - def crypto_key_path(cls, project, location, key_ring, crypto_key): - """Return a fully-qualified crypto_key string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}", - project=project, - location=location, - key_ring=key_ring, - crypto_key=crypto_key, - ) - - @classmethod - def crypto_key_path_path(cls, project, location, key_ring, crypto_key_path): - """Return a fully-qualified crypto_key_path string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}", - project=project, - location=location, - key_ring=key_ring, - crypto_key_path=crypto_key_path, - ) - - @classmethod - def crypto_key_version_path( - cls, project, location, key_ring, crypto_key, crypto_key_version - ): - - """Return a fully-qualified crypto_key_version string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}", - project=project, - location=location, - key_ring=key_ring, - crypto_key=crypto_key, - crypto_key_version=crypto_key_version, - ) - - @classmethod - def import_job_path(cls, project, location, key_ring, import_job): - """Return a fully-qualified import_job string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}", - project=project, - location=location, - key_ring=key_ring, - import_job=import_job, - ) - - @classmethod - def key_ring_path(cls, project, location, key_ring): - """Return a fully-qualified key_ring string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}", - project=project, - location=location, - key_ring=key_ring, - ) - - @classmethod - def location_path(cls, project, location): - """Return a fully-qualified location string.""" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}", - project=project, - location=location, - ) - - def __init__( - self, - transport=None, - channel=None, - credentials=None, - client_config=None, - client_info=None, - client_options=None, - ): - """Constructor. - - Args: - transport (Union[~.KeyManagementServiceGrpcTransport, - Callable[[~.Credentials, type], ~.KeyManagementServiceGrpcTransport]): A transport - instance, responsible for actually making the API calls. - The default transport uses the gRPC protocol. - This argument may also be a callable which returns a - transport instance. Callables will be sent the credentials - as the first argument and the default transport class as - the second argument. - channel (grpc.Channel): DEPRECATED. A ``Channel`` instance - through which to make calls. This argument is mutually exclusive - with ``credentials``; providing both will raise an exception. - credentials (google.auth.credentials.Credentials): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If none - are specified, the client will attempt to ascertain the - credentials from the environment. - This argument is mutually exclusive with providing a - transport instance to ``transport``; doing so will raise - an exception. - client_config (dict): DEPRECATED. A dictionary of call options for - each method. If not specified, the default configuration is used. - client_info (google.api_core.gapic_v1.client_info.ClientInfo): - The client info used to send a user-agent string along with - API requests. If ``None``, then default info will be used. - Generally, you only need to set this if you're developing - your own client library. - client_options (Union[dict, google.api_core.client_options.ClientOptions]): - Client options used to set user options on the client. API Endpoint - should be set through client_options. - """ - # Raise deprecation warnings for things we want to go away. - if client_config is not None: - warnings.warn( - "The `client_config` argument is deprecated.", - PendingDeprecationWarning, - stacklevel=2, - ) - else: - client_config = key_management_service_client_config.config - - if channel: - warnings.warn( - "The `channel` argument is deprecated; use " "`transport` instead.", - PendingDeprecationWarning, - stacklevel=2, - ) - - api_endpoint = self.SERVICE_ADDRESS - if client_options: - if type(client_options) == dict: - client_options = google.api_core.client_options.from_dict( - client_options - ) - if client_options.api_endpoint: - api_endpoint = client_options.api_endpoint - - # Instantiate the transport. - # The transport is responsible for handling serialization and - # deserialization and actually sending data to the service. - if transport: - if callable(transport): - self.transport = transport( - credentials=credentials, - default_class=key_management_service_grpc_transport.KeyManagementServiceGrpcTransport, - address=api_endpoint, - ) - else: - if credentials: - raise ValueError( - "Received both a transport instance and " - "credentials; these are mutually exclusive." - ) - self.transport = transport - else: - self.transport = key_management_service_grpc_transport.KeyManagementServiceGrpcTransport( - address=api_endpoint, channel=channel, credentials=credentials - ) - - if client_info is None: - client_info = google.api_core.gapic_v1.client_info.ClientInfo( - gapic_version=_GAPIC_LIBRARY_VERSION - ) - else: - client_info.gapic_version = _GAPIC_LIBRARY_VERSION - self._client_info = client_info - - # Parse out the default settings for retry and timeout for each RPC - # from the client configuration. - # (Ordinarily, these are the defaults specified in the `*_config.py` - # file next to this one.) - self._method_configs = google.api_core.gapic_v1.config.parse_method_configs( - client_config["interfaces"][self._INTERFACE_NAME] - ) - - # Save a dictionary of cached API call functions. - # These are the actual callables which invoke the proper - # transport methods, wrapped with `wrap_method` to add retry, - # timeout, and the like. - self._inner_api_calls = {} - - # Service calls - def list_key_rings( - self, - parent, - page_size=None, - filter_=None, - order_by=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Lists ``KeyRings``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.location_path('[PROJECT]', '[LOCATION]') - >>> - >>> # Iterate over all results - >>> for element in client.list_key_rings(parent): - ... # process element - ... pass - >>> - >>> - >>> # Alternatively: - >>> - >>> # Iterate over results one page at a time - >>> for page in client.list_key_rings(parent).pages: - ... for element in page: - ... # process element - ... pass - - Args: - parent (str): Required. The resource name of the location associated with the - ``KeyRings``, in the format ``projects/*/locations/*``. - page_size (int): The maximum number of resources contained in the - underlying API response. If page streaming is performed per- - resource, this parameter does not affect the return value. If page - streaming is performed per-page, this determines the maximum number - of resources in a page. - filter_ (str): Optional. Only include resources that match the filter in the response. - For more information, see `Sorting and filtering list - results `__. - order_by (str): Optional. Specify how the results should be sorted. If not specified, - the results will be sorted in the default order. For more information, - see `Sorting and filtering list - results `__. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.api_core.page_iterator.PageIterator` instance. - An iterable of :class:`~google.cloud.kms_v1.types.KeyRing` instances. - You can also iterate over the pages of the response - using its `pages` property. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "list_key_rings" not in self._inner_api_calls: - self._inner_api_calls[ - "list_key_rings" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.list_key_rings, - default_retry=self._method_configs["ListKeyRings"].retry, - default_timeout=self._method_configs["ListKeyRings"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.ListKeyRingsRequest( - parent=parent, page_size=page_size, filter=filter_, order_by=order_by - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - iterator = google.api_core.page_iterator.GRPCIterator( - client=None, - method=functools.partial( - self._inner_api_calls["list_key_rings"], - retry=retry, - timeout=timeout, - metadata=metadata, - ), - request=request, - items_field="key_rings", - request_token_field="page_token", - response_token_field="next_page_token", - ) - return iterator - - def list_import_jobs( - self, - parent, - page_size=None, - filter_=None, - order_by=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Lists ``ImportJobs``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') - >>> - >>> # Iterate over all results - >>> for element in client.list_import_jobs(parent): - ... # process element - ... pass - >>> - >>> - >>> # Alternatively: - >>> - >>> # Iterate over results one page at a time - >>> for page in client.list_import_jobs(parent).pages: - ... for element in page: - ... # process element - ... pass - - Args: - parent (str): Required. The resource name of the ``KeyRing`` to list, in the format - ``projects/*/locations/*/keyRings/*``. - page_size (int): The maximum number of resources contained in the - underlying API response. If page streaming is performed per- - resource, this parameter does not affect the return value. If page - streaming is performed per-page, this determines the maximum number - of resources in a page. - filter_ (str): Optional. Only include resources that match the filter in the response. - For more information, see `Sorting and filtering list - results `__. - order_by (str): Optional. Specify how the results should be sorted. If not specified, - the results will be sorted in the default order. For more information, - see `Sorting and filtering list - results `__. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.api_core.page_iterator.PageIterator` instance. - An iterable of :class:`~google.cloud.kms_v1.types.ImportJob` instances. - You can also iterate over the pages of the response - using its `pages` property. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "list_import_jobs" not in self._inner_api_calls: - self._inner_api_calls[ - "list_import_jobs" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.list_import_jobs, - default_retry=self._method_configs["ListImportJobs"].retry, - default_timeout=self._method_configs["ListImportJobs"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.ListImportJobsRequest( - parent=parent, page_size=page_size, filter=filter_, order_by=order_by - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - iterator = google.api_core.page_iterator.GRPCIterator( - client=None, - method=functools.partial( - self._inner_api_calls["list_import_jobs"], - retry=retry, - timeout=timeout, - metadata=metadata, - ), - request=request, - items_field="import_jobs", - request_token_field="page_token", - response_token_field="next_page_token", - ) - return iterator - - def list_crypto_keys( - self, - parent, - page_size=None, - version_view=None, - filter_=None, - order_by=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Lists ``CryptoKeys``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') - >>> - >>> # Iterate over all results - >>> for element in client.list_crypto_keys(parent): - ... # process element - ... pass - >>> - >>> - >>> # Alternatively: - >>> - >>> # Iterate over results one page at a time - >>> for page in client.list_crypto_keys(parent).pages: - ... for element in page: - ... # process element - ... pass - - Args: - parent (str): Required. The resource name of the ``KeyRing`` to list, in the format - ``projects/*/locations/*/keyRings/*``. - page_size (int): The maximum number of resources contained in the - underlying API response. If page streaming is performed per- - resource, this parameter does not affect the return value. If page - streaming is performed per-page, this determines the maximum number - of resources in a page. - version_view (~google.cloud.kms_v1.types.CryptoKeyVersionView): The fields of the primary version to include in the response. - filter_ (str): Optional. Only include resources that match the filter in the response. - For more information, see `Sorting and filtering list - results `__. - order_by (str): Optional. Specify how the results should be sorted. If not specified, - the results will be sorted in the default order. For more information, - see `Sorting and filtering list - results `__. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.api_core.page_iterator.PageIterator` instance. - An iterable of :class:`~google.cloud.kms_v1.types.CryptoKey` instances. - You can also iterate over the pages of the response - using its `pages` property. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "list_crypto_keys" not in self._inner_api_calls: - self._inner_api_calls[ - "list_crypto_keys" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.list_crypto_keys, - default_retry=self._method_configs["ListCryptoKeys"].retry, - default_timeout=self._method_configs["ListCryptoKeys"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.ListCryptoKeysRequest( - parent=parent, - page_size=page_size, - version_view=version_view, - filter=filter_, - order_by=order_by, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - iterator = google.api_core.page_iterator.GRPCIterator( - client=None, - method=functools.partial( - self._inner_api_calls["list_crypto_keys"], - retry=retry, - timeout=timeout, - metadata=metadata, - ), - request=request, - items_field="crypto_keys", - request_token_field="page_token", - response_token_field="next_page_token", - ) - return iterator - - def list_crypto_key_versions( - self, - parent, - page_size=None, - view=None, - filter_=None, - order_by=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Lists ``CryptoKeyVersions``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> # Iterate over all results - >>> for element in client.list_crypto_key_versions(parent): - ... # process element - ... pass - >>> - >>> - >>> # Alternatively: - >>> - >>> # Iterate over results one page at a time - >>> for page in client.list_crypto_key_versions(parent).pages: - ... for element in page: - ... # process element - ... pass - - Args: - parent (str): Required. The resource name of the ``CryptoKey`` to list, in the format - ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. - page_size (int): The maximum number of resources contained in the - underlying API response. If page streaming is performed per- - resource, this parameter does not affect the return value. If page - streaming is performed per-page, this determines the maximum number - of resources in a page. - view (~google.cloud.kms_v1.types.CryptoKeyVersionView): The fields to include in the response. - filter_ (str): Optional. Only include resources that match the filter in the response. - For more information, see `Sorting and filtering list - results `__. - order_by (str): Optional. Specify how the results should be sorted. If not specified, - the results will be sorted in the default order. For more information, - see `Sorting and filtering list - results `__. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.api_core.page_iterator.PageIterator` instance. - An iterable of :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instances. - You can also iterate over the pages of the response - using its `pages` property. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "list_crypto_key_versions" not in self._inner_api_calls: - self._inner_api_calls[ - "list_crypto_key_versions" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.list_crypto_key_versions, - default_retry=self._method_configs["ListCryptoKeyVersions"].retry, - default_timeout=self._method_configs["ListCryptoKeyVersions"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.ListCryptoKeyVersionsRequest( - parent=parent, - page_size=page_size, - view=view, - filter=filter_, - order_by=order_by, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - iterator = google.api_core.page_iterator.GRPCIterator( - client=None, - method=functools.partial( - self._inner_api_calls["list_crypto_key_versions"], - retry=retry, - timeout=timeout, - metadata=metadata, - ), - request=request, - items_field="crypto_key_versions", - request_token_field="page_token", - response_token_field="next_page_token", - ) - return iterator - - def get_key_ring( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns metadata for a given ``KeyRing``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') - >>> - >>> response = client.get_key_ring(name) - - Args: - name (str): Required. The ``name`` of the ``KeyRing`` to get. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.KeyRing` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_key_ring" not in self._inner_api_calls: - self._inner_api_calls[ - "get_key_ring" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_key_ring, - default_retry=self._method_configs["GetKeyRing"].retry, - default_timeout=self._method_configs["GetKeyRing"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.GetKeyRingRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_key_ring"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def get_import_job( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns metadata for a given ``ImportJob``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.import_job_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[IMPORT_JOB]') - >>> - >>> response = client.get_import_job(name) - - Args: - name (str): Required. The ``name`` of the ``ImportJob`` to get. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.ImportJob` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_import_job" not in self._inner_api_calls: - self._inner_api_calls[ - "get_import_job" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_import_job, - default_retry=self._method_configs["GetImportJob"].retry, - default_timeout=self._method_configs["GetImportJob"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.GetImportJobRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_import_job"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def get_crypto_key( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns metadata for a given ``CryptoKey``, as well as its ``primary`` - ``CryptoKeyVersion``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> response = client.get_crypto_key(name) - - Args: - name (str): Required. The ``name`` of the ``CryptoKey`` to get. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_crypto_key" not in self._inner_api_calls: - self._inner_api_calls[ - "get_crypto_key" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_crypto_key, - default_retry=self._method_configs["GetCryptoKey"].retry, - default_timeout=self._method_configs["GetCryptoKey"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.GetCryptoKeyRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_crypto_key"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def get_crypto_key_version( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns metadata for a given ``CryptoKeyVersion``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> response = client.get_crypto_key_version(name) - - Args: - name (str): Required. The ``name`` of the ``CryptoKeyVersion`` to get. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "get_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_crypto_key_version, - default_retry=self._method_configs["GetCryptoKeyVersion"].retry, - default_timeout=self._method_configs["GetCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.GetCryptoKeyVersionRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def create_key_ring( - self, - parent, - key_ring_id, - key_ring, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Create a new ``KeyRing`` in a given Project and Location. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.location_path('[PROJECT]', '[LOCATION]') - >>> - >>> # TODO: Initialize `key_ring_id`: - >>> key_ring_id = '' - >>> - >>> # TODO: Initialize `key_ring`: - >>> key_ring = {} - >>> - >>> response = client.create_key_ring(parent, key_ring_id, key_ring) - - Args: - parent (str): Required. The resource name of the location associated with the - ``KeyRings``, in the format ``projects/*/locations/*``. - key_ring_id (str): Required. It must be unique within a location and match the regular - expression ``[a-zA-Z0-9_-]{1,63}`` - key_ring (Union[dict, ~google.cloud.kms_v1.types.KeyRing]): Required. A ``KeyRing`` with initial field values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.KeyRing` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.KeyRing` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "create_key_ring" not in self._inner_api_calls: - self._inner_api_calls[ - "create_key_ring" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.create_key_ring, - default_retry=self._method_configs["CreateKeyRing"].retry, - default_timeout=self._method_configs["CreateKeyRing"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.CreateKeyRingRequest( - parent=parent, key_ring_id=key_ring_id, key_ring=key_ring - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["create_key_ring"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def create_import_job( - self, - parent, - import_job_id, - import_job, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Create a new ``ImportJob`` within a ``KeyRing``. - - ``ImportJob.import_method`` is required. - - Example: - >>> from google.cloud import kms_v1 - >>> from google.cloud.kms_v1 import enums - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') - >>> import_job_id = 'my-import-job' - >>> import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 - >>> protection_level = enums.ProtectionLevel.HSM - >>> import_job = {'import_method': import_method, 'protection_level': protection_level} - >>> - >>> response = client.create_import_job(parent, import_job_id, import_job) - - Args: - parent (str): Required. The ``name`` of the ``KeyRing`` associated with the - ``ImportJobs``. - import_job_id (str): Required. It must be unique within a KeyRing and match the regular - expression ``[a-zA-Z0-9_-]{1,63}`` - import_job (Union[dict, ~google.cloud.kms_v1.types.ImportJob]): Required. An ``ImportJob`` with initial field values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.ImportJob` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.ImportJob` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "create_import_job" not in self._inner_api_calls: - self._inner_api_calls[ - "create_import_job" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.create_import_job, - default_retry=self._method_configs["CreateImportJob"].retry, - default_timeout=self._method_configs["CreateImportJob"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.CreateImportJobRequest( - parent=parent, import_job_id=import_job_id, import_job=import_job - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["create_import_job"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def create_crypto_key( - self, - parent, - crypto_key_id, - crypto_key, - skip_initial_version_creation=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Create a new ``CryptoKey`` within a ``KeyRing``. - - ``CryptoKey.purpose`` and ``CryptoKey.version_template.algorithm`` are - required. - - Example: - >>> from google.cloud import kms_v1 - >>> from google.cloud.kms_v1 import enums - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') - >>> crypto_key_id = 'my-app-key' - >>> purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - >>> seconds = 2147483647 - >>> next_rotation_time = {'seconds': seconds} - >>> seconds_2 = 604800 - >>> rotation_period = {'seconds': seconds_2} - >>> crypto_key = {'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period} - >>> - >>> response = client.create_crypto_key(parent, crypto_key_id, crypto_key) - - Args: - parent (str): Required. The ``name`` of the KeyRing associated with the - ``CryptoKeys``. - crypto_key_id (str): Required. It must be unique within a KeyRing and match the regular - expression ``[a-zA-Z0-9_-]{1,63}`` - crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): Required. A ``CryptoKey`` with initial field values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.CryptoKey` - skip_initial_version_creation (bool): If set to true, the request will create a ``CryptoKey`` without any - ``CryptoKeyVersions``. You must manually call ``CreateCryptoKeyVersion`` - or ``ImportCryptoKeyVersion`` before you can use this ``CryptoKey``. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "create_crypto_key" not in self._inner_api_calls: - self._inner_api_calls[ - "create_crypto_key" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.create_crypto_key, - default_retry=self._method_configs["CreateCryptoKey"].retry, - default_timeout=self._method_configs["CreateCryptoKey"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.CreateCryptoKeyRequest( - parent=parent, - crypto_key_id=crypto_key_id, - crypto_key=crypto_key, - skip_initial_version_creation=skip_initial_version_creation, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["create_crypto_key"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def create_crypto_key_version( - self, - parent, - crypto_key_version, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. - - The server will assign the next sequential id. If unset, ``state`` will - be set to ``ENABLED``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> # TODO: Initialize `crypto_key_version`: - >>> crypto_key_version = {} - >>> - >>> response = client.create_crypto_key_version(parent, crypto_key_version) - - Args: - parent (str): Required. The ``name`` of the ``CryptoKey`` associated with the - ``CryptoKeyVersions``. - crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): Required. A ``CryptoKeyVersion`` with initial field values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "create_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "create_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.create_crypto_key_version, - default_retry=self._method_configs["CreateCryptoKeyVersion"].retry, - default_timeout=self._method_configs["CreateCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.CreateCryptoKeyVersionRequest( - parent=parent, crypto_key_version=crypto_key_version - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["create_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def import_crypto_key_version( - self, - parent, - algorithm, - import_job, - rsa_aes_wrapped_key=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Imports a new ``CryptoKeyVersion`` into an existing ``CryptoKey`` using - the wrapped key material provided in the request. - - The version ID will be assigned the next sequential id within the - ``CryptoKey``. - - Example: - >>> from google.cloud import kms_v1 - >>> from google.cloud.kms_v1 import enums - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> # TODO: Initialize `algorithm`: - >>> algorithm = enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED - >>> - >>> # TODO: Initialize `import_job`: - >>> import_job = '' - >>> - >>> response = client.import_crypto_key_version(parent, algorithm, import_job) - - Args: - parent (str): Required. The ``name`` of the ``CryptoKey`` to be imported into. - algorithm (~google.cloud.kms_v1.types.CryptoKeyVersionAlgorithm): Required. The ``algorithm`` of the key being imported. This does not - need to match the ``version_template`` of the ``CryptoKey`` this version - imports into. - import_job (str): Required. The ``name`` of the ``ImportJob`` that was used to wrap this - key material. - rsa_aes_wrapped_key (bytes): Wrapped key material produced with ``RSA_OAEP_3072_SHA1_AES_256`` or - ``RSA_OAEP_4096_SHA1_AES_256``. - - This field contains the concatenation of two wrapped keys: - - .. raw:: html - -
    -
  1. An ephemeral AES-256 wrapping key wrapped with the - `public_key` using RSAES-OAEP with SHA-1, - MGF1 with SHA-1, and an empty label. -
    2. -
  2. The key to be imported, wrapped with the ephemeral AES-256 key - using AES-KWP (RFC 5649). -
    3. -
- - If importing symmetric key material, it is expected that the unwrapped - key contains plain bytes. If importing asymmetric key material, it is - expected that the unwrapped key is in PKCS#8-encoded DER format (the - PrivateKeyInfo structure from RFC 5208). - - This format is the same as the format produced by PKCS#11 mechanism - CKM\_RSA\_AES\_KEY\_WRAP. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "import_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "import_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.import_crypto_key_version, - default_retry=self._method_configs["ImportCryptoKeyVersion"].retry, - default_timeout=self._method_configs["ImportCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - # Sanity check: We have some fields which are mutually exclusive; - # raise ValueError if more than one is sent. - google.api_core.protobuf_helpers.check_oneof( - rsa_aes_wrapped_key=rsa_aes_wrapped_key - ) - - request = service_pb2.ImportCryptoKeyVersionRequest( - parent=parent, - algorithm=algorithm, - import_job=import_job, - rsa_aes_wrapped_key=rsa_aes_wrapped_key, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("parent", parent)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["import_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def update_crypto_key( - self, - crypto_key, - update_mask, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Update a ``CryptoKey``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `crypto_key`: - >>> crypto_key = {} - >>> - >>> # TODO: Initialize `update_mask`: - >>> update_mask = {} - >>> - >>> response = client.update_crypto_key(crypto_key, update_mask) - - Args: - crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): Required. ``CryptoKey`` with updated values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.CryptoKey` - update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required. List of fields to be updated in this request. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.FieldMask` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "update_crypto_key" not in self._inner_api_calls: - self._inner_api_calls[ - "update_crypto_key" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.update_crypto_key, - default_retry=self._method_configs["UpdateCryptoKey"].retry, - default_timeout=self._method_configs["UpdateCryptoKey"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.UpdateCryptoKeyRequest( - crypto_key=crypto_key, update_mask=update_mask - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("crypto_key.name", crypto_key.name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["update_crypto_key"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def update_crypto_key_version( - self, - crypto_key_version, - update_mask, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Update a ``CryptoKeyVersion``'s metadata. - - ``state`` may be changed between ``ENABLED`` and ``DISABLED`` using this - method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` - to move between other states. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `crypto_key_version`: - >>> crypto_key_version = {} - >>> - >>> # TODO: Initialize `update_mask`: - >>> update_mask = {} - >>> - >>> response = client.update_crypto_key_version(crypto_key_version, update_mask) - - Args: - crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): Required. ``CryptoKeyVersion`` with updated values. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` - update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required. List of fields to be updated in this request. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.FieldMask` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "update_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "update_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.update_crypto_key_version, - default_retry=self._method_configs["UpdateCryptoKeyVersion"].retry, - default_timeout=self._method_configs["UpdateCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.UpdateCryptoKeyVersionRequest( - crypto_key_version=crypto_key_version, update_mask=update_mask - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("crypto_key_version.name", crypto_key_version.name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["update_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def encrypt( - self, - name, - plaintext, - additional_authenticated_data=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Encrypts data, so that it can only be recovered by a call to - ``Decrypt``. The ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `name`: - >>> name = '' - >>> - >>> # TODO: Initialize `plaintext`: - >>> plaintext = b'' - >>> - >>> response = client.encrypt(name, plaintext) - - Args: - name (str): Required. The resource name of the ``CryptoKey`` or ``CryptoKeyVersion`` - to use for encryption. - - If a ``CryptoKey`` is specified, the server will use its - ``primary version``. - plaintext (bytes): Required. The data to encrypt. Must be no larger than 64KiB. - - The maximum size depends on the key version's ``protection_level``. For - ``SOFTWARE`` keys, the plaintext must be no larger than 64KiB. For - ``HSM`` keys, the combined length of the plaintext and - additional\_authenticated\_data fields must be no larger than 8KiB. - additional_authenticated_data (bytes): Optional. Optional data that, if specified, must also be provided during - decryption through ``DecryptRequest.additional_authenticated_data``. - - The maximum size depends on the key version's ``protection_level``. For - ``SOFTWARE`` keys, the AAD must be no larger than 64KiB. For ``HSM`` - keys, the combined length of the plaintext and - additional\_authenticated\_data fields must be no larger than 8KiB. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.EncryptResponse` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "encrypt" not in self._inner_api_calls: - self._inner_api_calls[ - "encrypt" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.encrypt, - default_retry=self._method_configs["Encrypt"].retry, - default_timeout=self._method_configs["Encrypt"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.EncryptRequest( - name=name, - plaintext=plaintext, - additional_authenticated_data=additional_authenticated_data, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["encrypt"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def decrypt( - self, - name, - ciphertext, - additional_authenticated_data=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Decrypts data that was protected by ``Encrypt``. The - ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> # TODO: Initialize `ciphertext`: - >>> ciphertext = b'' - >>> - >>> response = client.decrypt(name, ciphertext) - - Args: - name (str): Required. The resource name of the ``CryptoKey`` to use for decryption. - The server will choose the appropriate version. - ciphertext (bytes): Required. The encrypted data originally returned in - ``EncryptResponse.ciphertext``. - additional_authenticated_data (bytes): Optional. Optional data that must match the data originally supplied in - ``EncryptRequest.additional_authenticated_data``. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.DecryptResponse` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "decrypt" not in self._inner_api_calls: - self._inner_api_calls[ - "decrypt" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.decrypt, - default_retry=self._method_configs["Decrypt"].retry, - default_timeout=self._method_configs["Decrypt"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.DecryptRequest( - name=name, - ciphertext=ciphertext, - additional_authenticated_data=additional_authenticated_data, - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["decrypt"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def update_crypto_key_primary_version( - self, - name, - crypto_key_version_id, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Update the version of a ``CryptoKey`` that will be used in ``Encrypt``. - - Returns an error if called on an asymmetric key. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') - >>> - >>> # TODO: Initialize `crypto_key_version_id`: - >>> crypto_key_version_id = '' - >>> - >>> response = client.update_crypto_key_primary_version(name, crypto_key_version_id) - - Args: - name (str): Required. The resource name of the ``CryptoKey`` to update. - crypto_key_version_id (str): Required. The id of the child ``CryptoKeyVersion`` to use as primary. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "update_crypto_key_primary_version" not in self._inner_api_calls: - self._inner_api_calls[ - "update_crypto_key_primary_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.update_crypto_key_primary_version, - default_retry=self._method_configs[ - "UpdateCryptoKeyPrimaryVersion" - ].retry, - default_timeout=self._method_configs[ - "UpdateCryptoKeyPrimaryVersion" - ].timeout, - client_info=self._client_info, - ) - - request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( - name=name, crypto_key_version_id=crypto_key_version_id - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["update_crypto_key_primary_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def destroy_crypto_key_version( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Schedule a ``CryptoKeyVersion`` for destruction. - - Upon calling this method, ``CryptoKeyVersion.state`` will be set to - ``DESTROY_SCHEDULED`` and ``destroy_time`` will be set to a time 24 - hours in the future, at which point the ``state`` will be changed to - ``DESTROYED``, and the key material will be irrevocably destroyed. - - Before the ``destroy_time`` is reached, ``RestoreCryptoKeyVersion`` may - be called to reverse the process. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> response = client.destroy_crypto_key_version(name) - - Args: - name (str): Required. The resource name of the ``CryptoKeyVersion`` to destroy. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "destroy_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "destroy_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.destroy_crypto_key_version, - default_retry=self._method_configs["DestroyCryptoKeyVersion"].retry, - default_timeout=self._method_configs["DestroyCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.DestroyCryptoKeyVersionRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["destroy_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def restore_crypto_key_version( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Restore a ``CryptoKeyVersion`` in the ``DESTROY_SCHEDULED`` state. - - Upon restoration of the CryptoKeyVersion, ``state`` will be set to - ``DISABLED``, and ``destroy_time`` will be cleared. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> response = client.restore_crypto_key_version(name) - - Args: - name (str): Required. The resource name of the ``CryptoKeyVersion`` to restore. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "restore_crypto_key_version" not in self._inner_api_calls: - self._inner_api_calls[ - "restore_crypto_key_version" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.restore_crypto_key_version, - default_retry=self._method_configs["RestoreCryptoKeyVersion"].retry, - default_timeout=self._method_configs["RestoreCryptoKeyVersion"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.RestoreCryptoKeyVersionRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["restore_crypto_key_version"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def get_public_key( - self, - name, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns the public key for the given ``CryptoKeyVersion``. The - ``CryptoKey.purpose`` must be ``ASYMMETRIC_SIGN`` or - ``ASYMMETRIC_DECRYPT``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> response = client.get_public_key(name) - - Args: - name (str): Required. The ``name`` of the ``CryptoKeyVersion`` public key to get. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.PublicKey` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_public_key" not in self._inner_api_calls: - self._inner_api_calls[ - "get_public_key" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_public_key, - default_retry=self._method_configs["GetPublicKey"].retry, - default_timeout=self._method_configs["GetPublicKey"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.GetPublicKeyRequest(name=name) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_public_key"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def asymmetric_decrypt( - self, - name, - ciphertext, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Decrypts data that was encrypted with a public key retrieved from - ``GetPublicKey`` corresponding to a ``CryptoKeyVersion`` with - ``CryptoKey.purpose`` ASYMMETRIC\_DECRYPT. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> # TODO: Initialize `ciphertext`: - >>> ciphertext = b'' - >>> - >>> response = client.asymmetric_decrypt(name, ciphertext) - - Args: - name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for - decryption. - ciphertext (bytes): Required. The data encrypted with the named ``CryptoKeyVersion``'s - public key using OAEP. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.AsymmetricDecryptResponse` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "asymmetric_decrypt" not in self._inner_api_calls: - self._inner_api_calls[ - "asymmetric_decrypt" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.asymmetric_decrypt, - default_retry=self._method_configs["AsymmetricDecrypt"].retry, - default_timeout=self._method_configs["AsymmetricDecrypt"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.AsymmetricDecryptRequest(name=name, ciphertext=ciphertext) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["asymmetric_decrypt"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def asymmetric_sign( - self, - name, - digest, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Signs data using a ``CryptoKeyVersion`` with ``CryptoKey.purpose`` - ASYMMETRIC\_SIGN, producing a signature that can be verified with the - public key retrieved from ``GetPublicKey``. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') - >>> - >>> # TODO: Initialize `digest`: - >>> digest = {} - >>> - >>> response = client.asymmetric_sign(name, digest) - - Args: - name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for - signing. - digest (Union[dict, ~google.cloud.kms_v1.types.Digest]): Required. The digest of the data to sign. The digest must be produced - with the same digest algorithm as specified by the key version's - ``algorithm``. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.Digest` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.AsymmetricSignResponse` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "asymmetric_sign" not in self._inner_api_calls: - self._inner_api_calls[ - "asymmetric_sign" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.asymmetric_sign, - default_retry=self._method_configs["AsymmetricSign"].retry, - default_timeout=self._method_configs["AsymmetricSign"].timeout, - client_info=self._client_info, - ) - - request = service_pb2.AsymmetricSignRequest(name=name, digest=digest) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("name", name)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["asymmetric_sign"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def set_iam_policy( - self, - resource, - policy, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Sets the access control policy on the specified resource. Replaces - any existing policy. - - Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and - PERMISSION_DENIED - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `resource`: - >>> resource = '' - >>> - >>> # TODO: Initialize `policy`: - >>> policy = {} - >>> - >>> response = client.set_iam_policy(resource, policy) - - Args: - resource (str): REQUIRED: The resource for which the policy is being specified. - See the operation documentation for the appropriate value for this field. - policy (Union[dict, ~google.cloud.kms_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The - size of the policy is limited to a few 10s of KB. An empty policy is a - valid policy but certain Cloud Platform services (such as Projects) - might reject them. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.Policy` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.Policy` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "set_iam_policy" not in self._inner_api_calls: - self._inner_api_calls[ - "set_iam_policy" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.set_iam_policy, - default_retry=self._method_configs["SetIamPolicy"].retry, - default_timeout=self._method_configs["SetIamPolicy"].timeout, - client_info=self._client_info, - ) - - request = iam_policy_pb2.SetIamPolicyRequest(resource=resource, policy=policy) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("resource", resource)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["set_iam_policy"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def get_iam_policy( - self, - resource, - options_=None, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Gets the access control policy for a resource. Returns an empty policy - if the resource exists and does not have a policy set. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `resource`: - >>> resource = '' - >>> - >>> response = client.get_iam_policy(resource) - - Args: - resource (str): REQUIRED: The resource for which the policy is being requested. - See the operation documentation for the appropriate value for this field. - options_ (Union[dict, ~google.cloud.kms_v1.types.GetPolicyOptions]): OPTIONAL: A ``GetPolicyOptions`` object for specifying options to - ``GetIamPolicy``. This field is only used by Cloud IAM. - - If a dict is provided, it must be of the same form as the protobuf - message :class:`~google.cloud.kms_v1.types.GetPolicyOptions` - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.Policy` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "get_iam_policy" not in self._inner_api_calls: - self._inner_api_calls[ - "get_iam_policy" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.get_iam_policy, - default_retry=self._method_configs["GetIamPolicy"].retry, - default_timeout=self._method_configs["GetIamPolicy"].timeout, - client_info=self._client_info, - ) - - request = iam_policy_pb2.GetIamPolicyRequest( - resource=resource, options=options_ - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("resource", resource)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["get_iam_policy"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) - - def test_iam_permissions( - self, - resource, - permissions, - retry=google.api_core.gapic_v1.method.DEFAULT, - timeout=google.api_core.gapic_v1.method.DEFAULT, - metadata=None, - ): - """ - Returns permissions that a caller has on the specified resource. If the - resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. - - Note: This operation is designed to be used for building - permission-aware UIs and command-line tools, not for authorization - checking. This operation may "fail open" without warning. - - Example: - >>> from google.cloud import kms_v1 - >>> - >>> client = kms_v1.KeyManagementServiceClient() - >>> - >>> # TODO: Initialize `resource`: - >>> resource = '' - >>> - >>> # TODO: Initialize `permissions`: - >>> permissions = [] - >>> - >>> response = client.test_iam_permissions(resource, permissions) - - Args: - resource (str): REQUIRED: The resource for which the policy detail is being requested. - See the operation documentation for the appropriate value for this field. - permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with - wildcards (such as '*' or 'storage.*') are not allowed. For more - information see `IAM - Overview `__. - retry (Optional[google.api_core.retry.Retry]): A retry object used - to retry requests. If ``None`` is specified, requests will - be retried using a default configuration. - timeout (Optional[float]): The amount of time, in seconds, to wait - for the request to complete. Note that if ``retry`` is - specified, the timeout applies to each individual attempt. - metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata - that is provided to the method. - - Returns: - A :class:`~google.cloud.kms_v1.types.TestIamPermissionsResponse` instance. - - Raises: - google.api_core.exceptions.GoogleAPICallError: If the request - failed for any reason. - google.api_core.exceptions.RetryError: If the request failed due - to a retryable error and retry attempts failed. - ValueError: If the parameters are invalid. - """ - # Wrap the transport method to add retry and timeout logic. - if "test_iam_permissions" not in self._inner_api_calls: - self._inner_api_calls[ - "test_iam_permissions" - ] = google.api_core.gapic_v1.method.wrap_method( - self.transport.test_iam_permissions, - default_retry=self._method_configs["TestIamPermissions"].retry, - default_timeout=self._method_configs["TestIamPermissions"].timeout, - client_info=self._client_info, - ) - - request = iam_policy_pb2.TestIamPermissionsRequest( - resource=resource, permissions=permissions - ) - if metadata is None: - metadata = [] - metadata = list(metadata) - try: - routing_header = [("resource", resource)] - except AttributeError: - pass - else: - routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( - routing_header - ) - metadata.append(routing_metadata) - - return self._inner_api_calls["test_iam_permissions"]( - request, retry=retry, timeout=timeout, metadata=metadata - ) diff --git a/google/cloud/kms_v1/gapic/key_management_service_client_config.py b/google/cloud/kms_v1/gapic/key_management_service_client_config.py deleted file mode 100644 index 0909a8a7..00000000 --- a/google/cloud/kms_v1/gapic/key_management_service_client_config.py +++ /dev/null @@ -1,155 +0,0 @@ -config = { - "interfaces": { - "google.cloud.kms.v1.KeyManagementService": { - "retry_codes": { - "retryable": ["DEADLINE_EXCEEDED", "INTERNAL", "UNAVAILABLE"], - "idempotent": ["DEADLINE_EXCEEDED", "UNAVAILABLE"], - "non_idempotent": [], - "non_retryable": [], - }, - "retry_params": { - "default": { - "initial_retry_delay_millis": 100, - "retry_delay_multiplier": 1.3, - "max_retry_delay_millis": 60000, - "initial_rpc_timeout_millis": 20000, - "rpc_timeout_multiplier": 1.0, - "max_rpc_timeout_millis": 20000, - "total_timeout_millis": 600000, - } - }, - "methods": { - "ListKeyRings": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "ListImportJobs": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "ListCryptoKeys": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "ListCryptoKeyVersions": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetKeyRing": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetImportJob": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetCryptoKey": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "CreateKeyRing": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "CreateImportJob": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "CreateCryptoKey": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "CreateCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "non_retryable", - "retry_params_name": "default", - }, - "ImportCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "non_retryable", - "retry_params_name": "default", - }, - "UpdateCryptoKey": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "UpdateCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "Encrypt": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "Decrypt": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "UpdateCryptoKeyPrimaryVersion": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "DestroyCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "RestoreCryptoKeyVersion": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetPublicKey": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "AsymmetricDecrypt": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "AsymmetricSign": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "SetIamPolicy": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "GetIamPolicy": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - "TestIamPermissions": { - "timeout_millis": 60000, - "retry_codes_name": "retryable", - "retry_params_name": "default", - }, - }, - } - } -} diff --git a/google/cloud/kms_v1/gapic/transports/__init__.py b/google/cloud/kms_v1/gapic/transports/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py b/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py deleted file mode 100644 index 4a03c3dc..00000000 --- a/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py +++ /dev/null @@ -1,502 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -import google.api_core.grpc_helpers - -from google.cloud.kms_v1.proto import service_pb2_grpc -from google.iam.v1 import iam_policy_pb2_grpc as iam_policy_pb2_grpc - - -class KeyManagementServiceGrpcTransport(object): - """gRPC transport class providing stubs for - google.cloud.kms.v1 KeyManagementService API. - - The transport provides access to the raw gRPC stubs, - which can be used to take advantage of advanced - features of gRPC. - """ - - # The scopes needed to make gRPC calls to all of the methods defined - # in this service. - _OAUTH_SCOPES = ( - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/cloudkms", - ) - - def __init__( - self, channel=None, credentials=None, address="cloudkms.googleapis.com:443" - ): - """Instantiate the transport class. - - Args: - channel (grpc.Channel): A ``Channel`` instance through - which to make calls. This argument is mutually exclusive - with ``credentials``; providing both will raise an exception. - credentials (google.auth.credentials.Credentials): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If none - are specified, the client will attempt to ascertain the - credentials from the environment. - address (str): The address where the service is hosted. - """ - # If both `channel` and `credentials` are specified, raise an - # exception (channels come with credentials baked in already). - if channel is not None and credentials is not None: - raise ValueError( - "The `channel` and `credentials` arguments are mutually " "exclusive." - ) - - # Create the channel. - if channel is None: - channel = self.create_channel( - address=address, - credentials=credentials, - options={ - "grpc.max_send_message_length": -1, - "grpc.max_receive_message_length": -1, - }.items(), - ) - - self._channel = channel - - # gRPC uses objects called "stubs" that are bound to the - # channel and provide a basic method for each RPC. - self._stubs = { - "key_management_service_stub": service_pb2_grpc.KeyManagementServiceStub( - channel - ), - "iam_policy_stub": iam_policy_pb2_grpc.IAMPolicyStub(channel), - } - - @classmethod - def create_channel( - cls, address="cloudkms.googleapis.com:443", credentials=None, **kwargs - ): - """Create and return a gRPC channel object. - - Args: - address (str): The host for the channel to use. - credentials (~.Credentials): The - authorization credentials to attach to requests. These - credentials identify this application to the service. If - none are specified, the client will attempt to ascertain - the credentials from the environment. - kwargs (dict): Keyword arguments, which are passed to the - channel creation. - - Returns: - grpc.Channel: A gRPC channel object. - """ - return google.api_core.grpc_helpers.create_channel( - address, credentials=credentials, scopes=cls._OAUTH_SCOPES, **kwargs - ) - - @property - def channel(self): - """The gRPC channel used by the transport. - - Returns: - grpc.Channel: A gRPC channel object. - """ - return self._channel - - @property - def list_key_rings(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.list_key_rings`. - - Lists ``KeyRings``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].ListKeyRings - - @property - def list_import_jobs(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.list_import_jobs`. - - Lists ``ImportJobs``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].ListImportJobs - - @property - def list_crypto_keys(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.list_crypto_keys`. - - Lists ``CryptoKeys``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].ListCryptoKeys - - @property - def list_crypto_key_versions(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.list_crypto_key_versions`. - - Lists ``CryptoKeyVersions``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].ListCryptoKeyVersions - - @property - def get_key_ring(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_key_ring`. - - Returns metadata for a given ``KeyRing``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].GetKeyRing - - @property - def get_import_job(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_import_job`. - - Returns metadata for a given ``ImportJob``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].GetImportJob - - @property - def get_crypto_key(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_crypto_key`. - - Returns metadata for a given ``CryptoKey``, as well as its ``primary`` - ``CryptoKeyVersion``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].GetCryptoKey - - @property - def get_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_crypto_key_version`. - - Returns metadata for a given ``CryptoKeyVersion``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].GetCryptoKeyVersion - - @property - def create_key_ring(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.create_key_ring`. - - Create a new ``KeyRing`` in a given Project and Location. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].CreateKeyRing - - @property - def create_import_job(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.create_import_job`. - - Create a new ``ImportJob`` within a ``KeyRing``. - - ``ImportJob.import_method`` is required. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].CreateImportJob - - @property - def create_crypto_key(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.create_crypto_key`. - - Create a new ``CryptoKey`` within a ``KeyRing``. - - ``CryptoKey.purpose`` and ``CryptoKey.version_template.algorithm`` are - required. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].CreateCryptoKey - - @property - def create_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.create_crypto_key_version`. - - Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. - - The server will assign the next sequential id. If unset, ``state`` will - be set to ``ENABLED``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].CreateCryptoKeyVersion - - @property - def import_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.import_crypto_key_version`. - - Imports a new ``CryptoKeyVersion`` into an existing ``CryptoKey`` using - the wrapped key material provided in the request. - - The version ID will be assigned the next sequential id within the - ``CryptoKey``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].ImportCryptoKeyVersion - - @property - def update_crypto_key(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.update_crypto_key`. - - Update a ``CryptoKey``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].UpdateCryptoKey - - @property - def update_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.update_crypto_key_version`. - - Update a ``CryptoKeyVersion``'s metadata. - - ``state`` may be changed between ``ENABLED`` and ``DISABLED`` using this - method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` - to move between other states. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].UpdateCryptoKeyVersion - - @property - def encrypt(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.encrypt`. - - Encrypts data, so that it can only be recovered by a call to - ``Decrypt``. The ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].Encrypt - - @property - def decrypt(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.decrypt`. - - Decrypts data that was protected by ``Encrypt``. The - ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].Decrypt - - @property - def update_crypto_key_primary_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.update_crypto_key_primary_version`. - - Update the version of a ``CryptoKey`` that will be used in ``Encrypt``. - - Returns an error if called on an asymmetric key. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].UpdateCryptoKeyPrimaryVersion - - @property - def destroy_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.destroy_crypto_key_version`. - - Schedule a ``CryptoKeyVersion`` for destruction. - - Upon calling this method, ``CryptoKeyVersion.state`` will be set to - ``DESTROY_SCHEDULED`` and ``destroy_time`` will be set to a time 24 - hours in the future, at which point the ``state`` will be changed to - ``DESTROYED``, and the key material will be irrevocably destroyed. - - Before the ``destroy_time`` is reached, ``RestoreCryptoKeyVersion`` may - be called to reverse the process. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].DestroyCryptoKeyVersion - - @property - def restore_crypto_key_version(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.restore_crypto_key_version`. - - Restore a ``CryptoKeyVersion`` in the ``DESTROY_SCHEDULED`` state. - - Upon restoration of the CryptoKeyVersion, ``state`` will be set to - ``DISABLED``, and ``destroy_time`` will be cleared. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].RestoreCryptoKeyVersion - - @property - def get_public_key(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_public_key`. - - Returns the public key for the given ``CryptoKeyVersion``. The - ``CryptoKey.purpose`` must be ``ASYMMETRIC_SIGN`` or - ``ASYMMETRIC_DECRYPT``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].GetPublicKey - - @property - def asymmetric_decrypt(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.asymmetric_decrypt`. - - Decrypts data that was encrypted with a public key retrieved from - ``GetPublicKey`` corresponding to a ``CryptoKeyVersion`` with - ``CryptoKey.purpose`` ASYMMETRIC\_DECRYPT. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].AsymmetricDecrypt - - @property - def asymmetric_sign(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.asymmetric_sign`. - - Signs data using a ``CryptoKeyVersion`` with ``CryptoKey.purpose`` - ASYMMETRIC\_SIGN, producing a signature that can be verified with the - public key retrieved from ``GetPublicKey``. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["key_management_service_stub"].AsymmetricSign - - @property - def set_iam_policy(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.set_iam_policy`. - - Sets the access control policy on the specified resource. Replaces - any existing policy. - - Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and - PERMISSION_DENIED - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["iam_policy_stub"].SetIamPolicy - - @property - def get_iam_policy(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.get_iam_policy`. - - Gets the access control policy for a resource. Returns an empty policy - if the resource exists and does not have a policy set. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["iam_policy_stub"].GetIamPolicy - - @property - def test_iam_permissions(self): - """Return the gRPC stub for :meth:`KeyManagementServiceClient.test_iam_permissions`. - - Returns permissions that a caller has on the specified resource. If the - resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. - - Note: This operation is designed to be used for building - permission-aware UIs and command-line tools, not for authorization - checking. This operation may "fail open" without warning. - - Returns: - Callable: A callable which accepts the appropriate - deserialized request object and returns a - deserialized response object. - """ - return self._stubs["iam_policy_stub"].TestIamPermissions diff --git a/google/cloud/kms_v1/proto/__init__.py b/google/cloud/kms_v1/proto/__init__.py deleted file mode 100644 index e69de29b..00000000 diff --git a/google/cloud/kms_v1/proto/resources.proto b/google/cloud/kms_v1/proto/resources.proto index b2b7ab91..e78b10cc 100644 --- a/google/cloud/kms_v1/proto/resources.proto +++ b/google/cloud/kms_v1/proto/resources.proto @@ -138,7 +138,7 @@ message CryptoKey { CryptoKeyVersionTemplate version_template = 11; // Labels with user-defined metadata. For more information, see - // [Labeling Keys](/kms/docs/labeling-keys). + // [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). map labels = 10; } diff --git a/google/cloud/kms_v1/proto/resources_pb2.py b/google/cloud/kms_v1/proto/resources_pb2.py deleted file mode 100644 index c72c1b5e..00000000 --- a/google/cloud/kms_v1/proto/resources_pb2.py +++ /dev/null @@ -1,1997 +0,0 @@ -# -*- coding: utf-8 -*- -# Generated by the protocol buffer compiler. DO NOT EDIT! -# source: google/cloud/kms_v1/proto/resources.proto - -import sys - -_b = sys.version_info[0] < 3 and (lambda x: x) or (lambda x: x.encode("latin1")) -from google.protobuf.internal import enum_type_wrapper -from google.protobuf import descriptor as _descriptor -from google.protobuf import message as _message -from google.protobuf import reflection as _reflection -from google.protobuf import symbol_database as _symbol_database - -# @@protoc_insertion_point(imports) - -_sym_db = _symbol_database.Default() - - -from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2 -from google.api import resource_pb2 as google_dot_api_dot_resource__pb2 -from google.protobuf import duration_pb2 as google_dot_protobuf_dot_duration__pb2 -from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 -from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 - - -DESCRIPTOR = _descriptor.FileDescriptor( - name="google/cloud/kms_v1/proto/resources.proto", - package="google.cloud.kms.v1", - syntax="proto3", - serialized_options=_b( - "\n\027com.google.cloud.kms.v1B\021KmsResourcesProtoP\001Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1" - ), - serialized_pb=_b( - '\n)google/cloud/kms_v1/proto/resources.proto\x12\x13google.cloud.kms.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1cgoogle/api/annotations.proto"\xb5\x01\n\x07KeyRing\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03:a\xea\x41^\n\x1f\x63loudkms.googleapis.com/KeyRing\x12;projects/{project}/locations/{location}/keyRings/{key_ring}"\x86\x06\n\tCryptoKey\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12;\n\x07primary\x18\x02 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersionB\x03\xe0\x41\x03\x12\x45\n\x07purpose\x18\x03 \x01(\x0e\x32/.google.cloud.kms.v1.CryptoKey.CryptoKeyPurposeB\x03\xe0\x41\x05\x12\x34\n\x0b\x63reate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x36\n\x12next_rotation_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x34\n\x0frotation_period\x18\x08 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12G\n\x10version_template\x18\x0b \x01(\x0b\x32-.google.cloud.kms.v1.CryptoKeyVersionTemplate\x12:\n\x06labels\x18\n \x03(\x0b\x32*.google.cloud.kms.v1.CryptoKey.LabelsEntry\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01"x\n\x10\x43ryptoKeyPurpose\x12"\n\x1e\x43RYPTO_KEY_PURPOSE_UNSPECIFIED\x10\x00\x12\x13\n\x0f\x45NCRYPT_DECRYPT\x10\x01\x12\x13\n\x0f\x41SYMMETRIC_SIGN\x10\x05\x12\x16\n\x12\x41SYMMETRIC_DECRYPT\x10\x06:{\xea\x41x\n!cloudkms.googleapis.com/CryptoKey\x12Sprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}B\x13\n\x11rotation_schedule"\xb3\x01\n\x18\x43ryptoKeyVersionTemplate\x12>\n\x10protection_level\x18\x01 \x01(\x0e\x32$.google.cloud.kms.v1.ProtectionLevel\x12W\n\talgorithm\x18\x03 \x01(\x0e\x32?.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithmB\x03\xe0\x41\x02"\xf1\x01\n\x17KeyOperationAttestation\x12S\n\x06\x66ormat\x18\x04 \x01(\x0e\x32>.google.cloud.kms.v1.KeyOperationAttestation.AttestationFormatB\x03\xe0\x41\x03\x12\x14\n\x07\x63ontent\x18\x05 \x01(\x0c\x42\x03\xe0\x41\x03"k\n\x11\x41ttestationFormat\x12"\n\x1e\x41TTESTATION_FORMAT_UNSPECIFIED\x10\x00\x12\x18\n\x14\x43\x41VIUM_V1_COMPRESSED\x10\x03\x12\x18\n\x14\x43\x41VIUM_V2_COMPRESSED\x10\x04"\x8a\x0e\n\x10\x43ryptoKeyVersion\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12J\n\x05state\x18\x03 \x01(\x0e\x32;.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState\x12\x43\n\x10protection_level\x18\x07 \x01(\x0e\x32$.google.cloud.kms.v1.ProtectionLevelB\x03\xe0\x41\x03\x12W\n\talgorithm\x18\n \x01(\x0e\x32?.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithmB\x03\xe0\x41\x03\x12\x46\n\x0b\x61ttestation\x18\x08 \x01(\x0b\x32,.google.cloud.kms.v1.KeyOperationAttestationB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x36\n\rgenerate_time\x18\x0b \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x35\n\x0c\x64\x65stroy_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12;\n\x12\x64\x65stroy_event_time\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x17\n\nimport_job\x18\x0e \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0bimport_time\x18\x0f \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12"\n\x15import_failure_reason\x18\x10 \x01(\tB\x03\xe0\x41\x03\x12^\n!external_protection_level_options\x18\x11 \x01(\x0b\x32\x33.google.cloud.kms.v1.ExternalProtectionLevelOptions"\xbf\x04\n\x19\x43ryptoKeyVersionAlgorithm\x12,\n(CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED\x10\x00\x12\x1f\n\x1bGOOGLE_SYMMETRIC_ENCRYPTION\x10\x01\x12\x1c\n\x18RSA_SIGN_PSS_2048_SHA256\x10\x02\x12\x1c\n\x18RSA_SIGN_PSS_3072_SHA256\x10\x03\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA256\x10\x04\x12\x1c\n\x18RSA_SIGN_PSS_4096_SHA512\x10\x0f\x12\x1e\n\x1aRSA_SIGN_PKCS1_2048_SHA256\x10\x05\x12\x1e\n\x1aRSA_SIGN_PKCS1_3072_SHA256\x10\x06\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA256\x10\x07\x12\x1e\n\x1aRSA_SIGN_PKCS1_4096_SHA512\x10\x10\x12 \n\x1cRSA_DECRYPT_OAEP_2048_SHA256\x10\x08\x12 \n\x1cRSA_DECRYPT_OAEP_3072_SHA256\x10\t\x12 \n\x1cRSA_DECRYPT_OAEP_4096_SHA256\x10\n\x12 \n\x1cRSA_DECRYPT_OAEP_4096_SHA512\x10\x11\x12\x17\n\x13\x45\x43_SIGN_P256_SHA256\x10\x0c\x12\x17\n\x13\x45\x43_SIGN_P384_SHA384\x10\r\x12!\n\x1d\x45XTERNAL_SYMMETRIC_ENCRYPTION\x10\x12"\xc1\x01\n\x15\x43ryptoKeyVersionState\x12(\n$CRYPTO_KEY_VERSION_STATE_UNSPECIFIED\x10\x00\x12\x16\n\x12PENDING_GENERATION\x10\x05\x12\x0b\n\x07\x45NABLED\x10\x01\x12\x0c\n\x08\x44ISABLED\x10\x02\x12\r\n\tDESTROYED\x10\x03\x12\x15\n\x11\x44\x45STROY_SCHEDULED\x10\x04\x12\x12\n\x0ePENDING_IMPORT\x10\x06\x12\x11\n\rIMPORT_FAILED\x10\x07"I\n\x14\x43ryptoKeyVersionView\x12\'\n#CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED\x10\x00\x12\x08\n\x04\x46ULL\x10\x01:\xaa\x01\xea\x41\xa6\x01\n(cloudkms.googleapis.com/CryptoKeyVersion\x12zprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}"\x9d\x02\n\tPublicKey\x12\x0b\n\x03pem\x18\x01 \x01(\t\x12R\n\talgorithm\x18\x02 \x01(\x0e\x32?.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm:\xae\x01\xea\x41\xaa\x01\n!cloudkms.googleapis.com/PublicKey\x12\x84\x01projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey"\xdb\x07\n\tImportJob\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12J\n\rimport_method\x18\x02 \x01(\x0e\x32+.google.cloud.kms.v1.ImportJob.ImportMethodB\x06\xe0\x41\x02\xe0\x41\x05\x12\x46\n\x10protection_level\x18\t \x01(\x0e\x32$.google.cloud.kms.v1.ProtectionLevelB\x06\xe0\x41\x02\xe0\x41\x05\x12\x34\n\x0b\x63reate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x36\n\rgenerate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12:\n\x11\x65xpire_event_time\x18\n \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x41\n\x05state\x18\x06 \x01(\x0e\x32-.google.cloud.kms.v1.ImportJob.ImportJobStateB\x03\xe0\x41\x03\x12I\n\npublic_key\x18\x07 \x01(\x0b\x32\x30.google.cloud.kms.v1.ImportJob.WrappingPublicKeyB\x03\xe0\x41\x03\x12\x46\n\x0b\x61ttestation\x18\x08 \x01(\x0b\x32,.google.cloud.kms.v1.KeyOperationAttestationB\x03\xe0\x41\x03\x1a \n\x11WrappingPublicKey\x12\x0b\n\x03pem\x18\x01 \x01(\t"m\n\x0cImportMethod\x12\x1d\n\x19IMPORT_METHOD_UNSPECIFIED\x10\x00\x12\x1e\n\x1aRSA_OAEP_3072_SHA1_AES_256\x10\x01\x12\x1e\n\x1aRSA_OAEP_4096_SHA1_AES_256\x10\x02"c\n\x0eImportJobState\x12 \n\x1cIMPORT_JOB_STATE_UNSPECIFIED\x10\x00\x12\x16\n\x12PENDING_GENERATION\x10\x01\x12\n\n\x06\x41\x43TIVE\x10\x02\x12\x0b\n\x07\x45XPIRED\x10\x03:{\xea\x41x\n!cloudkms.googleapis.com/ImportJob\x12Sprojects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}":\n\x1e\x45xternalProtectionLevelOptions\x12\x18\n\x10\x65xternal_key_uri\x18\x01 \x01(\t*X\n\x0fProtectionLevel\x12 \n\x1cPROTECTION_LEVEL_UNSPECIFIED\x10\x00\x12\x0c\n\x08SOFTWARE\x10\x01\x12\x07\n\x03HSM\x10\x02\x12\x0c\n\x08\x45XTERNAL\x10\x03\x42\x95\x01\n\x17\x63om.google.cloud.kms.v1B\x11KmsResourcesProtoP\x01Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\xf8\x01\x01\xaa\x02\x13Google.Cloud.Kms.V1\xca\x02\x13Google\\Cloud\\Kms\\V1b\x06proto3' - ), - dependencies=[ - google_dot_api_dot_field__behavior__pb2.DESCRIPTOR, - google_dot_api_dot_resource__pb2.DESCRIPTOR, - google_dot_protobuf_dot_duration__pb2.DESCRIPTOR, - google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR, - google_dot_api_dot_annotations__pb2.DESCRIPTOR, - ], -) - -_PROTECTIONLEVEL = _descriptor.EnumDescriptor( - name="ProtectionLevel", - full_name="google.cloud.kms.v1.ProtectionLevel", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="PROTECTION_LEVEL_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="SOFTWARE", index=1, number=1, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="HSM", index=2, number=2, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="EXTERNAL", index=3, number=3, serialized_options=None, type=None - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=4751, - serialized_end=4839, -) -_sym_db.RegisterEnumDescriptor(_PROTECTIONLEVEL) - -ProtectionLevel = enum_type_wrapper.EnumTypeWrapper(_PROTECTIONLEVEL) -PROTECTION_LEVEL_UNSPECIFIED = 0 -SOFTWARE = 1 -HSM = 2 -EXTERNAL = 3 - - -_CRYPTOKEY_CRYPTOKEYPURPOSE = _descriptor.EnumDescriptor( - name="CryptoKeyPurpose", - full_name="google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="CRYPTO_KEY_PURPOSE_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="ENCRYPT_DECRYPT", - index=1, - number=1, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="ASYMMETRIC_SIGN", - index=2, - number=5, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="ASYMMETRIC_DECRYPT", - index=3, - number=6, - serialized_options=None, - type=None, - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=914, - serialized_end=1034, -) -_sym_db.RegisterEnumDescriptor(_CRYPTOKEY_CRYPTOKEYPURPOSE) - -_KEYOPERATIONATTESTATION_ATTESTATIONFORMAT = _descriptor.EnumDescriptor( - name="AttestationFormat", - full_name="google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="ATTESTATION_FORMAT_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="CAVIUM_V1_COMPRESSED", - index=1, - number=3, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="CAVIUM_V2_COMPRESSED", - index=2, - number=4, - serialized_options=None, - type=None, - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=1499, - serialized_end=1606, -) -_sym_db.RegisterEnumDescriptor(_KEYOPERATIONATTESTATION_ATTESTATIONFORMAT) - -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM = _descriptor.EnumDescriptor( - name="CryptoKeyVersionAlgorithm", - full_name="google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="GOOGLE_SYMMETRIC_ENCRYPTION", - index=1, - number=1, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PSS_2048_SHA256", - index=2, - number=2, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PSS_3072_SHA256", - index=3, - number=3, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PSS_4096_SHA256", - index=4, - number=4, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PSS_4096_SHA512", - index=5, - number=15, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PKCS1_2048_SHA256", - index=6, - number=5, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PKCS1_3072_SHA256", - index=7, - number=6, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PKCS1_4096_SHA256", - index=8, - number=7, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_SIGN_PKCS1_4096_SHA512", - index=9, - number=16, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_DECRYPT_OAEP_2048_SHA256", - index=10, - number=8, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_DECRYPT_OAEP_3072_SHA256", - index=11, - number=9, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_DECRYPT_OAEP_4096_SHA256", - index=12, - number=10, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_DECRYPT_OAEP_4096_SHA512", - index=13, - number=17, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="EC_SIGN_P256_SHA256", - index=14, - number=12, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="EC_SIGN_P384_SHA384", - index=15, - number=13, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="EXTERNAL_SYMMETRIC_ENCRYPTION", - index=16, - number=18, - serialized_options=None, - type=None, - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=2392, - serialized_end=2967, -) -_sym_db.RegisterEnumDescriptor(_CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM) - -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE = _descriptor.EnumDescriptor( - name="CryptoKeyVersionState", - full_name="google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="CRYPTO_KEY_VERSION_STATE_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="PENDING_GENERATION", - index=1, - number=5, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="ENABLED", index=2, number=1, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="DISABLED", index=3, number=2, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="DESTROYED", index=4, number=3, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="DESTROY_SCHEDULED", - index=5, - number=4, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="PENDING_IMPORT", index=6, number=6, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="IMPORT_FAILED", index=7, number=7, serialized_options=None, type=None - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=2970, - serialized_end=3163, -) -_sym_db.RegisterEnumDescriptor(_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE) - -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW = _descriptor.EnumDescriptor( - name="CryptoKeyVersionView", - full_name="google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="FULL", index=1, number=1, serialized_options=None, type=None - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=3165, - serialized_end=3238, -) -_sym_db.RegisterEnumDescriptor(_CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW) - -_IMPORTJOB_IMPORTMETHOD = _descriptor.EnumDescriptor( - name="ImportMethod", - full_name="google.cloud.kms.v1.ImportJob.ImportMethod", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="IMPORT_METHOD_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_OAEP_3072_SHA1_AES_256", - index=1, - number=1, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="RSA_OAEP_4096_SHA1_AES_256", - index=2, - number=2, - serialized_options=None, - type=None, - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=4354, - serialized_end=4463, -) -_sym_db.RegisterEnumDescriptor(_IMPORTJOB_IMPORTMETHOD) - -_IMPORTJOB_IMPORTJOBSTATE = _descriptor.EnumDescriptor( - name="ImportJobState", - full_name="google.cloud.kms.v1.ImportJob.ImportJobState", - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name="IMPORT_JOB_STATE_UNSPECIFIED", - index=0, - number=0, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="PENDING_GENERATION", - index=1, - number=1, - serialized_options=None, - type=None, - ), - _descriptor.EnumValueDescriptor( - name="ACTIVE", index=2, number=2, serialized_options=None, type=None - ), - _descriptor.EnumValueDescriptor( - name="EXPIRED", index=3, number=3, serialized_options=None, type=None - ), - ], - containing_type=None, - serialized_options=None, - serialized_start=4465, - serialized_end=4564, -) -_sym_db.RegisterEnumDescriptor(_IMPORTJOB_IMPORTJOBSTATE) - - -_KEYRING = _descriptor.Descriptor( - name="KeyRing", - full_name="google.cloud.kms.v1.KeyRing", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.KeyRing.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="create_time", - full_name="google.cloud.kms.v1.KeyRing.create_time", - index=1, - number=2, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=_b( - "\352A^\n\037cloudkms.googleapis.com/KeyRing\022;projects/{project}/locations/{location}/keyRings/{key_ring}" - ), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=222, - serialized_end=403, -) - - -_CRYPTOKEY_LABELSENTRY = _descriptor.Descriptor( - name="LabelsEntry", - full_name="google.cloud.kms.v1.CryptoKey.LabelsEntry", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="key", - full_name="google.cloud.kms.v1.CryptoKey.LabelsEntry.key", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="value", - full_name="google.cloud.kms.v1.CryptoKey.LabelsEntry.value", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=_b("8\001"), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=867, - serialized_end=912, -) - -_CRYPTOKEY = _descriptor.Descriptor( - name="CryptoKey", - full_name="google.cloud.kms.v1.CryptoKey", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.CryptoKey.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="primary", - full_name="google.cloud.kms.v1.CryptoKey.primary", - index=1, - number=2, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="purpose", - full_name="google.cloud.kms.v1.CryptoKey.purpose", - index=2, - number=3, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\005"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="create_time", - full_name="google.cloud.kms.v1.CryptoKey.create_time", - index=3, - number=5, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="next_rotation_time", - full_name="google.cloud.kms.v1.CryptoKey.next_rotation_time", - index=4, - number=7, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="rotation_period", - full_name="google.cloud.kms.v1.CryptoKey.rotation_period", - index=5, - number=8, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="version_template", - full_name="google.cloud.kms.v1.CryptoKey.version_template", - index=6, - number=11, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="labels", - full_name="google.cloud.kms.v1.CryptoKey.labels", - index=7, - number=10, - type=11, - cpp_type=10, - label=3, - has_default_value=False, - default_value=[], - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[_CRYPTOKEY_LABELSENTRY], - enum_types=[_CRYPTOKEY_CRYPTOKEYPURPOSE], - serialized_options=_b( - "\352Ax\n!cloudkms.googleapis.com/CryptoKey\022Sprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" - ), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name="rotation_schedule", - full_name="google.cloud.kms.v1.CryptoKey.rotation_schedule", - index=0, - containing_type=None, - fields=[], - ) - ], - serialized_start=406, - serialized_end=1180, -) - - -_CRYPTOKEYVERSIONTEMPLATE = _descriptor.Descriptor( - name="CryptoKeyVersionTemplate", - full_name="google.cloud.kms.v1.CryptoKeyVersionTemplate", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="protection_level", - full_name="google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level", - index=0, - number=1, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="algorithm", - full_name="google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm", - index=1, - number=3, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1183, - serialized_end=1362, -) - - -_KEYOPERATIONATTESTATION = _descriptor.Descriptor( - name="KeyOperationAttestation", - full_name="google.cloud.kms.v1.KeyOperationAttestation", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="format", - full_name="google.cloud.kms.v1.KeyOperationAttestation.format", - index=0, - number=4, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="content", - full_name="google.cloud.kms.v1.KeyOperationAttestation.content", - index=1, - number=5, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[_KEYOPERATIONATTESTATION_ATTESTATIONFORMAT], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1365, - serialized_end=1606, -) - - -_CRYPTOKEYVERSION = _descriptor.Descriptor( - name="CryptoKeyVersion", - full_name="google.cloud.kms.v1.CryptoKeyVersion", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.CryptoKeyVersion.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="state", - full_name="google.cloud.kms.v1.CryptoKeyVersion.state", - index=1, - number=3, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="protection_level", - full_name="google.cloud.kms.v1.CryptoKeyVersion.protection_level", - index=2, - number=7, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="algorithm", - full_name="google.cloud.kms.v1.CryptoKeyVersion.algorithm", - index=3, - number=10, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="attestation", - full_name="google.cloud.kms.v1.CryptoKeyVersion.attestation", - index=4, - number=8, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="create_time", - full_name="google.cloud.kms.v1.CryptoKeyVersion.create_time", - index=5, - number=4, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="generate_time", - full_name="google.cloud.kms.v1.CryptoKeyVersion.generate_time", - index=6, - number=11, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="destroy_time", - full_name="google.cloud.kms.v1.CryptoKeyVersion.destroy_time", - index=7, - number=5, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="destroy_event_time", - full_name="google.cloud.kms.v1.CryptoKeyVersion.destroy_event_time", - index=8, - number=6, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_job", - full_name="google.cloud.kms.v1.CryptoKeyVersion.import_job", - index=9, - number=14, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_time", - full_name="google.cloud.kms.v1.CryptoKeyVersion.import_time", - index=10, - number=15, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_failure_reason", - full_name="google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason", - index=11, - number=16, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="external_protection_level_options", - full_name="google.cloud.kms.v1.CryptoKeyVersion.external_protection_level_options", - index=12, - number=17, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[ - _CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM, - _CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE, - _CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW, - ], - serialized_options=_b( - "\352A\246\001\n(cloudkms.googleapis.com/CryptoKeyVersion\022zprojects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" - ), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1609, - serialized_end=3411, -) - - -_PUBLICKEY = _descriptor.Descriptor( - name="PublicKey", - full_name="google.cloud.kms.v1.PublicKey", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="pem", - full_name="google.cloud.kms.v1.PublicKey.pem", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="algorithm", - full_name="google.cloud.kms.v1.PublicKey.algorithm", - index=1, - number=2, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=_b( - "\352A\252\001\n!cloudkms.googleapis.com/PublicKey\022\204\001projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey" - ), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3414, - serialized_end=3699, -) - - -_IMPORTJOB_WRAPPINGPUBLICKEY = _descriptor.Descriptor( - name="WrappingPublicKey", - full_name="google.cloud.kms.v1.ImportJob.WrappingPublicKey", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="pem", - full_name="google.cloud.kms.v1.ImportJob.WrappingPublicKey.pem", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4320, - serialized_end=4352, -) - -_IMPORTJOB = _descriptor.Descriptor( - name="ImportJob", - full_name="google.cloud.kms.v1.ImportJob", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.ImportJob.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_method", - full_name="google.cloud.kms.v1.ImportJob.import_method", - index=1, - number=2, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002\340A\005"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="protection_level", - full_name="google.cloud.kms.v1.ImportJob.protection_level", - index=2, - number=9, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002\340A\005"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="create_time", - full_name="google.cloud.kms.v1.ImportJob.create_time", - index=3, - number=3, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="generate_time", - full_name="google.cloud.kms.v1.ImportJob.generate_time", - index=4, - number=4, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="expire_time", - full_name="google.cloud.kms.v1.ImportJob.expire_time", - index=5, - number=5, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="expire_event_time", - full_name="google.cloud.kms.v1.ImportJob.expire_event_time", - index=6, - number=10, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="state", - full_name="google.cloud.kms.v1.ImportJob.state", - index=7, - number=6, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="public_key", - full_name="google.cloud.kms.v1.ImportJob.public_key", - index=8, - number=7, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="attestation", - full_name="google.cloud.kms.v1.ImportJob.attestation", - index=9, - number=8, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\003"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[_IMPORTJOB_WRAPPINGPUBLICKEY], - enum_types=[_IMPORTJOB_IMPORTMETHOD, _IMPORTJOB_IMPORTJOBSTATE], - serialized_options=_b( - "\352Ax\n!cloudkms.googleapis.com/ImportJob\022Sprojects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}" - ), - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3702, - serialized_end=4689, -) - - -_EXTERNALPROTECTIONLEVELOPTIONS = _descriptor.Descriptor( - name="ExternalProtectionLevelOptions", - full_name="google.cloud.kms.v1.ExternalProtectionLevelOptions", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="external_key_uri", - full_name="google.cloud.kms.v1.ExternalProtectionLevelOptions.external_key_uri", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4691, - serialized_end=4749, -) - -_KEYRING.fields_by_name[ - "create_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEY_LABELSENTRY.containing_type = _CRYPTOKEY -_CRYPTOKEY.fields_by_name["primary"].message_type = _CRYPTOKEYVERSION -_CRYPTOKEY.fields_by_name["purpose"].enum_type = _CRYPTOKEY_CRYPTOKEYPURPOSE -_CRYPTOKEY.fields_by_name[ - "create_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEY.fields_by_name[ - "next_rotation_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEY.fields_by_name[ - "rotation_period" -].message_type = google_dot_protobuf_dot_duration__pb2._DURATION -_CRYPTOKEY.fields_by_name["version_template"].message_type = _CRYPTOKEYVERSIONTEMPLATE -_CRYPTOKEY.fields_by_name["labels"].message_type = _CRYPTOKEY_LABELSENTRY -_CRYPTOKEY_CRYPTOKEYPURPOSE.containing_type = _CRYPTOKEY -_CRYPTOKEY.oneofs_by_name["rotation_schedule"].fields.append( - _CRYPTOKEY.fields_by_name["rotation_period"] -) -_CRYPTOKEY.fields_by_name[ - "rotation_period" -].containing_oneof = _CRYPTOKEY.oneofs_by_name["rotation_schedule"] -_CRYPTOKEYVERSIONTEMPLATE.fields_by_name[ - "protection_level" -].enum_type = _PROTECTIONLEVEL -_CRYPTOKEYVERSIONTEMPLATE.fields_by_name[ - "algorithm" -].enum_type = _CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM -_KEYOPERATIONATTESTATION.fields_by_name[ - "format" -].enum_type = _KEYOPERATIONATTESTATION_ATTESTATIONFORMAT -_KEYOPERATIONATTESTATION_ATTESTATIONFORMAT.containing_type = _KEYOPERATIONATTESTATION -_CRYPTOKEYVERSION.fields_by_name[ - "state" -].enum_type = _CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE -_CRYPTOKEYVERSION.fields_by_name["protection_level"].enum_type = _PROTECTIONLEVEL -_CRYPTOKEYVERSION.fields_by_name[ - "algorithm" -].enum_type = _CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM -_CRYPTOKEYVERSION.fields_by_name["attestation"].message_type = _KEYOPERATIONATTESTATION -_CRYPTOKEYVERSION.fields_by_name[ - "create_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEYVERSION.fields_by_name[ - "generate_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEYVERSION.fields_by_name[ - "destroy_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEYVERSION.fields_by_name[ - "destroy_event_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEYVERSION.fields_by_name[ - "import_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_CRYPTOKEYVERSION.fields_by_name[ - "external_protection_level_options" -].message_type = _EXTERNALPROTECTIONLEVELOPTIONS -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM.containing_type = _CRYPTOKEYVERSION -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE.containing_type = _CRYPTOKEYVERSION -_CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW.containing_type = _CRYPTOKEYVERSION -_PUBLICKEY.fields_by_name[ - "algorithm" -].enum_type = _CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM -_IMPORTJOB_WRAPPINGPUBLICKEY.containing_type = _IMPORTJOB -_IMPORTJOB.fields_by_name["import_method"].enum_type = _IMPORTJOB_IMPORTMETHOD -_IMPORTJOB.fields_by_name["protection_level"].enum_type = _PROTECTIONLEVEL -_IMPORTJOB.fields_by_name[ - "create_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_IMPORTJOB.fields_by_name[ - "generate_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_IMPORTJOB.fields_by_name[ - "expire_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_IMPORTJOB.fields_by_name[ - "expire_event_time" -].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP -_IMPORTJOB.fields_by_name["state"].enum_type = _IMPORTJOB_IMPORTJOBSTATE -_IMPORTJOB.fields_by_name["public_key"].message_type = _IMPORTJOB_WRAPPINGPUBLICKEY -_IMPORTJOB.fields_by_name["attestation"].message_type = _KEYOPERATIONATTESTATION -_IMPORTJOB_IMPORTMETHOD.containing_type = _IMPORTJOB -_IMPORTJOB_IMPORTJOBSTATE.containing_type = _IMPORTJOB -DESCRIPTOR.message_types_by_name["KeyRing"] = _KEYRING -DESCRIPTOR.message_types_by_name["CryptoKey"] = _CRYPTOKEY -DESCRIPTOR.message_types_by_name["CryptoKeyVersionTemplate"] = _CRYPTOKEYVERSIONTEMPLATE -DESCRIPTOR.message_types_by_name["KeyOperationAttestation"] = _KEYOPERATIONATTESTATION -DESCRIPTOR.message_types_by_name["CryptoKeyVersion"] = _CRYPTOKEYVERSION -DESCRIPTOR.message_types_by_name["PublicKey"] = _PUBLICKEY -DESCRIPTOR.message_types_by_name["ImportJob"] = _IMPORTJOB -DESCRIPTOR.message_types_by_name[ - "ExternalProtectionLevelOptions" -] = _EXTERNALPROTECTIONLEVELOPTIONS -DESCRIPTOR.enum_types_by_name["ProtectionLevel"] = _PROTECTIONLEVEL -_sym_db.RegisterFileDescriptor(DESCRIPTOR) - -KeyRing = _reflection.GeneratedProtocolMessageType( - "KeyRing", - (_message.Message,), - dict( - DESCRIPTOR=_KEYRING, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical - grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. - Attributes: - name: - Output only. The resource name for the - [KeyRing][google.cloud.kms.v1.KeyRing] in the format - ``projects/*/locations/*/keyRings/*``. - create_time: - Output only. The time at which this - [KeyRing][google.cloud.kms.v1.KeyRing] was created. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.KeyRing) - ), -) -_sym_db.RegisterMessage(KeyRing) - -CryptoKey = _reflection.GeneratedProtocolMessageType( - "CryptoKey", - (_message.Message,), - dict( - LabelsEntry=_reflection.GeneratedProtocolMessageType( - "LabelsEntry", - (_message.Message,), - dict( - DESCRIPTOR=_CRYPTOKEY_LABELSENTRY, - __module__="google.cloud.kms_v1.proto.resources_pb2" - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKey.LabelsEntry) - ), - ), - DESCRIPTOR=_CRYPTOKEY, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key - that can be used for cryptographic operations. A - [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of one or more - [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the - actual key material used in cryptographic operations. - Attributes: - name: - Output only. The resource name for this - [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format - ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. - primary: - Output only. A copy of the "primary" - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that - will be used by - [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] - when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given - in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.na - me]. The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary - version can be updated via [UpdateCryptoKeyPrimaryVersion][goo - gle.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVe - rsion]. Keys with - [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT\_DEC - RYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT\_ - DECRYPT] may have a primary. For other keys, this field will - be omitted. - purpose: - Immutable. The immutable purpose of this - [CryptoKey][google.cloud.kms.v1.CryptoKey]. - create_time: - Output only. The time at which this - [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. - next_rotation_time: - At [next\_rotation\_time][google.cloud.kms.v1.CryptoKey.next\_ - rotation\_time], the Key Management Service will - automatically: 1. Create a new version of this - [CryptoKey][google.cloud.kms.v1.CryptoKey]. 2. Mark the new - version as primary. Key rotations performed manually via [Cre - ateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService. - CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][go - ogle.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryV - ersion] do not affect [next\_rotation\_time][google.cloud.kms. - v1.CryptoKey.next\_rotation\_time]. Keys with - [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT\_DEC - RYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT\_ - DECRYPT] support automatic rotation. For other keys, this - field must be omitted. - rotation_schedule: - Controls the rate of automatic rotation. - rotation_period: - [next\_rotation\_time][google.cloud.kms.v1.CryptoKey.next\_rot - ation\_time] will be advanced by this period when the service - automatically rotates a key. Must be at least 24 hours and at - most 876,000 hours. If [rotation\_period][google.cloud.kms.v1 - .CryptoKey.rotation\_period] is set, [next\_rotation\_time][go - ogle.cloud.kms.v1.CryptoKey.next\_rotation\_time] must also be - set. Keys with - [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT\_DEC - RYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT\_ - DECRYPT] support automatic rotation. For other keys, this - field must be omitted. - version_template: - A template describing settings for new - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - instances. The properties of new - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - instances created by either [CreateCryptoKeyVersion][google.cl - oud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or - auto-rotation are controlled by this template. - labels: - Labels with user-defined metadata. For more information, see - `Labeling Keys `__. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKey) - ), -) -_sym_db.RegisterMessage(CryptoKey) -_sym_db.RegisterMessage(CryptoKey.LabelsEntry) - -CryptoKeyVersionTemplate = _reflection.GeneratedProtocolMessageType( - "CryptoKeyVersionTemplate", - (_message.Message,), - dict( - DESCRIPTOR=_CRYPTOKEYVERSIONTEMPLATE, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTempl - ate] specifies the properties to use when creating a new - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either - manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManageme - ntService.CreateCryptoKeyVersion] or automatically as a result of - auto-rotation. - Attributes: - protection_level: - [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use - when creating a - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based - on this template. Immutable. Defaults to - [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. - algorithm: - Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.Cry - ptoKeyVersionAlgorithm] to use when creating a - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based - on this template. For backwards compatibility, - GOOGLE\_SYMMETRIC\_ENCRYPTION is implied if both this field is - omitted and - [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is - [ENCRYPT\_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurp - ose.ENCRYPT\_DECRYPT]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKeyVersionTemplate) - ), -) -_sym_db.RegisterMessage(CryptoKeyVersionTemplate) - -KeyOperationAttestation = _reflection.GeneratedProtocolMessageType( - "KeyOperationAttestation", - (_message.Message,), - dict( - DESCRIPTOR=_KEYOPERATIONATTESTATION, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""Contains an HSM-generated attestation about a key operation. For more - information, see [Verifying attestations] - (https://cloud.google.com/kms/docs/attest-key). - Attributes: - format: - Output only. The format of the attestation data. - content: - Output only. The attestation data provided by the HSM when the - key operation was performed. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.KeyOperationAttestation) - ), -) -_sym_db.RegisterMessage(KeyOperationAttestation) - -CryptoKeyVersion = _reflection.GeneratedProtocolMessageType( - "CryptoKeyVersion", - (_message.Message,), - dict( - DESCRIPTOR=_CRYPTOKEYVERSION, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents - an individual cryptographic key, and the associated key material. An - [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.E - NABLED] version can be used for cryptographic operations. For - security reasons, the raw cryptographic key material represented by a - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be - viewed or exported. It can only be used to encrypt, decrypt, or sign - data when an authorized user or application invokes Cloud KMS. - Attributes: - name: - Output only. The resource name for this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in - the format ``projects/*/locations/*/keyRings/*/cryptoKeys/*/cr - yptoKeyVersions/*``. - state: - The current state of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - protection_level: - Output only. The - [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] - describing how crypto operations are performed with this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - algorithm: - Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms. - v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - supports. - attestation: - Output only. Statement that was generated and signed by the - HSM at key creation time. Use this statement to verify - attributes of the key as stored on the HSM, independently of - Google. Only provided for key versions with [protection\_level - ][google.cloud.kms.v1.CryptoKeyVersion.protection\_level] - [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. - create_time: - Output only. The time at which this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was - created. - generate_time: - Output only. The time this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key - material was generated. - destroy_time: - Output only. The time this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key - material is scheduled for destruction. Only present if - [state][google.cloud.kms.v1.CryptoKeyVersion.state] is [DESTRO - Y\_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVe - rsionState.DESTROY\_SCHEDULED]. - destroy_event_time: - Output only. The time this CryptoKeyVersion's key material was - destroyed. Only present if - [state][google.cloud.kms.v1.CryptoKeyVersion.state] is [DESTRO - YED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionStat - e.DESTROYED]. - import_job: - Output only. The name of the - [ImportJob][google.cloud.kms.v1.ImportJob] used to import this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only - present if the underlying key material was imported. - import_time: - Output only. The time at which this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key - material was imported. - import_failure_reason: - Output only. The root cause of an import failure. Only present - if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is [IMP - ORT\_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVer - sionState.IMPORT\_FAILED]. - external_protection_level_options: - ExternalProtectionLevelOptions stores a group of additional - fields for configuring a - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that - are specific to the - [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] - protection level. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKeyVersion) - ), -) -_sym_db.RegisterMessage(CryptoKeyVersion) - -PublicKey = _reflection.GeneratedProtocolMessageType( - "PublicKey", - (_message.Message,), - dict( - DESCRIPTOR=_PUBLICKEY, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""The public key for a given - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via - [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. - Attributes: - pem: - The public key, encoded in PEM format. For more information, - see the `RFC 7468 `__ - sections for `General Considerations - `__ and - [Textual Encoding of Subject Public Key Info] - (https://tools.ietf.org/html/rfc7468#section-13). - algorithm: - The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKey - VersionAlgorithm] associated with this key. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.PublicKey) - ), -) -_sym_db.RegisterMessage(PublicKey) - -ImportJob = _reflection.GeneratedProtocolMessageType( - "ImportJob", - (_message.Message,), - dict( - WrappingPublicKey=_reflection.GeneratedProtocolMessageType( - "WrappingPublicKey", - (_message.Message,), - dict( - DESCRIPTOR=_IMPORTJOB_WRAPPINGPUBLICKEY, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""The public key component of the wrapping key. For details of the type - of key this public key corresponds to, see the - [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. - Attributes: - pem: - The public key, encoded in PEM format. For more information, - see the `RFC 7468 `__ - sections for `General Considerations - `__ and - [Textual Encoding of Subject Public Key Info] - (https://tools.ietf.org/html/rfc7468#section-13). - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ImportJob.WrappingPublicKey) - ), - ), - DESCRIPTOR=_IMPORTJOB, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create - [CryptoKeys][google.cloud.kms.v1.CryptoKey] and - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre- - existing key material, generated outside of Cloud KMS. When an - [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will - generate a "wrapping key", which is a public/private key pair. You use - the wrapping key to encrypt (also known as wrap) the pre-existing key - material to protect it during the import process. The nature of the - wrapping key depends on the choice of - [import\_method][google.cloud.kms.v1.ImportJob.import\_method]. When - the wrapping key generation is complete, the - [state][google.cloud.kms.v1.ImportJob.state] will be set to - [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the - [public\_key][google.cloud.kms.v1.ImportJob.public\_key] can be - fetched. The fetched public key can then be used to wrap your pre- - existing key material. Once the key material is wrapped, it can be - imported into a new - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an - existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling [Import - CryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCrypt - oKeyVersion]. Multiple - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be - imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. - Cloud KMS uses the private key portion of the wrapping key to unwrap - the key material. Only Cloud KMS has access to the private key. An - [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is - created. Once expired, Cloud KMS will no longer be able to import or - unwrap any key material that was wrapped with the - [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. For more - information, see `Importing a key - `__. - Attributes: - name: - Output only. The resource name for this - [ImportJob][google.cloud.kms.v1.ImportJob] in the format - ``projects/*/locations/*/keyRings/*/importJobs/*``. - import_method: - Required. Immutable. The wrapping method to be used for - incoming key material. - protection_level: - Required. Immutable. The protection level of the - [ImportJob][google.cloud.kms.v1.ImportJob]. This must match - the [protection\_level][google.cloud.kms.v1.CryptoKeyVersionTe - mplate.protection\_level] of the [version\_template][google.cl - oud.kms.v1.CryptoKey.version\_template] on the - [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to - import into. - create_time: - Output only. The time at which this - [ImportJob][google.cloud.kms.v1.ImportJob] was created. - generate_time: - Output only. The time this - [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was - generated. - expire_time: - Output only. The time at which this - [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for - expiration and can no longer be used to import key material. - expire_event_time: - Output only. The time this - [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only - present if [state][google.cloud.kms.v1.ImportJob.state] is [EX - PIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. - state: - Output only. The current state of the - [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it - can be used. - public_key: - Output only. The public key with which to wrap key material - prior to import. Only returned if - [state][google.cloud.kms.v1.ImportJob.state] is - [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. - attestation: - Output only. Statement that was generated and signed by the - key creator (for example, an HSM) at key creation time. Use - this statement to verify attributes of the key as stored on - the HSM, independently of Google. Only present if the chosen - [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is - one with a protection level of - [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ImportJob) - ), -) -_sym_db.RegisterMessage(ImportJob) -_sym_db.RegisterMessage(ImportJob.WrappingPublicKey) - -ExternalProtectionLevelOptions = _reflection.GeneratedProtocolMessageType( - "ExternalProtectionLevelOptions", - (_message.Message,), - dict( - DESCRIPTOR=_EXTERNALPROTECTIONLEVELOPTIONS, - __module__="google.cloud.kms_v1.proto.resources_pb2", - __doc__="""ExternalProtectionLevelOptions stores a group of additional fields for - configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - that are specific to the - [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection - level. - Attributes: - external_key_uri: - The URI for an external resource that this - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - represents. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ExternalProtectionLevelOptions) - ), -) -_sym_db.RegisterMessage(ExternalProtectionLevelOptions) - - -DESCRIPTOR._options = None -_KEYRING.fields_by_name["name"]._options = None -_KEYRING.fields_by_name["create_time"]._options = None -_KEYRING._options = None -_CRYPTOKEY_LABELSENTRY._options = None -_CRYPTOKEY.fields_by_name["name"]._options = None -_CRYPTOKEY.fields_by_name["primary"]._options = None -_CRYPTOKEY.fields_by_name["purpose"]._options = None -_CRYPTOKEY.fields_by_name["create_time"]._options = None -_CRYPTOKEY._options = None -_CRYPTOKEYVERSIONTEMPLATE.fields_by_name["algorithm"]._options = None -_KEYOPERATIONATTESTATION.fields_by_name["format"]._options = None -_KEYOPERATIONATTESTATION.fields_by_name["content"]._options = None -_CRYPTOKEYVERSION.fields_by_name["name"]._options = None -_CRYPTOKEYVERSION.fields_by_name["protection_level"]._options = None -_CRYPTOKEYVERSION.fields_by_name["algorithm"]._options = None -_CRYPTOKEYVERSION.fields_by_name["attestation"]._options = None -_CRYPTOKEYVERSION.fields_by_name["create_time"]._options = None -_CRYPTOKEYVERSION.fields_by_name["generate_time"]._options = None -_CRYPTOKEYVERSION.fields_by_name["destroy_time"]._options = None -_CRYPTOKEYVERSION.fields_by_name["destroy_event_time"]._options = None -_CRYPTOKEYVERSION.fields_by_name["import_job"]._options = None -_CRYPTOKEYVERSION.fields_by_name["import_time"]._options = None -_CRYPTOKEYVERSION.fields_by_name["import_failure_reason"]._options = None -_CRYPTOKEYVERSION._options = None -_PUBLICKEY._options = None -_IMPORTJOB.fields_by_name["name"]._options = None -_IMPORTJOB.fields_by_name["import_method"]._options = None -_IMPORTJOB.fields_by_name["protection_level"]._options = None -_IMPORTJOB.fields_by_name["create_time"]._options = None -_IMPORTJOB.fields_by_name["generate_time"]._options = None -_IMPORTJOB.fields_by_name["expire_time"]._options = None -_IMPORTJOB.fields_by_name["expire_event_time"]._options = None -_IMPORTJOB.fields_by_name["state"]._options = None -_IMPORTJOB.fields_by_name["public_key"]._options = None -_IMPORTJOB.fields_by_name["attestation"]._options = None -_IMPORTJOB._options = None -# @@protoc_insertion_point(module_scope) diff --git a/google/cloud/kms_v1/proto/resources_pb2_grpc.py b/google/cloud/kms_v1/proto/resources_pb2_grpc.py deleted file mode 100644 index 07cb78fe..00000000 --- a/google/cloud/kms_v1/proto/resources_pb2_grpc.py +++ /dev/null @@ -1,2 +0,0 @@ -# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! -import grpc diff --git a/google/cloud/kms_v1/proto/service_pb2.py b/google/cloud/kms_v1/proto/service_pb2.py deleted file mode 100644 index 0ae5724a..00000000 --- a/google/cloud/kms_v1/proto/service_pb2.py +++ /dev/null @@ -1,3624 +0,0 @@ -# -*- coding: utf-8 -*- -# Generated by the protocol buffer compiler. DO NOT EDIT! -# source: google/cloud/kms_v1/proto/service.proto - -import sys - -_b = sys.version_info[0] < 3 and (lambda x: x) or (lambda x: x.encode("latin1")) -from google.protobuf import descriptor as _descriptor -from google.protobuf import message as _message -from google.protobuf import reflection as _reflection -from google.protobuf import symbol_database as _symbol_database - -# @@protoc_insertion_point(imports) - -_sym_db = _symbol_database.Default() - - -from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 -from google.api import client_pb2 as google_dot_api_dot_client__pb2 -from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2 -from google.api import resource_pb2 as google_dot_api_dot_resource__pb2 -from google.cloud.kms_v1.proto import ( - resources_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2, -) -from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 - - -DESCRIPTOR = _descriptor.FileDescriptor( - name="google/cloud/kms_v1/proto/service.proto", - package="google.cloud.kms.v1", - syntax="proto3", - serialized_options=_b( - "\n\027com.google.cloud.kms.v1B\010KmsProtoP\001Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1" - ), - serialized_pb=_b( - '\n\'google/cloud/kms_v1/proto/service.proto\x12\x13google.cloud.kms.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a)google/cloud/kms_v1/proto/resources.proto\x1a google/protobuf/field_mask.proto"\xad\x01\n\x13ListKeyRingsRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01"\xff\x01\n\x15ListCryptoKeysRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1f\x63loudkms.googleapis.com/KeyRing\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12P\n\x0cversion_view\x18\x04 \x01(\x0e\x32:.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView\x12\x13\n\x06\x66ilter\x18\x05 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x06 \x01(\tB\x03\xe0\x41\x01"\x80\x02\n\x1cListCryptoKeyVersionsRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12H\n\x04view\x18\x04 \x01(\x0e\x32:.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView\x12\x13\n\x06\x66ilter\x18\x05 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x06 \x01(\tB\x03\xe0\x41\x01"\xad\x01\n\x15ListImportJobsRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1f\x63loudkms.googleapis.com/KeyRing\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01\x12\x13\n\x06\x66ilter\x18\x04 \x01(\tB\x03\xe0\x41\x01\x12\x15\n\x08order_by\x18\x05 \x01(\tB\x03\xe0\x41\x01"t\n\x14ListKeyRingsResponse\x12/\n\tkey_rings\x18\x01 \x03(\x0b\x32\x1c.google.cloud.kms.v1.KeyRing\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05"z\n\x16ListCryptoKeysResponse\x12\x33\n\x0b\x63rypto_keys\x18\x01 \x03(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05"\x90\x01\n\x1dListCryptoKeyVersionsResponse\x12\x42\n\x13\x63rypto_key_versions\x18\x01 \x03(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersion\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05"z\n\x16ListImportJobsResponse\x12\x33\n\x0bimport_jobs\x18\x01 \x03(\x0b\x32\x1e.google.cloud.kms.v1.ImportJob\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05"J\n\x11GetKeyRingRequest\x12\x35\n\x04name\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1f\x63loudkms.googleapis.com/KeyRing"N\n\x13GetCryptoKeyRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey"\\\n\x1aGetCryptoKeyVersionRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion"U\n\x13GetPublicKeyRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion"N\n\x13GetImportJobRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/ImportJob"\xa0\x01\n\x14\x43reateKeyRingRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12\x18\n\x0bkey_ring_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x33\n\x08key_ring\x18\x03 \x01(\x0b\x32\x1c.google.cloud.kms.v1.KeyRingB\x03\xe0\x41\x02"\xcd\x01\n\x16\x43reateCryptoKeyRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1f\x63loudkms.googleapis.com/KeyRing\x12\x1a\n\rcrypto_key_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x37\n\ncrypto_key\x18\x03 \x01(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKeyB\x03\xe0\x41\x02\x12%\n\x1dskip_initial_version_creation\x18\x05 \x01(\x08"\xa2\x01\n\x1d\x43reateCryptoKeyVersionRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey\x12\x46\n\x12\x63rypto_key_version\x18\x02 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersionB\x03\xe0\x41\x02"\x83\x02\n\x1dImportCryptoKeyVersionRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey\x12W\n\talgorithm\x18\x02 \x01(\x0e\x32?.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithmB\x03\xe0\x41\x02\x12\x17\n\nimport_job\x18\x04 \x01(\tB\x03\xe0\x41\x02\x12\x1d\n\x13rsa_aes_wrapped_key\x18\x05 \x01(\x0cH\x00\x42\x16\n\x14wrapped_key_material"\xa6\x01\n\x16\x43reateImportJobRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1f\x63loudkms.googleapis.com/KeyRing\x12\x1a\n\rimport_job_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12\x37\n\nimport_job\x18\x03 \x01(\x0b\x32\x1e.google.cloud.kms.v1.ImportJobB\x03\xe0\x41\x02"\x87\x01\n\x16UpdateCryptoKeyRequest\x12\x37\n\ncrypto_key\x18\x01 \x01(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKeyB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"\x9d\x01\n\x1dUpdateCryptoKeyVersionRequest\x12\x46\n\x12\x63rypto_key_version\x18\x01 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersionB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"m\n\x0e\x45ncryptRequest\x12\x17\n\x04name\x18\x01 \x01(\tB\t\xe0\x41\x02\xfa\x41\x03\n\x01*\x12\x16\n\tplaintext\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x02\x12*\n\x1d\x61\x64\x64itional_authenticated_data\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01"\x8e\x01\n\x0e\x44\x65\x63ryptRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey\x12\x17\n\nciphertext\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x02\x12*\n\x1d\x61\x64\x64itional_authenticated_data\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01"\x89\x01\n\x15\x41symmetricSignRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12\x30\n\x06\x64igest\x18\x03 \x01(\x0b\x32\x1b.google.cloud.kms.v1.DigestB\x03\xe0\x41\x02"s\n\x18\x41symmetricDecryptRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion\x12\x17\n\nciphertext\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x02"$\n\x0f\x44\x65\x63ryptResponse\x12\x11\n\tplaintext\x18\x01 \x01(\x0c"3\n\x0f\x45ncryptResponse\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nciphertext\x18\x02 \x01(\x0c"+\n\x16\x41symmetricSignResponse\x12\x11\n\tsignature\x18\x01 \x01(\x0c".\n\x19\x41symmetricDecryptResponse\x12\x11\n\tplaintext\x18\x01 \x01(\x0c"\x83\x01\n$UpdateCryptoKeyPrimaryVersionRequest\x12\x37\n\x04name\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey\x12"\n\x15\x63rypto_key_version_id\x18\x02 \x01(\tB\x03\xe0\x41\x02"`\n\x1e\x44\x65stroyCryptoKeyVersionRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion"`\n\x1eRestoreCryptoKeyVersionRequest\x12>\n\x04name\x18\x01 \x01(\tB0\xe0\x41\x02\xfa\x41*\n(cloudkms.googleapis.com/CryptoKeyVersion"H\n\x06\x44igest\x12\x10\n\x06sha256\x18\x01 \x01(\x0cH\x00\x12\x10\n\x06sha384\x18\x02 \x01(\x0cH\x00\x12\x10\n\x06sha512\x18\x03 \x01(\x0cH\x00\x42\x08\n\x06\x64igest"@\n\x10LocationMetadata\x12\x15\n\rhsm_available\x18\x01 \x01(\x08\x12\x15\n\rekm_available\x18\x02 \x01(\x08\x32\x86&\n\x14KeyManagementService\x12\xa2\x01\n\x0cListKeyRings\x12(.google.cloud.kms.v1.ListKeyRingsRequest\x1a).google.cloud.kms.v1.ListKeyRingsResponse"=\x82\xd3\xe4\x93\x02.\x12,/v1/{parent=projects/*/locations/*}/keyRings\xda\x41\x06parent\x12\xb5\x01\n\x0eListCryptoKeys\x12*.google.cloud.kms.v1.ListCryptoKeysRequest\x1a+.google.cloud.kms.v1.ListCryptoKeysResponse"J\x82\xd3\xe4\x93\x02;\x12\x39/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys\xda\x41\x06parent\x12\xde\x01\n\x15ListCryptoKeyVersions\x12\x31.google.cloud.kms.v1.ListCryptoKeyVersionsRequest\x1a\x32.google.cloud.kms.v1.ListCryptoKeyVersionsResponse"^\x82\xd3\xe4\x93\x02O\x12M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions\xda\x41\x06parent\x12\xb5\x01\n\x0eListImportJobs\x12*.google.cloud.kms.v1.ListImportJobsRequest\x1a+.google.cloud.kms.v1.ListImportJobsResponse"J\x82\xd3\xe4\x93\x02;\x12\x39/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs\xda\x41\x06parent\x12\x8f\x01\n\nGetKeyRing\x12&.google.cloud.kms.v1.GetKeyRingRequest\x1a\x1c.google.cloud.kms.v1.KeyRing";\x82\xd3\xe4\x93\x02.\x12,/v1/{name=projects/*/locations/*/keyRings/*}\xda\x41\x04name\x12\xa2\x01\n\x0cGetCryptoKey\x12(.google.cloud.kms.v1.GetCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey"H\x82\xd3\xe4\x93\x02;\x12\x39/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}\xda\x41\x04name\x12\xcb\x01\n\x13GetCryptoKeyVersion\x12/.google.cloud.kms.v1.GetCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"\\\x82\xd3\xe4\x93\x02O\x12M/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}\xda\x41\x04name\x12\xc0\x01\n\x0cGetPublicKey\x12(.google.cloud.kms.v1.GetPublicKeyRequest\x1a\x1e.google.cloud.kms.v1.PublicKey"f\x82\xd3\xe4\x93\x02Y\x12W/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey\xda\x41\x04name\x12\xa2\x01\n\x0cGetImportJob\x12(.google.cloud.kms.v1.GetImportJobRequest\x1a\x1e.google.cloud.kms.v1.ImportJob"H\x82\xd3\xe4\x93\x02;\x12\x39/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}\xda\x41\x04name\x12\xb6\x01\n\rCreateKeyRing\x12).google.cloud.kms.v1.CreateKeyRingRequest\x1a\x1c.google.cloud.kms.v1.KeyRing"\\\x82\xd3\xe4\x93\x02\x38",/v1/{parent=projects/*/locations/*}/keyRings:\x08key_ring\xda\x41\x1bparent,key_ring_id,key_ring\x12\xcf\x01\n\x0f\x43reateCryptoKey\x12+.google.cloud.kms.v1.CreateCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey"o\x82\xd3\xe4\x93\x02G"9/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys:\ncrypto_key\xda\x41\x1fparent,crypto_key_id,crypto_key\x12\xfb\x01\n\x16\x43reateCryptoKeyVersion\x12\x32.google.cloud.kms.v1.CreateCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"\x85\x01\x82\xd3\xe4\x93\x02\x63"M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:\x12\x63rypto_key_version\xda\x41\x19parent,crypto_key_version\x12\xd4\x01\n\x16ImportCryptoKeyVersion\x12\x32.google.cloud.kms.v1.ImportCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"_\x82\xd3\xe4\x93\x02Y"T/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import:\x01*\x12\xcf\x01\n\x0f\x43reateImportJob\x12+.google.cloud.kms.v1.CreateImportJobRequest\x1a\x1e.google.cloud.kms.v1.ImportJob"o\x82\xd3\xe4\x93\x02G"9/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs:\nimport_job\xda\x41\x1fparent,import_job_id,import_job\x12\xd1\x01\n\x0fUpdateCryptoKey\x12+.google.cloud.kms.v1.UpdateCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey"q\x82\xd3\xe4\x93\x02R2D/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:\ncrypto_key\xda\x41\x16\x63rypto_key,update_mask\x12\x93\x02\n\x16UpdateCryptoKeyVersion\x12\x32.google.cloud.kms.v1.UpdateCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"\x9d\x01\x82\xd3\xe4\x93\x02v2`/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:\x12\x63rypto_key_version\xda\x41\x1e\x63rypto_key_version,update_mask\x12\xb4\x01\n\x07\x45ncrypt\x12#.google.cloud.kms.v1.EncryptRequest\x1a$.google.cloud.kms.v1.EncryptResponse"^\x82\xd3\xe4\x93\x02G"B/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt:\x01*\xda\x41\x0ename,plaintext\x12\xb4\x01\n\x07\x44\x65\x63rypt\x12#.google.cloud.kms.v1.DecryptRequest\x1a$.google.cloud.kms.v1.DecryptResponse"^\x82\xd3\xe4\x93\x02\x46"A/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt:\x01*\xda\x41\x0fname,ciphertext\x12\xe0\x01\n\x0e\x41symmetricSign\x12*.google.cloud.kms.v1.AsymmetricSignRequest\x1a+.google.cloud.kms.v1.AsymmetricSignResponse"u\x82\xd3\xe4\x93\x02\x61"\\/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign:\x01*\xda\x41\x0bname,digest\x12\xf0\x01\n\x11\x41symmetricDecrypt\x12-.google.cloud.kms.v1.AsymmetricDecryptRequest\x1a..google.cloud.kms.v1.AsymmetricDecryptResponse"|\x82\xd3\xe4\x93\x02\x64"_/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt:\x01*\xda\x41\x0fname,ciphertext\x12\xf2\x01\n\x1dUpdateCryptoKeyPrimaryVersion\x12\x39.google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey"v\x82\xd3\xe4\x93\x02S"N/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion:\x01*\xda\x41\x1aname,crypto_key_version_id\x12\xde\x01\n\x17\x44\x65stroyCryptoKeyVersion\x12\x33.google.cloud.kms.v1.DestroyCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"g\x82\xd3\xe4\x93\x02Z"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy:\x01*\xda\x41\x04name\x12\xde\x01\n\x17RestoreCryptoKeyVersion\x12\x33.google.cloud.kms.v1.RestoreCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion"g\x82\xd3\xe4\x93\x02Z"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore:\x01*\xda\x41\x04name\x1at\xca\x41\x17\x63loudkms.googleapis.com\xd2\x41Whttps://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloudkmsB\x8c\x01\n\x17\x63om.google.cloud.kms.v1B\x08KmsProtoP\x01Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\xf8\x01\x01\xaa\x02\x13Google.Cloud.Kms.V1\xca\x02\x13Google\\Cloud\\Kms\\V1b\x06proto3' - ), - dependencies=[ - google_dot_api_dot_annotations__pb2.DESCRIPTOR, - google_dot_api_dot_client__pb2.DESCRIPTOR, - google_dot_api_dot_field__behavior__pb2.DESCRIPTOR, - google_dot_api_dot_resource__pb2.DESCRIPTOR, - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.DESCRIPTOR, - google_dot_protobuf_dot_field__mask__pb2.DESCRIPTOR, - ], -) - - -_LISTKEYRINGSREQUEST = _descriptor.Descriptor( - name="ListKeyRingsRequest", - full_name="google.cloud.kms.v1.ListKeyRingsRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.ListKeyRingsRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!locations.googleapis.com/Location" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_size", - full_name="google.cloud.kms.v1.ListKeyRingsRequest.page_size", - index=1, - number=2, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_token", - full_name="google.cloud.kms.v1.ListKeyRingsRequest.page_token", - index=2, - number=3, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="filter", - full_name="google.cloud.kms.v1.ListKeyRingsRequest.filter", - index=3, - number=4, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="order_by", - full_name="google.cloud.kms.v1.ListKeyRingsRequest.order_by", - index=4, - number=5, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=257, - serialized_end=430, -) - - -_LISTCRYPTOKEYSREQUEST = _descriptor.Descriptor( - name="ListCryptoKeysRequest", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A!\n\037cloudkms.googleapis.com/KeyRing" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_size", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.page_size", - index=1, - number=2, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_token", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.page_token", - index=2, - number=3, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="version_view", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.version_view", - index=3, - number=4, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="filter", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.filter", - index=4, - number=5, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="order_by", - full_name="google.cloud.kms.v1.ListCryptoKeysRequest.order_by", - index=5, - number=6, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=433, - serialized_end=688, -) - - -_LISTCRYPTOKEYVERSIONSREQUEST = _descriptor.Descriptor( - name="ListCryptoKeyVersionsRequest", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_size", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_size", - index=1, - number=2, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_token", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token", - index=2, - number=3, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="view", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.view", - index=3, - number=4, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="filter", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.filter", - index=4, - number=5, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="order_by", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsRequest.order_by", - index=5, - number=6, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=691, - serialized_end=947, -) - - -_LISTIMPORTJOBSREQUEST = _descriptor.Descriptor( - name="ListImportJobsRequest", - full_name="google.cloud.kms.v1.ListImportJobsRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.ListImportJobsRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A!\n\037cloudkms.googleapis.com/KeyRing" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_size", - full_name="google.cloud.kms.v1.ListImportJobsRequest.page_size", - index=1, - number=2, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="page_token", - full_name="google.cloud.kms.v1.ListImportJobsRequest.page_token", - index=2, - number=3, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="filter", - full_name="google.cloud.kms.v1.ListImportJobsRequest.filter", - index=3, - number=4, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="order_by", - full_name="google.cloud.kms.v1.ListImportJobsRequest.order_by", - index=4, - number=5, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=950, - serialized_end=1123, -) - - -_LISTKEYRINGSRESPONSE = _descriptor.Descriptor( - name="ListKeyRingsResponse", - full_name="google.cloud.kms.v1.ListKeyRingsResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="key_rings", - full_name="google.cloud.kms.v1.ListKeyRingsResponse.key_rings", - index=0, - number=1, - type=11, - cpp_type=10, - label=3, - has_default_value=False, - default_value=[], - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="next_page_token", - full_name="google.cloud.kms.v1.ListKeyRingsResponse.next_page_token", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="total_size", - full_name="google.cloud.kms.v1.ListKeyRingsResponse.total_size", - index=2, - number=3, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1125, - serialized_end=1241, -) - - -_LISTCRYPTOKEYSRESPONSE = _descriptor.Descriptor( - name="ListCryptoKeysResponse", - full_name="google.cloud.kms.v1.ListCryptoKeysResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="crypto_keys", - full_name="google.cloud.kms.v1.ListCryptoKeysResponse.crypto_keys", - index=0, - number=1, - type=11, - cpp_type=10, - label=3, - has_default_value=False, - default_value=[], - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="next_page_token", - full_name="google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="total_size", - full_name="google.cloud.kms.v1.ListCryptoKeysResponse.total_size", - index=2, - number=3, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1243, - serialized_end=1365, -) - - -_LISTCRYPTOKEYVERSIONSRESPONSE = _descriptor.Descriptor( - name="ListCryptoKeyVersionsResponse", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="crypto_key_versions", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsResponse.crypto_key_versions", - index=0, - number=1, - type=11, - cpp_type=10, - label=3, - has_default_value=False, - default_value=[], - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="next_page_token", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="total_size", - full_name="google.cloud.kms.v1.ListCryptoKeyVersionsResponse.total_size", - index=2, - number=3, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1368, - serialized_end=1512, -) - - -_LISTIMPORTJOBSRESPONSE = _descriptor.Descriptor( - name="ListImportJobsResponse", - full_name="google.cloud.kms.v1.ListImportJobsResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="import_jobs", - full_name="google.cloud.kms.v1.ListImportJobsResponse.import_jobs", - index=0, - number=1, - type=11, - cpp_type=10, - label=3, - has_default_value=False, - default_value=[], - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="next_page_token", - full_name="google.cloud.kms.v1.ListImportJobsResponse.next_page_token", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="total_size", - full_name="google.cloud.kms.v1.ListImportJobsResponse.total_size", - index=2, - number=3, - type=5, - cpp_type=1, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1514, - serialized_end=1636, -) - - -_GETKEYRINGREQUEST = _descriptor.Descriptor( - name="GetKeyRingRequest", - full_name="google.cloud.kms.v1.GetKeyRingRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.GetKeyRingRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A!\n\037cloudkms.googleapis.com/KeyRing" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1638, - serialized_end=1712, -) - - -_GETCRYPTOKEYREQUEST = _descriptor.Descriptor( - name="GetCryptoKeyRequest", - full_name="google.cloud.kms.v1.GetCryptoKeyRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.GetCryptoKeyRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1714, - serialized_end=1792, -) - - -_GETCRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="GetCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.GetCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.GetCryptoKeyVersionRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1794, - serialized_end=1886, -) - - -_GETPUBLICKEYREQUEST = _descriptor.Descriptor( - name="GetPublicKeyRequest", - full_name="google.cloud.kms.v1.GetPublicKeyRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.GetPublicKeyRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1888, - serialized_end=1973, -) - - -_GETIMPORTJOBREQUEST = _descriptor.Descriptor( - name="GetImportJobRequest", - full_name="google.cloud.kms.v1.GetImportJobRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.GetImportJobRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/ImportJob" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=1975, - serialized_end=2053, -) - - -_CREATEKEYRINGREQUEST = _descriptor.Descriptor( - name="CreateKeyRingRequest", - full_name="google.cloud.kms.v1.CreateKeyRingRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.CreateKeyRingRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!locations.googleapis.com/Location" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="key_ring_id", - full_name="google.cloud.kms.v1.CreateKeyRingRequest.key_ring_id", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="key_ring", - full_name="google.cloud.kms.v1.CreateKeyRingRequest.key_ring", - index=2, - number=3, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=2056, - serialized_end=2216, -) - - -_CREATECRYPTOKEYREQUEST = _descriptor.Descriptor( - name="CreateCryptoKeyRequest", - full_name="google.cloud.kms.v1.CreateCryptoKeyRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.CreateCryptoKeyRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A!\n\037cloudkms.googleapis.com/KeyRing" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="crypto_key_id", - full_name="google.cloud.kms.v1.CreateCryptoKeyRequest.crypto_key_id", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="crypto_key", - full_name="google.cloud.kms.v1.CreateCryptoKeyRequest.crypto_key", - index=2, - number=3, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="skip_initial_version_creation", - full_name="google.cloud.kms.v1.CreateCryptoKeyRequest.skip_initial_version_creation", - index=3, - number=5, - type=8, - cpp_type=7, - label=1, - has_default_value=False, - default_value=False, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=2219, - serialized_end=2424, -) - - -_CREATECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="CreateCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.CreateCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.CreateCryptoKeyVersionRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="crypto_key_version", - full_name="google.cloud.kms.v1.CreateCryptoKeyVersionRequest.crypto_key_version", - index=1, - number=2, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=2427, - serialized_end=2589, -) - - -_IMPORTCRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="ImportCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="algorithm", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest.algorithm", - index=1, - number=2, - type=14, - cpp_type=8, - label=1, - has_default_value=False, - default_value=0, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_job", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest.import_job", - index=2, - number=4, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="rsa_aes_wrapped_key", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest.rsa_aes_wrapped_key", - index=3, - number=5, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name="wrapped_key_material", - full_name="google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key_material", - index=0, - containing_type=None, - fields=[], - ) - ], - serialized_start=2592, - serialized_end=2851, -) - - -_CREATEIMPORTJOBREQUEST = _descriptor.Descriptor( - name="CreateImportJobRequest", - full_name="google.cloud.kms.v1.CreateImportJobRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="parent", - full_name="google.cloud.kms.v1.CreateImportJobRequest.parent", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A!\n\037cloudkms.googleapis.com/KeyRing" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_job_id", - full_name="google.cloud.kms.v1.CreateImportJobRequest.import_job_id", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="import_job", - full_name="google.cloud.kms.v1.CreateImportJobRequest.import_job", - index=2, - number=3, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=2854, - serialized_end=3020, -) - - -_UPDATECRYPTOKEYREQUEST = _descriptor.Descriptor( - name="UpdateCryptoKeyRequest", - full_name="google.cloud.kms.v1.UpdateCryptoKeyRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="crypto_key", - full_name="google.cloud.kms.v1.UpdateCryptoKeyRequest.crypto_key", - index=0, - number=1, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="update_mask", - full_name="google.cloud.kms.v1.UpdateCryptoKeyRequest.update_mask", - index=1, - number=2, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3023, - serialized_end=3158, -) - - -_UPDATECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="UpdateCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.UpdateCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="crypto_key_version", - full_name="google.cloud.kms.v1.UpdateCryptoKeyVersionRequest.crypto_key_version", - index=0, - number=1, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="update_mask", - full_name="google.cloud.kms.v1.UpdateCryptoKeyVersionRequest.update_mask", - index=1, - number=2, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3161, - serialized_end=3318, -) - - -_ENCRYPTREQUEST = _descriptor.Descriptor( - name="EncryptRequest", - full_name="google.cloud.kms.v1.EncryptRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.EncryptRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002\372A\003\n\001*"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="plaintext", - full_name="google.cloud.kms.v1.EncryptRequest.plaintext", - index=1, - number=2, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="additional_authenticated_data", - full_name="google.cloud.kms.v1.EncryptRequest.additional_authenticated_data", - index=2, - number=3, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3320, - serialized_end=3429, -) - - -_DECRYPTREQUEST = _descriptor.Descriptor( - name="DecryptRequest", - full_name="google.cloud.kms.v1.DecryptRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.DecryptRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="ciphertext", - full_name="google.cloud.kms.v1.DecryptRequest.ciphertext", - index=1, - number=2, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="additional_authenticated_data", - full_name="google.cloud.kms.v1.DecryptRequest.additional_authenticated_data", - index=2, - number=3, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\001"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3432, - serialized_end=3574, -) - - -_ASYMMETRICSIGNREQUEST = _descriptor.Descriptor( - name="AsymmetricSignRequest", - full_name="google.cloud.kms.v1.AsymmetricSignRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.AsymmetricSignRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="digest", - full_name="google.cloud.kms.v1.AsymmetricSignRequest.digest", - index=1, - number=3, - type=11, - cpp_type=10, - label=1, - has_default_value=False, - default_value=None, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3577, - serialized_end=3714, -) - - -_ASYMMETRICDECRYPTREQUEST = _descriptor.Descriptor( - name="AsymmetricDecryptRequest", - full_name="google.cloud.kms.v1.AsymmetricDecryptRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.AsymmetricDecryptRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="ciphertext", - full_name="google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext", - index=1, - number=3, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3716, - serialized_end=3831, -) - - -_DECRYPTRESPONSE = _descriptor.Descriptor( - name="DecryptResponse", - full_name="google.cloud.kms.v1.DecryptResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="plaintext", - full_name="google.cloud.kms.v1.DecryptResponse.plaintext", - index=0, - number=1, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3833, - serialized_end=3869, -) - - -_ENCRYPTRESPONSE = _descriptor.Descriptor( - name="EncryptResponse", - full_name="google.cloud.kms.v1.EncryptResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.EncryptResponse.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="ciphertext", - full_name="google.cloud.kms.v1.EncryptResponse.ciphertext", - index=1, - number=2, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3871, - serialized_end=3922, -) - - -_ASYMMETRICSIGNRESPONSE = _descriptor.Descriptor( - name="AsymmetricSignResponse", - full_name="google.cloud.kms.v1.AsymmetricSignResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="signature", - full_name="google.cloud.kms.v1.AsymmetricSignResponse.signature", - index=0, - number=1, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3924, - serialized_end=3967, -) - - -_ASYMMETRICDECRYPTRESPONSE = _descriptor.Descriptor( - name="AsymmetricDecryptResponse", - full_name="google.cloud.kms.v1.AsymmetricDecryptResponse", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="plaintext", - full_name="google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext", - index=0, - number=1, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=3969, - serialized_end=4015, -) - - -_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST = _descriptor.Descriptor( - name="UpdateCryptoKeyPrimaryVersionRequest", - full_name="google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A#\n!cloudkms.googleapis.com/CryptoKey" - ), - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="crypto_key_version_id", - full_name="google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest.crypto_key_version_id", - index=1, - number=2, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b("\340A\002"), - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4018, - serialized_end=4149, -) - - -_DESTROYCRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="DestroyCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.DestroyCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.DestroyCryptoKeyVersionRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4151, - serialized_end=4247, -) - - -_RESTORECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( - name="RestoreCryptoKeyVersionRequest", - full_name="google.cloud.kms.v1.RestoreCryptoKeyVersionRequest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="name", - full_name="google.cloud.kms.v1.RestoreCryptoKeyVersionRequest.name", - index=0, - number=1, - type=9, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b("").decode("utf-8"), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=_b( - "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKeyVersion" - ), - file=DESCRIPTOR, - ) - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4249, - serialized_end=4345, -) - - -_DIGEST = _descriptor.Descriptor( - name="Digest", - full_name="google.cloud.kms.v1.Digest", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="sha256", - full_name="google.cloud.kms.v1.Digest.sha256", - index=0, - number=1, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="sha384", - full_name="google.cloud.kms.v1.Digest.sha384", - index=1, - number=2, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="sha512", - full_name="google.cloud.kms.v1.Digest.sha512", - index=2, - number=3, - type=12, - cpp_type=9, - label=1, - has_default_value=False, - default_value=_b(""), - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name="digest", - full_name="google.cloud.kms.v1.Digest.digest", - index=0, - containing_type=None, - fields=[], - ) - ], - serialized_start=4347, - serialized_end=4419, -) - - -_LOCATIONMETADATA = _descriptor.Descriptor( - name="LocationMetadata", - full_name="google.cloud.kms.v1.LocationMetadata", - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name="hsm_available", - full_name="google.cloud.kms.v1.LocationMetadata.hsm_available", - index=0, - number=1, - type=8, - cpp_type=7, - label=1, - has_default_value=False, - default_value=False, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - _descriptor.FieldDescriptor( - name="ekm_available", - full_name="google.cloud.kms.v1.LocationMetadata.ekm_available", - index=1, - number=2, - type=8, - cpp_type=7, - label=1, - has_default_value=False, - default_value=False, - message_type=None, - enum_type=None, - containing_type=None, - is_extension=False, - extension_scope=None, - serialized_options=None, - file=DESCRIPTOR, - ), - ], - extensions=[], - nested_types=[], - enum_types=[], - serialized_options=None, - is_extendable=False, - syntax="proto3", - extension_ranges=[], - oneofs=[], - serialized_start=4421, - serialized_end=4485, -) - -_LISTCRYPTOKEYSREQUEST.fields_by_name[ - "version_view" -].enum_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW -) -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name[ - "view" -].enum_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION_CRYPTOKEYVERSIONVIEW -) -_LISTKEYRINGSRESPONSE.fields_by_name[ - "key_rings" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING -_LISTCRYPTOKEYSRESPONSE.fields_by_name[ - "crypto_keys" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY -_LISTCRYPTOKEYVERSIONSRESPONSE.fields_by_name[ - "crypto_key_versions" -].message_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION -) -_LISTIMPORTJOBSRESPONSE.fields_by_name[ - "import_jobs" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._IMPORTJOB -_CREATEKEYRINGREQUEST.fields_by_name[ - "key_ring" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING -_CREATECRYPTOKEYREQUEST.fields_by_name[ - "crypto_key" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY -_CREATECRYPTOKEYVERSIONREQUEST.fields_by_name[ - "crypto_key_version" -].message_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION -) -_IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name[ - "algorithm" -].enum_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION_CRYPTOKEYVERSIONALGORITHM -) -_IMPORTCRYPTOKEYVERSIONREQUEST.oneofs_by_name["wrapped_key_material"].fields.append( - _IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name["rsa_aes_wrapped_key"] -) -_IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name[ - "rsa_aes_wrapped_key" -].containing_oneof = _IMPORTCRYPTOKEYVERSIONREQUEST.oneofs_by_name[ - "wrapped_key_material" -] -_CREATEIMPORTJOBREQUEST.fields_by_name[ - "import_job" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._IMPORTJOB -_UPDATECRYPTOKEYREQUEST.fields_by_name[ - "crypto_key" -].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY -_UPDATECRYPTOKEYREQUEST.fields_by_name[ - "update_mask" -].message_type = google_dot_protobuf_dot_field__mask__pb2._FIELDMASK -_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name[ - "crypto_key_version" -].message_type = ( - google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION -) -_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name[ - "update_mask" -].message_type = google_dot_protobuf_dot_field__mask__pb2._FIELDMASK -_ASYMMETRICSIGNREQUEST.fields_by_name["digest"].message_type = _DIGEST -_DIGEST.oneofs_by_name["digest"].fields.append(_DIGEST.fields_by_name["sha256"]) -_DIGEST.fields_by_name["sha256"].containing_oneof = _DIGEST.oneofs_by_name["digest"] -_DIGEST.oneofs_by_name["digest"].fields.append(_DIGEST.fields_by_name["sha384"]) -_DIGEST.fields_by_name["sha384"].containing_oneof = _DIGEST.oneofs_by_name["digest"] -_DIGEST.oneofs_by_name["digest"].fields.append(_DIGEST.fields_by_name["sha512"]) -_DIGEST.fields_by_name["sha512"].containing_oneof = _DIGEST.oneofs_by_name["digest"] -DESCRIPTOR.message_types_by_name["ListKeyRingsRequest"] = _LISTKEYRINGSREQUEST -DESCRIPTOR.message_types_by_name["ListCryptoKeysRequest"] = _LISTCRYPTOKEYSREQUEST -DESCRIPTOR.message_types_by_name[ - "ListCryptoKeyVersionsRequest" -] = _LISTCRYPTOKEYVERSIONSREQUEST -DESCRIPTOR.message_types_by_name["ListImportJobsRequest"] = _LISTIMPORTJOBSREQUEST -DESCRIPTOR.message_types_by_name["ListKeyRingsResponse"] = _LISTKEYRINGSRESPONSE -DESCRIPTOR.message_types_by_name["ListCryptoKeysResponse"] = _LISTCRYPTOKEYSRESPONSE -DESCRIPTOR.message_types_by_name[ - "ListCryptoKeyVersionsResponse" -] = _LISTCRYPTOKEYVERSIONSRESPONSE -DESCRIPTOR.message_types_by_name["ListImportJobsResponse"] = _LISTIMPORTJOBSRESPONSE -DESCRIPTOR.message_types_by_name["GetKeyRingRequest"] = _GETKEYRINGREQUEST -DESCRIPTOR.message_types_by_name["GetCryptoKeyRequest"] = _GETCRYPTOKEYREQUEST -DESCRIPTOR.message_types_by_name[ - "GetCryptoKeyVersionRequest" -] = _GETCRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name["GetPublicKeyRequest"] = _GETPUBLICKEYREQUEST -DESCRIPTOR.message_types_by_name["GetImportJobRequest"] = _GETIMPORTJOBREQUEST -DESCRIPTOR.message_types_by_name["CreateKeyRingRequest"] = _CREATEKEYRINGREQUEST -DESCRIPTOR.message_types_by_name["CreateCryptoKeyRequest"] = _CREATECRYPTOKEYREQUEST -DESCRIPTOR.message_types_by_name[ - "CreateCryptoKeyVersionRequest" -] = _CREATECRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name[ - "ImportCryptoKeyVersionRequest" -] = _IMPORTCRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name["CreateImportJobRequest"] = _CREATEIMPORTJOBREQUEST -DESCRIPTOR.message_types_by_name["UpdateCryptoKeyRequest"] = _UPDATECRYPTOKEYREQUEST -DESCRIPTOR.message_types_by_name[ - "UpdateCryptoKeyVersionRequest" -] = _UPDATECRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name["EncryptRequest"] = _ENCRYPTREQUEST -DESCRIPTOR.message_types_by_name["DecryptRequest"] = _DECRYPTREQUEST -DESCRIPTOR.message_types_by_name["AsymmetricSignRequest"] = _ASYMMETRICSIGNREQUEST -DESCRIPTOR.message_types_by_name["AsymmetricDecryptRequest"] = _ASYMMETRICDECRYPTREQUEST -DESCRIPTOR.message_types_by_name["DecryptResponse"] = _DECRYPTRESPONSE -DESCRIPTOR.message_types_by_name["EncryptResponse"] = _ENCRYPTRESPONSE -DESCRIPTOR.message_types_by_name["AsymmetricSignResponse"] = _ASYMMETRICSIGNRESPONSE -DESCRIPTOR.message_types_by_name[ - "AsymmetricDecryptResponse" -] = _ASYMMETRICDECRYPTRESPONSE -DESCRIPTOR.message_types_by_name[ - "UpdateCryptoKeyPrimaryVersionRequest" -] = _UPDATECRYPTOKEYPRIMARYVERSIONREQUEST -DESCRIPTOR.message_types_by_name[ - "DestroyCryptoKeyVersionRequest" -] = _DESTROYCRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name[ - "RestoreCryptoKeyVersionRequest" -] = _RESTORECRYPTOKEYVERSIONREQUEST -DESCRIPTOR.message_types_by_name["Digest"] = _DIGEST -DESCRIPTOR.message_types_by_name["LocationMetadata"] = _LOCATIONMETADATA -_sym_db.RegisterFileDescriptor(DESCRIPTOR) - -ListKeyRingsRequest = _reflection.GeneratedProtocolMessageType( - "ListKeyRingsRequest", - (_message.Message,), - dict( - DESCRIPTOR=_LISTKEYRINGSREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.ListKeyRings][google.cloud.k - ms.v1.KeyManagementService.ListKeyRings]. - Attributes: - parent: - Required. The resource name of the location associated with - the [KeyRings][google.cloud.kms.v1.KeyRing], in the format - ``projects/*/locations/*``. - page_size: - Optional. Optional limit on the number of - [KeyRings][google.cloud.kms.v1.KeyRing] to include in the - response. Further [KeyRings][google.cloud.kms.v1.KeyRing] can - subsequently be obtained by including the [ListKeyRingsRespons - e.next\_page\_token][google.cloud.kms.v1.ListKeyRingsResponse. - next\_page\_token] in a subsequent request. If unspecified, - the server will pick an appropriate default. - page_token: - Optional. Optional pagination token, returned earlier via [Lis - tKeyRingsResponse.next\_page\_token][google.cloud.kms.v1.ListK - eyRingsResponse.next\_page\_token]. - filter: - Optional. Only include resources that match the filter in the - response. For more information, see `Sorting and filtering - list results `__. - order_by: - Optional. Specify how the results should be sorted. If not - specified, the results will be sorted in the default order. - For more information, see `Sorting and filtering list results - `__. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListKeyRingsRequest) - ), -) -_sym_db.RegisterMessage(ListKeyRingsRequest) - -ListCryptoKeysRequest = _reflection.GeneratedProtocolMessageType( - "ListCryptoKeysRequest", - (_message.Message,), - dict( - DESCRIPTOR=_LISTCRYPTOKEYSREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.ListCryptoKeys][google.cloud - .kms.v1.KeyManagementService.ListCryptoKeys]. - Attributes: - parent: - Required. The resource name of the - [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format - ``projects/*/locations/*/keyRings/*``. - page_size: - Optional. Optional limit on the number of - [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the - response. Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] - can subsequently be obtained by including the [ListCryptoKeysR - esponse.next\_page\_token][google.cloud.kms.v1.ListCryptoKeysR - esponse.next\_page\_token] in a subsequent request. If - unspecified, the server will pick an appropriate default. - page_token: - Optional. Optional pagination token, returned earlier via [Lis - tCryptoKeysResponse.next\_page\_token][google.cloud.kms.v1.Lis - tCryptoKeysResponse.next\_page\_token]. - version_view: - The fields of the primary version to include in the response. - filter: - Optional. Only include resources that match the filter in the - response. For more information, see `Sorting and filtering - list results `__. - order_by: - Optional. Specify how the results should be sorted. If not - specified, the results will be sorted in the default order. - For more information, see `Sorting and filtering list results - `__. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeysRequest) - ), -) -_sym_db.RegisterMessage(ListCryptoKeysRequest) - -ListCryptoKeyVersionsRequest = _reflection.GeneratedProtocolMessageType( - "ListCryptoKeyVersionsRequest", - (_message.Message,), - dict( - DESCRIPTOR=_LISTCRYPTOKEYVERSIONSREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.ListCryptoKeyVersions][googl - e.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. - Attributes: - parent: - Required. The resource name of the - [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the - format ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. - page_size: - Optional. Optional limit on the number of - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to - include in the response. Further - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can - subsequently be obtained by including the [ListCryptoKeyVersio - nsResponse.next\_page\_token][google.cloud.kms.v1.ListCryptoKe - yVersionsResponse.next\_page\_token] in a subsequent request. - If unspecified, the server will pick an appropriate default. - page_token: - Optional. Optional pagination token, returned earlier via [Lis - tCryptoKeyVersionsResponse.next\_page\_token][google.cloud.kms - .v1.ListCryptoKeyVersionsResponse.next\_page\_token]. - view: - The fields to include in the response. - filter: - Optional. Only include resources that match the filter in the - response. For more information, see `Sorting and filtering - list results `__. - order_by: - Optional. Specify how the results should be sorted. If not - specified, the results will be sorted in the default order. - For more information, see `Sorting and filtering list results - `__. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeyVersionsRequest) - ), -) -_sym_db.RegisterMessage(ListCryptoKeyVersionsRequest) - -ListImportJobsRequest = _reflection.GeneratedProtocolMessageType( - "ListImportJobsRequest", - (_message.Message,), - dict( - DESCRIPTOR=_LISTIMPORTJOBSREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.ListImportJobs][google.cloud - .kms.v1.KeyManagementService.ListImportJobs]. - Attributes: - parent: - Required. The resource name of the - [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format - ``projects/*/locations/*/keyRings/*``. - page_size: - Optional. Optional limit on the number of - [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the - response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] - can subsequently be obtained by including the [ListImportJobsR - esponse.next\_page\_token][google.cloud.kms.v1.ListImportJobsR - esponse.next\_page\_token] in a subsequent request. If - unspecified, the server will pick an appropriate default. - page_token: - Optional. Optional pagination token, returned earlier via [Lis - tImportJobsResponse.next\_page\_token][google.cloud.kms.v1.Lis - tImportJobsResponse.next\_page\_token]. - filter: - Optional. Only include resources that match the filter in the - response. For more information, see `Sorting and filtering - list results `__. - order_by: - Optional. Specify how the results should be sorted. If not - specified, the results will be sorted in the default order. - For more information, see `Sorting and filtering list results - `__. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListImportJobsRequest) - ), -) -_sym_db.RegisterMessage(ListImportJobsRequest) - -ListKeyRingsResponse = _reflection.GeneratedProtocolMessageType( - "ListKeyRingsResponse", - (_message.Message,), - dict( - DESCRIPTOR=_LISTKEYRINGSRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.ListKeyRings][google.cloud. - kms.v1.KeyManagementService.ListKeyRings]. - Attributes: - key_rings: - The list of [KeyRings][google.cloud.kms.v1.KeyRing]. - next_page_token: - A token to retrieve next page of results. Pass this value in [ - ListKeyRingsRequest.page\_token][google.cloud.kms.v1.ListKeyRi - ngsRequest.page\_token] to retrieve the next page of results. - total_size: - The total number of [KeyRings][google.cloud.kms.v1.KeyRing] - that matched the query. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListKeyRingsResponse) - ), -) -_sym_db.RegisterMessage(ListKeyRingsResponse) - -ListCryptoKeysResponse = _reflection.GeneratedProtocolMessageType( - "ListCryptoKeysResponse", - (_message.Message,), - dict( - DESCRIPTOR=_LISTCRYPTOKEYSRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.ListCryptoKeys][google.clou - d.kms.v1.KeyManagementService.ListCryptoKeys]. - Attributes: - crypto_keys: - The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. - next_page_token: - A token to retrieve next page of results. Pass this value in [ - ListCryptoKeysRequest.page\_token][google.cloud.kms.v1.ListCry - ptoKeysRequest.page\_token] to retrieve the next page of - results. - total_size: - The total number of - [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the - query. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeysResponse) - ), -) -_sym_db.RegisterMessage(ListCryptoKeysResponse) - -ListCryptoKeyVersionsResponse = _reflection.GeneratedProtocolMessageType( - "ListCryptoKeyVersionsResponse", - (_message.Message,), - dict( - DESCRIPTOR=_LISTCRYPTOKEYVERSIONSRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.ListCryptoKeyVersions][goog - le.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. - Attributes: - crypto_key_versions: - The list of - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. - next_page_token: - A token to retrieve next page of results. Pass this value in [ - ListCryptoKeyVersionsRequest.page\_token][google.cloud.kms.v1. - ListCryptoKeyVersionsRequest.page\_token] to retrieve the next - page of results. - total_size: - The total number of - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that - matched the query. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeyVersionsResponse) - ), -) -_sym_db.RegisterMessage(ListCryptoKeyVersionsResponse) - -ListImportJobsResponse = _reflection.GeneratedProtocolMessageType( - "ListImportJobsResponse", - (_message.Message,), - dict( - DESCRIPTOR=_LISTIMPORTJOBSRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.ListImportJobs][google.clou - d.kms.v1.KeyManagementService.ListImportJobs]. - Attributes: - import_jobs: - The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. - next_page_token: - A token to retrieve next page of results. Pass this value in [ - ListImportJobsRequest.page\_token][google.cloud.kms.v1.ListImp - ortJobsRequest.page\_token] to retrieve the next page of - results. - total_size: - The total number of - [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the - query. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListImportJobsResponse) - ), -) -_sym_db.RegisterMessage(ListImportJobsResponse) - -GetKeyRingRequest = _reflection.GeneratedProtocolMessageType( - "GetKeyRingRequest", - (_message.Message,), - dict( - DESCRIPTOR=_GETKEYRINGREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.GetKeyRing][google.cloud.kms - .v1.KeyManagementService.GetKeyRing]. - Attributes: - name: - Required. The [name][google.cloud.kms.v1.KeyRing.name] of the - [KeyRing][google.cloud.kms.v1.KeyRing] to get. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetKeyRingRequest) - ), -) -_sym_db.RegisterMessage(GetKeyRingRequest) - -GetCryptoKeyRequest = _reflection.GeneratedProtocolMessageType( - "GetCryptoKeyRequest", - (_message.Message,), - dict( - DESCRIPTOR=_GETCRYPTOKEYREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.GetCryptoKey][google.cloud.k - ms.v1.KeyManagementService.GetCryptoKey]. - Attributes: - name: - Required. The [name][google.cloud.kms.v1.CryptoKey.name] of - the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetCryptoKeyRequest) - ), -) -_sym_db.RegisterMessage(GetCryptoKeyRequest) - -GetCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "GetCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_GETCRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.GetCryptoKeyVersion][google. - cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. - Attributes: - name: - Required. The - [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - get. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(GetCryptoKeyVersionRequest) - -GetPublicKeyRequest = _reflection.GeneratedProtocolMessageType( - "GetPublicKeyRequest", - (_message.Message,), - dict( - DESCRIPTOR=_GETPUBLICKEYREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.GetPublicKey][google.cloud.k - ms.v1.KeyManagementService.GetPublicKey]. - Attributes: - name: - Required. The - [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - public key to get. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetPublicKeyRequest) - ), -) -_sym_db.RegisterMessage(GetPublicKeyRequest) - -GetImportJobRequest = _reflection.GeneratedProtocolMessageType( - "GetImportJobRequest", - (_message.Message,), - dict( - DESCRIPTOR=_GETIMPORTJOBREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.GetImportJob][google.cloud.k - ms.v1.KeyManagementService.GetImportJob]. - Attributes: - name: - Required. The [name][google.cloud.kms.v1.ImportJob.name] of - the [ImportJob][google.cloud.kms.v1.ImportJob] to get. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetImportJobRequest) - ), -) -_sym_db.RegisterMessage(GetImportJobRequest) - -CreateKeyRingRequest = _reflection.GeneratedProtocolMessageType( - "CreateKeyRingRequest", - (_message.Message,), - dict( - DESCRIPTOR=_CREATEKEYRINGREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.CreateKeyRing][google.cloud. - kms.v1.KeyManagementService.CreateKeyRing]. - Attributes: - parent: - Required. The resource name of the location associated with - the [KeyRings][google.cloud.kms.v1.KeyRing], in the format - ``projects/*/locations/*``. - key_ring_id: - Required. It must be unique within a location and match the - regular expression ``[a-zA-Z0-9_-]{1,63}`` - key_ring: - Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with - initial field values. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateKeyRingRequest) - ), -) -_sym_db.RegisterMessage(CreateKeyRingRequest) - -CreateCryptoKeyRequest = _reflection.GeneratedProtocolMessageType( - "CreateCryptoKeyRequest", - (_message.Message,), - dict( - DESCRIPTOR=_CREATECRYPTOKEYREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.CreateCryptoKey][google.clou - d.kms.v1.KeyManagementService.CreateCryptoKey]. - Attributes: - parent: - Required. The [name][google.cloud.kms.v1.KeyRing.name] of the - KeyRing associated with the - [CryptoKeys][google.cloud.kms.v1.CryptoKey]. - crypto_key_id: - Required. It must be unique within a KeyRing and match the - regular expression ``[a-zA-Z0-9_-]{1,63}`` - crypto_key: - Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with - initial field values. - skip_initial_version_creation: - If set to true, the request will create a - [CryptoKey][google.cloud.kms.v1.CryptoKey] without any - [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You - must manually call [CreateCryptoKeyVersion][google.cloud.kms.v - 1.KeyManagementService.CreateCryptoKeyVersion] or [ImportCrypt - oKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCr - yptoKeyVersion] before you can use this - [CryptoKey][google.cloud.kms.v1.CryptoKey]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateCryptoKeyRequest) - ), -) -_sym_db.RegisterMessage(CreateCryptoKeyRequest) - -CreateCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "CreateCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_CREATECRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.CreateCryptoKeyVersion][goog - le.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. - Attributes: - parent: - Required. The [name][google.cloud.kms.v1.CryptoKey.name] of - the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with - the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. - crypto_key_version: - Required. A - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with - initial field values. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(CreateCryptoKeyVersionRequest) - -ImportCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "ImportCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_IMPORTCRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.ImportCryptoKeyVersion][goog - le.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. - Attributes: - parent: - Required. The [name][google.cloud.kms.v1.CryptoKey.name] of - the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported - into. - algorithm: - Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion - .CryptoKeyVersionAlgorithm] of the key being imported. This - does not need to match the [version\_template][google.cloud.km - s.v1.CryptoKey.version\_template] of the - [CryptoKey][google.cloud.kms.v1.CryptoKey] this version - imports into. - import_job: - Required. The [name][google.cloud.kms.v1.ImportJob.name] of - the [ImportJob][google.cloud.kms.v1.ImportJob] that was used - to wrap this key material. - wrapped_key_material: - Required. The incoming wrapped key material that is to be - imported. - rsa_aes_wrapped_key: - Wrapped key material produced with [RSA\_OAEP\_3072\_SHA1\_AES - \_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA\_OAEP\_3 - 072\_SHA1\_AES\_256] or [RSA\_OAEP\_4096\_SHA1\_AES\_256][goog - le.cloud.kms.v1.ImportJob.ImportMethod.RSA\_OAEP\_4096\_SHA1\_ - AES\_256]. This field contains the concatenation of two - wrapped keys: .. raw:: html
    .. raw:: html
  1. - An ephemeral AES-256 wrapping key wrapped with the - [public\_key][google.cloud.kms.v1.ImportJob.public\_key] using - RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. - .. raw:: html
    2. .. raw:: html
  2. The key to be - imported, wrapped with the ephemeral AES-256 key using AES-KWP - (RFC 5649). .. raw:: html
    3. .. raw:: html
- If importing symmetric key material, it is expected that the - unwrapped key contains plain bytes. If importing asymmetric - key material, it is expected that the unwrapped key is in - PKCS#8-encoded DER format (the PrivateKeyInfo structure from - RFC 5208). This format is the same as the format produced by - PKCS#11 mechanism CKM\_RSA\_AES\_KEY\_WRAP. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ImportCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(ImportCryptoKeyVersionRequest) - -CreateImportJobRequest = _reflection.GeneratedProtocolMessageType( - "CreateImportJobRequest", - (_message.Message,), - dict( - DESCRIPTOR=_CREATEIMPORTJOBREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.CreateImportJob][google.clou - d.kms.v1.KeyManagementService.CreateImportJob]. - Attributes: - parent: - Required. The [name][google.cloud.kms.v1.KeyRing.name] of the - [KeyRing][google.cloud.kms.v1.KeyRing] associated with the - [ImportJobs][google.cloud.kms.v1.ImportJob]. - import_job_id: - Required. It must be unique within a KeyRing and match the - regular expression ``[a-zA-Z0-9_-]{1,63}`` - import_job: - Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with - initial field values. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateImportJobRequest) - ), -) -_sym_db.RegisterMessage(CreateImportJobRequest) - -UpdateCryptoKeyRequest = _reflection.GeneratedProtocolMessageType( - "UpdateCryptoKeyRequest", - (_message.Message,), - dict( - DESCRIPTOR=_UPDATECRYPTOKEYREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.UpdateCryptoKey][google.clou - d.kms.v1.KeyManagementService.UpdateCryptoKey]. - Attributes: - crypto_key: - Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with - updated values. - update_mask: - Required. List of fields to be updated in this request. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyRequest) - ), -) -_sym_db.RegisterMessage(UpdateCryptoKeyRequest) - -UpdateCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "UpdateCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_UPDATECRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.UpdateCryptoKeyVersion][goog - le.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. - Attributes: - crypto_key_version: - Required. - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with - updated values. - update_mask: - Required. List of fields to be updated in this request. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(UpdateCryptoKeyVersionRequest) - -EncryptRequest = _reflection.GeneratedProtocolMessageType( - "EncryptRequest", - (_message.Message,), - dict( - DESCRIPTOR=_ENCRYPTREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1 - .KeyManagementService.Encrypt]. - Attributes: - name: - Required. The resource name of the - [CryptoKey][google.cloud.kms.v1.CryptoKey] or - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - use for encryption. If a - [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the - server will use its [primary - version][google.cloud.kms.v1.CryptoKey.primary]. - plaintext: - Required. The data to encrypt. Must be no larger than 64KiB. - The maximum size depends on the key version's [protection\_lev - el][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection\_l - evel]. For - [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, - the plaintext must be no larger than 64KiB. For - [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the - combined length of the plaintext and - additional\_authenticated\_data fields must be no larger than - 8KiB. - additional_authenticated_data: - Optional. Optional data that, if specified, must also be - provided during decryption through [DecryptRequest.additional\ - _authenticated\_data][google.cloud.kms.v1.DecryptRequest.addit - ional\_authenticated\_data]. The maximum size depends on the - key version's [protection\_level][google.cloud.kms.v1.CryptoKe - yVersionTemplate.protection\_level]. For - [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, - the AAD must be no larger than 64KiB. For - [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the - combined length of the plaintext and - additional\_authenticated\_data fields must be no larger than - 8KiB. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.EncryptRequest) - ), -) -_sym_db.RegisterMessage(EncryptRequest) - -DecryptRequest = _reflection.GeneratedProtocolMessageType( - "DecryptRequest", - (_message.Message,), - dict( - DESCRIPTOR=_DECRYPTREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1 - .KeyManagementService.Decrypt]. - Attributes: - name: - Required. The resource name of the - [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for - decryption. The server will choose the appropriate version. - ciphertext: - Required. The encrypted data originally returned in [EncryptRe - sponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphert - ext]. - additional_authenticated_data: - Optional. Optional data that must match the data originally - supplied in [EncryptRequest.additional\_authenticated\_data][g - oogle.cloud.kms.v1.EncryptRequest.additional\_authenticated\_d - ata]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DecryptRequest) - ), -) -_sym_db.RegisterMessage(DecryptRequest) - -AsymmetricSignRequest = _reflection.GeneratedProtocolMessageType( - "AsymmetricSignRequest", - (_message.Message,), - dict( - DESCRIPTOR=_ASYMMETRICSIGNREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.AsymmetricSign][google.cloud - .kms.v1.KeyManagementService.AsymmetricSign]. - Attributes: - name: - Required. The resource name of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - use for signing. - digest: - Required. The digest of the data to sign. The digest must be - produced with the same digest algorithm as specified by the - key version's - [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.AsymmetricSignRequest) - ), -) -_sym_db.RegisterMessage(AsymmetricSignRequest) - -AsymmetricDecryptRequest = _reflection.GeneratedProtocolMessageType( - "AsymmetricDecryptRequest", - (_message.Message,), - dict( - DESCRIPTOR=_ASYMMETRICDECRYPTREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.AsymmetricDecrypt][google.cl - oud.kms.v1.KeyManagementService.AsymmetricDecrypt]. - Attributes: - name: - Required. The resource name of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - use for decryption. - ciphertext: - Required. The data encrypted with the named - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s - public key using OAEP. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.AsymmetricDecryptRequest) - ), -) -_sym_db.RegisterMessage(AsymmetricDecryptRequest) - -DecryptResponse = _reflection.GeneratedProtocolMessageType( - "DecryptResponse", - (_message.Message,), - dict( - DESCRIPTOR=_DECRYPTRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.Decrypt][google.cloud.kms.v - 1.KeyManagementService.Decrypt]. - Attributes: - plaintext: - The decrypted data originally supplied in [EncryptRequest.plai - ntext][google.cloud.kms.v1.EncryptRequest.plaintext]. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DecryptResponse) - ), -) -_sym_db.RegisterMessage(DecryptResponse) - -EncryptResponse = _reflection.GeneratedProtocolMessageType( - "EncryptResponse", - (_message.Message,), - dict( - DESCRIPTOR=_ENCRYPTRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.Encrypt][google.cloud.kms.v - 1.KeyManagementService.Encrypt]. - Attributes: - name: - The resource name of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used - in encryption. Check this field to verify that the intended - resource was used for encryption. - ciphertext: - The encrypted data. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.EncryptResponse) - ), -) -_sym_db.RegisterMessage(EncryptResponse) - -AsymmetricSignResponse = _reflection.GeneratedProtocolMessageType( - "AsymmetricSignResponse", - (_message.Message,), - dict( - DESCRIPTOR=_ASYMMETRICSIGNRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.AsymmetricSign][google.clou - d.kms.v1.KeyManagementService.AsymmetricSign]. - Attributes: - signature: - The created signature. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.AsymmetricSignResponse) - ), -) -_sym_db.RegisterMessage(AsymmetricSignResponse) - -AsymmetricDecryptResponse = _reflection.GeneratedProtocolMessageType( - "AsymmetricDecryptResponse", - (_message.Message,), - dict( - DESCRIPTOR=_ASYMMETRICDECRYPTRESPONSE, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Response message for [KeyManagementService.AsymmetricDecrypt][google.c - loud.kms.v1.KeyManagementService.AsymmetricDecrypt]. - Attributes: - plaintext: - The decrypted data originally encrypted with the matching - public key. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.AsymmetricDecryptResponse) - ), -) -_sym_db.RegisterMessage(AsymmetricDecryptResponse) - -UpdateCryptoKeyPrimaryVersionRequest = _reflection.GeneratedProtocolMessageType( - "UpdateCryptoKeyPrimaryVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersio - n][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVers - ion]. - Attributes: - name: - Required. The resource name of the - [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. - crypto_key_version_id: - Required. The id of the child - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - use as primary. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest) - ), -) -_sym_db.RegisterMessage(UpdateCryptoKeyPrimaryVersionRequest) - -DestroyCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "DestroyCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_DESTROYCRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.DestroyCryptoKeyVersion][goo - gle.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. - Attributes: - name: - Required. The resource name of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - destroy. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DestroyCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(DestroyCryptoKeyVersionRequest) - -RestoreCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType( - "RestoreCryptoKeyVersionRequest", - (_message.Message,), - dict( - DESCRIPTOR=_RESTORECRYPTOKEYVERSIONREQUEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Request message for [KeyManagementService.RestoreCryptoKeyVersion][goo - gle.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. - Attributes: - name: - Required. The resource name of the - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to - restore. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.RestoreCryptoKeyVersionRequest) - ), -) -_sym_db.RegisterMessage(RestoreCryptoKeyVersionRequest) - -Digest = _reflection.GeneratedProtocolMessageType( - "Digest", - (_message.Message,), - dict( - DESCRIPTOR=_DIGEST, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message - digest. - Attributes: - digest: - Required. The message digest. - sha256: - A message digest produced with the SHA-256 algorithm. - sha384: - A message digest produced with the SHA-384 algorithm. - sha512: - A message digest produced with the SHA-512 algorithm. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.Digest) - ), -) -_sym_db.RegisterMessage(Digest) - -LocationMetadata = _reflection.GeneratedProtocolMessageType( - "LocationMetadata", - (_message.Message,), - dict( - DESCRIPTOR=_LOCATIONMETADATA, - __module__="google.cloud.kms_v1.proto.service_pb2", - __doc__="""Cloud KMS metadata for the given - [google.cloud.location.Location][google.cloud.location.Location]. - Attributes: - hsm_available: - Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] - with [protection\_level][google.cloud.kms.v1.CryptoKeyVersionT - emplate.protection\_level] - [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created - in this location. - ekm_available: - Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] - with [protection\_level][google.cloud.kms.v1.CryptoKeyVersionT - emplate.protection\_level] - [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can - be created in this location. - """, - # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.LocationMetadata) - ), -) -_sym_db.RegisterMessage(LocationMetadata) - - -DESCRIPTOR._options = None -_LISTKEYRINGSREQUEST.fields_by_name["parent"]._options = None -_LISTKEYRINGSREQUEST.fields_by_name["page_size"]._options = None -_LISTKEYRINGSREQUEST.fields_by_name["page_token"]._options = None -_LISTKEYRINGSREQUEST.fields_by_name["filter"]._options = None -_LISTKEYRINGSREQUEST.fields_by_name["order_by"]._options = None -_LISTCRYPTOKEYSREQUEST.fields_by_name["parent"]._options = None -_LISTCRYPTOKEYSREQUEST.fields_by_name["page_size"]._options = None -_LISTCRYPTOKEYSREQUEST.fields_by_name["page_token"]._options = None -_LISTCRYPTOKEYSREQUEST.fields_by_name["filter"]._options = None -_LISTCRYPTOKEYSREQUEST.fields_by_name["order_by"]._options = None -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name["parent"]._options = None -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name["page_size"]._options = None -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name["page_token"]._options = None -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name["filter"]._options = None -_LISTCRYPTOKEYVERSIONSREQUEST.fields_by_name["order_by"]._options = None -_LISTIMPORTJOBSREQUEST.fields_by_name["parent"]._options = None -_LISTIMPORTJOBSREQUEST.fields_by_name["page_size"]._options = None -_LISTIMPORTJOBSREQUEST.fields_by_name["page_token"]._options = None -_LISTIMPORTJOBSREQUEST.fields_by_name["filter"]._options = None -_LISTIMPORTJOBSREQUEST.fields_by_name["order_by"]._options = None -_GETKEYRINGREQUEST.fields_by_name["name"]._options = None -_GETCRYPTOKEYREQUEST.fields_by_name["name"]._options = None -_GETCRYPTOKEYVERSIONREQUEST.fields_by_name["name"]._options = None -_GETPUBLICKEYREQUEST.fields_by_name["name"]._options = None -_GETIMPORTJOBREQUEST.fields_by_name["name"]._options = None -_CREATEKEYRINGREQUEST.fields_by_name["parent"]._options = None -_CREATEKEYRINGREQUEST.fields_by_name["key_ring_id"]._options = None -_CREATEKEYRINGREQUEST.fields_by_name["key_ring"]._options = None -_CREATECRYPTOKEYREQUEST.fields_by_name["parent"]._options = None -_CREATECRYPTOKEYREQUEST.fields_by_name["crypto_key_id"]._options = None -_CREATECRYPTOKEYREQUEST.fields_by_name["crypto_key"]._options = None -_CREATECRYPTOKEYVERSIONREQUEST.fields_by_name["parent"]._options = None -_CREATECRYPTOKEYVERSIONREQUEST.fields_by_name["crypto_key_version"]._options = None -_IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name["parent"]._options = None -_IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name["algorithm"]._options = None -_IMPORTCRYPTOKEYVERSIONREQUEST.fields_by_name["import_job"]._options = None -_CREATEIMPORTJOBREQUEST.fields_by_name["parent"]._options = None -_CREATEIMPORTJOBREQUEST.fields_by_name["import_job_id"]._options = None -_CREATEIMPORTJOBREQUEST.fields_by_name["import_job"]._options = None -_UPDATECRYPTOKEYREQUEST.fields_by_name["crypto_key"]._options = None -_UPDATECRYPTOKEYREQUEST.fields_by_name["update_mask"]._options = None -_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name["crypto_key_version"]._options = None -_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name["update_mask"]._options = None -_ENCRYPTREQUEST.fields_by_name["name"]._options = None -_ENCRYPTREQUEST.fields_by_name["plaintext"]._options = None -_ENCRYPTREQUEST.fields_by_name["additional_authenticated_data"]._options = None -_DECRYPTREQUEST.fields_by_name["name"]._options = None -_DECRYPTREQUEST.fields_by_name["ciphertext"]._options = None -_DECRYPTREQUEST.fields_by_name["additional_authenticated_data"]._options = None -_ASYMMETRICSIGNREQUEST.fields_by_name["name"]._options = None -_ASYMMETRICSIGNREQUEST.fields_by_name["digest"]._options = None -_ASYMMETRICDECRYPTREQUEST.fields_by_name["name"]._options = None -_ASYMMETRICDECRYPTREQUEST.fields_by_name["ciphertext"]._options = None -_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST.fields_by_name["name"]._options = None -_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST.fields_by_name[ - "crypto_key_version_id" -]._options = None -_DESTROYCRYPTOKEYVERSIONREQUEST.fields_by_name["name"]._options = None -_RESTORECRYPTOKEYVERSIONREQUEST.fields_by_name["name"]._options = None - -_KEYMANAGEMENTSERVICE = _descriptor.ServiceDescriptor( - name="KeyManagementService", - full_name="google.cloud.kms.v1.KeyManagementService", - file=DESCRIPTOR, - index=0, - serialized_options=_b( - "\312A\027cloudkms.googleapis.com\322AWhttps://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/cloudkms" - ), - serialized_start=4488, - serialized_end=9358, - methods=[ - _descriptor.MethodDescriptor( - name="ListKeyRings", - full_name="google.cloud.kms.v1.KeyManagementService.ListKeyRings", - index=0, - containing_service=None, - input_type=_LISTKEYRINGSREQUEST, - output_type=_LISTKEYRINGSRESPONSE, - serialized_options=_b( - "\202\323\344\223\002.\022,/v1/{parent=projects/*/locations/*}/keyRings\332A\006parent" - ), - ), - _descriptor.MethodDescriptor( - name="ListCryptoKeys", - full_name="google.cloud.kms.v1.KeyManagementService.ListCryptoKeys", - index=1, - containing_service=None, - input_type=_LISTCRYPTOKEYSREQUEST, - output_type=_LISTCRYPTOKEYSRESPONSE, - serialized_options=_b( - "\202\323\344\223\002;\0229/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys\332A\006parent" - ), - ), - _descriptor.MethodDescriptor( - name="ListCryptoKeyVersions", - full_name="google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions", - index=2, - containing_service=None, - input_type=_LISTCRYPTOKEYVERSIONSREQUEST, - output_type=_LISTCRYPTOKEYVERSIONSRESPONSE, - serialized_options=_b( - "\202\323\344\223\002O\022M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions\332A\006parent" - ), - ), - _descriptor.MethodDescriptor( - name="ListImportJobs", - full_name="google.cloud.kms.v1.KeyManagementService.ListImportJobs", - index=3, - containing_service=None, - input_type=_LISTIMPORTJOBSREQUEST, - output_type=_LISTIMPORTJOBSRESPONSE, - serialized_options=_b( - "\202\323\344\223\002;\0229/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs\332A\006parent" - ), - ), - _descriptor.MethodDescriptor( - name="GetKeyRing", - full_name="google.cloud.kms.v1.KeyManagementService.GetKeyRing", - index=4, - containing_service=None, - input_type=_GETKEYRINGREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING, - serialized_options=_b( - "\202\323\344\223\002.\022,/v1/{name=projects/*/locations/*/keyRings/*}\332A\004name" - ), - ), - _descriptor.MethodDescriptor( - name="GetCryptoKey", - full_name="google.cloud.kms.v1.KeyManagementService.GetCryptoKey", - index=5, - containing_service=None, - input_type=_GETCRYPTOKEYREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, - serialized_options=_b( - "\202\323\344\223\002;\0229/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}\332A\004name" - ), - ), - _descriptor.MethodDescriptor( - name="GetCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion", - index=6, - containing_service=None, - input_type=_GETCRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - "\202\323\344\223\002O\022M/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}\332A\004name" - ), - ), - _descriptor.MethodDescriptor( - name="GetPublicKey", - full_name="google.cloud.kms.v1.KeyManagementService.GetPublicKey", - index=7, - containing_service=None, - input_type=_GETPUBLICKEYREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._PUBLICKEY, - serialized_options=_b( - "\202\323\344\223\002Y\022W/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey\332A\004name" - ), - ), - _descriptor.MethodDescriptor( - name="GetImportJob", - full_name="google.cloud.kms.v1.KeyManagementService.GetImportJob", - index=8, - containing_service=None, - input_type=_GETIMPORTJOBREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._IMPORTJOB, - serialized_options=_b( - "\202\323\344\223\002;\0229/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}\332A\004name" - ), - ), - _descriptor.MethodDescriptor( - name="CreateKeyRing", - full_name="google.cloud.kms.v1.KeyManagementService.CreateKeyRing", - index=9, - containing_service=None, - input_type=_CREATEKEYRINGREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING, - serialized_options=_b( - '\202\323\344\223\0028",/v1/{parent=projects/*/locations/*}/keyRings:\010key_ring\332A\033parent,key_ring_id,key_ring' - ), - ), - _descriptor.MethodDescriptor( - name="CreateCryptoKey", - full_name="google.cloud.kms.v1.KeyManagementService.CreateCryptoKey", - index=10, - containing_service=None, - input_type=_CREATECRYPTOKEYREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, - serialized_options=_b( - '\202\323\344\223\002G"9/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys:\ncrypto_key\332A\037parent,crypto_key_id,crypto_key' - ), - ), - _descriptor.MethodDescriptor( - name="CreateCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion", - index=11, - containing_service=None, - input_type=_CREATECRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - '\202\323\344\223\002c"M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:\022crypto_key_version\332A\031parent,crypto_key_version' - ), - ), - _descriptor.MethodDescriptor( - name="ImportCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion", - index=12, - containing_service=None, - input_type=_IMPORTCRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - '\202\323\344\223\002Y"T/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import:\001*' - ), - ), - _descriptor.MethodDescriptor( - name="CreateImportJob", - full_name="google.cloud.kms.v1.KeyManagementService.CreateImportJob", - index=13, - containing_service=None, - input_type=_CREATEIMPORTJOBREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._IMPORTJOB, - serialized_options=_b( - '\202\323\344\223\002G"9/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs:\nimport_job\332A\037parent,import_job_id,import_job' - ), - ), - _descriptor.MethodDescriptor( - name="UpdateCryptoKey", - full_name="google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey", - index=14, - containing_service=None, - input_type=_UPDATECRYPTOKEYREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, - serialized_options=_b( - "\202\323\344\223\002R2D/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:\ncrypto_key\332A\026crypto_key,update_mask" - ), - ), - _descriptor.MethodDescriptor( - name="UpdateCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion", - index=15, - containing_service=None, - input_type=_UPDATECRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - "\202\323\344\223\002v2`/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:\022crypto_key_version\332A\036crypto_key_version,update_mask" - ), - ), - _descriptor.MethodDescriptor( - name="Encrypt", - full_name="google.cloud.kms.v1.KeyManagementService.Encrypt", - index=16, - containing_service=None, - input_type=_ENCRYPTREQUEST, - output_type=_ENCRYPTRESPONSE, - serialized_options=_b( - '\202\323\344\223\002G"B/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt:\001*\332A\016name,plaintext' - ), - ), - _descriptor.MethodDescriptor( - name="Decrypt", - full_name="google.cloud.kms.v1.KeyManagementService.Decrypt", - index=17, - containing_service=None, - input_type=_DECRYPTREQUEST, - output_type=_DECRYPTRESPONSE, - serialized_options=_b( - '\202\323\344\223\002F"A/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt:\001*\332A\017name,ciphertext' - ), - ), - _descriptor.MethodDescriptor( - name="AsymmetricSign", - full_name="google.cloud.kms.v1.KeyManagementService.AsymmetricSign", - index=18, - containing_service=None, - input_type=_ASYMMETRICSIGNREQUEST, - output_type=_ASYMMETRICSIGNRESPONSE, - serialized_options=_b( - '\202\323\344\223\002a"\\/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign:\001*\332A\013name,digest' - ), - ), - _descriptor.MethodDescriptor( - name="AsymmetricDecrypt", - full_name="google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt", - index=19, - containing_service=None, - input_type=_ASYMMETRICDECRYPTREQUEST, - output_type=_ASYMMETRICDECRYPTRESPONSE, - serialized_options=_b( - '\202\323\344\223\002d"_/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt:\001*\332A\017name,ciphertext' - ), - ), - _descriptor.MethodDescriptor( - name="UpdateCryptoKeyPrimaryVersion", - full_name="google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion", - index=20, - containing_service=None, - input_type=_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, - serialized_options=_b( - '\202\323\344\223\002S"N/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion:\001*\332A\032name,crypto_key_version_id' - ), - ), - _descriptor.MethodDescriptor( - name="DestroyCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion", - index=21, - containing_service=None, - input_type=_DESTROYCRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - '\202\323\344\223\002Z"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy:\001*\332A\004name' - ), - ), - _descriptor.MethodDescriptor( - name="RestoreCryptoKeyVersion", - full_name="google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion", - index=22, - containing_service=None, - input_type=_RESTORECRYPTOKEYVERSIONREQUEST, - output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, - serialized_options=_b( - '\202\323\344\223\002Z"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore:\001*\332A\004name' - ), - ), - ], -) -_sym_db.RegisterServiceDescriptor(_KEYMANAGEMENTSERVICE) - -DESCRIPTOR.services_by_name["KeyManagementService"] = _KEYMANAGEMENTSERVICE - -# @@protoc_insertion_point(module_scope) diff --git a/google/cloud/kms_v1/proto/service_pb2_grpc.py b/google/cloud/kms_v1/proto/service_pb2_grpc.py deleted file mode 100644 index 2e701424..00000000 --- a/google/cloud/kms_v1/proto/service_pb2_grpc.py +++ /dev/null @@ -1,498 +0,0 @@ -# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! -import grpc - -from google.cloud.kms_v1.proto import ( - resources_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2, -) -from google.cloud.kms_v1.proto import ( - service_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2, -) - - -class KeyManagementServiceStub(object): - """Google Cloud Key Management Service - - Manages cryptographic keys and operations using those keys. Implements a REST - model with the following objects: - - * [KeyRing][google.cloud.kms.v1.KeyRing] - * [CryptoKey][google.cloud.kms.v1.CryptoKey] - * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - * [ImportJob][google.cloud.kms.v1.ImportJob] - - If you are using manual gRPC libraries, see - [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). - """ - - def __init__(self, channel): - """Constructor. - - Args: - channel: A grpc.Channel. - """ - self.ListKeyRings = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/ListKeyRings", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsResponse.FromString, - ) - self.ListCryptoKeys = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysResponse.FromString, - ) - self.ListCryptoKeyVersions = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsResponse.FromString, - ) - self.ListImportJobs = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/ListImportJobs", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListImportJobsRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListImportJobsResponse.FromString, - ) - self.GetKeyRing = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/GetKeyRing", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetKeyRingRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.FromString, - ) - self.GetCryptoKey = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/GetCryptoKey", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, - ) - self.GetCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - self.GetPublicKey = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/GetPublicKey", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetPublicKeyRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.PublicKey.FromString, - ) - self.GetImportJob = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/GetImportJob", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetImportJobRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.ImportJob.FromString, - ) - self.CreateKeyRing = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/CreateKeyRing", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateKeyRingRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.FromString, - ) - self.CreateCryptoKey = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, - ) - self.CreateCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - self.ImportCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/ImportCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ImportCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - self.CreateImportJob = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/CreateImportJob", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateImportJobRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.ImportJob.FromString, - ) - self.UpdateCryptoKey = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, - ) - self.UpdateCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - self.Encrypt = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/Encrypt", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptResponse.FromString, - ) - self.Decrypt = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/Decrypt", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptResponse.FromString, - ) - self.AsymmetricSign = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/AsymmetricSign", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricSignRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricSignResponse.FromString, - ) - self.AsymmetricDecrypt = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/AsymmetricDecrypt", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricDecryptRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricDecryptResponse.FromString, - ) - self.UpdateCryptoKeyPrimaryVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyPrimaryVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, - ) - self.DestroyCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DestroyCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - self.RestoreCryptoKeyVersion = channel.unary_unary( - "/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion", - request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.RestoreCryptoKeyVersionRequest.SerializeToString, - response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, - ) - - -class KeyManagementServiceServicer(object): - """Google Cloud Key Management Service - - Manages cryptographic keys and operations using those keys. Implements a REST - model with the following objects: - - * [KeyRing][google.cloud.kms.v1.KeyRing] - * [CryptoKey][google.cloud.kms.v1.CryptoKey] - * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] - * [ImportJob][google.cloud.kms.v1.ImportJob] - - If you are using manual gRPC libraries, see - [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). - """ - - def ListKeyRings(self, request, context): - """Lists [KeyRings][google.cloud.kms.v1.KeyRing]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def ListCryptoKeys(self, request, context): - """Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def ListCryptoKeyVersions(self, request, context): - """Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def ListImportJobs(self, request, context): - """Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def GetKeyRing(self, request, context): - """Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def GetCryptoKey(self, request, context): - """Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its - [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def GetCryptoKeyVersion(self, request, context): - """Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def GetPublicKey(self, request, context): - """Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The - [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be - [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or - [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def GetImportJob(self, request, context): - """Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def CreateKeyRing(self, request, context): - """Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def CreateCryptoKey(self, request, context): - """Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. - - [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and - [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] - are required. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def CreateCryptoKeyVersion(self, request, context): - """Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. - - The server will assign the next sequential id. If unset, - [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to - [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def ImportCryptoKeyVersion(self, request, context): - """Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the - wrapped key material provided in the request. - - The version ID will be assigned the next sequential id within the - [CryptoKey][google.cloud.kms.v1.CryptoKey]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def CreateImportJob(self, request, context): - """Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]. - - [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def UpdateCryptoKey(self, request, context): - """Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def UpdateCryptoKeyVersion(self, request, context): - """Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. - - [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between - [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and - [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this - method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to - move between other states. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def Encrypt(self, request, context): - """Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. - The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be - [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def Decrypt(self, request, context): - """Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] - must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def AsymmetricSign(self, request, context): - """Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] - ASYMMETRIC_SIGN, producing a signature that can be verified with the public - key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def AsymmetricDecrypt(self, request, context): - """Decrypts data that was encrypted with a public key retrieved from - [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with - [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def UpdateCryptoKeyPrimaryVersion(self, request, context): - """Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. - - Returns an error if called on an asymmetric key. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def DestroyCryptoKeyVersion(self, request, context): - """Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. - - Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to - [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] - and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 - hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] - will be changed to - [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key - material will be irrevocably destroyed. - - Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, - [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - def RestoreCryptoKeyVersion(self, request, context): - """Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the - [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] - state. - - Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] - will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], - and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. - """ - context.set_code(grpc.StatusCode.UNIMPLEMENTED) - context.set_details("Method not implemented!") - raise NotImplementedError("Method not implemented!") - - -def add_KeyManagementServiceServicer_to_server(servicer, server): - rpc_method_handlers = { - "ListKeyRings": grpc.unary_unary_rpc_method_handler( - servicer.ListKeyRings, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsResponse.SerializeToString, - ), - "ListCryptoKeys": grpc.unary_unary_rpc_method_handler( - servicer.ListCryptoKeys, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysResponse.SerializeToString, - ), - "ListCryptoKeyVersions": grpc.unary_unary_rpc_method_handler( - servicer.ListCryptoKeyVersions, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsResponse.SerializeToString, - ), - "ListImportJobs": grpc.unary_unary_rpc_method_handler( - servicer.ListImportJobs, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListImportJobsRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListImportJobsResponse.SerializeToString, - ), - "GetKeyRing": grpc.unary_unary_rpc_method_handler( - servicer.GetKeyRing, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetKeyRingRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.SerializeToString, - ), - "GetCryptoKey": grpc.unary_unary_rpc_method_handler( - servicer.GetCryptoKey, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, - ), - "GetCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.GetCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - "GetPublicKey": grpc.unary_unary_rpc_method_handler( - servicer.GetPublicKey, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetPublicKeyRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.PublicKey.SerializeToString, - ), - "GetImportJob": grpc.unary_unary_rpc_method_handler( - servicer.GetImportJob, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetImportJobRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.ImportJob.SerializeToString, - ), - "CreateKeyRing": grpc.unary_unary_rpc_method_handler( - servicer.CreateKeyRing, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateKeyRingRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.SerializeToString, - ), - "CreateCryptoKey": grpc.unary_unary_rpc_method_handler( - servicer.CreateCryptoKey, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, - ), - "CreateCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.CreateCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - "ImportCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.ImportCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ImportCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - "CreateImportJob": grpc.unary_unary_rpc_method_handler( - servicer.CreateImportJob, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateImportJobRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.ImportJob.SerializeToString, - ), - "UpdateCryptoKey": grpc.unary_unary_rpc_method_handler( - servicer.UpdateCryptoKey, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, - ), - "UpdateCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.UpdateCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - "Encrypt": grpc.unary_unary_rpc_method_handler( - servicer.Encrypt, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptResponse.SerializeToString, - ), - "Decrypt": grpc.unary_unary_rpc_method_handler( - servicer.Decrypt, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptResponse.SerializeToString, - ), - "AsymmetricSign": grpc.unary_unary_rpc_method_handler( - servicer.AsymmetricSign, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricSignRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricSignResponse.SerializeToString, - ), - "AsymmetricDecrypt": grpc.unary_unary_rpc_method_handler( - servicer.AsymmetricDecrypt, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricDecryptRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.AsymmetricDecryptResponse.SerializeToString, - ), - "UpdateCryptoKeyPrimaryVersion": grpc.unary_unary_rpc_method_handler( - servicer.UpdateCryptoKeyPrimaryVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyPrimaryVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, - ), - "DestroyCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.DestroyCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DestroyCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - "RestoreCryptoKeyVersion": grpc.unary_unary_rpc_method_handler( - servicer.RestoreCryptoKeyVersion, - request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.RestoreCryptoKeyVersionRequest.FromString, - response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, - ), - } - generic_handler = grpc.method_handlers_generic_handler( - "google.cloud.kms.v1.KeyManagementService", rpc_method_handlers - ) - server.add_generic_rpc_handlers((generic_handler,)) diff --git a/google/cloud/kms_v1/py.typed b/google/cloud/kms_v1/py.typed new file mode 100644 index 00000000..3720b5f2 --- /dev/null +++ b/google/cloud/kms_v1/py.typed @@ -0,0 +1,2 @@ +# Marker file for PEP 561. +# The google-cloud-kms package uses inline types. diff --git a/google/__init__.py b/google/cloud/kms_v1/services/__init__.py similarity index 71% rename from google/__init__.py rename to google/cloud/kms_v1/services/__init__.py index 9a1b64a6..42ffdf2b 100644 --- a/google/__init__.py +++ b/google/cloud/kms_v1/services/__init__.py @@ -1,24 +1,16 @@ # -*- coding: utf-8 -*- -# + # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# https://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -try: - import pkg_resources - - pkg_resources.declare_namespace(__name__) -except ImportError: - import pkgutil - - __path__ = pkgutil.extend_path(__path__, __name__) +# diff --git a/google/cloud/__init__.py b/google/cloud/kms_v1/services/key_management_service/__init__.py similarity index 69% rename from google/cloud/__init__.py rename to google/cloud/kms_v1/services/key_management_service/__init__.py index 9a1b64a6..7fce2cde 100644 --- a/google/cloud/__init__.py +++ b/google/cloud/kms_v1/services/key_management_service/__init__.py @@ -1,24 +1,24 @@ # -*- coding: utf-8 -*- -# + # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# https://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# -try: - import pkg_resources - - pkg_resources.declare_namespace(__name__) -except ImportError: - import pkgutil +from .client import KeyManagementServiceClient +from .async_client import KeyManagementServiceAsyncClient - __path__ = pkgutil.extend_path(__path__, __name__) +__all__ = ( + "KeyManagementServiceClient", + "KeyManagementServiceAsyncClient", +) diff --git a/google/cloud/kms_v1/services/key_management_service/async_client.py b/google/cloud/kms_v1/services/key_management_service/async_client.py new file mode 100644 index 00000000..02826dbb --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/async_client.py @@ -0,0 +1,2761 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from collections import OrderedDict +import functools +import re +from typing import Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.kms_v1.services.key_management_service import pagers +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore +from google.protobuf import duration_pb2 as duration # type: ignore +from google.protobuf import field_mask_pb2 as field_mask # type: ignore +from google.protobuf import timestamp_pb2 as timestamp # type: ignore + +from .transports.base import KeyManagementServiceTransport +from .transports.grpc_asyncio import KeyManagementServiceGrpcAsyncIOTransport +from .client import KeyManagementServiceClient + + +class KeyManagementServiceAsyncClient: + """Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. + Implements a REST model with the following objects: + + - [KeyRing][google.cloud.kms.v1.KeyRing] + - [CryptoKey][google.cloud.kms.v1.CryptoKey] + - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + - [ImportJob][google.cloud.kms.v1.ImportJob] + + If you are using manual gRPC libraries, see `Using gRPC with Cloud + KMS `__. + """ + + _client: KeyManagementServiceClient + + DEFAULT_ENDPOINT = KeyManagementServiceClient.DEFAULT_ENDPOINT + DEFAULT_MTLS_ENDPOINT = KeyManagementServiceClient.DEFAULT_MTLS_ENDPOINT + + crypto_key_version_path = staticmethod( + KeyManagementServiceClient.crypto_key_version_path + ) + + key_ring_path = staticmethod(KeyManagementServiceClient.key_ring_path) + + crypto_key_path = staticmethod(KeyManagementServiceClient.crypto_key_path) + + import_job_path = staticmethod(KeyManagementServiceClient.import_job_path) + + from_service_account_file = KeyManagementServiceClient.from_service_account_file + from_service_account_json = from_service_account_file + + get_transport_class = functools.partial( + type(KeyManagementServiceClient).get_transport_class, + type(KeyManagementServiceClient), + ) + + def __init__( + self, + *, + credentials: credentials.Credentials = None, + transport: Union[str, KeyManagementServiceTransport] = "grpc_asyncio", + client_options: ClientOptions = None, + ) -> None: + """Instantiate the key management service client. + + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.KeyManagementServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint, this is the default value for + the environment variable) and "auto" (auto switch to the default + mTLS endpoint if client SSL credentials is present). However, + the ``api_endpoint`` property takes precedence if provided. + (2) The ``client_cert_source`` property is used to provide client + SSL credentials for mutual TLS transport. If not provided, the + default SSL credentials will be used if present. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + """ + + self._client = KeyManagementServiceClient( + credentials=credentials, transport=transport, client_options=client_options, + ) + + async def list_key_rings( + self, + request: service.ListKeyRingsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListKeyRingsAsyncPager: + r"""Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + + + Args: + request (:class:`~.service.ListKeyRingsRequest`): + The request object. Request message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + parent (:class:`str`): + Required. The resource name of the location associated + with the [KeyRings][google.cloud.kms.v1.KeyRing], in the + format ``projects/*/locations/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListKeyRingsAsyncPager: + Response message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListKeyRingsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_key_rings, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListKeyRingsAsyncPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + async def list_crypto_keys( + self, + request: service.ListCryptoKeysRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListCryptoKeysAsyncPager: + r"""Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.ListCryptoKeysRequest`): + The request object. Request message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + parent (:class:`str`): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListCryptoKeysAsyncPager: + Response message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListCryptoKeysRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_crypto_keys, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListCryptoKeysAsyncPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + async def list_crypto_key_versions( + self, + request: service.ListCryptoKeyVersionsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListCryptoKeyVersionsAsyncPager: + r"""Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.ListCryptoKeyVersionsRequest`): + The request object. Request message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + parent (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in + the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListCryptoKeyVersionsAsyncPager: + Response message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListCryptoKeyVersionsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_crypto_key_versions, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListCryptoKeyVersionsAsyncPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + async def list_import_jobs( + self, + request: service.ListImportJobsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListImportJobsAsyncPager: + r"""Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + + + Args: + request (:class:`~.service.ListImportJobsRequest`): + The request object. Request message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + parent (:class:`str`): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListImportJobsAsyncPager: + Response message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListImportJobsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.list_import_jobs, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__aiter__` convenience method. + response = pagers.ListImportJobsAsyncPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + async def get_key_ring( + self, + request: service.GetKeyRingRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.KeyRing: + r"""Returns metadata for a given + [KeyRing][google.cloud.kms.v1.KeyRing]. + + + Args: + request (:class:`~.service.GetKeyRingRequest`): + The request object. Request message for + [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the [KeyRing][google.cloud.kms.v1.KeyRing] to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.KeyRing: + A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel + logical grouping of + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetKeyRingRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_key_ring, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_crypto_key( + self, + request: service.GetCryptoKeyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Returns metadata for a given + [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its + [primary][google.cloud.kms.v1.CryptoKey.primary] + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.GetCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] + of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to + get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_crypto_key_version( + self, + request: service.GetCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Returns metadata for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.GetCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. + name (:class:`str`): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_public_key( + self, + request: service.GetPublicKeyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.PublicKey: + r"""Returns the public key for the given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + or + [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + + + Args: + request (:class:`~.service.GetPublicKeyRequest`): + The request object. Request message for + [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + name (:class:`str`): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + public key to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.PublicKey: + The public key for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + Obtained via + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetPublicKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_public_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_import_job( + self, + request: service.GetImportJobRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.ImportJob: + r"""Returns metadata for a given + [ImportJob][google.cloud.kms.v1.ImportJob]. + + + Args: + request (:class:`~.service.GetImportJobRequest`): + The request object. Request message for + [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.ImportJob.name] + of the [ImportJob][google.cloud.kms.v1.ImportJob] to + get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.ImportJob: + An [ImportJob][google.cloud.kms.v1.ImportJob] can be + used to create + [CryptoKeys][google.cloud.kms.v1.CryptoKey] and + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + using pre-existing key material, generated outside of + Cloud KMS. + + When an [ImportJob][google.cloud.kms.v1.ImportJob] is + created, Cloud KMS will generate a "wrapping key", which + is a public/private key pair. You use the wrapping key + to encrypt (also known as wrap) the pre-existing key + material to protect it during the import process. The + nature of the wrapping key depends on the choice of + [import_method][google.cloud.kms.v1.ImportJob.import_method]. + When the wrapping key generation is complete, the + [state][google.cloud.kms.v1.ImportJob.state] will be set + to + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] + and the + [public_key][google.cloud.kms.v1.ImportJob.public_key] + can be fetched. The fetched public key can then be used + to wrap your pre-existing key material. + + Once the key material is wrapped, it can be imported + into a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + in an existing + [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + Multiple + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can be imported with a single + [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS + uses the private key portion of the wrapping key to + unwrap the key material. Only Cloud KMS has access to + the private key. + + An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 + days after it is created. Once expired, Cloud KMS will + no longer be able to import or unwrap any key material + that was wrapped with the + [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. + + For more information, see `Importing a + key `__. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetImportJobRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_import_job, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def create_key_ring( + self, + request: service.CreateKeyRingRequest = None, + *, + parent: str = None, + key_ring_id: str = None, + key_ring: resources.KeyRing = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.KeyRing: + r"""Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given + Project and Location. + + + Args: + request (:class:`~.service.CreateKeyRingRequest`): + The request object. Request message for + [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. + parent (:class:`str`): + Required. The resource name of the location associated + with the [KeyRings][google.cloud.kms.v1.KeyRing], in the + format ``projects/*/locations/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + key_ring_id (:class:`str`): + Required. It must be unique within a location and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``key_ring_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + key_ring (:class:`~.resources.KeyRing`): + Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with + initial field values. + This corresponds to the ``key_ring`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.KeyRing: + A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel + logical grouping of + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, key_ring_id, key_ring]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateKeyRingRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if key_ring_id is not None: + request.key_ring_id = key_ring_id + if key_ring is not None: + request.key_ring = key_ring + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_key_ring, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def create_crypto_key( + self, + request: service.CreateCryptoKeyRequest = None, + *, + parent: str = None, + crypto_key_id: str = None, + crypto_key: resources.CryptoKey = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + are required. + + + Args: + request (:class:`~.service.CreateCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the KeyRing associated with the + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_id (:class:`str`): + Required. It must be unique within a KeyRing and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``crypto_key_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key (:class:`~.resources.CryptoKey`): + Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] + with initial field values. + This corresponds to the ``crypto_key`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, crypto_key_id, crypto_key]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if crypto_key_id is not None: + request.crypto_key_id = crypto_key_id + if crypto_key is not None: + request.crypto_key = crypto_key + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def create_crypto_key_version( + self, + request: service.CreateCryptoKeyVersionRequest = None, + *, + parent: str = None, + crypto_key_version: resources.CryptoKeyVersion = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Create a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + The server will assign the next sequential id. If unset, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + + + Args: + request (:class:`~.service.CreateCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] + of the [CryptoKey][google.cloud.kms.v1.CryptoKey] + associated with the + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_version (:class:`~.resources.CryptoKeyVersion`): + Required. A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with initial field values. + This corresponds to the ``crypto_key_version`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, crypto_key_version]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_crypto_key_version, + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def import_crypto_key_version( + self, + request: service.ImportCryptoKeyVersionRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Imports a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an + existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the + wrapped key material provided in the request. + + The version ID will be assigned the next sequential id within + the [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.ImportCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + + request = service.ImportCryptoKeyVersionRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.import_crypto_key_version, + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def create_import_job( + self, + request: service.CreateImportJobRequest = None, + *, + parent: str = None, + import_job_id: str = None, + import_job: resources.ImportJob = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.ImportJob: + r"""Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] + is required. + + + Args: + request (:class:`~.service.CreateImportJobRequest`): + The request object. Request message for + [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the [KeyRing][google.cloud.kms.v1.KeyRing] associated + with the [ImportJobs][google.cloud.kms.v1.ImportJob]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + import_job_id (:class:`str`): + Required. It must be unique within a KeyRing and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``import_job_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + import_job (:class:`~.resources.ImportJob`): + Required. An [ImportJob][google.cloud.kms.v1.ImportJob] + with initial field values. + This corresponds to the ``import_job`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.ImportJob: + An [ImportJob][google.cloud.kms.v1.ImportJob] can be + used to create + [CryptoKeys][google.cloud.kms.v1.CryptoKey] and + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + using pre-existing key material, generated outside of + Cloud KMS. + + When an [ImportJob][google.cloud.kms.v1.ImportJob] is + created, Cloud KMS will generate a "wrapping key", which + is a public/private key pair. You use the wrapping key + to encrypt (also known as wrap) the pre-existing key + material to protect it during the import process. The + nature of the wrapping key depends on the choice of + [import_method][google.cloud.kms.v1.ImportJob.import_method]. + When the wrapping key generation is complete, the + [state][google.cloud.kms.v1.ImportJob.state] will be set + to + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] + and the + [public_key][google.cloud.kms.v1.ImportJob.public_key] + can be fetched. The fetched public key can then be used + to wrap your pre-existing key material. + + Once the key material is wrapped, it can be imported + into a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + in an existing + [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + Multiple + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can be imported with a single + [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS + uses the private key portion of the wrapping key to + unwrap the key material. Only Cloud KMS has access to + the private key. + + An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 + days after it is created. Once expired, Cloud KMS will + no longer be able to import or unwrap any key material + that was wrapped with the + [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. + + For more information, see `Importing a + key `__. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, import_job_id, import_job]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateImportJobRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if import_job_id is not None: + request.import_job_id = import_job_id + if import_job is not None: + request.import_job = import_job + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.create_import_job, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def update_crypto_key( + self, + request: service.UpdateCryptoKeyRequest = None, + *, + crypto_key: resources.CryptoKey = None, + update_mask: field_mask.FieldMask = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.UpdateCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. + crypto_key (:class:`~.resources.CryptoKey`): + Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] + with updated values. + This corresponds to the ``crypto_key`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (:class:`~.field_mask.FieldMask`): + Required. List of fields to be + updated in this request. + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([crypto_key, update_mask]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if crypto_key is not None: + request.crypto_key = crypto_key + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("crypto_key.name", request.crypto_key.name),) + ), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def update_crypto_key_version( + self, + request: service.UpdateCryptoKeyVersionRequest = None, + *, + crypto_key_version: resources.CryptoKeyVersion = None, + update_mask: field_mask.FieldMask = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Update a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + metadata. + + [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be + changed between + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + and + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + using this method. See + [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + and + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + to move between other states. + + + Args: + request (:class:`~.service.UpdateCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. + crypto_key_version (:class:`~.resources.CryptoKeyVersion`): + Required. + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with updated values. + This corresponds to the ``crypto_key_version`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (:class:`~.field_mask.FieldMask`): + Required. List of fields to be + updated in this request. + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([crypto_key_version, update_mask]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("crypto_key_version.name", request.crypto_key_version.name),) + ), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def encrypt( + self, + request: service.EncryptRequest = None, + *, + name: str = None, + plaintext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.EncryptResponse: + r"""Encrypts data, so that it can only be recovered by a call to + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + + Args: + request (:class:`~.service.EncryptRequest`): + The request object. Request message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] or + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for encryption. + + If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is + specified, the server will use its [primary + version][google.cloud.kms.v1.CryptoKey.primary]. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + plaintext (:class:`bytes`): + Required. The data to encrypt. Must be no larger than + 64KiB. + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For + [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the plaintext must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger + than 8KiB. + This corresponds to the ``plaintext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.EncryptResponse: + Response message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, plaintext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.EncryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if plaintext is not None: + request.plaintext = plaintext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.encrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def decrypt( + self, + request: service.DecryptRequest = None, + *, + name: str = None, + ciphertext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.DecryptResponse: + r"""Decrypts data that was protected by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + + Args: + request (:class:`~.service.DecryptRequest`): + The request object. Request message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for + decryption. The server will choose the appropriate + version. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + ciphertext (:class:`bytes`): + Required. The encrypted data originally returned in + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + This corresponds to the ``ciphertext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.DecryptResponse: + Response message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, ciphertext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.DecryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.decrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def asymmetric_sign( + self, + request: service.AsymmetricSignRequest = None, + *, + name: str = None, + digest: service.Digest = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.AsymmetricSignResponse: + r"""Signs data using a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_SIGN, producing a signature that can be verified with + the public key retrieved from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + + Args: + request (:class:`~.service.AsymmetricSignRequest`): + The request object. Request message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for signing. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + digest (:class:`~.service.Digest`): + Required. The digest of the data to sign. The digest + must be produced with the same digest algorithm as + specified by the key version's + [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + This corresponds to the ``digest`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.AsymmetricSignResponse: + Response message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, digest]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.AsymmetricSignRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if digest is not None: + request.digest = digest + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.asymmetric_sign, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def asymmetric_decrypt( + self, + request: service.AsymmetricDecryptRequest = None, + *, + name: str = None, + ciphertext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.AsymmetricDecryptResponse: + r"""Decrypts data that was encrypted with a public key retrieved + from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + corresponding to a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_DECRYPT. + + + Args: + request (:class:`~.service.AsymmetricDecryptRequest`): + The request object. Request message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for decryption. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + ciphertext (:class:`bytes`): + Required. The data encrypted with the named + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + public key using OAEP. + This corresponds to the ``ciphertext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.AsymmetricDecryptResponse: + Response message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, ciphertext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.AsymmetricDecryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.asymmetric_decrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def update_crypto_key_primary_version( + self, + request: service.UpdateCryptoKeyPrimaryVersionRequest = None, + *, + name: str = None, + crypto_key_version_id: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Update the version of a + [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Returns an error if called on an asymmetric key. + + + Args: + request (:class:`~.service.UpdateCryptoKeyPrimaryVersionRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_version_id (:class:`str`): + Required. The id of the child + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use as primary. + This corresponds to the ``crypto_key_version_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, crypto_key_version_id]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyPrimaryVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if crypto_key_version_id is not None: + request.crypto_key_version_id = crypto_key_version_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.update_crypto_key_primary_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def destroy_crypto_key_version( + self, + request: service.DestroyCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Schedule a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + destruction. + + Upon calling this method, + [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be set to + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be set to a time 24 hours in the future, at which point the + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be + changed to + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + and the key material will be irrevocably destroyed. + + Before the + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + is reached, + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + may be called to reverse the process. + + + Args: + request (:class:`~.service.DestroyCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to destroy. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.DestroyCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.destroy_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def restore_crypto_key_version( + self, + request: service.RestoreCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Restore a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + state. + + Upon restoration of the CryptoKeyVersion, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be cleared. + + + Args: + request (:class:`~.service.RestoreCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to restore. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.RestoreCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.restore_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def set_iam_policy( + self, + request: iam_policy.SetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Sets the IAM access control policy on the specified + function. Replaces any existing policy. + + Args: + request (:class:`~.iam_policy.SetIamPolicyRequest`): + The request object. Request message for `SetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.policy.Policy: + Defines an Identity and Access Management (IAM) policy. + It is used to specify access control policies for Cloud + Platform resources. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. + + **JSON Example**:: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } + } + ] + } + + **YAML Example**:: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the `IAM + developer's + guide `__. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.SetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.set_iam_policy, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def get_iam_policy( + self, + request: iam_policy.GetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Gets the IAM access control policy for a function. + Returns an empty policy if the function exists and does + not have a policy set. + + Args: + request (:class:`~.iam_policy.GetIamPolicyRequest`): + The request object. Request message for `GetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.policy.Policy: + Defines an Identity and Access Management (IAM) policy. + It is used to specify access control policies for Cloud + Platform resources. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. + + **JSON Example**:: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } + } + ] + } + + **YAML Example**:: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the `IAM + developer's + guide `__. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.GetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.get_iam_policy, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + async def test_iam_permissions( + self, + request: iam_policy.TestIamPermissionsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy.TestIamPermissionsResponse: + r"""Tests the specified permissions against the IAM access control + policy for a function. If the function does not exist, this will + return an empty set of permissions, not a NOT_FOUND error. + + Args: + request (:class:`~.iam_policy.TestIamPermissionsRequest`): + The request object. Request message for + `TestIamPermissions` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.iam_policy.TestIamPermissionsResponse: + Response message for ``TestIamPermissions`` method. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.TestIamPermissionsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.test_iam_permissions, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = await rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + _client_info = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, + ) +except pkg_resources.DistributionNotFound: + _client_info = gapic_v1.client_info.ClientInfo() + + +__all__ = ("KeyManagementServiceAsyncClient",) diff --git a/google/cloud/kms_v1/services/key_management_service/client.py b/google/cloud/kms_v1/services/key_management_service/client.py new file mode 100644 index 00000000..f346143e --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/client.py @@ -0,0 +1,2675 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from collections import OrderedDict +import os +import re +from typing import Callable, Dict, Sequence, Tuple, Type, Union +import pkg_resources + +import google.api_core.client_options as ClientOptions # type: ignore +from google.api_core import exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials # type: ignore +from google.auth.transport import mtls # type: ignore +from google.auth.exceptions import MutualTLSChannelError # type: ignore +from google.oauth2 import service_account # type: ignore + +from google.cloud.kms_v1.services.key_management_service import pagers +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore +from google.protobuf import duration_pb2 as duration # type: ignore +from google.protobuf import field_mask_pb2 as field_mask # type: ignore +from google.protobuf import timestamp_pb2 as timestamp # type: ignore + +from .transports.base import KeyManagementServiceTransport +from .transports.grpc import KeyManagementServiceGrpcTransport +from .transports.grpc_asyncio import KeyManagementServiceGrpcAsyncIOTransport + + +class KeyManagementServiceClientMeta(type): + """Metaclass for the KeyManagementService client. + + This provides class-level methods for building and retrieving + support objects (e.g. transport) without polluting the client instance + objects. + """ + + _transport_registry = ( + OrderedDict() + ) # type: Dict[str, Type[KeyManagementServiceTransport]] + _transport_registry["grpc"] = KeyManagementServiceGrpcTransport + _transport_registry["grpc_asyncio"] = KeyManagementServiceGrpcAsyncIOTransport + + def get_transport_class( + cls, label: str = None, + ) -> Type[KeyManagementServiceTransport]: + """Return an appropriate transport class. + + + Args: + label: The name of the desired transport. If none is + provided, then the first transport in the registry is used. + + Returns: + The transport class to use. + """ + # If a specific transport is requested, return that one. + if label: + return cls._transport_registry[label] + + # No transport is requested; return the default (that is, the first one + # in the dictionary). + return next(iter(cls._transport_registry.values())) + + +class KeyManagementServiceClient(metaclass=KeyManagementServiceClientMeta): + """Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. + Implements a REST model with the following objects: + + - [KeyRing][google.cloud.kms.v1.KeyRing] + - [CryptoKey][google.cloud.kms.v1.CryptoKey] + - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + - [ImportJob][google.cloud.kms.v1.ImportJob] + + If you are using manual gRPC libraries, see `Using gRPC with Cloud + KMS `__. + """ + + @staticmethod + def _get_default_mtls_endpoint(api_endpoint): + """Convert api endpoint to mTLS endpoint. + Convert "*.sandbox.googleapis.com" and "*.googleapis.com" to + "*.mtls.sandbox.googleapis.com" and "*.mtls.googleapis.com" respectively. + + Args: + api_endpoint (Optional[str]): the api endpoint to convert. + Returns: + str: converted mTLS api endpoint. + """ + if not api_endpoint: + return api_endpoint + + mtls_endpoint_re = re.compile( + r"(?P[^.]+)(?P\.mtls)?(?P\.sandbox)?(?P\.googleapis\.com)?" + ) + + m = mtls_endpoint_re.match(api_endpoint) + name, mtls, sandbox, googledomain = m.groups() + if mtls or not googledomain: + return api_endpoint + + if sandbox: + return api_endpoint.replace( + "sandbox.googleapis.com", "mtls.sandbox.googleapis.com" + ) + + return api_endpoint.replace(".googleapis.com", ".mtls.googleapis.com") + + DEFAULT_ENDPOINT = "cloudkms.googleapis.com" + DEFAULT_MTLS_ENDPOINT = _get_default_mtls_endpoint.__func__( # type: ignore + DEFAULT_ENDPOINT + ) + + @classmethod + def from_service_account_file(cls, filename: str, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + {@api.name}: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file(filename) + kwargs["credentials"] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @staticmethod + def crypto_key_path( + project: str, location: str, key_ring: str, crypto_key: str, + ) -> str: + """Return a fully-qualified crypto_key string.""" + return "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}".format( + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + ) + + @staticmethod + def parse_crypto_key_path(path: str) -> Dict[str, str]: + """Parse a crypto_key path into its component segments.""" + m = re.match( + r"^projects/(?P.+?)/locations/(?P.+?)/keyRings/(?P.+?)/cryptoKeys/(?P.+?)$", + path, + ) + return m.groupdict() if m else {} + + @staticmethod + def crypto_key_version_path( + project: str, + location: str, + key_ring: str, + crypto_key: str, + crypto_key_version: str, + ) -> str: + """Return a fully-qualified crypto_key_version string.""" + return "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}".format( + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + crypto_key_version=crypto_key_version, + ) + + @staticmethod + def parse_crypto_key_version_path(path: str) -> Dict[str, str]: + """Parse a crypto_key_version path into its component segments.""" + m = re.match( + r"^projects/(?P.+?)/locations/(?P.+?)/keyRings/(?P.+?)/cryptoKeys/(?P.+?)/cryptoKeyVersions/(?P.+?)$", + path, + ) + return m.groupdict() if m else {} + + @staticmethod + def import_job_path( + project: str, location: str, key_ring: str, import_job: str, + ) -> str: + """Return a fully-qualified import_job string.""" + return "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}".format( + project=project, + location=location, + key_ring=key_ring, + import_job=import_job, + ) + + @staticmethod + def parse_import_job_path(path: str) -> Dict[str, str]: + """Parse a import_job path into its component segments.""" + m = re.match( + r"^projects/(?P.+?)/locations/(?P.+?)/keyRings/(?P.+?)/importJobs/(?P.+?)$", + path, + ) + return m.groupdict() if m else {} + + @staticmethod + def key_ring_path(project: str, location: str, key_ring: str,) -> str: + """Return a fully-qualified key_ring string.""" + return "projects/{project}/locations/{location}/keyRings/{key_ring}".format( + project=project, location=location, key_ring=key_ring, + ) + + @staticmethod + def parse_key_ring_path(path: str) -> Dict[str, str]: + """Parse a key_ring path into its component segments.""" + m = re.match( + r"^projects/(?P.+?)/locations/(?P.+?)/keyRings/(?P.+?)$", + path, + ) + return m.groupdict() if m else {} + + def __init__( + self, + *, + credentials: credentials.Credentials = None, + transport: Union[str, KeyManagementServiceTransport] = None, + client_options: ClientOptions = None, + ) -> None: + """Instantiate the key management service client. + + + Args: + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + transport (Union[str, ~.KeyManagementServiceTransport]): The + transport to use. If set to None, a transport is chosen + automatically. + client_options (ClientOptions): Custom options for the client. It + won't take effect if a ``transport`` instance is provided. + (1) The ``api_endpoint`` property can be used to override the + default endpoint provided by the client. GOOGLE_API_USE_MTLS + environment variable can also be used to override the endpoint: + "always" (always use the default mTLS endpoint), "never" (always + use the default regular endpoint, this is the default value for + the environment variable) and "auto" (auto switch to the default + mTLS endpoint if client SSL credentials is present). However, + the ``api_endpoint`` property takes precedence if provided. + (2) The ``client_cert_source`` property is used to provide client + SSL credentials for mutual TLS transport. If not provided, the + default SSL credentials will be used if present. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + """ + if isinstance(client_options, dict): + client_options = ClientOptions.from_dict(client_options) + if client_options is None: + client_options = ClientOptions.ClientOptions() + + if client_options.api_endpoint is None: + use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS", "never") + if use_mtls_env == "never": + client_options.api_endpoint = self.DEFAULT_ENDPOINT + elif use_mtls_env == "always": + client_options.api_endpoint = self.DEFAULT_MTLS_ENDPOINT + elif use_mtls_env == "auto": + has_client_cert_source = ( + client_options.client_cert_source is not None + or mtls.has_default_client_cert_source() + ) + client_options.api_endpoint = ( + self.DEFAULT_MTLS_ENDPOINT + if has_client_cert_source + else self.DEFAULT_ENDPOINT + ) + else: + raise MutualTLSChannelError( + "Unsupported GOOGLE_API_USE_MTLS value. Accepted values: never, auto, always" + ) + + # Save or instantiate the transport. + # Ordinarily, we provide the transport, but allowing a custom transport + # instance provides an extensibility point for unusual situations. + if isinstance(transport, KeyManagementServiceTransport): + # transport is a KeyManagementServiceTransport instance. + if credentials or client_options.credentials_file: + raise ValueError( + "When providing a transport instance, " + "provide its credentials directly." + ) + if client_options.scopes: + raise ValueError( + "When providing a transport instance, " + "provide its scopes directly." + ) + self._transport = transport + else: + Transport = type(self).get_transport_class(transport) + self._transport = Transport( + credentials=credentials, + credentials_file=client_options.credentials_file, + host=client_options.api_endpoint, + scopes=client_options.scopes, + api_mtls_endpoint=client_options.api_endpoint, + client_cert_source=client_options.client_cert_source, + quota_project_id=client_options.quota_project_id, + ) + + def list_key_rings( + self, + request: service.ListKeyRingsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListKeyRingsPager: + r"""Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + + + Args: + request (:class:`~.service.ListKeyRingsRequest`): + The request object. Request message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + parent (:class:`str`): + Required. The resource name of the location associated + with the [KeyRings][google.cloud.kms.v1.KeyRing], in the + format ``projects/*/locations/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListKeyRingsPager: + Response message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListKeyRingsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_key_rings] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListKeyRingsPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + def list_crypto_keys( + self, + request: service.ListCryptoKeysRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListCryptoKeysPager: + r"""Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.ListCryptoKeysRequest`): + The request object. Request message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + parent (:class:`str`): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListCryptoKeysPager: + Response message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListCryptoKeysRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_crypto_keys] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListCryptoKeysPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + def list_crypto_key_versions( + self, + request: service.ListCryptoKeyVersionsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListCryptoKeyVersionsPager: + r"""Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.ListCryptoKeyVersionsRequest`): + The request object. Request message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + parent (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in + the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListCryptoKeyVersionsPager: + Response message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListCryptoKeyVersionsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_crypto_key_versions] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListCryptoKeyVersionsPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + def list_import_jobs( + self, + request: service.ListImportJobsRequest = None, + *, + parent: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> pagers.ListImportJobsPager: + r"""Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + + + Args: + request (:class:`~.service.ListImportJobsRequest`): + The request object. Request message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + parent (:class:`str`): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.pagers.ListImportJobsPager: + Response message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + + Iterating over this object will yield results and + resolve additional pages automatically. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.ListImportJobsRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.list_import_jobs] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # This method is paged; wrap the response in a pager, which provides + # an `__iter__` convenience method. + response = pagers.ListImportJobsPager( + method=rpc, request=request, response=response, metadata=metadata, + ) + + # Done; return the response. + return response + + def get_key_ring( + self, + request: service.GetKeyRingRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.KeyRing: + r"""Returns metadata for a given + [KeyRing][google.cloud.kms.v1.KeyRing]. + + + Args: + request (:class:`~.service.GetKeyRingRequest`): + The request object. Request message for + [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the [KeyRing][google.cloud.kms.v1.KeyRing] to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.KeyRing: + A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel + logical grouping of + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetKeyRingRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_key_ring] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_crypto_key( + self, + request: service.GetCryptoKeyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Returns metadata for a given + [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its + [primary][google.cloud.kms.v1.CryptoKey.primary] + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.GetCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] + of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to + get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_crypto_key] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_crypto_key_version( + self, + request: service.GetCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Returns metadata for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + + Args: + request (:class:`~.service.GetCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. + name (:class:`str`): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_crypto_key_version] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_public_key( + self, + request: service.GetPublicKeyRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.PublicKey: + r"""Returns the public key for the given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + or + [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + + + Args: + request (:class:`~.service.GetPublicKeyRequest`): + The request object. Request message for + [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + name (:class:`str`): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + public key to get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.PublicKey: + The public key for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + Obtained via + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetPublicKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_public_key] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_import_job( + self, + request: service.GetImportJobRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.ImportJob: + r"""Returns metadata for a given + [ImportJob][google.cloud.kms.v1.ImportJob]. + + + Args: + request (:class:`~.service.GetImportJobRequest`): + The request object. Request message for + [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. + name (:class:`str`): + Required. The [name][google.cloud.kms.v1.ImportJob.name] + of the [ImportJob][google.cloud.kms.v1.ImportJob] to + get. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.ImportJob: + An [ImportJob][google.cloud.kms.v1.ImportJob] can be + used to create + [CryptoKeys][google.cloud.kms.v1.CryptoKey] and + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + using pre-existing key material, generated outside of + Cloud KMS. + + When an [ImportJob][google.cloud.kms.v1.ImportJob] is + created, Cloud KMS will generate a "wrapping key", which + is a public/private key pair. You use the wrapping key + to encrypt (also known as wrap) the pre-existing key + material to protect it during the import process. The + nature of the wrapping key depends on the choice of + [import_method][google.cloud.kms.v1.ImportJob.import_method]. + When the wrapping key generation is complete, the + [state][google.cloud.kms.v1.ImportJob.state] will be set + to + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] + and the + [public_key][google.cloud.kms.v1.ImportJob.public_key] + can be fetched. The fetched public key can then be used + to wrap your pre-existing key material. + + Once the key material is wrapped, it can be imported + into a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + in an existing + [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + Multiple + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can be imported with a single + [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS + uses the private key portion of the wrapping key to + unwrap the key material. Only Cloud KMS has access to + the private key. + + An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 + days after it is created. Once expired, Cloud KMS will + no longer be able to import or unwrap any key material + that was wrapped with the + [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. + + For more information, see `Importing a + key `__. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.GetImportJobRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.get_import_job] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def create_key_ring( + self, + request: service.CreateKeyRingRequest = None, + *, + parent: str = None, + key_ring_id: str = None, + key_ring: resources.KeyRing = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.KeyRing: + r"""Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given + Project and Location. + + + Args: + request (:class:`~.service.CreateKeyRingRequest`): + The request object. Request message for + [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. + parent (:class:`str`): + Required. The resource name of the location associated + with the [KeyRings][google.cloud.kms.v1.KeyRing], in the + format ``projects/*/locations/*``. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + key_ring_id (:class:`str`): + Required. It must be unique within a location and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``key_ring_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + key_ring (:class:`~.resources.KeyRing`): + Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with + initial field values. + This corresponds to the ``key_ring`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.KeyRing: + A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel + logical grouping of + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, key_ring_id, key_ring]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateKeyRingRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if key_ring_id is not None: + request.key_ring_id = key_ring_id + if key_ring is not None: + request.key_ring = key_ring + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_key_ring] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def create_crypto_key( + self, + request: service.CreateCryptoKeyRequest = None, + *, + parent: str = None, + crypto_key_id: str = None, + crypto_key: resources.CryptoKey = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + are required. + + + Args: + request (:class:`~.service.CreateCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the KeyRing associated with the + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_id (:class:`str`): + Required. It must be unique within a KeyRing and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``crypto_key_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key (:class:`~.resources.CryptoKey`): + Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] + with initial field values. + This corresponds to the ``crypto_key`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, crypto_key_id, crypto_key]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if crypto_key_id is not None: + request.crypto_key_id = crypto_key_id + if crypto_key is not None: + request.crypto_key = crypto_key + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_crypto_key] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def create_crypto_key_version( + self, + request: service.CreateCryptoKeyVersionRequest = None, + *, + parent: str = None, + crypto_key_version: resources.CryptoKeyVersion = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Create a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + The server will assign the next sequential id. If unset, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + + + Args: + request (:class:`~.service.CreateCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] + of the [CryptoKey][google.cloud.kms.v1.CryptoKey] + associated with the + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_version (:class:`~.resources.CryptoKeyVersion`): + Required. A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with initial field values. + This corresponds to the ``crypto_key_version`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, crypto_key_version]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.create_crypto_key_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def import_crypto_key_version( + self, + request: service.ImportCryptoKeyVersionRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Imports a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an + existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the + wrapped key material provided in the request. + + The version ID will be assigned the next sequential id within + the [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.ImportCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + + request = service.ImportCryptoKeyVersionRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.import_crypto_key_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def create_import_job( + self, + request: service.CreateImportJobRequest = None, + *, + parent: str = None, + import_job_id: str = None, + import_job: resources.ImportJob = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.ImportJob: + r"""Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] + is required. + + + Args: + request (:class:`~.service.CreateImportJobRequest`): + The request object. Request message for + [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. + parent (:class:`str`): + Required. The [name][google.cloud.kms.v1.KeyRing.name] + of the [KeyRing][google.cloud.kms.v1.KeyRing] associated + with the [ImportJobs][google.cloud.kms.v1.ImportJob]. + This corresponds to the ``parent`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + import_job_id (:class:`str`): + Required. It must be unique within a KeyRing and match + the regular expression ``[a-zA-Z0-9_-]{1,63}`` + This corresponds to the ``import_job_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + import_job (:class:`~.resources.ImportJob`): + Required. An [ImportJob][google.cloud.kms.v1.ImportJob] + with initial field values. + This corresponds to the ``import_job`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.ImportJob: + An [ImportJob][google.cloud.kms.v1.ImportJob] can be + used to create + [CryptoKeys][google.cloud.kms.v1.CryptoKey] and + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + using pre-existing key material, generated outside of + Cloud KMS. + + When an [ImportJob][google.cloud.kms.v1.ImportJob] is + created, Cloud KMS will generate a "wrapping key", which + is a public/private key pair. You use the wrapping key + to encrypt (also known as wrap) the pre-existing key + material to protect it during the import process. The + nature of the wrapping key depends on the choice of + [import_method][google.cloud.kms.v1.ImportJob.import_method]. + When the wrapping key generation is complete, the + [state][google.cloud.kms.v1.ImportJob.state] will be set + to + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] + and the + [public_key][google.cloud.kms.v1.ImportJob.public_key] + can be fetched. The fetched public key can then be used + to wrap your pre-existing key material. + + Once the key material is wrapped, it can be imported + into a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + in an existing + [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + Multiple + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can be imported with a single + [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS + uses the private key portion of the wrapping key to + unwrap the key material. Only Cloud KMS has access to + the private key. + + An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 + days after it is created. Once expired, Cloud KMS will + no longer be able to import or unwrap any key material + that was wrapped with the + [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. + + For more information, see `Importing a + key `__. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([parent, import_job_id, import_job]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.CreateImportJobRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if parent is not None: + request.parent = parent + if import_job_id is not None: + request.import_job_id = import_job_id + if import_job is not None: + request.import_job = import_job + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.create_import_job] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", request.parent),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def update_crypto_key( + self, + request: service.UpdateCryptoKeyRequest = None, + *, + crypto_key: resources.CryptoKey = None, + update_mask: field_mask.FieldMask = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + + Args: + request (:class:`~.service.UpdateCryptoKeyRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. + crypto_key (:class:`~.resources.CryptoKey`): + Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] + with updated values. + This corresponds to the ``crypto_key`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (:class:`~.field_mask.FieldMask`): + Required. List of fields to be + updated in this request. + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([crypto_key, update_mask]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if crypto_key is not None: + request.crypto_key = crypto_key + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.update_crypto_key] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("crypto_key.name", request.crypto_key.name),) + ), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def update_crypto_key_version( + self, + request: service.UpdateCryptoKeyVersionRequest = None, + *, + crypto_key_version: resources.CryptoKeyVersion = None, + update_mask: field_mask.FieldMask = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Update a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + metadata. + + [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be + changed between + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + and + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + using this method. See + [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + and + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + to move between other states. + + + Args: + request (:class:`~.service.UpdateCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. + crypto_key_version (:class:`~.resources.CryptoKeyVersion`): + Required. + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with updated values. + This corresponds to the ``crypto_key_version`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + update_mask (:class:`~.field_mask.FieldMask`): + Required. List of fields to be + updated in this request. + This corresponds to the ``update_mask`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([crypto_key_version, update_mask]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version + if update_mask is not None: + request.update_mask = update_mask + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.update_crypto_key_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata( + (("crypto_key_version.name", request.crypto_key_version.name),) + ), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def encrypt( + self, + request: service.EncryptRequest = None, + *, + name: str = None, + plaintext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.EncryptResponse: + r"""Encrypts data, so that it can only be recovered by a call to + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + + Args: + request (:class:`~.service.EncryptRequest`): + The request object. Request message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] or + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for encryption. + + If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is + specified, the server will use its [primary + version][google.cloud.kms.v1.CryptoKey.primary]. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + plaintext (:class:`bytes`): + Required. The data to encrypt. Must be no larger than + 64KiB. + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For + [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the plaintext must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger + than 8KiB. + This corresponds to the ``plaintext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.EncryptResponse: + Response message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, plaintext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.EncryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if plaintext is not None: + request.plaintext = plaintext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.encrypt] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def decrypt( + self, + request: service.DecryptRequest = None, + *, + name: str = None, + ciphertext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.DecryptResponse: + r"""Decrypts data that was protected by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + + Args: + request (:class:`~.service.DecryptRequest`): + The request object. Request message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for + decryption. The server will choose the appropriate + version. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + ciphertext (:class:`bytes`): + Required. The encrypted data originally returned in + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + This corresponds to the ``ciphertext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.DecryptResponse: + Response message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, ciphertext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.DecryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.decrypt] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def asymmetric_sign( + self, + request: service.AsymmetricSignRequest = None, + *, + name: str = None, + digest: service.Digest = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.AsymmetricSignResponse: + r"""Signs data using a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_SIGN, producing a signature that can be verified with + the public key retrieved from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + + Args: + request (:class:`~.service.AsymmetricSignRequest`): + The request object. Request message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for signing. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + digest (:class:`~.service.Digest`): + Required. The digest of the data to sign. The digest + must be produced with the same digest algorithm as + specified by the key version's + [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + This corresponds to the ``digest`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.AsymmetricSignResponse: + Response message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, digest]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.AsymmetricSignRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if digest is not None: + request.digest = digest + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.asymmetric_sign] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def asymmetric_decrypt( + self, + request: service.AsymmetricDecryptRequest = None, + *, + name: str = None, + ciphertext: bytes = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.AsymmetricDecryptResponse: + r"""Decrypts data that was encrypted with a public key retrieved + from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + corresponding to a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_DECRYPT. + + + Args: + request (:class:`~.service.AsymmetricDecryptRequest`): + The request object. Request message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use for decryption. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + ciphertext (:class:`bytes`): + Required. The data encrypted with the named + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + public key using OAEP. + This corresponds to the ``ciphertext`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.AsymmetricDecryptResponse: + Response message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, ciphertext]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.AsymmetricDecryptRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.asymmetric_decrypt] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def update_crypto_key_primary_version( + self, + request: service.UpdateCryptoKeyPrimaryVersionRequest = None, + *, + name: str = None, + crypto_key_version_id: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKey: + r"""Update the version of a + [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Returns an error if called on an asymmetric key. + + + Args: + request (:class:`~.service.UpdateCryptoKeyPrimaryVersionRequest`): + The request object. Request message for + [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + crypto_key_version_id (:class:`str`): + Required. The id of the child + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to use as primary. + This corresponds to the ``crypto_key_version_id`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKey: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents + a logical key that can be used for cryptographic + operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up + of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic + operations. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name, crypto_key_version_id]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.UpdateCryptoKeyPrimaryVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + if crypto_key_version_id is not None: + request.crypto_key_version_id = crypto_key_version_id + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.update_crypto_key_primary_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def destroy_crypto_key_version( + self, + request: service.DestroyCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Schedule a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + destruction. + + Upon calling this method, + [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be set to + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be set to a time 24 hours in the future, at which point the + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be + changed to + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + and the key material will be irrevocably destroyed. + + Before the + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + is reached, + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + may be called to reverse the process. + + + Args: + request (:class:`~.service.DestroyCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to destroy. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.DestroyCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.destroy_crypto_key_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def restore_crypto_key_version( + self, + request: service.RestoreCryptoKeyVersionRequest = None, + *, + name: str = None, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> resources.CryptoKeyVersion: + r"""Restore a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + state. + + Upon restoration of the CryptoKeyVersion, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be cleared. + + + Args: + request (:class:`~.service.RestoreCryptoKeyVersionRequest`): + The request object. Request message for + [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. + name (:class:`str`): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + to restore. + This corresponds to the ``name`` field + on the ``request`` instance; if ``request`` is provided, this + should not be set. + + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.resources.CryptoKeyVersion: + A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the + associated key material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material + represented by a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + can never be viewed or exported. It can only be used to + encrypt, decrypt, or sign data when an authorized user + or application invokes Cloud KMS. + + """ + # Create or coerce a protobuf request object. + # Sanity check: If we got a request object, we should *not* have + # gotten any keyword arguments that map to the request. + if request is not None and any([name]): + raise ValueError( + "If the `request` argument is set, then none of " + "the individual field arguments should be set." + ) + + request = service.RestoreCryptoKeyVersionRequest(request) + + # If we have keyword arguments corresponding to fields on the + # request, apply these. + + if name is not None: + request.name = name + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[ + self._transport.restore_crypto_key_version + ] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def set_iam_policy( + self, + request: iam_policy.SetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Sets the IAM access control policy on the specified + function. Replaces any existing policy. + + Args: + request (:class:`~.iam_policy.SetIamPolicyRequest`): + The request object. Request message for `SetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.policy.Policy: + Defines an Identity and Access Management (IAM) policy. + It is used to specify access control policies for Cloud + Platform resources. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. + + **JSON Example**:: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } + } + ] + } + + **YAML Example**:: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the `IAM + developer's + guide `__. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.SetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.set_iam_policy, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def get_iam_policy( + self, + request: iam_policy.GetIamPolicyRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> policy.Policy: + r"""Gets the IAM access control policy for a function. + Returns an empty policy if the function exists and does + not have a policy set. + + Args: + request (:class:`~.iam_policy.GetIamPolicyRequest`): + The request object. Request message for `GetIamPolicy` + method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.policy.Policy: + Defines an Identity and Access Management (IAM) policy. + It is used to specify access control policies for Cloud + Platform resources. + A ``Policy`` is a collection of ``bindings``. A + ``binding`` binds one or more ``members`` to a single + ``role``. Members can be user accounts, service + accounts, Google groups, and domains (such as G Suite). + A ``role`` is a named list of permissions (defined by + IAM or configured by users). A ``binding`` can + optionally specify a ``condition``, which is a logic + expression that further constrains the role binding + based on attributes about the request and/or target + resource. + + **JSON Example**:: + + { + "bindings": [ + { + "role": "roles/resourcemanager.organizationAdmin", + "members": [ + "user:mike@example.com", + "group:admins@example.com", + "domain:google.com", + "serviceAccount:my-project-id@appspot.gserviceaccount.com" + ] + }, + { + "role": "roles/resourcemanager.organizationViewer", + "members": ["user:eve@example.com"], + "condition": { + "title": "expirable access", + "description": "Does not grant access after Sep 2020", + "expression": "request.time < + timestamp('2020-10-01T00:00:00.000Z')", + } + } + ] + } + + **YAML Example**:: + + bindings: + - members: + - user:mike@example.com + - group:admins@example.com + - domain:google.com + - serviceAccount:my-project-id@appspot.gserviceaccount.com + role: roles/resourcemanager.organizationAdmin + - members: + - user:eve@example.com + role: roles/resourcemanager.organizationViewer + condition: + title: expirable access + description: Does not grant access after Sep 2020 + expression: request.time < timestamp('2020-10-01T00:00:00.000Z') + + For a description of IAM and its features, see the `IAM + developer's + guide `__. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.GetIamPolicyRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.get_iam_policy, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + def test_iam_permissions( + self, + request: iam_policy.TestIamPermissionsRequest = None, + *, + retry: retries.Retry = gapic_v1.method.DEFAULT, + timeout: float = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> iam_policy.TestIamPermissionsResponse: + r"""Tests the specified permissions against the IAM access control + policy for a function. If the function does not exist, this will + return an empty set of permissions, not a NOT_FOUND error. + + Args: + request (:class:`~.iam_policy.TestIamPermissionsRequest`): + The request object. Request message for + `TestIamPermissions` method. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + Returns: + ~.iam_policy.TestIamPermissionsResponse: + Response message for ``TestIamPermissions`` method. + """ + # Create or coerce a protobuf request object. + + # The request isn't a proto-plus wrapped type, + # so it must be constructed via keyword expansion. + if isinstance(request, dict): + request = iam_policy.TestIamPermissionsRequest(**request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method.wrap_method( + self._transport.test_iam_permissions, + default_timeout=None, + client_info=_client_info, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), + ) + + # Send the request. + response = rpc(request, retry=retry, timeout=timeout, metadata=metadata,) + + # Done; return the response. + return response + + +try: + _client_info = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, + ) +except pkg_resources.DistributionNotFound: + _client_info = gapic_v1.client_info.ClientInfo() + + +__all__ = ("KeyManagementServiceClient",) diff --git a/google/cloud/kms_v1/services/key_management_service/pagers.py b/google/cloud/kms_v1/services/key_management_service/pagers.py new file mode 100644 index 00000000..c888e2e9 --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/pagers.py @@ -0,0 +1,533 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from typing import Any, AsyncIterable, Awaitable, Callable, Iterable, Sequence, Tuple + +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service + + +class ListKeyRingsPager: + """A pager for iterating through ``list_key_rings`` requests. + + This class thinly wraps an initial + :class:`~.service.ListKeyRingsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``key_rings`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListKeyRings`` requests and continue to iterate + through the ``key_rings`` field on the + corresponding responses. + + All the usual :class:`~.service.ListKeyRingsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., service.ListKeyRingsResponse], + request: service.ListKeyRingsRequest, + response: service.ListKeyRingsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListKeyRingsRequest`): + The initial request object. + response (:class:`~.service.ListKeyRingsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListKeyRingsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterable[service.ListKeyRingsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterable[resources.KeyRing]: + for page in self.pages: + yield from page.key_rings + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListKeyRingsAsyncPager: + """A pager for iterating through ``list_key_rings`` requests. + + This class thinly wraps an initial + :class:`~.service.ListKeyRingsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``key_rings`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListKeyRings`` requests and continue to iterate + through the ``key_rings`` field on the + corresponding responses. + + All the usual :class:`~.service.ListKeyRingsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[service.ListKeyRingsResponse]], + request: service.ListKeyRingsRequest, + response: service.ListKeyRingsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListKeyRingsRequest`): + The initial request object. + response (:class:`~.service.ListKeyRingsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListKeyRingsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterable[service.ListKeyRingsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterable[resources.KeyRing]: + async def async_generator(): + async for page in self.pages: + for response in page.key_rings: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListCryptoKeysPager: + """A pager for iterating through ``list_crypto_keys`` requests. + + This class thinly wraps an initial + :class:`~.service.ListCryptoKeysResponse` object, and + provides an ``__iter__`` method to iterate through its + ``crypto_keys`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListCryptoKeys`` requests and continue to iterate + through the ``crypto_keys`` field on the + corresponding responses. + + All the usual :class:`~.service.ListCryptoKeysResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., service.ListCryptoKeysResponse], + request: service.ListCryptoKeysRequest, + response: service.ListCryptoKeysResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListCryptoKeysRequest`): + The initial request object. + response (:class:`~.service.ListCryptoKeysResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListCryptoKeysRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterable[service.ListCryptoKeysResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterable[resources.CryptoKey]: + for page in self.pages: + yield from page.crypto_keys + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListCryptoKeysAsyncPager: + """A pager for iterating through ``list_crypto_keys`` requests. + + This class thinly wraps an initial + :class:`~.service.ListCryptoKeysResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``crypto_keys`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListCryptoKeys`` requests and continue to iterate + through the ``crypto_keys`` field on the + corresponding responses. + + All the usual :class:`~.service.ListCryptoKeysResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[service.ListCryptoKeysResponse]], + request: service.ListCryptoKeysRequest, + response: service.ListCryptoKeysResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListCryptoKeysRequest`): + The initial request object. + response (:class:`~.service.ListCryptoKeysResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListCryptoKeysRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterable[service.ListCryptoKeysResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterable[resources.CryptoKey]: + async def async_generator(): + async for page in self.pages: + for response in page.crypto_keys: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListCryptoKeyVersionsPager: + """A pager for iterating through ``list_crypto_key_versions`` requests. + + This class thinly wraps an initial + :class:`~.service.ListCryptoKeyVersionsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``crypto_key_versions`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListCryptoKeyVersions`` requests and continue to iterate + through the ``crypto_key_versions`` field on the + corresponding responses. + + All the usual :class:`~.service.ListCryptoKeyVersionsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., service.ListCryptoKeyVersionsResponse], + request: service.ListCryptoKeyVersionsRequest, + response: service.ListCryptoKeyVersionsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListCryptoKeyVersionsRequest`): + The initial request object. + response (:class:`~.service.ListCryptoKeyVersionsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListCryptoKeyVersionsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterable[service.ListCryptoKeyVersionsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterable[resources.CryptoKeyVersion]: + for page in self.pages: + yield from page.crypto_key_versions + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListCryptoKeyVersionsAsyncPager: + """A pager for iterating through ``list_crypto_key_versions`` requests. + + This class thinly wraps an initial + :class:`~.service.ListCryptoKeyVersionsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``crypto_key_versions`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListCryptoKeyVersions`` requests and continue to iterate + through the ``crypto_key_versions`` field on the + corresponding responses. + + All the usual :class:`~.service.ListCryptoKeyVersionsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[service.ListCryptoKeyVersionsResponse]], + request: service.ListCryptoKeyVersionsRequest, + response: service.ListCryptoKeyVersionsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListCryptoKeyVersionsRequest`): + The initial request object. + response (:class:`~.service.ListCryptoKeyVersionsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListCryptoKeyVersionsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterable[service.ListCryptoKeyVersionsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterable[resources.CryptoKeyVersion]: + async def async_generator(): + async for page in self.pages: + for response in page.crypto_key_versions: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListImportJobsPager: + """A pager for iterating through ``list_import_jobs`` requests. + + This class thinly wraps an initial + :class:`~.service.ListImportJobsResponse` object, and + provides an ``__iter__`` method to iterate through its + ``import_jobs`` field. + + If there are more pages, the ``__iter__`` method will make additional + ``ListImportJobs`` requests and continue to iterate + through the ``import_jobs`` field on the + corresponding responses. + + All the usual :class:`~.service.ListImportJobsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., service.ListImportJobsResponse], + request: service.ListImportJobsRequest, + response: service.ListImportJobsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListImportJobsRequest`): + The initial request object. + response (:class:`~.service.ListImportJobsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListImportJobsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + def pages(self) -> Iterable[service.ListImportJobsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = self._method(self._request, metadata=self._metadata) + yield self._response + + def __iter__(self) -> Iterable[resources.ImportJob]: + for page in self.pages: + yield from page.import_jobs + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) + + +class ListImportJobsAsyncPager: + """A pager for iterating through ``list_import_jobs`` requests. + + This class thinly wraps an initial + :class:`~.service.ListImportJobsResponse` object, and + provides an ``__aiter__`` method to iterate through its + ``import_jobs`` field. + + If there are more pages, the ``__aiter__`` method will make additional + ``ListImportJobs`` requests and continue to iterate + through the ``import_jobs`` field on the + corresponding responses. + + All the usual :class:`~.service.ListImportJobsResponse` + attributes are available on the pager. If multiple requests are made, only + the most recent response is retained, and thus used for attribute lookup. + """ + + def __init__( + self, + method: Callable[..., Awaitable[service.ListImportJobsResponse]], + request: service.ListImportJobsRequest, + response: service.ListImportJobsResponse, + *, + metadata: Sequence[Tuple[str, str]] = () + ): + """Instantiate the pager. + + Args: + method (Callable): The method that was originally called, and + which instantiated this pager. + request (:class:`~.service.ListImportJobsRequest`): + The initial request object. + response (:class:`~.service.ListImportJobsResponse`): + The initial response object. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + """ + self._method = method + self._request = service.ListImportJobsRequest(request) + self._response = response + self._metadata = metadata + + def __getattr__(self, name: str) -> Any: + return getattr(self._response, name) + + @property + async def pages(self) -> AsyncIterable[service.ListImportJobsResponse]: + yield self._response + while self._response.next_page_token: + self._request.page_token = self._response.next_page_token + self._response = await self._method(self._request, metadata=self._metadata) + yield self._response + + def __aiter__(self) -> AsyncIterable[resources.ImportJob]: + async def async_generator(): + async for page in self.pages: + for response in page.import_jobs: + yield response + + return async_generator() + + def __repr__(self) -> str: + return "{0}<{1!r}>".format(self.__class__.__name__, self._response) diff --git a/google/cloud/kms_v1/services/key_management_service/transports/__init__.py b/google/cloud/kms_v1/services/key_management_service/transports/__init__.py new file mode 100644 index 00000000..7b89668a --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/transports/__init__.py @@ -0,0 +1,38 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from collections import OrderedDict +from typing import Dict, Type + +from .base import KeyManagementServiceTransport +from .grpc import KeyManagementServiceGrpcTransport +from .grpc_asyncio import KeyManagementServiceGrpcAsyncIOTransport + + +# Compile a registry of transports. +_transport_registry = ( + OrderedDict() +) # type: Dict[str, Type[KeyManagementServiceTransport]] +_transport_registry["grpc"] = KeyManagementServiceGrpcTransport +_transport_registry["grpc_asyncio"] = KeyManagementServiceGrpcAsyncIOTransport + + +__all__ = ( + "KeyManagementServiceTransport", + "KeyManagementServiceGrpcTransport", + "KeyManagementServiceGrpcAsyncIOTransport", +) diff --git a/google/cloud/kms_v1/services/key_management_service/transports/base.py b/google/cloud/kms_v1/services/key_management_service/transports/base.py new file mode 100644 index 00000000..23572f84 --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/transports/base.py @@ -0,0 +1,705 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import abc +import typing +import pkg_resources + +from google import auth +from google.api_core import exceptions # type: ignore +from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore +from google.auth import credentials # type: ignore + +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore + + +try: + _client_info = gapic_v1.client_info.ClientInfo( + gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, + ) +except pkg_resources.DistributionNotFound: + _client_info = gapic_v1.client_info.ClientInfo() + + +class KeyManagementServiceTransport(abc.ABC): + """Abstract transport class for KeyManagementService.""" + + AUTH_SCOPES = ( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ) + + def __init__( + self, + *, + host: str = "cloudkms.googleapis.com", + credentials: credentials.Credentials = None, + credentials_file: typing.Optional[str] = None, + scopes: typing.Optional[typing.Sequence[str]] = AUTH_SCOPES, + quota_project_id: typing.Optional[str] = None, + **kwargs, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scope (Optional[Sequence[str]]): A list of scopes. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + """ + # Save the hostname. Default to port 443 (HTTPS) if none is specified. + if ":" not in host: + host += ":443" + self._host = host + + # If no credentials are provided, then determine the appropriate + # defaults. + if credentials and credentials_file: + raise exceptions.DuplicateCredentialArgs( + "'credentials_file' and 'credentials' are mutually exclusive" + ) + + if credentials_file is not None: + credentials, _ = auth.load_credentials_from_file( + credentials_file, scopes=scopes, quota_project_id=quota_project_id + ) + + elif credentials is None: + credentials, _ = auth.default( + scopes=scopes, quota_project_id=quota_project_id + ) + + # Save the credentials. + self._credentials = credentials + + # Lifted into its own function so it can be stubbed out during tests. + self._prep_wrapped_messages() + + def _prep_wrapped_messages(self): + # Precompute the wrapped methods. + self._wrapped_methods = { + self.list_key_rings: gapic_v1.method.wrap_method( + self.list_key_rings, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.list_crypto_keys: gapic_v1.method.wrap_method( + self.list_crypto_keys, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.list_crypto_key_versions: gapic_v1.method.wrap_method( + self.list_crypto_key_versions, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.list_import_jobs: gapic_v1.method.wrap_method( + self.list_import_jobs, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.get_key_ring: gapic_v1.method.wrap_method( + self.get_key_ring, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.get_crypto_key: gapic_v1.method.wrap_method( + self.get_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.get_crypto_key_version: gapic_v1.method.wrap_method( + self.get_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.get_public_key: gapic_v1.method.wrap_method( + self.get_public_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.get_import_job: gapic_v1.method.wrap_method( + self.get_import_job, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.create_key_ring: gapic_v1.method.wrap_method( + self.create_key_ring, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.create_crypto_key: gapic_v1.method.wrap_method( + self.create_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.create_crypto_key_version: gapic_v1.method.wrap_method( + self.create_crypto_key_version, + default_timeout=60.0, + client_info=_client_info, + ), + self.import_crypto_key_version: gapic_v1.method.wrap_method( + self.import_crypto_key_version, + default_timeout=60.0, + client_info=_client_info, + ), + self.create_import_job: gapic_v1.method.wrap_method( + self.create_import_job, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.update_crypto_key: gapic_v1.method.wrap_method( + self.update_crypto_key, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.update_crypto_key_version: gapic_v1.method.wrap_method( + self.update_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.encrypt: gapic_v1.method.wrap_method( + self.encrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.decrypt: gapic_v1.method.wrap_method( + self.decrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.asymmetric_sign: gapic_v1.method.wrap_method( + self.asymmetric_sign, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.asymmetric_decrypt: gapic_v1.method.wrap_method( + self.asymmetric_decrypt, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.update_crypto_key_primary_version: gapic_v1.method.wrap_method( + self.update_crypto_key_primary_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.destroy_crypto_key_version: gapic_v1.method.wrap_method( + self.destroy_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + self.restore_crypto_key_version: gapic_v1.method.wrap_method( + self.restore_crypto_key_version, + default_retry=retries.Retry( + initial=0.1, + maximum=60.0, + multiplier=1.3, + predicate=retries.if_exception_type( + exceptions.InternalServerError, + exceptions.ServiceUnavailable, + exceptions.DeadlineExceeded, + ), + ), + default_timeout=60.0, + client_info=_client_info, + ), + } + + @property + def list_key_rings( + self, + ) -> typing.Callable[ + [service.ListKeyRingsRequest], + typing.Union[ + service.ListKeyRingsResponse, typing.Awaitable[service.ListKeyRingsResponse] + ], + ]: + raise NotImplementedError() + + @property + def list_crypto_keys( + self, + ) -> typing.Callable[ + [service.ListCryptoKeysRequest], + typing.Union[ + service.ListCryptoKeysResponse, + typing.Awaitable[service.ListCryptoKeysResponse], + ], + ]: + raise NotImplementedError() + + @property + def list_crypto_key_versions( + self, + ) -> typing.Callable[ + [service.ListCryptoKeyVersionsRequest], + typing.Union[ + service.ListCryptoKeyVersionsResponse, + typing.Awaitable[service.ListCryptoKeyVersionsResponse], + ], + ]: + raise NotImplementedError() + + @property + def list_import_jobs( + self, + ) -> typing.Callable[ + [service.ListImportJobsRequest], + typing.Union[ + service.ListImportJobsResponse, + typing.Awaitable[service.ListImportJobsResponse], + ], + ]: + raise NotImplementedError() + + @property + def get_key_ring( + self, + ) -> typing.Callable[ + [service.GetKeyRingRequest], + typing.Union[resources.KeyRing, typing.Awaitable[resources.KeyRing]], + ]: + raise NotImplementedError() + + @property + def get_crypto_key( + self, + ) -> typing.Callable[ + [service.GetCryptoKeyRequest], + typing.Union[resources.CryptoKey, typing.Awaitable[resources.CryptoKey]], + ]: + raise NotImplementedError() + + @property + def get_crypto_key_version( + self, + ) -> typing.Callable[ + [service.GetCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def get_public_key( + self, + ) -> typing.Callable[ + [service.GetPublicKeyRequest], + typing.Union[resources.PublicKey, typing.Awaitable[resources.PublicKey]], + ]: + raise NotImplementedError() + + @property + def get_import_job( + self, + ) -> typing.Callable[ + [service.GetImportJobRequest], + typing.Union[resources.ImportJob, typing.Awaitable[resources.ImportJob]], + ]: + raise NotImplementedError() + + @property + def create_key_ring( + self, + ) -> typing.Callable[ + [service.CreateKeyRingRequest], + typing.Union[resources.KeyRing, typing.Awaitable[resources.KeyRing]], + ]: + raise NotImplementedError() + + @property + def create_crypto_key( + self, + ) -> typing.Callable[ + [service.CreateCryptoKeyRequest], + typing.Union[resources.CryptoKey, typing.Awaitable[resources.CryptoKey]], + ]: + raise NotImplementedError() + + @property + def create_crypto_key_version( + self, + ) -> typing.Callable[ + [service.CreateCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def import_crypto_key_version( + self, + ) -> typing.Callable[ + [service.ImportCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def create_import_job( + self, + ) -> typing.Callable[ + [service.CreateImportJobRequest], + typing.Union[resources.ImportJob, typing.Awaitable[resources.ImportJob]], + ]: + raise NotImplementedError() + + @property + def update_crypto_key( + self, + ) -> typing.Callable[ + [service.UpdateCryptoKeyRequest], + typing.Union[resources.CryptoKey, typing.Awaitable[resources.CryptoKey]], + ]: + raise NotImplementedError() + + @property + def update_crypto_key_version( + self, + ) -> typing.Callable[ + [service.UpdateCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def encrypt( + self, + ) -> typing.Callable[ + [service.EncryptRequest], + typing.Union[ + service.EncryptResponse, typing.Awaitable[service.EncryptResponse] + ], + ]: + raise NotImplementedError() + + @property + def decrypt( + self, + ) -> typing.Callable[ + [service.DecryptRequest], + typing.Union[ + service.DecryptResponse, typing.Awaitable[service.DecryptResponse] + ], + ]: + raise NotImplementedError() + + @property + def asymmetric_sign( + self, + ) -> typing.Callable[ + [service.AsymmetricSignRequest], + typing.Union[ + service.AsymmetricSignResponse, + typing.Awaitable[service.AsymmetricSignResponse], + ], + ]: + raise NotImplementedError() + + @property + def asymmetric_decrypt( + self, + ) -> typing.Callable[ + [service.AsymmetricDecryptRequest], + typing.Union[ + service.AsymmetricDecryptResponse, + typing.Awaitable[service.AsymmetricDecryptResponse], + ], + ]: + raise NotImplementedError() + + @property + def update_crypto_key_primary_version( + self, + ) -> typing.Callable[ + [service.UpdateCryptoKeyPrimaryVersionRequest], + typing.Union[resources.CryptoKey, typing.Awaitable[resources.CryptoKey]], + ]: + raise NotImplementedError() + + @property + def destroy_crypto_key_version( + self, + ) -> typing.Callable[ + [service.DestroyCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def restore_crypto_key_version( + self, + ) -> typing.Callable[ + [service.RestoreCryptoKeyVersionRequest], + typing.Union[ + resources.CryptoKeyVersion, typing.Awaitable[resources.CryptoKeyVersion] + ], + ]: + raise NotImplementedError() + + @property + def set_iam_policy( + self, + ) -> typing.Callable[ + [iam_policy.SetIamPolicyRequest], + typing.Union[policy.Policy, typing.Awaitable[policy.Policy]], + ]: + raise NotImplementedError() + + @property + def get_iam_policy( + self, + ) -> typing.Callable[ + [iam_policy.GetIamPolicyRequest], + typing.Union[policy.Policy, typing.Awaitable[policy.Policy]], + ]: + raise NotImplementedError() + + @property + def test_iam_permissions( + self, + ) -> typing.Callable[ + [iam_policy.TestIamPermissionsRequest], + typing.Union[ + iam_policy.TestIamPermissionsResponse, + typing.Awaitable[iam_policy.TestIamPermissionsResponse], + ], + ]: + raise NotImplementedError() + + +__all__ = ("KeyManagementServiceTransport",) diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py new file mode 100644 index 00000000..f914eb77 --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py @@ -0,0 +1,1001 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from typing import Callable, Dict, Optional, Sequence, Tuple + +from google.api_core import grpc_helpers # type: ignore +from google import auth # type: ignore +from google.auth import credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + + +import grpc # type: ignore + +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore + +from .base import KeyManagementServiceTransport + + +class KeyManagementServiceGrpcTransport(KeyManagementServiceTransport): + """gRPC backend transport for KeyManagementService. + + Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. + Implements a REST model with the following objects: + + - [KeyRing][google.cloud.kms.v1.KeyRing] + - [CryptoKey][google.cloud.kms.v1.CryptoKey] + - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + - [ImportJob][google.cloud.kms.v1.ImportJob] + + If you are using manual gRPC libraries, see `Using gRPC with Cloud + KMS `__. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _stubs: Dict[str, Callable] + + def __init__( + self, + *, + host: str = "cloudkms.googleapis.com", + credentials: credentials.Credentials = None, + credentials_file: str = None, + scopes: Sequence[str] = None, + channel: grpc.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id: Optional[str] = None + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional(Sequence[str])): A list of scopes. This argument is + ignored if ``channel`` is provided. + channel (Optional[grpc.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If + provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A + callback to provide client SSL certificate bytes and private key + bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` + is None. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + + Raises: + google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + if channel: + # Sanity check: Ensure that channel and credentials are not both + # provided. + credentials = False + + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + elif api_mtls_endpoint: + host = ( + api_mtls_endpoint + if ":" in api_mtls_endpoint + else api_mtls_endpoint + ":443" + ) + + if credentials is None: + credentials, _ = auth.default( + scopes=self.AUTH_SCOPES, quota_project_id=quota_project_id + ) + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + ssl_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + ssl_credentials = SslCredentials().ssl_credentials + + # create a new channel. The provided one is ignored. + self._grpc_channel = type(self).create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + ssl_credentials=ssl_credentials, + scopes=scopes or self.AUTH_SCOPES, + quota_project_id=quota_project_id, + ) + + self._stubs = {} # type: Dict[str, Callable] + + # Run the base constructor. + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes or self.AUTH_SCOPES, + quota_project_id=quota_project_id, + ) + + @classmethod + def create_channel( + cls, + host: str = "cloudkms.googleapis.com", + credentials: credentials.Credentials = None, + credentials_file: str = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs + ) -> grpc.Channel: + """Create and return a gRPC channel object. + Args: + address (Optionsl[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is mutually exclusive with credentials. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + grpc.Channel: A gRPC channel object. + + Raises: + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + scopes = scopes or cls.AUTH_SCOPES + return grpc_helpers.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + **kwargs + ) + + @property + def grpc_channel(self) -> grpc.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Sanity check: Only create a new channel if we do not already + # have one. + if not hasattr(self, "_grpc_channel"): + self._grpc_channel = self.create_channel( + self._host, credentials=self._credentials, + ) + + # Return the channel from cache. + return self._grpc_channel + + @property + def list_key_rings( + self, + ) -> Callable[[service.ListKeyRingsRequest], service.ListKeyRingsResponse]: + r"""Return a callable for the list key rings method over gRPC. + + Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + + Returns: + Callable[[~.ListKeyRingsRequest], + ~.ListKeyRingsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_key_rings" not in self._stubs: + self._stubs["list_key_rings"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListKeyRings", + request_serializer=service.ListKeyRingsRequest.serialize, + response_deserializer=service.ListKeyRingsResponse.deserialize, + ) + return self._stubs["list_key_rings"] + + @property + def list_crypto_keys( + self, + ) -> Callable[[service.ListCryptoKeysRequest], service.ListCryptoKeysResponse]: + r"""Return a callable for the list crypto keys method over gRPC. + + Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.ListCryptoKeysRequest], + ~.ListCryptoKeysResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_crypto_keys" not in self._stubs: + self._stubs["list_crypto_keys"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys", + request_serializer=service.ListCryptoKeysRequest.serialize, + response_deserializer=service.ListCryptoKeysResponse.deserialize, + ) + return self._stubs["list_crypto_keys"] + + @property + def list_crypto_key_versions( + self, + ) -> Callable[ + [service.ListCryptoKeyVersionsRequest], service.ListCryptoKeyVersionsResponse + ]: + r"""Return a callable for the list crypto key versions method over gRPC. + + Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.ListCryptoKeyVersionsRequest], + ~.ListCryptoKeyVersionsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_crypto_key_versions" not in self._stubs: + self._stubs["list_crypto_key_versions"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions", + request_serializer=service.ListCryptoKeyVersionsRequest.serialize, + response_deserializer=service.ListCryptoKeyVersionsResponse.deserialize, + ) + return self._stubs["list_crypto_key_versions"] + + @property + def list_import_jobs( + self, + ) -> Callable[[service.ListImportJobsRequest], service.ListImportJobsResponse]: + r"""Return a callable for the list import jobs method over gRPC. + + Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + + Returns: + Callable[[~.ListImportJobsRequest], + ~.ListImportJobsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_import_jobs" not in self._stubs: + self._stubs["list_import_jobs"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListImportJobs", + request_serializer=service.ListImportJobsRequest.serialize, + response_deserializer=service.ListImportJobsResponse.deserialize, + ) + return self._stubs["list_import_jobs"] + + @property + def get_key_ring(self) -> Callable[[service.GetKeyRingRequest], resources.KeyRing]: + r"""Return a callable for the get key ring method over gRPC. + + Returns metadata for a given + [KeyRing][google.cloud.kms.v1.KeyRing]. + + Returns: + Callable[[~.GetKeyRingRequest], + ~.KeyRing]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_key_ring" not in self._stubs: + self._stubs["get_key_ring"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetKeyRing", + request_serializer=service.GetKeyRingRequest.serialize, + response_deserializer=resources.KeyRing.deserialize, + ) + return self._stubs["get_key_ring"] + + @property + def get_crypto_key( + self, + ) -> Callable[[service.GetCryptoKeyRequest], resources.CryptoKey]: + r"""Return a callable for the get crypto key method over gRPC. + + Returns metadata for a given + [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its + [primary][google.cloud.kms.v1.CryptoKey.primary] + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.GetCryptoKeyRequest], + ~.CryptoKey]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_crypto_key" not in self._stubs: + self._stubs["get_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetCryptoKey", + request_serializer=service.GetCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["get_crypto_key"] + + @property + def get_crypto_key_version( + self, + ) -> Callable[[service.GetCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the get crypto key version method over gRPC. + + Returns metadata for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.GetCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_crypto_key_version" not in self._stubs: + self._stubs["get_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion", + request_serializer=service.GetCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["get_crypto_key_version"] + + @property + def get_public_key( + self, + ) -> Callable[[service.GetPublicKeyRequest], resources.PublicKey]: + r"""Return a callable for the get public key method over gRPC. + + Returns the public key for the given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + or + [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + + Returns: + Callable[[~.GetPublicKeyRequest], + ~.PublicKey]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_public_key" not in self._stubs: + self._stubs["get_public_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetPublicKey", + request_serializer=service.GetPublicKeyRequest.serialize, + response_deserializer=resources.PublicKey.deserialize, + ) + return self._stubs["get_public_key"] + + @property + def get_import_job( + self, + ) -> Callable[[service.GetImportJobRequest], resources.ImportJob]: + r"""Return a callable for the get import job method over gRPC. + + Returns metadata for a given + [ImportJob][google.cloud.kms.v1.ImportJob]. + + Returns: + Callable[[~.GetImportJobRequest], + ~.ImportJob]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_import_job" not in self._stubs: + self._stubs["get_import_job"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetImportJob", + request_serializer=service.GetImportJobRequest.serialize, + response_deserializer=resources.ImportJob.deserialize, + ) + return self._stubs["get_import_job"] + + @property + def create_key_ring( + self, + ) -> Callable[[service.CreateKeyRingRequest], resources.KeyRing]: + r"""Return a callable for the create key ring method over gRPC. + + Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given + Project and Location. + + Returns: + Callable[[~.CreateKeyRingRequest], + ~.KeyRing]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_key_ring" not in self._stubs: + self._stubs["create_key_ring"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateKeyRing", + request_serializer=service.CreateKeyRingRequest.serialize, + response_deserializer=resources.KeyRing.deserialize, + ) + return self._stubs["create_key_ring"] + + @property + def create_crypto_key( + self, + ) -> Callable[[service.CreateCryptoKeyRequest], resources.CryptoKey]: + r"""Return a callable for the create crypto key method over gRPC. + + Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + are required. + + Returns: + Callable[[~.CreateCryptoKeyRequest], + ~.CryptoKey]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_crypto_key" not in self._stubs: + self._stubs["create_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey", + request_serializer=service.CreateCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["create_crypto_key"] + + @property + def create_crypto_key_version( + self, + ) -> Callable[[service.CreateCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the create crypto key version method over gRPC. + + Create a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + The server will assign the next sequential id. If unset, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + + Returns: + Callable[[~.CreateCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_crypto_key_version" not in self._stubs: + self._stubs["create_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion", + request_serializer=service.CreateCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["create_crypto_key_version"] + + @property + def import_crypto_key_version( + self, + ) -> Callable[[service.ImportCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the import crypto key version method over gRPC. + + Imports a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an + existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the + wrapped key material provided in the request. + + The version ID will be assigned the next sequential id within + the [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.ImportCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "import_crypto_key_version" not in self._stubs: + self._stubs["import_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ImportCryptoKeyVersion", + request_serializer=service.ImportCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["import_crypto_key_version"] + + @property + def create_import_job( + self, + ) -> Callable[[service.CreateImportJobRequest], resources.ImportJob]: + r"""Return a callable for the create import job method over gRPC. + + Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] + is required. + + Returns: + Callable[[~.CreateImportJobRequest], + ~.ImportJob]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_import_job" not in self._stubs: + self._stubs["create_import_job"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateImportJob", + request_serializer=service.CreateImportJobRequest.serialize, + response_deserializer=resources.ImportJob.deserialize, + ) + return self._stubs["create_import_job"] + + @property + def update_crypto_key( + self, + ) -> Callable[[service.UpdateCryptoKeyRequest], resources.CryptoKey]: + r"""Return a callable for the update crypto key method over gRPC. + + Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.UpdateCryptoKeyRequest], + ~.CryptoKey]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key" not in self._stubs: + self._stubs["update_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey", + request_serializer=service.UpdateCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["update_crypto_key"] + + @property + def update_crypto_key_version( + self, + ) -> Callable[[service.UpdateCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the update crypto key version method over gRPC. + + Update a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + metadata. + + [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be + changed between + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + and + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + using this method. See + [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + and + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + to move between other states. + + Returns: + Callable[[~.UpdateCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key_version" not in self._stubs: + self._stubs["update_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion", + request_serializer=service.UpdateCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["update_crypto_key_version"] + + @property + def encrypt(self) -> Callable[[service.EncryptRequest], service.EncryptResponse]: + r"""Return a callable for the encrypt method over gRPC. + + Encrypts data, so that it can only be recovered by a call to + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.EncryptRequest], + ~.EncryptResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "encrypt" not in self._stubs: + self._stubs["encrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/Encrypt", + request_serializer=service.EncryptRequest.serialize, + response_deserializer=service.EncryptResponse.deserialize, + ) + return self._stubs["encrypt"] + + @property + def decrypt(self) -> Callable[[service.DecryptRequest], service.DecryptResponse]: + r"""Return a callable for the decrypt method over gRPC. + + Decrypts data that was protected by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.DecryptRequest], + ~.DecryptResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "decrypt" not in self._stubs: + self._stubs["decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/Decrypt", + request_serializer=service.DecryptRequest.serialize, + response_deserializer=service.DecryptResponse.deserialize, + ) + return self._stubs["decrypt"] + + @property + def asymmetric_sign( + self, + ) -> Callable[[service.AsymmetricSignRequest], service.AsymmetricSignResponse]: + r"""Return a callable for the asymmetric sign method over gRPC. + + Signs data using a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_SIGN, producing a signature that can be verified with + the public key retrieved from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + Returns: + Callable[[~.AsymmetricSignRequest], + ~.AsymmetricSignResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "asymmetric_sign" not in self._stubs: + self._stubs["asymmetric_sign"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/AsymmetricSign", + request_serializer=service.AsymmetricSignRequest.serialize, + response_deserializer=service.AsymmetricSignResponse.deserialize, + ) + return self._stubs["asymmetric_sign"] + + @property + def asymmetric_decrypt( + self, + ) -> Callable[ + [service.AsymmetricDecryptRequest], service.AsymmetricDecryptResponse + ]: + r"""Return a callable for the asymmetric decrypt method over gRPC. + + Decrypts data that was encrypted with a public key retrieved + from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + corresponding to a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_DECRYPT. + + Returns: + Callable[[~.AsymmetricDecryptRequest], + ~.AsymmetricDecryptResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "asymmetric_decrypt" not in self._stubs: + self._stubs["asymmetric_decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/AsymmetricDecrypt", + request_serializer=service.AsymmetricDecryptRequest.serialize, + response_deserializer=service.AsymmetricDecryptResponse.deserialize, + ) + return self._stubs["asymmetric_decrypt"] + + @property + def update_crypto_key_primary_version( + self, + ) -> Callable[[service.UpdateCryptoKeyPrimaryVersionRequest], resources.CryptoKey]: + r"""Return a callable for the update crypto key primary + version method over gRPC. + + Update the version of a + [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Returns an error if called on an asymmetric key. + + Returns: + Callable[[~.UpdateCryptoKeyPrimaryVersionRequest], + ~.CryptoKey]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key_primary_version" not in self._stubs: + self._stubs[ + "update_crypto_key_primary_version" + ] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion", + request_serializer=service.UpdateCryptoKeyPrimaryVersionRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["update_crypto_key_primary_version"] + + @property + def destroy_crypto_key_version( + self, + ) -> Callable[[service.DestroyCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the destroy crypto key version method over gRPC. + + Schedule a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + destruction. + + Upon calling this method, + [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be set to + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be set to a time 24 hours in the future, at which point the + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be + changed to + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + and the key material will be irrevocably destroyed. + + Before the + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + is reached, + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + may be called to reverse the process. + + Returns: + Callable[[~.DestroyCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "destroy_crypto_key_version" not in self._stubs: + self._stubs["destroy_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion", + request_serializer=service.DestroyCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["destroy_crypto_key_version"] + + @property + def restore_crypto_key_version( + self, + ) -> Callable[[service.RestoreCryptoKeyVersionRequest], resources.CryptoKeyVersion]: + r"""Return a callable for the restore crypto key version method over gRPC. + + Restore a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + state. + + Upon restoration of the CryptoKeyVersion, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be cleared. + + Returns: + Callable[[~.RestoreCryptoKeyVersionRequest], + ~.CryptoKeyVersion]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "restore_crypto_key_version" not in self._stubs: + self._stubs["restore_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion", + request_serializer=service.RestoreCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["restore_crypto_key_version"] + + @property + def set_iam_policy( + self, + ) -> Callable[[iam_policy.SetIamPolicyRequest], policy.Policy]: + r"""Return a callable for the set iam policy method over gRPC. + Sets the IAM access control policy on the specified + function. Replaces any existing policy. + Returns: + Callable[[~.SetIamPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "set_iam_policy" not in self._stubs: + self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/SetIamPolicy", + request_serializer=iam_policy.SetIamPolicyRequest.SerializeToString, + response_deserializer=policy.Policy.FromString, + ) + return self._stubs["set_iam_policy"] + + @property + def get_iam_policy( + self, + ) -> Callable[[iam_policy.GetIamPolicyRequest], policy.Policy]: + r"""Return a callable for the get iam policy method over gRPC. + Gets the IAM access control policy for a function. + Returns an empty policy if the function exists and does + not have a policy set. + Returns: + Callable[[~.GetIamPolicyRequest], + ~.Policy]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_iam_policy" not in self._stubs: + self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/GetIamPolicy", + request_serializer=iam_policy.GetIamPolicyRequest.SerializeToString, + response_deserializer=policy.Policy.FromString, + ) + return self._stubs["get_iam_policy"] + + @property + def test_iam_permissions( + self, + ) -> Callable[ + [iam_policy.TestIamPermissionsRequest], iam_policy.TestIamPermissionsResponse + ]: + r"""Return a callable for the test iam permissions method over gRPC. + Tests the specified permissions against the IAM access control + policy for a function. If the function does not exist, this will + return an empty set of permissions, not a NOT_FOUND error. + Returns: + Callable[[~.TestIamPermissionsRequest], + ~.TestIamPermissionsResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "test_iam_permissions" not in self._stubs: + self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/TestIamPermissions", + request_serializer=iam_policy.TestIamPermissionsRequest.SerializeToString, + response_deserializer=iam_policy.TestIamPermissionsResponse.FromString, + ) + return self._stubs["test_iam_permissions"] + + +__all__ = ("KeyManagementServiceGrpcTransport",) diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py new file mode 100644 index 00000000..05fb9b49 --- /dev/null +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py @@ -0,0 +1,1024 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple + +from google.api_core import grpc_helpers_async # type: ignore +from google.auth import credentials # type: ignore +from google.auth.transport.grpc import SslCredentials # type: ignore + +import grpc # type: ignore +from grpc.experimental import aio # type: ignore + +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore + +from .base import KeyManagementServiceTransport +from .grpc import KeyManagementServiceGrpcTransport + + +class KeyManagementServiceGrpcAsyncIOTransport(KeyManagementServiceTransport): + """gRPC AsyncIO backend transport for KeyManagementService. + + Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. + Implements a REST model with the following objects: + + - [KeyRing][google.cloud.kms.v1.KeyRing] + - [CryptoKey][google.cloud.kms.v1.CryptoKey] + - [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + - [ImportJob][google.cloud.kms.v1.ImportJob] + + If you are using manual gRPC libraries, see `Using gRPC with Cloud + KMS `__. + + This class defines the same methods as the primary client, so the + primary client can load the underlying transport implementation + and call it. + + It sends protocol buffers over the wire using gRPC (which is built on + top of HTTP/2); the ``grpcio`` package must be installed. + """ + + _grpc_channel: aio.Channel + _stubs: Dict[str, Callable] = {} + + @classmethod + def create_channel( + cls, + host: str = "cloudkms.googleapis.com", + credentials: credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + quota_project_id: Optional[str] = None, + **kwargs, + ) -> aio.Channel: + """Create and return a gRPC AsyncIO channel object. + Args: + address (Optional[str]): The host for the channel to use. + credentials (Optional[~.Credentials]): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + kwargs (Optional[dict]): Keyword arguments, which are passed to the + channel creation. + Returns: + aio.Channel: A gRPC AsyncIO channel object. + """ + scopes = scopes or cls.AUTH_SCOPES + return grpc_helpers_async.create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes, + quota_project_id=quota_project_id, + **kwargs, + ) + + def __init__( + self, + *, + host: str = "cloudkms.googleapis.com", + credentials: credentials.Credentials = None, + credentials_file: Optional[str] = None, + scopes: Optional[Sequence[str]] = None, + channel: aio.Channel = None, + api_mtls_endpoint: str = None, + client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, + quota_project_id=None, + ) -> None: + """Instantiate the transport. + + Args: + host (Optional[str]): The hostname to connect to. + credentials (Optional[google.auth.credentials.Credentials]): The + authorization credentials to attach to requests. These + credentials identify the application to the service; if none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is ignored if ``channel`` is provided. + credentials_file (Optional[str]): A file with credentials that can + be loaded with :func:`google.auth.load_credentials_from_file`. + This argument is ignored if ``channel`` is provided. + scopes (Optional[Sequence[str]]): A optional list of scopes needed for this + service. These are only used when credentials are not specified and + are passed to :func:`google.auth.default`. + channel (Optional[aio.Channel]): A ``Channel`` instance through + which to make calls. + api_mtls_endpoint (Optional[str]): The mutual TLS endpoint. If + provided, it overrides the ``host`` argument and tries to create + a mutual TLS channel with client SSL credentials from + ``client_cert_source`` or applicatin default SSL credentials. + client_cert_source (Optional[Callable[[], Tuple[bytes, bytes]]]): A + callback to provide client SSL certificate bytes and private key + bytes, both in PEM format. It is ignored if ``api_mtls_endpoint`` + is None. + quota_project_id (Optional[str]): An optional project to use for billing + and quota. + + Raises: + google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport + creation failed for any reason. + google.api_core.exceptions.DuplicateCredentialArgs: If both ``credentials`` + and ``credentials_file`` are passed. + """ + if channel: + # Sanity check: Ensure that channel and credentials are not both + # provided. + credentials = False + + # If a channel was explicitly provided, set it. + self._grpc_channel = channel + elif api_mtls_endpoint: + host = ( + api_mtls_endpoint + if ":" in api_mtls_endpoint + else api_mtls_endpoint + ":443" + ) + + # Create SSL credentials with client_cert_source or application + # default SSL credentials. + if client_cert_source: + cert, key = client_cert_source() + ssl_credentials = grpc.ssl_channel_credentials( + certificate_chain=cert, private_key=key + ) + else: + ssl_credentials = SslCredentials().ssl_credentials + + # create a new channel. The provided one is ignored. + self._grpc_channel = type(self).create_channel( + host, + credentials=credentials, + credentials_file=credentials_file, + ssl_credentials=ssl_credentials, + scopes=scopes or self.AUTH_SCOPES, + quota_project_id=quota_project_id, + ) + + # Run the base constructor. + super().__init__( + host=host, + credentials=credentials, + credentials_file=credentials_file, + scopes=scopes or self.AUTH_SCOPES, + quota_project_id=quota_project_id, + ) + + self._stubs = {} + + @property + def grpc_channel(self) -> aio.Channel: + """Create the channel designed to connect to this service. + + This property caches on the instance; repeated calls return + the same channel. + """ + # Sanity check: Only create a new channel if we do not already + # have one. + if not hasattr(self, "_grpc_channel"): + self._grpc_channel = self.create_channel( + self._host, credentials=self._credentials, + ) + + # Return the channel from cache. + return self._grpc_channel + + @property + def list_key_rings( + self, + ) -> Callable[ + [service.ListKeyRingsRequest], Awaitable[service.ListKeyRingsResponse] + ]: + r"""Return a callable for the list key rings method over gRPC. + + Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + + Returns: + Callable[[~.ListKeyRingsRequest], + Awaitable[~.ListKeyRingsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_key_rings" not in self._stubs: + self._stubs["list_key_rings"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListKeyRings", + request_serializer=service.ListKeyRingsRequest.serialize, + response_deserializer=service.ListKeyRingsResponse.deserialize, + ) + return self._stubs["list_key_rings"] + + @property + def list_crypto_keys( + self, + ) -> Callable[ + [service.ListCryptoKeysRequest], Awaitable[service.ListCryptoKeysResponse] + ]: + r"""Return a callable for the list crypto keys method over gRPC. + + Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.ListCryptoKeysRequest], + Awaitable[~.ListCryptoKeysResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_crypto_keys" not in self._stubs: + self._stubs["list_crypto_keys"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys", + request_serializer=service.ListCryptoKeysRequest.serialize, + response_deserializer=service.ListCryptoKeysResponse.deserialize, + ) + return self._stubs["list_crypto_keys"] + + @property + def list_crypto_key_versions( + self, + ) -> Callable[ + [service.ListCryptoKeyVersionsRequest], + Awaitable[service.ListCryptoKeyVersionsResponse], + ]: + r"""Return a callable for the list crypto key versions method over gRPC. + + Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.ListCryptoKeyVersionsRequest], + Awaitable[~.ListCryptoKeyVersionsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_crypto_key_versions" not in self._stubs: + self._stubs["list_crypto_key_versions"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions", + request_serializer=service.ListCryptoKeyVersionsRequest.serialize, + response_deserializer=service.ListCryptoKeyVersionsResponse.deserialize, + ) + return self._stubs["list_crypto_key_versions"] + + @property + def list_import_jobs( + self, + ) -> Callable[ + [service.ListImportJobsRequest], Awaitable[service.ListImportJobsResponse] + ]: + r"""Return a callable for the list import jobs method over gRPC. + + Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + + Returns: + Callable[[~.ListImportJobsRequest], + Awaitable[~.ListImportJobsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "list_import_jobs" not in self._stubs: + self._stubs["list_import_jobs"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ListImportJobs", + request_serializer=service.ListImportJobsRequest.serialize, + response_deserializer=service.ListImportJobsResponse.deserialize, + ) + return self._stubs["list_import_jobs"] + + @property + def get_key_ring( + self, + ) -> Callable[[service.GetKeyRingRequest], Awaitable[resources.KeyRing]]: + r"""Return a callable for the get key ring method over gRPC. + + Returns metadata for a given + [KeyRing][google.cloud.kms.v1.KeyRing]. + + Returns: + Callable[[~.GetKeyRingRequest], + Awaitable[~.KeyRing]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_key_ring" not in self._stubs: + self._stubs["get_key_ring"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetKeyRing", + request_serializer=service.GetKeyRingRequest.serialize, + response_deserializer=resources.KeyRing.deserialize, + ) + return self._stubs["get_key_ring"] + + @property + def get_crypto_key( + self, + ) -> Callable[[service.GetCryptoKeyRequest], Awaitable[resources.CryptoKey]]: + r"""Return a callable for the get crypto key method over gRPC. + + Returns metadata for a given + [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its + [primary][google.cloud.kms.v1.CryptoKey.primary] + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.GetCryptoKeyRequest], + Awaitable[~.CryptoKey]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_crypto_key" not in self._stubs: + self._stubs["get_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetCryptoKey", + request_serializer=service.GetCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["get_crypto_key"] + + @property + def get_crypto_key_version( + self, + ) -> Callable[ + [service.GetCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the get crypto key version method over gRPC. + + Returns metadata for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + + Returns: + Callable[[~.GetCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_crypto_key_version" not in self._stubs: + self._stubs["get_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion", + request_serializer=service.GetCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["get_crypto_key_version"] + + @property + def get_public_key( + self, + ) -> Callable[[service.GetPublicKeyRequest], Awaitable[resources.PublicKey]]: + r"""Return a callable for the get public key method over gRPC. + + Returns the public key for the given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + or + [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + + Returns: + Callable[[~.GetPublicKeyRequest], + Awaitable[~.PublicKey]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_public_key" not in self._stubs: + self._stubs["get_public_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetPublicKey", + request_serializer=service.GetPublicKeyRequest.serialize, + response_deserializer=resources.PublicKey.deserialize, + ) + return self._stubs["get_public_key"] + + @property + def get_import_job( + self, + ) -> Callable[[service.GetImportJobRequest], Awaitable[resources.ImportJob]]: + r"""Return a callable for the get import job method over gRPC. + + Returns metadata for a given + [ImportJob][google.cloud.kms.v1.ImportJob]. + + Returns: + Callable[[~.GetImportJobRequest], + Awaitable[~.ImportJob]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_import_job" not in self._stubs: + self._stubs["get_import_job"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/GetImportJob", + request_serializer=service.GetImportJobRequest.serialize, + response_deserializer=resources.ImportJob.deserialize, + ) + return self._stubs["get_import_job"] + + @property + def create_key_ring( + self, + ) -> Callable[[service.CreateKeyRingRequest], Awaitable[resources.KeyRing]]: + r"""Return a callable for the create key ring method over gRPC. + + Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given + Project and Location. + + Returns: + Callable[[~.CreateKeyRingRequest], + Awaitable[~.KeyRing]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_key_ring" not in self._stubs: + self._stubs["create_key_ring"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateKeyRing", + request_serializer=service.CreateKeyRingRequest.serialize, + response_deserializer=resources.KeyRing.deserialize, + ) + return self._stubs["create_key_ring"] + + @property + def create_crypto_key( + self, + ) -> Callable[[service.CreateCryptoKeyRequest], Awaitable[resources.CryptoKey]]: + r"""Return a callable for the create crypto key method over gRPC. + + Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + are required. + + Returns: + Callable[[~.CreateCryptoKeyRequest], + Awaitable[~.CryptoKey]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_crypto_key" not in self._stubs: + self._stubs["create_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey", + request_serializer=service.CreateCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["create_crypto_key"] + + @property + def create_crypto_key_version( + self, + ) -> Callable[ + [service.CreateCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the create crypto key version method over gRPC. + + Create a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + The server will assign the next sequential id. If unset, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + + Returns: + Callable[[~.CreateCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_crypto_key_version" not in self._stubs: + self._stubs["create_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion", + request_serializer=service.CreateCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["create_crypto_key_version"] + + @property + def import_crypto_key_version( + self, + ) -> Callable[ + [service.ImportCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the import crypto key version method over gRPC. + + Imports a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an + existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the + wrapped key material provided in the request. + + The version ID will be assigned the next sequential id within + the [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.ImportCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "import_crypto_key_version" not in self._stubs: + self._stubs["import_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/ImportCryptoKeyVersion", + request_serializer=service.ImportCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["import_crypto_key_version"] + + @property + def create_import_job( + self, + ) -> Callable[[service.CreateImportJobRequest], Awaitable[resources.ImportJob]]: + r"""Return a callable for the create import job method over gRPC. + + Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + [KeyRing][google.cloud.kms.v1.KeyRing]. + + [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] + is required. + + Returns: + Callable[[~.CreateImportJobRequest], + Awaitable[~.ImportJob]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "create_import_job" not in self._stubs: + self._stubs["create_import_job"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/CreateImportJob", + request_serializer=service.CreateImportJobRequest.serialize, + response_deserializer=resources.ImportJob.deserialize, + ) + return self._stubs["create_import_job"] + + @property + def update_crypto_key( + self, + ) -> Callable[[service.UpdateCryptoKeyRequest], Awaitable[resources.CryptoKey]]: + r"""Return a callable for the update crypto key method over gRPC. + + Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + Returns: + Callable[[~.UpdateCryptoKeyRequest], + Awaitable[~.CryptoKey]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key" not in self._stubs: + self._stubs["update_crypto_key"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey", + request_serializer=service.UpdateCryptoKeyRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["update_crypto_key"] + + @property + def update_crypto_key_version( + self, + ) -> Callable[ + [service.UpdateCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the update crypto key version method over gRPC. + + Update a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + metadata. + + [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be + changed between + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + and + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + using this method. See + [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + and + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + to move between other states. + + Returns: + Callable[[~.UpdateCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key_version" not in self._stubs: + self._stubs["update_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion", + request_serializer=service.UpdateCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["update_crypto_key_version"] + + @property + def encrypt( + self, + ) -> Callable[[service.EncryptRequest], Awaitable[service.EncryptResponse]]: + r"""Return a callable for the encrypt method over gRPC. + + Encrypts data, so that it can only be recovered by a call to + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.EncryptRequest], + Awaitable[~.EncryptResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "encrypt" not in self._stubs: + self._stubs["encrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/Encrypt", + request_serializer=service.EncryptRequest.serialize, + response_deserializer=service.EncryptResponse.deserialize, + ) + return self._stubs["encrypt"] + + @property + def decrypt( + self, + ) -> Callable[[service.DecryptRequest], Awaitable[service.DecryptResponse]]: + r"""Return a callable for the decrypt method over gRPC. + + Decrypts data that was protected by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.DecryptRequest], + Awaitable[~.DecryptResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "decrypt" not in self._stubs: + self._stubs["decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/Decrypt", + request_serializer=service.DecryptRequest.serialize, + response_deserializer=service.DecryptResponse.deserialize, + ) + return self._stubs["decrypt"] + + @property + def asymmetric_sign( + self, + ) -> Callable[ + [service.AsymmetricSignRequest], Awaitable[service.AsymmetricSignResponse] + ]: + r"""Return a callable for the asymmetric sign method over gRPC. + + Signs data using a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_SIGN, producing a signature that can be verified with + the public key retrieved from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + Returns: + Callable[[~.AsymmetricSignRequest], + Awaitable[~.AsymmetricSignResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "asymmetric_sign" not in self._stubs: + self._stubs["asymmetric_sign"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/AsymmetricSign", + request_serializer=service.AsymmetricSignRequest.serialize, + response_deserializer=service.AsymmetricSignResponse.deserialize, + ) + return self._stubs["asymmetric_sign"] + + @property + def asymmetric_decrypt( + self, + ) -> Callable[ + [service.AsymmetricDecryptRequest], Awaitable[service.AsymmetricDecryptResponse] + ]: + r"""Return a callable for the asymmetric decrypt method over gRPC. + + Decrypts data that was encrypted with a public key retrieved + from + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + corresponding to a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + ASYMMETRIC_DECRYPT. + + Returns: + Callable[[~.AsymmetricDecryptRequest], + Awaitable[~.AsymmetricDecryptResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "asymmetric_decrypt" not in self._stubs: + self._stubs["asymmetric_decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/AsymmetricDecrypt", + request_serializer=service.AsymmetricDecryptRequest.serialize, + response_deserializer=service.AsymmetricDecryptResponse.deserialize, + ) + return self._stubs["asymmetric_decrypt"] + + @property + def update_crypto_key_primary_version( + self, + ) -> Callable[ + [service.UpdateCryptoKeyPrimaryVersionRequest], Awaitable[resources.CryptoKey] + ]: + r"""Return a callable for the update crypto key primary + version method over gRPC. + + Update the version of a + [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Returns an error if called on an asymmetric key. + + Returns: + Callable[[~.UpdateCryptoKeyPrimaryVersionRequest], + Awaitable[~.CryptoKey]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "update_crypto_key_primary_version" not in self._stubs: + self._stubs[ + "update_crypto_key_primary_version" + ] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion", + request_serializer=service.UpdateCryptoKeyPrimaryVersionRequest.serialize, + response_deserializer=resources.CryptoKey.deserialize, + ) + return self._stubs["update_crypto_key_primary_version"] + + @property + def destroy_crypto_key_version( + self, + ) -> Callable[ + [service.DestroyCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the destroy crypto key version method over gRPC. + + Schedule a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + destruction. + + Upon calling this method, + [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be set to + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be set to a time 24 hours in the future, at which point the + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be + changed to + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + and the key material will be irrevocably destroyed. + + Before the + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + is reached, + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + may be called to reverse the process. + + Returns: + Callable[[~.DestroyCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "destroy_crypto_key_version" not in self._stubs: + self._stubs["destroy_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion", + request_serializer=service.DestroyCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["destroy_crypto_key_version"] + + @property + def restore_crypto_key_version( + self, + ) -> Callable[ + [service.RestoreCryptoKeyVersionRequest], Awaitable[resources.CryptoKeyVersion] + ]: + r"""Return a callable for the restore crypto key version method over gRPC. + + Restore a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + state. + + Upon restoration of the CryptoKeyVersion, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set + to + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + and + [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] + will be cleared. + + Returns: + Callable[[~.RestoreCryptoKeyVersionRequest], + Awaitable[~.CryptoKeyVersion]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "restore_crypto_key_version" not in self._stubs: + self._stubs["restore_crypto_key_version"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion", + request_serializer=service.RestoreCryptoKeyVersionRequest.serialize, + response_deserializer=resources.CryptoKeyVersion.deserialize, + ) + return self._stubs["restore_crypto_key_version"] + + @property + def set_iam_policy( + self, + ) -> Callable[[iam_policy.SetIamPolicyRequest], Awaitable[policy.Policy]]: + r"""Return a callable for the set iam policy method over gRPC. + Sets the IAM access control policy on the specified + function. Replaces any existing policy. + Returns: + Callable[[~.SetIamPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "set_iam_policy" not in self._stubs: + self._stubs["set_iam_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/SetIamPolicy", + request_serializer=iam_policy.SetIamPolicyRequest.SerializeToString, + response_deserializer=policy.Policy.FromString, + ) + return self._stubs["set_iam_policy"] + + @property + def get_iam_policy( + self, + ) -> Callable[[iam_policy.GetIamPolicyRequest], Awaitable[policy.Policy]]: + r"""Return a callable for the get iam policy method over gRPC. + Gets the IAM access control policy for a function. + Returns an empty policy if the function exists and does + not have a policy set. + Returns: + Callable[[~.GetIamPolicyRequest], + Awaitable[~.Policy]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "get_iam_policy" not in self._stubs: + self._stubs["get_iam_policy"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/GetIamPolicy", + request_serializer=iam_policy.GetIamPolicyRequest.SerializeToString, + response_deserializer=policy.Policy.FromString, + ) + return self._stubs["get_iam_policy"] + + @property + def test_iam_permissions( + self, + ) -> Callable[ + [iam_policy.TestIamPermissionsRequest], + Awaitable[iam_policy.TestIamPermissionsResponse], + ]: + r"""Return a callable for the test iam permissions method over gRPC. + Tests the specified permissions against the IAM access control + policy for a function. If the function does not exist, this will + return an empty set of permissions, not a NOT_FOUND error. + Returns: + Callable[[~.TestIamPermissionsRequest], + Awaitable[~.TestIamPermissionsResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "test_iam_permissions" not in self._stubs: + self._stubs["test_iam_permissions"] = self.grpc_channel.unary_unary( + "/google.iam.v1.IAMPolicy/TestIamPermissions", + request_serializer=iam_policy.TestIamPermissionsRequest.SerializeToString, + response_deserializer=iam_policy.TestIamPermissionsResponse.FromString, + ) + return self._stubs["test_iam_permissions"] + + +__all__ = ("KeyManagementServiceGrpcAsyncIOTransport",) diff --git a/google/cloud/kms_v1/types.py b/google/cloud/kms_v1/types.py deleted file mode 100644 index b7e62883..00000000 --- a/google/cloud/kms_v1/types.py +++ /dev/null @@ -1,47 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -from __future__ import absolute_import -import sys - -from google.api_core.protobuf_helpers import get_messages - -from google.cloud.kms_v1.proto import resources_pb2 -from google.cloud.kms_v1.proto import service_pb2 -from google.protobuf import duration_pb2 -from google.protobuf import field_mask_pb2 -from google.protobuf import timestamp_pb2 - - -_shared_modules = [duration_pb2, field_mask_pb2, timestamp_pb2] - -_local_modules = [resources_pb2, service_pb2] - -names = [] - -for module in _shared_modules: # pragma: NO COVER - for name, message in get_messages(module).items(): - setattr(sys.modules[__name__], name, message) - names.append(name) -for module in _local_modules: - for name, message in get_messages(module).items(): - message.__module__ = "google.cloud.kms_v1.types" - setattr(sys.modules[__name__], name, message) - names.append(name) - - -__all__ = tuple(sorted(names)) diff --git a/google/cloud/kms_v1/types/__init__.py b/google/cloud/kms_v1/types/__init__.py new file mode 100644 index 00000000..5ef2bd36 --- /dev/null +++ b/google/cloud/kms_v1/types/__init__.py @@ -0,0 +1,107 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +from .resources import ( + KeyRing, + CryptoKey, + CryptoKeyVersionTemplate, + KeyOperationAttestation, + CryptoKeyVersion, + PublicKey, + ImportJob, + ExternalProtectionLevelOptions, +) +from .service import ( + ListKeyRingsRequest, + ListCryptoKeysRequest, + ListCryptoKeyVersionsRequest, + ListImportJobsRequest, + ListKeyRingsResponse, + ListCryptoKeysResponse, + ListCryptoKeyVersionsResponse, + ListImportJobsResponse, + GetKeyRingRequest, + GetCryptoKeyRequest, + GetCryptoKeyVersionRequest, + GetPublicKeyRequest, + GetImportJobRequest, + CreateKeyRingRequest, + CreateCryptoKeyRequest, + CreateCryptoKeyVersionRequest, + ImportCryptoKeyVersionRequest, + CreateImportJobRequest, + UpdateCryptoKeyRequest, + UpdateCryptoKeyVersionRequest, + EncryptRequest, + DecryptRequest, + AsymmetricSignRequest, + AsymmetricDecryptRequest, + DecryptResponse, + EncryptResponse, + AsymmetricSignResponse, + AsymmetricDecryptResponse, + UpdateCryptoKeyPrimaryVersionRequest, + DestroyCryptoKeyVersionRequest, + RestoreCryptoKeyVersionRequest, + Digest, + LocationMetadata, +) + + +__all__ = ( + "KeyRing", + "CryptoKey", + "CryptoKeyVersionTemplate", + "KeyOperationAttestation", + "CryptoKeyVersion", + "PublicKey", + "ImportJob", + "ExternalProtectionLevelOptions", + "ListKeyRingsRequest", + "ListCryptoKeysRequest", + "ListCryptoKeyVersionsRequest", + "ListImportJobsRequest", + "ListKeyRingsResponse", + "ListCryptoKeysResponse", + "ListCryptoKeyVersionsResponse", + "ListImportJobsResponse", + "GetKeyRingRequest", + "GetCryptoKeyRequest", + "GetCryptoKeyVersionRequest", + "GetPublicKeyRequest", + "GetImportJobRequest", + "CreateKeyRingRequest", + "CreateCryptoKeyRequest", + "CreateCryptoKeyVersionRequest", + "ImportCryptoKeyVersionRequest", + "CreateImportJobRequest", + "UpdateCryptoKeyRequest", + "UpdateCryptoKeyVersionRequest", + "EncryptRequest", + "DecryptRequest", + "AsymmetricSignRequest", + "AsymmetricDecryptRequest", + "DecryptResponse", + "EncryptResponse", + "AsymmetricSignResponse", + "AsymmetricDecryptResponse", + "UpdateCryptoKeyPrimaryVersionRequest", + "DestroyCryptoKeyVersionRequest", + "RestoreCryptoKeyVersionRequest", + "Digest", + "LocationMetadata", +) diff --git a/google/cloud/kms_v1/types/resources.py b/google/cloud/kms_v1/types/resources.py new file mode 100644 index 00000000..29a22293 --- /dev/null +++ b/google/cloud/kms_v1/types/resources.py @@ -0,0 +1,650 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import proto # type: ignore + + +from google.protobuf import duration_pb2 as duration # type: ignore +from google.protobuf import timestamp_pb2 as timestamp # type: ignore + + +__protobuf__ = proto.module( + package="google.cloud.kms.v1", + manifest={ + "ProtectionLevel", + "KeyRing", + "CryptoKey", + "CryptoKeyVersionTemplate", + "KeyOperationAttestation", + "CryptoKeyVersion", + "PublicKey", + "ImportJob", + "ExternalProtectionLevelOptions", + }, +) + + +class ProtectionLevel(proto.Enum): + r"""[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how + cryptographic operations are performed. For more information, see + [Protection levels] + (https://cloud.google.com/kms/docs/algorithms#protection_levels). + """ + PROTECTION_LEVEL_UNSPECIFIED = 0 + SOFTWARE = 1 + HSM = 2 + EXTERNAL = 3 + + +class KeyRing(proto.Message): + r"""A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical + grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + Attributes: + name (str): + Output only. The resource name for the + [KeyRing][google.cloud.kms.v1.KeyRing] in the format + ``projects/*/locations/*/keyRings/*``. + create_time (~.timestamp.Timestamp): + Output only. The time at which this + [KeyRing][google.cloud.kms.v1.KeyRing] was created. + """ + + name = proto.Field(proto.STRING, number=1) + + create_time = proto.Field(proto.MESSAGE, number=2, message=timestamp.Timestamp,) + + +class CryptoKey(proto.Message): + r"""A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical + key that can be used for cryptographic operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of one or + more [versions][google.cloud.kms.v1.CryptoKeyVersion], which + represent the actual key material used in cryptographic operations. + + Attributes: + name (str): + Output only. The resource name for this + [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + primary (~.resources.CryptoKeyVersion): + Output only. A copy of the "primary" + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + that will be used by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] + when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is + given in + [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. + + The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary + version can be updated via + [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + + Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + may have a primary. For other keys, this field will be + omitted. + purpose (~.resources.CryptoKey.CryptoKeyPurpose): + Immutable. The immutable purpose of this + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + create_time (~.timestamp.Timestamp): + Output only. The time at which this + [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. + next_rotation_time (~.timestamp.Timestamp): + At + [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], + the Key Management Service will automatically: + + 1. Create a new version of this + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + 2. Mark the new version as primary. + + Key rotations performed manually via + [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + and + [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] + do not affect + [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. + + Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + support automatic rotation. For other keys, this field must + be omitted. + rotation_period (~.duration.Duration): + [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] + will be advanced by this period when the service + automatically rotates a key. Must be at least 24 hours and + at most 876,000 hours. + + If + [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] + is set, + [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] + must also be set. + + Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] + support automatic rotation. For other keys, this field must + be omitted. + version_template (~.resources.CryptoKeyVersionTemplate): + A template describing settings for new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + instances. The properties of new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + instances created by either + [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + or auto-rotation are controlled by this template. + labels (Sequence[~.resources.CryptoKey.LabelsEntry]): + Labels with user-defined metadata. For more information, see + `Labeling + Keys `__. + """ + + class CryptoKeyPurpose(proto.Enum): + r"""[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] + describes the cryptographic capabilities of a + [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be + used for the operations allowed by its purpose. For more + information, see `Key + purposes `__. + """ + CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0 + ENCRYPT_DECRYPT = 1 + ASYMMETRIC_SIGN = 5 + ASYMMETRIC_DECRYPT = 6 + + name = proto.Field(proto.STRING, number=1) + + primary = proto.Field(proto.MESSAGE, number=2, message="CryptoKeyVersion",) + + purpose = proto.Field(proto.ENUM, number=3, enum=CryptoKeyPurpose,) + + create_time = proto.Field(proto.MESSAGE, number=5, message=timestamp.Timestamp,) + + next_rotation_time = proto.Field( + proto.MESSAGE, number=7, message=timestamp.Timestamp, + ) + + rotation_period = proto.Field( + proto.MESSAGE, number=8, oneof="rotation_schedule", message=duration.Duration, + ) + + version_template = proto.Field( + proto.MESSAGE, number=11, message="CryptoKeyVersionTemplate", + ) + + labels = proto.MapField(proto.STRING, proto.STRING, number=10) + + +class CryptoKeyVersionTemplate(proto.Message): + r"""A + [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] + specifies the properties to use when creating a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either + manually with + [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + or automatically as a result of auto-rotation. + + Attributes: + protection_level (~.resources.ProtectionLevel): + [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to + use when creating a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + based on this template. Immutable. Defaults to + [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. + algorithm (~.resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm): + Required. + [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + to use when creating a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + based on this template. + + For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is + implied if both this field is omitted and + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + is + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + """ + + protection_level = proto.Field(proto.ENUM, number=1, enum="ProtectionLevel",) + + algorithm = proto.Field( + proto.ENUM, number=3, enum="CryptoKeyVersion.CryptoKeyVersionAlgorithm", + ) + + +class KeyOperationAttestation(proto.Message): + r"""Contains an HSM-generated attestation about a key operation. For + more information, see [Verifying attestations] + (https://cloud.google.com/kms/docs/attest-key). + + Attributes: + format (~.resources.KeyOperationAttestation.AttestationFormat): + Output only. The format of the attestation + data. + content (bytes): + Output only. The attestation data provided by + the HSM when the key operation was performed. + """ + + class AttestationFormat(proto.Enum): + r"""Attestation formats provided by the HSM.""" + ATTESTATION_FORMAT_UNSPECIFIED = 0 + CAVIUM_V1_COMPRESSED = 3 + CAVIUM_V2_COMPRESSED = 4 + + format = proto.Field(proto.ENUM, number=4, enum=AttestationFormat,) + + content = proto.Field(proto.BYTES, number=5) + + +class CryptoKeyVersion(proto.Message): + r"""A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents an individual cryptographic key, and the associated key + material. + + An + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + version can be used for cryptographic operations. + + For security reasons, the raw cryptographic key material represented + by a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can + never be viewed or exported. It can only be used to encrypt, + decrypt, or sign data when an authorized user or application invokes + Cloud KMS. + + Attributes: + name (str): + Output only. The resource name for this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in + the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*``. + state (~.resources.CryptoKeyVersion.CryptoKeyVersionState): + The current state of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + protection_level (~.resources.ProtectionLevel): + Output only. The + [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] + describing how crypto operations are performed with this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + algorithm (~.resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm): + Output only. The + [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + that this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + supports. + attestation (~.resources.KeyOperationAttestation): + Output only. Statement that was generated and signed by the + HSM at key creation time. Use this statement to verify + attributes of the key as stored on the HSM, independently of + Google. Only provided for key versions with + [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + create_time (~.timestamp.Timestamp): + Output only. The time at which this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was + created. + generate_time (~.timestamp.Timestamp): + Output only. The time this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + key material was generated. + destroy_time (~.timestamp.Timestamp): + Output only. The time this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + key material is scheduled for destruction. Only present if + [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]. + destroy_event_time (~.timestamp.Timestamp): + Output only. The time this CryptoKeyVersion's key material + was destroyed. Only present if + [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. + import_job (str): + Output only. The name of the + [ImportJob][google.cloud.kms.v1.ImportJob] used to import + this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + Only present if the underlying key material was imported. + import_time (~.timestamp.Timestamp): + Output only. The time at which this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + key material was imported. + import_failure_reason (str): + Output only. The root cause of an import failure. Only + present if + [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. + external_protection_level_options (~.resources.ExternalProtectionLevelOptions): + ExternalProtectionLevelOptions stores a group of additional + fields for configuring a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + that are specific to the + [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] + protection level. + """ + + class CryptoKeyVersionAlgorithm(proto.Enum): + r"""The algorithm of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating + what parameters must be used for each cryptographic operation. + + The + [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] + algorithm is usable with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + + Algorithms beginning with "RSA_SIGN\_" are usable with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + + The fields in the name after "RSA_SIGN\_" correspond to the following + parameters: padding algorithm, modulus bit length, and digest + algorithm. + + For PSS, the salt length used is equal to the length of digest + algorithm. For example, + [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] + will use PSS with a salt length of 256 bits or 32 bytes. + + Algorithms beginning with "RSA_DECRYPT\_" are usable with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + + The fields in the name after "RSA_DECRYPT\_" correspond to the + following parameters: padding algorithm, modulus bit length, and + digest algorithm. + + Algorithms beginning with "EC_SIGN\_" are usable with + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + + The fields in the name after "EC_SIGN\_" correspond to the following + parameters: elliptic curve, digest algorithm. + + For more information, see [Key purposes and algorithms] + (https://cloud.google.com/kms/docs/algorithms). + """ + CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0 + GOOGLE_SYMMETRIC_ENCRYPTION = 1 + RSA_SIGN_PSS_2048_SHA256 = 2 + RSA_SIGN_PSS_3072_SHA256 = 3 + RSA_SIGN_PSS_4096_SHA256 = 4 + RSA_SIGN_PSS_4096_SHA512 = 15 + RSA_SIGN_PKCS1_2048_SHA256 = 5 + RSA_SIGN_PKCS1_3072_SHA256 = 6 + RSA_SIGN_PKCS1_4096_SHA256 = 7 + RSA_SIGN_PKCS1_4096_SHA512 = 16 + RSA_DECRYPT_OAEP_2048_SHA256 = 8 + RSA_DECRYPT_OAEP_3072_SHA256 = 9 + RSA_DECRYPT_OAEP_4096_SHA256 = 10 + RSA_DECRYPT_OAEP_4096_SHA512 = 17 + EC_SIGN_P256_SHA256 = 12 + EC_SIGN_P384_SHA384 = 13 + EXTERNAL_SYMMETRIC_ENCRYPTION = 18 + + class CryptoKeyVersionState(proto.Enum): + r"""The state of a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating + if it can be used. + """ + CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0 + PENDING_GENERATION = 5 + ENABLED = 1 + DISABLED = 2 + DESTROYED = 3 + DESTROY_SCHEDULED = 4 + PENDING_IMPORT = 6 + IMPORT_FAILED = 7 + + class CryptoKeyVersionView(proto.Enum): + r"""A view for + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls + the level of detail returned for + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] + and + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + """ + CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0 + FULL = 1 + + name = proto.Field(proto.STRING, number=1) + + state = proto.Field(proto.ENUM, number=3, enum=CryptoKeyVersionState,) + + protection_level = proto.Field(proto.ENUM, number=7, enum="ProtectionLevel",) + + algorithm = proto.Field(proto.ENUM, number=10, enum=CryptoKeyVersionAlgorithm,) + + attestation = proto.Field(proto.MESSAGE, number=8, message=KeyOperationAttestation,) + + create_time = proto.Field(proto.MESSAGE, number=4, message=timestamp.Timestamp,) + + generate_time = proto.Field(proto.MESSAGE, number=11, message=timestamp.Timestamp,) + + destroy_time = proto.Field(proto.MESSAGE, number=5, message=timestamp.Timestamp,) + + destroy_event_time = proto.Field( + proto.MESSAGE, number=6, message=timestamp.Timestamp, + ) + + import_job = proto.Field(proto.STRING, number=14) + + import_time = proto.Field(proto.MESSAGE, number=15, message=timestamp.Timestamp,) + + import_failure_reason = proto.Field(proto.STRING, number=16) + + external_protection_level_options = proto.Field( + proto.MESSAGE, number=17, message="ExternalProtectionLevelOptions", + ) + + +class PublicKey(proto.Message): + r"""The public key for a given + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained + via + [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + Attributes: + pem (str): + The public key, encoded in PEM format. For more information, + see the `RFC 7468 `__ + sections for `General + Considerations `__ + and [Textual Encoding of Subject Public Key Info] + (https://tools.ietf.org/html/rfc7468#section-13). + algorithm (~.resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm): + The + [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + associated with this key. + """ + + pem = proto.Field(proto.STRING, number=1) + + algorithm = proto.Field( + proto.ENUM, number=2, enum=CryptoKeyVersion.CryptoKeyVersionAlgorithm, + ) + + +class ImportJob(proto.Message): + r"""An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create + [CryptoKeys][google.cloud.kms.v1.CryptoKey] and + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using + pre-existing key material, generated outside of Cloud KMS. + + When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud + KMS will generate a "wrapping key", which is a public/private key + pair. You use the wrapping key to encrypt (also known as wrap) the + pre-existing key material to protect it during the import process. + The nature of the wrapping key depends on the choice of + [import_method][google.cloud.kms.v1.ImportJob.import_method]. When + the wrapping key generation is complete, the + [state][google.cloud.kms.v1.ImportJob.state] will be set to + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and + the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be + fetched. The fetched public key can then be used to wrap your + pre-existing key material. + + Once the key material is wrapped, it can be imported into a new + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an + existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can be imported with a single + [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the + private key portion of the wrapping key to unwrap the key material. + Only Cloud KMS has access to the private key. + + An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after + it is created. Once expired, Cloud KMS will no longer be able to + import or unwrap any key material that was wrapped with the + [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. + + For more information, see `Importing a + key `__. + + Attributes: + name (str): + Output only. The resource name for this + [ImportJob][google.cloud.kms.v1.ImportJob] in the format + ``projects/*/locations/*/keyRings/*/importJobs/*``. + import_method (~.resources.ImportJob.ImportMethod): + Required. Immutable. The wrapping method to + be used for incoming key material. + protection_level (~.resources.ProtectionLevel): + Required. Immutable. The protection level of the + [ImportJob][google.cloud.kms.v1.ImportJob]. This must match + the + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + of the + [version_template][google.cloud.kms.v1.CryptoKey.version_template] + on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you + attempt to import into. + create_time (~.timestamp.Timestamp): + Output only. The time at which this + [ImportJob][google.cloud.kms.v1.ImportJob] was created. + generate_time (~.timestamp.Timestamp): + Output only. The time this + [ImportJob][google.cloud.kms.v1.ImportJob]'s key material + was generated. + expire_time (~.timestamp.Timestamp): + Output only. The time at which this + [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for + expiration and can no longer be used to import key material. + expire_event_time (~.timestamp.Timestamp): + Output only. The time this + [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only + present if [state][google.cloud.kms.v1.ImportJob.state] is + [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. + state (~.resources.ImportJob.ImportJobState): + Output only. The current state of the + [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it + can be used. + public_key (~.resources.ImportJob.WrappingPublicKey): + Output only. The public key with which to wrap key material + prior to import. Only returned if + [state][google.cloud.kms.v1.ImportJob.state] is + [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. + attestation (~.resources.KeyOperationAttestation): + Output only. Statement that was generated and signed by the + key creator (for example, an HSM) at key creation time. Use + this statement to verify attributes of the key as stored on + the HSM, independently of Google. Only present if the chosen + [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] + is one with a protection level of + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + """ + + class ImportMethod(proto.Enum): + r"""[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes + the key wrapping method chosen for this + [ImportJob][google.cloud.kms.v1.ImportJob]. + """ + IMPORT_METHOD_UNSPECIFIED = 0 + RSA_OAEP_3072_SHA1_AES_256 = 1 + RSA_OAEP_4096_SHA1_AES_256 = 2 + + class ImportJobState(proto.Enum): + r"""The state of the [ImportJob][google.cloud.kms.v1.ImportJob], + indicating if it can be used. + """ + IMPORT_JOB_STATE_UNSPECIFIED = 0 + PENDING_GENERATION = 1 + ACTIVE = 2 + EXPIRED = 3 + + class WrappingPublicKey(proto.Message): + r"""The public key component of the wrapping key. For details of the + type of key this public key corresponds to, see the + [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. + + Attributes: + pem (str): + The public key, encoded in PEM format. For more information, + see the `RFC 7468 `__ + sections for `General + Considerations `__ + and [Textual Encoding of Subject Public Key Info] + (https://tools.ietf.org/html/rfc7468#section-13). + """ + + pem = proto.Field(proto.STRING, number=1) + + name = proto.Field(proto.STRING, number=1) + + import_method = proto.Field(proto.ENUM, number=2, enum=ImportMethod,) + + protection_level = proto.Field(proto.ENUM, number=9, enum="ProtectionLevel",) + + create_time = proto.Field(proto.MESSAGE, number=3, message=timestamp.Timestamp,) + + generate_time = proto.Field(proto.MESSAGE, number=4, message=timestamp.Timestamp,) + + expire_time = proto.Field(proto.MESSAGE, number=5, message=timestamp.Timestamp,) + + expire_event_time = proto.Field( + proto.MESSAGE, number=10, message=timestamp.Timestamp, + ) + + state = proto.Field(proto.ENUM, number=6, enum=ImportJobState,) + + public_key = proto.Field(proto.MESSAGE, number=7, message=WrappingPublicKey,) + + attestation = proto.Field(proto.MESSAGE, number=8, message=KeyOperationAttestation,) + + +class ExternalProtectionLevelOptions(proto.Message): + r"""ExternalProtectionLevelOptions stores a group of additional fields + for configuring a + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are + specific to the + [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection + level. + + Attributes: + external_key_uri (str): + The URI for an external resource that this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + represents. + """ + + external_key_uri = proto.Field(proto.STRING, number=1) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/google/cloud/kms_v1/types/service.py b/google/cloud/kms_v1/types/service.py new file mode 100644 index 00000000..bebb6e8f --- /dev/null +++ b/google/cloud/kms_v1/types/service.py @@ -0,0 +1,913 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import proto # type: ignore + + +from google.cloud.kms_v1.types import resources +from google.protobuf import field_mask_pb2 as field_mask # type: ignore + + +__protobuf__ = proto.module( + package="google.cloud.kms.v1", + manifest={ + "ListKeyRingsRequest", + "ListCryptoKeysRequest", + "ListCryptoKeyVersionsRequest", + "ListImportJobsRequest", + "ListKeyRingsResponse", + "ListCryptoKeysResponse", + "ListCryptoKeyVersionsResponse", + "ListImportJobsResponse", + "GetKeyRingRequest", + "GetCryptoKeyRequest", + "GetCryptoKeyVersionRequest", + "GetPublicKeyRequest", + "GetImportJobRequest", + "CreateKeyRingRequest", + "CreateCryptoKeyRequest", + "CreateCryptoKeyVersionRequest", + "ImportCryptoKeyVersionRequest", + "CreateImportJobRequest", + "UpdateCryptoKeyRequest", + "UpdateCryptoKeyVersionRequest", + "EncryptRequest", + "DecryptRequest", + "AsymmetricSignRequest", + "AsymmetricDecryptRequest", + "DecryptResponse", + "EncryptResponse", + "AsymmetricSignResponse", + "AsymmetricDecryptResponse", + "UpdateCryptoKeyPrimaryVersionRequest", + "DestroyCryptoKeyVersionRequest", + "RestoreCryptoKeyVersionRequest", + "Digest", + "LocationMetadata", + }, +) + + +class ListKeyRingsRequest(proto.Message): + r"""Request message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + Attributes: + parent (str): + Required. The resource name of the location associated with + the [KeyRings][google.cloud.kms.v1.KeyRing], in the format + ``projects/*/locations/*``. + page_size (int): + Optional. Optional limit on the number of + [KeyRings][google.cloud.kms.v1.KeyRing] to include in the + response. Further [KeyRings][google.cloud.kms.v1.KeyRing] + can subsequently be obtained by including the + [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] + in a subsequent request. If unspecified, the server will + pick an appropriate default. + page_token (str): + Optional. Optional pagination token, returned earlier via + [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]. + filter (str): + Optional. Only include resources that match the filter in + the response. For more information, see `Sorting and + filtering list + results `__. + order_by (str): + Optional. Specify how the results should be sorted. If not + specified, the results will be sorted in the default order. + For more information, see `Sorting and filtering list + results `__. + """ + + parent = proto.Field(proto.STRING, number=1) + + page_size = proto.Field(proto.INT32, number=2) + + page_token = proto.Field(proto.STRING, number=3) + + filter = proto.Field(proto.STRING, number=4) + + order_by = proto.Field(proto.STRING, number=5) + + +class ListCryptoKeysRequest(proto.Message): + r"""Request message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + Attributes: + parent (str): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + page_size (int): + Optional. Optional limit on the number of + [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in + the response. Further + [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently + be obtained by including the + [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] + in a subsequent request. If unspecified, the server will + pick an appropriate default. + page_token (str): + Optional. Optional pagination token, returned earlier via + [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]. + version_view (~.resources.CryptoKeyVersion.CryptoKeyVersionView): + The fields of the primary version to include + in the response. + filter (str): + Optional. Only include resources that match the filter in + the response. For more information, see `Sorting and + filtering list + results `__. + order_by (str): + Optional. Specify how the results should be sorted. If not + specified, the results will be sorted in the default order. + For more information, see `Sorting and filtering list + results `__. + """ + + parent = proto.Field(proto.STRING, number=1) + + page_size = proto.Field(proto.INT32, number=2) + + page_token = proto.Field(proto.STRING, number=3) + + version_view = proto.Field( + proto.ENUM, number=4, enum=resources.CryptoKeyVersion.CryptoKeyVersionView, + ) + + filter = proto.Field(proto.STRING, number=5) + + order_by = proto.Field(proto.STRING, number=6) + + +class ListCryptoKeyVersionsRequest(proto.Message): + r"""Request message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + Attributes: + parent (str): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the + format ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + page_size (int): + Optional. Optional limit on the number of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to + include in the response. Further + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + can subsequently be obtained by including the + [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] + in a subsequent request. If unspecified, the server will + pick an appropriate default. + page_token (str): + Optional. Optional pagination token, returned earlier via + [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]. + view (~.resources.CryptoKeyVersion.CryptoKeyVersionView): + The fields to include in the response. + filter (str): + Optional. Only include resources that match the filter in + the response. For more information, see `Sorting and + filtering list + results `__. + order_by (str): + Optional. Specify how the results should be sorted. If not + specified, the results will be sorted in the default order. + For more information, see `Sorting and filtering list + results `__. + """ + + parent = proto.Field(proto.STRING, number=1) + + page_size = proto.Field(proto.INT32, number=2) + + page_token = proto.Field(proto.STRING, number=3) + + view = proto.Field( + proto.ENUM, number=4, enum=resources.CryptoKeyVersion.CryptoKeyVersionView, + ) + + filter = proto.Field(proto.STRING, number=5) + + order_by = proto.Field(proto.STRING, number=6) + + +class ListImportJobsRequest(proto.Message): + r"""Request message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + + Attributes: + parent (str): + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the + format ``projects/*/locations/*/keyRings/*``. + page_size (int): + Optional. Optional limit on the number of + [ImportJobs][google.cloud.kms.v1.ImportJob] to include in + the response. Further + [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently + be obtained by including the + [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] + in a subsequent request. If unspecified, the server will + pick an appropriate default. + page_token (str): + Optional. Optional pagination token, returned earlier via + [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]. + filter (str): + Optional. Only include resources that match the filter in + the response. For more information, see `Sorting and + filtering list + results `__. + order_by (str): + Optional. Specify how the results should be sorted. If not + specified, the results will be sorted in the default order. + For more information, see `Sorting and filtering list + results `__. + """ + + parent = proto.Field(proto.STRING, number=1) + + page_size = proto.Field(proto.INT32, number=2) + + page_token = proto.Field(proto.STRING, number=3) + + filter = proto.Field(proto.STRING, number=4) + + order_by = proto.Field(proto.STRING, number=5) + + +class ListKeyRingsResponse(proto.Message): + r"""Response message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + Attributes: + key_rings (Sequence[~.resources.KeyRing]): + The list of [KeyRings][google.cloud.kms.v1.KeyRing]. + next_page_token (str): + A token to retrieve next page of results. Pass this value in + [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] + to retrieve the next page of results. + total_size (int): + The total number of [KeyRings][google.cloud.kms.v1.KeyRing] + that matched the query. + """ + + @property + def raw_page(self): + return self + + key_rings = proto.RepeatedField(proto.MESSAGE, number=1, message=resources.KeyRing,) + + next_page_token = proto.Field(proto.STRING, number=2) + + total_size = proto.Field(proto.INT32, number=3) + + +class ListCryptoKeysResponse(proto.Message): + r"""Response message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + Attributes: + crypto_keys (Sequence[~.resources.CryptoKey]): + The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + next_page_token (str): + A token to retrieve next page of results. Pass this value in + [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] + to retrieve the next page of results. + total_size (int): + The total number of + [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the + query. + """ + + @property + def raw_page(self): + return self + + crypto_keys = proto.RepeatedField( + proto.MESSAGE, number=1, message=resources.CryptoKey, + ) + + next_page_token = proto.Field(proto.STRING, number=2) + + total_size = proto.Field(proto.INT32, number=3) + + +class ListCryptoKeyVersionsResponse(proto.Message): + r"""Response message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + Attributes: + crypto_key_versions (Sequence[~.resources.CryptoKeyVersion]): + The list of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + next_page_token (str): + A token to retrieve next page of results. Pass this value in + [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] + to retrieve the next page of results. + total_size (int): + The total number of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + that matched the query. + """ + + @property + def raw_page(self): + return self + + crypto_key_versions = proto.RepeatedField( + proto.MESSAGE, number=1, message=resources.CryptoKeyVersion, + ) + + next_page_token = proto.Field(proto.STRING, number=2) + + total_size = proto.Field(proto.INT32, number=3) + + +class ListImportJobsResponse(proto.Message): + r"""Response message for + [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. + + Attributes: + import_jobs (Sequence[~.resources.ImportJob]): + The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. + next_page_token (str): + A token to retrieve next page of results. Pass this value in + [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] + to retrieve the next page of results. + total_size (int): + The total number of + [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the + query. + """ + + @property + def raw_page(self): + return self + + import_jobs = proto.RepeatedField( + proto.MESSAGE, number=1, message=resources.ImportJob, + ) + + next_page_token = proto.Field(proto.STRING, number=2) + + total_size = proto.Field(proto.INT32, number=3) + + +class GetKeyRingRequest(proto.Message): + r"""Request message for + [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. + + Attributes: + name (str): + Required. The [name][google.cloud.kms.v1.KeyRing.name] of + the [KeyRing][google.cloud.kms.v1.KeyRing] to get. + """ + + name = proto.Field(proto.STRING, number=1) + + +class GetCryptoKeyRequest(proto.Message): + r"""Request message for + [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. + + Attributes: + name (str): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] of + the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. + """ + + name = proto.Field(proto.STRING, number=1) + + +class GetCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. + + Attributes: + name (str): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + get. + """ + + name = proto.Field(proto.STRING, number=1) + + +class GetPublicKeyRequest(proto.Message): + r"""Request message for + [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + + Attributes: + name (str): + Required. The + [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + public key to get. + """ + + name = proto.Field(proto.STRING, number=1) + + +class GetImportJobRequest(proto.Message): + r"""Request message for + [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. + + Attributes: + name (str): + Required. The [name][google.cloud.kms.v1.ImportJob.name] of + the [ImportJob][google.cloud.kms.v1.ImportJob] to get. + """ + + name = proto.Field(proto.STRING, number=1) + + +class CreateKeyRingRequest(proto.Message): + r"""Request message for + [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. + + Attributes: + parent (str): + Required. The resource name of the location associated with + the [KeyRings][google.cloud.kms.v1.KeyRing], in the format + ``projects/*/locations/*``. + key_ring_id (str): + Required. It must be unique within a location and match the + regular expression ``[a-zA-Z0-9_-]{1,63}`` + key_ring (~.resources.KeyRing): + Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with + initial field values. + """ + + parent = proto.Field(proto.STRING, number=1) + + key_ring_id = proto.Field(proto.STRING, number=2) + + key_ring = proto.Field(proto.MESSAGE, number=3, message=resources.KeyRing,) + + +class CreateCryptoKeyRequest(proto.Message): + r"""Request message for + [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. + + Attributes: + parent (str): + Required. The [name][google.cloud.kms.v1.KeyRing.name] of + the KeyRing associated with the + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + crypto_key_id (str): + Required. It must be unique within a KeyRing and match the + regular expression ``[a-zA-Z0-9_-]{1,63}`` + crypto_key (~.resources.CryptoKey): + Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with + initial field values. + skip_initial_version_creation (bool): + If set to true, the request will create a + [CryptoKey][google.cloud.kms.v1.CryptoKey] without any + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + You must manually call + [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + or + [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] + before you can use this + [CryptoKey][google.cloud.kms.v1.CryptoKey]. + """ + + parent = proto.Field(proto.STRING, number=1) + + crypto_key_id = proto.Field(proto.STRING, number=2) + + crypto_key = proto.Field(proto.MESSAGE, number=3, message=resources.CryptoKey,) + + skip_initial_version_creation = proto.Field(proto.BOOL, number=5) + + +class CreateCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. + + Attributes: + parent (str): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] of + the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated + with the + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + crypto_key_version (~.resources.CryptoKeyVersion): + Required. A + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with initial field values. + """ + + parent = proto.Field(proto.STRING, number=1) + + crypto_key_version = proto.Field( + proto.MESSAGE, number=2, message=resources.CryptoKeyVersion, + ) + + +class ImportCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. + + Attributes: + parent (str): + Required. The [name][google.cloud.kms.v1.CryptoKey.name] of + the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be + imported into. + algorithm (~.resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm): + Required. The + [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + of the key being imported. This does not need to match the + [version_template][google.cloud.kms.v1.CryptoKey.version_template] + of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this + version imports into. + import_job (str): + Required. The [name][google.cloud.kms.v1.ImportJob.name] of + the [ImportJob][google.cloud.kms.v1.ImportJob] that was used + to wrap this key material. + rsa_aes_wrapped_key (bytes): + Wrapped key material produced with + [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] + or + [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]. + + This field contains the concatenation of two wrapped keys: + + .. raw:: html + +
    +
  1. An ephemeral AES-256 wrapping key wrapped with the + [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1, + MGF1 with SHA-1, and an empty label. +
    2. +
  2. The key to be imported, wrapped with the ephemeral AES-256 key + using AES-KWP (RFC 5649). +
    3. +
+ + If importing symmetric key material, it is expected that the + unwrapped key contains plain bytes. If importing asymmetric + key material, it is expected that the unwrapped key is in + PKCS#8-encoded DER format (the PrivateKeyInfo structure from + RFC 5208). + + This format is the same as the format produced by PKCS#11 + mechanism CKM_RSA_AES_KEY_WRAP. + """ + + parent = proto.Field(proto.STRING, number=1) + + algorithm = proto.Field( + proto.ENUM, number=2, enum=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm, + ) + + import_job = proto.Field(proto.STRING, number=4) + + rsa_aes_wrapped_key = proto.Field( + proto.BYTES, number=5, oneof="wrapped_key_material" + ) + + +class CreateImportJobRequest(proto.Message): + r"""Request message for + [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. + + Attributes: + parent (str): + Required. The [name][google.cloud.kms.v1.KeyRing.name] of + the [KeyRing][google.cloud.kms.v1.KeyRing] associated with + the [ImportJobs][google.cloud.kms.v1.ImportJob]. + import_job_id (str): + Required. It must be unique within a KeyRing and match the + regular expression ``[a-zA-Z0-9_-]{1,63}`` + import_job (~.resources.ImportJob): + Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with + initial field values. + """ + + parent = proto.Field(proto.STRING, number=1) + + import_job_id = proto.Field(proto.STRING, number=2) + + import_job = proto.Field(proto.MESSAGE, number=3, message=resources.ImportJob,) + + +class UpdateCryptoKeyRequest(proto.Message): + r"""Request message for + [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. + + Attributes: + crypto_key (~.resources.CryptoKey): + Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with + updated values. + update_mask (~.field_mask.FieldMask): + Required. List of fields to be updated in + this request. + """ + + crypto_key = proto.Field(proto.MESSAGE, number=1, message=resources.CryptoKey,) + + update_mask = proto.Field(proto.MESSAGE, number=2, message=field_mask.FieldMask,) + + +class UpdateCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. + + Attributes: + crypto_key_version (~.resources.CryptoKeyVersion): + Required. + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with updated values. + update_mask (~.field_mask.FieldMask): + Required. List of fields to be updated in + this request. + """ + + crypto_key_version = proto.Field( + proto.MESSAGE, number=1, message=resources.CryptoKeyVersion, + ) + + update_mask = proto.Field(proto.MESSAGE, number=2, message=field_mask.FieldMask,) + + +class EncryptRequest(proto.Message): + r"""Request message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] or + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for encryption. + + If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is + specified, the server will use its [primary + version][google.cloud.kms.v1.CryptoKey.primary]. + plaintext (bytes): + Required. The data to encrypt. Must be no larger than 64KiB. + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the plaintext must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger than + 8KiB. + additional_authenticated_data (bytes): + Optional. Optional data that, if specified, must also be + provided during decryption through + [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the AAD must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger than + 8KiB. + """ + + name = proto.Field(proto.STRING, number=1) + + plaintext = proto.Field(proto.BYTES, number=2) + + additional_authenticated_data = proto.Field(proto.BYTES, number=3) + + +class DecryptRequest(proto.Message): + r"""Request message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for + decryption. The server will choose the appropriate version. + ciphertext (bytes): + Required. The encrypted data originally returned in + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + additional_authenticated_data (bytes): + Optional. Optional data that must match the data originally + supplied in + [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + """ + + name = proto.Field(proto.STRING, number=1) + + ciphertext = proto.Field(proto.BYTES, number=2) + + additional_authenticated_data = proto.Field(proto.BYTES, number=3) + + +class AsymmetricSignRequest(proto.Message): + r"""Request message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for signing. + digest (~.service.Digest): + Required. The digest of the data to sign. The digest must be + produced with the same digest algorithm as specified by the + key version's + [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + """ + + name = proto.Field(proto.STRING, number=1) + + digest = proto.Field(proto.MESSAGE, number=3, message="Digest",) + + +class AsymmetricDecryptRequest(proto.Message): + r"""Request message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for decryption. + ciphertext (bytes): + Required. The data encrypted with the named + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + public key using OAEP. + """ + + name = proto.Field(proto.STRING, number=1) + + ciphertext = proto.Field(proto.BYTES, number=3) + + +class DecryptResponse(proto.Message): + r"""Response message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + Attributes: + plaintext (bytes): + The decrypted data originally supplied in + [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + """ + + plaintext = proto.Field(proto.BYTES, number=1) + + +class EncryptResponse(proto.Message): + r"""Response message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + Attributes: + name (str): + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + used in encryption. Check this field to verify that the + intended resource was used for encryption. + ciphertext (bytes): + The encrypted data. + """ + + name = proto.Field(proto.STRING, number=1) + + ciphertext = proto.Field(proto.BYTES, number=2) + + +class AsymmetricSignResponse(proto.Message): + r"""Response message for + [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. + + Attributes: + signature (bytes): + The created signature. + """ + + signature = proto.Field(proto.BYTES, number=1) + + +class AsymmetricDecryptResponse(proto.Message): + r"""Response message for + [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. + + Attributes: + plaintext (bytes): + The decrypted data originally encrypted with + the matching public key. + """ + + plaintext = proto.Field(proto.BYTES, number=1) + + +class UpdateCryptoKeyPrimaryVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + crypto_key_version_id (str): + Required. The id of the child + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use as primary. + """ + + name = proto.Field(proto.STRING, number=1) + + crypto_key_version_id = proto.Field(proto.STRING, number=2) + + +class DestroyCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + destroy. + """ + + name = proto.Field(proto.STRING, number=1) + + +class RestoreCryptoKeyVersionRequest(proto.Message): + r"""Request message for + [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + restore. + """ + + name = proto.Field(proto.STRING, number=1) + + +class Digest(proto.Message): + r"""A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message + digest. + + Attributes: + sha256 (bytes): + A message digest produced with the SHA-256 + algorithm. + sha384 (bytes): + A message digest produced with the SHA-384 + algorithm. + sha512 (bytes): + A message digest produced with the SHA-512 + algorithm. + """ + + sha256 = proto.Field(proto.BYTES, number=1, oneof="digest") + + sha384 = proto.Field(proto.BYTES, number=2, oneof="digest") + + sha512 = proto.Field(proto.BYTES, number=3, oneof="digest") + + +class LocationMetadata(proto.Message): + r"""Cloud KMS metadata for the given + [google.cloud.location.Location][google.cloud.location.Location]. + + Attributes: + hsm_available (bool): + Indicates whether + [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be + created in this location. + ekm_available (bool): + Indicates whether + [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can + be created in this location. + """ + + hsm_available = proto.Field(proto.BOOL, number=1) + + ekm_available = proto.Field(proto.BOOL, number=2) + + +__all__ = tuple(sorted(__protobuf__.manifest)) diff --git a/mypy.ini b/mypy.ini new file mode 100644 index 00000000..4505b485 --- /dev/null +++ b/mypy.ini @@ -0,0 +1,3 @@ +[mypy] +python_version = 3.6 +namespace_packages = True diff --git a/noxfile.py b/noxfile.py index 552de1b0..eef33165 100644 --- a/noxfile.py +++ b/noxfile.py @@ -23,12 +23,12 @@ import nox -BLACK_VERSION = "black==19.3b0" +BLACK_VERSION = "black==19.10b0" BLACK_PATHS = ["docs", "google", "tests", "noxfile.py", "setup.py"] -DEFAULT_PYTHON_VERSION = "3.7" -SYSTEM_TEST_PYTHON_VERSIONS = ["2.7", "3.7"] -UNIT_TEST_PYTHON_VERSIONS = ["2.7", "3.5", "3.6", "3.7", "3.8"] +DEFAULT_PYTHON_VERSION = "3.8" +SYSTEM_TEST_PYTHON_VERSIONS = ["3.8"] +UNIT_TEST_PYTHON_VERSIONS = ["3.6", "3.7", "3.8"] @nox.session(python=DEFAULT_PYTHON_VERSION) @@ -39,7 +39,9 @@ def lint(session): serious code quality issues. """ session.install("flake8", BLACK_VERSION) - session.run("black", "--check", *BLACK_PATHS) + session.run( + "black", "--check", *BLACK_PATHS, + ) session.run("flake8", "google", "tests") @@ -54,7 +56,9 @@ def blacken(session): check the state of the `gcp_ubuntu_config` we use for that Kokoro run. """ session.install(BLACK_VERSION) - session.run("black", *BLACK_PATHS) + session.run( + "black", *BLACK_PATHS, + ) @nox.session(python=DEFAULT_PYTHON_VERSION) @@ -66,6 +70,8 @@ def lint_setup_py(session): def default(session): # Install all test dependencies, then install this package in-place. + session.install("asyncmock", "pytest-asyncio") + session.install("mock", "pytest", "pytest-cov") session.install("-e", ".") @@ -111,7 +117,9 @@ def system(session): # Install all test dependencies, then install this package into the # virtualenv's dist-packages. - session.install("mock", "pytest", "google-cloud-testutils") + session.install( + "mock", "pytest", "google-cloud-testutils", + ) session.install("-e", ".") # Run py.test against the system tests. @@ -129,7 +137,7 @@ def cover(session): test runs (not system test runs), and then erases coverage data. """ session.install("coverage", "pytest-cov") - session.run("coverage", "report", "--show-missing", "--fail-under=70") + session.run("coverage", "report", "--show-missing", "--fail-under=99") session.run("coverage", "erase") @@ -139,7 +147,7 @@ def docs(session): """Build the docs for this library.""" session.install("-e", ".") - session.install("sphinx<3.0.0", "alabaster", "recommonmark") + session.install("sphinx", "alabaster", "recommonmark") shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) session.run( diff --git a/samples/attestations/README.rst b/samples/attestations/README.rst index dddddfbc..0c56a914 100644 --- a/samples/attestations/README.rst +++ b/samples/attestations/README.rst @@ -32,7 +32,7 @@ Install Dependencies .. _Python Development Environment Setup Guide: https://cloud.google.com/python/setup -#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. +#. Create a virtualenv. Samples are compatible with Python 3.6+. .. code-block:: bash @@ -48,9 +48,15 @@ Install Dependencies .. _pip: https://pip.pypa.io/ .. _virtualenv: https://virtualenv.pypa.io/ + + + + + Samples ------------------------------------------------------------------------------- + Verify attestations for keys generated by Cloud HSM +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -66,9 +72,26 @@ To run this sample: $ python verify_attestation.py - + + usage: verify_attestation.py [-h] attestation_file bundle_file + + This application verifies HSM attestations using certificate bundles obtained + from Cloud HSM. For more information, visit + https://cloud.google.com/kms/docs/attest-key. + + positional arguments: + attestation_file Name of attestation file. + bundle_file Name of certificate bundle file. + + optional arguments: + -h, --help show this help message and exit + + + + + -.. _Google Cloud SDK: https://cloud.google.com/sdk/ \ No newline at end of file +.. _Google Cloud SDK: https://cloud.google.com/sdk/ diff --git a/samples/attestations/noxfile.py b/samples/attestations/noxfile.py index b23055f1..ba55d7ce 100644 --- a/samples/attestations/noxfile.py +++ b/samples/attestations/noxfile.py @@ -43,7 +43,7 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GCLOUD_PROJECT', + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # A dictionary you want to inject into your test. Don't put any @@ -72,7 +72,6 @@ def get_pytest_env_vars(): env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] - ret['GCLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. ret.update(TEST_CONFIG['envs']) diff --git a/samples/snippets/create_key_asymmetric_decrypt.py b/samples/snippets/create_key_asymmetric_decrypt.py index cac15795..4865a266 100644 --- a/samples/snippets/create_key_asymmetric_decrypt.py +++ b/samples/snippets/create_key_asymmetric_decrypt.py @@ -38,8 +38,8 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created asymmetric decrypt key: {}'.format(created_key.name)) return created_key # [END kms_create_key_asymmetric_decrypt] diff --git a/samples/snippets/create_key_asymmetric_sign.py b/samples/snippets/create_key_asymmetric_sign.py index 9bf18a7a..1b057997 100644 --- a/samples/snippets/create_key_asymmetric_sign.py +++ b/samples/snippets/create_key_asymmetric_sign.py @@ -38,8 +38,8 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created asymmetric signing key: {}'.format(created_key.name)) return created_key # [END kms_create_key_asymmetric_sign] diff --git a/samples/snippets/create_key_hsm.py b/samples/snippets/create_key_hsm.py index 84ba37e5..34a9c8a2 100644 --- a/samples/snippets/create_key_hsm.py +++ b/samples/snippets/create_key_hsm.py @@ -38,9 +38,9 @@ def create_key_hsm(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - protection_level = kms.enums.ProtectionLevel.HSM + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + protection_level = kms.ProtectionLevel.HSM key = { 'purpose': purpose, 'version_template': { @@ -50,7 +50,7 @@ def create_key_hsm(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created hsm key: {}'.format(created_key.name)) return created_key # [END kms_create_key_hsm] diff --git a/samples/snippets/create_key_labels.py b/samples/snippets/create_key_labels.py index e64a10cb..1bef62eb 100644 --- a/samples/snippets/create_key_labels.py +++ b/samples/snippets/create_key_labels.py @@ -38,8 +38,8 @@ def create_key_labels(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -52,7 +52,7 @@ def create_key_labels(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created labeled key: {}'.format(created_key.name)) return created_key # [END kms_create_key_labels] diff --git a/samples/snippets/create_key_ring.py b/samples/snippets/create_key_ring.py index c01e8490..49348aa9 100644 --- a/samples/snippets/create_key_ring.py +++ b/samples/snippets/create_key_ring.py @@ -34,13 +34,13 @@ def create_key_ring(project_id, location_id, id): client = kms.KeyManagementServiceClient() # Build the parent location name. - location_name = client.location_path(project_id, location_id) + location_name = f'projects/{project_id}/locations/{location_id}' # Build the key ring. key_ring = {} # Call the API. - created_key_ring = client.create_key_ring(location_name, id, key_ring) + created_key_ring = client.create_key_ring(request={'parent': location_name, 'key_ring_id': id, 'key_ring': key_ring}) print('Created key ring: {}'.format(created_key_ring.name)) return created_key_ring # [END kms_create_key_ring] diff --git a/samples/snippets/create_key_rotation_schedule.py b/samples/snippets/create_key_rotation_schedule.py index e6bbdb62..02e32334 100644 --- a/samples/snippets/create_key_rotation_schedule.py +++ b/samples/snippets/create_key_rotation_schedule.py @@ -41,8 +41,8 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -61,7 +61,7 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created labeled key: {}'.format(created_key.name)) return created_key # [END kms_create_key_rotation_schedule] diff --git a/samples/snippets/create_key_symmetric_encrypt_decrypt.py b/samples/snippets/create_key_symmetric_encrypt_decrypt.py index 54b9c5f4..1b6b88c5 100644 --- a/samples/snippets/create_key_symmetric_encrypt_decrypt.py +++ b/samples/snippets/create_key_symmetric_encrypt_decrypt.py @@ -38,8 +38,8 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created symmetric key: {}'.format(created_key.name)) return created_key # [END kms_create_key_symmetric_encrypt_decrypt] diff --git a/samples/snippets/create_key_version.py b/samples/snippets/create_key_version.py index 9c84f808..aced5abf 100644 --- a/samples/snippets/create_key_version.py +++ b/samples/snippets/create_key_version.py @@ -41,7 +41,7 @@ def create_key_version(project_id, location_id, key_ring_id, key_id): version = {} # Call the API. - created_version = client.create_crypto_key_version(key_name, version) + created_version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': version}) print('Created key version: {}'.format(created_version.name)) return created_version # [END kms_create_key_version] diff --git a/samples/snippets/decrypt_asymmetric.py b/samples/snippets/decrypt_asymmetric.py index 7b040cdd..7f5397c9 100644 --- a/samples/snippets/decrypt_asymmetric.py +++ b/samples/snippets/decrypt_asymmetric.py @@ -40,7 +40,7 @@ def decrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - decrypt_response = client.asymmetric_decrypt(key_version_name, ciphertext) + decrypt_response = client.asymmetric_decrypt(request={'name': key_version_name, 'ciphertext': ciphertext}) print('Plaintext: {}'.format(decrypt_response.plaintext)) return decrypt_response # [END kms_decrypt_asymmetric] diff --git a/samples/snippets/decrypt_symmetric.py b/samples/snippets/decrypt_symmetric.py index a5cbe714..c0b64d3b 100644 --- a/samples/snippets/decrypt_symmetric.py +++ b/samples/snippets/decrypt_symmetric.py @@ -39,7 +39,7 @@ def decrypt_symmetric(project_id, location_id, key_ring_id, key_id, ciphertext): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - decrypt_response = client.decrypt(key_name, ciphertext) + decrypt_response = client.decrypt(request={'name': key_name, 'ciphertext': ciphertext}) print('Plaintext: {}'.format(decrypt_response.plaintext)) return decrypt_response # [END kms_decrypt_symmetric] diff --git a/samples/snippets/destroy_key_version.py b/samples/snippets/destroy_key_version.py index 7423ca7e..1425c890 100644 --- a/samples/snippets/destroy_key_version.py +++ b/samples/snippets/destroy_key_version.py @@ -39,7 +39,7 @@ def destroy_key_version(project_id, location_id, key_ring_id, key_id, version_id key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - destroyed_version = client.destroy_crypto_key_version(key_version_name) + destroyed_version = client.destroy_crypto_key_version(request={'name': key_version_name}) print('Destroyed key version: {}'.format(destroyed_version.name)) return destroyed_version # [END kms_destroy_key_version] diff --git a/samples/snippets/disable_key_version.py b/samples/snippets/disable_key_version.py index a4a16dd5..a4625d70 100644 --- a/samples/snippets/disable_key_version.py +++ b/samples/snippets/disable_key_version.py @@ -38,18 +38,16 @@ def disable_key_version(project_id, location_id, key_ring_id, key_id, version_id # Build the key version name. key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) - # Build the key version. We need to build a full proto instead of a dict due - # to https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key_version = resources_pb2.CryptoKeyVersion() - key_version.name = key_version_name - key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + key_version = { + 'name': key_version_name, + 'state': kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + } # Build the update mask. update_mask = {'paths': ['state']} # Call the API. - disabled_version = client.update_crypto_key_version(key_version, update_mask) + disabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask}) print('Disabled key version: {}'.format(disabled_version.name)) return disabled_version # [END kms_disable_key_version] diff --git a/samples/snippets/enable_key_version.py b/samples/snippets/enable_key_version.py index 9cb8daad..edad8eab 100644 --- a/samples/snippets/enable_key_version.py +++ b/samples/snippets/enable_key_version.py @@ -38,18 +38,16 @@ def enable_key_version(project_id, location_id, key_ring_id, key_id, version_id) # Build the key version name. key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) - # Build the key version. We need to build a full proto instead of a dict due - # to https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key_version = resources_pb2.CryptoKeyVersion() - key_version.name = key_version_name - key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + key_version = { + 'name': key_version_name, + 'state': kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + } # Build the update mask. update_mask = {'paths': ['state']} # Call the API. - enabled_version = client.update_crypto_key_version(key_version, update_mask) + enabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask}) print('Enabled key version: {}'.format(enabled_version.name)) return enabled_version # [END kms_enable_key_version] diff --git a/samples/snippets/encrypt_asymmetric.py b/samples/snippets/encrypt_asymmetric.py index efe40322..065c7e9b 100644 --- a/samples/snippets/encrypt_asymmetric.py +++ b/samples/snippets/encrypt_asymmetric.py @@ -51,7 +51,7 @@ def encrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8') diff --git a/samples/snippets/encrypt_symmetric.py b/samples/snippets/encrypt_symmetric.py index b90da358..9cc3b1a5 100644 --- a/samples/snippets/encrypt_symmetric.py +++ b/samples/snippets/encrypt_symmetric.py @@ -45,7 +45,7 @@ def encrypt_symmetric(project_id, location_id, key_ring_id, key_id, plaintext): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - encrypt_response = client.encrypt(key_name, plaintext_bytes) + encrypt_response = client.encrypt(request={'name': key_name, 'plaintext': plaintext_bytes}) print('Ciphertext: {}'.format(base64.b64encode(encrypt_response.ciphertext))) return encrypt_response # [END kms_encrypt_symmetric] diff --git a/samples/snippets/get_key_labels.py b/samples/snippets/get_key_labels.py index 363bcfba..504dbcaa 100644 --- a/samples/snippets/get_key_labels.py +++ b/samples/snippets/get_key_labels.py @@ -38,7 +38,7 @@ def get_key_labels(project_id, location_id, key_ring_id, key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - key = client.get_crypto_key(key_name) + key = client.get_crypto_key(request={'name': key_name}) # Example of iterating over labels. for k, v in key.labels.items(): diff --git a/samples/snippets/get_key_version_attestation.py b/samples/snippets/get_key_version_attestation.py index 615d4653..569cf204 100644 --- a/samples/snippets/get_key_version_attestation.py +++ b/samples/snippets/get_key_version_attestation.py @@ -42,7 +42,7 @@ def get_key_version_attestation(project_id, location_id, key_ring_id, key_id, ve key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - version = client.get_crypto_key_version(key_version_name) + version = client.get_crypto_key_version(request={'name': key_version_name}) # Only HSM keys have an attestation. For other key types, the attestion # will be None. diff --git a/samples/snippets/get_public_key.py b/samples/snippets/get_public_key.py index 1b810d15..bdc91139 100644 --- a/samples/snippets/get_public_key.py +++ b/samples/snippets/get_public_key.py @@ -39,7 +39,7 @@ def get_public_key(project_id, location_id, key_ring_id, key_id, version_id): key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) print('Public key: {}'.format(public_key.pem)) return public_key # [END kms_get_public_key] diff --git a/samples/snippets/iam_add_member.py b/samples/snippets/iam_add_member.py index 442f2483..7847aa4a 100644 --- a/samples/snippets/iam_add_member.py +++ b/samples/snippets/iam_add_member.py @@ -42,7 +42,7 @@ def iam_add_member(project_id, location_id, key_ring_id, key_id, member): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Add the member to the policy. policy.bindings.add( @@ -50,7 +50,12 @@ def iam_add_member(project_id, location_id, key_ring_id, key_id, member): members=[member]) # Save the updated IAM policy. - updated_policy = client.set_iam_policy(resource_name, policy) + request = { + 'resource': resource_name, + 'policy': policy + } + + updated_policy = client.set_iam_policy(request=request) print('Added {} to {}'.format(member, resource_name)) return updated_policy # [END kms_iam_add_member] diff --git a/samples/snippets/iam_get_policy.py b/samples/snippets/iam_get_policy.py index c00172e9..96ae743e 100644 --- a/samples/snippets/iam_get_policy.py +++ b/samples/snippets/iam_get_policy.py @@ -41,7 +41,7 @@ def iam_get_policy(project_id, location_id, key_ring_id, key_id): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Print the policy print('IAM policy for {}'.format(resource_name)) diff --git a/samples/snippets/iam_remove_member.py b/samples/snippets/iam_remove_member.py index ad73fab9..890a027d 100644 --- a/samples/snippets/iam_remove_member.py +++ b/samples/snippets/iam_remove_member.py @@ -42,7 +42,7 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Remove the member from the policy. for binding in policy.bindings: @@ -51,7 +51,11 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member): binding.members.remove(member) # Save the updated IAM policy. - updated_policy = client.set_iam_policy(resource_name, policy) + request = { + 'resource': resource_name, + 'policy': policy + } + updated_policy = client.set_iam_policy(request=request) print('Removed {} from {}'.format(member, resource_name)) return updated_policy # [END kms_iam_remove_member] diff --git a/samples/snippets/noxfile.py b/samples/snippets/noxfile.py index b23055f1..ba55d7ce 100644 --- a/samples/snippets/noxfile.py +++ b/samples/snippets/noxfile.py @@ -43,7 +43,7 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GCLOUD_PROJECT', + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # A dictionary you want to inject into your test. Don't put any @@ -72,7 +72,6 @@ def get_pytest_env_vars(): env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] - ret['GCLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. ret.update(TEST_CONFIG['envs']) diff --git a/samples/snippets/quickstart.py b/samples/snippets/quickstart.py index 91b5a49a..6b24d643 100644 --- a/samples/snippets/quickstart.py +++ b/samples/snippets/quickstart.py @@ -25,10 +25,10 @@ def quickstart(project_id, location_id): client = kms.KeyManagementServiceClient() # Build the parent location name. - location_name = client.location_path(project_id, location_id) + location_name = f'projects/{project_id}/locations/{location_id}' # Call the API. - key_rings = client.list_key_rings(location_name) + key_rings = client.list_key_rings(request={'parent': location_name}) # Example of iterating over key rings. for key_ring in key_rings: diff --git a/samples/snippets/restore_key_version.py b/samples/snippets/restore_key_version.py index 3c4668d6..c65456b2 100644 --- a/samples/snippets/restore_key_version.py +++ b/samples/snippets/restore_key_version.py @@ -39,7 +39,7 @@ def restore_key_version(project_id, location_id, key_ring_id, key_id, version_id key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - restored_version = client.restore_crypto_key_version(key_version_name) + restored_version = client.restore_crypto_key_version(request={'name': key_version_name}) print('Restored key version: {}'.format(restored_version.name)) return restored_version # [END kms_restore_key_version] diff --git a/samples/snippets/sign_asymmetric.py b/samples/snippets/sign_asymmetric.py index a92a13ec..c12a31d2 100644 --- a/samples/snippets/sign_asymmetric.py +++ b/samples/snippets/sign_asymmetric.py @@ -58,7 +58,7 @@ def sign_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, me digest = {'sha256': hash_} # Call the API - sign_response = client.asymmetric_sign(key_version_name, digest) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': digest}) print('Signature: {}'.format(base64.b64encode(sign_response.signature))) return sign_response # [END kms_sign_asymmetric] diff --git a/samples/snippets/snippets_test.py b/samples/snippets/snippets_test.py index 795edeb4..7e3f02ef 100644 --- a/samples/snippets/snippets_test.py +++ b/samples/snippets/snippets_test.py @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and +import datetime import hashlib import os import time @@ -21,7 +22,6 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, utils from google.cloud import kms -from google.cloud.kms_v1.proto import resources_pb2 import pytest from create_key_asymmetric_decrypt import create_key_asymmetric_decrypt @@ -64,7 +64,7 @@ def client(): @pytest.fixture(scope="module") def project_id(): - return os.environ['GCLOUD_PROJECT'] + return os.environ['GOOGLE_CLOUD_PROJECT'] @pytest.fixture(scope="module") @@ -74,36 +74,34 @@ def location_id(): @pytest.fixture(scope="module") def key_ring_id(client, project_id, location_id): - location_name = client.location_path(project_id, location_id) + location_name = f"projects/{project_id}/locations/{location_id}" key_ring_id = '{}'.format(uuid.uuid4()) - key_ring = client.create_key_ring(location_name, key_ring_id, {}) + key_ring = client.create_key_ring(request={'parent': location_name, 'key_ring_id': key_ring_id, 'key_ring': {}}) yield key_ring_id - for key in client.list_crypto_keys(key_ring.name): - if key.rotation_period.seconds > 0 or key.next_rotation_time.seconds > 0: - # https://github.com/googleapis/gapic-generator-python/issues/364 - updated_key = resources_pb2.CryptoKey() - updated_key.name = key.name + for key in client.list_crypto_keys(request={'parent': key_ring.name}): + if key.rotation_period or key.next_rotation_time: + updated_key = {'name': key.name} update_mask = {'paths': ['rotation_period', 'next_rotation_time']} - client.update_crypto_key(updated_key, update_mask) + client.update_crypto_key(request={'crypto_key': updated_key, 'update_mask': update_mask}) f = 'state != DESTROYED AND state != DESTROY_SCHEDULED' - for version in client.list_crypto_key_versions(key.name, filter_=f): - client.destroy_crypto_key_version(version.name) + for version in client.list_crypto_key_versions(request={'parent': key.name, 'filter': f}): + client.destroy_crypto_key_version(request={'name': version.name}) @pytest.fixture(scope="module") def asymmetric_decrypt_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -112,13 +110,13 @@ def asymmetric_decrypt_key_id(client, project_id, location_id, key_ring_id): def asymmetric_sign_ec_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -127,13 +125,13 @@ def asymmetric_sign_ec_key_id(client, project_id, location_id, key_ring_id): def asymmetric_sign_rsa_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -142,14 +140,14 @@ def asymmetric_sign_rsa_key_id(client, project_id, location_id, key_ring_id): def hsm_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - 'protection_level': kms.enums.ProtectionLevel.HSM + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + 'protection_level': kms.ProtectionLevel.HSM }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -158,21 +156,21 @@ def hsm_key_id(client, project_id, location_id, key_ring_id): def symmetric_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id def wait_for_ready(client, key_version_name): for i in range(5): - key_version = client.get_crypto_key_version(key_version_name) - if key_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED: + key_version = client.get_crypto_key_version(request={'name': key_version_name}) + if key_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED: return time.sleep(0.1*(i**2)) pytest.fail('{} not ready'.format(key_version_name)) @@ -181,30 +179,30 @@ def wait_for_ready(client, key_version_name): def test_create_key_asymmetric_decrypt(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 def test_create_key_asymmetric_sign(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_asymmetric_sign(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 def test_create_key_hsm(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_hsm(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - assert key.version_template.protection_level == kms.enums.ProtectionLevel.HSM + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.version_template.protection_level == kms.ProtectionLevel.HSM def test_create_key_labels(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_labels(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION assert key.labels == {'team': 'alpha', 'cost_center': 'cc1234'} @@ -217,15 +215,15 @@ def test_create_key_ring(project_id, location_id): def test_create_key_rotation_schedule(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_rotation_schedule(project_id, location_id, key_ring_id, key_id) - assert key.rotation_period.seconds == 60*60*24*30 - assert key.next_rotation_time.seconds > 0 + assert key.rotation_period == datetime.timedelta(seconds=60*60*24*30) + assert key.next_rotation_time def test_create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION def test_create_key_version(project_id, location_id, key_ring_id, symmetric_key_id): @@ -237,7 +235,7 @@ def test_decrypt_asymmetric(client, project_id, location_id, key_ring_id, asymme message = 'my message'.encode('utf-8') key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1') - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) pem = public_key.pem.encode('utf-8') rsa_key = serialization.load_pem_public_key(pem, default_backend()) @@ -255,7 +253,7 @@ def test_decrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr plaintext = 'my message'.encode('utf-8') key_version_name = client.crypto_key_path(project_id, location_id, key_ring_id, symmetric_key_id) - encrypt_response = client.encrypt(key_version_name, plaintext) + encrypt_response = client.encrypt(request={'name': key_version_name, 'plaintext': plaintext}) ciphertext = encrypt_response.ciphertext decrypt_response = decrypt_symmetric(project_id, location_id, key_ring_id, symmetric_key_id, ciphertext) @@ -264,30 +262,30 @@ def test_decrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr def test_destroy_restore_key_version(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id) - version = client.create_crypto_key_version(key_name, {}) + version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': {}}) version_id = version.name.split('/')[-1] wait_for_ready(client, version.name) destroyed_version = destroy_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert destroyed_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED + assert destroyed_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED restored_version = restore_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert restored_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + assert restored_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED def test_disable_enable_key_version(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id) - version = client.create_crypto_key_version(key_name, {}) + version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': {}}) version_id = version.name.split('/')[-1] wait_for_ready(client, version.name) disabled_version = disable_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert disabled_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + assert disabled_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED enabled_version = enable_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert enabled_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + assert enabled_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED def test_encrypt_asymmetric(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): @@ -295,7 +293,7 @@ def test_encrypt_asymmetric(client, project_id, location_id, key_ring_id, asymme ciphertext = encrypt_asymmetric(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1', plaintext) key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1') - response = client.asymmetric_decrypt(key_version_name, ciphertext) + response = client.asymmetric_decrypt(request={'name': key_version_name, 'ciphertext': ciphertext}) assert response.plaintext == plaintext.encode('utf-8') @@ -304,7 +302,7 @@ def test_encrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr encrypt_response = encrypt_symmetric(project_id, location_id, key_ring_id, symmetric_key_id, plaintext) key_name = client.crypto_key_path(project_id, location_id, key_ring_id, symmetric_key_id) - decrypt_response = client.decrypt(key_name, encrypt_response.ciphertext) + decrypt_response = client.decrypt(request={'name': key_name, 'ciphertext': encrypt_response.ciphertext}) assert decrypt_response.plaintext == plaintext.encode('utf-8') @@ -338,11 +336,11 @@ def test_iam_get_policy(project_id, location_id, key_ring_id, symmetric_key_id): def test_iam_remove_member(client, project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id): resource_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id) - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={"resource": resource_name}) policy.bindings.add( role='roles/cloudkms.cryptoKeyEncrypterDecrypter', members=['group:test@google.com', 'group:tester@google.com']) - client.set_iam_policy(resource_name, policy) + client.set_iam_policy(request={"resource": resource_name, "policy": policy}) policy = iam_remove_member(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, 'group:test@google.com') assert not any('group:test@google.com' in b.members for b in policy.bindings) @@ -356,7 +354,7 @@ def test_sign_asymmetric(client, project_id, location_id, key_ring_id, asymmetri assert sign_response.signature key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1') - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) pem = public_key.pem.encode('utf-8') rsa_key = serialization.load_pem_public_key(pem, default_backend()) hash_ = hashlib.sha256(message.encode('utf-8')).digest() @@ -371,8 +369,8 @@ def test_sign_asymmetric(client, project_id, location_id, key_ring_id, asymmetri def test_update_key_add_rotation(project_id, location_id, key_ring_id, symmetric_key_id): key = update_key_add_rotation(project_id, location_id, key_ring_id, symmetric_key_id) - assert key.rotation_period.seconds == 60*60*24*30 - assert key.next_rotation_time.seconds > 0 + assert key.rotation_period == datetime.timedelta(seconds=60*60*24*30) + assert key.next_rotation_time def test_update_key_remove_labels(project_id, location_id, key_ring_id, symmetric_key_id): @@ -382,8 +380,8 @@ def test_update_key_remove_labels(project_id, location_id, key_ring_id, symmetri def test_update_key_remove_rotation(project_id, location_id, key_ring_id, symmetric_key_id): key = update_key_remove_rotation(project_id, location_id, key_ring_id, symmetric_key_id) - assert key.rotation_period.seconds == 0 - assert key.next_rotation_time.seconds == 0 + assert not key.rotation_period + assert not key.next_rotation_time def test_update_key_set_primary(project_id, location_id, key_ring_id, symmetric_key_id): @@ -401,7 +399,7 @@ def test_verify_asymmetric_ec(client, project_id, location_id, key_ring_id, asym key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_ec_key_id, '1') hash_ = hashlib.sha256(message.encode('utf-8')).digest() - sign_response = client.asymmetric_sign(key_version_name, {'sha256': hash_}) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': {'sha256': hash_}}) verified = verify_asymmetric_ec(project_id, location_id, key_ring_id, asymmetric_sign_ec_key_id, '1', message, sign_response.signature) assert verified @@ -412,7 +410,7 @@ def test_verify_asymmetric_rsa(client, project_id, location_id, key_ring_id, asy key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1') hash_ = hashlib.sha256(message.encode('utf-8')).digest() - sign_response = client.asymmetric_sign(key_version_name, {'sha256': hash_}) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': {'sha256': hash_}}) verified = verify_asymmetric_rsa(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1', message, sign_response.signature) assert verified diff --git a/samples/snippets/update_key_add_rotation.py b/samples/snippets/update_key_add_rotation.py index 22dd6b66..acc4d956 100644 --- a/samples/snippets/update_key_add_rotation.py +++ b/samples/snippets/update_key_add_rotation.py @@ -40,23 +40,21 @@ def update_key_add_rotation(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - - # Rotate the key every 30 days. - key.rotation_period.seconds = 60*60*24*30 - - # Start the first rotation in 24 hours. - key.next_rotation_time.seconds = int(time.time()) + 60*60*24 + key = { + 'name': key_name, + 'rotation_period': { + 'seconds': 60*60*24*30 # Rotate the key every 30 days. + }, + 'next_rotation_time': { + 'seconds': int(time.time()) + 60*60*24 # Start the first rotation in 24 hours. + } + } # Build the update mask. update_mask = {'paths': ['rotation_period', 'next_rotation_time']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_add_rotation_schedule] diff --git a/samples/snippets/update_key_remove_labels.py b/samples/snippets/update_key_remove_labels.py index a44ab214..648db99c 100644 --- a/samples/snippets/update_key_remove_labels.py +++ b/samples/snippets/update_key_remove_labels.py @@ -37,18 +37,16 @@ def update_key_remove_labels(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - key.labels.clear() + key = { + 'name': key_name, + 'labels': [], + } # Build the update mask. update_mask = {'paths': ['labels']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_remove_labels] diff --git a/samples/snippets/update_key_remove_rotation.py b/samples/snippets/update_key_remove_rotation.py index 7f8707eb..5dd596a7 100644 --- a/samples/snippets/update_key_remove_rotation.py +++ b/samples/snippets/update_key_remove_rotation.py @@ -37,17 +37,15 @@ def update_key_remove_rotation(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name + key = { + 'name': key_name + } # Build the update mask. update_mask = {'paths': ['rotation_period', 'next_rotation_time']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_remove_rotation_schedule] diff --git a/samples/snippets/update_key_set_primary.py b/samples/snippets/update_key_set_primary.py index dd889dbd..74ba5cdf 100644 --- a/samples/snippets/update_key_set_primary.py +++ b/samples/snippets/update_key_set_primary.py @@ -39,7 +39,7 @@ def update_key_set_primary(project_id, location_id, key_ring_id, key_id, version key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - updated_key = client.update_crypto_key_primary_version(key_name, version_id) + updated_key = client.update_crypto_key_primary_version(request={'name': key_name, 'crypto_key_version_id': version_id}) print('Updated {} primary to {}'.format(updated_key.name, version_id)) return updated_key # [END kms_update_key_set_primary] diff --git a/samples/snippets/update_key_update_labels.py b/samples/snippets/update_key_update_labels.py index 21372472..3f58f15f 100644 --- a/samples/snippets/update_key_update_labels.py +++ b/samples/snippets/update_key_update_labels.py @@ -37,18 +37,18 @@ def update_key_update_labels(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - key.labels.update({'new_label': 'new_value'}) + key = { + 'name': key_name, + 'labels': { + 'new_label': 'new_value' + } + } # Build the update mask. update_mask = {'paths': ['labels']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_update_labels] diff --git a/samples/snippets/verify_asymmetric_ec.py b/samples/snippets/verify_asymmetric_ec.py index ac77a64b..d29128bd 100644 --- a/samples/snippets/verify_asymmetric_ec.py +++ b/samples/snippets/verify_asymmetric_ec.py @@ -53,7 +53,7 @@ def verify_asymmetric_ec(project_id, location_id, key_ring_id, key_id, version_i key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8') diff --git a/samples/snippets/verify_asymmetric_rsa.py b/samples/snippets/verify_asymmetric_rsa.py index 6df3d862..ee733036 100644 --- a/samples/snippets/verify_asymmetric_rsa.py +++ b/samples/snippets/verify_asymmetric_rsa.py @@ -53,7 +53,7 @@ def verify_asymmetric_rsa(project_id, location_id, key_ring_id, key_id, version_ key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8') diff --git a/scripts/fixup_kms_v1_keywords.py b/scripts/fixup_kms_v1_keywords.py new file mode 100644 index 00000000..5a3c1bd7 --- /dev/null +++ b/scripts/fixup_kms_v1_keywords.py @@ -0,0 +1,204 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import argparse +import os +import libcst as cst +import pathlib +import sys +from typing import (Any, Callable, Dict, List, Sequence, Tuple) + + +def partition( + predicate: Callable[[Any], bool], + iterator: Sequence[Any] +) -> Tuple[List[Any], List[Any]]: + """A stable, out-of-place partition.""" + results = ([], []) + + for i in iterator: + results[int(predicate(i))].append(i) + + # Returns trueList, falseList + return results[1], results[0] + + +class kmsCallTransformer(cst.CSTTransformer): + CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') + METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { + 'asymmetric_decrypt': ('name', 'ciphertext', ), + 'asymmetric_sign': ('name', 'digest', ), + 'create_crypto_key': ('parent', 'crypto_key_id', 'crypto_key', 'skip_initial_version_creation', ), + 'create_crypto_key_version': ('parent', 'crypto_key_version', ), + 'create_import_job': ('parent', 'import_job_id', 'import_job', ), + 'create_key_ring': ('parent', 'key_ring_id', 'key_ring', ), + 'decrypt': ('name', 'ciphertext', 'additional_authenticated_data', ), + 'destroy_crypto_key_version': ('name', ), + 'encrypt': ('name', 'plaintext', 'additional_authenticated_data', ), + 'get_crypto_key': ('name', ), + 'get_crypto_key_version': ('name', ), + 'get_import_job': ('name', ), + 'get_key_ring': ('name', ), + 'get_public_key': ('name', ), + 'import_crypto_key_version': ('parent', 'algorithm', 'import_job', 'rsa_aes_wrapped_key', ), + 'list_crypto_keys': ('parent', 'page_size', 'page_token', 'version_view', 'filter', 'order_by', ), + 'list_crypto_key_versions': ('parent', 'page_size', 'page_token', 'view', 'filter', 'order_by', ), + 'list_import_jobs': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), + 'list_key_rings': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), + 'restore_crypto_key_version': ('name', ), + 'update_crypto_key': ('crypto_key', 'update_mask', ), + 'update_crypto_key_primary_version': ('name', 'crypto_key_version_id', ), + 'update_crypto_key_version': ('crypto_key_version', 'update_mask', ), + + 'get_iam_policy': ('resource', 'options', ), + 'set_iam_policy': ('resource', 'policy', ), + 'test_iam_permissions': ('resource', 'permissions', ), + + } + + def leave_Call(self, original: cst.Call, updated: cst.Call) -> cst.CSTNode: + try: + key = original.func.attr.value + kword_params = self.METHOD_TO_PARAMS[key] + except (AttributeError, KeyError): + # Either not a method from the API or too convoluted to be sure. + return updated + + # If the existing code is valid, keyword args come after positional args. + # Therefore, all positional args must map to the first parameters. + args, kwargs = partition(lambda a: not bool(a.keyword), updated.args) + if any(k.keyword.value == "request" for k in kwargs): + # We've already fixed this file, don't fix it again. + return updated + + kwargs, ctrl_kwargs = partition( + lambda a: not a.keyword.value in self.CTRL_PARAMS, + kwargs + ) + + args, ctrl_args = args[:len(kword_params)], args[len(kword_params):] + ctrl_kwargs.extend(cst.Arg(value=a.value, keyword=cst.Name(value=ctrl)) + for a, ctrl in zip(ctrl_args, self.CTRL_PARAMS)) + + request_arg = cst.Arg( + value=cst.Dict([ + cst.DictElement( + cst.SimpleString("'{}'".format(name)), + cst.Element(value=arg.value) + ) + # Note: the args + kwargs looks silly, but keep in mind that + # the control parameters had to be stripped out, and that + # those could have been passed positionally or by keyword. + for name, arg in zip(kword_params, args + kwargs)]), + keyword=cst.Name("request") + ) + + return updated.with_changes( + args=[request_arg] + ctrl_kwargs + ) + + +def fix_files( + in_dir: pathlib.Path, + out_dir: pathlib.Path, + *, + transformer=kmsCallTransformer(), +): + """Duplicate the input dir to the output dir, fixing file method calls. + + Preconditions: + * in_dir is a real directory + * out_dir is a real, empty directory + """ + pyfile_gen = ( + pathlib.Path(os.path.join(root, f)) + for root, _, files in os.walk(in_dir) + for f in files if os.path.splitext(f)[1] == ".py" + ) + + for fpath in pyfile_gen: + with open(fpath, 'r') as f: + src = f.read() + + # Parse the code and insert method call fixes. + tree = cst.parse_module(src) + updated = tree.visit(transformer) + + # Create the path and directory structure for the new file. + updated_path = out_dir.joinpath(fpath.relative_to(in_dir)) + updated_path.parent.mkdir(parents=True, exist_ok=True) + + # Generate the updated source file at the corresponding path. + with open(updated_path, 'w') as f: + f.write(updated.code) + + +if __name__ == '__main__': + parser = argparse.ArgumentParser( + description="""Fix up source that uses the kms client library. + +The existing sources are NOT overwritten but are copied to output_dir with changes made. + +Note: This tool operates at a best-effort level at converting positional + parameters in client method calls to keyword based parameters. + Cases where it WILL FAIL include + A) * or ** expansion in a method call. + B) Calls via function or method alias (includes free function calls) + C) Indirect or dispatched calls (e.g. the method is looked up dynamically) + + These all constitute false negatives. The tool will also detect false + positives when an API method shares a name with another method. +""") + parser.add_argument( + '-d', + '--input-directory', + required=True, + dest='input_dir', + help='the input directory to walk for python files to fix up', + ) + parser.add_argument( + '-o', + '--output-directory', + required=True, + dest='output_dir', + help='the directory to output files fixed via un-flattening', + ) + args = parser.parse_args() + input_dir = pathlib.Path(args.input_dir) + output_dir = pathlib.Path(args.output_dir) + if not input_dir.is_dir(): + print( + f"input directory '{input_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if not output_dir.is_dir(): + print( + f"output directory '{output_dir}' does not exist or is not a directory", + file=sys.stderr, + ) + sys.exit(-1) + + if os.listdir(output_dir): + print( + f"output directory '{output_dir}' is not empty", + file=sys.stderr, + ) + sys.exit(-1) + + fix_files(input_dir, output_dir) diff --git a/setup.py b/setup.py index 37ac5c2a..0ae2645d 100644 --- a/setup.py +++ b/setup.py @@ -20,25 +20,33 @@ import setuptools name = "google-cloud-kms" -description = "Cloud Key Management Service (KMS) API API client library" +description = "Cloud Key Management Service (KMS) API client library" version = "1.4.0" release_status = "Development Status :: 5 - Production/Stable" dependencies = [ - "google-api-core[grpc] >= 1.14.0, < 2.0.0dev", + "google-api-core[grpc] >= 1.22.0, < 2.0.0dev", "grpc-google-iam-v1 >= 0.12.3, < 0.13dev", - 'enum34; python_version < "3.4"', + "proto-plus >= 0.4.0", + "libcst >= 0.2.5", ] +extras = {} + package_root = os.path.abspath(os.path.dirname(__file__)) readme_filename = os.path.join(package_root, "README.rst") with io.open(readme_filename, encoding="utf-8") as readme_file: readme = readme_file.read() +# Only include packages under the 'google' namespace. Do not include tests, +# benchmarks, etc. packages = [ - package for package in setuptools.find_packages() if package.startswith("google") + package + for package in setuptools.PEP420PackageFinder.find() + if package.startswith("google") ] + namespaces = ["google"] if "google.cloud" in packages: namespaces.append("google.cloud") @@ -57,12 +65,10 @@ "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", - "Programming Language :: Python :: 2", - "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", "Operating System :: OS Independent", "Topic :: Internet", ], @@ -70,7 +76,9 @@ packages=packages, namespace_packages=namespaces, install_requires=dependencies, - python_requires=">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*", + extras_require=extras, + python_requires=">=3.6", + scripts=["scripts/fixup_kms_v1_keywords.py"], include_package_data=True, zip_safe=False, ) diff --git a/synth.metadata b/synth.metadata index 29286d25..e2e1e315 100644 --- a/synth.metadata +++ b/synth.metadata @@ -3,16 +3,30 @@ { "git": { "name": ".", - "remote": "git@github.com:googleapis/python-kms.git", - "sha": "309319a29b3e0f851d93c58de06b60f50cf0fbfb" + "remote": "git@github.com:googleapis/python-kms", + "sha": "b86cb3a61661e102bff02e592dd6ec952e008162" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "eafa840ceec23b44a5c21670288107c661252711", - "internalRef": "313488995" + "sha": "1907f0fdbd1c51e62d8452a4007bf2134a8bd4c2", + "internalRef": "323657371" + } + }, + { + "git": { + "name": "synthtool", + "remote": "https://github.com/googleapis/synthtool.git", + "sha": "5506723fef367557d83cf072d0c18020c049fcb8" + } + }, + { + "git": { + "name": "synthtool", + "remote": "https://github.com/googleapis/synthtool.git", + "sha": "5506723fef367557d83cf072d0c18020c049fcb8" } } ], diff --git a/synth.py b/synth.py index c17cb683..7dbde9b4 100644 --- a/synth.py +++ b/synth.py @@ -37,43 +37,61 @@ include_protos=True, ) -s.move(library, excludes=["README.rst", "setup.py", "nox*.py", "docs/**/*"]) +s.move(library, excludes=["README.rst", "setup.py", "nox*.py", "docs/index.rst"]) -# Temporary fixup for 'grpc-google-iam-vi 0.12.4' (before generation). +# Escape single '_' which RST treats as target names +s.replace("google/**/resources.py", '''"(.*?)_((SIGN)|(DECRYPT))_"''', '''"\g<1>_\g<2>\_"''') + +# Docstrings of *_iam_policy() methods are formatted poorly and must be fixed +# in order to avoid docstring format warnings in docs. +s.replace( + "google/**/*client.py", + r"(\s+)Args:", + "\n\g<1>Args:" +) +s.replace( + "google/**/*client.py", + r"(\s+)\*\*JSON Example\*\*\s+::", + "\n\g<1>**JSON Example**::\n", +) +s.replace( + "google/**/*client.py", + r"(\s+)\*\*YAML Example\*\*\s+::", + "\n\g<1>**YAML Example**::\n", +) s.replace( - "google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py", - "from google.iam.v1 import iam_policy_pb2", - "from google.iam.v1 import iam_policy_pb2_grpc as iam_policy_pb2", + "google/**/*client.py", + r"(\s+)For a description of IAM and its features, see", + "\n\g<0>", ) -# re-insert `crypto_key_path_path` method as this was used in the published samples -# TODO: remove when this library is moved to the microgenerator and mention it in the relase -# notes -count = s.replace("google/cloud/kms_v1/gapic/key_management_service_client.py", -"""(@classmethod -\s+def crypto_key_version_path\(.*)""", -""" - @classmethod - def crypto_key_path_path(cls, project, location, key_ring, crypto_key_path): - \"\"\"Return a fully-qualified crypto_key_path string.\"\"\" - return google.api_core.path_template.expand( - "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}", - project=project, - location=location, - key_ring=key_ring, - crypto_key_path=crypto_key_path, - ) - - \g<1> -""") - -if count != 1: - raise Exception("Required insertion of `crypto_key_path_path` not made.") + +# TODO(busunkim): Remove once https://github.com/googleapis/gapic-generator-python/pull/555 is merged +s.replace( + "google/**/base.py", + """from google\.api_core import gapic_v1\s+# type: ignore""", + """from google.api_core import gapic_v1 # type: ignore +from google.api_core import retry as retries # type: ignore""", +) + +# fix bad indentation +s.replace( + "google/**/*service.py", + """(\s+)settings resource. +\s+If empty all mutable fields will be updated.""", + """\g<1>settings resource. +\g<1>If empty all mutable fields will be updated.""", +) + # ---------------------------------------------------------------------------- # Add templated files # ---------------------------------------------------------------------------- -templated_files = common.py_library(cov_level=70, samples=True) -s.move(templated_files) +templated_files = common.py_library( + cov_level=99, + samples=True, + microgenerator=True, +) +s.move(templated_files, excludes=[".coveragerc"]) # microgenerator has a good .coveragerc file # ---------------------------------------------------------------------------- # Samples templates diff --git a/tests/system.py b/tests/system.py deleted file mode 100644 index 4a23908d..00000000 --- a/tests/system.py +++ /dev/null @@ -1,29 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import os - -from google.cloud import kms_v1 - - -class TestKeyManagementServiceClient(object): - def test_list_global_key_rings(self): - project_id = os.environ["PROJECT_ID"] - - client = kms_v1.KeyManagementServiceClient() - location = "global" - parent = client.location_path(project_id, location) - client.list_key_rings(parent) diff --git a/tests/unit/gapic/kms_v1/__init__.py b/tests/unit/gapic/kms_v1/__init__.py new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/tests/unit/gapic/kms_v1/__init__.py @@ -0,0 +1 @@ + diff --git a/tests/unit/gapic/kms_v1/test_key_management_service.py b/tests/unit/gapic/kms_v1/test_key_management_service.py new file mode 100644 index 00000000..2bcd122a --- /dev/null +++ b/tests/unit/gapic/kms_v1/test_key_management_service.py @@ -0,0 +1,6815 @@ +# -*- coding: utf-8 -*- + +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +import os +import mock + +import grpc +from grpc.experimental import aio +import math +import pytest +from proto.marshal.rules.dates import DurationRule, TimestampRule + +from google import auth +from google.api_core import client_options +from google.api_core import exceptions +from google.api_core import gapic_v1 +from google.api_core import grpc_helpers +from google.api_core import grpc_helpers_async +from google.auth import credentials +from google.auth.exceptions import MutualTLSChannelError +from google.cloud.kms_v1.services.key_management_service import ( + KeyManagementServiceAsyncClient, +) +from google.cloud.kms_v1.services.key_management_service import ( + KeyManagementServiceClient, +) +from google.cloud.kms_v1.services.key_management_service import pagers +from google.cloud.kms_v1.services.key_management_service import transports +from google.cloud.kms_v1.types import resources +from google.cloud.kms_v1.types import service +from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore +from google.iam.v1 import options_pb2 as options # type: ignore +from google.iam.v1 import policy_pb2 as policy # type: ignore +from google.oauth2 import service_account +from google.protobuf import duration_pb2 as duration # type: ignore +from google.protobuf import field_mask_pb2 as field_mask # type: ignore +from google.protobuf import timestamp_pb2 as timestamp # type: ignore + + +def client_cert_source_callback(): + return b"cert bytes", b"key bytes" + + +# If default endpoint is localhost, then default mtls endpoint will be the same. +# This method modifies the default endpoint so the client can produce a different +# mtls endpoint for endpoint testing purposes. +def modify_default_endpoint(client): + return ( + "foo.googleapis.com" + if ("localhost" in client.DEFAULT_ENDPOINT) + else client.DEFAULT_ENDPOINT + ) + + +def test__get_default_mtls_endpoint(): + api_endpoint = "example.googleapis.com" + api_mtls_endpoint = "example.mtls.googleapis.com" + sandbox_endpoint = "example.sandbox.googleapis.com" + sandbox_mtls_endpoint = "example.mtls.sandbox.googleapis.com" + non_googleapi = "api.example.com" + + assert KeyManagementServiceClient._get_default_mtls_endpoint(None) is None + assert ( + KeyManagementServiceClient._get_default_mtls_endpoint(api_endpoint) + == api_mtls_endpoint + ) + assert ( + KeyManagementServiceClient._get_default_mtls_endpoint(api_mtls_endpoint) + == api_mtls_endpoint + ) + assert ( + KeyManagementServiceClient._get_default_mtls_endpoint(sandbox_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + KeyManagementServiceClient._get_default_mtls_endpoint(sandbox_mtls_endpoint) + == sandbox_mtls_endpoint + ) + assert ( + KeyManagementServiceClient._get_default_mtls_endpoint(non_googleapi) + == non_googleapi + ) + + +@pytest.mark.parametrize( + "client_class", [KeyManagementServiceClient, KeyManagementServiceAsyncClient] +) +def test_key_management_service_client_from_service_account_file(client_class): + creds = credentials.AnonymousCredentials() + with mock.patch.object( + service_account.Credentials, "from_service_account_file" + ) as factory: + factory.return_value = creds + client = client_class.from_service_account_file("dummy/file/path.json") + assert client._transport._credentials == creds + + client = client_class.from_service_account_json("dummy/file/path.json") + assert client._transport._credentials == creds + + assert client._transport._host == "cloudkms.googleapis.com:443" + + +def test_key_management_service_client_get_transport_class(): + transport = KeyManagementServiceClient.get_transport_class() + assert transport == transports.KeyManagementServiceGrpcTransport + + transport = KeyManagementServiceClient.get_transport_class("grpc") + assert transport == transports.KeyManagementServiceGrpcTransport + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + KeyManagementServiceClient, + transports.KeyManagementServiceGrpcTransport, + "grpc", + ), + ( + KeyManagementServiceAsyncClient, + transports.KeyManagementServiceGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +@mock.patch.object( + KeyManagementServiceClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(KeyManagementServiceClient), +) +@mock.patch.object( + KeyManagementServiceAsyncClient, + "DEFAULT_ENDPOINT", + modify_default_endpoint(KeyManagementServiceAsyncClient), +) +def test_key_management_service_client_client_options( + client_class, transport_class, transport_name +): + # Check that if channel is provided we won't create a new one. + with mock.patch.object(KeyManagementServiceClient, "get_transport_class") as gtc: + transport = transport_class(credentials=credentials.AnonymousCredentials()) + client = client_class(transport=transport) + gtc.assert_not_called() + + # Check that if channel is provided via str we will create a new one. + with mock.patch.object(KeyManagementServiceClient, "get_transport_class") as gtc: + client = client_class(transport=transport_name) + gtc.assert_called() + + # Check the case api_endpoint is provided. + options = client_options.ClientOptions(api_endpoint="squid.clam.whelk") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + api_mtls_endpoint="squid.clam.whelk", + client_cert_source=None, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS is + # "never". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "never"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS is + # "always". + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "always"}): + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is + # "auto", and client_cert_source is provided. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "auto"}): + options = client_options.ClientOptions( + client_cert_source=client_cert_source_callback + ) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, + client_cert_source=client_cert_source_callback, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is + # "auto", and default_client_cert_source is provided. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "auto"}): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=True, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_MTLS_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is + # "auto", but client_cert_source and default_client_cert_source are None. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "auto"}): + with mock.patch.object(transport_class, "__init__") as patched: + with mock.patch( + "google.auth.transport.mtls.has_default_client_cert_source", + return_value=False, + ): + patched.return_value = None + client = client_class() + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS has + # unsupported value. + with mock.patch.dict(os.environ, {"GOOGLE_API_USE_MTLS": "Unsupported"}): + with pytest.raises(MutualTLSChannelError): + client = client_class() + + # Check the case quota_project_id is provided + options = client_options.ClientOptions(quota_project_id="octopus") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_ENDPOINT, + client_cert_source=None, + quota_project_id="octopus", + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + KeyManagementServiceClient, + transports.KeyManagementServiceGrpcTransport, + "grpc", + ), + ( + KeyManagementServiceAsyncClient, + transports.KeyManagementServiceGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_key_management_service_client_client_options_scopes( + client_class, transport_class, transport_name +): + # Check the case scopes are provided. + options = client_options.ClientOptions(scopes=["1", "2"],) + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file=None, + host=client.DEFAULT_ENDPOINT, + scopes=["1", "2"], + api_mtls_endpoint=client.DEFAULT_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + +@pytest.mark.parametrize( + "client_class,transport_class,transport_name", + [ + ( + KeyManagementServiceClient, + transports.KeyManagementServiceGrpcTransport, + "grpc", + ), + ( + KeyManagementServiceAsyncClient, + transports.KeyManagementServiceGrpcAsyncIOTransport, + "grpc_asyncio", + ), + ], +) +def test_key_management_service_client_client_options_credentials_file( + client_class, transport_class, transport_name +): + # Check the case credentials file is provided. + options = client_options.ClientOptions(credentials_file="credentials.json") + with mock.patch.object(transport_class, "__init__") as patched: + patched.return_value = None + client = client_class(client_options=options) + patched.assert_called_once_with( + credentials=None, + credentials_file="credentials.json", + host=client.DEFAULT_ENDPOINT, + scopes=None, + api_mtls_endpoint=client.DEFAULT_ENDPOINT, + client_cert_source=None, + quota_project_id=None, + ) + + +def test_key_management_service_client_client_options_from_dict(): + with mock.patch( + "google.cloud.kms_v1.services.key_management_service.transports.KeyManagementServiceGrpcTransport.__init__" + ) as grpc_transport: + grpc_transport.return_value = None + client = KeyManagementServiceClient( + client_options={"api_endpoint": "squid.clam.whelk"} + ) + grpc_transport.assert_called_once_with( + credentials=None, + credentials_file=None, + host="squid.clam.whelk", + scopes=None, + api_mtls_endpoint="squid.clam.whelk", + client_cert_source=None, + quota_project_id=None, + ) + + +def test_list_key_rings(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListKeyRingsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListKeyRingsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + + response = client.list_key_rings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListKeyRingsPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +@pytest.mark.asyncio +async def test_list_key_rings_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListKeyRingsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_key_rings), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListKeyRingsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + ) + + response = await client.list_key_rings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListKeyRingsAsyncPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +def test_list_key_rings_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListKeyRingsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: + call.return_value = service.ListKeyRingsResponse() + + client.list_key_rings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_key_rings_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListKeyRingsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_key_rings), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListKeyRingsResponse() + ) + + await client.list_key_rings(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_list_key_rings_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListKeyRingsResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_key_rings(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +def test_list_key_rings_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_key_rings( + service.ListKeyRingsRequest(), parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_key_rings_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_key_rings), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListKeyRingsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListKeyRingsResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_key_rings(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +@pytest.mark.asyncio +async def test_list_key_rings_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_key_rings( + service.ListKeyRingsRequest(), parent="parent_value", + ) + + +def test_list_key_rings_pager(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + resources.KeyRing(), + ], + next_page_token="abc", + ), + service.ListKeyRingsResponse(key_rings=[], next_page_token="def",), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(),], next_page_token="ghi", + ), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(), resources.KeyRing(),], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_key_rings(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, resources.KeyRing) for i in results) + + +def test_list_key_rings_pages(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + resources.KeyRing(), + ], + next_page_token="abc", + ), + service.ListKeyRingsResponse(key_rings=[], next_page_token="def",), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(),], next_page_token="ghi", + ), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(), resources.KeyRing(),], + ), + RuntimeError, + ) + pages = list(client.list_key_rings(request={}).pages) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_key_rings_async_pager(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_key_rings), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + resources.KeyRing(), + ], + next_page_token="abc", + ), + service.ListKeyRingsResponse(key_rings=[], next_page_token="def",), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(),], next_page_token="ghi", + ), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(), resources.KeyRing(),], + ), + RuntimeError, + ) + async_pager = await client.list_key_rings(request={},) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, resources.KeyRing) for i in responses) + + +@pytest.mark.asyncio +async def test_list_key_rings_async_pages(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_key_rings), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + resources.KeyRing(), + ], + next_page_token="abc", + ), + service.ListKeyRingsResponse(key_rings=[], next_page_token="def",), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(),], next_page_token="ghi", + ), + service.ListKeyRingsResponse( + key_rings=[resources.KeyRing(), resources.KeyRing(),], + ), + RuntimeError, + ) + pages = [] + async for page in (await client.list_key_rings(request={})).pages: + pages.append(page) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +def test_list_crypto_keys(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListCryptoKeysRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeysResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + + response = client.list_crypto_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListCryptoKeysPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +@pytest.mark.asyncio +async def test_list_crypto_keys_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListCryptoKeysRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeysResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + ) + + response = await client.list_crypto_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListCryptoKeysAsyncPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +def test_list_crypto_keys_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListCryptoKeysRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_keys), "__call__" + ) as call: + call.return_value = service.ListCryptoKeysResponse() + + client.list_crypto_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_crypto_keys_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListCryptoKeysRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_keys), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeysResponse() + ) + + await client.list_crypto_keys(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_list_crypto_keys_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeysResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_crypto_keys(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +def test_list_crypto_keys_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_crypto_keys( + service.ListCryptoKeysRequest(), parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_crypto_keys_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_keys), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeysResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeysResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_crypto_keys(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +@pytest.mark.asyncio +async def test_list_crypto_keys_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_crypto_keys( + service.ListCryptoKeysRequest(), parent="parent_value", + ) + + +def test_list_crypto_keys_pager(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_keys), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + resources.CryptoKey(), + ], + next_page_token="abc", + ), + service.ListCryptoKeysResponse(crypto_keys=[], next_page_token="def",), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(),], next_page_token="ghi", + ), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(), resources.CryptoKey(),], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_crypto_keys(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, resources.CryptoKey) for i in results) + + +def test_list_crypto_keys_pages(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_keys), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + resources.CryptoKey(), + ], + next_page_token="abc", + ), + service.ListCryptoKeysResponse(crypto_keys=[], next_page_token="def",), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(),], next_page_token="ghi", + ), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(), resources.CryptoKey(),], + ), + RuntimeError, + ) + pages = list(client.list_crypto_keys(request={}).pages) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_crypto_keys_async_pager(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_keys), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + resources.CryptoKey(), + ], + next_page_token="abc", + ), + service.ListCryptoKeysResponse(crypto_keys=[], next_page_token="def",), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(),], next_page_token="ghi", + ), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(), resources.CryptoKey(),], + ), + RuntimeError, + ) + async_pager = await client.list_crypto_keys(request={},) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, resources.CryptoKey) for i in responses) + + +@pytest.mark.asyncio +async def test_list_crypto_keys_async_pages(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_keys), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + resources.CryptoKey(), + ], + next_page_token="abc", + ), + service.ListCryptoKeysResponse(crypto_keys=[], next_page_token="def",), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(),], next_page_token="ghi", + ), + service.ListCryptoKeysResponse( + crypto_keys=[resources.CryptoKey(), resources.CryptoKey(),], + ), + RuntimeError, + ) + pages = [] + async for page in (await client.list_crypto_keys(request={})).pages: + pages.append(page) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +def test_list_crypto_key_versions(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListCryptoKeyVersionsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeyVersionsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + + response = client.list_crypto_key_versions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListCryptoKeyVersionsPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListCryptoKeyVersionsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeyVersionsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + ) + + response = await client.list_crypto_key_versions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListCryptoKeyVersionsAsyncPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +def test_list_crypto_key_versions_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListCryptoKeyVersionsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_key_versions), "__call__" + ) as call: + call.return_value = service.ListCryptoKeyVersionsResponse() + + client.list_crypto_key_versions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListCryptoKeyVersionsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_key_versions), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeyVersionsResponse() + ) + + await client.list_crypto_key_versions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_list_crypto_key_versions_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeyVersionsResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_crypto_key_versions(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +def test_list_crypto_key_versions_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_crypto_key_versions( + service.ListCryptoKeyVersionsRequest(), parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListCryptoKeyVersionsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListCryptoKeyVersionsResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_crypto_key_versions(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_crypto_key_versions( + service.ListCryptoKeyVersionsRequest(), parent="parent_value", + ) + + +def test_list_crypto_key_versions_pager(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + next_page_token="abc", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[], next_page_token="def", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[resources.CryptoKeyVersion(),], + next_page_token="ghi", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_crypto_key_versions(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, resources.CryptoKeyVersion) for i in results) + + +def test_list_crypto_key_versions_pages(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_crypto_key_versions), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + next_page_token="abc", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[], next_page_token="def", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[resources.CryptoKeyVersion(),], + next_page_token="ghi", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + ), + RuntimeError, + ) + pages = list(client.list_crypto_key_versions(request={}).pages) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_async_pager(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_key_versions), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + next_page_token="abc", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[], next_page_token="def", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[resources.CryptoKeyVersion(),], + next_page_token="ghi", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + ), + RuntimeError, + ) + async_pager = await client.list_crypto_key_versions(request={},) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, resources.CryptoKeyVersion) for i in responses) + + +@pytest.mark.asyncio +async def test_list_crypto_key_versions_async_pages(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_crypto_key_versions), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + next_page_token="abc", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[], next_page_token="def", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[resources.CryptoKeyVersion(),], + next_page_token="ghi", + ), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + ], + ), + RuntimeError, + ) + pages = [] + async for page in (await client.list_crypto_key_versions(request={})).pages: + pages.append(page) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +def test_list_import_jobs(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListImportJobsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_import_jobs), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListImportJobsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + + response = client.list_import_jobs(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListImportJobsPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +@pytest.mark.asyncio +async def test_list_import_jobs_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ListImportJobsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_import_jobs), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListImportJobsResponse( + next_page_token="next_page_token_value", total_size=1086, + ) + ) + + response = await client.list_import_jobs(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListImportJobsAsyncPager) + + assert response.next_page_token == "next_page_token_value" + + assert response.total_size == 1086 + + +def test_list_import_jobs_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListImportJobsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_import_jobs), "__call__" + ) as call: + call.return_value = service.ListImportJobsResponse() + + client.list_import_jobs(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_list_import_jobs_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ListImportJobsRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_import_jobs), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListImportJobsResponse() + ) + + await client.list_import_jobs(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_list_import_jobs_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_import_jobs), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListImportJobsResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.list_import_jobs(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +def test_list_import_jobs_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_import_jobs( + service.ListImportJobsRequest(), parent="parent_value", + ) + + +@pytest.mark.asyncio +async def test_list_import_jobs_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_import_jobs), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.ListImportJobsResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.ListImportJobsResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.list_import_jobs(parent="parent_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + +@pytest.mark.asyncio +async def test_list_import_jobs_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.list_import_jobs( + service.ListImportJobsRequest(), parent="parent_value", + ) + + +def test_list_import_jobs_pager(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_import_jobs), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), + resources.ImportJob(), + ], + next_page_token="abc", + ), + service.ListImportJobsResponse(import_jobs=[], next_page_token="def",), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(),], next_page_token="ghi", + ), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(), resources.ImportJob(),], + ), + RuntimeError, + ) + + metadata = () + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("parent", ""),)), + ) + pager = client.list_import_jobs(request={}) + + assert pager._metadata == metadata + + results = [i for i in pager] + assert len(results) == 6 + assert all(isinstance(i, resources.ImportJob) for i in results) + + +def test_list_import_jobs_pages(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials,) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.list_import_jobs), "__call__" + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), + resources.ImportJob(), + ], + next_page_token="abc", + ), + service.ListImportJobsResponse(import_jobs=[], next_page_token="def",), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(),], next_page_token="ghi", + ), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(), resources.ImportJob(),], + ), + RuntimeError, + ) + pages = list(client.list_import_jobs(request={}).pages) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +@pytest.mark.asyncio +async def test_list_import_jobs_async_pager(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_import_jobs), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), + resources.ImportJob(), + ], + next_page_token="abc", + ), + service.ListImportJobsResponse(import_jobs=[], next_page_token="def",), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(),], next_page_token="ghi", + ), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(), resources.ImportJob(),], + ), + RuntimeError, + ) + async_pager = await client.list_import_jobs(request={},) + assert async_pager.next_page_token == "abc" + responses = [] + async for response in async_pager: + responses.append(response) + + assert len(responses) == 6 + assert all(isinstance(i, resources.ImportJob) for i in responses) + + +@pytest.mark.asyncio +async def test_list_import_jobs_async_pages(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials, + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.list_import_jobs), + "__call__", + new_callable=mock.AsyncMock, + ) as call: + # Set the response to a series of pages. + call.side_effect = ( + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), + resources.ImportJob(), + ], + next_page_token="abc", + ), + service.ListImportJobsResponse(import_jobs=[], next_page_token="def",), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(),], next_page_token="ghi", + ), + service.ListImportJobsResponse( + import_jobs=[resources.ImportJob(), resources.ImportJob(),], + ), + RuntimeError, + ) + pages = [] + async for page in (await client.list_import_jobs(request={})).pages: + pages.append(page) + for page, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page.raw_page.next_page_token == token + + +def test_get_key_ring(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetKeyRingRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_key_ring), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing(name="name_value",) + + response = client.get_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.KeyRing) + + assert response.name == "name_value" + + +@pytest.mark.asyncio +async def test_get_key_ring_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetKeyRingRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_key_ring), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.KeyRing(name="name_value",) + ) + + response = await client.get_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.KeyRing) + + assert response.name == "name_value" + + +def test_get_key_ring_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetKeyRingRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_key_ring), "__call__") as call: + call.return_value = resources.KeyRing() + + client.get_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_key_ring_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetKeyRingRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_key_ring), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.KeyRing()) + + await client.get_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_key_ring_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_key_ring), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_key_ring(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_get_key_ring_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_key_ring( + service.GetKeyRingRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_key_ring_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_key_ring), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.KeyRing()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_key_ring(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_key_ring_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_key_ring( + service.GetKeyRingRequest(), name="name_value", + ) + + +def test_get_crypto_key(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_crypto_key), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + rotation_period=duration.Duration(seconds=751), + ) + + response = client.get_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +@pytest.mark.asyncio +async def test_get_crypto_key_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + ) + ) + + response = await client.get_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +def test_get_crypto_key_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetCryptoKeyRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_crypto_key), "__call__") as call: + call.return_value = resources.CryptoKey() + + client.get_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_crypto_key_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetCryptoKeyRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + + await client.get_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_crypto_key_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_crypto_key), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_crypto_key(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_get_crypto_key_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_crypto_key( + service.GetCryptoKeyRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_crypto_key_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_crypto_key(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_crypto_key_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_crypto_key( + service.GetCryptoKeyRequest(), name="name_value", + ) + + +def test_get_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.get_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.get_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_get_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.get_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_get_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.get_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.get_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.get_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_crypto_key_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.get_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_get_crypto_key_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_crypto_key_version( + service.GetCryptoKeyVersionRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_crypto_key_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_crypto_key_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_crypto_key_version( + service.GetCryptoKeyVersionRequest(), name="name_value", + ) + + +def test_get_public_key(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetPublicKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_public_key), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.PublicKey( + pem="pem_value", + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + ) + + response = client.get_public_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.PublicKey) + + assert response.pem == "pem_value" + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + +@pytest.mark.asyncio +async def test_get_public_key_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetPublicKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_public_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.PublicKey( + pem="pem_value", + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + ) + ) + + response = await client.get_public_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.PublicKey) + + assert response.pem == "pem_value" + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + +def test_get_public_key_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetPublicKeyRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_public_key), "__call__") as call: + call.return_value = resources.PublicKey() + + client.get_public_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_public_key_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetPublicKeyRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_public_key), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.PublicKey()) + + await client.get_public_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_public_key_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_public_key), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.PublicKey() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_public_key(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_get_public_key_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_public_key( + service.GetPublicKeyRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_public_key_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_public_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.PublicKey() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.PublicKey()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_public_key(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_public_key_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_public_key( + service.GetPublicKeyRequest(), name="name_value", + ) + + +def test_get_import_job(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetImportJobRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_import_job), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob( + name="name_value", + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, + protection_level=resources.ProtectionLevel.SOFTWARE, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + ) + + response = client.get_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.ImportJob) + + assert response.name == "name_value" + + assert ( + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + + +@pytest.mark.asyncio +async def test_get_import_job_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.GetImportJobRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.ImportJob( + name="name_value", + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, + protection_level=resources.ProtectionLevel.SOFTWARE, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + ) + ) + + response = await client.get_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.ImportJob) + + assert response.name == "name_value" + + assert ( + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + + +def test_get_import_job_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetImportJobRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_import_job), "__call__") as call: + call.return_value = resources.ImportJob() + + client.get_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_import_job_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GetImportJobRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_import_job), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.ImportJob()) + + await client.get_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_get_import_job_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_import_job), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.get_import_job(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_get_import_job_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.get_import_job( + service.GetImportJobRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_get_import_job_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.ImportJob()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.get_import_job(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_get_import_job_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.get_import_job( + service.GetImportJobRequest(), name="name_value", + ) + + +def test_create_key_ring(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateKeyRingRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.create_key_ring), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing(name="name_value",) + + response = client.create_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.KeyRing) + + assert response.name == "name_value" + + +@pytest.mark.asyncio +async def test_create_key_ring_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateKeyRingRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_key_ring), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.KeyRing(name="name_value",) + ) + + response = await client.create_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.KeyRing) + + assert response.name == "name_value" + + +def test_create_key_ring_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateKeyRingRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.create_key_ring), "__call__") as call: + call.return_value = resources.KeyRing() + + client.create_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_key_ring_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateKeyRingRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_key_ring), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.KeyRing()) + + await client.create_key_ring(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_key_ring_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.create_key_ring), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_key_ring( + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].key_ring_id == "key_ring_id_value" + + assert args[0].key_ring == resources.KeyRing(name="name_value") + + +def test_create_key_ring_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_key_ring( + service.CreateKeyRingRequest(), + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_create_key_ring_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_key_ring), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.KeyRing() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.KeyRing()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_key_ring( + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].key_ring_id == "key_ring_id_value" + + assert args[0].key_ring == resources.KeyRing(name="name_value") + + +@pytest.mark.asyncio +async def test_create_key_ring_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_key_ring( + service.CreateKeyRingRequest(), + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), + ) + + +def test_create_crypto_key(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + rotation_period=duration.Duration(seconds=751), + ) + + response = client.create_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +@pytest.mark.asyncio +async def test_create_crypto_key_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + ) + ) + + response = await client.create_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +def test_create_crypto_key_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateCryptoKeyRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key), "__call__" + ) as call: + call.return_value = resources.CryptoKey() + + client.create_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_crypto_key_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateCryptoKeyRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + + await client.create_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_crypto_key_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_crypto_key( + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].crypto_key_id == "crypto_key_id_value" + + assert args[0].crypto_key == resources.CryptoKey(name="name_value") + + +def test_create_crypto_key_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_crypto_key( + service.CreateCryptoKeyRequest(), + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_create_crypto_key_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_crypto_key( + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].crypto_key_id == "crypto_key_id_value" + + assert args[0].crypto_key == resources.CryptoKey(name="name_value") + + +@pytest.mark.asyncio +async def test_create_crypto_key_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_crypto_key( + service.CreateCryptoKeyRequest(), + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), + ) + + +def test_create_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.create_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_create_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.create_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_create_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateCryptoKeyVersionRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.create_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateCryptoKeyVersionRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.create_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_crypto_key_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_crypto_key_version( + parent="parent_value", + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].crypto_key_version == resources.CryptoKeyVersion( + name="name_value" + ) + + +def test_create_crypto_key_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_crypto_key_version( + service.CreateCryptoKeyVersionRequest(), + parent="parent_value", + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_create_crypto_key_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_crypto_key_version( + parent="parent_value", + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].crypto_key_version == resources.CryptoKeyVersion( + name="name_value" + ) + + +@pytest.mark.asyncio +async def test_create_crypto_key_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_crypto_key_version( + service.CreateCryptoKeyVersionRequest(), + parent="parent_value", + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + ) + + +def test_import_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ImportCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.import_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.import_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_import_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.ImportCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.import_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.import_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_import_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ImportCryptoKeyVersionRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.import_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.import_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_import_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.ImportCryptoKeyVersionRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.import_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.import_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_import_job(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateImportJobRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob( + name="name_value", + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, + protection_level=resources.ProtectionLevel.SOFTWARE, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + ) + + response = client.create_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.ImportJob) + + assert response.name == "name_value" + + assert ( + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + + +@pytest.mark.asyncio +async def test_create_import_job_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.CreateImportJobRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.ImportJob( + name="name_value", + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, + protection_level=resources.ProtectionLevel.SOFTWARE, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + ) + ) + + response = await client.create_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.ImportJob) + + assert response.name == "name_value" + + assert ( + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + + +def test_create_import_job_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateImportJobRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_import_job), "__call__" + ) as call: + call.return_value = resources.ImportJob() + + client.create_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_create_import_job_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.CreateImportJobRequest() + request.parent = "parent/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_import_job), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.ImportJob()) + + await client.create_import_job(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] + + +def test_create_import_job_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.create_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.create_import_job( + parent="parent_value", + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].import_job_id == "import_job_id_value" + + assert args[0].import_job == resources.ImportJob(name="name_value") + + +def test_create_import_job_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.create_import_job( + service.CreateImportJobRequest(), + parent="parent_value", + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), + ) + + +@pytest.mark.asyncio +async def test_create_import_job_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.create_import_job), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.ImportJob() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.ImportJob()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.create_import_job( + parent="parent_value", + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].parent == "parent_value" + + assert args[0].import_job_id == "import_job_id_value" + + assert args[0].import_job == resources.ImportJob(name="name_value") + + +@pytest.mark.asyncio +async def test_create_import_job_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.create_import_job( + service.CreateImportJobRequest(), + parent="parent_value", + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), + ) + + +def test_update_crypto_key(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + rotation_period=duration.Duration(seconds=751), + ) + + response = client.update_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +@pytest.mark.asyncio +async def test_update_crypto_key_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + ) + ) + + response = await client.update_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +def test_update_crypto_key_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyRequest() + request.crypto_key.name = "crypto_key.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key), "__call__" + ) as call: + call.return_value = resources.CryptoKey() + + client.update_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "crypto_key.name=crypto_key.name/value",) in kw[ + "metadata" + ] + + +@pytest.mark.asyncio +async def test_update_crypto_key_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyRequest() + request.crypto_key.name = "crypto_key.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + + await client.update_crypto_key(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "crypto_key.name=crypto_key.name/value",) in kw[ + "metadata" + ] + + +def test_update_crypto_key_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_crypto_key( + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].crypto_key == resources.CryptoKey(name="name_value") + + assert args[0].update_mask == field_mask.FieldMask(paths=["paths_value"]) + + +def test_update_crypto_key_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_crypto_key( + service.UpdateCryptoKeyRequest(), + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + +@pytest.mark.asyncio +async def test_update_crypto_key_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_crypto_key( + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].crypto_key == resources.CryptoKey(name="name_value") + + assert args[0].update_mask == field_mask.FieldMask(paths=["paths_value"]) + + +@pytest.mark.asyncio +async def test_update_crypto_key_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_crypto_key( + service.UpdateCryptoKeyRequest(), + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + +def test_update_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.update_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_update_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.update_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_update_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyVersionRequest() + request.crypto_key_version.name = "crypto_key_version.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.update_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "crypto_key_version.name=crypto_key_version.name/value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_update_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyVersionRequest() + request.crypto_key_version.name = "crypto_key_version.name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.update_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "crypto_key_version.name=crypto_key_version.name/value", + ) in kw["metadata"] + + +def test_update_crypto_key_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_crypto_key_version( + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].crypto_key_version == resources.CryptoKeyVersion( + name="name_value" + ) + + assert args[0].update_mask == field_mask.FieldMask(paths=["paths_value"]) + + +def test_update_crypto_key_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_crypto_key_version( + service.UpdateCryptoKeyVersionRequest(), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + +@pytest.mark.asyncio +async def test_update_crypto_key_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_crypto_key_version( + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].crypto_key_version == resources.CryptoKeyVersion( + name="name_value" + ) + + assert args[0].update_mask == field_mask.FieldMask(paths=["paths_value"]) + + +@pytest.mark.asyncio +async def test_update_crypto_key_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_crypto_key_version( + service.UpdateCryptoKeyVersionRequest(), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask.FieldMask(paths=["paths_value"]), + ) + + +def test_encrypt(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.EncryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.encrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.EncryptResponse( + name="name_value", ciphertext=b"ciphertext_blob", + ) + + response = client.encrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.EncryptResponse) + + assert response.name == "name_value" + + assert response.ciphertext == b"ciphertext_blob" + + +@pytest.mark.asyncio +async def test_encrypt_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.EncryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.encrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.EncryptResponse(name="name_value", ciphertext=b"ciphertext_blob",) + ) + + response = await client.encrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.EncryptResponse) + + assert response.name == "name_value" + + assert response.ciphertext == b"ciphertext_blob" + + +def test_encrypt_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.EncryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.encrypt), "__call__") as call: + call.return_value = service.EncryptResponse() + + client.encrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_encrypt_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.EncryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.encrypt), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.EncryptResponse() + ) + + await client.encrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_encrypt_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.encrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.EncryptResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.encrypt( + name="name_value", plaintext=b"plaintext_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].plaintext == b"plaintext_blob" + + +def test_encrypt_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.encrypt( + service.EncryptRequest(), name="name_value", plaintext=b"plaintext_blob", + ) + + +@pytest.mark.asyncio +async def test_encrypt_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.encrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.EncryptResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.EncryptResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.encrypt(name="name_value", plaintext=b"plaintext_blob",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].plaintext == b"plaintext_blob" + + +@pytest.mark.asyncio +async def test_encrypt_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.encrypt( + service.EncryptRequest(), name="name_value", plaintext=b"plaintext_blob", + ) + + +def test_decrypt(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.DecryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.decrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.DecryptResponse(plaintext=b"plaintext_blob",) + + response = client.decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.DecryptResponse) + + assert response.plaintext == b"plaintext_blob" + + +@pytest.mark.asyncio +async def test_decrypt_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.DecryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.decrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.DecryptResponse(plaintext=b"plaintext_blob",) + ) + + response = await client.decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.DecryptResponse) + + assert response.plaintext == b"plaintext_blob" + + +def test_decrypt_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DecryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.decrypt), "__call__") as call: + call.return_value = service.DecryptResponse() + + client.decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_decrypt_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DecryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.decrypt), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.DecryptResponse() + ) + + await client.decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_decrypt_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.decrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.DecryptResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.decrypt( + name="name_value", ciphertext=b"ciphertext_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].ciphertext == b"ciphertext_blob" + + +def test_decrypt_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.decrypt( + service.DecryptRequest(), name="name_value", ciphertext=b"ciphertext_blob", + ) + + +@pytest.mark.asyncio +async def test_decrypt_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._client._transport.decrypt), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.DecryptResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.DecryptResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.decrypt( + name="name_value", ciphertext=b"ciphertext_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].ciphertext == b"ciphertext_blob" + + +@pytest.mark.asyncio +async def test_decrypt_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.decrypt( + service.DecryptRequest(), name="name_value", ciphertext=b"ciphertext_blob", + ) + + +def test_asymmetric_sign(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.AsymmetricSignRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.asymmetric_sign), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricSignResponse(signature=b"signature_blob",) + + response = client.asymmetric_sign(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.AsymmetricSignResponse) + + assert response.signature == b"signature_blob" + + +@pytest.mark.asyncio +async def test_asymmetric_sign_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.AsymmetricSignRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_sign), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricSignResponse(signature=b"signature_blob",) + ) + + response = await client.asymmetric_sign(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.AsymmetricSignResponse) + + assert response.signature == b"signature_blob" + + +def test_asymmetric_sign_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.AsymmetricSignRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.asymmetric_sign), "__call__") as call: + call.return_value = service.AsymmetricSignResponse() + + client.asymmetric_sign(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_asymmetric_sign_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.AsymmetricSignRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_sign), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricSignResponse() + ) + + await client.asymmetric_sign(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_asymmetric_sign_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.asymmetric_sign), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricSignResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.asymmetric_sign( + name="name_value", digest=service.Digest(sha256=b"sha256_blob"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].digest == service.Digest(sha256=b"sha256_blob") + + +def test_asymmetric_sign_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.asymmetric_sign( + service.AsymmetricSignRequest(), + name="name_value", + digest=service.Digest(sha256=b"sha256_blob"), + ) + + +@pytest.mark.asyncio +async def test_asymmetric_sign_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_sign), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricSignResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricSignResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.asymmetric_sign( + name="name_value", digest=service.Digest(sha256=b"sha256_blob"), + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].digest == service.Digest(sha256=b"sha256_blob") + + +@pytest.mark.asyncio +async def test_asymmetric_sign_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.asymmetric_sign( + service.AsymmetricSignRequest(), + name="name_value", + digest=service.Digest(sha256=b"sha256_blob"), + ) + + +def test_asymmetric_decrypt(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.AsymmetricDecryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.asymmetric_decrypt), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricDecryptResponse( + plaintext=b"plaintext_blob", + ) + + response = client.asymmetric_decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.AsymmetricDecryptResponse) + + assert response.plaintext == b"plaintext_blob" + + +@pytest.mark.asyncio +async def test_asymmetric_decrypt_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.AsymmetricDecryptRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_decrypt), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricDecryptResponse(plaintext=b"plaintext_blob",) + ) + + response = await client.asymmetric_decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, service.AsymmetricDecryptResponse) + + assert response.plaintext == b"plaintext_blob" + + +def test_asymmetric_decrypt_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.AsymmetricDecryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.asymmetric_decrypt), "__call__" + ) as call: + call.return_value = service.AsymmetricDecryptResponse() + + client.asymmetric_decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_asymmetric_decrypt_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.AsymmetricDecryptRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_decrypt), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricDecryptResponse() + ) + + await client.asymmetric_decrypt(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_asymmetric_decrypt_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.asymmetric_decrypt), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricDecryptResponse() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.asymmetric_decrypt( + name="name_value", ciphertext=b"ciphertext_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].ciphertext == b"ciphertext_blob" + + +def test_asymmetric_decrypt_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.asymmetric_decrypt( + service.AsymmetricDecryptRequest(), + name="name_value", + ciphertext=b"ciphertext_blob", + ) + + +@pytest.mark.asyncio +async def test_asymmetric_decrypt_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.asymmetric_decrypt), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.AsymmetricDecryptResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.AsymmetricDecryptResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.asymmetric_decrypt( + name="name_value", ciphertext=b"ciphertext_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].ciphertext == b"ciphertext_blob" + + +@pytest.mark.asyncio +async def test_asymmetric_decrypt_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.asymmetric_decrypt( + service.AsymmetricDecryptRequest(), + name="name_value", + ciphertext=b"ciphertext_blob", + ) + + +def test_update_crypto_key_primary_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyPrimaryVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + rotation_period=duration.Duration(seconds=751), + ) + + response = client.update_crypto_key_primary_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +@pytest.mark.asyncio +async def test_update_crypto_key_primary_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.UpdateCryptoKeyPrimaryVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + ) + ) + + response = await client.update_crypto_key_primary_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKey) + + assert response.name == "name_value" + + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + + +def test_update_crypto_key_primary_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyPrimaryVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + call.return_value = resources.CryptoKey() + + client.update_crypto_key_primary_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_update_crypto_key_primary_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.UpdateCryptoKeyPrimaryVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + + await client.update_crypto_key_primary_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_update_crypto_key_primary_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.update_crypto_key_primary_version( + name="name_value", crypto_key_version_id="crypto_key_version_id_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].crypto_key_version_id == "crypto_key_version_id_value" + + +def test_update_crypto_key_primary_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_crypto_key_primary_version( + service.UpdateCryptoKeyPrimaryVersionRequest(), + name="name_value", + crypto_key_version_id="crypto_key_version_id_value", + ) + + +@pytest.mark.asyncio +async def test_update_crypto_key_primary_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.update_crypto_key_primary_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKey() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(resources.CryptoKey()) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.update_crypto_key_primary_version( + name="name_value", crypto_key_version_id="crypto_key_version_id_value", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + assert args[0].crypto_key_version_id == "crypto_key_version_id_value" + + +@pytest.mark.asyncio +async def test_update_crypto_key_primary_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.update_crypto_key_primary_version( + service.UpdateCryptoKeyPrimaryVersionRequest(), + name="name_value", + crypto_key_version_id="crypto_key_version_id_value", + ) + + +def test_destroy_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.DestroyCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.destroy_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.destroy_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_destroy_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.DestroyCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.destroy_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.destroy_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_destroy_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DestroyCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.destroy_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.destroy_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_destroy_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.DestroyCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.destroy_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.destroy_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_destroy_crypto_key_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.destroy_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.destroy_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_destroy_crypto_key_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.destroy_crypto_key_version( + service.DestroyCryptoKeyVersionRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_destroy_crypto_key_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.destroy_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.destroy_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_destroy_crypto_key_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.destroy_crypto_key_version( + service.DestroyCryptoKeyVersionRequest(), name="name_value", + ) + + +def test_restore_crypto_key_version(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.RestoreCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.restore_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + + response = client.restore_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +@pytest.mark.asyncio +async def test_restore_crypto_key_version_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = service.RestoreCryptoKeyVersionRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.restore_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion( + name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + ) + ) + + response = await client.restore_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, resources.CryptoKeyVersion) + + assert response.name == "name_value" + + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + + assert response.import_job == "import_job_value" + + assert response.import_failure_reason == "import_failure_reason_value" + + +def test_restore_crypto_key_version_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.RestoreCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.restore_crypto_key_version), "__call__" + ) as call: + call.return_value = resources.CryptoKeyVersion() + + client.restore_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_restore_crypto_key_version_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.RestoreCryptoKeyVersionRequest() + request.name = "name/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.restore_crypto_key_version), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + + await client.restore_crypto_key_version(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "name=name/value",) in kw["metadata"] + + +def test_restore_crypto_key_version_flattened(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.restore_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.restore_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +def test_restore_crypto_key_version_flattened_error(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.restore_crypto_key_version( + service.RestoreCryptoKeyVersionRequest(), name="name_value", + ) + + +@pytest.mark.asyncio +async def test_restore_crypto_key_version_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.restore_crypto_key_version), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = resources.CryptoKeyVersion() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + resources.CryptoKeyVersion() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.restore_crypto_key_version(name="name_value",) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0].name == "name_value" + + +@pytest.mark.asyncio +async def test_restore_crypto_key_version_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.restore_crypto_key_version( + service.RestoreCryptoKeyVersionRequest(), name="name_value", + ) + + +def test_credentials_transport_error(): + # It is an error to provide credentials and a transport instance. + transport = transports.KeyManagementServiceGrpcTransport( + credentials=credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # It is an error to provide a credentials file and a transport instance. + transport = transports.KeyManagementServiceGrpcTransport( + credentials=credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = KeyManagementServiceClient( + client_options={"credentials_file": "credentials.json"}, + transport=transport, + ) + + # It is an error to provide scopes and a transport instance. + transport = transports.KeyManagementServiceGrpcTransport( + credentials=credentials.AnonymousCredentials(), + ) + with pytest.raises(ValueError): + client = KeyManagementServiceClient( + client_options={"scopes": ["1", "2"]}, transport=transport, + ) + + +def test_transport_instance(): + # A client may be instantiated with a custom transport instance. + transport = transports.KeyManagementServiceGrpcTransport( + credentials=credentials.AnonymousCredentials(), + ) + client = KeyManagementServiceClient(transport=transport) + assert client._transport is transport + + +def test_transport_get_channel(): + # A client may be instantiated with a custom transport instance. + transport = transports.KeyManagementServiceGrpcTransport( + credentials=credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + transport = transports.KeyManagementServiceGrpcAsyncIOTransport( + credentials=credentials.AnonymousCredentials(), + ) + channel = transport.grpc_channel + assert channel + + +def test_transport_grpc_default(): + # A client should use the gRPC transport by default. + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + assert isinstance(client._transport, transports.KeyManagementServiceGrpcTransport,) + + +def test_key_management_service_base_transport_error(): + # Passing both a credentials object and credentials_file should raise an error + with pytest.raises(exceptions.DuplicateCredentialArgs): + transport = transports.KeyManagementServiceTransport( + credentials=credentials.AnonymousCredentials(), + credentials_file="credentials.json", + ) + + +def test_key_management_service_base_transport(): + # Instantiate the base transport. + with mock.patch( + "google.cloud.kms_v1.services.key_management_service.transports.KeyManagementServiceTransport.__init__" + ) as Transport: + Transport.return_value = None + transport = transports.KeyManagementServiceTransport( + credentials=credentials.AnonymousCredentials(), + ) + + # Every method on the transport should just blindly + # raise NotImplementedError. + methods = ( + "list_key_rings", + "list_crypto_keys", + "list_crypto_key_versions", + "list_import_jobs", + "get_key_ring", + "get_crypto_key", + "get_crypto_key_version", + "get_public_key", + "get_import_job", + "create_key_ring", + "create_crypto_key", + "create_crypto_key_version", + "import_crypto_key_version", + "create_import_job", + "update_crypto_key", + "update_crypto_key_version", + "encrypt", + "decrypt", + "asymmetric_sign", + "asymmetric_decrypt", + "update_crypto_key_primary_version", + "destroy_crypto_key_version", + "restore_crypto_key_version", + "set_iam_policy", + "get_iam_policy", + "test_iam_permissions", + ) + for method in methods: + with pytest.raises(NotImplementedError): + getattr(transport, method)(request=object()) + + +def test_key_management_service_base_transport_with_credentials_file(): + # Instantiate the base transport with a credentials file + with mock.patch.object( + auth, "load_credentials_from_file" + ) as load_creds, mock.patch( + "google.cloud.kms_v1.services.key_management_service.transports.KeyManagementServiceTransport._prep_wrapped_messages" + ) as Transport: + Transport.return_value = None + load_creds.return_value = (credentials.AnonymousCredentials(), None) + transport = transports.KeyManagementServiceTransport( + credentials_file="credentials.json", quota_project_id="octopus", + ) + load_creds.assert_called_once_with( + "credentials.json", + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + quota_project_id="octopus", + ) + + +def test_key_management_service_auth_adc(): + # If no credentials are provided, we should use ADC credentials. + with mock.patch.object(auth, "default") as adc: + adc.return_value = (credentials.AnonymousCredentials(), None) + KeyManagementServiceClient() + adc.assert_called_once_with( + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + quota_project_id=None, + ) + + +def test_key_management_service_transport_auth_adc(): + # If credentials and host are not provided, the transport class should use + # ADC credentials. + with mock.patch.object(auth, "default") as adc: + adc.return_value = (credentials.AnonymousCredentials(), None) + transports.KeyManagementServiceGrpcTransport( + host="squid.clam.whelk", quota_project_id="octopus" + ) + adc.assert_called_once_with( + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + quota_project_id="octopus", + ) + + +def test_key_management_service_host_no_port(): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="cloudkms.googleapis.com" + ), + ) + assert client._transport._host == "cloudkms.googleapis.com:443" + + +def test_key_management_service_host_with_port(): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), + client_options=client_options.ClientOptions( + api_endpoint="cloudkms.googleapis.com:8000" + ), + ) + assert client._transport._host == "cloudkms.googleapis.com:8000" + + +def test_key_management_service_grpc_transport_channel(): + channel = grpc.insecure_channel("http://localhost/") + + # Check that if channel is provided, mtls endpoint and client_cert_source + # won't be used. + callback = mock.MagicMock() + transport = transports.KeyManagementServiceGrpcTransport( + host="squid.clam.whelk", + channel=channel, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=callback, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert not callback.called + + +def test_key_management_service_grpc_asyncio_transport_channel(): + channel = aio.insecure_channel("http://localhost/") + + # Check that if channel is provided, mtls endpoint and client_cert_source + # won't be used. + callback = mock.MagicMock() + transport = transports.KeyManagementServiceGrpcAsyncIOTransport( + host="squid.clam.whelk", + channel=channel, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=callback, + ) + assert transport.grpc_channel == channel + assert transport._host == "squid.clam.whelk:443" + assert not callback.called + + +@mock.patch("grpc.ssl_channel_credentials", autospec=True) +@mock.patch("google.api_core.grpc_helpers.create_channel", autospec=True) +def test_key_management_service_grpc_transport_channel_mtls_with_client_cert_source( + grpc_create_channel, grpc_ssl_channel_cred +): + # Check that if channel is None, but api_mtls_endpoint and client_cert_source + # are provided, then a mTLS channel will be created. + mock_cred = mock.Mock() + + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + transport = transports.KeyManagementServiceGrpcTransport( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + ) + assert transport.grpc_channel == mock_grpc_channel + + +@mock.patch("grpc.ssl_channel_credentials", autospec=True) +@mock.patch("google.api_core.grpc_helpers_async.create_channel", autospec=True) +def test_key_management_service_grpc_asyncio_transport_channel_mtls_with_client_cert_source( + grpc_create_channel, grpc_ssl_channel_cred +): + # Check that if channel is None, but api_mtls_endpoint and client_cert_source + # are provided, then a mTLS channel will be created. + mock_cred = mock.Mock() + + mock_ssl_cred = mock.Mock() + grpc_ssl_channel_cred.return_value = mock_ssl_cred + + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + transport = transports.KeyManagementServiceGrpcAsyncIOTransport( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint="mtls.squid.clam.whelk", + client_cert_source=client_cert_source_callback, + ) + grpc_ssl_channel_cred.assert_called_once_with( + certificate_chain=b"cert bytes", private_key=b"key bytes" + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + ) + assert transport.grpc_channel == mock_grpc_channel + + +@pytest.mark.parametrize( + "api_mtls_endpoint", ["mtls.squid.clam.whelk", "mtls.squid.clam.whelk:443"] +) +@mock.patch("google.api_core.grpc_helpers.create_channel", autospec=True) +def test_key_management_service_grpc_transport_channel_mtls_with_adc( + grpc_create_channel, api_mtls_endpoint +): + # Check that if channel and client_cert_source are None, but api_mtls_endpoint + # is provided, then a mTLS channel will be created with SSL ADC. + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + # Mock google.auth.transport.grpc.SslCredentials class. + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + mock_cred = mock.Mock() + transport = transports.KeyManagementServiceGrpcTransport( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint=api_mtls_endpoint, + client_cert_source=None, + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + ) + assert transport.grpc_channel == mock_grpc_channel + + +@pytest.mark.parametrize( + "api_mtls_endpoint", ["mtls.squid.clam.whelk", "mtls.squid.clam.whelk:443"] +) +@mock.patch("google.api_core.grpc_helpers_async.create_channel", autospec=True) +def test_key_management_service_grpc_asyncio_transport_channel_mtls_with_adc( + grpc_create_channel, api_mtls_endpoint +): + # Check that if channel and client_cert_source are None, but api_mtls_endpoint + # is provided, then a mTLS channel will be created with SSL ADC. + mock_grpc_channel = mock.Mock() + grpc_create_channel.return_value = mock_grpc_channel + + # Mock google.auth.transport.grpc.SslCredentials class. + mock_ssl_cred = mock.Mock() + with mock.patch.multiple( + "google.auth.transport.grpc.SslCredentials", + __init__=mock.Mock(return_value=None), + ssl_credentials=mock.PropertyMock(return_value=mock_ssl_cred), + ): + mock_cred = mock.Mock() + transport = transports.KeyManagementServiceGrpcAsyncIOTransport( + host="squid.clam.whelk", + credentials=mock_cred, + api_mtls_endpoint=api_mtls_endpoint, + client_cert_source=None, + ) + grpc_create_channel.assert_called_once_with( + "mtls.squid.clam.whelk:443", + credentials=mock_cred, + credentials_file=None, + scopes=( + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/cloudkms", + ), + ssl_credentials=mock_ssl_cred, + quota_project_id=None, + ) + assert transport.grpc_channel == mock_grpc_channel + + +def test_crypto_key_version_path(): + project = "squid" + location = "clam" + key_ring = "whelk" + crypto_key = "octopus" + crypto_key_version = "oyster" + + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}".format( + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + crypto_key_version=crypto_key_version, + ) + actual = KeyManagementServiceClient.crypto_key_version_path( + project, location, key_ring, crypto_key, crypto_key_version + ) + assert expected == actual + + +def test_parse_crypto_key_version_path(): + expected = { + "project": "nudibranch", + "location": "cuttlefish", + "key_ring": "mussel", + "crypto_key": "winkle", + "crypto_key_version": "nautilus", + } + path = KeyManagementServiceClient.crypto_key_version_path(**expected) + + # Check that the path construction is reversible. + actual = KeyManagementServiceClient.parse_crypto_key_version_path(path) + assert expected == actual + + +def test_key_ring_path(): + project = "squid" + location = "clam" + key_ring = "whelk" + + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}".format( + project=project, location=location, key_ring=key_ring, + ) + actual = KeyManagementServiceClient.key_ring_path(project, location, key_ring) + assert expected == actual + + +def test_parse_key_ring_path(): + expected = { + "project": "octopus", + "location": "oyster", + "key_ring": "nudibranch", + } + path = KeyManagementServiceClient.key_ring_path(**expected) + + # Check that the path construction is reversible. + actual = KeyManagementServiceClient.parse_key_ring_path(path) + assert expected == actual + + +def test_crypto_key_path(): + project = "squid" + location = "clam" + key_ring = "whelk" + crypto_key = "octopus" + + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}".format( + project=project, location=location, key_ring=key_ring, crypto_key=crypto_key, + ) + actual = KeyManagementServiceClient.crypto_key_path( + project, location, key_ring, crypto_key + ) + assert expected == actual + + +def test_parse_crypto_key_path(): + expected = { + "project": "oyster", + "location": "nudibranch", + "key_ring": "cuttlefish", + "crypto_key": "mussel", + } + path = KeyManagementServiceClient.crypto_key_path(**expected) + + # Check that the path construction is reversible. + actual = KeyManagementServiceClient.parse_crypto_key_path(path) + assert expected == actual + + +def test_import_job_path(): + project = "squid" + location = "clam" + key_ring = "whelk" + import_job = "octopus" + + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}".format( + project=project, location=location, key_ring=key_ring, import_job=import_job, + ) + actual = KeyManagementServiceClient.import_job_path( + project, location, key_ring, import_job + ) + assert expected == actual + + +def test_parse_import_job_path(): + expected = { + "project": "oyster", + "location": "nudibranch", + "key_ring": "cuttlefish", + "import_job": "mussel", + } + path = KeyManagementServiceClient.import_job_path(**expected) + + # Check that the path construction is reversible. + actual = KeyManagementServiceClient.parse_import_job_path(path) + assert expected == actual + + +def test_set_iam_policy(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.SetIamPolicyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.set_iam_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy(version=774, etag=b"etag_blob",) + + response = client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + + assert response.version == 774 + + assert response.etag == b"etag_blob" + + +@pytest.mark.asyncio +async def test_set_iam_policy_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.SetIamPolicyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.set_iam_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.Policy(version=774, etag=b"etag_blob",) + ) + + response = await client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + + assert response.version == 774 + + assert response.etag == b"etag_blob" + + +def test_set_iam_policy_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.SetIamPolicyRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.set_iam_policy), "__call__") as call: + call.return_value = policy.Policy() + + client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_set_iam_policy_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.SetIamPolicyRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.set_iam_policy), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy.Policy()) + + await client.set_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +def test_set_iam_policy_from_dict(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.set_iam_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy() + + response = client.set_iam_policy( + request={ + "resource": "resource_value", + "policy": policy.Policy(version=774), + } + ) + call.assert_called() + + +def test_get_iam_policy(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.GetIamPolicyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_iam_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy(version=774, etag=b"etag_blob",) + + response = client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + + assert response.version == 774 + + assert response.etag == b"etag_blob" + + +@pytest.mark.asyncio +async def test_get_iam_policy_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.GetIamPolicyRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_iam_policy), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + policy.Policy(version=774, etag=b"etag_blob",) + ) + + response = await client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, policy.Policy) + + assert response.version == 774 + + assert response.etag == b"etag_blob" + + +def test_get_iam_policy_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.GetIamPolicyRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_iam_policy), "__call__") as call: + call.return_value = policy.Policy() + + client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_get_iam_policy_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.GetIamPolicyRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.get_iam_policy), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall(policy.Policy()) + + await client.get_iam_policy(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +def test_get_iam_policy_from_dict(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client._transport.get_iam_policy), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = policy.Policy() + + response = client.get_iam_policy( + request={ + "resource": "resource_value", + "options": options.GetPolicyOptions(requested_policy_version=2598), + } + ) + call.assert_called() + + +def test_test_iam_permissions(transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.TestIamPermissionsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.test_iam_permissions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = iam_policy.TestIamPermissionsResponse( + permissions=["permissions_value"], + ) + + response = client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy.TestIamPermissionsResponse) + + assert response.permissions == ["permissions_value"] + + +@pytest.mark.asyncio +async def test_test_iam_permissions_async(transport: str = "grpc_asyncio"): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = iam_policy.TestIamPermissionsRequest() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.test_iam_permissions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + iam_policy.TestIamPermissionsResponse(permissions=["permissions_value"],) + ) + + response = await client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + + assert args[0] == request + + # Establish that the response is the type that we expect. + assert isinstance(response, iam_policy.TestIamPermissionsResponse) + + assert response.permissions == ["permissions_value"] + + +def test_test_iam_permissions_field_headers(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.TestIamPermissionsRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.test_iam_permissions), "__call__" + ) as call: + call.return_value = iam_policy.TestIamPermissionsResponse() + + client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_test_iam_permissions_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = iam_policy.TestIamPermissionsRequest() + request.resource = "resource/value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._client._transport.test_iam_permissions), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + iam_policy.TestIamPermissionsResponse() + ) + + await client.test_iam_permissions(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ("x-goog-request-params", "resource=resource/value",) in kw["metadata"] + + +def test_test_iam_permissions_from_dict(): + client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client._transport.test_iam_permissions), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = iam_policy.TestIamPermissionsResponse() + + response = client.test_iam_permissions( + request={ + "resource": "resource_value", + "permissions": ["permissions_value"], + } + ) + call.assert_called() diff --git a/tests/unit/gapic/v1/test_key_management_service_client_v1.py b/tests/unit/gapic/v1/test_key_management_service_client_v1.py deleted file mode 100644 index 24c6e292..00000000 --- a/tests/unit/gapic/v1/test_key_management_service_client_v1.py +++ /dev/null @@ -1,1328 +0,0 @@ -# -*- coding: utf-8 -*- -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Unit tests.""" - -import mock -import pytest - -from google.cloud import kms_v1 -from google.cloud.kms_v1 import enums -from google.cloud.kms_v1.proto import resources_pb2 -from google.cloud.kms_v1.proto import service_pb2 -from google.iam.v1 import iam_policy_pb2 -from google.iam.v1 import policy_pb2 -from google.protobuf import duration_pb2 -from google.protobuf import field_mask_pb2 -from google.protobuf import timestamp_pb2 - - -class MultiCallableStub(object): - """Stub for the grpc.UnaryUnaryMultiCallable interface.""" - - def __init__(self, method, channel_stub): - self.method = method - self.channel_stub = channel_stub - - def __call__(self, request, timeout=None, metadata=None, credentials=None): - self.channel_stub.requests.append((self.method, request)) - - response = None - if self.channel_stub.responses: - response = self.channel_stub.responses.pop() - - if isinstance(response, Exception): - raise response - - if response: - return response - - -class ChannelStub(object): - """Stub for the grpc.Channel interface.""" - - def __init__(self, responses=[]): - self.responses = responses - self.requests = [] - - def unary_unary(self, method, request_serializer=None, response_deserializer=None): - return MultiCallableStub(method, self) - - -class CustomException(Exception): - pass - - -class TestKeyManagementServiceClient(object): - def test_list_key_rings(self): - # Setup Expected Response - next_page_token = "" - total_size = 705419236 - key_rings_element = {} - key_rings = [key_rings_element] - expected_response = { - "next_page_token": next_page_token, - "total_size": total_size, - "key_rings": key_rings, - } - expected_response = service_pb2.ListKeyRingsResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.location_path("[PROJECT]", "[LOCATION]") - - paged_list_response = client.list_key_rings(parent) - resources = list(paged_list_response) - assert len(resources) == 1 - - assert expected_response.key_rings[0] == resources[0] - - assert len(channel.requests) == 1 - expected_request = service_pb2.ListKeyRingsRequest(parent=parent) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_list_key_rings_exception(self): - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.location_path("[PROJECT]", "[LOCATION]") - - paged_list_response = client.list_key_rings(parent) - with pytest.raises(CustomException): - list(paged_list_response) - - def test_list_import_jobs(self): - # Setup Expected Response - next_page_token = "" - total_size = 705419236 - import_jobs_element = {} - import_jobs = [import_jobs_element] - expected_response = { - "next_page_token": next_page_token, - "total_size": total_size, - "import_jobs": import_jobs, - } - expected_response = service_pb2.ListImportJobsResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - paged_list_response = client.list_import_jobs(parent) - resources = list(paged_list_response) - assert len(resources) == 1 - - assert expected_response.import_jobs[0] == resources[0] - - assert len(channel.requests) == 1 - expected_request = service_pb2.ListImportJobsRequest(parent=parent) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_list_import_jobs_exception(self): - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - paged_list_response = client.list_import_jobs(parent) - with pytest.raises(CustomException): - list(paged_list_response) - - def test_list_crypto_keys(self): - # Setup Expected Response - next_page_token = "" - total_size = 705419236 - crypto_keys_element = {} - crypto_keys = [crypto_keys_element] - expected_response = { - "next_page_token": next_page_token, - "total_size": total_size, - "crypto_keys": crypto_keys, - } - expected_response = service_pb2.ListCryptoKeysResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - paged_list_response = client.list_crypto_keys(parent) - resources = list(paged_list_response) - assert len(resources) == 1 - - assert expected_response.crypto_keys[0] == resources[0] - - assert len(channel.requests) == 1 - expected_request = service_pb2.ListCryptoKeysRequest(parent=parent) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_list_crypto_keys_exception(self): - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - paged_list_response = client.list_crypto_keys(parent) - with pytest.raises(CustomException): - list(paged_list_response) - - def test_list_crypto_key_versions(self): - # Setup Expected Response - next_page_token = "" - total_size = 705419236 - crypto_key_versions_element = {} - crypto_key_versions = [crypto_key_versions_element] - expected_response = { - "next_page_token": next_page_token, - "total_size": total_size, - "crypto_key_versions": crypto_key_versions, - } - expected_response = service_pb2.ListCryptoKeyVersionsResponse( - **expected_response - ) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - - paged_list_response = client.list_crypto_key_versions(parent) - resources = list(paged_list_response) - assert len(resources) == 1 - - assert expected_response.crypto_key_versions[0] == resources[0] - - assert len(channel.requests) == 1 - expected_request = service_pb2.ListCryptoKeyVersionsRequest(parent=parent) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_list_crypto_key_versions_exception(self): - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - - paged_list_response = client.list_crypto_key_versions(parent) - with pytest.raises(CustomException): - list(paged_list_response) - - def test_get_key_ring(self): - # Setup Expected Response - name_2 = "name2-1052831874" - expected_response = {"name": name_2} - expected_response = resources_pb2.KeyRing(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - response = client.get_key_ring(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.GetKeyRingRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_key_ring_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - - with pytest.raises(CustomException): - client.get_key_ring(name) - - def test_get_import_job(self): - # Setup Expected Response - name_2 = "name2-1052831874" - expected_response = {"name": name_2} - expected_response = resources_pb2.ImportJob(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.import_job_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[IMPORT_JOB]" - ) - - response = client.get_import_job(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.GetImportJobRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_import_job_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.import_job_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[IMPORT_JOB]" - ) - - with pytest.raises(CustomException): - client.get_import_job(name) - - def test_get_crypto_key(self): - # Setup Expected Response - name_2 = "name2-1052831874" - expected_response = {"name": name_2} - expected_response = resources_pb2.CryptoKey(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - - response = client.get_crypto_key(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.GetCryptoKeyRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_crypto_key_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - - with pytest.raises(CustomException): - client.get_crypto_key(name) - - def test_get_crypto_key_version(self): - # Setup Expected Response - name_2 = "name2-1052831874" - import_job = "importJob2125587491" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name_2, - "import_job": import_job, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - response = client.get_crypto_key_version(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.GetCryptoKeyVersionRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - with pytest.raises(CustomException): - client.get_crypto_key_version(name) - - def test_create_key_ring(self): - # Setup Expected Response - name = "name3373707" - expected_response = {"name": name} - expected_response = resources_pb2.KeyRing(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.location_path("[PROJECT]", "[LOCATION]") - key_ring_id = "keyRingId-2056646742" - key_ring = {} - - response = client.create_key_ring(parent, key_ring_id, key_ring) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.CreateKeyRingRequest( - parent=parent, key_ring_id=key_ring_id, key_ring=key_ring - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_create_key_ring_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.location_path("[PROJECT]", "[LOCATION]") - key_ring_id = "keyRingId-2056646742" - key_ring = {} - - with pytest.raises(CustomException): - client.create_key_ring(parent, key_ring_id, key_ring) - - def test_create_import_job(self): - # Setup Expected Response - name = "name3373707" - expected_response = {"name": name} - expected_response = resources_pb2.ImportJob(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - import_job_id = "my-import-job" - import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 - protection_level = enums.ProtectionLevel.HSM - import_job = { - "import_method": import_method, - "protection_level": protection_level, - } - - response = client.create_import_job(parent, import_job_id, import_job) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.CreateImportJobRequest( - parent=parent, import_job_id=import_job_id, import_job=import_job - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_create_import_job_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - import_job_id = "my-import-job" - import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 - protection_level = enums.ProtectionLevel.HSM - import_job = { - "import_method": import_method, - "protection_level": protection_level, - } - - with pytest.raises(CustomException): - client.create_import_job(parent, import_job_id, import_job) - - def test_create_crypto_key(self): - # Setup Expected Response - name = "name3373707" - expected_response = {"name": name} - expected_response = resources_pb2.CryptoKey(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - crypto_key_id = "my-app-key" - purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - seconds = 2147483647 - next_rotation_time = {"seconds": seconds} - seconds_2 = 604800 - rotation_period = {"seconds": seconds_2} - crypto_key = { - "purpose": purpose, - "next_rotation_time": next_rotation_time, - "rotation_period": rotation_period, - } - - response = client.create_crypto_key(parent, crypto_key_id, crypto_key) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.CreateCryptoKeyRequest( - parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_create_crypto_key_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") - crypto_key_id = "my-app-key" - purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - seconds = 2147483647 - next_rotation_time = {"seconds": seconds} - seconds_2 = 604800 - rotation_period = {"seconds": seconds_2} - crypto_key = { - "purpose": purpose, - "next_rotation_time": next_rotation_time, - "rotation_period": rotation_period, - } - - with pytest.raises(CustomException): - client.create_crypto_key(parent, crypto_key_id, crypto_key) - - def test_create_crypto_key_version(self): - # Setup Expected Response - name = "name3373707" - import_job = "importJob2125587491" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name, - "import_job": import_job, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - crypto_key_version = {} - - response = client.create_crypto_key_version(parent, crypto_key_version) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.CreateCryptoKeyVersionRequest( - parent=parent, crypto_key_version=crypto_key_version - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_create_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - crypto_key_version = {} - - with pytest.raises(CustomException): - client.create_crypto_key_version(parent, crypto_key_version) - - def test_import_crypto_key_version(self): - # Setup Expected Response - name = "name3373707" - import_job_2 = "importJob2-1714851050" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name, - "import_job": import_job_2, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - algorithm = ( - enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED - ) - import_job = "importJob2125587491" - - response = client.import_crypto_key_version(parent, algorithm, import_job) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.ImportCryptoKeyVersionRequest( - parent=parent, algorithm=algorithm, import_job=import_job - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_import_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - parent = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - algorithm = ( - enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED - ) - import_job = "importJob2125587491" - - with pytest.raises(CustomException): - client.import_crypto_key_version(parent, algorithm, import_job) - - def test_update_crypto_key(self): - # Setup Expected Response - name = "name3373707" - expected_response = {"name": name} - expected_response = resources_pb2.CryptoKey(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - crypto_key = {} - update_mask = {} - - response = client.update_crypto_key(crypto_key, update_mask) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.UpdateCryptoKeyRequest( - crypto_key=crypto_key, update_mask=update_mask - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_update_crypto_key_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - crypto_key = {} - update_mask = {} - - with pytest.raises(CustomException): - client.update_crypto_key(crypto_key, update_mask) - - def test_update_crypto_key_version(self): - # Setup Expected Response - name = "name3373707" - import_job = "importJob2125587491" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name, - "import_job": import_job, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - crypto_key_version = {} - update_mask = {} - - response = client.update_crypto_key_version(crypto_key_version, update_mask) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.UpdateCryptoKeyVersionRequest( - crypto_key_version=crypto_key_version, update_mask=update_mask - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_update_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - crypto_key_version = {} - update_mask = {} - - with pytest.raises(CustomException): - client.update_crypto_key_version(crypto_key_version, update_mask) - - def test_encrypt(self): - # Setup Expected Response - name_2 = "name2-1052831874" - ciphertext = b"-72" - expected_response = {"name": name_2, "ciphertext": ciphertext} - expected_response = service_pb2.EncryptResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = "name3373707" - plaintext = b"-9" - - response = client.encrypt(name, plaintext) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.EncryptRequest(name=name, plaintext=plaintext) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_encrypt_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = "name3373707" - plaintext = b"-9" - - with pytest.raises(CustomException): - client.encrypt(name, plaintext) - - def test_decrypt(self): - # Setup Expected Response - plaintext = b"-9" - expected_response = {"plaintext": plaintext} - expected_response = service_pb2.DecryptResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - ciphertext = b"-72" - - response = client.decrypt(name, ciphertext) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.DecryptRequest(name=name, ciphertext=ciphertext) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_decrypt_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - ciphertext = b"-72" - - with pytest.raises(CustomException): - client.decrypt(name, ciphertext) - - def test_update_crypto_key_primary_version(self): - # Setup Expected Response - name_2 = "name2-1052831874" - expected_response = {"name": name_2} - expected_response = resources_pb2.CryptoKey(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - crypto_key_version_id = "cryptoKeyVersionId729489152" - - response = client.update_crypto_key_primary_version(name, crypto_key_version_id) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( - name=name, crypto_key_version_id=crypto_key_version_id - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_update_crypto_key_primary_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_path( - "[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]" - ) - crypto_key_version_id = "cryptoKeyVersionId729489152" - - with pytest.raises(CustomException): - client.update_crypto_key_primary_version(name, crypto_key_version_id) - - def test_destroy_crypto_key_version(self): - # Setup Expected Response - name_2 = "name2-1052831874" - import_job = "importJob2125587491" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name_2, - "import_job": import_job, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - response = client.destroy_crypto_key_version(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.DestroyCryptoKeyVersionRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_destroy_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - with pytest.raises(CustomException): - client.destroy_crypto_key_version(name) - - def test_restore_crypto_key_version(self): - # Setup Expected Response - name_2 = "name2-1052831874" - import_job = "importJob2125587491" - import_failure_reason = "importFailureReason-494073229" - expected_response = { - "name": name_2, - "import_job": import_job, - "import_failure_reason": import_failure_reason, - } - expected_response = resources_pb2.CryptoKeyVersion(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - response = client.restore_crypto_key_version(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.RestoreCryptoKeyVersionRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_restore_crypto_key_version_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - with pytest.raises(CustomException): - client.restore_crypto_key_version(name) - - def test_get_public_key(self): - # Setup Expected Response - pem = "pem110872" - expected_response = {"pem": pem} - expected_response = resources_pb2.PublicKey(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - response = client.get_public_key(name) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.GetPublicKeyRequest(name=name) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_public_key_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - - with pytest.raises(CustomException): - client.get_public_key(name) - - def test_asymmetric_decrypt(self): - # Setup Expected Response - plaintext = b"-9" - expected_response = {"plaintext": plaintext} - expected_response = service_pb2.AsymmetricDecryptResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - ciphertext = b"-72" - - response = client.asymmetric_decrypt(name, ciphertext) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.AsymmetricDecryptRequest( - name=name, ciphertext=ciphertext - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_asymmetric_decrypt_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - ciphertext = b"-72" - - with pytest.raises(CustomException): - client.asymmetric_decrypt(name, ciphertext) - - def test_asymmetric_sign(self): - # Setup Expected Response - signature = b"-100" - expected_response = {"signature": signature} - expected_response = service_pb2.AsymmetricSignResponse(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - digest = {} - - response = client.asymmetric_sign(name, digest) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = service_pb2.AsymmetricSignRequest(name=name, digest=digest) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_asymmetric_sign_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - name = client.crypto_key_version_path( - "[PROJECT]", - "[LOCATION]", - "[KEY_RING]", - "[CRYPTO_KEY]", - "[CRYPTO_KEY_VERSION]", - ) - digest = {} - - with pytest.raises(CustomException): - client.asymmetric_sign(name, digest) - - def test_set_iam_policy(self): - # Setup Expected Response - version = 351608024 - etag = b"21" - expected_response = {"version": version, "etag": etag} - expected_response = policy_pb2.Policy(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - resource = "resource-341064690" - policy = {} - - response = client.set_iam_policy(resource, policy) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = iam_policy_pb2.SetIamPolicyRequest( - resource=resource, policy=policy - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_set_iam_policy_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - resource = "resource-341064690" - policy = {} - - with pytest.raises(CustomException): - client.set_iam_policy(resource, policy) - - def test_get_iam_policy(self): - # Setup Expected Response - version = 351608024 - etag = b"21" - expected_response = {"version": version, "etag": etag} - expected_response = policy_pb2.Policy(**expected_response) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - resource = "resource-341064690" - - response = client.get_iam_policy(resource) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = iam_policy_pb2.GetIamPolicyRequest(resource=resource) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_get_iam_policy_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - resource = "resource-341064690" - - with pytest.raises(CustomException): - client.get_iam_policy(resource) - - def test_test_iam_permissions(self): - # Setup Expected Response - expected_response = {} - expected_response = iam_policy_pb2.TestIamPermissionsResponse( - **expected_response - ) - - # Mock the API response - channel = ChannelStub(responses=[expected_response]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup Request - resource = "resource-341064690" - permissions = [] - - response = client.test_iam_permissions(resource, permissions) - assert expected_response == response - - assert len(channel.requests) == 1 - expected_request = iam_policy_pb2.TestIamPermissionsRequest( - resource=resource, permissions=permissions - ) - actual_request = channel.requests[0][1] - assert expected_request == actual_request - - def test_test_iam_permissions_exception(self): - # Mock the API response - channel = ChannelStub(responses=[CustomException()]) - patch = mock.patch("google.api_core.grpc_helpers.create_channel") - with patch as create_channel: - create_channel.return_value = channel - client = kms_v1.KeyManagementServiceClient() - - # Setup request - resource = "resource-341064690" - permissions = [] - - with pytest.raises(CustomException): - client.test_iam_permissions(resource, permissions)