From 6688e80aa4db74980d4a6194519c814a22cde177 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Bot Date: Thu, 27 Aug 2020 09:12:34 -0700 Subject: [PATCH] feat: accept custom client_info (#41) --- google/cloud/kms_v1/proto/resources.proto | 26 +- google/cloud/kms_v1/proto/service.proto | 222 ++++++++ .../key_management_service/async_client.py | 81 +-- .../services/key_management_service/client.py | 487 +++++++++++------ .../key_management_service/transports/base.py | 63 ++- .../key_management_service/transports/grpc.py | 16 +- .../transports/grpc_asyncio.py | 10 +- google/cloud/kms_v1/types/resources.py | 31 +- google/cloud/kms_v1/types/service.py | 343 ++++++++++++ scripts/fixup_kms_v1_keywords.py | 8 +- synth.metadata | 8 +- .../kms_v1/test_key_management_service.py | 512 ++++++++++++------ 12 files changed, 1401 insertions(+), 406 deletions(-) diff --git a/google/cloud/kms_v1/proto/resources.proto b/google/cloud/kms_v1/proto/resources.proto index e78b10cc..88e31bd9 100644 --- a/google/cloud/kms_v1/proto/resources.proto +++ b/google/cloud/kms_v1/proto/resources.proto @@ -20,6 +20,7 @@ import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; import "google/api/annotations.proto"; option cc_enable_arenas = true; @@ -48,8 +49,8 @@ message KeyRing { // A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic // operations. // -// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of one or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which -// represent the actual key material used in cryptographic operations. +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], +// which represent the actual key material used in cryptographic operations. message CryptoKey { option (google.api.resource) = { type: "cloudkms.googleapis.com/CryptoKey" @@ -418,6 +419,27 @@ message PublicKey { // The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated // with this key. CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed + // by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and + // comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value pem_crc32c = 3; + + // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. + // Provided here for verification. + // + // NOTE: This field is in Beta. + string name = 4; } // An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and diff --git a/google/cloud/kms_v1/proto/service.proto b/google/cloud/kms_v1/proto/service.proto index d0c8949c..65d20771 100644 --- a/google/cloud/kms_v1/proto/service.proto +++ b/google/cloud/kms_v1/proto/service.proto @@ -22,6 +22,7 @@ import "google/api/field_behavior.proto"; import "google/api/resource.proto"; import "google/cloud/kms/v1/resources.proto"; import "google/protobuf/field_mask.proto"; +import "google/protobuf/wrappers.proto"; option cc_enable_arenas = true; option csharp_namespace = "Google.Cloud.Kms.V1"; @@ -731,6 +732,41 @@ message EncryptRequest { // plaintext and additional_authenticated_data fields must be no larger than // 8KiB. bytes additional_authenticated_data = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the + // received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of + // retries. A persistent mismatch may indicate an issue in your computation of + // the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 7 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform + // a limited number of retries. A persistent mismatch may indicate an issue in + // your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 [(google.api.field_behavior) = OPTIONAL]; } // Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. @@ -751,6 +787,41 @@ message DecryptRequest { // Optional. Optional data that must match the data originally supplied in // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. bytes additional_authenticated_data = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the + // received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to + // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number + // of retries. A persistent mismatch may indicate an issue in your computation + // of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to + // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform + // a limited number of retries. A persistent mismatch may indicate an issue in + // your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 [(google.api.field_behavior) = OPTIONAL]; } // Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. @@ -767,6 +838,23 @@ message AsymmetricSignRequest { // the same digest algorithm as specified by the key version's // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. Digest digest = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If + // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the + // received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited + // number of retries. A persistent mismatch may indicate an issue in your + // computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value digest_crc32c = 4 [(google.api.field_behavior) = OPTIONAL]; } // Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. @@ -783,12 +871,46 @@ message AsymmetricDecryptRequest { // Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public // key using OAEP. bytes ciphertext = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + // If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the + // received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification + // fails. If you receive a checksum error, your client should verify that + // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a + // limited number of retries. A persistent mismatch may indicate an issue in + // your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4 [(google.api.field_behavior) = OPTIONAL]; } // Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. message DecryptResponse { // The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C + // checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to + // this field. Discard the response in case of non-matching checksum values, + // and perform a limited number of retries. A persistent mismatch may indicate + // an issue in your computation of the CRC32C checksum. Note: receiving this + // response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to + // successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; } // Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. @@ -799,18 +921,118 @@ message EncryptResponse { // The encrypted data. bytes ciphertext = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C + // checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to + // this field. Discard the response in case of non-matching checksum values, + // and perform a limited number of retries. A persistent mismatch may indicate + // an issue in your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the + // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field + // indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or + // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard + // the response and perform a limited number of retries. + // + // NOTE: This field is in Beta. + bool verified_plaintext_crc32c = 5; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the + // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this + // field indicates either that + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or + // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is + // still false, discard the response and perform a limited number of retries. + // + // NOTE: This field is in Beta. + bool verified_additional_authenticated_data_crc32c = 6; } // Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. message AsymmetricSignResponse { // The created signature. bytes signature = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the + // CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your + // results to this field. Discard the response in case of non-matching + // checksum values, and perform a limited number of retries. A persistent + // mismatch may indicate an issue in your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value signature_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the + // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field + // indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left + // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false, + // discard the response and perform a limited number of retries. + // + // NOTE: This field is in Beta. + bool verified_digest_crc32c = 3; + + // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check + // this field to verify that the intended resource was used for signing. + // + // NOTE: This field is in Beta. + string name = 4; } // Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. message AsymmetricDecryptResponse { // The decrypted data originally encrypted with the matching public key. bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the + // CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing + // your results to this field. Discard the response in case of non-matching + // checksum values, and perform a limited number of retries. A persistent + // mismatch may indicate an issue in your computation of the CRC32C checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the + // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this + // field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If + // you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is + // still false, discard the response and perform a limited number of retries. + // + // NOTE: This field is in Beta. + bool verified_ciphertext_crc32c = 3; } // Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. diff --git a/google/cloud/kms_v1/services/key_management_service/async_client.py b/google/cloud/kms_v1/services/key_management_service/async_client.py index 02826dbb..21bfb4d8 100644 --- a/google/cloud/kms_v1/services/key_management_service/async_client.py +++ b/google/cloud/kms_v1/services/key_management_service/async_client.py @@ -36,8 +36,9 @@ from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore -from .transports.base import KeyManagementServiceTransport +from .transports.base import KeyManagementServiceTransport, DEFAULT_CLIENT_INFO from .transports.grpc_asyncio import KeyManagementServiceGrpcAsyncIOTransport from .client import KeyManagementServiceClient @@ -62,16 +63,16 @@ class KeyManagementServiceAsyncClient: DEFAULT_ENDPOINT = KeyManagementServiceClient.DEFAULT_ENDPOINT DEFAULT_MTLS_ENDPOINT = KeyManagementServiceClient.DEFAULT_MTLS_ENDPOINT + crypto_key_path = staticmethod(KeyManagementServiceClient.crypto_key_path) + + import_job_path = staticmethod(KeyManagementServiceClient.import_job_path) + crypto_key_version_path = staticmethod( KeyManagementServiceClient.crypto_key_version_path ) key_ring_path = staticmethod(KeyManagementServiceClient.key_ring_path) - crypto_key_path = staticmethod(KeyManagementServiceClient.crypto_key_path) - - import_job_path = staticmethod(KeyManagementServiceClient.import_job_path) - from_service_account_file = KeyManagementServiceClient.from_service_account_file from_service_account_json = from_service_account_file @@ -86,6 +87,7 @@ def __init__( credentials: credentials.Credentials = None, transport: Union[str, KeyManagementServiceTransport] = "grpc_asyncio", client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiate the key management service client. @@ -119,7 +121,10 @@ def __init__( """ self._client = KeyManagementServiceClient( - credentials=credentials, transport=transport, client_options=client_options, + credentials=credentials, + transport=transport, + client_options=client_options, + client_info=client_info, ) async def list_key_rings( @@ -193,7 +198,7 @@ async def list_key_rings( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -285,7 +290,7 @@ async def list_crypto_keys( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -378,7 +383,7 @@ async def list_crypto_key_versions( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -470,7 +475,7 @@ async def list_import_jobs( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -560,7 +565,7 @@ async def get_key_ring( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -615,7 +620,7 @@ async def get_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -653,7 +658,7 @@ async def get_crypto_key( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -751,7 +756,7 @@ async def get_crypto_key_version( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -843,7 +848,7 @@ async def get_public_key( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -970,7 +975,7 @@ async def get_import_job( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1073,7 +1078,7 @@ async def create_key_ring( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1144,7 +1149,7 @@ async def create_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -1186,7 +1191,7 @@ async def create_crypto_key( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1290,7 +1295,7 @@ async def create_crypto_key_version( rpc = gapic_v1.method_async.wrap_method( self._client._transport.create_crypto_key_version, default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1361,7 +1366,7 @@ async def import_crypto_key_version( rpc = gapic_v1.method_async.wrap_method( self._client._transport.import_crypto_key_version, default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1509,7 +1514,7 @@ async def create_import_job( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1567,7 +1572,7 @@ async def update_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -1607,7 +1612,7 @@ async def update_crypto_key( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1727,7 +1732,7 @@ async def update_crypto_key_version( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1840,7 +1845,7 @@ async def encrypt( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -1937,7 +1942,7 @@ async def decrypt( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2036,7 +2041,7 @@ async def asymmetric_sign( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2135,7 +2140,7 @@ async def asymmetric_decrypt( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2198,7 +2203,7 @@ async def update_crypto_key_primary_version( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -2238,7 +2243,7 @@ async def update_crypto_key_primary_version( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2354,7 +2359,7 @@ async def destroy_crypto_key_version( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2461,7 +2466,7 @@ async def restore_crypto_key_version( ), ), default_timeout=60.0, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2571,7 +2576,7 @@ async def set_iam_policy( rpc = gapic_v1.method_async.wrap_method( self._client._transport.set_iam_policy, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2682,7 +2687,7 @@ async def get_iam_policy( rpc = gapic_v1.method_async.wrap_method( self._client._transport.get_iam_policy, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2734,7 +2739,7 @@ async def test_iam_permissions( rpc = gapic_v1.method_async.wrap_method( self._client._transport.test_iam_permissions, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2751,11 +2756,11 @@ async def test_iam_permissions( try: - _client_info = gapic_v1.client_info.ClientInfo( + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, ) except pkg_resources.DistributionNotFound: - _client_info = gapic_v1.client_info.ClientInfo() + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() __all__ = ("KeyManagementServiceAsyncClient",) diff --git a/google/cloud/kms_v1/services/key_management_service/client.py b/google/cloud/kms_v1/services/key_management_service/client.py index f346143e..ebcc6193 100644 --- a/google/cloud/kms_v1/services/key_management_service/client.py +++ b/google/cloud/kms_v1/services/key_management_service/client.py @@ -38,8 +38,9 @@ from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore -from .transports.base import KeyManagementServiceTransport +from .transports.base import KeyManagementServiceTransport, DEFAULT_CLIENT_INFO from .transports.grpc import KeyManagementServiceGrpcTransport from .transports.grpc_asyncio import KeyManagementServiceGrpcAsyncIOTransport @@ -241,6 +242,7 @@ def __init__( credentials: credentials.Credentials = None, transport: Union[str, KeyManagementServiceTransport] = None, client_options: ClientOptions = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiate the key management service client. @@ -267,6 +269,11 @@ def __init__( (2) The ``client_cert_source`` property is used to provide client SSL credentials for mutual TLS transport. If not provided, the default SSL credentials will be used if present. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -324,6 +331,7 @@ def __init__( api_mtls_endpoint=client_options.api_endpoint, client_cert_source=client_options.client_cert_source, quota_project_id=client_options.quota_project_id, + client_info=client_info, ) def list_key_rings( @@ -368,19 +376,25 @@ def list_key_rings( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent]): + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.ListKeyRingsRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.ListKeyRingsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListKeyRingsRequest): + request = service.ListKeyRingsRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent + if parent is not None: + request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -446,19 +460,25 @@ def list_crypto_keys( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent]): + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.ListCryptoKeysRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.ListCryptoKeysRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListCryptoKeysRequest): + request = service.ListCryptoKeysRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent + if parent is not None: + request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -525,19 +545,25 @@ def list_crypto_key_versions( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent]): + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.ListCryptoKeyVersionsRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.ListCryptoKeyVersionsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListCryptoKeyVersionsRequest): + request = service.ListCryptoKeyVersionsRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent + if parent is not None: + request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -603,19 +629,25 @@ def list_import_jobs( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent]): + has_flattened_params = any([parent]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.ListImportJobsRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.ListImportJobsRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ListImportJobsRequest): + request = service.ListImportJobsRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent + if parent is not None: + request.parent = parent # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -679,19 +711,25 @@ def get_key_ring( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.GetKeyRingRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.GetKeyRingRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetKeyRingRequest): + request = service.GetKeyRingRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -749,7 +787,7 @@ def get_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -758,19 +796,25 @@ def get_crypto_key( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.GetCryptoKeyRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.GetCryptoKeyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetCryptoKeyRequest): + request = service.GetCryptoKeyRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -842,19 +886,25 @@ def get_crypto_key_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.GetCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.GetCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetCryptoKeyVersionRequest): + request = service.GetCryptoKeyVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -920,19 +970,25 @@ def get_public_key( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.GetPublicKeyRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.GetPublicKeyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetPublicKeyRequest): + request = service.GetPublicKeyRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1033,19 +1089,25 @@ def get_import_job( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.GetImportJobRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.GetImportJobRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.GetImportJobRequest): + request = service.GetImportJobRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1118,23 +1180,29 @@ def create_key_ring( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent, key_ring_id, key_ring]): + has_flattened_params = any([parent, key_ring_id, key_ring]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.CreateKeyRingRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateKeyRingRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateKeyRingRequest): + request = service.CreateKeyRingRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent - if key_ring_id is not None: - request.key_ring_id = key_ring_id - if key_ring is not None: - request.key_ring = key_ring + if parent is not None: + request.parent = parent + if key_ring_id is not None: + request.key_ring_id = key_ring_id + if key_ring is not None: + request.key_ring = key_ring # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1208,7 +1276,7 @@ def create_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -1217,23 +1285,29 @@ def create_crypto_key( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent, crypto_key_id, crypto_key]): + has_flattened_params = any([parent, crypto_key_id, crypto_key]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.CreateCryptoKeyRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateCryptoKeyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateCryptoKeyRequest): + request = service.CreateCryptoKeyRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent - if crypto_key_id is not None: - request.crypto_key_id = crypto_key_id - if crypto_key is not None: - request.crypto_key = crypto_key + if parent is not None: + request.parent = parent + if crypto_key_id is not None: + request.crypto_key_id = crypto_key_id + if crypto_key is not None: + request.crypto_key = crypto_key # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1319,21 +1393,27 @@ def create_crypto_key_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent, crypto_key_version]): + has_flattened_params = any([parent, crypto_key_version]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.CreateCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateCryptoKeyVersionRequest): + request = service.CreateCryptoKeyVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent - if crypto_key_version is not None: - request.crypto_key_version = crypto_key_version + if parent is not None: + request.parent = parent + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1402,7 +1482,12 @@ def import_crypto_key_version( """ # Create or coerce a protobuf request object. - request = service.ImportCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.ImportCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.ImportCryptoKeyVersionRequest): + request = service.ImportCryptoKeyVersionRequest(request) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1522,23 +1607,29 @@ def create_import_job( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([parent, import_job_id, import_job]): + has_flattened_params = any([parent, import_job_id, import_job]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.CreateImportJobRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.CreateImportJobRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.CreateImportJobRequest): + request = service.CreateImportJobRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if parent is not None: - request.parent = parent - if import_job_id is not None: - request.import_job_id = import_job_id - if import_job is not None: - request.import_job = import_job + if parent is not None: + request.parent = parent + if import_job_id is not None: + request.import_job_id = import_job_id + if import_job is not None: + request.import_job = import_job # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1599,7 +1690,7 @@ def update_crypto_key( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -1608,21 +1699,27 @@ def update_crypto_key( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([crypto_key, update_mask]): + has_flattened_params = any([crypto_key, update_mask]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.UpdateCryptoKeyRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdateCryptoKeyRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdateCryptoKeyRequest): + request = service.UpdateCryptoKeyRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if crypto_key is not None: - request.crypto_key = crypto_key - if update_mask is not None: - request.update_mask = update_mask + if crypto_key is not None: + request.crypto_key = crypto_key + if update_mask is not None: + request.update_mask = update_mask # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1714,21 +1811,27 @@ def update_crypto_key_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([crypto_key_version, update_mask]): + has_flattened_params = any([crypto_key_version, update_mask]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.UpdateCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdateCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdateCryptoKeyVersionRequest): + request = service.UpdateCryptoKeyVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if crypto_key_version is not None: - request.crypto_key_version = crypto_key_version - if update_mask is not None: - request.update_mask = update_mask + if crypto_key_version is not None: + request.crypto_key_version = crypto_key_version + if update_mask is not None: + request.update_mask = update_mask # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1815,21 +1918,27 @@ def encrypt( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name, plaintext]): + has_flattened_params = any([name, plaintext]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.EncryptRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.EncryptRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.EncryptRequest): + request = service.EncryptRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name - if plaintext is not None: - request.plaintext = plaintext + if name is not None: + request.name = name + if plaintext is not None: + request.plaintext = plaintext # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1898,21 +2007,27 @@ def decrypt( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name, ciphertext]): + has_flattened_params = any([name, ciphertext]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.DecryptRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.DecryptRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.DecryptRequest): + request = service.DecryptRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name - if ciphertext is not None: - request.ciphertext = ciphertext + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -1983,21 +2098,27 @@ def asymmetric_sign( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name, digest]): + has_flattened_params = any([name, digest]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.AsymmetricSignRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.AsymmetricSignRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.AsymmetricSignRequest): + request = service.AsymmetricSignRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name - if digest is not None: - request.digest = digest + if name is not None: + request.name = name + if digest is not None: + request.digest = digest # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2068,21 +2189,27 @@ def asymmetric_decrypt( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name, ciphertext]): + has_flattened_params = any([name, ciphertext]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.AsymmetricDecryptRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.AsymmetricDecryptRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.AsymmetricDecryptRequest): + request = service.AsymmetricDecryptRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name - if ciphertext is not None: - request.ciphertext = ciphertext + if name is not None: + request.name = name + if ciphertext is not None: + request.ciphertext = ciphertext # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2148,7 +2275,7 @@ def update_crypto_key_primary_version( operations. A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up - of one or more + of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -2157,21 +2284,27 @@ def update_crypto_key_primary_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name, crypto_key_version_id]): + has_flattened_params = any([name, crypto_key_version_id]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.UpdateCryptoKeyPrimaryVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.UpdateCryptoKeyPrimaryVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.UpdateCryptoKeyPrimaryVersionRequest): + request = service.UpdateCryptoKeyPrimaryVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name - if crypto_key_version_id is not None: - request.crypto_key_version_id = crypto_key_version_id + if name is not None: + request.name = name + if crypto_key_version_id is not None: + request.crypto_key_version_id = crypto_key_version_id # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2263,19 +2396,25 @@ def destroy_crypto_key_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.DestroyCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.DestroyCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.DestroyCryptoKeyVersionRequest): + request = service.DestroyCryptoKeyVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2358,19 +2497,25 @@ def restore_crypto_key_version( # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. - if request is not None and any([name]): + has_flattened_params = any([name]) + if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) - request = service.RestoreCryptoKeyVersionRequest(request) + # Minor optimization to avoid making a copy if the user passes + # in a service.RestoreCryptoKeyVersionRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.RestoreCryptoKeyVersionRequest): + request = service.RestoreCryptoKeyVersionRequest(request) - # If we have keyword arguments corresponding to fields on the - # request, apply these. + # If we have keyword arguments corresponding to fields on the + # request, apply these. - if name is not None: - request.name = name + if name is not None: + request.name = name # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. @@ -2485,7 +2630,7 @@ def set_iam_policy( rpc = gapic_v1.method.wrap_method( self._transport.set_iam_policy, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2596,7 +2741,7 @@ def get_iam_policy( rpc = gapic_v1.method.wrap_method( self._transport.get_iam_policy, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2648,7 +2793,7 @@ def test_iam_permissions( rpc = gapic_v1.method.wrap_method( self._transport.test_iam_permissions, default_timeout=None, - client_info=_client_info, + client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; @@ -2665,11 +2810,11 @@ def test_iam_permissions( try: - _client_info = gapic_v1.client_info.ClientInfo( + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, ) except pkg_resources.DistributionNotFound: - _client_info = gapic_v1.client_info.ClientInfo() + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() __all__ = ("KeyManagementServiceClient",) diff --git a/google/cloud/kms_v1/services/key_management_service/transports/base.py b/google/cloud/kms_v1/services/key_management_service/transports/base.py index 23572f84..d678a926 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/base.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/base.py @@ -19,10 +19,11 @@ import typing import pkg_resources -from google import auth +from google import auth # type: ignore from google.api_core import exceptions # type: ignore from google.api_core import gapic_v1 # type: ignore from google.api_core import retry as retries # type: ignore +from google.api_core import retry as retries # type: ignore from google.auth import credentials # type: ignore from google.cloud.kms_v1.types import resources @@ -32,11 +33,11 @@ try: - _client_info = gapic_v1.client_info.ClientInfo( + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo( gapic_version=pkg_resources.get_distribution("google-cloud-kms",).version, ) except pkg_resources.DistributionNotFound: - _client_info = gapic_v1.client_info.ClientInfo() + DEFAULT_CLIENT_INFO = gapic_v1.client_info.ClientInfo() class KeyManagementServiceTransport(abc.ABC): @@ -55,6 +56,7 @@ def __init__( credentials_file: typing.Optional[str] = None, scopes: typing.Optional[typing.Sequence[str]] = AUTH_SCOPES, quota_project_id: typing.Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, **kwargs, ) -> None: """Instantiate the transport. @@ -72,6 +74,11 @@ def __init__( scope (Optional[Sequence[str]]): A list of scopes. quota_project_id (Optional[str]): An optional project to use for billing and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. """ # Save the hostname. Default to port 443 (HTTPS) if none is specified. if ":" not in host: @@ -99,9 +106,9 @@ def __init__( self._credentials = credentials # Lifted into its own function so it can be stubbed out during tests. - self._prep_wrapped_messages() + self._prep_wrapped_messages(client_info) - def _prep_wrapped_messages(self): + def _prep_wrapped_messages(self, client_info): # Precompute the wrapped methods. self._wrapped_methods = { self.list_key_rings: gapic_v1.method.wrap_method( @@ -117,7 +124,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.list_crypto_keys: gapic_v1.method.wrap_method( self.list_crypto_keys, @@ -132,7 +139,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.list_crypto_key_versions: gapic_v1.method.wrap_method( self.list_crypto_key_versions, @@ -147,7 +154,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.list_import_jobs: gapic_v1.method.wrap_method( self.list_import_jobs, @@ -162,7 +169,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.get_key_ring: gapic_v1.method.wrap_method( self.get_key_ring, @@ -177,7 +184,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.get_crypto_key: gapic_v1.method.wrap_method( self.get_crypto_key, @@ -192,7 +199,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.get_crypto_key_version: gapic_v1.method.wrap_method( self.get_crypto_key_version, @@ -207,7 +214,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.get_public_key: gapic_v1.method.wrap_method( self.get_public_key, @@ -222,7 +229,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.get_import_job: gapic_v1.method.wrap_method( self.get_import_job, @@ -237,7 +244,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.create_key_ring: gapic_v1.method.wrap_method( self.create_key_ring, @@ -252,7 +259,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.create_crypto_key: gapic_v1.method.wrap_method( self.create_crypto_key, @@ -267,17 +274,17 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.create_crypto_key_version: gapic_v1.method.wrap_method( self.create_crypto_key_version, default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.import_crypto_key_version: gapic_v1.method.wrap_method( self.import_crypto_key_version, default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.create_import_job: gapic_v1.method.wrap_method( self.create_import_job, @@ -292,7 +299,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.update_crypto_key: gapic_v1.method.wrap_method( self.update_crypto_key, @@ -307,7 +314,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.update_crypto_key_version: gapic_v1.method.wrap_method( self.update_crypto_key_version, @@ -322,7 +329,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.encrypt: gapic_v1.method.wrap_method( self.encrypt, @@ -337,7 +344,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.decrypt: gapic_v1.method.wrap_method( self.decrypt, @@ -352,7 +359,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.asymmetric_sign: gapic_v1.method.wrap_method( self.asymmetric_sign, @@ -367,7 +374,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.asymmetric_decrypt: gapic_v1.method.wrap_method( self.asymmetric_decrypt, @@ -382,7 +389,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.update_crypto_key_primary_version: gapic_v1.method.wrap_method( self.update_crypto_key_primary_version, @@ -397,7 +404,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.destroy_crypto_key_version: gapic_v1.method.wrap_method( self.destroy_crypto_key_version, @@ -412,7 +419,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), self.restore_crypto_key_version: gapic_v1.method.wrap_method( self.restore_crypto_key_version, @@ -427,7 +434,7 @@ def _prep_wrapped_messages(self): ), ), default_timeout=60.0, - client_info=_client_info, + client_info=client_info, ), } diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py index f914eb77..c5da6fc9 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/grpc.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py @@ -18,6 +18,7 @@ from typing import Callable, Dict, Optional, Sequence, Tuple from google.api_core import grpc_helpers # type: ignore +from google.api_core import gapic_v1 # type: ignore from google import auth # type: ignore from google.auth import credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore @@ -30,7 +31,7 @@ from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore -from .base import KeyManagementServiceTransport +from .base import KeyManagementServiceTransport, DEFAULT_CLIENT_INFO class KeyManagementServiceGrpcTransport(KeyManagementServiceTransport): @@ -69,7 +70,8 @@ def __init__( channel: grpc.Channel = None, api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, - quota_project_id: Optional[str] = None + quota_project_id: Optional[str] = None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiate the transport. @@ -98,6 +100,11 @@ def __init__( is None. quota_project_id (Optional[str]): An optional project to use for billing and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. Raises: google.auth.exceptions.MutualTLSChannelError: If mutual TLS transport @@ -153,6 +160,7 @@ def __init__( credentials_file=credentials_file, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, + client_info=client_info, ) @classmethod @@ -163,7 +171,7 @@ def create_channel( credentials_file: str = None, scopes: Optional[Sequence[str]] = None, quota_project_id: Optional[str] = None, - **kwargs + **kwargs, ) -> grpc.Channel: """Create and return a gRPC channel object. Args: @@ -197,7 +205,7 @@ def create_channel( credentials_file=credentials_file, scopes=scopes, quota_project_id=quota_project_id, - **kwargs + **kwargs, ) @property diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py index 05fb9b49..56c887b3 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py @@ -17,6 +17,7 @@ from typing import Awaitable, Callable, Dict, Optional, Sequence, Tuple +from google.api_core import gapic_v1 # type: ignore from google.api_core import grpc_helpers_async # type: ignore from google.auth import credentials # type: ignore from google.auth.transport.grpc import SslCredentials # type: ignore @@ -29,7 +30,7 @@ from google.iam.v1 import iam_policy_pb2 as iam_policy # type: ignore from google.iam.v1 import policy_pb2 as policy # type: ignore -from .base import KeyManagementServiceTransport +from .base import KeyManagementServiceTransport, DEFAULT_CLIENT_INFO from .grpc import KeyManagementServiceGrpcTransport @@ -112,6 +113,7 @@ def __init__( api_mtls_endpoint: str = None, client_cert_source: Callable[[], Tuple[bytes, bytes]] = None, quota_project_id=None, + client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO, ) -> None: """Instantiate the transport. @@ -141,6 +143,11 @@ def __init__( is None. quota_project_id (Optional[str]): An optional project to use for billing and quota. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. Raises: google.auth.exceptions.MutualTlsChannelError: If mutual TLS transport @@ -189,6 +196,7 @@ def __init__( credentials_file=credentials_file, scopes=scopes or self.AUTH_SCOPES, quota_project_id=quota_project_id, + client_info=client_info, ) self._stubs = {} diff --git a/google/cloud/kms_v1/types/resources.py b/google/cloud/kms_v1/types/resources.py index 29a22293..d984bc0a 100644 --- a/google/cloud/kms_v1/types/resources.py +++ b/google/cloud/kms_v1/types/resources.py @@ -20,6 +20,7 @@ from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore __protobuf__ = proto.module( @@ -73,7 +74,7 @@ class CryptoKey(proto.Message): r"""A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations. - A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of one or + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations. @@ -473,6 +474,30 @@ class PublicKey(proto.Message): The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated with this key. + pem_crc32c (~.wrappers.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. + An integrity check of + [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be + performed by computing the CRC32C checksum of + [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and + comparing your results to this field. Discard the response + in case of non-matching checksum values, and perform a + limited number of retries. A persistent mismatch may + indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + + NOTE: This field is in Beta. + name (str): + The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + public key. Provided here for verification. + + NOTE: This field is in Beta. """ pem = proto.Field(proto.STRING, number=1) @@ -481,6 +506,10 @@ class PublicKey(proto.Message): proto.ENUM, number=2, enum=CryptoKeyVersion.CryptoKeyVersionAlgorithm, ) + pem_crc32c = proto.Field(proto.MESSAGE, number=3, message=wrappers.Int64Value,) + + name = proto.Field(proto.STRING, number=4) + class ImportJob(proto.Message): r"""An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create diff --git a/google/cloud/kms_v1/types/service.py b/google/cloud/kms_v1/types/service.py index bebb6e8f..7195dc00 100644 --- a/google/cloud/kms_v1/types/service.py +++ b/google/cloud/kms_v1/types/service.py @@ -20,6 +20,7 @@ from google.cloud.kms_v1.types import resources from google.protobuf import field_mask_pb2 as field_mask # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore __protobuf__ = proto.module( @@ -684,6 +685,52 @@ class EncryptRequest(proto.Message): combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. + plaintext_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) + is equal to + [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. + additional_authenticated_data_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) + is equal to + [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. """ name = proto.Field(proto.STRING, number=1) @@ -692,6 +739,14 @@ class EncryptRequest(proto.Message): additional_authenticated_data = proto.Field(proto.BYTES, number=3) + plaintext_crc32c = proto.Field( + proto.MESSAGE, number=7, message=wrappers.Int64Value, + ) + + additional_authenticated_data_crc32c = proto.Field( + proto.MESSAGE, number=8, message=wrappers.Int64Value, + ) + class DecryptRequest(proto.Message): r"""Request message for @@ -709,6 +764,52 @@ class DecryptRequest(proto.Message): Optional. Optional data that must match the data originally supplied in [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + ciphertext_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) + is equal to + [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. + additional_authenticated_data_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) + is equal to + [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. """ name = proto.Field(proto.STRING, number=1) @@ -717,6 +818,14 @@ class DecryptRequest(proto.Message): additional_authenticated_data = proto.Field(proto.BYTES, number=3) + ciphertext_crc32c = proto.Field( + proto.MESSAGE, number=5, message=wrappers.Int64Value, + ) + + additional_authenticated_data_crc32c = proto.Field( + proto.MESSAGE, number=6, message=wrappers.Int64Value, + ) + class AsymmetricSignRequest(proto.Message): r"""Request message for @@ -732,12 +841,37 @@ class AsymmetricSignRequest(proto.Message): produced with the same digest algorithm as specified by the key version's [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + digest_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) + is equal to + [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. """ name = proto.Field(proto.STRING, number=1) digest = proto.Field(proto.MESSAGE, number=3, message="Digest",) + digest_crc32c = proto.Field(proto.MESSAGE, number=4, message=wrappers.Int64Value,) + class AsymmetricDecryptRequest(proto.Message): r"""Request message for @@ -752,12 +886,39 @@ class AsymmetricDecryptRequest(proto.Message): Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using OAEP. + ciphertext_crc32c (~.wrappers.Int64Value): + Optional. An optional CRC32C checksum of the + [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] + using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) + is equal to + [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], + and if so, perform a limited number of retries. A persistent + mismatch may indicate an issue in your computation of the + CRC32C checksum. Note: This field is defined as int64 for + reasons of compatibility across different languages. + However, it is a non-negative integer, which will never + exceed 2^32-1, and can be safely downconverted to uint32 in + languages that support this type. + + NOTE: This field is in Beta. """ name = proto.Field(proto.STRING, number=1) ciphertext = proto.Field(proto.BYTES, number=3) + ciphertext_crc32c = proto.Field( + proto.MESSAGE, number=4, message=wrappers.Int64Value, + ) + class DecryptResponse(proto.Message): r"""Response message for @@ -767,10 +928,38 @@ class DecryptResponse(proto.Message): plaintext (bytes): The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + plaintext_crc32c (~.wrappers.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. + An integrity check of + [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + can be performed by computing the CRC32C checksum of + [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + and comparing your results to this field. Discard the + response in case of non-matching checksum values, and + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: receiving this response message indicates + that + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + is able to successfully decrypt the + [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + Note: This field is defined as int64 for reasons of + compatibility across different languages. However, it is a + non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + + NOTE: This field is in Beta. """ plaintext = proto.Field(proto.BYTES, number=1) + plaintext_crc32c = proto.Field( + proto.MESSAGE, number=2, message=wrappers.Int64Value, + ) + class EncryptResponse(proto.Message): r"""Response message for @@ -784,12 +973,73 @@ class EncryptResponse(proto.Message): intended resource was used for encryption. ciphertext (bytes): The encrypted data. + ciphertext_crc32c (~.wrappers.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + An integrity check of + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + can be performed by computing the CRC32C checksum of + [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + and comparing your results to this field. Discard the + response in case of non-matching checksum values, and + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + + NOTE: This field is in Beta. + verified_plaintext_crc32c (bool): + Integrity verification field. A flag indicating whether + [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the + [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A + false value of this field indicates either that + [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + + NOTE: This field is in Beta. + verified_additional_authenticated_data_crc32c (bool): + Integrity verification field. A flag indicating whether + [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the + [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + A false value of this field indicates either that + [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + + NOTE: This field is in Beta. """ name = proto.Field(proto.STRING, number=1) ciphertext = proto.Field(proto.BYTES, number=2) + ciphertext_crc32c = proto.Field( + proto.MESSAGE, number=4, message=wrappers.Int64Value, + ) + + verified_plaintext_crc32c = proto.Field(proto.BOOL, number=5) + + verified_additional_authenticated_data_crc32c = proto.Field(proto.BOOL, number=6) + class AsymmetricSignResponse(proto.Message): r"""Response message for @@ -798,10 +1048,61 @@ class AsymmetricSignResponse(proto.Message): Attributes: signature (bytes): The created signature. + signature_crc32c (~.wrappers.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. + An integrity check of + [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + can be performed by computing the CRC32C checksum of + [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + and comparing your results to this field. Discard the + response in case of non-matching checksum values, and + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + + NOTE: This field is in Beta. + verified_digest_crc32c (bool): + Integrity verification field. A flag indicating whether + [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the + [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. + A false value of this field indicates either that + [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + + NOTE: This field is in Beta. + name (str): + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + used for signing. Check this field to verify that the + intended resource was used for signing. + + NOTE: This field is in Beta. """ signature = proto.Field(proto.BYTES, number=1) + signature_crc32c = proto.Field( + proto.MESSAGE, number=2, message=wrappers.Int64Value, + ) + + verified_digest_crc32c = proto.Field(proto.BOOL, number=3) + + name = proto.Field(proto.STRING, number=4) + class AsymmetricDecryptResponse(proto.Message): r"""Response message for @@ -811,10 +1112,52 @@ class AsymmetricDecryptResponse(proto.Message): plaintext (bytes): The decrypted data originally encrypted with the matching public key. + plaintext_crc32c (~.wrappers.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. + An integrity check of + [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + can be performed by computing the CRC32C checksum of + [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + and comparing your results to this field. Discard the + response in case of non-matching checksum values, and + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + + NOTE: This field is in Beta. + verified_ciphertext_crc32c (bool): + Integrity verification field. A flag indicating whether + [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the + [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + A false value of this field indicates either that + [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + + NOTE: This field is in Beta. """ plaintext = proto.Field(proto.BYTES, number=1) + plaintext_crc32c = proto.Field( + proto.MESSAGE, number=2, message=wrappers.Int64Value, + ) + + verified_ciphertext_crc32c = proto.Field(proto.BOOL, number=3) + class UpdateCryptoKeyPrimaryVersionRequest(proto.Message): r"""Request message for diff --git a/scripts/fixup_kms_v1_keywords.py b/scripts/fixup_kms_v1_keywords.py index 5a3c1bd7..3d8255e2 100644 --- a/scripts/fixup_kms_v1_keywords.py +++ b/scripts/fixup_kms_v1_keywords.py @@ -40,15 +40,15 @@ def partition( class kmsCallTransformer(cst.CSTTransformer): CTRL_PARAMS: Tuple[str] = ('retry', 'timeout', 'metadata') METHOD_TO_PARAMS: Dict[str, Tuple[str]] = { - 'asymmetric_decrypt': ('name', 'ciphertext', ), - 'asymmetric_sign': ('name', 'digest', ), + 'asymmetric_decrypt': ('name', 'ciphertext', 'ciphertext_crc32c', ), + 'asymmetric_sign': ('name', 'digest', 'digest_crc32c', ), 'create_crypto_key': ('parent', 'crypto_key_id', 'crypto_key', 'skip_initial_version_creation', ), 'create_crypto_key_version': ('parent', 'crypto_key_version', ), 'create_import_job': ('parent', 'import_job_id', 'import_job', ), 'create_key_ring': ('parent', 'key_ring_id', 'key_ring', ), - 'decrypt': ('name', 'ciphertext', 'additional_authenticated_data', ), + 'decrypt': ('name', 'ciphertext', 'additional_authenticated_data', 'ciphertext_crc32c', 'additional_authenticated_data_crc32c', ), 'destroy_crypto_key_version': ('name', ), - 'encrypt': ('name', 'plaintext', 'additional_authenticated_data', ), + 'encrypt': ('name', 'plaintext', 'additional_authenticated_data', 'plaintext_crc32c', 'additional_authenticated_data_crc32c', ), 'get_crypto_key': ('name', ), 'get_crypto_key_version': ('name', ), 'get_import_job': ('name', ), diff --git a/synth.metadata b/synth.metadata index e2e1e315..d554ca20 100644 --- a/synth.metadata +++ b/synth.metadata @@ -3,16 +3,16 @@ { "git": { "name": ".", - "remote": "git@github.com:googleapis/python-kms", - "sha": "b86cb3a61661e102bff02e592dd6ec952e008162" + "remote": "https://github.com/googleapis/python-kms.git", + "sha": "9edcc9abceb6f790f4d1968aef3ba61903e30824" } }, { "git": { "name": "googleapis", "remote": "https://github.com/googleapis/googleapis.git", - "sha": "1907f0fdbd1c51e62d8452a4007bf2134a8bd4c2", - "internalRef": "323657371" + "sha": "1a85976e6bcecdaee1242f6e7fd8b3db81904f56", + "internalRef": "328476173" } }, { diff --git a/tests/unit/gapic/kms_v1/test_key_management_service.py b/tests/unit/gapic/kms_v1/test_key_management_service.py index 2bcd122a..8bda1d3a 100644 --- a/tests/unit/gapic/kms_v1/test_key_management_service.py +++ b/tests/unit/gapic/kms_v1/test_key_management_service.py @@ -49,6 +49,7 @@ from google.protobuf import duration_pb2 as duration # type: ignore from google.protobuf import field_mask_pb2 as field_mask # type: ignore from google.protobuf import timestamp_pb2 as timestamp # type: ignore +from google.protobuf import wrappers_pb2 as wrappers # type: ignore def client_cert_source_callback(): @@ -174,6 +175,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint="squid.clam.whelk", client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS is @@ -190,6 +192,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS is @@ -206,6 +209,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is @@ -225,6 +229,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, client_cert_source=client_cert_source_callback, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is @@ -245,6 +250,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_MTLS_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided, GOOGLE_API_USE_MTLS is @@ -265,6 +271,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) # Check the case api_endpoint is not provided and GOOGLE_API_USE_MTLS has @@ -286,6 +293,7 @@ def test_key_management_service_client_client_options( api_mtls_endpoint=client.DEFAULT_ENDPOINT, client_cert_source=None, quota_project_id="octopus", + client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -320,6 +328,7 @@ def test_key_management_service_client_client_options_scopes( api_mtls_endpoint=client.DEFAULT_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -354,6 +363,7 @@ def test_key_management_service_client_client_options_credentials_file( api_mtls_endpoint=client.DEFAULT_ENDPOINT, client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) @@ -373,17 +383,20 @@ def test_key_management_service_client_client_options_from_dict(): api_mtls_endpoint="squid.clam.whelk", client_cert_source=None, quota_project_id=None, + client_info=transports.base.DEFAULT_CLIENT_INFO, ) -def test_list_key_rings(transport: str = "grpc"): +def test_list_key_rings( + transport: str = "grpc", request_type=service.ListKeyRingsRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.ListKeyRingsRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.list_key_rings), "__call__") as call: @@ -398,7 +411,7 @@ def test_list_key_rings(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.ListKeyRingsRequest() # Establish that the response is the type that we expect. assert isinstance(response, pagers.ListKeyRingsPager) @@ -408,6 +421,10 @@ def test_list_key_rings(transport: str = "grpc"): assert response.total_size == 1086 +def test_list_key_rings_from_dict(): + test_list_key_rings(request_type=dict) + + @pytest.mark.asyncio async def test_list_key_rings_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -636,8 +653,8 @@ def test_list_key_rings_pages(): RuntimeError, ) pages = list(client.list_key_rings(request={}).pages) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token @pytest.mark.asyncio @@ -713,20 +730,22 @@ async def test_list_key_rings_async_pages(): RuntimeError, ) pages = [] - async for page in (await client.list_key_rings(request={})).pages: - pages.append(page) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + async for page_ in (await client.list_key_rings(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token -def test_list_crypto_keys(transport: str = "grpc"): +def test_list_crypto_keys( + transport: str = "grpc", request_type=service.ListCryptoKeysRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.ListCryptoKeysRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -743,7 +762,7 @@ def test_list_crypto_keys(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.ListCryptoKeysRequest() # Establish that the response is the type that we expect. assert isinstance(response, pagers.ListCryptoKeysPager) @@ -753,6 +772,10 @@ def test_list_crypto_keys(transport: str = "grpc"): assert response.total_size == 1086 +def test_list_crypto_keys_from_dict(): + test_list_crypto_keys(request_type=dict) + + @pytest.mark.asyncio async def test_list_crypto_keys_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -989,8 +1012,8 @@ def test_list_crypto_keys_pages(): RuntimeError, ) pages = list(client.list_crypto_keys(request={}).pages) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token @pytest.mark.asyncio @@ -1066,20 +1089,22 @@ async def test_list_crypto_keys_async_pages(): RuntimeError, ) pages = [] - async for page in (await client.list_crypto_keys(request={})).pages: - pages.append(page) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + async for page_ in (await client.list_crypto_keys(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token -def test_list_crypto_key_versions(transport: str = "grpc"): +def test_list_crypto_key_versions( + transport: str = "grpc", request_type=service.ListCryptoKeyVersionsRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.ListCryptoKeyVersionsRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -1096,7 +1121,7 @@ def test_list_crypto_key_versions(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.ListCryptoKeyVersionsRequest() # Establish that the response is the type that we expect. assert isinstance(response, pagers.ListCryptoKeyVersionsPager) @@ -1106,6 +1131,10 @@ def test_list_crypto_key_versions(transport: str = "grpc"): assert response.total_size == 1086 +def test_list_crypto_key_versions_from_dict(): + test_list_crypto_key_versions(request_type=dict) + + @pytest.mark.asyncio async def test_list_crypto_key_versions_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -1354,8 +1383,8 @@ def test_list_crypto_key_versions_pages(): RuntimeError, ) pages = list(client.list_crypto_key_versions(request={}).pages) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token @pytest.mark.asyncio @@ -1443,20 +1472,22 @@ async def test_list_crypto_key_versions_async_pages(): RuntimeError, ) pages = [] - async for page in (await client.list_crypto_key_versions(request={})).pages: - pages.append(page) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + async for page_ in (await client.list_crypto_key_versions(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token -def test_list_import_jobs(transport: str = "grpc"): +def test_list_import_jobs( + transport: str = "grpc", request_type=service.ListImportJobsRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.ListImportJobsRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -1473,7 +1504,7 @@ def test_list_import_jobs(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.ListImportJobsRequest() # Establish that the response is the type that we expect. assert isinstance(response, pagers.ListImportJobsPager) @@ -1483,6 +1514,10 @@ def test_list_import_jobs(transport: str = "grpc"): assert response.total_size == 1086 +def test_list_import_jobs_from_dict(): + test_list_import_jobs(request_type=dict) + + @pytest.mark.asyncio async def test_list_import_jobs_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -1719,8 +1754,8 @@ def test_list_import_jobs_pages(): RuntimeError, ) pages = list(client.list_import_jobs(request={}).pages) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token @pytest.mark.asyncio @@ -1796,20 +1831,20 @@ async def test_list_import_jobs_async_pages(): RuntimeError, ) pages = [] - async for page in (await client.list_import_jobs(request={})).pages: - pages.append(page) - for page, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page.raw_page.next_page_token == token + async for page_ in (await client.list_import_jobs(request={})).pages: + pages.append(page_) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token -def test_get_key_ring(transport: str = "grpc"): +def test_get_key_ring(transport: str = "grpc", request_type=service.GetKeyRingRequest): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.GetKeyRingRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.get_key_ring), "__call__") as call: @@ -1822,7 +1857,7 @@ def test_get_key_ring(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.GetKeyRingRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.KeyRing) @@ -1830,6 +1865,10 @@ def test_get_key_ring(transport: str = "grpc"): assert response.name == "name_value" +def test_get_key_ring_from_dict(): + test_get_key_ring(request_type=dict) + + @pytest.mark.asyncio async def test_get_key_ring_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -1987,14 +2026,16 @@ async def test_get_key_ring_flattened_error_async(): ) -def test_get_crypto_key(transport: str = "grpc"): +def test_get_crypto_key( + transport: str = "grpc", request_type=service.GetCryptoKeyRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.GetCryptoKeyRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.get_crypto_key), "__call__") as call: @@ -2011,7 +2052,7 @@ def test_get_crypto_key(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.GetCryptoKeyRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKey) @@ -2021,6 +2062,10 @@ def test_get_crypto_key(transport: str = "grpc"): assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT +def test_get_crypto_key_from_dict(): + test_get_crypto_key(request_type=dict) + + @pytest.mark.asyncio async def test_get_crypto_key_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -2183,14 +2228,16 @@ async def test_get_crypto_key_flattened_error_async(): ) -def test_get_crypto_key_version(transport: str = "grpc"): +def test_get_crypto_key_version( + transport: str = "grpc", request_type=service.GetCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.GetCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -2212,7 +2259,7 @@ def test_get_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.GetCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -2236,6 +2283,10 @@ def test_get_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_get_crypto_key_version_from_dict(): + test_get_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_get_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -2424,14 +2475,16 @@ async def test_get_crypto_key_version_flattened_error_async(): ) -def test_get_public_key(transport: str = "grpc"): +def test_get_public_key( + transport: str = "grpc", request_type=service.GetPublicKeyRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.GetPublicKeyRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.get_public_key), "__call__") as call: @@ -2439,6 +2492,7 @@ def test_get_public_key(transport: str = "grpc"): call.return_value = resources.PublicKey( pem="pem_value", algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + name="name_value", ) response = client.get_public_key(request) @@ -2447,7 +2501,7 @@ def test_get_public_key(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.GetPublicKeyRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.PublicKey) @@ -2459,6 +2513,12 @@ def test_get_public_key(transport: str = "grpc"): == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION ) + assert response.name == "name_value" + + +def test_get_public_key_from_dict(): + test_get_public_key(request_type=dict) + @pytest.mark.asyncio async def test_get_public_key_async(transport: str = "grpc_asyncio"): @@ -2479,6 +2539,7 @@ async def test_get_public_key_async(transport: str = "grpc_asyncio"): resources.PublicKey( pem="pem_value", algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + name="name_value", ) ) @@ -2500,6 +2561,8 @@ async def test_get_public_key_async(transport: str = "grpc_asyncio"): == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION ) + assert response.name == "name_value" + def test_get_public_key_field_headers(): client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) @@ -2625,14 +2688,16 @@ async def test_get_public_key_flattened_error_async(): ) -def test_get_import_job(transport: str = "grpc"): +def test_get_import_job( + transport: str = "grpc", request_type=service.GetImportJobRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.GetImportJobRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.get_import_job), "__call__") as call: @@ -2650,7 +2715,7 @@ def test_get_import_job(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.GetImportJobRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.ImportJob) @@ -2667,6 +2732,10 @@ def test_get_import_job(transport: str = "grpc"): assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION +def test_get_import_job_from_dict(): + test_get_import_job(request_type=dict) + + @pytest.mark.asyncio async def test_get_import_job_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -2838,14 +2907,16 @@ async def test_get_import_job_flattened_error_async(): ) -def test_create_key_ring(transport: str = "grpc"): +def test_create_key_ring( + transport: str = "grpc", request_type=service.CreateKeyRingRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.CreateKeyRingRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.create_key_ring), "__call__") as call: @@ -2858,7 +2929,7 @@ def test_create_key_ring(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.CreateKeyRingRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.KeyRing) @@ -2866,6 +2937,10 @@ def test_create_key_ring(transport: str = "grpc"): assert response.name == "name_value" +def test_create_key_ring_from_dict(): + test_create_key_ring(request_type=dict) + + @pytest.mark.asyncio async def test_create_key_ring_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -3045,14 +3120,16 @@ async def test_create_key_ring_flattened_error_async(): ) -def test_create_crypto_key(transport: str = "grpc"): +def test_create_crypto_key( + transport: str = "grpc", request_type=service.CreateCryptoKeyRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.CreateCryptoKeyRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -3071,7 +3148,7 @@ def test_create_crypto_key(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.CreateCryptoKeyRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKey) @@ -3081,6 +3158,10 @@ def test_create_crypto_key(transport: str = "grpc"): assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT +def test_create_crypto_key_from_dict(): + test_create_crypto_key(request_type=dict) + + @pytest.mark.asyncio async def test_create_crypto_key_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -3269,14 +3350,16 @@ async def test_create_crypto_key_flattened_error_async(): ) -def test_create_crypto_key_version(transport: str = "grpc"): +def test_create_crypto_key_version( + transport: str = "grpc", request_type=service.CreateCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.CreateCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -3298,7 +3381,7 @@ def test_create_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.CreateCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -3322,6 +3405,10 @@ def test_create_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_create_crypto_key_version_from_dict(): + test_create_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_create_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -3528,14 +3615,16 @@ async def test_create_crypto_key_version_flattened_error_async(): ) -def test_import_crypto_key_version(transport: str = "grpc"): +def test_import_crypto_key_version( + transport: str = "grpc", request_type=service.ImportCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.ImportCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -3557,7 +3646,7 @@ def test_import_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.ImportCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -3581,6 +3670,10 @@ def test_import_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_import_crypto_key_version_from_dict(): + test_import_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_import_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -3694,14 +3787,16 @@ async def test_import_crypto_key_version_field_headers_async(): assert ("x-goog-request-params", "parent=parent/value",) in kw["metadata"] -def test_create_import_job(transport: str = "grpc"): +def test_create_import_job( + transport: str = "grpc", request_type=service.CreateImportJobRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.CreateImportJobRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -3721,7 +3816,7 @@ def test_create_import_job(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.CreateImportJobRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.ImportJob) @@ -3738,6 +3833,10 @@ def test_create_import_job(transport: str = "grpc"): assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION +def test_create_import_job_from_dict(): + test_create_import_job(request_type=dict) + + @pytest.mark.asyncio async def test_create_import_job_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -3935,14 +4034,16 @@ async def test_create_import_job_flattened_error_async(): ) -def test_update_crypto_key(transport: str = "grpc"): +def test_update_crypto_key( + transport: str = "grpc", request_type=service.UpdateCryptoKeyRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.UpdateCryptoKeyRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -3961,7 +4062,7 @@ def test_update_crypto_key(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.UpdateCryptoKeyRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKey) @@ -3971,6 +4072,10 @@ def test_update_crypto_key(transport: str = "grpc"): assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT +def test_update_crypto_key_from_dict(): + test_update_crypto_key(request_type=dict) + + @pytest.mark.asyncio async def test_update_crypto_key_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -4155,14 +4260,16 @@ async def test_update_crypto_key_flattened_error_async(): ) -def test_update_crypto_key_version(transport: str = "grpc"): +def test_update_crypto_key_version( + transport: str = "grpc", request_type=service.UpdateCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.UpdateCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -4184,7 +4291,7 @@ def test_update_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.UpdateCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -4208,6 +4315,10 @@ def test_update_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_update_crypto_key_version_from_dict(): + test_update_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_update_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -4420,20 +4531,23 @@ async def test_update_crypto_key_version_flattened_error_async(): ) -def test_encrypt(transport: str = "grpc"): +def test_encrypt(transport: str = "grpc", request_type=service.EncryptRequest): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.EncryptRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.encrypt), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = service.EncryptResponse( - name="name_value", ciphertext=b"ciphertext_blob", + name="name_value", + ciphertext=b"ciphertext_blob", + verified_plaintext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, ) response = client.encrypt(request) @@ -4442,7 +4556,7 @@ def test_encrypt(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.EncryptRequest() # Establish that the response is the type that we expect. assert isinstance(response, service.EncryptResponse) @@ -4451,6 +4565,14 @@ def test_encrypt(transport: str = "grpc"): assert response.ciphertext == b"ciphertext_blob" + assert response.verified_plaintext_crc32c is True + + assert response.verified_additional_authenticated_data_crc32c is True + + +def test_encrypt_from_dict(): + test_encrypt(request_type=dict) + @pytest.mark.asyncio async def test_encrypt_async(transport: str = "grpc_asyncio"): @@ -4466,7 +4588,12 @@ async def test_encrypt_async(transport: str = "grpc_asyncio"): with mock.patch.object(type(client._client._transport.encrypt), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.EncryptResponse(name="name_value", ciphertext=b"ciphertext_blob",) + service.EncryptResponse( + name="name_value", + ciphertext=b"ciphertext_blob", + verified_plaintext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + ) ) response = await client.encrypt(request) @@ -4484,6 +4611,10 @@ async def test_encrypt_async(transport: str = "grpc_asyncio"): assert response.ciphertext == b"ciphertext_blob" + assert response.verified_plaintext_crc32c is True + + assert response.verified_additional_authenticated_data_crc32c is True + def test_encrypt_field_headers(): client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) @@ -4615,14 +4746,14 @@ async def test_encrypt_flattened_error_async(): ) -def test_decrypt(transport: str = "grpc"): +def test_decrypt(transport: str = "grpc", request_type=service.DecryptRequest): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.DecryptRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.decrypt), "__call__") as call: @@ -4635,7 +4766,7 @@ def test_decrypt(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.DecryptRequest() # Establish that the response is the type that we expect. assert isinstance(response, service.DecryptResponse) @@ -4643,6 +4774,10 @@ def test_decrypt(transport: str = "grpc"): assert response.plaintext == b"plaintext_blob" +def test_decrypt_from_dict(): + test_decrypt(request_type=dict) + + @pytest.mark.asyncio async def test_decrypt_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -4806,19 +4941,23 @@ async def test_decrypt_flattened_error_async(): ) -def test_asymmetric_sign(transport: str = "grpc"): +def test_asymmetric_sign( + transport: str = "grpc", request_type=service.AsymmetricSignRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.AsymmetricSignRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object(type(client._transport.asymmetric_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricSignResponse(signature=b"signature_blob",) + call.return_value = service.AsymmetricSignResponse( + signature=b"signature_blob", verified_digest_crc32c=True, name="name_value", + ) response = client.asymmetric_sign(request) @@ -4826,13 +4965,21 @@ def test_asymmetric_sign(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.AsymmetricSignRequest() # Establish that the response is the type that we expect. assert isinstance(response, service.AsymmetricSignResponse) assert response.signature == b"signature_blob" + assert response.verified_digest_crc32c is True + + assert response.name == "name_value" + + +def test_asymmetric_sign_from_dict(): + test_asymmetric_sign(request_type=dict) + @pytest.mark.asyncio async def test_asymmetric_sign_async(transport: str = "grpc_asyncio"): @@ -4850,7 +4997,11 @@ async def test_asymmetric_sign_async(transport: str = "grpc_asyncio"): ) as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricSignResponse(signature=b"signature_blob",) + service.AsymmetricSignResponse( + signature=b"signature_blob", + verified_digest_crc32c=True, + name="name_value", + ) ) response = await client.asymmetric_sign(request) @@ -4866,6 +5017,10 @@ async def test_asymmetric_sign_async(transport: str = "grpc_asyncio"): assert response.signature == b"signature_blob" + assert response.verified_digest_crc32c is True + + assert response.name == "name_value" + def test_asymmetric_sign_field_headers(): client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) @@ -5007,14 +5162,16 @@ async def test_asymmetric_sign_flattened_error_async(): ) -def test_asymmetric_decrypt(transport: str = "grpc"): +def test_asymmetric_decrypt( + transport: str = "grpc", request_type=service.AsymmetricDecryptRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.AsymmetricDecryptRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -5022,7 +5179,7 @@ def test_asymmetric_decrypt(transport: str = "grpc"): ) as call: # Designate an appropriate return value for the call. call.return_value = service.AsymmetricDecryptResponse( - plaintext=b"plaintext_blob", + plaintext=b"plaintext_blob", verified_ciphertext_crc32c=True, ) response = client.asymmetric_decrypt(request) @@ -5031,13 +5188,19 @@ def test_asymmetric_decrypt(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.AsymmetricDecryptRequest() # Establish that the response is the type that we expect. assert isinstance(response, service.AsymmetricDecryptResponse) assert response.plaintext == b"plaintext_blob" + assert response.verified_ciphertext_crc32c is True + + +def test_asymmetric_decrypt_from_dict(): + test_asymmetric_decrypt(request_type=dict) + @pytest.mark.asyncio async def test_asymmetric_decrypt_async(transport: str = "grpc_asyncio"): @@ -5055,7 +5218,9 @@ async def test_asymmetric_decrypt_async(transport: str = "grpc_asyncio"): ) as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricDecryptResponse(plaintext=b"plaintext_blob",) + service.AsymmetricDecryptResponse( + plaintext=b"plaintext_blob", verified_ciphertext_crc32c=True, + ) ) response = await client.asymmetric_decrypt(request) @@ -5071,6 +5236,8 @@ async def test_asymmetric_decrypt_async(transport: str = "grpc_asyncio"): assert response.plaintext == b"plaintext_blob" + assert response.verified_ciphertext_crc32c is True + def test_asymmetric_decrypt_field_headers(): client = KeyManagementServiceClient(credentials=credentials.AnonymousCredentials(),) @@ -5216,14 +5383,16 @@ async def test_asymmetric_decrypt_flattened_error_async(): ) -def test_update_crypto_key_primary_version(transport: str = "grpc"): +def test_update_crypto_key_primary_version( + transport: str = "grpc", request_type=service.UpdateCryptoKeyPrimaryVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.UpdateCryptoKeyPrimaryVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -5242,7 +5411,7 @@ def test_update_crypto_key_primary_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.UpdateCryptoKeyPrimaryVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKey) @@ -5252,6 +5421,10 @@ def test_update_crypto_key_primary_version(transport: str = "grpc"): assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT +def test_update_crypto_key_primary_version_from_dict(): + test_update_crypto_key_primary_version(request_type=dict) + + @pytest.mark.asyncio async def test_update_crypto_key_primary_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -5430,14 +5603,16 @@ async def test_update_crypto_key_primary_version_flattened_error_async(): ) -def test_destroy_crypto_key_version(transport: str = "grpc"): +def test_destroy_crypto_key_version( + transport: str = "grpc", request_type=service.DestroyCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.DestroyCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -5459,7 +5634,7 @@ def test_destroy_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.DestroyCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -5483,6 +5658,10 @@ def test_destroy_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_destroy_crypto_key_version_from_dict(): + test_destroy_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_destroy_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -5671,14 +5850,16 @@ async def test_destroy_crypto_key_version_flattened_error_async(): ) -def test_restore_crypto_key_version(transport: str = "grpc"): +def test_restore_crypto_key_version( + transport: str = "grpc", request_type=service.RestoreCryptoKeyVersionRequest +): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport, ) # Everything is optional in proto3 as far as the runtime is concerned, # and we are mocking out the actual API, so just send an empty request. - request = service.RestoreCryptoKeyVersionRequest() + request = request_type() # Mock the actual call within the gRPC stub, and fake the request. with mock.patch.object( @@ -5700,7 +5881,7 @@ def test_restore_crypto_key_version(transport: str = "grpc"): assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == request + assert args[0] == service.RestoreCryptoKeyVersionRequest() # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -5724,6 +5905,10 @@ def test_restore_crypto_key_version(transport: str = "grpc"): assert response.import_failure_reason == "import_failure_reason_value" +def test_restore_crypto_key_version_from_dict(): + test_restore_crypto_key_version(request_type=dict) + + @pytest.mark.asyncio async def test_restore_crypto_key_version_async(transport: str = "grpc_asyncio"): client = KeyManagementServiceAsyncClient( @@ -6289,124 +6474,145 @@ def test_key_management_service_grpc_asyncio_transport_channel_mtls_with_adc( assert transport.grpc_channel == mock_grpc_channel -def test_crypto_key_version_path(): +def test_crypto_key_path(): project = "squid" location = "clam" key_ring = "whelk" crypto_key = "octopus" - crypto_key_version = "oyster" - expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}".format( - project=project, - location=location, - key_ring=key_ring, - crypto_key=crypto_key, - crypto_key_version=crypto_key_version, + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}".format( + project=project, location=location, key_ring=key_ring, crypto_key=crypto_key, ) - actual = KeyManagementServiceClient.crypto_key_version_path( - project, location, key_ring, crypto_key, crypto_key_version + actual = KeyManagementServiceClient.crypto_key_path( + project, location, key_ring, crypto_key ) assert expected == actual -def test_parse_crypto_key_version_path(): +def test_parse_crypto_key_path(): expected = { - "project": "nudibranch", - "location": "cuttlefish", - "key_ring": "mussel", - "crypto_key": "winkle", - "crypto_key_version": "nautilus", + "project": "oyster", + "location": "nudibranch", + "key_ring": "cuttlefish", + "crypto_key": "mussel", } - path = KeyManagementServiceClient.crypto_key_version_path(**expected) + path = KeyManagementServiceClient.crypto_key_path(**expected) # Check that the path construction is reversible. - actual = KeyManagementServiceClient.parse_crypto_key_version_path(path) + actual = KeyManagementServiceClient.parse_crypto_key_path(path) assert expected == actual -def test_key_ring_path(): +def test_import_job_path(): project = "squid" location = "clam" key_ring = "whelk" + import_job = "octopus" - expected = "projects/{project}/locations/{location}/keyRings/{key_ring}".format( - project=project, location=location, key_ring=key_ring, + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}".format( + project=project, location=location, key_ring=key_ring, import_job=import_job, + ) + actual = KeyManagementServiceClient.import_job_path( + project, location, key_ring, import_job ) - actual = KeyManagementServiceClient.key_ring_path(project, location, key_ring) assert expected == actual -def test_parse_key_ring_path(): +def test_parse_import_job_path(): expected = { - "project": "octopus", - "location": "oyster", - "key_ring": "nudibranch", + "project": "oyster", + "location": "nudibranch", + "key_ring": "cuttlefish", + "import_job": "mussel", } - path = KeyManagementServiceClient.key_ring_path(**expected) + path = KeyManagementServiceClient.import_job_path(**expected) # Check that the path construction is reversible. - actual = KeyManagementServiceClient.parse_key_ring_path(path) + actual = KeyManagementServiceClient.parse_import_job_path(path) assert expected == actual -def test_crypto_key_path(): +def test_crypto_key_version_path(): project = "squid" location = "clam" key_ring = "whelk" crypto_key = "octopus" + crypto_key_version = "oyster" - expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}".format( - project=project, location=location, key_ring=key_ring, crypto_key=crypto_key, + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}".format( + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + crypto_key_version=crypto_key_version, ) - actual = KeyManagementServiceClient.crypto_key_path( - project, location, key_ring, crypto_key + actual = KeyManagementServiceClient.crypto_key_version_path( + project, location, key_ring, crypto_key, crypto_key_version ) assert expected == actual -def test_parse_crypto_key_path(): +def test_parse_crypto_key_version_path(): expected = { - "project": "oyster", - "location": "nudibranch", - "key_ring": "cuttlefish", - "crypto_key": "mussel", + "project": "nudibranch", + "location": "cuttlefish", + "key_ring": "mussel", + "crypto_key": "winkle", + "crypto_key_version": "nautilus", } - path = KeyManagementServiceClient.crypto_key_path(**expected) + path = KeyManagementServiceClient.crypto_key_version_path(**expected) # Check that the path construction is reversible. - actual = KeyManagementServiceClient.parse_crypto_key_path(path) + actual = KeyManagementServiceClient.parse_crypto_key_version_path(path) assert expected == actual -def test_import_job_path(): +def test_key_ring_path(): project = "squid" location = "clam" key_ring = "whelk" - import_job = "octopus" - expected = "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}".format( - project=project, location=location, key_ring=key_ring, import_job=import_job, - ) - actual = KeyManagementServiceClient.import_job_path( - project, location, key_ring, import_job + expected = "projects/{project}/locations/{location}/keyRings/{key_ring}".format( + project=project, location=location, key_ring=key_ring, ) + actual = KeyManagementServiceClient.key_ring_path(project, location, key_ring) assert expected == actual -def test_parse_import_job_path(): +def test_parse_key_ring_path(): expected = { - "project": "oyster", - "location": "nudibranch", - "key_ring": "cuttlefish", - "import_job": "mussel", + "project": "octopus", + "location": "oyster", + "key_ring": "nudibranch", } - path = KeyManagementServiceClient.import_job_path(**expected) + path = KeyManagementServiceClient.key_ring_path(**expected) # Check that the path construction is reversible. - actual = KeyManagementServiceClient.parse_import_job_path(path) + actual = KeyManagementServiceClient.parse_key_ring_path(path) assert expected == actual +def test_client_withDEFAULT_CLIENT_INFO(): + client_info = gapic_v1.client_info.ClientInfo() + + with mock.patch.object( + transports.KeyManagementServiceTransport, "_prep_wrapped_messages" + ) as prep: + client = KeyManagementServiceClient( + credentials=credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + with mock.patch.object( + transports.KeyManagementServiceTransport, "_prep_wrapped_messages" + ) as prep: + transport_class = KeyManagementServiceClient.get_transport_class() + transport = transport_class( + credentials=credentials.AnonymousCredentials(), client_info=client_info, + ) + prep.assert_called_once_with(client_info) + + def test_set_iam_policy(transport: str = "grpc"): client = KeyManagementServiceClient( credentials=credentials.AnonymousCredentials(), transport=transport,