Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

feat: add support for Key Reimport #167

Merged
merged 2 commits into from Aug 30, 2021
Merged

feat: add support for Key Reimport #167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
388eabe
feat: add support for Key Reimport
gcf-owl-bot[bot] Aug 30, 2021
916802f
🦉 Updates from OwlBot
gcf-owl-bot[bot] Aug 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
25 changes: 15 additions & 10 deletions google/cloud/kms_v1/services/key_management_service/async_client.py
View file
Open in desktop
Expand Up @@ -1390,13 +1390,16 @@ async def import_crypto_key_version(
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> resources.CryptoKeyVersion:
r"""Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
r"""Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].


Args:
Expand Down Expand Up @@ -1938,12 +1941,14 @@ async def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.

Expand Down
25 changes: 15 additions & 10 deletions google/cloud/kms_v1/services/key_management_service/client.py
View file
Open in desktop
Expand Up @@ -1550,13 +1550,16 @@ def import_crypto_key_version(
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> resources.CryptoKeyVersion:
r"""Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
r"""Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].


Args:
Expand Down Expand Up @@ -2065,12 +2068,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.

Expand Down
25 changes: 15 additions & 10 deletions google/cloud/kms_v1/services/key_management_service/transports/grpc.py
View file
Open in desktop
Expand Up @@ -582,13 +582,16 @@ def import_crypto_key_version(
) -> Callable[[service.ImportCryptoKeyVersionRequest], resources.CryptoKeyVersion]:
r"""Return a callable for the import crypto key version method over gRPC.

Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].

Returns:
Callable[[~.ImportCryptoKeyVersionRequest],
Expand Down Expand Up @@ -750,12 +753,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.

Expand Down
25 changes: 15 additions & 10 deletions google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py
View file
Open in desktop
Expand Up @@ -600,13 +600,16 @@ def import_crypto_key_version(
]:
r"""Return a callable for the import crypto key version method over gRPC.

Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].

Returns:
Callable[[~.ImportCryptoKeyVersionRequest],
Expand Down Expand Up @@ -774,12 +777,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.

Expand Down
15 changes: 10 additions & 5 deletions google/cloud/kms_v1/types/resources.py
View file
Open in desktop
Expand Up @@ -323,17 +323,17 @@ class CryptoKeyVersion(proto.Message):
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
import_job (str):
Output only. The name of the
[ImportJob][google.cloud.kms.v1.ImportJob] used to import
this
[ImportJob][google.cloud.kms.v1.ImportJob] used in the most
recent import of this
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Only present if the underlying key material was imported.
import_time (google.protobuf.timestamp_pb2.Timestamp):
Output only. The time at which this
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
key material was imported.
key material was most recently imported.
import_failure_reason (str):
Output only. The root cause of an import failure. Only
present if
Output only. The root cause of the most recent import
failure. Only present if
[state][google.cloud.kms.v1.CryptoKeyVersion.state] is
[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
external_protection_level_options (google.cloud.kms_v1.types.ExternalProtectionLevelOptions):
Expand All @@ -343,6 +343,10 @@ class CryptoKeyVersion(proto.Message):
that are specific to the
[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL]
protection level.
reimport_eligible (bool):
Output only. Whether or not this key version is eligible for
reimport, by being specified as a target in
[ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
"""

class CryptoKeyVersionAlgorithm(proto.Enum):
Expand Down Expand Up @@ -465,6 +469,7 @@ class CryptoKeyVersionView(proto.Enum):
external_protection_level_options = proto.Field(
proto.MESSAGE, number=17, message="ExternalProtectionLevelOptions",
)
reimport_eligible = proto.Field(proto.BOOL, number=18,)


class PublicKey(proto.Message):
Expand Down
34 changes: 34 additions & 0 deletions google/cloud/kms_v1/types/service.py
View file
Open in desktop
Expand Up @@ -501,6 +501,39 @@ class ImportCryptoKeyVersionRequest(proto.Message):
Required. The [name][google.cloud.kms.v1.CryptoKey.name] of
the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be
imported into.

The create permission is only required on this key when
creating a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
crypto_key_version (str):
Optional. The optional
[name][google.cloud.kms.v1.CryptoKeyVersion.name] of an
existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to
target for an import operation. If this field is not
present, a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
containing the supplied key material is created.

If this field is present, the supplied key material is
imported into the existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To
import into an existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion],
the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
must be a child of
[ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent],
have been previously created via [ImportCryptoKeyVersion][],
and be in
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]
or
[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
state. The key material and algorithm must match the
previous
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
exactly if the
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has
ever contained key material.
algorithm (google.cloud.kms_v1.types.CryptoKeyVersion.CryptoKeyVersionAlgorithm):
Required. The
[algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
Expand Down Expand Up @@ -543,6 +576,7 @@ class ImportCryptoKeyVersionRequest(proto.Message):
"""

parent = proto.Field(proto.STRING, number=1,)
crypto_key_version = proto.Field(proto.STRING, number=6,)
algorithm = proto.Field(
proto.ENUM, number=2, enum=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm,
)
Expand Down
2 changes: 1 addition & 1 deletion scripts/fixup_kms_v1_keywords.py
View file
Open in desktop
Expand Up @@ -54,7 +54,7 @@ class kmsCallTransformer(cst.CSTTransformer):
'get_import_job': ('name', ),
'get_key_ring': ('name', ),
'get_public_key': ('name', ),
'import_crypto_key_version': ('parent', 'algorithm', 'import_job', 'rsa_aes_wrapped_key', ),
'import_crypto_key_version': ('parent', 'algorithm', 'import_job', 'crypto_key_version', 'rsa_aes_wrapped_key', ),
'list_crypto_keys': ('parent', 'page_size', 'page_token', 'version_view', 'filter', 'order_by', ),
'list_crypto_key_versions': ('parent', 'page_size', 'page_token', 'view', 'filter', 'order_by', ),
'list_import_jobs': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ),
Expand Down