From b41da2599ad12d6688b84f29c6be8a20c3e31628 Mon Sep 17 00:00:00 2001 From: larkee Date: Tue, 24 Nov 2020 08:33:31 +0000 Subject: [PATCH] chore: regen (via synth) --- .coveragerc | 5 +- .github/snippet-bot.yml | 0 .gitignore | 1 + .kokoro/docker/docs/Dockerfile | 2 +- .kokoro/docs/common.cfg | 2 +- .kokoro/populate-secrets.sh | 43 ++ .kokoro/release/common.cfg | 50 +- .kokoro/samples/python3.6/common.cfg | 6 + .kokoro/samples/python3.7/common.cfg | 6 + .kokoro/samples/python3.8/common.cfg | 6 + .kokoro/test-samples.sh | 8 +- .kokoro/trampoline.sh | 15 +- CODE_OF_CONDUCT.md | 123 +++-- CONTRIBUTING.rst | 19 - docs/conf.py | 10 +- .../gapic/database_admin_client.py | 29 +- .../spanner_admin_database_v1/gapic/enums.py | 45 ++ .../proto/backup.proto | 48 ++ .../proto/backup_pb2.py | 216 ++++++++- .../proto/spanner_database_admin.proto | 55 +++ .../proto/spanner_database_admin_pb2.py | 264 +++++++++-- .../proto/spanner_instance_admin_pb2.py | 26 +- google/cloud/spanner_v1/proto/keys_pb2.py | 4 +- google/cloud/spanner_v1/proto/mutation_pb2.py | 2 +- .../cloud/spanner_v1/proto/query_plan_pb2.py | 2 +- .../cloud/spanner_v1/proto/result_set_pb2.py | 2 +- google/cloud/spanner_v1/proto/spanner_pb2.py | 21 +- .../cloud/spanner_v1/proto/transaction_pb2.py | 447 +++++++----------- google/cloud/spanner_v1/proto/type_pb2.py | 2 +- samples/samples/README.rst | 118 ++--- samples/samples/noxfile.py | 26 +- scripts/decrypt-secrets.sh | 15 +- synth.metadata | 16 +- 33 files changed, 1088 insertions(+), 546 deletions(-) create mode 100644 .github/snippet-bot.yml create mode 100755 .kokoro/populate-secrets.sh diff --git a/.coveragerc b/.coveragerc index dd39c8546c4..0d8e6297dc9 100644 --- a/.coveragerc +++ b/.coveragerc @@ -17,6 +17,8 @@ # Generated by synthtool. DO NOT EDIT! [run] branch = True +omit = + google/cloud/__init__.py [report] fail_under = 100 @@ -32,4 +34,5 @@ omit = */gapic/*.py */proto/*.py */core/*.py - */site-packages/*.py \ No newline at end of file + */site-packages/*.py + google/cloud/__init__.py diff --git a/.github/snippet-bot.yml b/.github/snippet-bot.yml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/.gitignore b/.gitignore index ac787a3b95f..b9daa52f118 100644 --- a/.gitignore +++ b/.gitignore @@ -45,6 +45,7 @@ pip-log.txt # Built documentation docs/_build +bigquery/docs/generated docs.metadata # Virtual environment diff --git a/.kokoro/docker/docs/Dockerfile b/.kokoro/docker/docs/Dockerfile index f4c0758ce02..412b0b56a92 100644 --- a/.kokoro/docker/docs/Dockerfile +++ b/.kokoro/docker/docs/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from ubuntu:20.10 +from ubuntu:20.04 ENV DEBIAN_FRONTEND noninteractive diff --git a/.kokoro/docs/common.cfg b/.kokoro/docs/common.cfg index ddb827fc6a2..e58f8f473ed 100644 --- a/.kokoro/docs/common.cfg +++ b/.kokoro/docs/common.cfg @@ -30,7 +30,7 @@ env_vars: { env_vars: { key: "V2_STAGING_BUCKET" - value: "docs-staging-v2-staging" + value: "docs-staging-v2" } # It will upload the docker image after successful builds. diff --git a/.kokoro/populate-secrets.sh b/.kokoro/populate-secrets.sh new file mode 100755 index 00000000000..f52514257ef --- /dev/null +++ b/.kokoro/populate-secrets.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright 2020 Google LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eo pipefail + +function now { date +"%Y-%m-%d %H:%M:%S" | tr -d '\n' ;} +function msg { println "$*" >&2 ;} +function println { printf '%s\n' "$(now) $*" ;} + + +# Populates requested secrets set in SECRET_MANAGER_KEYS from service account: +# kokoro-trampoline@cloud-devrel-kokoro-resources.iam.gserviceaccount.com +SECRET_LOCATION="${KOKORO_GFILE_DIR}/secret_manager" +msg "Creating folder on disk for secrets: ${SECRET_LOCATION}" +mkdir -p ${SECRET_LOCATION} +for key in $(echo ${SECRET_MANAGER_KEYS} | sed "s/,/ /g") +do + msg "Retrieving secret ${key}" + docker run --entrypoint=gcloud \ + --volume=${KOKORO_GFILE_DIR}:${KOKORO_GFILE_DIR} \ + gcr.io/google.com/cloudsdktool/cloud-sdk \ + secrets versions access latest \ + --project cloud-devrel-kokoro-resources \ + --secret ${key} > \ + "${SECRET_LOCATION}/${key}" + if [[ $? == 0 ]]; then + msg "Secret written to ${SECRET_LOCATION}/${key}" + else + msg "Error retrieving secret ${key}" + fi +done diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg index 05c943b0c6f..47b6a1fba3a 100644 --- a/.kokoro/release/common.cfg +++ b/.kokoro/release/common.cfg @@ -23,42 +23,18 @@ env_vars: { value: "github/python-spanner/.kokoro/release.sh" } -# Fetch the token needed for reporting release status to GitHub -before_action { - fetch_keystore { - keystore_resource { - keystore_config_id: 73713 - keyname: "yoshi-automation-github-key" - } - } -} - -# Fetch PyPI password -before_action { - fetch_keystore { - keystore_resource { - keystore_config_id: 73713 - keyname: "google_cloud_pypi_password" - } - } -} - -# Fetch magictoken to use with Magic Github Proxy -before_action { - fetch_keystore { - keystore_resource { - keystore_config_id: 73713 - keyname: "releasetool-magictoken" - } - } +# Fetch PyPI password +before_action { + fetch_keystore { + keystore_resource { + keystore_config_id: 73713 + keyname: "google_cloud_pypi_password" + } + } } -# Fetch api key to use with Magic Github Proxy -before_action { - fetch_keystore { - keystore_resource { - keystore_config_id: 73713 - keyname: "magic-github-proxy-api-key" - } - } -} +# Tokens needed to report release status back to GitHub +env_vars: { + key: "SECRET_MANAGER_KEYS" + value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem" +} \ No newline at end of file diff --git a/.kokoro/samples/python3.6/common.cfg b/.kokoro/samples/python3.6/common.cfg index 093647288c2..58b15c2849d 100644 --- a/.kokoro/samples/python3.6/common.cfg +++ b/.kokoro/samples/python3.6/common.cfg @@ -13,6 +13,12 @@ env_vars: { value: "py-3.6" } +# Declare build specific Cloud project. +env_vars: { + key: "BUILD_SPECIFIC_GCLOUD_PROJECT" + value: "python-docs-samples-tests-py36" +} + env_vars: { key: "TRAMPOLINE_BUILD_FILE" value: "github/python-spanner/.kokoro/test-samples.sh" diff --git a/.kokoro/samples/python3.7/common.cfg b/.kokoro/samples/python3.7/common.cfg index cc54c522857..07195c4c5eb 100644 --- a/.kokoro/samples/python3.7/common.cfg +++ b/.kokoro/samples/python3.7/common.cfg @@ -13,6 +13,12 @@ env_vars: { value: "py-3.7" } +# Declare build specific Cloud project. +env_vars: { + key: "BUILD_SPECIFIC_GCLOUD_PROJECT" + value: "python-docs-samples-tests-py37" +} + env_vars: { key: "TRAMPOLINE_BUILD_FILE" value: "github/python-spanner/.kokoro/test-samples.sh" diff --git a/.kokoro/samples/python3.8/common.cfg b/.kokoro/samples/python3.8/common.cfg index 04da5ee7ef8..58713430dd5 100644 --- a/.kokoro/samples/python3.8/common.cfg +++ b/.kokoro/samples/python3.8/common.cfg @@ -13,6 +13,12 @@ env_vars: { value: "py-3.8" } +# Declare build specific Cloud project. +env_vars: { + key: "BUILD_SPECIFIC_GCLOUD_PROJECT" + value: "python-docs-samples-tests-py38" +} + env_vars: { key: "TRAMPOLINE_BUILD_FILE" value: "github/python-spanner/.kokoro/test-samples.sh" diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh index 77a94bb6d75..469771e159b 100755 --- a/.kokoro/test-samples.sh +++ b/.kokoro/test-samples.sh @@ -28,6 +28,12 @@ if [[ $KOKORO_BUILD_ARTIFACTS_SUBDIR = *"periodic"* ]]; then git checkout $LATEST_RELEASE fi +# Exit early if samples directory doesn't exist +if [ ! -d "./samples" ]; then + echo "No tests run. `./samples` not found" + exit 0 +fi + # Disable buffering, so that the logs stream through. export PYTHONUNBUFFERED=1 @@ -101,4 +107,4 @@ cd "$ROOT" # Workaround for Kokoro permissions issue: delete secrets rm testing/{test-env.sh,client-secrets.json,service-account.json} -exit "$RTN" \ No newline at end of file +exit "$RTN" diff --git a/.kokoro/trampoline.sh b/.kokoro/trampoline.sh index e8c4251f3ed..f39236e943a 100755 --- a/.kokoro/trampoline.sh +++ b/.kokoro/trampoline.sh @@ -15,9 +15,14 @@ set -eo pipefail -python3 "${KOKORO_GFILE_DIR}/trampoline_v1.py" || ret_code=$? +# Always run the cleanup script, regardless of the success of bouncing into +# the container. +function cleanup() { + chmod +x ${KOKORO_GFILE_DIR}/trampoline_cleanup.sh + ${KOKORO_GFILE_DIR}/trampoline_cleanup.sh + echo "cleanup"; +} +trap cleanup EXIT -chmod +x ${KOKORO_GFILE_DIR}/trampoline_cleanup.sh -${KOKORO_GFILE_DIR}/trampoline_cleanup.sh || true - -exit ${ret_code} +$(dirname $0)/populate-secrets.sh # Secret Manager secrets. +python3 "${KOKORO_GFILE_DIR}/trampoline_v1.py" \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b3d1f602984..039f4368120 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,44 +1,95 @@ -# Contributor Code of Conduct +# Code of Conduct -As contributors and maintainers of this project, -and in the interest of fostering an open and welcoming community, -we pledge to respect all people who contribute through reporting issues, -posting feature requests, updating documentation, -submitting pull requests or patches, and other activities. +## Our Pledge -We are committed to making participation in this project -a harassment-free experience for everyone, -regardless of level of experience, gender, gender identity and expression, -sexual orientation, disability, personal appearance, -body size, race, ethnicity, age, religion, or nationality. +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of +experience, education, socio-economic status, nationality, personal appearance, +race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members Examples of unacceptable behavior by participants include: -* The use of sexualized language or imagery -* Personal attacks -* Trolling or insulting/derogatory comments -* Public or private harassment -* Publishing other's private information, -such as physical or electronic -addresses, without explicit permission -* Other unethical or unprofessional conduct. +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. Project maintainers have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct. -By adopting this Code of Conduct, -project maintainers commit themselves to fairly and consistently -applying these principles to every aspect of managing this project. -Project maintainers who do not follow or enforce the Code of Conduct -may be permanently removed from the project team. - -This code of conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. - -Instances of abusive, harassing, or otherwise unacceptable behavior -may be reported by opening an issue -or contacting one or more of the project maintainers. - -This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, -available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/) +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, or to ban temporarily or permanently any +contributor for other behaviors that they deem inappropriate, threatening, +offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +This Code of Conduct also applies outside the project spaces when the Project +Steward has a reasonable belief that an individual's behavior may have a +negative impact on the project or its community. + +## Conflict Resolution + +We do not believe that all conflict is bad; healthy debate and disagreement +often yield positive results. However, it is never okay to be disrespectful or +to engage in behavior that violates the project’s code of conduct. + +If you see someone violating the code of conduct, you are encouraged to address +the behavior directly with those involved. Many issues can be resolved quickly +and easily, and this gives people more control over the outcome of their +dispute. If you are unable to resolve the matter for any reason, or if the +behavior is threatening or harassing, report it. We are dedicated to providing +an environment where participants feel welcome and safe. + + +Reports should be directed to *googleapis-stewards@google.com*, the +Project Steward(s) for *Google Cloud Client Libraries*. It is the Project Steward’s duty to +receive and address reported violations of the code of conduct. They will then +work with a committee consisting of representatives from the Open Source +Programs Office and the Google Open Source Strategy team. If for any reason you +are uncomfortable reaching out to the Project Steward, please email +opensource@google.com. + +We will investigate every complaint, but you may not receive a direct response. +We will use our discretion in determining when and how to follow up on reported +incidents, which may range from not taking action to permanent expulsion from +the project and project-sponsored spaces. We will notify the accused of the +report and provide them an opportunity to discuss it before any action is taken. +The identity of the reporter will be omitted from the details of the report +supplied to the accused. In potentially harmful situations, such as ongoing +harassment or threats to anyone's safety, we may take action without notice. + +## Attribution + +This Code of Conduct is adapted from the Contributor Covenant, version 1.4, +available at +https://www.contributor-covenant.org/version/1/4/code-of-conduct.html \ No newline at end of file diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index e3b0e9d1581..11e26783bea 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -80,25 +80,6 @@ We use `nox `__ to instrument our tests. .. nox: https://pypi.org/project/nox/ -Note on Editable Installs / Develop Mode -======================================== - -- As mentioned previously, using ``setuptools`` in `develop mode`_ - or a ``pip`` `editable install`_ is not possible with this - library. This is because this library uses `namespace packages`_. - For context see `Issue #2316`_ and the relevant `PyPA issue`_. - - Since ``editable`` / ``develop`` mode can't be used, packages - need to be installed directly. Hence your changes to the source - tree don't get incorporated into the **already installed** - package. - -.. _namespace packages: https://www.python.org/dev/peps/pep-0420/ -.. _Issue #2316: https://github.com/GoogleCloudPlatform/google-cloud-python/issues/2316 -.. _PyPA issue: https://github.com/pypa/packaging-problems/issues/12 -.. _develop mode: https://setuptools.readthedocs.io/en/latest/setuptools.html#development-mode -.. _editable install: https://pip.pypa.io/en/stable/reference/pip_install/#editable-installs - ***************************************** I'm getting weird errors... Can you help? ***************************************** diff --git a/docs/conf.py b/docs/conf.py index 9eee0015d14..e4cbfe68874 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -29,7 +29,7 @@ # -- General configuration ------------------------------------------------ # If your documentation needs a minimal Sphinx version, state it here. -needs_sphinx = "1.6.3" +needs_sphinx = "1.5.5" # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom @@ -39,6 +39,7 @@ "sphinx.ext.autosummary", "sphinx.ext.intersphinx", "sphinx.ext.coverage", + "sphinx.ext.doctest", "sphinx.ext.napoleon", "sphinx.ext.todo", "sphinx.ext.viewcode", @@ -344,10 +345,11 @@ # Example configuration for intersphinx: refer to the Python standard library. intersphinx_mapping = { - "python": ("http://python.readthedocs.org/en/latest/", None), - "google-auth": ("https://google-auth.readthedocs.io/en/stable", None), + "python": ("https://python.readthedocs.org/en/latest/", None), + "google-auth": ("https://googleapis.dev/python/google-auth/latest/", None), "google.api_core": ("https://googleapis.dev/python/google-api-core/latest/", None), - "grpc": ("https://grpc.io/grpc/python/", None), + "grpc": ("https://grpc.github.io/grpc/python/", None), + "proto-plus": ("https://proto-plus-python.readthedocs.io/en/latest/", None), } diff --git a/google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py b/google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py index 5c1c7762b49..cad1f451028 100644 --- a/google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py +++ b/google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py @@ -475,6 +475,7 @@ def create_backup( parent, backup_id, backup, + encryption_config=None, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, @@ -527,6 +528,14 @@ def create_backup( If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.spanner_admin_database_v1.types.Backup` + encryption_config (Union[dict, ~google.cloud.spanner_admin_database_v1.types.CreateBackupEncryptionConfig]): Optional. An encryption configuration describing the encryption type + and key resources in Cloud KMS used to encrypt the backup. If no + ``encryption_config`` is specified, the backup will use the same + encryption configuration as the database by default, namely + ``encryption_type`` = USE_DATABASE_ENCRYPTION. + + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.spanner_admin_database_v1.types.CreateBackupEncryptionConfig` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will be retried using a default configuration. @@ -558,7 +567,10 @@ def create_backup( ) request = backup_pb2.CreateBackupRequest( - parent=parent, backup_id=backup_id, backup=backup + parent=parent, + backup_id=backup_id, + backup=backup, + encryption_config=encryption_config, ) if metadata is None: metadata = [] @@ -588,6 +600,7 @@ def restore_database( parent, database_id, backup=None, + encryption_config=None, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, @@ -639,6 +652,15 @@ def restore_database( ``projects//instances//databases/``. backup (str): Name of the backup from which to restore. Values are of the form ``projects//instances//backups/``. + encryption_config (Union[dict, ~google.cloud.spanner_admin_database_v1.types.RestoreDatabaseEncryptionConfig]): Optional. An encryption configuration describing the encryption type + and key resources in Cloud KMS used to encrypt/decrypt the database to + restore to. If no ``encryption_config`` is specified, the restored + database will use the config default (if set) or the same encryption + configuration as the backup by default, namely ``encryption_type`` = + USE_CONFIG_DEFAULT_OR_DATABASE_ENCRYPTION. + + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.spanner_admin_database_v1.types.RestoreDatabaseEncryptionConfig` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will be retried using a default configuration. @@ -674,7 +696,10 @@ def restore_database( google.api_core.protobuf_helpers.check_oneof(backup=backup) request = spanner_database_admin_pb2.RestoreDatabaseRequest( - parent=parent, database_id=database_id, backup=backup + parent=parent, + database_id=database_id, + backup=backup, + encryption_config=encryption_config, ) if metadata is None: metadata = [] diff --git a/google/cloud/spanner_admin_database_v1/gapic/enums.py b/google/cloud/spanner_admin_database_v1/gapic/enums.py index 939b0581ab9..eaccdf84348 100644 --- a/google/cloud/spanner_admin_database_v1/gapic/enums.py +++ b/google/cloud/spanner_admin_database_v1/gapic/enums.py @@ -49,6 +49,28 @@ class State(enum.IntEnum): READY = 2 +class CreateBackupEncryptionConfig(object): + class EncryptionType(enum.IntEnum): + """ + Encryption types for the backup. + + Attributes: + ENCRYPTION_TYPE_UNSPECIFIED (int): Unspecified. Do not use. + USE_DATABASE_ENCRYPTION (int): Use the same encryption configuration as the database. This is the + default option when ``encryption_config`` is empty. If the database is + using customer managed encryption, the backup will be using the same KMS + key. + GOOGLE_DEFAULT_ENCRYPTION (int): Enforce google default encryption. + CUSTOMER_MANAGED_ENCRYPTION (int): Enforce customer managed encryption. If specified, the kms_key_name + must provide a valid Cloud KMS key name. + """ + + ENCRYPTION_TYPE_UNSPECIFIED = 0 + USE_DATABASE_ENCRYPTION = 1 + GOOGLE_DEFAULT_ENCRYPTION = 2 + CUSTOMER_MANAGED_ENCRYPTION = 3 + + class Database(object): class State(enum.IntEnum): """ @@ -93,3 +115,26 @@ class Type(enum.IntEnum): TYPE_UNSPECIFIED = 0 GOOGLE_DEFAULT_ENCRYPTION = 1 CUSTOMER_MANAGED_ENCRYPTION = 2 + + +class RestoreDatabaseEncryptionConfig(object): + class EncryptionType(enum.IntEnum): + """ + Encryption types for the database to be restored. + + Attributes: + ENCRYPTION_TYPE_UNSPECIFIED (int): Unspecified. Do not use. + USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION (int): This is the default option when ``encryption_config`` is empty. It + will first check whether there is a config default and use it if set. if + not set, it will use the backup encryption setting. Note that the config + default feature is a new feature that may not be available at the + beginning. + GOOGLE_DEFAULT_ENCRYPTION (int): Enforce google default encryption. + CUSTOMER_MANAGED_ENCRYPTION (int): Enforce customer managed encryption. If specified, the kms_key_name + must provide a valid Cloud KMS key name. + """ + + ENCRYPTION_TYPE_UNSPECIFIED = 0 + USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION = 1 + GOOGLE_DEFAULT_ENCRYPTION = 2 + CUSTOMER_MANAGED_ENCRYPTION = 3 diff --git a/google/cloud/spanner_admin_database_v1/proto/backup.proto b/google/cloud/spanner_admin_database_v1/proto/backup.proto index ba573a90272..c253d6ecd36 100644 --- a/google/cloud/spanner_admin_database_v1/proto/backup.proto +++ b/google/cloud/spanner_admin_database_v1/proto/backup.proto @@ -132,6 +132,14 @@ message CreateBackupRequest { // Required. The backup to create. Backup backup = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An encryption configuration describing the encryption type and key + // resources in Cloud KMS used to encrypt the backup. If no + // `encryption_config` is specified, the backup will use the same + // encryption configuration as the database by default, namely + // [encryption_type][google.spanner.admin.database.v1.CreateBackupEncryptionConfig.encryption_type] = + // USE_DATABASE_ENCRYPTION. + CreateBackupEncryptionConfig encryption_config = 4 [(google.api.field_behavior) = OPTIONAL]; } // Metadata type for the operation returned by @@ -368,3 +376,43 @@ message BackupInfo { // Name of the database the backup was created from. string source_database = 3; } + +// Encryption configuration for the backup to create. +message CreateBackupEncryptionConfig { + // Encryption types for the backup. + enum EncryptionType { + // Unspecified. Do not use. + ENCRYPTION_TYPE_UNSPECIFIED = 0; + + // Use the same encryption configuration as the database. This is the + // default option when + // [encryption_config][CreateBackupEncryptionConfig.encryption_config] is + // empty. If the database is using customer managed encryption, the + // backup will be using the same KMS key. + USE_DATABASE_ENCRYPTION = 1; + + // Enforce google default encryption. + GOOGLE_DEFAULT_ENCRYPTION = 2; + + // Enforce customer managed encryption. If specified, the kms_key_name + // must provide a valid Cloud KMS key name. + CUSTOMER_MANAGED_ENCRYPTION = 3; + } + + // Required. The encryption type of the backup. + EncryptionType encryption_type = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The resource name of the Cloud KMS key that will be used to + // protect the backup. Once specified, the backup will enforce customer + // managed encryption, regardless of the database encryption type. + // This field should be set only when + // [encryption_type][google.spanner.admin.database.v1.CreateBackupEncryptionConfig.encryption_type] is + // CUSTOMER_MANAGED_ENCRYPTION. Values are of the form + // `projects//locations//keyRings//cryptoKeys/`. + string kms_key_name = 2 [ + (google.api.field_behavior) = OPTIONAL, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; +} diff --git a/google/cloud/spanner_admin_database_v1/proto/backup_pb2.py b/google/cloud/spanner_admin_database_v1/proto/backup_pb2.py index 05b9143615c..f48269d3e04 100644 --- a/google/cloud/spanner_admin_database_v1/proto/backup_pb2.py +++ b/google/cloud/spanner_admin_database_v1/proto/backup_pb2.py @@ -30,7 +30,7 @@ syntax="proto3", serialized_options=b"\n$com.google.spanner.admin.database.v1B\013BackupProtoP\001ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\252\002&Google.Cloud.Spanner.Admin.Database.V1\312\002&Google\\Cloud\\Spanner\\Admin\\Database\\V1\352\002+Google::Cloud::Spanner::Admin::Database::V1", create_key=_descriptor._internal_create_key, - serialized_pb=b'\n9google/cloud/spanner_admin_database_v1/proto/backup.proto\x12 google.spanner.admin.database.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/longrunning/operations.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/common.proto"\x9d\x04\n\x06\x42\x61\x63kup\x12\x36\n\x08\x64\x61tabase\x18\x02 \x01(\tB$\xfa\x41!\n\x1fspanner.googleapis.com/Database\x12/\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x34\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x17\n\nsize_bytes\x18\x05 \x01(\x03\x42\x03\xe0\x41\x03\x12\x42\n\x05state\x18\x06 \x01(\x0e\x32..google.spanner.admin.database.v1.Backup.StateB\x03\xe0\x41\x03\x12"\n\x15referencing_databases\x18\x07 \x03(\tB\x03\xe0\x41\x03\x12N\n\x0f\x65ncryption_info\x18\x08 \x01(\x0b\x32\x30.google.spanner.admin.database.v1.EncryptionInfoB\x03\xe0\x41\x03"7\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\t\n\x05READY\x10\x02:\\\xea\x41Y\n\x1dspanner.googleapis.com/Backup\x12\x38projects/{project}/instances/{instance}/backups/{backup}"\xa5\x01\n\x13\x43reateBackupRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x16\n\tbackup_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12=\n\x06\x62\x61\x63kup\x18\x03 \x01(\x0b\x32(.google.spanner.admin.database.v1.BackupB\x03\xe0\x41\x02"\xae\x01\n\x14\x43reateBackupMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x10\n\x08\x64\x61tabase\x18\x02 \x01(\t\x12\x45\n\x08progress\x18\x03 \x01(\x0b\x32\x33.google.spanner.admin.database.v1.OperationProgress\x12/\n\x0b\x63\x61ncel_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp"\x8a\x01\n\x13UpdateBackupRequest\x12=\n\x06\x62\x61\x63kup\x18\x01 \x01(\x0b\x32(.google.spanner.admin.database.v1.BackupB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"G\n\x10GetBackupRequest\x12\x33\n\x04name\x18\x01 \x01(\tB%\xe0\x41\x02\xfa\x41\x1f\n\x1dspanner.googleapis.com/Backup"J\n\x13\x44\x65leteBackupRequest\x12\x33\n\x04name\x18\x01 \x01(\tB%\xe0\x41\x02\xfa\x41\x1f\n\x1dspanner.googleapis.com/Backup"\x84\x01\n\x12ListBackupsRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t"i\n\x13ListBackupsResponse\x12\x39\n\x07\x62\x61\x63kups\x18\x01 \x03(\x0b\x32(.google.spanner.admin.database.v1.Backup\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"\x8d\x01\n\x1bListBackupOperationsRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t"j\n\x1cListBackupOperationsResponse\x12\x31\n\noperations\x18\x01 \x03(\x0b\x32\x1d.google.longrunning.Operation\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"f\n\nBackupInfo\x12\x0e\n\x06\x62\x61\x63kup\x18\x01 \x01(\t\x12/\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fsource_database\x18\x03 \x01(\tB\xff\x01\n$com.google.spanner.admin.database.v1B\x0b\x42\x61\x63kupProtoP\x01ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\xaa\x02&Google.Cloud.Spanner.Admin.Database.V1\xca\x02&Google\\Cloud\\Spanner\\Admin\\Database\\V1\xea\x02+Google::Cloud::Spanner::Admin::Database::V1b\x06proto3', + serialized_pb=b'\n9google/cloud/spanner_admin_database_v1/proto/backup.proto\x12 google.spanner.admin.database.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a#google/longrunning/operations.proto\x1a google/protobuf/field_mask.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/common.proto"\x9d\x04\n\x06\x42\x61\x63kup\x12\x36\n\x08\x64\x61tabase\x18\x02 \x01(\tB$\xfa\x41!\n\x1fspanner.googleapis.com/Database\x12/\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x34\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x17\n\nsize_bytes\x18\x05 \x01(\x03\x42\x03\xe0\x41\x03\x12\x42\n\x05state\x18\x06 \x01(\x0e\x32..google.spanner.admin.database.v1.Backup.StateB\x03\xe0\x41\x03\x12"\n\x15referencing_databases\x18\x07 \x03(\tB\x03\xe0\x41\x03\x12N\n\x0f\x65ncryption_info\x18\x08 \x01(\x0b\x32\x30.google.spanner.admin.database.v1.EncryptionInfoB\x03\xe0\x41\x03"7\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\t\n\x05READY\x10\x02:\\\xea\x41Y\n\x1dspanner.googleapis.com/Backup\x12\x38projects/{project}/instances/{instance}/backups/{backup}"\x85\x02\n\x13\x43reateBackupRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x16\n\tbackup_id\x18\x02 \x01(\tB\x03\xe0\x41\x02\x12=\n\x06\x62\x61\x63kup\x18\x03 \x01(\x0b\x32(.google.spanner.admin.database.v1.BackupB\x03\xe0\x41\x02\x12^\n\x11\x65ncryption_config\x18\x04 \x01(\x0b\x32>.google.spanner.admin.database.v1.CreateBackupEncryptionConfigB\x03\xe0\x41\x01"\xae\x01\n\x14\x43reateBackupMetadata\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x10\n\x08\x64\x61tabase\x18\x02 \x01(\t\x12\x45\n\x08progress\x18\x03 \x01(\x0b\x32\x33.google.spanner.admin.database.v1.OperationProgress\x12/\n\x0b\x63\x61ncel_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp"\x8a\x01\n\x13UpdateBackupRequest\x12=\n\x06\x62\x61\x63kup\x18\x01 \x01(\x0b\x32(.google.spanner.admin.database.v1.BackupB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"G\n\x10GetBackupRequest\x12\x33\n\x04name\x18\x01 \x01(\tB%\xe0\x41\x02\xfa\x41\x1f\n\x1dspanner.googleapis.com/Backup"J\n\x13\x44\x65leteBackupRequest\x12\x33\n\x04name\x18\x01 \x01(\tB%\xe0\x41\x02\xfa\x41\x1f\n\x1dspanner.googleapis.com/Backup"\x84\x01\n\x12ListBackupsRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t"i\n\x13ListBackupsResponse\x12\x39\n\x07\x62\x61\x63kups\x18\x01 \x03(\x0b\x32(.google.spanner.admin.database.v1.Backup\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"\x8d\x01\n\x1bListBackupOperationsRequest\x12\x37\n\x06parent\x18\x01 \x01(\tB\'\xe0\x41\x02\xfa\x41!\n\x1fspanner.googleapis.com/Instance\x12\x0e\n\x06\x66ilter\x18\x02 \x01(\t\x12\x11\n\tpage_size\x18\x03 \x01(\x05\x12\x12\n\npage_token\x18\x04 \x01(\t"j\n\x1cListBackupOperationsResponse\x12\x31\n\noperations\x18\x01 \x03(\x0b\x32\x1d.google.longrunning.Operation\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"f\n\nBackupInfo\x12\x0e\n\x06\x62\x61\x63kup\x18\x01 \x01(\t\x12/\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x17\n\x0fsource_database\x18\x03 \x01(\t"\xdd\x02\n\x1c\x43reateBackupEncryptionConfig\x12k\n\x0f\x65ncryption_type\x18\x01 \x01(\x0e\x32M.google.spanner.admin.database.v1.CreateBackupEncryptionConfig.EncryptionTypeB\x03\xe0\x41\x02\x12?\n\x0ckms_key_name\x18\x02 \x01(\tB)\xe0\x41\x01\xfa\x41#\n!cloudkms.googleapis.com/CryptoKey"\x8e\x01\n\x0e\x45ncryptionType\x12\x1f\n\x1b\x45NCRYPTION_TYPE_UNSPECIFIED\x10\x00\x12\x1b\n\x17USE_DATABASE_ENCRYPTION\x10\x01\x12\x1d\n\x19GOOGLE_DEFAULT_ENCRYPTION\x10\x02\x12\x1f\n\x1b\x43USTOMER_MANAGED_ENCRYPTION\x10\x03\x42\xff\x01\n$com.google.spanner.admin.database.v1B\x0b\x42\x61\x63kupProtoP\x01ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\xaa\x02&Google.Cloud.Spanner.Admin.Database.V1\xca\x02&Google\\Cloud\\Spanner\\Admin\\Database\\V1\xea\x02+Google::Cloud::Spanner::Admin::Database::V1b\x06proto3', dependencies=[ google_dot_api_dot_field__behavior__pb2.DESCRIPTOR, google_dot_api_dot_resource__pb2.DESCRIPTOR, @@ -81,6 +81,53 @@ ) _sym_db.RegisterEnumDescriptor(_BACKUP_STATE) +_CREATEBACKUPENCRYPTIONCONFIG_ENCRYPTIONTYPE = _descriptor.EnumDescriptor( + name="EncryptionType", + full_name="google.spanner.admin.database.v1.CreateBackupEncryptionConfig.EncryptionType", + filename=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + values=[ + _descriptor.EnumValueDescriptor( + name="ENCRYPTION_TYPE_UNSPECIFIED", + index=0, + number=0, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="USE_DATABASE_ENCRYPTION", + index=1, + number=1, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="GOOGLE_DEFAULT_ENCRYPTION", + index=2, + number=2, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="CUSTOMER_MANAGED_ENCRYPTION", + index=3, + number=3, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + ], + containing_type=None, + serialized_options=None, + serialized_start=2399, + serialized_end=2541, +) +_sym_db.RegisterEnumDescriptor(_CREATEBACKUPENCRYPTIONCONFIG_ENCRYPTIONTYPE) + _BACKUP = _descriptor.Descriptor( name="Backup", @@ -321,6 +368,25 @@ file=DESCRIPTOR, create_key=_descriptor._internal_create_key, ), + _descriptor.FieldDescriptor( + name="encryption_config", + full_name="google.spanner.admin.database.v1.CreateBackupRequest.encryption_config", + index=3, + number=4, + type=11, + cpp_type=10, + label=1, + has_default_value=False, + default_value=None, + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\001", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), ], extensions=[], nested_types=[], @@ -331,7 +397,7 @@ extension_ranges=[], oneofs=[], serialized_start=863, - serialized_end=1028, + serialized_end=1124, ) @@ -428,8 +494,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1031, - serialized_end=1205, + serialized_start=1127, + serialized_end=1301, ) @@ -488,8 +554,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1208, - serialized_end=1346, + serialized_start=1304, + serialized_end=1442, ) @@ -529,8 +595,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1348, - serialized_end=1419, + serialized_start=1444, + serialized_end=1515, ) @@ -570,8 +636,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1421, - serialized_end=1495, + serialized_start=1517, + serialized_end=1591, ) @@ -668,8 +734,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1498, - serialized_end=1630, + serialized_start=1594, + serialized_end=1726, ) @@ -728,8 +794,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1632, - serialized_end=1737, + serialized_start=1728, + serialized_end=1833, ) @@ -826,8 +892,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1740, - serialized_end=1881, + serialized_start=1836, + serialized_end=1977, ) @@ -886,8 +952,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1883, - serialized_end=1989, + serialized_start=1979, + serialized_end=2085, ) @@ -965,8 +1031,68 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=1991, - serialized_end=2093, + serialized_start=2087, + serialized_end=2189, +) + + +_CREATEBACKUPENCRYPTIONCONFIG = _descriptor.Descriptor( + name="CreateBackupEncryptionConfig", + full_name="google.spanner.admin.database.v1.CreateBackupEncryptionConfig", + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name="encryption_type", + full_name="google.spanner.admin.database.v1.CreateBackupEncryptionConfig.encryption_type", + index=0, + number=1, + type=14, + cpp_type=8, + label=1, + has_default_value=False, + default_value=0, + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\002", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), + _descriptor.FieldDescriptor( + name="kms_key_name", + full_name="google.spanner.admin.database.v1.CreateBackupEncryptionConfig.kms_key_name", + index=1, + number=2, + type=9, + cpp_type=9, + label=1, + has_default_value=False, + default_value=b"".decode("utf-8"), + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\001\372A#\n!cloudkms.googleapis.com/CryptoKey", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), + ], + extensions=[], + nested_types=[], + enum_types=[_CREATEBACKUPENCRYPTIONCONFIG_ENCRYPTIONTYPE], + serialized_options=None, + is_extendable=False, + syntax="proto3", + extension_ranges=[], + oneofs=[], + serialized_start=2192, + serialized_end=2541, ) _BACKUP.fields_by_name[ @@ -983,6 +1109,9 @@ ) _BACKUP_STATE.containing_type = _BACKUP _CREATEBACKUPREQUEST.fields_by_name["backup"].message_type = _BACKUP +_CREATEBACKUPREQUEST.fields_by_name[ + "encryption_config" +].message_type = _CREATEBACKUPENCRYPTIONCONFIG _CREATEBACKUPMETADATA.fields_by_name[ "progress" ].message_type = ( @@ -1002,6 +1131,12 @@ _BACKUPINFO.fields_by_name[ "create_time" ].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CREATEBACKUPENCRYPTIONCONFIG.fields_by_name[ + "encryption_type" +].enum_type = _CREATEBACKUPENCRYPTIONCONFIG_ENCRYPTIONTYPE +_CREATEBACKUPENCRYPTIONCONFIG_ENCRYPTIONTYPE.containing_type = ( + _CREATEBACKUPENCRYPTIONCONFIG +) DESCRIPTOR.message_types_by_name["Backup"] = _BACKUP DESCRIPTOR.message_types_by_name["CreateBackupRequest"] = _CREATEBACKUPREQUEST DESCRIPTOR.message_types_by_name["CreateBackupMetadata"] = _CREATEBACKUPMETADATA @@ -1017,6 +1152,9 @@ "ListBackupOperationsResponse" ] = _LISTBACKUPOPERATIONSRESPONSE DESCRIPTOR.message_types_by_name["BackupInfo"] = _BACKUPINFO +DESCRIPTOR.message_types_by_name[ + "CreateBackupEncryptionConfig" +] = _CREATEBACKUPENCRYPTIONCONFIG _sym_db.RegisterFileDescriptor(DESCRIPTOR) Backup = _reflection.GeneratedProtocolMessageType( @@ -1107,6 +1245,14 @@ kups/``. backup: Required. The backup to create. + encryption_config: + Optional. An encryption configuration describing the + encryption type and key resources in Cloud KMS used to encrypt + the backup. If no ``encryption_config`` is specified, the + backup will use the same encryption configuration as the + database by default, namely [encryption_type][google.spanner.a + dmin.database.v1.CreateBackupEncryptionConfig.encryption_type] + = USE_DATABASE_ENCRYPTION. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.CreateBackupRequest) }, @@ -1413,6 +1559,33 @@ ) _sym_db.RegisterMessage(BackupInfo) +CreateBackupEncryptionConfig = _reflection.GeneratedProtocolMessageType( + "CreateBackupEncryptionConfig", + (_message.Message,), + { + "DESCRIPTOR": _CREATEBACKUPENCRYPTIONCONFIG, + "__module__": "google.cloud.spanner_admin_database_v1.proto.backup_pb2", + "__doc__": """Encryption configuration for the backup to create. + + Attributes: + encryption_type: + Required. The encryption type of the backup. + kms_key_name: + Optional. The resource name of the Cloud KMS key that will be + used to protect the backup. Once specified, the backup will + enforce customer managed encryption, regardless of the + database encryption type. This field should be set only when [ + encryption_type][google.spanner.admin.database.v1.CreateBackup + EncryptionConfig.encryption_type] is + CUSTOMER_MANAGED_ENCRYPTION. Values are of the form ``projects + //locations//keyRings//cryptoKeys + /``. + """, + # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.CreateBackupEncryptionConfig) + }, +) +_sym_db.RegisterMessage(CreateBackupEncryptionConfig) + DESCRIPTOR._options = None _BACKUP.fields_by_name["database"]._options = None @@ -1425,10 +1598,13 @@ _CREATEBACKUPREQUEST.fields_by_name["parent"]._options = None _CREATEBACKUPREQUEST.fields_by_name["backup_id"]._options = None _CREATEBACKUPREQUEST.fields_by_name["backup"]._options = None +_CREATEBACKUPREQUEST.fields_by_name["encryption_config"]._options = None _UPDATEBACKUPREQUEST.fields_by_name["backup"]._options = None _UPDATEBACKUPREQUEST.fields_by_name["update_mask"]._options = None _GETBACKUPREQUEST.fields_by_name["name"]._options = None _DELETEBACKUPREQUEST.fields_by_name["name"]._options = None _LISTBACKUPSREQUEST.fields_by_name["parent"]._options = None _LISTBACKUPOPERATIONSREQUEST.fields_by_name["parent"]._options = None +_CREATEBACKUPENCRYPTIONCONFIG.fields_by_name["encryption_type"]._options = None +_CREATEBACKUPENCRYPTIONCONFIG.fields_by_name["kms_key_name"]._options = None # @@protoc_insertion_point(module_scope) diff --git a/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto b/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto index ca1a45ac8b4..6a000191a39 100644 --- a/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto +++ b/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto @@ -535,6 +535,11 @@ message UpdateDatabaseDdlMetadata { // succeeded so far, where `commit_timestamps[i]` is the commit // timestamp for the statement `statements[i]`. repeated google.protobuf.Timestamp commit_timestamps = 3; + + // Output only. When true, indicates that the operation is throttled e.g + // due to resource constraints. When resources become available the operation + // will resume and this field will be false again. + bool throttled = 4; } // The request for [DropDatabase][google.spanner.admin.database.v1.DatabaseAdmin.DropDatabase]. @@ -676,6 +681,56 @@ message RestoreDatabaseRequest { type: "spanner.googleapis.com/Backup" }]; } + + // Optional. An encryption configuration describing the encryption type and key + // resources in Cloud KMS used to encrypt/decrypt the database to restore to. + // If no `encryption_config` is specified, the restored database will use + // the config default (if set) or the same encryption configuration as + // the backup by default, namely + // [encryption_type][google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.encryption_type] = + // USE_CONFIG_DEFAULT_OR_DATABASE_ENCRYPTION. + RestoreDatabaseEncryptionConfig encryption_config = 4 [(google.api.field_behavior) = OPTIONAL]; +} + +// Encryption configuration for the database to restore to. +message RestoreDatabaseEncryptionConfig { + // Encryption types for the database to be restored. + enum EncryptionType { + // Unspecified. Do not use. + ENCRYPTION_TYPE_UNSPECIFIED = 0; + + // This is the default option when + // [encryption_config][RestoreDatabaseEncryptionConfig.encryption_config] is + // empty. It will first check whether there is a config default and use + // it if set. if not set, it will use the backup encryption setting. Note + // that the config default feature is a new feature that may not be + // available at the beginning. + USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION = 1; + + // Enforce google default encryption. + GOOGLE_DEFAULT_ENCRYPTION = 2; + + // Enforce customer managed encryption. If specified, the kms_key_name + // must provide a valid Cloud KMS key name. + CUSTOMER_MANAGED_ENCRYPTION = 3; + } + + // Required. The encryption type of the restored database. + EncryptionType encryption_type = 1 [(google.api.field_behavior) = REQUIRED]; + + // Optional. The resource name of the Cloud KMS key that will be used to + // encrypt/decrypt the database to restore to. Once specified, the database + // will enforce customer managed encryption, regardless of the backup + // encryption type. This field should be set only when + // [encryption_type][google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.encryption_type] is + // CUSTOMER_MANAGED_ENCRYPTION. Values are of the form + // `projects//locations//keyRings//cryptoKeys/`. + string kms_key_name = 2 [ + (google.api.field_behavior) = OPTIONAL, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; } // Metadata type for the long-running operation returned by diff --git a/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin_pb2.py b/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin_pb2.py index 2af7a5041f7..b8b9fe68e1c 100644 --- a/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin_pb2.py +++ b/google/cloud/spanner_admin_database_v1/proto/spanner_database_admin_pb2.py @@ -38,7 +38,7 @@ syntax="proto3", serialized_options=b"\n$com.google.spanner.admin.database.v1B\031SpannerDatabaseAdminProtoP\001ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\252\002&Google.Cloud.Spanner.Admin.Database.V1\312\002&Google\\Cloud\\Spanner\\Admin\\Database\\V1\352\002+Google::Cloud::Spanner::Admin::Database::V1\352AJ\n\037spanner.googleapis.com/Instance\022'projects/{project}/instances/{instance}", create_key=_descriptor._internal_create_key, - serialized_pb=b'\nIgoogle/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto\x12 google.spanner.admin.database.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a#google/longrunning/operations.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/backup.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/common.proto"\xab\x01\n\x0bRestoreInfo\x12H\n\x0bsource_type\x18\x01 \x01(\x0e\x32\x33.google.spanner.admin.database.v1.RestoreSourceType\x12\x43\n\x0b\x62\x61\x63kup_info\x18\x02 \x01(\x0b\x32,.google.spanner.admin.database.v1.BackupInfoH\x00\x42\r\n\x0bsource_info"\xd1\x04\n\x08\x44\x61tabase\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x05state\x18\x02 \x01(\x0e\x32\x30.google.spanner.admin.database.v1.Database.StateB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12H\n\x0crestore_info\x18\x04 \x01(\x0b\x32-.google.spanner.admin.database.v1.RestoreInfoB\x03\xe0\x41\x03\x12R\n\x11\x65ncryption_config\x18\x05 \x01(\x0b\x32\x32.google.spanner.admin.database.v1.EncryptionConfigB\x03\xe0\x41\x03\x12%\n\x18version_retention_period\x18\x06 \x01(\tB\x03\xe0\x41\x03\x12>\n\x15\x65\x61rliest_version_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03"M\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\t\n\x05READY\x10\x02\x12\x14\n\x10READY_OPTIMIZING\x10\x03:b\xea\x41_\n\x1fspanner.googleapis.com/Database\x12\x82\xd3\xe4\x93\x02/\x12-/v1/{parent=projects/*/instances/*}/databases\xda\x41\x06parent\x12\xa4\x02\n\x0e\x43reateDatabase\x12\x37.google.spanner.admin.database.v1.CreateDatabaseRequest\x1a\x1d.google.longrunning.Operation"\xb9\x01\x82\xd3\xe4\x93\x02\x32"-/v1/{parent=projects/*/instances/*}/databases:\x01*\xda\x41\x17parent,create_statement\xca\x41\x64\n)google.spanner.admin.database.v1.Database\x12\x37google.spanner.admin.database.v1.CreateDatabaseMetadata\x12\xad\x01\n\x0bGetDatabase\x12\x34.google.spanner.admin.database.v1.GetDatabaseRequest\x1a*.google.spanner.admin.database.v1.Database"<\x82\xd3\xe4\x93\x02/\x12-/v1/{name=projects/*/instances/*/databases/*}\xda\x41\x04name\x12\x9d\x02\n\x11UpdateDatabaseDdl\x12:.google.spanner.admin.database.v1.UpdateDatabaseDdlRequest\x1a\x1d.google.longrunning.Operation"\xac\x01\x82\xd3\xe4\x93\x02:25/v1/{database=projects/*/instances/*/databases/*}/ddl:\x01*\xda\x41\x13\x64\x61tabase,statements\xca\x41S\n\x15google.protobuf.Empty\x12:google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata\x12\xa3\x01\n\x0c\x44ropDatabase\x12\x35.google.spanner.admin.database.v1.DropDatabaseRequest\x1a\x16.google.protobuf.Empty"D\x82\xd3\xe4\x93\x02\x33*1/v1/{database=projects/*/instances/*/databases/*}\xda\x41\x08\x64\x61tabase\x12\xcd\x01\n\x0eGetDatabaseDdl\x12\x37.google.spanner.admin.database.v1.GetDatabaseDdlRequest\x1a\x38.google.spanner.admin.database.v1.GetDatabaseDdlResponse"H\x82\xd3\xe4\x93\x02\x37\x12\x35/v1/{database=projects/*/instances/*/databases/*}/ddl\xda\x41\x08\x64\x61tabase\x12\xeb\x01\n\x0cSetIamPolicy\x12".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy"\x9f\x01\x82\xd3\xe4\x93\x02\x86\x01">/v1/{resource=projects/*/instances/*/databases/*}:setIamPolicy:\x01*ZA"/v1/{resource=projects/*/instances/*/databases/*}:getIamPolicy:\x01*ZA".google.spanner.admin.database.v1.ListBackupOperationsResponse"E\x82\xd3\xe4\x93\x02\x36\x12\x34/v1/{parent=projects/*/instances/*}/backupOperations\xda\x41\x06parent\x1ax\xca\x41\x16spanner.googleapis.com\xd2\x41\\https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/spanner.adminB\xda\x02\n$com.google.spanner.admin.database.v1B\x19SpannerDatabaseAdminProtoP\x01ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\xaa\x02&Google.Cloud.Spanner.Admin.Database.V1\xca\x02&Google\\Cloud\\Spanner\\Admin\\Database\\V1\xea\x02+Google::Cloud::Spanner::Admin::Database::V1\xea\x41J\n\x1fspanner.googleapis.com/Instance\x12\'projects/{project}/instances/{instance}b\x06proto3', + serialized_pb=b'\nIgoogle/cloud/spanner_admin_database_v1/proto/spanner_database_admin.proto\x12 google.spanner.admin.database.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a#google/longrunning/operations.proto\x1a\x1bgoogle/protobuf/empty.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/backup.proto\x1a\x39google/cloud/spanner_admin_database_v1/proto/common.proto"\xab\x01\n\x0bRestoreInfo\x12H\n\x0bsource_type\x18\x01 \x01(\x0e\x32\x33.google.spanner.admin.database.v1.RestoreSourceType\x12\x43\n\x0b\x62\x61\x63kup_info\x18\x02 \x01(\x0b\x32,.google.spanner.admin.database.v1.BackupInfoH\x00\x42\r\n\x0bsource_info"\xd1\x04\n\x08\x44\x61tabase\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x44\n\x05state\x18\x02 \x01(\x0e\x32\x30.google.spanner.admin.database.v1.Database.StateB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12H\n\x0crestore_info\x18\x04 \x01(\x0b\x32-.google.spanner.admin.database.v1.RestoreInfoB\x03\xe0\x41\x03\x12R\n\x11\x65ncryption_config\x18\x05 \x01(\x0b\x32\x32.google.spanner.admin.database.v1.EncryptionConfigB\x03\xe0\x41\x03\x12%\n\x18version_retention_period\x18\x06 \x01(\tB\x03\xe0\x41\x03\x12>\n\x15\x65\x61rliest_version_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03"M\n\x05State\x12\x15\n\x11STATE_UNSPECIFIED\x10\x00\x12\x0c\n\x08\x43REATING\x10\x01\x12\t\n\x05READY\x10\x02\x12\x14\n\x10READY_OPTIMIZING\x10\x03:b\xea\x41_\n\x1fspanner.googleapis.com/Database\x12\x82\xd3\xe4\x93\x02/\x12-/v1/{parent=projects/*/instances/*}/databases\xda\x41\x06parent\x12\xa4\x02\n\x0e\x43reateDatabase\x12\x37.google.spanner.admin.database.v1.CreateDatabaseRequest\x1a\x1d.google.longrunning.Operation"\xb9\x01\x82\xd3\xe4\x93\x02\x32"-/v1/{parent=projects/*/instances/*}/databases:\x01*\xda\x41\x17parent,create_statement\xca\x41\x64\n)google.spanner.admin.database.v1.Database\x12\x37google.spanner.admin.database.v1.CreateDatabaseMetadata\x12\xad\x01\n\x0bGetDatabase\x12\x34.google.spanner.admin.database.v1.GetDatabaseRequest\x1a*.google.spanner.admin.database.v1.Database"<\x82\xd3\xe4\x93\x02/\x12-/v1/{name=projects/*/instances/*/databases/*}\xda\x41\x04name\x12\x9d\x02\n\x11UpdateDatabaseDdl\x12:.google.spanner.admin.database.v1.UpdateDatabaseDdlRequest\x1a\x1d.google.longrunning.Operation"\xac\x01\x82\xd3\xe4\x93\x02:25/v1/{database=projects/*/instances/*/databases/*}/ddl:\x01*\xda\x41\x13\x64\x61tabase,statements\xca\x41S\n\x15google.protobuf.Empty\x12:google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata\x12\xa3\x01\n\x0c\x44ropDatabase\x12\x35.google.spanner.admin.database.v1.DropDatabaseRequest\x1a\x16.google.protobuf.Empty"D\x82\xd3\xe4\x93\x02\x33*1/v1/{database=projects/*/instances/*/databases/*}\xda\x41\x08\x64\x61tabase\x12\xcd\x01\n\x0eGetDatabaseDdl\x12\x37.google.spanner.admin.database.v1.GetDatabaseDdlRequest\x1a\x38.google.spanner.admin.database.v1.GetDatabaseDdlResponse"H\x82\xd3\xe4\x93\x02\x37\x12\x35/v1/{database=projects/*/instances/*/databases/*}/ddl\xda\x41\x08\x64\x61tabase\x12\xeb\x01\n\x0cSetIamPolicy\x12".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy"\x9f\x01\x82\xd3\xe4\x93\x02\x86\x01">/v1/{resource=projects/*/instances/*/databases/*}:setIamPolicy:\x01*ZA"/v1/{resource=projects/*/instances/*/databases/*}:getIamPolicy:\x01*ZA".google.spanner.admin.database.v1.ListBackupOperationsResponse"E\x82\xd3\xe4\x93\x02\x36\x12\x34/v1/{parent=projects/*/instances/*}/backupOperations\xda\x41\x06parent\x1ax\xca\x41\x16spanner.googleapis.com\xd2\x41\\https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/spanner.adminB\xda\x02\n$com.google.spanner.admin.database.v1B\x19SpannerDatabaseAdminProtoP\x01ZHgoogle.golang.org/genproto/googleapis/spanner/admin/database/v1;database\xaa\x02&Google.Cloud.Spanner.Admin.Database.V1\xca\x02&Google\\Cloud\\Spanner\\Admin\\Database\\V1\xea\x02+Google::Cloud::Spanner::Admin::Database::V1\xea\x41J\n\x1fspanner.googleapis.com/Instance\x12\'projects/{project}/instances/{instance}b\x06proto3', dependencies=[ google_dot_api_dot_annotations__pb2.DESCRIPTOR, google_dot_api_dot_client__pb2.DESCRIPTOR, @@ -80,8 +80,8 @@ ], containing_type=None, serialized_options=None, - serialized_start=3315, - serialized_end=3368, + serialized_start=3807, + serialized_end=3860, ) _sym_db.RegisterEnumDescriptor(_RESTORESOURCETYPE) @@ -137,6 +137,53 @@ ) _sym_db.RegisterEnumDescriptor(_DATABASE_STATE) +_RESTOREDATABASEENCRYPTIONCONFIG_ENCRYPTIONTYPE = _descriptor.EnumDescriptor( + name="EncryptionType", + full_name="google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.EncryptionType", + filename=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + values=[ + _descriptor.EnumValueDescriptor( + name="ENCRYPTION_TYPE_UNSPECIFIED", + index=0, + number=0, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION", + index=1, + number=1, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="GOOGLE_DEFAULT_ENCRYPTION", + index=2, + number=2, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + _descriptor.EnumValueDescriptor( + name="CUSTOMER_MANAGED_ENCRYPTION", + index=3, + number=3, + serialized_options=None, + type=None, + create_key=_descriptor._internal_create_key, + ), + ], + containing_type=None, + serialized_options=None, + serialized_start=3164, + serialized_end=3322, +) +_sym_db.RegisterEnumDescriptor(_RESTOREDATABASEENCRYPTIONCONFIG_ENCRYPTIONTYPE) + _RESTOREINFO = _descriptor.Descriptor( name="RestoreInfo", @@ -825,6 +872,25 @@ file=DESCRIPTOR, create_key=_descriptor._internal_create_key, ), + _descriptor.FieldDescriptor( + name="throttled", + full_name="google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata.throttled", + index=3, + number=4, + type=8, + cpp_type=7, + label=1, + has_default_value=False, + default_value=False, + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=None, + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), ], extensions=[], nested_types=[], @@ -835,7 +901,7 @@ extension_ranges=[], oneofs=[], serialized_start=2030, - serialized_end=2188, + serialized_end=2207, ) @@ -875,8 +941,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=2190, - serialized_end=2270, + serialized_start=2209, + serialized_end=2289, ) @@ -916,8 +982,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=2272, - serialized_end=2354, + serialized_start=2291, + serialized_end=2373, ) @@ -957,8 +1023,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=2356, - serialized_end=2400, + serialized_start=2375, + serialized_end=2419, ) @@ -1055,8 +1121,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=2403, - serialized_end=2546, + serialized_start=2422, + serialized_end=2565, ) @@ -1115,8 +1181,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=2548, - serialized_end=2656, + serialized_start=2567, + serialized_end=2675, ) @@ -1185,6 +1251,25 @@ file=DESCRIPTOR, create_key=_descriptor._internal_create_key, ), + _descriptor.FieldDescriptor( + name="encryption_config", + full_name="google.spanner.admin.database.v1.RestoreDatabaseRequest.encryption_config", + index=3, + number=4, + type=11, + cpp_type=10, + label=1, + has_default_value=False, + default_value=None, + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\001", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), ], extensions=[], nested_types=[], @@ -1203,8 +1288,68 @@ fields=[], ) ], - serialized_start=2659, - serialized_end=2830, + serialized_start=2678, + serialized_end=2948, +) + + +_RESTOREDATABASEENCRYPTIONCONFIG = _descriptor.Descriptor( + name="RestoreDatabaseEncryptionConfig", + full_name="google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig", + filename=None, + file=DESCRIPTOR, + containing_type=None, + create_key=_descriptor._internal_create_key, + fields=[ + _descriptor.FieldDescriptor( + name="encryption_type", + full_name="google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.encryption_type", + index=0, + number=1, + type=14, + cpp_type=8, + label=1, + has_default_value=False, + default_value=0, + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\002", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), + _descriptor.FieldDescriptor( + name="kms_key_name", + full_name="google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig.kms_key_name", + index=1, + number=2, + type=9, + cpp_type=9, + label=1, + has_default_value=False, + default_value=b"".decode("utf-8"), + message_type=None, + enum_type=None, + containing_type=None, + is_extension=False, + extension_scope=None, + serialized_options=b"\340A\001\372A#\n!cloudkms.googleapis.com/CryptoKey", + file=DESCRIPTOR, + create_key=_descriptor._internal_create_key, + ), + ], + extensions=[], + nested_types=[], + enum_types=[_RESTOREDATABASEENCRYPTIONCONFIG_ENCRYPTIONTYPE], + serialized_options=None, + is_extendable=False, + syntax="proto3", + extension_ranges=[], + oneofs=[], + serialized_start=2951, + serialized_end=3322, ) @@ -1348,8 +1493,8 @@ fields=[], ) ], - serialized_start=2833, - serialized_end=3192, + serialized_start=3325, + serialized_end=3684, ) @@ -1408,8 +1553,8 @@ syntax="proto3", extension_ranges=[], oneofs=[], - serialized_start=3194, - serialized_end=3313, + serialized_start=3686, + serialized_end=3805, ) _RESTOREINFO.fields_by_name["source_type"].enum_type = _RESTORESOURCETYPE @@ -1450,12 +1595,21 @@ _LISTDATABASEOPERATIONSRESPONSE.fields_by_name[ "operations" ].message_type = google_dot_longrunning_dot_operations__pb2._OPERATION +_RESTOREDATABASEREQUEST.fields_by_name[ + "encryption_config" +].message_type = _RESTOREDATABASEENCRYPTIONCONFIG _RESTOREDATABASEREQUEST.oneofs_by_name["source"].fields.append( _RESTOREDATABASEREQUEST.fields_by_name["backup"] ) _RESTOREDATABASEREQUEST.fields_by_name[ "backup" ].containing_oneof = _RESTOREDATABASEREQUEST.oneofs_by_name["source"] +_RESTOREDATABASEENCRYPTIONCONFIG.fields_by_name[ + "encryption_type" +].enum_type = _RESTOREDATABASEENCRYPTIONCONFIG_ENCRYPTIONTYPE +_RESTOREDATABASEENCRYPTIONCONFIG_ENCRYPTIONTYPE.containing_type = ( + _RESTOREDATABASEENCRYPTIONCONFIG +) _RESTOREDATABASEMETADATA.fields_by_name["source_type"].enum_type = _RESTORESOURCETYPE _RESTOREDATABASEMETADATA.fields_by_name[ "backup_info" @@ -1502,6 +1656,9 @@ "ListDatabaseOperationsResponse" ] = _LISTDATABASEOPERATIONSRESPONSE DESCRIPTOR.message_types_by_name["RestoreDatabaseRequest"] = _RESTOREDATABASEREQUEST +DESCRIPTOR.message_types_by_name[ + "RestoreDatabaseEncryptionConfig" +] = _RESTOREDATABASEENCRYPTIONCONFIG DESCRIPTOR.message_types_by_name["RestoreDatabaseMetadata"] = _RESTOREDATABASEMETADATA DESCRIPTOR.message_types_by_name[ "OptimizeRestoredDatabaseMetadata" @@ -1591,10 +1748,10 @@ Number of databases to be returned in the response. If 0 or less, defaults to the server’s maximum allowed page size. page_token: - If non-empty, ``page_token`` should contain a [next\_page\_tok - en][google.spanner.admin.database.v1.ListDatabasesResponse.nex - t\_page\_token] from a previous [ListDatabasesResponse][google - .spanner.admin.database.v1.ListDatabasesResponse]. + If non-empty, ``page_token`` should contain a [next_page_token + ][google.spanner.admin.database.v1.ListDatabasesResponse.next_ + page_token] from a previous [ListDatabasesResponse][google.spa + nner.admin.database.v1.ListDatabasesResponse]. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.ListDatabasesRequest) }, @@ -1768,6 +1925,11 @@ Reports the commit timestamps of all statements that have succeeded so far, where ``commit_timestamps[i]`` is the commit timestamp for the statement ``statements[i]``. + throttled: + Output only. When true, indicates that the operation is + throttled e.g due to resource constraints. When resources + become available the operation will resume and this field will + be false again. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.UpdateDatabaseDdlMetadata) }, @@ -1884,11 +2046,11 @@ Number of operations to be returned in the response. If 0 or less, defaults to the server’s maximum allowed page size. page_token: - If non-empty, ``page_token`` should contain a [next\_page\_tok - en][google.spanner.admin.database.v1.ListDatabaseOperationsRes - ponse.next\_page\_token] from a previous [ListDatabaseOperatio - nsResponse][google.spanner.admin.database.v1.ListDatabaseOpera - tionsResponse] to the same ``parent`` and with the same + If non-empty, ``page_token`` should contain a [next_page_token + ][google.spanner.admin.database.v1.ListDatabaseOperationsRespo + nse.next_page_token] from a previous [ListDatabaseOperationsRe + sponse][google.spanner.admin.database.v1.ListDatabaseOperation + sResponse] to the same ``parent`` and with the same ``filter``. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.ListDatabaseOperationsRequest) @@ -1951,12 +2113,49 @@ Name of the backup from which to restore. Values are of the form ``projects//instances//backups/``. + encryption_config: + Optional. An encryption configuration describing the + encryption type and key resources in Cloud KMS used to + encrypt/decrypt the database to restore to. If no + ``encryption_config`` is specified, the restored database will + use the config default (if set) or the same encryption + configuration as the backup by default, namely [encryption_typ + e][google.spanner.admin.database.v1.RestoreDatabaseEncryptionC + onfig.encryption_type] = + USE_CONFIG_DEFAULT_OR_DATABASE_ENCRYPTION. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.RestoreDatabaseRequest) }, ) _sym_db.RegisterMessage(RestoreDatabaseRequest) +RestoreDatabaseEncryptionConfig = _reflection.GeneratedProtocolMessageType( + "RestoreDatabaseEncryptionConfig", + (_message.Message,), + { + "DESCRIPTOR": _RESTOREDATABASEENCRYPTIONCONFIG, + "__module__": "google.cloud.spanner_admin_database_v1.proto.spanner_database_admin_pb2", + "__doc__": """Encryption configuration for the database to restore to. + + Attributes: + encryption_type: + Required. The encryption type of the restored database. + kms_key_name: + Optional. The resource name of the Cloud KMS key that will be + used to encrypt/decrypt the database to restore to. Once + specified, the database will enforce customer managed + encryption, regardless of the backup encryption type. This + field should be set only when [encryption_type][google.spanner + .admin.database.v1.RestoreDatabaseEncryptionConfig.encryption_ + type] is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form ` + `projects//locations//keyRings//c + ryptoKeys/``. + """, + # @@protoc_insertion_point(class_scope:google.spanner.admin.database.v1.RestoreDatabaseEncryptionConfig) + }, +) +_sym_db.RegisterMessage(RestoreDatabaseEncryptionConfig) + RestoreDatabaseMetadata = _reflection.GeneratedProtocolMessageType( "RestoreDatabaseMetadata", (_message.Message,), @@ -2063,6 +2262,9 @@ _RESTOREDATABASEREQUEST.fields_by_name["parent"]._options = None _RESTOREDATABASEREQUEST.fields_by_name["database_id"]._options = None _RESTOREDATABASEREQUEST.fields_by_name["backup"]._options = None +_RESTOREDATABASEREQUEST.fields_by_name["encryption_config"]._options = None +_RESTOREDATABASEENCRYPTIONCONFIG.fields_by_name["encryption_type"]._options = None +_RESTOREDATABASEENCRYPTIONCONFIG.fields_by_name["kms_key_name"]._options = None _DATABASEADMIN = _descriptor.ServiceDescriptor( name="DatabaseAdmin", @@ -2071,8 +2273,8 @@ index=0, serialized_options=b"\312A\026spanner.googleapis.com\322A\\https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/spanner.admin", create_key=_descriptor._internal_create_key, - serialized_start=3371, - serialized_end=7358, + serialized_start=3863, + serialized_end=7850, methods=[ _descriptor.MethodDescriptor( name="ListDatabases", diff --git a/google/cloud/spanner_admin_instance_v1/proto/spanner_instance_admin_pb2.py b/google/cloud/spanner_admin_instance_v1/proto/spanner_instance_admin_pb2.py index 8d086520e57..47209d78083 100644 --- a/google/cloud/spanner_admin_instance_v1/proto/spanner_instance_admin_pb2.py +++ b/google/cloud/spanner_admin_instance_v1/proto/spanner_instance_admin_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_admin_instance_v1/proto/spanner_instance_admin.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection @@ -1487,11 +1487,11 @@ response. If 0 or less, defaults to the server’s maximum allowed page size. page_token: - If non-empty, ``page_token`` should contain a [next\_page\_tok - en][google.spanner.admin.instance.v1.ListInstanceConfigsRespon - se.next\_page\_token] from a previous [ListInstanceConfigsResp - onse][google.spanner.admin.instance.v1.ListInstanceConfigsResp - onse]. + If non-empty, ``page_token`` should contain a [next_page_token + ][google.spanner.admin.instance.v1.ListInstanceConfigsResponse + .next_page_token] from a previous [ListInstanceConfigsResponse + ][google.spanner.admin.instance.v1.ListInstanceConfigsResponse + ]. """, # @@protoc_insertion_point(class_scope:google.spanner.admin.instance.v1.ListInstanceConfigsRequest) }, @@ -1610,10 +1610,10 @@ Number of instances to be returned in the response. If 0 or less, defaults to the server’s maximum allowed page size. page_token: - If non-empty, ``page_token`` should contain a [next\_page\_tok - en][google.spanner.admin.instance.v1.ListInstancesResponse.nex - t\_page\_token] from a previous [ListInstancesResponse][google - .spanner.admin.instance.v1.ListInstancesResponse]. + If non-empty, ``page_token`` should contain a [next_page_token + ][google.spanner.admin.instance.v1.ListInstancesResponse.next_ + page_token] from a previous [ListInstancesResponse][google.spa + nner.admin.instance.v1.ListInstancesResponse]. filter: An expression for filtering the results of the request. Filter rules are case insensitive. The fields eligible for filtering @@ -1668,9 +1668,9 @@ Attributes: instance: Required. The instance to update, which must always include - the instance name. Otherwise, only fields mentioned in [field\ - _mask][google.spanner.admin.instance.v1.UpdateInstanceRequest. - field\_mask] need be included. + the instance name. Otherwise, only fields mentioned in [field_ + mask][google.spanner.admin.instance.v1.UpdateInstanceRequest.f + ield_mask] need be included. field_mask: Required. A mask specifying which fields in [Instance][google.spanner.admin.instance.v1.Instance] should diff --git a/google/cloud/spanner_v1/proto/keys_pb2.py b/google/cloud/spanner_v1/proto/keys_pb2.py index 8481775d4ba..97555cb6c2b 100644 --- a/google/cloud/spanner_v1/proto/keys_pb2.py +++ b/google/cloud/spanner_v1/proto/keys_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/keys.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection @@ -347,7 +347,7 @@ { "DESCRIPTOR": _KEYSET, "__module__": "google.cloud.spanner_v1.proto.keys_pb2", - "__doc__": """``KeySet`` defines a collection of Cloud Spanner keys and/or key + "__doc__": """\ ``KeySet`` defines a collection of Cloud Spanner keys and/or key ranges. All the keys are expected to be in the same table or index. The keys need not be sorted in any particular way. If the same key is specified multiple times in the set (for example if two ranges, two diff --git a/google/cloud/spanner_v1/proto/mutation_pb2.py b/google/cloud/spanner_v1/proto/mutation_pb2.py index 4719d77a507..378cf3f707f 100644 --- a/google/cloud/spanner_v1/proto/mutation_pb2.py +++ b/google/cloud/spanner_v1/proto/mutation_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/mutation.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection diff --git a/google/cloud/spanner_v1/proto/query_plan_pb2.py b/google/cloud/spanner_v1/proto/query_plan_pb2.py index 747fe73e93d..0b9e01b2f81 100644 --- a/google/cloud/spanner_v1/proto/query_plan_pb2.py +++ b/google/cloud/spanner_v1/proto/query_plan_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/query_plan.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection diff --git a/google/cloud/spanner_v1/proto/result_set_pb2.py b/google/cloud/spanner_v1/proto/result_set_pb2.py index d9d53e36595..7c5407971c0 100644 --- a/google/cloud/spanner_v1/proto/result_set_pb2.py +++ b/google/cloud/spanner_v1/proto/result_set_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/result_set.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection diff --git a/google/cloud/spanner_v1/proto/spanner_pb2.py b/google/cloud/spanner_v1/proto/spanner_pb2.py index a48a12ca596..7591473934a 100644 --- a/google/cloud/spanner_v1/proto/spanner_pb2.py +++ b/google/cloud/spanner_v1/proto/spanner_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/spanner.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection @@ -3088,9 +3088,9 @@ If non-empty, the name of an index on [table][google.spanner.v1.ReadRequest.table]. This index is used instead of the table primary key when interpreting - [key\_set][google.spanner.v1.ReadRequest.key\_set] and sorting + [key_set][google.spanner.v1.ReadRequest.key_set] and sorting result rows. See - [key\_set][google.spanner.v1.ReadRequest.key\_set] for further + [key_set][google.spanner.v1.ReadRequest.key_set] for further information. columns: Required. The columns of @@ -3102,17 +3102,16 @@ [table][google.spanner.v1.ReadRequest.table] to be yielded, unless [index][google.spanner.v1.ReadRequest.index] is present. If [index][google.spanner.v1.ReadRequest.index] is - present, then - [key\_set][google.spanner.v1.ReadRequest.key\_set] instead - names index keys in + present, then [key_set][google.spanner.v1.ReadRequest.key_set] + instead names index keys in [index][google.spanner.v1.ReadRequest.index]. If the [partiti - on\_token][google.spanner.v1.ReadRequest.partition\_token] - field is empty, rows are yielded in table primary key order - (if [index][google.spanner.v1.ReadRequest.index] is empty) or + on_token][google.spanner.v1.ReadRequest.partition_token] field + is empty, rows are yielded in table primary key order (if + [index][google.spanner.v1.ReadRequest.index] is empty) or index key order (if [index][google.spanner.v1.ReadRequest.index] is non-empty). If - the [partition\_token][google.spanner.v1.ReadRequest.partition - \_token] field is not empty, rows will be yielded in an + the [partition_token][google.spanner.v1.ReadRequest.partition_ + token] field is not empty, rows will be yielded in an unspecified order. It is not an error for the ``key_set`` to name rows that do not exist in the database. Read yields nothing for nonexistent rows. diff --git a/google/cloud/spanner_v1/proto/transaction_pb2.py b/google/cloud/spanner_v1/proto/transaction_pb2.py index 865a2446adb..d62060f3cd4 100644 --- a/google/cloud/spanner_v1/proto/transaction_pb2.py +++ b/google/cloud/spanner_v1/proto/transaction_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/transaction.proto - +"""Generated protocol buffer code.""" from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message from google.protobuf import reflection as _reflection @@ -644,50 +644,34 @@ ), "DESCRIPTOR": _TRANSACTIONOPTIONS, "__module__": "google.cloud.spanner_v1.proto.transaction_pb2", - "__doc__": """# Transactions - - Each session can have at most one active transaction at a time. After - the active transaction is completed, the session can immediately be - re-used for the next transaction. It is not necessary to create a new - session for each transaction. - - Transaction Modes - - - Cloud Spanner supports three transaction modes: - - 1. Locking read-write. This type of transaction is the only way to write - data into Cloud Spanner. These transactions rely on pessimistic - locking and, if necessary, two-phase commit. Locking read-write - transactions may abort, requiring the application to retry. - - 2. Snapshot read-only. This transaction type provides guaranteed - consistency across several reads, but does not allow writes. Snapshot - read-only transactions can be configured to read at timestamps in the - past. Snapshot read-only transactions do not need to be committed. - - 3. Partitioned DML. This type of transaction is used to execute a single - Partitioned DML statement. Partitioned DML partitions the key space - and runs the DML statement over each partition in parallel using - separate, internal transactions that commit independently. - Partitioned DML transactions do not need to be committed. - - For transactions that only read, snapshot read-only transactions provide - simpler semantics and are almost always faster. In particular, read-only - transactions do not take locks, so they do not conflict with read-write - transactions. As a consequence of not taking locks, they also do not - abort, so retry loops are not needed. - - Transactions may only read/write data in a single database. They may, - however, read/write data in different tables within that database. - - Locking Read-Write Transactions - - - Locking transactions may be used to atomically read-modify-write data - anywhere in a database. This type of transaction is externally - consistent. - + "__doc__": """# Transactions Each session can have at most one active transaction + at a time. After the active transaction is completed, the session can + immediately be re-used for the next transaction. It is not necessary + to create a new session for each transaction. Transaction Modes + Cloud Spanner supports three transaction modes: 1. + Locking read-write. This type of transaction is the only way to write + data into Cloud Spanner. These transactions rely on pessimistic + locking and, if necessary, two-phase commit. Locking read-write + transactions may abort, requiring the application to retry. 2. + Snapshot read-only. This transaction type provides guaranteed + consistency across several reads, but does not allow writes. Snapshot + read-only transactions can be configured to read at timestamps in the + past. Snapshot read-only transactions do not need to be committed. 3. + Partitioned DML. This type of transaction is used to execute a single + Partitioned DML statement. Partitioned DML partitions the key space + and runs the DML statement over each partition in parallel using + separate, internal transactions that commit independently. + Partitioned DML transactions do not need to be committed. For + transactions that only read, snapshot read-only transactions provide + simpler semantics and are almost always faster. In particular, read- + only transactions do not take locks, so they do not conflict with + read-write transactions. As a consequence of not taking locks, they + also do not abort, so retry loops are not needed. Transactions may + only read/write data in a single database. They may, however, + read/write data in different tables within that database. Locking + Read-Write Transactions Locking + transactions may be used to atomically read-modify-write data anywhere + in a database. This type of transaction is externally consistent. Clients should attempt to minimize the amount of time a transaction is active. Faster transactions commit with higher probability and cause less contention. Cloud Spanner attempts to keep read locks active as @@ -695,238 +679,160 @@ not been terminated by [Commit][google.spanner.v1.Spanner.Commit] or [Rollback][google.spanner.v1.Spanner.Rollback]. Long periods of inactivity at the client may cause Cloud Spanner to release a - transaction’s locks and abort it. - - Conceptually, a read-write transaction consists of zero or more reads or - SQL statements followed by [Commit][google.spanner.v1.Spanner.Commit]. - At any time before [Commit][google.spanner.v1.Spanner.Commit], the - client can send a [Rollback][google.spanner.v1.Spanner.Rollback] request - to abort the transaction. - - Semantics - - - Cloud Spanner can commit the transaction if all read locks it acquired - are still valid at commit time, and it is able to acquire write locks - for all writes. Cloud Spanner can abort the transaction for any reason. - If a commit attempt returns ``ABORTED``, Cloud Spanner guarantees that - the transaction has not modified any user data in Cloud Spanner. - - Unless the transaction commits, Cloud Spanner makes no guarantees about - how long the transaction’s locks were held for. It is an error to use - Cloud Spanner locks for any sort of mutual exclusion other than between - Cloud Spanner transactions themselves. - - Retrying Aborted Transactions - - - When a transaction aborts, the application can choose to retry the whole - transaction again. To maximize the chances of successfully committing - the retry, the client should execute the retry in the same session as - the original attempt. The original session’s lock priority increases - with each consecutive abort, meaning that each attempt has a slightly - better chance of success than the previous. - - Under some circumstances (e.g., many transactions attempting to modify - the same row(s)), a transaction can abort many times in a short period - before successfully committing. Thus, it is not a good idea to cap the - number of retries a transaction can attempt; instead, it is better to - limit the total amount of wall time spent retrying. - - Idle Transactions - - - A transaction is considered idle if it has no outstanding reads or SQL + transaction’s locks and abort it. Conceptually, a read-write + transaction consists of zero or more reads or SQL statements followed + by [Commit][google.spanner.v1.Spanner.Commit]. At any time before + [Commit][google.spanner.v1.Spanner.Commit], the client can send a + [Rollback][google.spanner.v1.Spanner.Rollback] request to abort the + transaction. Semantics Cloud Spanner can commit the + transaction if all read locks it acquired are still valid at commit + time, and it is able to acquire write locks for all writes. Cloud + Spanner can abort the transaction for any reason. If a commit attempt + returns ``ABORTED``, Cloud Spanner guarantees that the transaction has + not modified any user data in Cloud Spanner. Unless the transaction + commits, Cloud Spanner makes no guarantees about how long the + transaction’s locks were held for. It is an error to use Cloud Spanner + locks for any sort of mutual exclusion other than between Cloud + Spanner transactions themselves. Retrying Aborted Transactions + When a transaction aborts, the + application can choose to retry the whole transaction again. To + maximize the chances of successfully committing the retry, the client + should execute the retry in the same session as the original attempt. + The original session’s lock priority increases with each consecutive + abort, meaning that each attempt has a slightly better chance of + success than the previous. Under some circumstances (e.g., many + transactions attempting to modify the same row(s)), a transaction can + abort many times in a short period before successfully committing. + Thus, it is not a good idea to cap the number of retries a transaction + can attempt; instead, it is better to limit the total amount of wall + time spent retrying. Idle Transactions A + transaction is considered idle if it has no outstanding reads or SQL queries and has not started a read or SQL query within the last 10 - seconds. Idle transactions can be aborted by Cloud Spanner so that they - don’t hold on to locks indefinitely. In that case, the commit will fail - with error ``ABORTED``. - - If this behavior is undesirable, periodically executing a simple SQL - query in the transaction (e.g., ``SELECT 1``) prevents the transaction - from becoming idle. - - Snapshot Read-Only Transactions - - - Snapshot read-only transactions provides a simpler method than locking - read-write transactions for doing several consistent reads. However, - this type of transaction does not support writes. - - Snapshot transactions do not take locks. Instead, they work by choosing - a Cloud Spanner timestamp, then executing all reads at that timestamp. - Since they do not acquire locks, they do not block concurrent read-write - transactions. - - Unlike locking read-write transactions, snapshot read-only transactions - never abort. They can fail if the chosen read timestamp is garbage + seconds. Idle transactions can be aborted by Cloud Spanner so that + they don’t hold on to locks indefinitely. In that case, the commit + will fail with error ``ABORTED``. If this behavior is undesirable, + periodically executing a simple SQL query in the transaction (e.g., + ``SELECT 1``) prevents the transaction from becoming idle. Snapshot + Read-Only Transactions Snapshot read- + only transactions provides a simpler method than locking read-write + transactions for doing several consistent reads. However, this type of + transaction does not support writes. Snapshot transactions do not + take locks. Instead, they work by choosing a Cloud Spanner timestamp, + then executing all reads at that timestamp. Since they do not acquire + locks, they do not block concurrent read-write transactions. Unlike + locking read-write transactions, snapshot read-only transactions never + abort. They can fail if the chosen read timestamp is garbage collected; however, the default garbage collection policy is generous enough that most applications do not need to worry about this in - practice. - - Snapshot read-only transactions do not need to call + practice. Snapshot read-only transactions do not need to call [Commit][google.spanner.v1.Spanner.Commit] or [Rollback][google.spanner.v1.Spanner.Rollback] (and in fact are not - permitted to do so). - - To execute a snapshot transaction, the client specifies a timestamp - bound, which tells Cloud Spanner how to choose a read timestamp. - - The types of timestamp bound are: - - - Strong (the default). - - Bounded staleness. - - Exact staleness. - - If the Cloud Spanner database to be read is geographically distributed, - stale read-only transactions can execute more quickly than strong or - read-write transaction, because they are able to execute far from the - leader replica. - - Each type of timestamp bound is discussed in detail below. - - Strong - - - Strong reads are guaranteed to see the effects of all transactions that - have committed before the start of the read. Furthermore, all rows - yielded by a single read are consistent with each other -- if any part - of the read observes a transaction, all parts of the read see the - transaction. - - Strong reads are not repeatable: two consecutive strong read-only - transactions might return inconsistent results if there are concurrent - writes. If consistency across reads is required, the reads should be - executed within a transaction or at an exact read timestamp. - - See - [TransactionOptions.ReadOnly.strong][google.spanner.v1.TransactionOptions.ReadOnly.strong]. - - Exact Staleness - - - These timestamp bounds execute reads at a user-specified timestamp. - Reads at a timestamp are guaranteed to see a consistent prefix of the - global transaction history: they observe modifications done by all - transactions with a commit timestamp <= the read timestamp, and observe - none of the modifications done by transactions with a larger commit - timestamp. They will block until all conflicting transactions that may - be assigned commit timestamps <= the read timestamp have finished. - - The timestamp can either be expressed as an absolute Cloud Spanner - commit timestamp or a staleness relative to the current time. - - These modes do not require a "negotiation phase" to pick a timestamp. As - a result, they execute slightly faster than the equivalent boundedly - stale concurrency modes. On the other hand, boundedly stale reads - usually return fresher results. - - See - [TransactionOptions.ReadOnly.read\_timestamp][google.spanner.v1.TransactionOptions.ReadOnly.read\_timestamp] - and - [TransactionOptions.ReadOnly.exact\_staleness][google.spanner.v1.TransactionOptions.ReadOnly.exact\_staleness]. - - Bounded Staleness - - - Bounded staleness modes allow Cloud Spanner to pick the read timestamp, - subject to a user-provided staleness bound. Cloud Spanner chooses the - newest timestamp within the staleness bound that allows execution of the - reads at the closest available replica without blocking. - - All rows yielded are consistent with each other -- if any part of the - read observes a transaction, all parts of the read see the transaction. - Boundedly stale reads are not repeatable: two stale reads, even if they - use the same staleness bound, can execute at different timestamps and - thus return inconsistent results. - - Boundedly stale reads execute in two phases: the first phase negotiates - a timestamp among all replicas needed to serve the read. In the second - phase, reads are executed at the negotiated timestamp. - - As a result of the two phase execution, bounded staleness reads are - usually a little slower than comparable exact staleness reads. However, - they are typically able to return fresher results, and are more likely - to execute at the closest replica. - + permitted to do so). To execute a snapshot transaction, the client + specifies a timestamp bound, which tells Cloud Spanner how to choose a + read timestamp. The types of timestamp bound are: - Strong (the + default). - Bounded staleness. - Exact staleness. If the Cloud + Spanner database to be read is geographically distributed, stale read- + only transactions can execute more quickly than strong or read-write + transaction, because they are able to execute far from the leader + replica. Each type of timestamp bound is discussed in detail below. + Strong Strong reads are guaranteed to see the effects of all + transactions that have committed before the start of the read. + Furthermore, all rows yielded by a single read are consistent with + each other – if any part of the read observes a transaction, all parts + of the read see the transaction. Strong reads are not repeatable: two + consecutive strong read-only transactions might return inconsistent + results if there are concurrent writes. If consistency across reads is + required, the reads should be executed within a transaction or at an + exact read timestamp. See [TransactionOptions.ReadOnly.strong][google + .spanner.v1.TransactionOptions.ReadOnly.strong]. Exact Staleness + These timestamp bounds execute reads at a user- + specified timestamp. Reads at a timestamp are guaranteed to see a + consistent prefix of the global transaction history: they observe + modifications done by all transactions with a commit timestamp <= the + read timestamp, and observe none of the modifications done by + transactions with a larger commit timestamp. They will block until all + conflicting transactions that may be assigned commit timestamps <= the + read timestamp have finished. The timestamp can either be expressed + as an absolute Cloud Spanner commit timestamp or a staleness relative + to the current time. These modes do not require a “negotiation phase” + to pick a timestamp. As a result, they execute slightly faster than + the equivalent boundedly stale concurrency modes. On the other hand, + boundedly stale reads usually return fresher results. See [Transactio + nOptions.ReadOnly.read_timestamp][google.spanner.v1.TransactionOptions + .ReadOnly.read_timestamp] and [TransactionOptions.ReadOnly.exact_stale + ness][google.spanner.v1.TransactionOptions.ReadOnly.exact_staleness]. + Bounded Staleness Bounded staleness modes allow + Cloud Spanner to pick the read timestamp, subject to a user-provided + staleness bound. Cloud Spanner chooses the newest timestamp within the + staleness bound that allows execution of the reads at the closest + available replica without blocking. All rows yielded are consistent + with each other – if any part of the read observes a transaction, all + parts of the read see the transaction. Boundedly stale reads are not + repeatable: two stale reads, even if they use the same staleness + bound, can execute at different timestamps and thus return + inconsistent results. Boundedly stale reads execute in two phases: + the first phase negotiates a timestamp among all replicas needed to + serve the read. In the second phase, reads are executed at the + negotiated timestamp. As a result of the two phase execution, bounded + staleness reads are usually a little slower than comparable exact + staleness reads. However, they are typically able to return fresher + results, and are more likely to execute at the closest replica. Because the timestamp negotiation requires up-front knowledge of which rows will be read, it can only be used with single-use read-only - transactions. - - See - [TransactionOptions.ReadOnly.max\_staleness][google.spanner.v1.TransactionOptions.ReadOnly.max\_staleness] - and - [TransactionOptions.ReadOnly.min\_read\_timestamp][google.spanner.v1.TransactionOptions.ReadOnly.min\_read\_timestamp]. - - Old Read Timestamps and Garbage Collection - - - Cloud Spanner continuously garbage collects deleted and overwritten data - in the background to reclaim storage space. This process is known as - "version GC". By default, version GC reclaims versions after they are - one hour old. Because of this, Cloud Spanner cannot perform reads at - read timestamps more than one hour in the past. This restriction also + transactions. See [TransactionOptions.ReadOnly.max_staleness][google. + spanner.v1.TransactionOptions.ReadOnly.max_staleness] and [Transaction + Options.ReadOnly.min_read_timestamp][google.spanner.v1.TransactionOpti + ons.ReadOnly.min_read_timestamp]. Old Read Timestamps and Garbage + Collection Cloud Spanner + continuously garbage collects deleted and overwritten data in the + background to reclaim storage space. This process is known as “version + GC”. By default, version GC reclaims versions after they are one hour + old. Because of this, Cloud Spanner cannot perform reads at read + timestamps more than one hour in the past. This restriction also applies to in-progress reads and/or SQL queries whose timestamp become too old while executing. Reads and SQL queries with too-old read - timestamps fail with the error ``FAILED_PRECONDITION``. - - Partitioned DML Transactions - - - Partitioned DML transactions are used to execute DML statements with a - different execution strategy that provides different, and often better, + timestamps fail with the error ``FAILED_PRECONDITION``. Partitioned + DML Transactions Partitioned DML + transactions are used to execute DML statements with a different + execution strategy that provides different, and often better, scalability properties for large, table-wide operations than DML in a ReadWrite transaction. Smaller scoped statements, such as an OLTP - workload, should prefer using ReadWrite transactions. - - Partitioned DML partitions the keyspace and runs the DML statement on - each partition in separate, internal transactions. These transactions - commit automatically when complete, and run independently from one - another. - + workload, should prefer using ReadWrite transactions. Partitioned DML + partitions the keyspace and runs the DML statement on each partition + in separate, internal transactions. These transactions commit + automatically when complete, and run independently from one another. To reduce lock contention, this execution strategy only acquires read locks on rows that match the WHERE clause of the statement. - Additionally, the smaller per-partition transactions hold locks for less - time. - - That said, Partitioned DML is not a drop-in replacement for standard DML - used in ReadWrite transactions. - - - The DML statement must be fully-partitionable. Specifically, the - statement must be expressible as the union of many statements which - each access only a single row of the table. - - - The statement is not applied atomically to all rows of the table. - Rather, the statement is applied atomically to partitions of the - table, in independent transactions. Secondary index rows are updated - atomically with the base table rows. - - - Partitioned DML does not guarantee exactly-once execution semantics - against a partition. The statement will be applied at least once to - each partition. It is strongly recommended that the DML statement - should be idempotent to avoid unexpected results. For instance, it is - potentially dangerous to run a statement such as - ``UPDATE table SET column = column + 1`` as it could be run multiple - times against some rows. - - - The partitions are committed automatically - there is no support for - Commit or Rollback. If the call returns an error, or if the client - issuing the ExecuteSql call dies, it is possible that some rows had - the statement executed on them successfully. It is also possible that - statement was never executed against other rows. - - - Partitioned DML transactions may only contain the execution of a - single DML statement via ExecuteSql or ExecuteStreamingSql. - - - If any error is encountered during the execution of the partitioned - DML operation (for instance, a UNIQUE INDEX violation, division by - zero, or a value that cannot be stored due to schema constraints), - then the operation is stopped at that point and an error is returned. - It is possible that at this point, some partitions have been - committed (or even committed multiple times), and other partitions - have not been run at all. - - Given the above, Partitioned DML is good fit for large, database-wide, + Additionally, the smaller per-partition transactions hold locks for + less time. That said, Partitioned DML is not a drop-in replacement + for standard DML used in ReadWrite transactions. - The DML statement + must be fully-partitionable. Specifically, the statement must be + expressible as the union of many statements which each access only + a single row of the table. - The statement is not applied atomically + to all rows of the table. Rather, the statement is applied + atomically to partitions of the table, in independent transactions. + Secondary index rows are updated atomically with the base table + rows. - Partitioned DML does not guarantee exactly-once execution + semantics against a partition. The statement will be applied at + least once to each partition. It is strongly recommended that the + DML statement should be idempotent to avoid unexpected results. For + instance, it is potentially dangerous to run a statement such as + ``UPDATE table SET column = column + 1`` as it could be run multiple + times against some rows. - The partitions are committed + automatically - there is no support for Commit or Rollback. If the + call returns an error, or if the client issuing the ExecuteSql call + dies, it is possible that some rows had the statement executed on + them successfully. It is also possible that statement was never + executed against other rows. - Partitioned DML transactions may only + contain the execution of a single DML statement via ExecuteSql or + ExecuteStreamingSql. - If any error is encountered during the + execution of the partitioned DML operation (for instance, a UNIQUE + INDEX violation, division by zero, or a value that cannot be stored + due to schema constraints), then the operation is stopped at that + point and an error is returned. It is possible that at this point, + some partitions have been committed (or even committed multiple + times), and other partitions have not been run at all. Given the + above, Partitioned DML is good fit for large, database-wide, operations that are idempotent, such as deleting old rows from a very large table. @@ -977,10 +883,10 @@ read_timestamp: For snapshot read-only transactions, the read timestamp chosen for the transaction. Not returned by default: see [Transaction - Options.ReadOnly.return\_read\_timestamp][google.spanner.v1.Tr - ansactionOptions.ReadOnly.return\_read\_timestamp]. A - timestamp in RFC3339 UTC "Zulu" format, accurate to - nanoseconds. Example: ``"2014-10-02T15:01:23.045123456Z"``. + Options.ReadOnly.return_read_timestamp][google.spanner.v1.Tran + sactionOptions.ReadOnly.return_read_timestamp]. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: ``"2014-10-02T15:01:23.045123456Z"``. """, # @@protoc_insertion_point(class_scope:google.spanner.v1.Transaction) }, @@ -995,9 +901,8 @@ "__module__": "google.cloud.spanner_v1.proto.transaction_pb2", "__doc__": """This message is used to select the transaction in which a [Read][google.spanner.v1.Spanner.Read] or - [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] call runs. - - See [TransactionOptions][google.spanner.v1.TransactionOptions] for more + [ExecuteSql][google.spanner.v1.Spanner.ExecuteSql] call runs. See + [TransactionOptions][google.spanner.v1.TransactionOptions] for more information about transactions. Attributes: diff --git a/google/cloud/spanner_v1/proto/type_pb2.py b/google/cloud/spanner_v1/proto/type_pb2.py index 8e763fd2477..45e8e00f96b 100644 --- a/google/cloud/spanner_v1/proto/type_pb2.py +++ b/google/cloud/spanner_v1/proto/type_pb2.py @@ -1,7 +1,7 @@ # -*- coding: utf-8 -*- # Generated by the protocol buffer compiler. DO NOT EDIT! # source: google/cloud/spanner_v1/proto/type.proto - +"""Generated protocol buffer code.""" from google.protobuf.internal import enum_type_wrapper from google.protobuf import descriptor as _descriptor from google.protobuf import message as _message diff --git a/samples/samples/README.rst b/samples/samples/README.rst index 143402fde57..b0573c249b1 100644 --- a/samples/samples/README.rst +++ b/samples/samples/README.rst @@ -1,3 +1,4 @@ + .. This file is automatically generated. Do not edit this file directly. Google Cloud Spanner Python Samples @@ -14,10 +15,12 @@ This directory contains samples for Google Cloud Spanner. `Google Cloud Spanner` .. _Google Cloud Spanner: https://cloud.google.com/spanner/docs + Setup ------------------------------------------------------------------------------- + Authentication ++++++++++++++ @@ -28,6 +31,9 @@ credentials for applications. .. _Authentication Getting Started Guide: https://cloud.google.com/docs/authentication/getting-started + + + Install Dependencies ++++++++++++++++++++ @@ -42,7 +48,7 @@ Install Dependencies .. _Python Development Environment Setup Guide: https://cloud.google.com/python/setup -#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. +#. Create a virtualenv. Samples are compatible with Python 3.6+. .. code-block:: bash @@ -58,9 +64,15 @@ Install Dependencies .. _pip: https://pip.pypa.io/ .. _virtualenv: https://virtualenv.pypa.io/ + + + + + Samples ------------------------------------------------------------------------------- + Snippets +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -76,32 +88,10 @@ To run this sample: $ python snippets.py + usage: snippets.py [-h] [--database-id DATABASE_ID] instance_id - {create_database,insert_data,query_data,read_data, - read_stale_data,add_column,update_data, - query_data_with_new_column,read_write_transaction, - read_only_transaction,add_index,query_data_with_index, - read_data_with_index,add_storing_index, - read_data_with_storing_index, - create_table_with_timestamp,insert_data_with_timestamp, - add_timestamp_column,update_data_with_timestamp, - query_data_with_timestamp,write_struct_data, - query_with_struct,query_with_array_of_struct, - query_struct_field,query_nested_struct_field, - insert_data_with_dml,update_data_with_dml, - delete_data_with_dml,update_data_with_dml_timestamp, - dml_write_read_transaction,update_data_with_dml_struct, - insert_with_dml,query_data_with_parameter, - write_with_dml_transaction, - update_data_with_partitioned_dml, - delete_data_with_partitioned_dml,update_with_batch_dml, - create_table_with_datatypes,insert_datatypes_data, - query_data_with_array,query_data_with_bool, - query_data_with_bytes,query_data_with_date, - query_data_with_float,query_data_with_int, - query_data_with_string, - query_data_with_timestamp_parameter} + {create_instance,create_database,insert_data,delete_data,query_data,read_data,read_stale_data,add_column,update_data,query_data_with_new_column,read_write_transaction,read_only_transaction,add_index,query_data_with_index,read_data_with_index,add_storing_index,read_data_with_storing_index,create_table_with_timestamp,insert_data_with_timestamp,add_timestamp_column,update_data_with_timestamp,query_data_with_timestamp,write_struct_data,query_with_struct,query_with_array_of_struct,query_struct_field,query_nested_struct_field,insert_data_with_dml,update_data_with_dml,delete_data_with_dml,update_data_with_dml_timestamp,dml_write_read_transaction,update_data_with_dml_struct,insert_with_dml,query_data_with_parameter,write_with_dml_transaction,update_data_with_partitioned_dml,delete_data_with_partitioned_dml,update_with_batch_dml,create_table_with_datatypes,insert_datatypes_data,query_data_with_array,query_data_with_bool,query_data_with_bytes,query_data_with_date,query_data_with_float,query_data_with_int,query_data_with_string,query_data_with_timestamp_parameter,query_data_with_query_options,create_client_with_query_options} ... This application demonstrates how to do basic operations using Cloud @@ -111,32 +101,15 @@ To run this sample: positional arguments: instance_id Your Cloud Spanner instance ID. - {create_database, insert_data, delete_data, query_data, read_data, - read_stale_data, add_column, update_data, query_data_with_new_column, - read_write_transaction, read_only_transaction, add_index, - query_data_with_index, read_data_with_index, add_storing_index, - read_data_with_storing_index, create_table_with_timestamp, - insert_data_with_timestamp, add_timestamp_column, - update_data_with_timestamp, query_data_with_timestamp, - write_struct_data, query_with_struct, query_with_array_of_struct, - query_struct_field, query_nested_struct_field, insert_data_with_dml, - update_data_with_dml, delete_data_with_dml, - update_data_with_dml_timestamp, dml_write_read_transaction, - update_data_with_dml_struct, insert_with_dml, query_data_with_parameter, - write_with_dml_transaction, update_data_with_partitioned_dml, - delete_data_with_partitioned_dml, update_with_batch_dml, - create_table_with_datatypes, insert_datatypes_data, - query_data_with_array, query_data_with_bool, query_data_with_bytes, - query_data_with_date, query_data_with_float, query_data_with_int, - query_data_with_string, query_data_with_timestamp_parameter} + {create_instance,create_database,insert_data,delete_data,query_data,read_data,read_stale_data,add_column,update_data,query_data_with_new_column,read_write_transaction,read_only_transaction,add_index,query_data_with_index,read_data_with_index,add_storing_index,read_data_with_storing_index,create_table_with_timestamp,insert_data_with_timestamp,add_timestamp_column,update_data_with_timestamp,query_data_with_timestamp,write_struct_data,query_with_struct,query_with_array_of_struct,query_struct_field,query_nested_struct_field,insert_data_with_dml,update_data_with_dml,delete_data_with_dml,update_data_with_dml_timestamp,dml_write_read_transaction,update_data_with_dml_struct,insert_with_dml,query_data_with_parameter,write_with_dml_transaction,update_data_with_partitioned_dml,delete_data_with_partitioned_dml,update_with_batch_dml,create_table_with_datatypes,insert_datatypes_data,query_data_with_array,query_data_with_bool,query_data_with_bytes,query_data_with_date,query_data_with_float,query_data_with_int,query_data_with_string,query_data_with_timestamp_parameter,query_data_with_query_options,create_client_with_query_options} + create_instance Creates an instance. create_database Creates a database and tables for sample data. insert_data Inserts sample data into the given database. The database and table must already exist and can be created using `create_database`. delete_data Deletes sample data from the given database. The - database, table, and data must already exist and - can be created using `create_database` and - `insert_data`. + database, table, and data must already exist and can + be created using `create_database` and `insert_data`. query_data Queries sample data from the database using SQL. read_data Reads sample data from the database. read_stale_data Reads sample data from the database. The data is @@ -237,59 +210,53 @@ To run this sample: Deletes sample data from the database using a DML statement. update_data_with_dml_timestamp - Updates data with Timestamp from the database using - a DML statement. + Updates data with Timestamp from the database using a + DML statement. dml_write_read_transaction First inserts data then reads it from within a transaction using DML. update_data_with_dml_struct Updates data with a DML statement and STRUCT parameters. - insert_with_dml Inserts data with a DML statement into the - database. + insert_with_dml Inserts data with a DML statement into the database. query_data_with_parameter - Queries sample data from the database using SQL - with a parameter. + Queries sample data from the database using SQL with a + parameter. write_with_dml_transaction - Transfers part of a marketing budget from one - album to another. + Transfers part of a marketing budget from one album to + another. update_data_with_partitioned_dml - Update sample data with a partitioned DML - statement. + Update sample data with a partitioned DML statement. delete_data_with_partitioned_dml - Delete sample data with a partitioned DML - statement. + Delete sample data with a partitioned DML statement. update_with_batch_dml - Updates sample data in the database using Batch - DML. + Updates sample data in the database using Batch DML. create_table_with_datatypes Creates a table with supported dataypes. insert_datatypes_data Inserts data with supported datatypes into a table. query_data_with_array - Queries sample data using SQL with an ARRAY - parameter. + Queries sample data using SQL with an ARRAY parameter. query_data_with_bool - Queries sample data using SQL with a BOOL - parameter. + Queries sample data using SQL with a BOOL parameter. query_data_with_bytes - Queries sample data using SQL with a BYTES - parameter. + Queries sample data using SQL with a BYTES parameter. query_data_with_date - Queries sample data using SQL with a DATE - parameter. + Queries sample data using SQL with a DATE parameter. query_data_with_float Queries sample data using SQL with a FLOAT64 parameter. query_data_with_int - Queries sample data using SQL with a INT64 - parameter. + Queries sample data using SQL with a INT64 parameter. query_data_with_string - Queries sample data using SQL with a STRING - parameter. + Queries sample data using SQL with a STRING parameter. query_data_with_timestamp_parameter Queries sample data using SQL with a TIMESTAMP parameter. + query_data_with_query_options + Queries sample data using SQL with query options. + create_client_with_query_options + Create a client with query options. optional arguments: -h, --help show this help message and exit @@ -300,6 +267,10 @@ To run this sample: + + + + The client library ------------------------------------------------------------------------------- @@ -315,4 +286,5 @@ to `browse the source`_ and `report issues`_. https://github.com/GoogleCloudPlatform/google-cloud-python/issues -.. _Google Cloud SDK: https://cloud.google.com/sdk/ \ No newline at end of file + +.. _Google Cloud SDK: https://cloud.google.com/sdk/ diff --git a/samples/samples/noxfile.py b/samples/samples/noxfile.py index 5660f08be44..ab2c49227c3 100644 --- a/samples/samples/noxfile.py +++ b/samples/samples/noxfile.py @@ -38,6 +38,9 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. "ignored_versions": ["2.7"], + # Old samples are opted out of enforcing Python type hints + # All new samples should feature them + "enforce_type_hints": False, # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string @@ -130,7 +133,10 @@ def _determine_local_import_names(start_dir): @nox.session def lint(session): - session.install("flake8", "flake8-import-order") + if not TEST_CONFIG["enforce_type_hints"]: + session.install("flake8", "flake8-import-order") + else: + session.install("flake8", "flake8-import-order", "flake8-annotations") local_names = _determine_local_import_names(".") args = FLAKE8_COMMON_ARGS + [ @@ -141,6 +147,19 @@ def lint(session): session.run("flake8", *args) +# +# Black +# + + +@nox.session +def blacken(session): + session.install("black") + python_files = [path for path in os.listdir(".") if path.endswith(".py")] + + session.run("black", *python_files) + + # # Sample Tests # @@ -199,6 +218,11 @@ def _get_repo_root(): break if Path(p / ".git").exists(): return str(p) + # .git is not available in repos cloned via Cloud Build + # setup.py is always in the library's root, so use that instead + # https://github.com/googleapis/synthtool/issues/792 + if Path(p / "setup.py").exists(): + return str(p) p = p.parent raise Exception("Unable to detect repository root.") diff --git a/scripts/decrypt-secrets.sh b/scripts/decrypt-secrets.sh index ff599eb2af2..21f6d2a26d9 100755 --- a/scripts/decrypt-secrets.sh +++ b/scripts/decrypt-secrets.sh @@ -20,14 +20,27 @@ ROOT=$( dirname "$DIR" ) # Work from the project root. cd $ROOT +# Prevent it from overriding files. +# We recommend that sample authors use their own service account files and cloud project. +# In that case, they are supposed to prepare these files by themselves. +if [[ -f "testing/test-env.sh" ]] || \ + [[ -f "testing/service-account.json" ]] || \ + [[ -f "testing/client-secrets.json" ]]; then + echo "One or more target files exist, aborting." + exit 1 +fi + # Use SECRET_MANAGER_PROJECT if set, fallback to cloud-devrel-kokoro-resources. PROJECT_ID="${SECRET_MANAGER_PROJECT:-cloud-devrel-kokoro-resources}" gcloud secrets versions access latest --secret="python-docs-samples-test-env" \ + --project="${PROJECT_ID}" \ > testing/test-env.sh gcloud secrets versions access latest \ --secret="python-docs-samples-service-account" \ + --project="${PROJECT_ID}" \ > testing/service-account.json gcloud secrets versions access latest \ --secret="python-docs-samples-client-secrets" \ - > testing/client-secrets.json \ No newline at end of file + --project="${PROJECT_ID}" \ + > testing/client-secrets.json diff --git a/synth.metadata b/synth.metadata index 14a9cac219b..f31526d33de 100644 --- a/synth.metadata +++ b/synth.metadata @@ -3,30 +3,22 @@ { "git": { "name": ".", - "remote": "https://github.com/googleapis/python-spanner.git", - "sha": "891077105d5093a73caf96683d10afef2cd17823" - } - }, - { - "git": { - "name": "googleapis", - "remote": "https://github.com/googleapis/googleapis.git", - "sha": "6fd07563a2f1a6785066f5955ad9659a315e4492", - "internalRef": "324941614" + "remote": "git@github.com:larkee/python-spanner.git", + "sha": "fcd2f0ac86c9fea4855b5fb536fca0a0dab0964e" } }, { "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "4f8f5dc24af79694887385015294e4dbb214c352" + "sha": "943bb78606d035001123030067dffcc34f4645f2" } }, { "git": { "name": "synthtool", "remote": "https://github.com/googleapis/synthtool.git", - "sha": "4f8f5dc24af79694887385015294e4dbb214c352" + "sha": "943bb78606d035001123030067dffcc34f4645f2" } } ],