diff --git a/kms/LICENSE b/kms/LICENSE new file mode 100644 index 000000000000..a8ee855de2aa --- /dev/null +++ b/kms/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/kms/MANIFEST.in b/kms/MANIFEST.in new file mode 100644 index 000000000000..9cbf175afe6b --- /dev/null +++ b/kms/MANIFEST.in @@ -0,0 +1,5 @@ +include README.rst LICENSE +recursive-include google *.json *.proto +recursive-include tests * +global-exclude *.py[co] +global-exclude __pycache__ diff --git a/kms/README.rst b/kms/README.rst new file mode 100644 index 000000000000..2f6573c61af6 --- /dev/null +++ b/kms/README.rst @@ -0,0 +1,76 @@ +Python Client for Google Cloud Key Management Service (KMS) API (`Alpha`_) +========================================================================== + +`Google Cloud Key Management Service (KMS) API`_: Manages encryption for your cloud services the same way you do on-premises. +You can generate, use, rotate, and destroy AES256 encryption keys. + +- `Client Library Documentation`_ +- `Product Documentation`_ + +.. _Alpha: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst +.. _Google Cloud Key Management Service (KMS) API: https://cloud.google.com/kms +.. _Client Library Documentation: https://googlecloudplatform.github.io/google-cloud-python/stable/kms/usage.html +.. _Product Documentation: https://cloud.google.com/kms + +Quick Start +----------- + +In order to use this library, you first need to go through the following steps: + +1. `Select or create a Cloud Platform project.`_ +2. `Enable billing for your project.`_ +3. `Enable the Google Cloud Key Management Service (KMS) API.`_ +4. `Setup Authentication.`_ + +.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project +.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project +.. _Enable the Google Cloud Key Management Service (KMS) API.: https://cloud.google.com/kms +.. _Setup Authentication.: https://googlecloudplatform.github.io/google-cloud-python/stable/core/auth.html + +Installation +~~~~~~~~~~~~ + +Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to +create isolated Python environments. The basic problem it addresses is one of +dependencies and versions, and indirectly permissions. + +With `virtualenv`_, it's possible to install this library without needing system +install permissions, and without clashing with the installed system +dependencies. + +.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ + + +Mac/Linux +^^^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + source /bin/activate + /bin/pip install google-cloud-kms + + +Windows +^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + \Scripts\activate + \Scripts\pip.exe install google-cloud-kms + +Next Steps +~~~~~~~~~~ + +- Read the `Client Library Documentation`_ for Google Cloud Key Management Service (KMS) API + API to see other available methods on the client. +- Read the `Google Cloud Key Management Service (KMS) API Product documentation`_ to learn + more about the product and see How-to Guides. +- View this `repository’s main README`_ to see the full list of Cloud + APIs that we cover. + +.. _Google Cloud Key Management Service (KMS) API Product documentation: https://cloud.google.com/kms +.. _repository’s main README: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst \ No newline at end of file diff --git a/kms/docs/conf.py b/kms/docs/conf.py new file mode 100644 index 000000000000..d9d87483838c --- /dev/null +++ b/kms/docs/conf.py @@ -0,0 +1,310 @@ +# -*- coding: utf-8 -*- +# +# google-cloud-kms documentation build configuration file +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys +import os +import shlex + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.insert(0, os.path.abspath('..')) + +__version__ = '0.1.0' + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.autodoc', + 'sphinx.ext.autosummary', + 'sphinx.ext.intersphinx', + 'sphinx.ext.coverage', + 'sphinx.ext.napoleon', + 'sphinx.ext.viewcode', +] + +# autodoc/autosummary flags +autoclass_content = 'both' +autodoc_default_flags = ['members'] +autosummary_generate = True + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'google-cloud-kms' +copyright = u'2017, Google' +author = u'Google APIs' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The full version, including alpha/beta/rc tags. +release = __version__ +# The short X.Y version. +version = '.'.join(release.split('.')[0:2]) + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + +# If true, `todo` and `todoList` produce output, else they produce nothing. +todo_include_todos = True + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'sphinx_rtd_theme' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +# html_static_path = [] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Language to be used for generating the HTML full-text search index. +# Sphinx supports the following languages: +# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja' +# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr' +#html_search_language = 'en' + +# A dictionary with options for the search language support, empty by default. +# Now only 'ja' uses this config value +#html_search_options = {'type': 'default'} + +# The name of a javascript file (relative to the configuration directory) that +# implements a search results scorer. If empty, the default will be used. +#html_search_scorer = 'scorer.js' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'google-cloud-kms-doc' + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + #'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + #'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + #'preamble': '', + + # Latex figure (float) alignment + #'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'google-cloud-kms.tex', u'google-cloud-kms Documentation', + author, 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [(master_doc, 'google-cloud-kms', + u'google-cloud-kms Documentation', [author], 1)] + +# If true, show URL addresses after external links. +#man_show_urls = False + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'google-cloud-kms', u'google-cloud-kms Documentation', author, + 'google-cloud-kms', + 'GAPIC library for the {metadata.shortName} v1 service', 'APIs'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + +# Example configuration for intersphinx: refer to the Python standard library. +intersphinx_mapping = { + 'python': ('http://python.readthedocs.org/en/latest/', None), + 'gax': ('https://gax-python.readthedocs.org/en/latest/', None), +} + +# Napoleon settings +napoleon_google_docstring = True +napoleon_numpy_docstring = True +napoleon_include_private_with_doc = False +napoleon_include_special_with_doc = True +napoleon_use_admonition_for_examples = False +napoleon_use_admonition_for_notes = False +napoleon_use_admonition_for_references = False +napoleon_use_ivar = False +napoleon_use_param = True +napoleon_use_rtype = True diff --git a/kms/docs/gapic/v1/api.rst b/kms/docs/gapic/v1/api.rst new file mode 100644 index 000000000000..3eb368b4e33f --- /dev/null +++ b/kms/docs/gapic/v1/api.rst @@ -0,0 +1,6 @@ +Client for Google Cloud Key Management Service (KMS) API +======================================================== + +.. automodule:: google.cloud.kms_v1 + :members: + :inherited-members: \ No newline at end of file diff --git a/kms/docs/gapic/v1/types.rst b/kms/docs/gapic/v1/types.rst new file mode 100644 index 000000000000..44db7e4e6a62 --- /dev/null +++ b/kms/docs/gapic/v1/types.rst @@ -0,0 +1,5 @@ +Types for Google Cloud Key Management Service (KMS) API Client +============================================================== + +.. automodule:: google.cloud.kms_v1.types + :members: \ No newline at end of file diff --git a/kms/docs/index.rst b/kms/docs/index.rst new file mode 100644 index 000000000000..a4a9daf3299c --- /dev/null +++ b/kms/docs/index.rst @@ -0,0 +1,84 @@ +Python Client for Google Cloud Key Management Service (KMS) API (`Alpha`_) +========================================================================== + +`Google Cloud Key Management Service (KMS) API`_: Manages encryption for your cloud services the same way you do on-premises. +You can generate, use, rotate, and destroy AES256 encryption keys. + +- `Client Library Documentation`_ +- `Product Documentation`_ + +.. _Alpha: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst +.. _Google Cloud Key Management Service (KMS) API: https://cloud.google.com/kms +.. _Client Library Documentation: https://googlecloudplatform.github.io/google-cloud-python/stable/kms/usage.html +.. _Product Documentation: https://cloud.google.com/kms + +Quick Start +----------- + +In order to use this library, you first need to go through the following steps: + +1. `Select or create a Cloud Platform project.`_ +2. `Enable billing for your project.`_ +3. `Enable the Google Cloud Key Management Service (KMS) API.`_ +4. `Setup Authentication.`_ + +.. _Select or create a Cloud Platform project.: https://console.cloud.google.com/project +.. _Enable billing for your project.: https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project +.. _Enable the Google Cloud Key Management Service (KMS) API.: https://cloud.google.com/kms +.. _Setup Authentication.: https://googlecloudplatform.github.io/google-cloud-python/stable/core/auth.html + +Installation +~~~~~~~~~~~~ + +Install this library in a `virtualenv`_ using pip. `virtualenv`_ is a tool to +create isolated Python environments. The basic problem it addresses is one of +dependencies and versions, and indirectly permissions. + +With `virtualenv`_, it's possible to install this library without needing system +install permissions, and without clashing with the installed system +dependencies. + +.. _`virtualenv`: https://virtualenv.pypa.io/en/latest/ + + +Mac/Linux +^^^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + source /bin/activate + /bin/pip install google-cloud-kms + + +Windows +^^^^^^^ + +.. code-block:: console + + pip install virtualenv + virtualenv + \Scripts\activate + \Scripts\pip.exe install google-cloud-kms + +Next Steps +~~~~~~~~~~ + +- Read the `Client Library Documentation`_ for Google Cloud Key Management Service (KMS) API + API to see other available methods on the client. +- Read the `Google Cloud Key Management Service (KMS) API Product documentation`_ to learn + more about the product and see How-to Guides. +- View this `repository’s main README`_ to see the full list of Cloud + APIs that we cover. + +.. _Google Cloud Key Management Service (KMS) API Product documentation: https://cloud.google.com/kms +.. _repository’s main README: https://github.com/GoogleCloudPlatform/google-cloud-python/blob/master/README.rst + +Api Reference +------------- +.. toctree:: + :maxdepth: 2 + + gapic/v1/api + gapic/v1/types \ No newline at end of file diff --git a/kms/google/__init__.py b/kms/google/__init__.py new file mode 100644 index 000000000000..855a707300e1 --- /dev/null +++ b/kms/google/__init__.py @@ -0,0 +1,20 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import pkg_resources + pkg_resources.declare_namespace(__name__) +except ImportError: + import pkgutil + __path__ = pkgutil.extend_path(__path__, __name__) \ No newline at end of file diff --git a/kms/google/cloud/__init__.py b/kms/google/cloud/__init__.py new file mode 100644 index 000000000000..855a707300e1 --- /dev/null +++ b/kms/google/cloud/__init__.py @@ -0,0 +1,20 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import pkg_resources + pkg_resources.declare_namespace(__name__) +except ImportError: + import pkgutil + __path__ = pkgutil.extend_path(__path__, __name__) \ No newline at end of file diff --git a/kms/google/cloud/kms.py b/kms/google/cloud/kms.py new file mode 100644 index 000000000000..5a651e4f0fd5 --- /dev/null +++ b/kms/google/cloud/kms.py @@ -0,0 +1,25 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import + +from google.cloud.kms_v1 import KeyManagementServiceClient +from google.cloud.kms_v1 import enums +from google.cloud.kms_v1 import types + +__all__ = ( + 'enums', + 'types', + 'KeyManagementServiceClient', +) diff --git a/kms/google/cloud/kms_v1/__init__.py b/kms/google/cloud/kms_v1/__init__.py new file mode 100644 index 000000000000..a4f1e900d9e3 --- /dev/null +++ b/kms/google/cloud/kms_v1/__init__.py @@ -0,0 +1,32 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import + +from google.cloud.kms_v1 import types +from google.cloud.kms_v1.gapic import enums +from google.cloud.kms_v1.gapic import key_management_service_client + + +class KeyManagementServiceClient( + key_management_service_client.KeyManagementServiceClient): + __doc__ = key_management_service_client.KeyManagementServiceClient.__doc__ + enums = enums + + +__all__ = ( + 'enums', + 'types', + 'KeyManagementServiceClient', +) diff --git a/kms/google/cloud/kms_v1/gapic/__init__.py b/kms/google/cloud/kms_v1/gapic/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/kms/google/cloud/kms_v1/gapic/enums.py b/kms/google/cloud/kms_v1/gapic/enums.py new file mode 100644 index 000000000000..f7ad394b55b7 --- /dev/null +++ b/kms/google/cloud/kms_v1/gapic/enums.py @@ -0,0 +1,58 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Wrappers for protocol buffer enum types.""" + +import enum + + +class CryptoKey(object): + class CryptoKeyPurpose(enum.IntEnum): + """ + ``CryptoKeyPurpose`` describes the capabilities of a ``CryptoKey``. Two + keys with the same purpose may use different underlying algorithms, but + must support the same set of operations. + + Attributes: + CRYPTO_KEY_PURPOSE_UNSPECIFIED (int): Not specified. + ENCRYPT_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with + ``Encrypt`` and + ``Decrypt``. + """ + CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0 + ENCRYPT_DECRYPT = 1 + + +class CryptoKeyVersion(object): + class CryptoKeyVersionState(enum.IntEnum): + """ + The state of a ``CryptoKeyVersion``, indicating if it can be used. + + Attributes: + CRYPTO_KEY_VERSION_STATE_UNSPECIFIED (int): Not specified. + ENABLED (int): This version may be used in ``Encrypt`` and + ``Decrypt`` requests. + DISABLED (int): This version may not be used, but the key material is still available, + and the version can be placed back into the ``ENABLED`` state. + DESTROYED (int): This version is destroyed, and the key material is no longer stored. + A version may not leave this state once entered. + DESTROY_SCHEDULED (int): This version is scheduled for destruction, and will be destroyed soon. + Call + ``RestoreCryptoKeyVersion`` + to put it back into the ``DISABLED`` state. + """ + CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0 + ENABLED = 1 + DISABLED = 2 + DESTROYED = 3 + DESTROY_SCHEDULED = 4 diff --git a/kms/google/cloud/kms_v1/gapic/key_management_service_client.py b/kms/google/cloud/kms_v1/gapic/key_management_service_client.py new file mode 100644 index 000000000000..7f051c56e549 --- /dev/null +++ b/kms/google/cloud/kms_v1/gapic/key_management_service_client.py @@ -0,0 +1,1762 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Accesses the google.cloud.kms.v1 KeyManagementService API.""" + +import functools +import pkg_resources +import warnings + +from google.oauth2 import service_account +import google.api_core.gapic_v1.client_info +import google.api_core.gapic_v1.config +import google.api_core.gapic_v1.method +import google.api_core.gapic_v1.routing_header +import google.api_core.grpc_helpers +import google.api_core.page_iterator +import google.api_core.path_template +import grpc + +from google.cloud.kms_v1.gapic import enums +from google.cloud.kms_v1.gapic import key_management_service_client_config +from google.cloud.kms_v1.gapic.transports import key_management_service_grpc_transport +from google.cloud.kms_v1.proto import resources_pb2 +from google.cloud.kms_v1.proto import service_pb2 +from google.cloud.kms_v1.proto import service_pb2_grpc +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.protobuf import field_mask_pb2 + +_GAPIC_LIBRARY_VERSION = pkg_resources.get_distribution( + 'google-cloud-kms', ).version + + +class KeyManagementServiceClient(object): + """ + Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. Implements a REST + model with the following objects: + + * ``KeyRing`` + * ``CryptoKey`` + * ``CryptoKeyVersion`` + """ + + SERVICE_ADDRESS = 'cloudkms.googleapis.com:443' + """The default address of the service.""" + + # The name of the interface for this client. This is the key used to + # find the method configuration in the client_config dictionary. + _INTERFACE_NAME = 'google.cloud.kms.v1.KeyManagementService' + + @classmethod + def from_service_account_file(cls, filename, *args, **kwargs): + """Creates an instance of this client using the provided credentials + file. + + Args: + filename (str): The path to the service account private key json + file. + args: Additional arguments to pass to the constructor. + kwargs: Additional arguments to pass to the constructor. + + Returns: + KeyManagementServiceClient: The constructed client. + """ + credentials = service_account.Credentials.from_service_account_file( + filename) + kwargs['credentials'] = credentials + return cls(*args, **kwargs) + + from_service_account_json = from_service_account_file + + @classmethod + def key_ring_path(cls, project, location, key_ring): + """Return a fully-qualified key_ring string.""" + return google.api_core.path_template.expand( + 'projects/{project}/locations/{location}/keyRings/{key_ring}', + project=project, + location=location, + key_ring=key_ring, + ) + + @classmethod + def crypto_key_path_path(cls, project, location, key_ring, + crypto_key_path): + """Return a fully-qualified crypto_key_path string.""" + return google.api_core.path_template.expand( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}', + project=project, + location=location, + key_ring=key_ring, + crypto_key_path=crypto_key_path, + ) + + @classmethod + def location_path(cls, project, location): + """Return a fully-qualified location string.""" + return google.api_core.path_template.expand( + 'projects/{project}/locations/{location}', + project=project, + location=location, + ) + + @classmethod + def crypto_key_path(cls, project, location, key_ring, crypto_key): + """Return a fully-qualified crypto_key string.""" + return google.api_core.path_template.expand( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}', + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + ) + + @classmethod + def crypto_key_version_path(cls, project, location, key_ring, crypto_key, + crypto_key_version): + """Return a fully-qualified crypto_key_version string.""" + return google.api_core.path_template.expand( + 'projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}', + project=project, + location=location, + key_ring=key_ring, + crypto_key=crypto_key, + crypto_key_version=crypto_key_version, + ) + + def __init__(self, + transport=None, + channel=None, + credentials=None, + client_config=key_management_service_client_config.config, + client_info=None): + """Constructor. + + Args: + transport (Union[~.KeyManagementServiceGrpcTransport, + Callable[[~.Credentials, type], ~.KeyManagementServiceGrpcTransport]): A transport + instance, responsible for actually making the API calls. + The default transport uses the gRPC protocol. + This argument may also be a callable which returns a + transport instance. Callables will be sent the credentials + as the first argument and the default transport class as + the second argument. + channel (grpc.Channel): DEPRECATED. A ``Channel`` instance + through which to make calls. This argument is mutually exclusive + with ``credentials``; providing both will raise an exception. + credentials (google.auth.credentials.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If none + are specified, the client will attempt to ascertain the + credentials from the environment. + This argument is mutually exclusive with providing a + transport instance to ``transport``; doing so will raise + an exception. + client_config (dict): DEPRECATED. A dictionary of call options for + each method. If not specified, the default configuration is used. + client_info (google.api_core.gapic_v1.client_info.ClientInfo): + The client info used to send a user-agent string along with + API requests. If ``None``, then default info will be used. + Generally, you only need to set this if you're developing + your own client library. + """ + # Raise deprecation warnings for things we want to go away. + if client_config: + warnings.warn('The `client_config` argument is deprecated.', + PendingDeprecationWarning) + if channel: + warnings.warn( + 'The `channel` argument is deprecated; use ' + '`transport` instead.', PendingDeprecationWarning) + + # Instantiate the transport. + # The transport is responsible for handling serialization and + # deserialization and actually sending data to the service. + if transport: + if callable(transport): + self.transport = transport( + credentials=credentials, + default_class=key_management_service_grpc_transport. + KeyManagementServiceGrpcTransport, + ) + else: + if credentials: + raise ValueError( + 'Received both a transport instance and ' + 'credentials; these are mutually exclusive.') + self.transport = transport + else: + self.transport = key_management_service_grpc_transport.KeyManagementServiceGrpcTransport( + address=self.SERVICE_ADDRESS, + channel=channel, + credentials=credentials, + ) + + if client_info is None: + client_info = ( + google.api_core.gapic_v1.client_info.DEFAULT_CLIENT_INFO) + client_info.gapic_version = _GAPIC_LIBRARY_VERSION + self._client_info = client_info + + # Parse out the default settings for retry and timeout for each RPC + # from the client configuration. + # (Ordinarily, these are the defaults specified in the `*_config.py` + # file next to this one.) + self._method_configs = google.api_core.gapic_v1.config.parse_method_configs( + client_config['interfaces'][self._INTERFACE_NAME], ) + + # Save a dictionary of cached API call functions. + # These are the actual callables which invoke the proper + # transport methods, wrapped with `wrap_method` to add retry, + # timeout, and the like. + self._inner_api_calls = {} + + # Service calls + def list_key_rings(self, + parent, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists ``KeyRings``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.location_path('[PROJECT]', '[LOCATION]') + >>> + >>> # Iterate over all results + >>> for element in client.list_key_rings(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_key_rings(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Required. The resource name of the location associated with the + ``KeyRings``, in the format ``projects/*/locations/*``. + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.kms_v1.types.KeyRing` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_key_rings' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_key_rings'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_key_rings, + default_retry=self._method_configs['ListKeyRings'].retry, + default_timeout=self._method_configs['ListKeyRings'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.ListKeyRingsRequest( + parent=parent, + page_size=page_size, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_key_rings'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='key_rings', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def list_crypto_keys(self, + parent, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists ``CryptoKeys``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> + >>> # Iterate over all results + >>> for element in client.list_crypto_keys(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_crypto_keys(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Required. The resource name of the ``KeyRing`` to list, in the format + ``projects/*/locations/*/keyRings/*``. + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.kms_v1.types.CryptoKey` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_crypto_keys' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_crypto_keys'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_crypto_keys, + default_retry=self._method_configs['ListCryptoKeys'].retry, + default_timeout=self._method_configs['ListCryptoKeys'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.ListCryptoKeysRequest( + parent=parent, + page_size=page_size, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_crypto_keys'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='crypto_keys', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def list_crypto_key_versions( + self, + parent, + page_size=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Lists ``CryptoKeyVersions``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') + >>> + >>> # Iterate over all results + >>> for element in client.list_crypto_key_versions(parent): + ... # process element + ... pass + >>> + >>> + >>> # Alternatively: + >>> + >>> # Iterate over results one page at a time + >>> for page in client.list_crypto_key_versions(parent, options=CallOptions(page_token=INITIAL_PAGE)): + ... for element in page: + ... # process element + ... pass + + Args: + parent (str): Required. The resource name of the ``CryptoKey`` to list, in the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + page_size (int): The maximum number of resources contained in the + underlying API response. If page streaming is performed per- + resource, this parameter does not affect the return value. If page + streaming is performed per-page, this determines the maximum number + of resources in a page. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.gax.PageIterator` instance. By default, this + is an iterable of :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instances. + This object can also be configured to iterate over the pages + of the response through the `options` parameter. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'list_crypto_key_versions' not in self._inner_api_calls: + self._inner_api_calls[ + 'list_crypto_key_versions'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.list_crypto_key_versions, + default_retry=self._method_configs['ListCryptoKeyVersions'] + .retry, + default_timeout=self._method_configs[ + 'ListCryptoKeyVersions'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.ListCryptoKeyVersionsRequest( + parent=parent, + page_size=page_size, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + iterator = google.api_core.page_iterator.GRPCIterator( + client=None, + method=functools.partial( + self._inner_api_calls['list_crypto_key_versions'], + retry=retry, + timeout=timeout, + metadata=metadata), + request=request, + items_field='crypto_key_versions', + request_token_field='page_token', + response_token_field='next_page_token', + ) + return iterator + + def get_key_ring(self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Returns metadata for a given ``KeyRing``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> + >>> response = client.get_key_ring(name) + + Args: + name (str): The ``name`` of the ``KeyRing`` to get. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.KeyRing` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_key_ring' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_key_ring'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_key_ring, + default_retry=self._method_configs['GetKeyRing'].retry, + default_timeout=self._method_configs['GetKeyRing'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.GetKeyRingRequest(name=name, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['get_key_ring']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_crypto_key(self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Returns metadata for a given ``CryptoKey``, as well as its + ``primary`` ``CryptoKeyVersion``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') + >>> + >>> response = client.get_crypto_key(name) + + Args: + name (str): The ``name`` of the ``CryptoKey`` to get. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_crypto_key' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_crypto_key'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_crypto_key, + default_retry=self._method_configs['GetCryptoKey'].retry, + default_timeout=self._method_configs['GetCryptoKey'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.GetCryptoKeyRequest(name=name, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['get_crypto_key']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_crypto_key_version(self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Returns metadata for a given ``CryptoKeyVersion``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') + >>> + >>> response = client.get_crypto_key_version(name) + + Args: + name (str): The ``name`` of the ``CryptoKeyVersion`` to get. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_crypto_key_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_crypto_key_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_crypto_key_version, + default_retry=self._method_configs[ + 'GetCryptoKeyVersion'].retry, + default_timeout=self._method_configs['GetCryptoKeyVersion'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.GetCryptoKeyVersionRequest(name=name, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['get_crypto_key_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def create_key_ring(self, + parent, + key_ring_id, + key_ring, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Create a new ``KeyRing`` in a given Project and Location. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.location_path('[PROJECT]', '[LOCATION]') + >>> + >>> # TODO: Initialize ``key_ring_id``: + >>> key_ring_id = '' + >>> + >>> # TODO: Initialize ``key_ring``: + >>> key_ring = {} + >>> + >>> response = client.create_key_ring(parent, key_ring_id, key_ring) + + Args: + parent (str): Required. The resource name of the location associated with the + ``KeyRings``, in the format ``projects/*/locations/*``. + key_ring_id (str): Required. It must be unique within a location and match the regular + expression ``[a-zA-Z0-9_-]{1,63}`` + key_ring (Union[dict, ~google.cloud.kms_v1.types.KeyRing]): A ``KeyRing`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.KeyRing` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.KeyRing` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'create_key_ring' not in self._inner_api_calls: + self._inner_api_calls[ + 'create_key_ring'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.create_key_ring, + default_retry=self._method_configs['CreateKeyRing'].retry, + default_timeout=self._method_configs['CreateKeyRing'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.CreateKeyRingRequest( + parent=parent, + key_ring_id=key_ring_id, + key_ring=key_ring, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['create_key_ring']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def create_crypto_key(self, + parent, + crypto_key_id, + crypto_key, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Create a new ``CryptoKey`` within a ``KeyRing``. + + ``CryptoKey.purpose`` is required. + + Example: + >>> from google.cloud import kms_v1 + >>> from google.cloud.kms_v1 import enums + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> crypto_key_id = 'my-app-key' + >>> purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + >>> seconds = 2147483647 + >>> next_rotation_time = {'seconds': seconds} + >>> seconds_2 = 604800 + >>> rotation_period = {'seconds': seconds_2} + >>> crypto_key = {'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period} + >>> + >>> response = client.create_crypto_key(parent, crypto_key_id, crypto_key) + + Args: + parent (str): Required. The ``name`` of the KeyRing associated with the + ``CryptoKeys``. + crypto_key_id (str): Required. It must be unique within a KeyRing and match the regular + expression ``[a-zA-Z0-9_-]{1,63}`` + crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): A ``CryptoKey`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.CryptoKey` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'create_crypto_key' not in self._inner_api_calls: + self._inner_api_calls[ + 'create_crypto_key'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.create_crypto_key, + default_retry=self._method_configs[ + 'CreateCryptoKey'].retry, + default_timeout=self._method_configs['CreateCryptoKey'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.CreateCryptoKeyRequest( + parent=parent, + crypto_key_id=crypto_key_id, + crypto_key=crypto_key, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['create_crypto_key']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def create_crypto_key_version( + self, + parent, + crypto_key_version, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. + + The server will assign the next sequential id. If unset, + ``state`` will be set to + ``ENABLED``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') + >>> + >>> # TODO: Initialize ``crypto_key_version``: + >>> crypto_key_version = {} + >>> + >>> response = client.create_crypto_key_version(parent, crypto_key_version) + + Args: + parent (str): Required. The ``name`` of the ``CryptoKey`` associated with + the ``CryptoKeyVersions``. + crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): A ``CryptoKeyVersion`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'create_crypto_key_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'create_crypto_key_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.create_crypto_key_version, + default_retry=self._method_configs[ + 'CreateCryptoKeyVersion'].retry, + default_timeout=self._method_configs[ + 'CreateCryptoKeyVersion'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.CreateCryptoKeyVersionRequest( + parent=parent, + crypto_key_version=crypto_key_version, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('parent', parent)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['create_crypto_key_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_crypto_key(self, + crypto_key, + update_mask, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Update a ``CryptoKey``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> # TODO: Initialize ``crypto_key``: + >>> crypto_key = {} + >>> + >>> # TODO: Initialize ``update_mask``: + >>> update_mask = {} + >>> + >>> response = client.update_crypto_key(crypto_key, update_mask) + + Args: + crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): ``CryptoKey`` with updated values. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.CryptoKey` + update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.FieldMask` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_crypto_key' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_crypto_key'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_crypto_key, + default_retry=self._method_configs[ + 'UpdateCryptoKey'].retry, + default_timeout=self._method_configs['UpdateCryptoKey'] + .timeout, + client_info=self._client_info, + ) + + request = service_pb2.UpdateCryptoKeyRequest( + crypto_key=crypto_key, + update_mask=update_mask, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('crypto_key.name', crypto_key.name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['update_crypto_key']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_crypto_key_version( + self, + crypto_key_version, + update_mask, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Update a ``CryptoKeyVersion``'s metadata. + + ``state`` may be changed between + ``ENABLED`` and + ``DISABLED`` using this + method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` to + move between other states. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> # TODO: Initialize ``crypto_key_version``: + >>> crypto_key_version = {} + >>> + >>> # TODO: Initialize ``update_mask``: + >>> update_mask = {} + >>> + >>> response = client.update_crypto_key_version(crypto_key_version, update_mask) + + Args: + crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): ``CryptoKeyVersion`` with updated values. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` + update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.FieldMask` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_crypto_key_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_crypto_key_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_crypto_key_version, + default_retry=self._method_configs[ + 'UpdateCryptoKeyVersion'].retry, + default_timeout=self._method_configs[ + 'UpdateCryptoKeyVersion'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.UpdateCryptoKeyVersionRequest( + crypto_key_version=crypto_key_version, + update_mask=update_mask, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('crypto_key_version.name', + crypto_key_version.name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['update_crypto_key_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def encrypt(self, + name, + plaintext, + additional_authenticated_data=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Encrypts data, so that it can only be recovered by a call to ``Decrypt``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]') + >>> + >>> # TODO: Initialize ``plaintext``: + >>> plaintext = b'' + >>> + >>> response = client.encrypt(name, plaintext) + + Args: + name (str): Required. The resource name of the ``CryptoKey`` or ``CryptoKeyVersion`` + to use for encryption. + + If a ``CryptoKey`` is specified, the server will use its + ``primary version``. + plaintext (bytes): Required. The data to encrypt. Must be no larger than 64KiB. + additional_authenticated_data (bytes): Optional data that, if specified, must also be provided during decryption + through ``DecryptRequest.additional_authenticated_data``. Must be no + larger than 64KiB. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.EncryptResponse` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'encrypt' not in self._inner_api_calls: + self._inner_api_calls[ + 'encrypt'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.encrypt, + default_retry=self._method_configs['Encrypt'].retry, + default_timeout=self._method_configs['Encrypt'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.EncryptRequest( + name=name, + plaintext=plaintext, + additional_authenticated_data=additional_authenticated_data, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['encrypt']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def decrypt(self, + name, + ciphertext, + additional_authenticated_data=None, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Decrypts data that was protected by ``Encrypt``. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') + >>> + >>> # TODO: Initialize ``ciphertext``: + >>> ciphertext = b'' + >>> + >>> response = client.decrypt(name, ciphertext) + + Args: + name (str): Required. The resource name of the ``CryptoKey`` to use for decryption. + The server will choose the appropriate version. + ciphertext (bytes): Required. The encrypted data originally returned in + ``EncryptResponse.ciphertext``. + additional_authenticated_data (bytes): Optional data that must match the data originally supplied in + ``EncryptRequest.additional_authenticated_data``. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.DecryptResponse` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'decrypt' not in self._inner_api_calls: + self._inner_api_calls[ + 'decrypt'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.decrypt, + default_retry=self._method_configs['Decrypt'].retry, + default_timeout=self._method_configs['Decrypt'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.DecryptRequest( + name=name, + ciphertext=ciphertext, + additional_authenticated_data=additional_authenticated_data, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['decrypt']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def update_crypto_key_primary_version( + self, + name, + crypto_key_version_id, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Update the version of a ``CryptoKey`` that will be used in ``Encrypt`` + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') + >>> + >>> # TODO: Initialize ``crypto_key_version_id``: + >>> crypto_key_version_id = '' + >>> + >>> response = client.update_crypto_key_primary_version(name, crypto_key_version_id) + + Args: + name (str): The resource name of the ``CryptoKey`` to update. + crypto_key_version_id (str): The id of the child ``CryptoKeyVersion`` to use as primary. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKey` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'update_crypto_key_primary_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'update_crypto_key_primary_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.update_crypto_key_primary_version, + default_retry=self._method_configs[ + 'UpdateCryptoKeyPrimaryVersion'].retry, + default_timeout=self._method_configs[ + 'UpdateCryptoKeyPrimaryVersion'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( + name=name, + crypto_key_version_id=crypto_key_version_id, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['update_crypto_key_primary_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def destroy_crypto_key_version( + self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Schedule a ``CryptoKeyVersion`` for destruction. + + Upon calling this method, ``CryptoKeyVersion.state`` will be set to + ``DESTROY_SCHEDULED`` + and ``destroy_time`` will be set to a time 24 + hours in the future, at which point the ``state`` + will be changed to + ``DESTROYED``, and the key + material will be irrevocably destroyed. + + Before the ``destroy_time`` is reached, + ``RestoreCryptoKeyVersion`` may be called to reverse the process. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') + >>> + >>> response = client.destroy_crypto_key_version(name) + + Args: + name (str): The resource name of the ``CryptoKeyVersion`` to destroy. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'destroy_crypto_key_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'destroy_crypto_key_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.destroy_crypto_key_version, + default_retry=self._method_configs[ + 'DestroyCryptoKeyVersion'].retry, + default_timeout=self._method_configs[ + 'DestroyCryptoKeyVersion'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.DestroyCryptoKeyVersionRequest(name=name, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['destroy_crypto_key_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def restore_crypto_key_version( + self, + name, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Restore a ``CryptoKeyVersion`` in the + ``DESTROY_SCHEDULED``, + state. + + Upon restoration of the CryptoKeyVersion, ``state`` + will be set to ``DISABLED``, + and ``destroy_time`` will be cleared. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') + >>> + >>> response = client.restore_crypto_key_version(name) + + Args: + name (str): The resource name of the ``CryptoKeyVersion`` to restore. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'restore_crypto_key_version' not in self._inner_api_calls: + self._inner_api_calls[ + 'restore_crypto_key_version'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.restore_crypto_key_version, + default_retry=self._method_configs[ + 'RestoreCryptoKeyVersion'].retry, + default_timeout=self._method_configs[ + 'RestoreCryptoKeyVersion'].timeout, + client_info=self._client_info, + ) + + request = service_pb2.RestoreCryptoKeyVersionRequest(name=name, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('name', name)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['restore_crypto_key_version']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def set_iam_policy(self, + resource, + policy, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Sets the access control policy on the specified resource. Replaces any + existing policy. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> + >>> # TODO: Initialize ``policy``: + >>> policy = {} + >>> + >>> response = client.set_iam_policy(resource, policy) + + Args: + resource (str): REQUIRED: The resource for which the policy is being specified. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + policy (Union[dict, ~google.cloud.kms_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The size of + the policy is limited to a few 10s of KB. An empty policy is a + valid policy but certain Cloud Platform services (such as Projects) + might reject them. + If a dict is provided, it must be of the same form as the protobuf + message :class:`~google.cloud.kms_v1.types.Policy` + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.Policy` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'set_iam_policy' not in self._inner_api_calls: + self._inner_api_calls[ + 'set_iam_policy'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.set_iam_policy, + default_retry=self._method_configs['SetIamPolicy'].retry, + default_timeout=self._method_configs['SetIamPolicy'] + .timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.SetIamPolicyRequest( + resource=resource, + policy=policy, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('resource', resource)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['set_iam_policy']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def get_iam_policy(self, + resource, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Gets the access control policy for a resource. + Returns an empty policy if the resource exists and does not have a policy + set. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> + >>> response = client.get_iam_policy(resource) + + Args: + resource (str): REQUIRED: The resource for which the policy is being requested. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.Policy` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'get_iam_policy' not in self._inner_api_calls: + self._inner_api_calls[ + 'get_iam_policy'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.get_iam_policy, + default_retry=self._method_configs['GetIamPolicy'].retry, + default_timeout=self._method_configs['GetIamPolicy'] + .timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.GetIamPolicyRequest(resource=resource, ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('resource', resource)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['get_iam_policy']( + request, retry=retry, timeout=timeout, metadata=metadata) + + def test_iam_permissions(self, + resource, + permissions, + retry=google.api_core.gapic_v1.method.DEFAULT, + timeout=google.api_core.gapic_v1.method.DEFAULT, + metadata=None): + """ + Returns permissions that a caller has on the specified resource. + If the resource does not exist, this will return an empty set of + permissions, not a NOT_FOUND error. + + Example: + >>> from google.cloud import kms_v1 + >>> + >>> client = kms_v1.KeyManagementServiceClient() + >>> + >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + >>> + >>> # TODO: Initialize ``permissions``: + >>> permissions = [] + >>> + >>> response = client.test_iam_permissions(resource, permissions) + + Args: + resource (str): REQUIRED: The resource for which the policy detail is being requested. + ``resource`` is usually specified as a path. For example, a Project + resource is specified as ``projects/{project}``. + permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with + wildcards (such as '*' or 'storage.*') are not allowed. For more + information see + `IAM Overview `_. + retry (Optional[google.api_core.retry.Retry]): A retry object used + to retry requests. If ``None`` is specified, requests will not + be retried. + timeout (Optional[float]): The amount of time, in seconds, to wait + for the request to complete. Note that if ``retry`` is + specified, the timeout applies to each individual attempt. + metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata + that is provided to the method. + + Returns: + A :class:`~google.cloud.kms_v1.types.TestIamPermissionsResponse` instance. + + Raises: + google.api_core.exceptions.GoogleAPICallError: If the request + failed for any reason. + google.api_core.exceptions.RetryError: If the request failed due + to a retryable error and retry attempts failed. + ValueError: If the parameters are invalid. + """ + # Wrap the transport method to add retry and timeout logic. + if 'test_iam_permissions' not in self._inner_api_calls: + self._inner_api_calls[ + 'test_iam_permissions'] = google.api_core.gapic_v1.method.wrap_method( + self.transport.test_iam_permissions, + default_retry=self._method_configs[ + 'TestIamPermissions'].retry, + default_timeout=self._method_configs['TestIamPermissions'] + .timeout, + client_info=self._client_info, + ) + + request = iam_policy_pb2.TestIamPermissionsRequest( + resource=resource, + permissions=permissions, + ) + if metadata is None: + metadata = [] + metadata = list(metadata) + try: + routing_header = [('resource', resource)] + except AttributeError: + pass + else: + routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( + routing_header) + metadata.append(routing_metadata) + + return self._inner_api_calls['test_iam_permissions']( + request, retry=retry, timeout=timeout, metadata=metadata) diff --git a/kms/google/cloud/kms_v1/gapic/key_management_service_client_config.py b/kms/google/cloud/kms_v1/gapic/key_management_service_client_config.py new file mode 100644 index 000000000000..3f3ac6a2d6ef --- /dev/null +++ b/kms/google/cloud/kms_v1/gapic/key_management_service_client_config.py @@ -0,0 +1,118 @@ +config = { + "interfaces": { + "google.cloud.kms.v1.KeyManagementService": { + "retry_codes": { + "idempotent": ["DEADLINE_EXCEEDED", "UNAVAILABLE"], + "non_idempotent": [] + }, + "retry_params": { + "default": { + "initial_retry_delay_millis": 100, + "retry_delay_multiplier": 1.3, + "max_retry_delay_millis": 60000, + "initial_rpc_timeout_millis": 20000, + "rpc_timeout_multiplier": 1.0, + "max_rpc_timeout_millis": 20000, + "total_timeout_millis": 600000 + } + }, + "methods": { + "ListKeyRings": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "ListCryptoKeys": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "ListCryptoKeyVersions": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetKeyRing": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetCryptoKey": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "GetCryptoKeyVersion": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "CreateKeyRing": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "CreateCryptoKey": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "CreateCryptoKeyVersion": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateCryptoKey": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateCryptoKeyVersion": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "Encrypt": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "Decrypt": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "UpdateCryptoKeyPrimaryVersion": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "DestroyCryptoKeyVersion": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "RestoreCryptoKeyVersion": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "SetIamPolicy": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, + "GetIamPolicy": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, + "TestIamPermissions": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + } + } + } + } +} diff --git a/kms/google/cloud/kms_v1/gapic/transports/__init__.py b/kms/google/cloud/kms_v1/gapic/transports/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py b/kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py new file mode 100644 index 000000000000..fd40d9a1de07 --- /dev/null +++ b/kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py @@ -0,0 +1,381 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import google.api_core.grpc_helpers + +from google.cloud.kms_v1.proto import service_pb2_grpc +from google.iam.v1 import iam_policy_pb2 + + +class KeyManagementServiceGrpcTransport(object): + """gRPC transport class providing stubs for + google.cloud.kms.v1 KeyManagementService API. + + The transport provides access to the raw gRPC stubs, + which can be used to take advantage of advanced + features of gRPC. + """ + # The scopes needed to make gRPC calls to all of the methods defined + # in this service. + _OAUTH_SCOPES = ('https://www.googleapis.com/auth/cloud-platform', ) + + def __init__(self, + channel=None, + credentials=None, + address='cloudkms.googleapis.com:443'): + """Instantiate the transport class. + + Args: + channel (grpc.Channel): A ``Channel`` instance through + which to make calls. This argument is mutually exclusive + with ``credentials``; providing both will raise an exception. + credentials (google.auth.credentials.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If none + are specified, the client will attempt to ascertain the + credentials from the environment. + address (str): The address where the service is hosted. + """ + # If both `channel` and `credentials` are specified, raise an + # exception (channels come with credentials baked in already). + if channel is not None and credentials is not None: + raise ValueError( + 'The `channel` and `credentials` arguments are mutually ' + 'exclusive.', ) + + # Create the channel. + if channel is None: + channel = self.create_channel( + address=address, + credentials=credentials, + ) + + # gRPC uses objects called "stubs" that are bound to the + # channel and provide a basic method for each RPC. + self._stubs = { + 'key_management_service_stub': + service_pb2_grpc.KeyManagementServiceStub(channel), + 'iam_policy_stub': + iam_policy_pb2.IAMPolicyStub(channel), + } + + @classmethod + def create_channel(cls, + address='cloudkms.googleapis.com:443', + credentials=None): + """Create and return a gRPC channel object. + + Args: + address (str): The host for the channel to use. + credentials (~.Credentials): The + authorization credentials to attach to requests. These + credentials identify this application to the service. If + none are specified, the client will attempt to ascertain + the credentials from the environment. + + Returns: + grpc.Channel: A gRPC channel object. + """ + return google.api_core.grpc_helpers.create_channel( + address, + credentials=credentials, + scopes=cls._OAUTH_SCOPES, + ) + + @property + def list_key_rings(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists ``KeyRings``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].ListKeyRings + + @property + def list_crypto_keys(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists ``CryptoKeys``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].ListCryptoKeys + + @property + def list_crypto_key_versions(self): + """Return the gRPC stub for {$apiMethod.name}. + + Lists ``CryptoKeyVersions``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].ListCryptoKeyVersions + + @property + def get_key_ring(self): + """Return the gRPC stub for {$apiMethod.name}. + + Returns metadata for a given ``KeyRing``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].GetKeyRing + + @property + def get_crypto_key(self): + """Return the gRPC stub for {$apiMethod.name}. + + Returns metadata for a given ``CryptoKey``, as well as its + ``primary`` ``CryptoKeyVersion``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].GetCryptoKey + + @property + def get_crypto_key_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Returns metadata for a given ``CryptoKeyVersion``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].GetCryptoKeyVersion + + @property + def create_key_ring(self): + """Return the gRPC stub for {$apiMethod.name}. + + Create a new ``KeyRing`` in a given Project and Location. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].CreateKeyRing + + @property + def create_crypto_key(self): + """Return the gRPC stub for {$apiMethod.name}. + + Create a new ``CryptoKey`` within a ``KeyRing``. + + ``CryptoKey.purpose`` is required. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].CreateCryptoKey + + @property + def create_crypto_key_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. + + The server will assign the next sequential id. If unset, + ``state`` will be set to + ``ENABLED``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs[ + 'key_management_service_stub'].CreateCryptoKeyVersion + + @property + def update_crypto_key(self): + """Return the gRPC stub for {$apiMethod.name}. + + Update a ``CryptoKey``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].UpdateCryptoKey + + @property + def update_crypto_key_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Update a ``CryptoKeyVersion``'s metadata. + + ``state`` may be changed between + ``ENABLED`` and + ``DISABLED`` using this + method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` to + move between other states. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs[ + 'key_management_service_stub'].UpdateCryptoKeyVersion + + @property + def encrypt(self): + """Return the gRPC stub for {$apiMethod.name}. + + Encrypts data, so that it can only be recovered by a call to ``Decrypt``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].Encrypt + + @property + def decrypt(self): + """Return the gRPC stub for {$apiMethod.name}. + + Decrypts data that was protected by ``Encrypt``. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['key_management_service_stub'].Decrypt + + @property + def update_crypto_key_primary_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Update the version of a ``CryptoKey`` that will be used in ``Encrypt`` + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs[ + 'key_management_service_stub'].UpdateCryptoKeyPrimaryVersion + + @property + def destroy_crypto_key_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Schedule a ``CryptoKeyVersion`` for destruction. + + Upon calling this method, ``CryptoKeyVersion.state`` will be set to + ``DESTROY_SCHEDULED`` + and ``destroy_time`` will be set to a time 24 + hours in the future, at which point the ``state`` + will be changed to + ``DESTROYED``, and the key + material will be irrevocably destroyed. + + Before the ``destroy_time`` is reached, + ``RestoreCryptoKeyVersion`` may be called to reverse the process. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs[ + 'key_management_service_stub'].DestroyCryptoKeyVersion + + @property + def restore_crypto_key_version(self): + """Return the gRPC stub for {$apiMethod.name}. + + Restore a ``CryptoKeyVersion`` in the + ``DESTROY_SCHEDULED``, + state. + + Upon restoration of the CryptoKeyVersion, ``state`` + will be set to ``DISABLED``, + and ``destroy_time`` will be cleared. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs[ + 'key_management_service_stub'].RestoreCryptoKeyVersion + + @property + def set_iam_policy(self): + """Return the gRPC stub for {$apiMethod.name}. + + Sets the access control policy on the specified resource. Replaces any + existing policy. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['iam_policy_stub'].SetIamPolicy + + @property + def get_iam_policy(self): + """Return the gRPC stub for {$apiMethod.name}. + + Gets the access control policy for a resource. + Returns an empty policy if the resource exists and does not have a policy + set. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['iam_policy_stub'].GetIamPolicy + + @property + def test_iam_permissions(self): + """Return the gRPC stub for {$apiMethod.name}. + + Returns permissions that a caller has on the specified resource. + If the resource does not exist, this will return an empty set of + permissions, not a NOT_FOUND error. + + Returns: + Callable: A callable which accepts the appropriate + deserialized request object and returns a + deserialized response object. + """ + return self._stubs['iam_policy_stub'].TestIamPermissions diff --git a/kms/google/cloud/kms_v1/proto/__init__.py b/kms/google/cloud/kms_v1/proto/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/kms/google/cloud/kms_v1/proto/resources_pb2.py b/kms/google/cloud/kms_v1/proto/resources_pb2.py new file mode 100644 index 000000000000..afb8dd09cfac --- /dev/null +++ b/kms/google/cloud/kms_v1/proto/resources_pb2.py @@ -0,0 +1,467 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/kms_v1/proto/resources.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.protobuf import duration_pb2 as google_dot_protobuf_dot_duration__pb2 +from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/kms_v1/proto/resources.proto', + package='google.cloud.kms.v1', + syntax='proto3', + serialized_pb=_b('\n)google/cloud/kms_v1/proto/resources.proto\x12\x13google.cloud.kms.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"H\n\x07KeyRing\x12\x0c\n\x04name\x18\x01 \x01(\t\x12/\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\"\xff\x03\n\tCryptoKey\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x36\n\x07primary\x18\x02 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersion\x12@\n\x07purpose\x18\x03 \x01(\x0e\x32/.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose\x12/\n\x0b\x63reate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x36\n\x12next_rotation_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x34\n\x0frotation_period\x18\x08 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12:\n\x06labels\x18\n \x03(\x0b\x32*.google.cloud.kms.v1.CryptoKey.LabelsEntry\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"K\n\x10\x43ryptoKeyPurpose\x12\"\n\x1e\x43RYPTO_KEY_PURPOSE_UNSPECIFIED\x10\x00\x12\x13\n\x0f\x45NCRYPT_DECRYPT\x10\x01\x42\x13\n\x11rotation_schedule\"\x8c\x03\n\x10\x43ryptoKeyVersion\x12\x0c\n\x04name\x18\x01 \x01(\t\x12J\n\x05state\x18\x03 \x01(\x0e\x32;.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState\x12/\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x30\n\x0c\x64\x65stroy_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x36\n\x12\x64\x65stroy_event_time\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\"\x82\x01\n\x15\x43ryptoKeyVersionState\x12(\n$CRYPTO_KEY_VERSION_STATE_UNSPECIFIED\x10\x00\x12\x0b\n\x07\x45NABLED\x10\x01\x12\x0c\n\x08\x44ISABLED\x10\x02\x12\r\n\tDESTROYED\x10\x03\x12\x15\n\x11\x44\x45STROY_SCHEDULED\x10\x04\x42\x95\x01\n\x17\x63om.google.cloud.kms.v1B\x11KmsResourcesProtoP\x01Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\xf8\x01\x01\xaa\x02\x13Google.Cloud.Kms.V1\xca\x02\x13Google\\Cloud\\Kms\\V1b\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,google_dot_protobuf_dot_timestamp__pb2.DESCRIPTOR,]) + + + +_CRYPTOKEY_CRYPTOKEYPURPOSE = _descriptor.EnumDescriptor( + name='CryptoKeyPurpose', + full_name='google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose', + filename=None, + file=DESCRIPTOR, + values=[ + _descriptor.EnumValueDescriptor( + name='CRYPTO_KEY_PURPOSE_UNSPECIFIED', index=0, number=0, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='ENCRYPT_DECRYPT', index=1, number=1, + options=None, + type=None), + ], + containing_type=None, + options=None, + serialized_start=651, + serialized_end=726, +) +_sym_db.RegisterEnumDescriptor(_CRYPTOKEY_CRYPTOKEYPURPOSE) + +_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE = _descriptor.EnumDescriptor( + name='CryptoKeyVersionState', + full_name='google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState', + filename=None, + file=DESCRIPTOR, + values=[ + _descriptor.EnumValueDescriptor( + name='CRYPTO_KEY_VERSION_STATE_UNSPECIFIED', index=0, number=0, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='ENABLED', index=1, number=1, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='DISABLED', index=2, number=2, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='DESTROYED', index=3, number=3, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='DESTROY_SCHEDULED', index=4, number=4, + options=None, + type=None), + ], + containing_type=None, + options=None, + serialized_start=1016, + serialized_end=1146, +) +_sym_db.RegisterEnumDescriptor(_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE) + + +_KEYRING = _descriptor.Descriptor( + name='KeyRing', + full_name='google.cloud.kms.v1.KeyRing', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.KeyRing.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='create_time', full_name='google.cloud.kms.v1.KeyRing.create_time', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=161, + serialized_end=233, +) + + +_CRYPTOKEY_LABELSENTRY = _descriptor.Descriptor( + name='LabelsEntry', + full_name='google.cloud.kms.v1.CryptoKey.LabelsEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='google.cloud.kms.v1.CryptoKey.LabelsEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='value', full_name='google.cloud.kms.v1.CryptoKey.LabelsEntry.value', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=_descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')), + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=604, + serialized_end=649, +) + +_CRYPTOKEY = _descriptor.Descriptor( + name='CryptoKey', + full_name='google.cloud.kms.v1.CryptoKey', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.CryptoKey.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='primary', full_name='google.cloud.kms.v1.CryptoKey.primary', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='purpose', full_name='google.cloud.kms.v1.CryptoKey.purpose', index=2, + number=3, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='create_time', full_name='google.cloud.kms.v1.CryptoKey.create_time', index=3, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='next_rotation_time', full_name='google.cloud.kms.v1.CryptoKey.next_rotation_time', index=4, + number=7, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='rotation_period', full_name='google.cloud.kms.v1.CryptoKey.rotation_period', index=5, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='labels', full_name='google.cloud.kms.v1.CryptoKey.labels', index=6, + number=10, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[_CRYPTOKEY_LABELSENTRY, ], + enum_types=[ + _CRYPTOKEY_CRYPTOKEYPURPOSE, + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='rotation_schedule', full_name='google.cloud.kms.v1.CryptoKey.rotation_schedule', + index=0, containing_type=None, fields=[]), + ], + serialized_start=236, + serialized_end=747, +) + + +_CRYPTOKEYVERSION = _descriptor.Descriptor( + name='CryptoKeyVersion', + full_name='google.cloud.kms.v1.CryptoKeyVersion', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.CryptoKeyVersion.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='state', full_name='google.cloud.kms.v1.CryptoKeyVersion.state', index=1, + number=3, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='create_time', full_name='google.cloud.kms.v1.CryptoKeyVersion.create_time', index=2, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='destroy_time', full_name='google.cloud.kms.v1.CryptoKeyVersion.destroy_time', index=3, + number=5, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='destroy_event_time', full_name='google.cloud.kms.v1.CryptoKeyVersion.destroy_event_time', index=4, + number=6, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + _CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE, + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=750, + serialized_end=1146, +) + +_KEYRING.fields_by_name['create_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEY_LABELSENTRY.containing_type = _CRYPTOKEY +_CRYPTOKEY.fields_by_name['primary'].message_type = _CRYPTOKEYVERSION +_CRYPTOKEY.fields_by_name['purpose'].enum_type = _CRYPTOKEY_CRYPTOKEYPURPOSE +_CRYPTOKEY.fields_by_name['create_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEY.fields_by_name['next_rotation_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEY.fields_by_name['rotation_period'].message_type = google_dot_protobuf_dot_duration__pb2._DURATION +_CRYPTOKEY.fields_by_name['labels'].message_type = _CRYPTOKEY_LABELSENTRY +_CRYPTOKEY_CRYPTOKEYPURPOSE.containing_type = _CRYPTOKEY +_CRYPTOKEY.oneofs_by_name['rotation_schedule'].fields.append( + _CRYPTOKEY.fields_by_name['rotation_period']) +_CRYPTOKEY.fields_by_name['rotation_period'].containing_oneof = _CRYPTOKEY.oneofs_by_name['rotation_schedule'] +_CRYPTOKEYVERSION.fields_by_name['state'].enum_type = _CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE +_CRYPTOKEYVERSION.fields_by_name['create_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEYVERSION.fields_by_name['destroy_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEYVERSION.fields_by_name['destroy_event_time'].message_type = google_dot_protobuf_dot_timestamp__pb2._TIMESTAMP +_CRYPTOKEYVERSION_CRYPTOKEYVERSIONSTATE.containing_type = _CRYPTOKEYVERSION +DESCRIPTOR.message_types_by_name['KeyRing'] = _KEYRING +DESCRIPTOR.message_types_by_name['CryptoKey'] = _CRYPTOKEY +DESCRIPTOR.message_types_by_name['CryptoKeyVersion'] = _CRYPTOKEYVERSION +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +KeyRing = _reflection.GeneratedProtocolMessageType('KeyRing', (_message.Message,), dict( + DESCRIPTOR = _KEYRING, + __module__ = 'google.cloud.kms_v1.proto.resources_pb2' + , + __doc__ = """A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping + of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + + + Attributes: + name: + Output only. The resource name for the + [KeyRing][google.cloud.kms.v1.KeyRing] in the format + ``projects/*/locations/*/keyRings/*``. + create_time: + Output only. The time at which this + [KeyRing][google.cloud.kms.v1.KeyRing] was created. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.KeyRing) + )) +_sym_db.RegisterMessage(KeyRing) + +CryptoKey = _reflection.GeneratedProtocolMessageType('CryptoKey', (_message.Message,), dict( + + LabelsEntry = _reflection.GeneratedProtocolMessageType('LabelsEntry', (_message.Message,), dict( + DESCRIPTOR = _CRYPTOKEY_LABELSENTRY, + __module__ = 'google.cloud.kms_v1.proto.resources_pb2' + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKey.LabelsEntry) + )) + , + DESCRIPTOR = _CRYPTOKEY, + __module__ = 'google.cloud.kms_v1.proto.resources_pb2' + , + __doc__ = """A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key + that can be used for cryptographic operations. + + A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of one or more + [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the + actual key material used in cryptographic operations. + + + Attributes: + name: + Output only. The resource name for this + [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format + ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + primary: + Output only. A copy of the "primary" + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that + will be used by + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] + when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given + in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.na + me]. The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary + version can be updated via [UpdateCryptoKeyPrimaryVersion][goo + gle.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVe + rsion]. + purpose: + The immutable purpose of this + [CryptoKey][google.cloud.kms.v1.CryptoKey]. Currently, the + only acceptable purpose is [ENCRYPT\_DECRYPT][google.cloud.kms + .v1.CryptoKey.CryptoKeyPurpose.ENCRYPT\_DECRYPT]. + create_time: + Output only. The time at which this + [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. + next_rotation_time: + At [next\_rotation\_time][google.cloud.kms.v1.CryptoKey.next\_ + rotation\_time], the Key Management Service will + automatically: 1. Create a new version of this + [CryptoKey][google.cloud.kms.v1.CryptoKey]. 2. Mark the new + version as primary. Key rotations performed manually via [Cre + ateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService. + CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][go + ogle.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryV + ersion] do not affect [next\_rotation\_time][google.cloud.kms. + v1.CryptoKey.next\_rotation\_time]. + rotation_schedule: + Controls the rate of automatic rotation. + rotation_period: + [next\_rotation\_time][google.cloud.kms.v1.CryptoKey.next\_rot + ation\_time] will be advanced by this period when the service + automatically rotates a key. Must be at least one day. If [ro + tation\_period][google.cloud.kms.v1.CryptoKey.rotation\_period + ] is set, [next\_rotation\_time][google.cloud.kms.v1.CryptoKey + .next\_rotation\_time] must also be set. + labels: + Labels with user-defined metadata. For more information, see + `Labeling Keys `__. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKey) + )) +_sym_db.RegisterMessage(CryptoKey) +_sym_db.RegisterMessage(CryptoKey.LabelsEntry) + +CryptoKeyVersion = _reflection.GeneratedProtocolMessageType('CryptoKeyVersion', (_message.Message,), dict( + DESCRIPTOR = _CRYPTOKEYVERSION, + __module__ = 'google.cloud.kms_v1.proto.resources_pb2' + , + __doc__ = """A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an + individual cryptographic key, and the associated key material. + + It can be used for cryptographic operations either directly, or via its + parent [CryptoKey][google.cloud.kms.v1.CryptoKey], in which case the + server will choose the appropriate version for the operation. + + For security reasons, the raw cryptographic key material represented by + a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be + viewed or exported. It can only be used to encrypt or decrypt data when + an authorized user or application invokes Cloud KMS. + + + Attributes: + name: + Output only. The resource name for this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in + the format ``projects/*/locations/*/keyRings/*/cryptoKeys/*/cr + yptoKeyVersions/*``. + state: + The current state of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + create_time: + Output only. The time at which this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was + created. + destroy_time: + Output only. The time this + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key + material is scheduled for destruction. Only present if + [state][google.cloud.kms.v1.CryptoKeyVersion.state] is [DESTRO + Y\_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVe + rsionState.DESTROY\_SCHEDULED]. + destroy_event_time: + Output only. The time this CryptoKeyVersion's key material was + destroyed. Only present if + [state][google.cloud.kms.v1.CryptoKeyVersion.state] is [DESTRO + YED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionStat + e.DESTROYED]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CryptoKeyVersion) + )) +_sym_db.RegisterMessage(CryptoKeyVersion) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\027com.google.cloud.kms.v1B\021KmsResourcesProtoP\001Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1')) +_CRYPTOKEY_LABELSENTRY.has_options = True +_CRYPTOKEY_LABELSENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) +# @@protoc_insertion_point(module_scope) diff --git a/kms/google/cloud/kms_v1/proto/resources_pb2_grpc.py b/kms/google/cloud/kms_v1/proto/resources_pb2_grpc.py new file mode 100644 index 000000000000..a89435267cb2 --- /dev/null +++ b/kms/google/cloud/kms_v1/proto/resources_pb2_grpc.py @@ -0,0 +1,3 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + diff --git a/kms/google/cloud/kms_v1/proto/service_pb2.py b/kms/google/cloud/kms_v1/proto/service_pb2.py new file mode 100644 index 000000000000..394a90c9fd68 --- /dev/null +++ b/kms/google/cloud/kms_v1/proto/service_pb2.py @@ -0,0 +1,1527 @@ +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: google/cloud/kms_v1/proto/service.proto + +import sys +_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1')) +from google.protobuf import descriptor as _descriptor +from google.protobuf import message as _message +from google.protobuf import reflection as _reflection +from google.protobuf import symbol_database as _symbol_database +from google.protobuf import descriptor_pb2 +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2 +from google.cloud.kms_v1.proto import resources_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2 +from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2 +from google.protobuf import struct_pb2 as google_dot_protobuf_dot_struct__pb2 +from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2 + + +DESCRIPTOR = _descriptor.FileDescriptor( + name='google/cloud/kms_v1/proto/service.proto', + package='google.cloud.kms.v1', + syntax='proto3', + serialized_pb=_b('\n\'google/cloud/kms_v1/proto/service.proto\x12\x13google.cloud.kms.v1\x1a\x1cgoogle/api/annotations.proto\x1a)google/cloud/kms_v1/proto/resources.proto\x1a google/protobuf/field_mask.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/wrappers.proto\"L\n\x13ListKeyRingsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"N\n\x15ListCryptoKeysRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"U\n\x1cListCryptoKeyVersionsRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\"t\n\x14ListKeyRingsResponse\x12/\n\tkey_rings\x18\x01 \x03(\x0b\x32\x1c.google.cloud.kms.v1.KeyRing\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05\"z\n\x16ListCryptoKeysResponse\x12\x33\n\x0b\x63rypto_keys\x18\x01 \x03(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05\"\x90\x01\n\x1dListCryptoKeyVersionsResponse\x12\x42\n\x13\x63rypto_key_versions\x18\x01 \x03(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersion\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t\x12\x12\n\ntotal_size\x18\x03 \x01(\x05\"!\n\x11GetKeyRingRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\"#\n\x13GetCryptoKeyRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\"*\n\x1aGetCryptoKeyVersionRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\"k\n\x14\x43reateKeyRingRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x13\n\x0bkey_ring_id\x18\x02 \x01(\t\x12.\n\x08key_ring\x18\x03 \x01(\x0b\x32\x1c.google.cloud.kms.v1.KeyRing\"s\n\x16\x43reateCryptoKeyRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x15\n\rcrypto_key_id\x18\x02 \x01(\t\x12\x32\n\ncrypto_key\x18\x03 \x01(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\"r\n\x1d\x43reateCryptoKeyVersionRequest\x12\x0e\n\x06parent\x18\x01 \x01(\t\x12\x41\n\x12\x63rypto_key_version\x18\x02 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersion\"}\n\x16UpdateCryptoKeyRequest\x12\x32\n\ncrypto_key\x18\x01 \x01(\x0b\x32\x1e.google.cloud.kms.v1.CryptoKey\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"\x93\x01\n\x1dUpdateCryptoKeyVersionRequest\x12\x41\n\x12\x63rypto_key_version\x18\x01 \x01(\x0b\x32%.google.cloud.kms.v1.CryptoKeyVersion\x12/\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMask\"X\n\x0e\x45ncryptRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x11\n\tplaintext\x18\x02 \x01(\x0c\x12%\n\x1d\x61\x64\x64itional_authenticated_data\x18\x03 \x01(\x0c\"Y\n\x0e\x44\x65\x63ryptRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nciphertext\x18\x02 \x01(\x0c\x12%\n\x1d\x61\x64\x64itional_authenticated_data\x18\x03 \x01(\x0c\"$\n\x0f\x44\x65\x63ryptResponse\x12\x11\n\tplaintext\x18\x01 \x01(\x0c\"3\n\x0f\x45ncryptResponse\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nciphertext\x18\x02 \x01(\x0c\"S\n$UpdateCryptoKeyPrimaryVersionRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1d\n\x15\x63rypto_key_version_id\x18\x02 \x01(\t\".\n\x1e\x44\x65stroyCryptoKeyVersionRequest\x12\x0c\n\x04name\x18\x01 \x01(\t\".\n\x1eRestoreCryptoKeyVersionRequest\x12\x0c\n\x04name\x18\x01 \x01(\t2\xdb\x17\n\x14KeyManagementService\x12\x99\x01\n\x0cListKeyRings\x12(.google.cloud.kms.v1.ListKeyRingsRequest\x1a).google.cloud.kms.v1.ListKeyRingsResponse\"4\x82\xd3\xe4\x93\x02.\x12,/v1/{parent=projects/*/locations/*}/keyRings\x12\xac\x01\n\x0eListCryptoKeys\x12*.google.cloud.kms.v1.ListCryptoKeysRequest\x1a+.google.cloud.kms.v1.ListCryptoKeysResponse\"A\x82\xd3\xe4\x93\x02;\x12\x39/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys\x12\xd5\x01\n\x15ListCryptoKeyVersions\x12\x31.google.cloud.kms.v1.ListCryptoKeyVersionsRequest\x1a\x32.google.cloud.kms.v1.ListCryptoKeyVersionsResponse\"U\x82\xd3\xe4\x93\x02O\x12M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions\x12\x88\x01\n\nGetKeyRing\x12&.google.cloud.kms.v1.GetKeyRingRequest\x1a\x1c.google.cloud.kms.v1.KeyRing\"4\x82\xd3\xe4\x93\x02.\x12,/v1/{name=projects/*/locations/*/keyRings/*}\x12\x9b\x01\n\x0cGetCryptoKey\x12(.google.cloud.kms.v1.GetCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey\"A\x82\xd3\xe4\x93\x02;\x12\x39/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}\x12\xc4\x01\n\x13GetCryptoKeyVersion\x12/.google.cloud.kms.v1.GetCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion\"U\x82\xd3\xe4\x93\x02O\x12M/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}\x12\x98\x01\n\rCreateKeyRing\x12).google.cloud.kms.v1.CreateKeyRingRequest\x1a\x1c.google.cloud.kms.v1.KeyRing\">\x82\xd3\xe4\x93\x02\x38\",/v1/{parent=projects/*/locations/*}/keyRings:\x08key_ring\x12\xad\x01\n\x0f\x43reateCryptoKey\x12+.google.cloud.kms.v1.CreateCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey\"M\x82\xd3\xe4\x93\x02G\"9/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys:\ncrypto_key\x12\xde\x01\n\x16\x43reateCryptoKeyVersion\x12\x32.google.cloud.kms.v1.CreateCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion\"i\x82\xd3\xe4\x93\x02\x63\"M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:\x12\x63rypto_key_version\x12\xb8\x01\n\x0fUpdateCryptoKey\x12+.google.cloud.kms.v1.UpdateCryptoKeyRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey\"X\x82\xd3\xe4\x93\x02R2D/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:\ncrypto_key\x12\xf1\x01\n\x16UpdateCryptoKeyVersion\x12\x32.google.cloud.kms.v1.UpdateCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion\"|\x82\xd3\xe4\x93\x02v2`/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:\x12\x63rypto_key_version\x12\xa3\x01\n\x07\x45ncrypt\x12#.google.cloud.kms.v1.EncryptRequest\x1a$.google.cloud.kms.v1.EncryptResponse\"M\x82\xd3\xe4\x93\x02G\"B/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt:\x01*\x12\xa2\x01\n\x07\x44\x65\x63rypt\x12#.google.cloud.kms.v1.DecryptRequest\x1a$.google.cloud.kms.v1.DecryptResponse\"L\x82\xd3\xe4\x93\x02\x46\"A/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt:\x01*\x12\xd5\x01\n\x1dUpdateCryptoKeyPrimaryVersion\x12\x39.google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest\x1a\x1e.google.cloud.kms.v1.CryptoKey\"Y\x82\xd3\xe4\x93\x02S\"N/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion:\x01*\x12\xd7\x01\n\x17\x44\x65stroyCryptoKeyVersion\x12\x33.google.cloud.kms.v1.DestroyCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion\"`\x82\xd3\xe4\x93\x02Z\"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy:\x01*\x12\xd7\x01\n\x17RestoreCryptoKeyVersion\x12\x33.google.cloud.kms.v1.RestoreCryptoKeyVersionRequest\x1a%.google.cloud.kms.v1.CryptoKeyVersion\"`\x82\xd3\xe4\x93\x02Z\"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore:\x01*B\x8c\x01\n\x17\x63om.google.cloud.kms.v1B\x08KmsProtoP\x01Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\xf8\x01\x01\xaa\x02\x13Google.Cloud.Kms.V1\xca\x02\x13Google\\Cloud\\Kms\\V1b\x06proto3') + , + dependencies=[google_dot_api_dot_annotations__pb2.DESCRIPTOR,google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.DESCRIPTOR,google_dot_protobuf_dot_field__mask__pb2.DESCRIPTOR,google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,google_dot_protobuf_dot_wrappers__pb2.DESCRIPTOR,]) + + + + +_LISTKEYRINGSREQUEST = _descriptor.Descriptor( + name='ListKeyRingsRequest', + full_name='google.cloud.kms.v1.ListKeyRingsRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.ListKeyRingsRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_size', full_name='google.cloud.kms.v1.ListKeyRingsRequest.page_size', index=1, + number=2, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_token', full_name='google.cloud.kms.v1.ListKeyRingsRequest.page_token', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=233, + serialized_end=309, +) + + +_LISTCRYPTOKEYSREQUEST = _descriptor.Descriptor( + name='ListCryptoKeysRequest', + full_name='google.cloud.kms.v1.ListCryptoKeysRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.ListCryptoKeysRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_size', full_name='google.cloud.kms.v1.ListCryptoKeysRequest.page_size', index=1, + number=2, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_token', full_name='google.cloud.kms.v1.ListCryptoKeysRequest.page_token', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=311, + serialized_end=389, +) + + +_LISTCRYPTOKEYVERSIONSREQUEST = _descriptor.Descriptor( + name='ListCryptoKeyVersionsRequest', + full_name='google.cloud.kms.v1.ListCryptoKeyVersionsRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_size', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_size', index=1, + number=2, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='page_token', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token', index=2, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=391, + serialized_end=476, +) + + +_LISTKEYRINGSRESPONSE = _descriptor.Descriptor( + name='ListKeyRingsResponse', + full_name='google.cloud.kms.v1.ListKeyRingsResponse', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key_rings', full_name='google.cloud.kms.v1.ListKeyRingsResponse.key_rings', index=0, + number=1, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='next_page_token', full_name='google.cloud.kms.v1.ListKeyRingsResponse.next_page_token', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='total_size', full_name='google.cloud.kms.v1.ListKeyRingsResponse.total_size', index=2, + number=3, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=478, + serialized_end=594, +) + + +_LISTCRYPTOKEYSRESPONSE = _descriptor.Descriptor( + name='ListCryptoKeysResponse', + full_name='google.cloud.kms.v1.ListCryptoKeysResponse', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='crypto_keys', full_name='google.cloud.kms.v1.ListCryptoKeysResponse.crypto_keys', index=0, + number=1, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='next_page_token', full_name='google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='total_size', full_name='google.cloud.kms.v1.ListCryptoKeysResponse.total_size', index=2, + number=3, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=596, + serialized_end=718, +) + + +_LISTCRYPTOKEYVERSIONSRESPONSE = _descriptor.Descriptor( + name='ListCryptoKeyVersionsResponse', + full_name='google.cloud.kms.v1.ListCryptoKeyVersionsResponse', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='crypto_key_versions', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsResponse.crypto_key_versions', index=0, + number=1, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='next_page_token', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='total_size', full_name='google.cloud.kms.v1.ListCryptoKeyVersionsResponse.total_size', index=2, + number=3, type=5, cpp_type=1, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=721, + serialized_end=865, +) + + +_GETKEYRINGREQUEST = _descriptor.Descriptor( + name='GetKeyRingRequest', + full_name='google.cloud.kms.v1.GetKeyRingRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.GetKeyRingRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=867, + serialized_end=900, +) + + +_GETCRYPTOKEYREQUEST = _descriptor.Descriptor( + name='GetCryptoKeyRequest', + full_name='google.cloud.kms.v1.GetCryptoKeyRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.GetCryptoKeyRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=902, + serialized_end=937, +) + + +_GETCRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( + name='GetCryptoKeyVersionRequest', + full_name='google.cloud.kms.v1.GetCryptoKeyVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.GetCryptoKeyVersionRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=939, + serialized_end=981, +) + + +_CREATEKEYRINGREQUEST = _descriptor.Descriptor( + name='CreateKeyRingRequest', + full_name='google.cloud.kms.v1.CreateKeyRingRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.CreateKeyRingRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='key_ring_id', full_name='google.cloud.kms.v1.CreateKeyRingRequest.key_ring_id', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='key_ring', full_name='google.cloud.kms.v1.CreateKeyRingRequest.key_ring', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=983, + serialized_end=1090, +) + + +_CREATECRYPTOKEYREQUEST = _descriptor.Descriptor( + name='CreateCryptoKeyRequest', + full_name='google.cloud.kms.v1.CreateCryptoKeyRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.CreateCryptoKeyRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='crypto_key_id', full_name='google.cloud.kms.v1.CreateCryptoKeyRequest.crypto_key_id', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='crypto_key', full_name='google.cloud.kms.v1.CreateCryptoKeyRequest.crypto_key', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1092, + serialized_end=1207, +) + + +_CREATECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( + name='CreateCryptoKeyVersionRequest', + full_name='google.cloud.kms.v1.CreateCryptoKeyVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='parent', full_name='google.cloud.kms.v1.CreateCryptoKeyVersionRequest.parent', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='crypto_key_version', full_name='google.cloud.kms.v1.CreateCryptoKeyVersionRequest.crypto_key_version', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1209, + serialized_end=1323, +) + + +_UPDATECRYPTOKEYREQUEST = _descriptor.Descriptor( + name='UpdateCryptoKeyRequest', + full_name='google.cloud.kms.v1.UpdateCryptoKeyRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='crypto_key', full_name='google.cloud.kms.v1.UpdateCryptoKeyRequest.crypto_key', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='update_mask', full_name='google.cloud.kms.v1.UpdateCryptoKeyRequest.update_mask', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1325, + serialized_end=1450, +) + + +_UPDATECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( + name='UpdateCryptoKeyVersionRequest', + full_name='google.cloud.kms.v1.UpdateCryptoKeyVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='crypto_key_version', full_name='google.cloud.kms.v1.UpdateCryptoKeyVersionRequest.crypto_key_version', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='update_mask', full_name='google.cloud.kms.v1.UpdateCryptoKeyVersionRequest.update_mask', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1453, + serialized_end=1600, +) + + +_ENCRYPTREQUEST = _descriptor.Descriptor( + name='EncryptRequest', + full_name='google.cloud.kms.v1.EncryptRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.EncryptRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='plaintext', full_name='google.cloud.kms.v1.EncryptRequest.plaintext', index=1, + number=2, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='additional_authenticated_data', full_name='google.cloud.kms.v1.EncryptRequest.additional_authenticated_data', index=2, + number=3, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1602, + serialized_end=1690, +) + + +_DECRYPTREQUEST = _descriptor.Descriptor( + name='DecryptRequest', + full_name='google.cloud.kms.v1.DecryptRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.DecryptRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='ciphertext', full_name='google.cloud.kms.v1.DecryptRequest.ciphertext', index=1, + number=2, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='additional_authenticated_data', full_name='google.cloud.kms.v1.DecryptRequest.additional_authenticated_data', index=2, + number=3, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1692, + serialized_end=1781, +) + + +_DECRYPTRESPONSE = _descriptor.Descriptor( + name='DecryptResponse', + full_name='google.cloud.kms.v1.DecryptResponse', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='plaintext', full_name='google.cloud.kms.v1.DecryptResponse.plaintext', index=0, + number=1, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1783, + serialized_end=1819, +) + + +_ENCRYPTRESPONSE = _descriptor.Descriptor( + name='EncryptResponse', + full_name='google.cloud.kms.v1.EncryptResponse', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.EncryptResponse.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='ciphertext', full_name='google.cloud.kms.v1.EncryptResponse.ciphertext', index=1, + number=2, type=12, cpp_type=9, label=1, + has_default_value=False, default_value=_b(""), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1821, + serialized_end=1872, +) + + +_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST = _descriptor.Descriptor( + name='UpdateCryptoKeyPrimaryVersionRequest', + full_name='google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='crypto_key_version_id', full_name='google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest.crypto_key_version_id', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1874, + serialized_end=1957, +) + + +_DESTROYCRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( + name='DestroyCryptoKeyVersionRequest', + full_name='google.cloud.kms.v1.DestroyCryptoKeyVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.DestroyCryptoKeyVersionRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1959, + serialized_end=2005, +) + + +_RESTORECRYPTOKEYVERSIONREQUEST = _descriptor.Descriptor( + name='RestoreCryptoKeyVersionRequest', + full_name='google.cloud.kms.v1.RestoreCryptoKeyVersionRequest', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='name', full_name='google.cloud.kms.v1.RestoreCryptoKeyVersionRequest.name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=2007, + serialized_end=2053, +) + +_LISTKEYRINGSRESPONSE.fields_by_name['key_rings'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING +_LISTCRYPTOKEYSRESPONSE.fields_by_name['crypto_keys'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY +_LISTCRYPTOKEYVERSIONSRESPONSE.fields_by_name['crypto_key_versions'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION +_CREATEKEYRINGREQUEST.fields_by_name['key_ring'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING +_CREATECRYPTOKEYREQUEST.fields_by_name['crypto_key'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY +_CREATECRYPTOKEYVERSIONREQUEST.fields_by_name['crypto_key_version'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION +_UPDATECRYPTOKEYREQUEST.fields_by_name['crypto_key'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY +_UPDATECRYPTOKEYREQUEST.fields_by_name['update_mask'].message_type = google_dot_protobuf_dot_field__mask__pb2._FIELDMASK +_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name['crypto_key_version'].message_type = google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION +_UPDATECRYPTOKEYVERSIONREQUEST.fields_by_name['update_mask'].message_type = google_dot_protobuf_dot_field__mask__pb2._FIELDMASK +DESCRIPTOR.message_types_by_name['ListKeyRingsRequest'] = _LISTKEYRINGSREQUEST +DESCRIPTOR.message_types_by_name['ListCryptoKeysRequest'] = _LISTCRYPTOKEYSREQUEST +DESCRIPTOR.message_types_by_name['ListCryptoKeyVersionsRequest'] = _LISTCRYPTOKEYVERSIONSREQUEST +DESCRIPTOR.message_types_by_name['ListKeyRingsResponse'] = _LISTKEYRINGSRESPONSE +DESCRIPTOR.message_types_by_name['ListCryptoKeysResponse'] = _LISTCRYPTOKEYSRESPONSE +DESCRIPTOR.message_types_by_name['ListCryptoKeyVersionsResponse'] = _LISTCRYPTOKEYVERSIONSRESPONSE +DESCRIPTOR.message_types_by_name['GetKeyRingRequest'] = _GETKEYRINGREQUEST +DESCRIPTOR.message_types_by_name['GetCryptoKeyRequest'] = _GETCRYPTOKEYREQUEST +DESCRIPTOR.message_types_by_name['GetCryptoKeyVersionRequest'] = _GETCRYPTOKEYVERSIONREQUEST +DESCRIPTOR.message_types_by_name['CreateKeyRingRequest'] = _CREATEKEYRINGREQUEST +DESCRIPTOR.message_types_by_name['CreateCryptoKeyRequest'] = _CREATECRYPTOKEYREQUEST +DESCRIPTOR.message_types_by_name['CreateCryptoKeyVersionRequest'] = _CREATECRYPTOKEYVERSIONREQUEST +DESCRIPTOR.message_types_by_name['UpdateCryptoKeyRequest'] = _UPDATECRYPTOKEYREQUEST +DESCRIPTOR.message_types_by_name['UpdateCryptoKeyVersionRequest'] = _UPDATECRYPTOKEYVERSIONREQUEST +DESCRIPTOR.message_types_by_name['EncryptRequest'] = _ENCRYPTREQUEST +DESCRIPTOR.message_types_by_name['DecryptRequest'] = _DECRYPTREQUEST +DESCRIPTOR.message_types_by_name['DecryptResponse'] = _DECRYPTRESPONSE +DESCRIPTOR.message_types_by_name['EncryptResponse'] = _ENCRYPTRESPONSE +DESCRIPTOR.message_types_by_name['UpdateCryptoKeyPrimaryVersionRequest'] = _UPDATECRYPTOKEYPRIMARYVERSIONREQUEST +DESCRIPTOR.message_types_by_name['DestroyCryptoKeyVersionRequest'] = _DESTROYCRYPTOKEYVERSIONREQUEST +DESCRIPTOR.message_types_by_name['RestoreCryptoKeyVersionRequest'] = _RESTORECRYPTOKEYVERSIONREQUEST +_sym_db.RegisterFileDescriptor(DESCRIPTOR) + +ListKeyRingsRequest = _reflection.GeneratedProtocolMessageType('ListKeyRingsRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTKEYRINGSREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + + Attributes: + parent: + Required. The resource name of the location associated with + the [KeyRings][google.cloud.kms.v1.KeyRing], in the format + ``projects/*/locations/*``. + page_size: + Optional limit on the number of + [KeyRings][google.cloud.kms.v1.KeyRing] to include in the + response. Further [KeyRings][google.cloud.kms.v1.KeyRing] can + subsequently be obtained by including the [ListKeyRingsRespons + e.next\_page\_token][google.cloud.kms.v1.ListKeyRingsResponse. + next\_page\_token] in a subsequent request. If unspecified, + the server will pick an appropriate default. + page_token: + Optional pagination token, returned earlier via [ListKeyRingsR + esponse.next\_page\_token][google.cloud.kms.v1.ListKeyRingsRes + ponse.next\_page\_token]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListKeyRingsRequest) + )) +_sym_db.RegisterMessage(ListKeyRingsRequest) + +ListCryptoKeysRequest = _reflection.GeneratedProtocolMessageType('ListCryptoKeysRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTCRYPTOKEYSREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + + Attributes: + parent: + Required. The resource name of the + [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format + ``projects/*/locations/*/keyRings/*``. + page_size: + Optional limit on the number of + [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the + response. Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] + can subsequently be obtained by including the [ListCryptoKeysR + esponse.next\_page\_token][google.cloud.kms.v1.ListCryptoKeysR + esponse.next\_page\_token] in a subsequent request. If + unspecified, the server will pick an appropriate default. + page_token: + Optional pagination token, returned earlier via [ListCryptoKey + sResponse.next\_page\_token][google.cloud.kms.v1.ListCryptoKey + sResponse.next\_page\_token]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeysRequest) + )) +_sym_db.RegisterMessage(ListCryptoKeysRequest) + +ListCryptoKeyVersionsRequest = _reflection.GeneratedProtocolMessageType('ListCryptoKeyVersionsRequest', (_message.Message,), dict( + DESCRIPTOR = _LISTCRYPTOKEYVERSIONSREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + + Attributes: + parent: + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the + format ``projects/*/locations/*/keyRings/*/cryptoKeys/*``. + page_size: + Optional limit on the number of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to + include in the response. Further + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can + subsequently be obtained by including the [ListCryptoKeyVersio + nsResponse.next\_page\_token][google.cloud.kms.v1.ListCryptoKe + yVersionsResponse.next\_page\_token] in a subsequent request. + If unspecified, the server will pick an appropriate default. + page_token: + Optional pagination token, returned earlier via [ListCryptoKey + VersionsResponse.next\_page\_token][google.cloud.kms.v1.ListCr + yptoKeyVersionsResponse.next\_page\_token]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeyVersionsRequest) + )) +_sym_db.RegisterMessage(ListCryptoKeyVersionsRequest) + +ListKeyRingsResponse = _reflection.GeneratedProtocolMessageType('ListKeyRingsResponse', (_message.Message,), dict( + DESCRIPTOR = _LISTKEYRINGSRESPONSE, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Response message for + [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. + + + Attributes: + key_rings: + The list of [KeyRings][google.cloud.kms.v1.KeyRing]. + next_page_token: + A token to retrieve next page of results. Pass this value in [ + ListKeyRingsRequest.page\_token][google.cloud.kms.v1.ListKeyRi + ngsRequest.page\_token] to retrieve the next page of results. + total_size: + The total number of [KeyRings][google.cloud.kms.v1.KeyRing] + that matched the query. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListKeyRingsResponse) + )) +_sym_db.RegisterMessage(ListKeyRingsResponse) + +ListCryptoKeysResponse = _reflection.GeneratedProtocolMessageType('ListCryptoKeysResponse', (_message.Message,), dict( + DESCRIPTOR = _LISTCRYPTOKEYSRESPONSE, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Response message for + [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + + + Attributes: + crypto_keys: + The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + next_page_token: + A token to retrieve next page of results. Pass this value in [ + ListCryptoKeysRequest.page\_token][google.cloud.kms.v1.ListCry + ptoKeysRequest.page\_token] to retrieve the next page of + results. + total_size: + The total number of + [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the + query. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeysResponse) + )) +_sym_db.RegisterMessage(ListCryptoKeysResponse) + +ListCryptoKeyVersionsResponse = _reflection.GeneratedProtocolMessageType('ListCryptoKeyVersionsResponse', (_message.Message,), dict( + DESCRIPTOR = _LISTCRYPTOKEYVERSIONSRESPONSE, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Response message for + [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. + + + Attributes: + crypto_key_versions: + The list of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + next_page_token: + A token to retrieve next page of results. Pass this value in [ + ListCryptoKeyVersionsRequest.page\_token][google.cloud.kms.v1. + ListCryptoKeyVersionsRequest.page\_token] to retrieve the next + page of results. + total_size: + The total number of + [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that + matched the query. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.ListCryptoKeyVersionsResponse) + )) +_sym_db.RegisterMessage(ListCryptoKeyVersionsResponse) + +GetKeyRingRequest = _reflection.GeneratedProtocolMessageType('GetKeyRingRequest', (_message.Message,), dict( + DESCRIPTOR = _GETKEYRINGREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. + + + Attributes: + name: + The [name][google.cloud.kms.v1.KeyRing.name] of the + [KeyRing][google.cloud.kms.v1.KeyRing] to get. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetKeyRingRequest) + )) +_sym_db.RegisterMessage(GetKeyRingRequest) + +GetCryptoKeyRequest = _reflection.GeneratedProtocolMessageType('GetCryptoKeyRequest', (_message.Message,), dict( + DESCRIPTOR = _GETCRYPTOKEYREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. + + + Attributes: + name: + The [name][google.cloud.kms.v1.CryptoKey.name] of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetCryptoKeyRequest) + )) +_sym_db.RegisterMessage(GetCryptoKeyRequest) + +GetCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType('GetCryptoKeyVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _GETCRYPTOKEYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. + + + Attributes: + name: + The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + get. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.GetCryptoKeyVersionRequest) + )) +_sym_db.RegisterMessage(GetCryptoKeyVersionRequest) + +CreateKeyRingRequest = _reflection.GeneratedProtocolMessageType('CreateKeyRingRequest', (_message.Message,), dict( + DESCRIPTOR = _CREATEKEYRINGREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. + + + Attributes: + parent: + Required. The resource name of the location associated with + the [KeyRings][google.cloud.kms.v1.KeyRing], in the format + ``projects/*/locations/*``. + key_ring_id: + Required. It must be unique within a location and match the + regular expression ``[a-zA-Z0-9_-]{1,63}`` + key_ring: + A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field + values. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateKeyRingRequest) + )) +_sym_db.RegisterMessage(CreateKeyRingRequest) + +CreateCryptoKeyRequest = _reflection.GeneratedProtocolMessageType('CreateCryptoKeyRequest', (_message.Message,), dict( + DESCRIPTOR = _CREATECRYPTOKEYREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. + + + Attributes: + parent: + Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + KeyRing associated with the + [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + crypto_key_id: + Required. It must be unique within a KeyRing and match the + regular expression ``[a-zA-Z0-9_-]{1,63}`` + crypto_key: + A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial + field values. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateCryptoKeyRequest) + )) +_sym_db.RegisterMessage(CreateCryptoKeyRequest) + +CreateCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType('CreateCryptoKeyVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _CREATECRYPTOKEYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. + + + Attributes: + parent: + Required. The [name][google.cloud.kms.v1.CryptoKey.name] of + the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with + the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + crypto_key_version: + A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + with initial field values. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.CreateCryptoKeyVersionRequest) + )) +_sym_db.RegisterMessage(CreateCryptoKeyVersionRequest) + +UpdateCryptoKeyRequest = _reflection.GeneratedProtocolMessageType('UpdateCryptoKeyRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATECRYPTOKEYREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. + + + Attributes: + crypto_key: + [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated + values. + update_mask: + Required list of fields to be updated in this request. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyRequest) + )) +_sym_db.RegisterMessage(UpdateCryptoKeyRequest) + +UpdateCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType('UpdateCryptoKeyVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATECRYPTOKEYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. + + + Attributes: + crypto_key_version: + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + updated values. + update_mask: + Required list of fields to be updated in this request. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyVersionRequest) + )) +_sym_db.RegisterMessage(UpdateCryptoKeyVersionRequest) + +EncryptRequest = _reflection.GeneratedProtocolMessageType('EncryptRequest', (_message.Message,), dict( + DESCRIPTOR = _ENCRYPTREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + + Attributes: + name: + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] or + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for encryption. If a + [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the + server will use its [primary + version][google.cloud.kms.v1.CryptoKey.primary]. + plaintext: + Required. The data to encrypt. Must be no larger than 64KiB. + additional_authenticated_data: + Optional data that, if specified, must also be provided during + decryption through [DecryptRequest.additional\_authenticated\_ + data][google.cloud.kms.v1.DecryptRequest.additional\_authentic + ated\_data]. Must be no larger than 64KiB. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.EncryptRequest) + )) +_sym_db.RegisterMessage(EncryptRequest) + +DecryptRequest = _reflection.GeneratedProtocolMessageType('DecryptRequest', (_message.Message,), dict( + DESCRIPTOR = _DECRYPTREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + + Attributes: + name: + Required. The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for + decryption. The server will choose the appropriate version. + ciphertext: + Required. The encrypted data originally returned in [EncryptRe + sponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphert + ext]. + additional_authenticated_data: + Optional data that must match the data originally supplied in + [EncryptRequest.additional\_authenticated\_data][google.cloud. + kms.v1.EncryptRequest.additional\_authenticated\_data]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DecryptRequest) + )) +_sym_db.RegisterMessage(DecryptRequest) + +DecryptResponse = _reflection.GeneratedProtocolMessageType('DecryptResponse', (_message.Message,), dict( + DESCRIPTOR = _DECRYPTRESPONSE, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Response message for + [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + + + Attributes: + plaintext: + The decrypted data originally supplied in [EncryptRequest.plai + ntext][google.cloud.kms.v1.EncryptRequest.plaintext]. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DecryptResponse) + )) +_sym_db.RegisterMessage(DecryptResponse) + +EncryptResponse = _reflection.GeneratedProtocolMessageType('EncryptResponse', (_message.Message,), dict( + DESCRIPTOR = _ENCRYPTRESPONSE, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Response message for + [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + + + Attributes: + name: + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used + in encryption. + ciphertext: + The encrypted data. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.EncryptResponse) + )) +_sym_db.RegisterMessage(EncryptResponse) + +UpdateCryptoKeyPrimaryVersionRequest = _reflection.GeneratedProtocolMessageType('UpdateCryptoKeyPrimaryVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _UPDATECRYPTOKEYPRIMARYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + + + Attributes: + name: + The resource name of the + [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + crypto_key_version_id: + The id of the child + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use as primary. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest) + )) +_sym_db.RegisterMessage(UpdateCryptoKeyPrimaryVersionRequest) + +DestroyCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType('DestroyCryptoKeyVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _DESTROYCRYPTOKEYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. + + + Attributes: + name: + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + destroy. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.DestroyCryptoKeyVersionRequest) + )) +_sym_db.RegisterMessage(DestroyCryptoKeyVersionRequest) + +RestoreCryptoKeyVersionRequest = _reflection.GeneratedProtocolMessageType('RestoreCryptoKeyVersionRequest', (_message.Message,), dict( + DESCRIPTOR = _RESTORECRYPTOKEYVERSIONREQUEST, + __module__ = 'google.cloud.kms_v1.proto.service_pb2' + , + __doc__ = """Request message for + [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. + + + Attributes: + name: + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + restore. + """, + # @@protoc_insertion_point(class_scope:google.cloud.kms.v1.RestoreCryptoKeyVersionRequest) + )) +_sym_db.RegisterMessage(RestoreCryptoKeyVersionRequest) + + +DESCRIPTOR.has_options = True +DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('\n\027com.google.cloud.kms.v1B\010KmsProtoP\001Z6google.golang.org/genproto/googleapis/cloud/kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud\\Kms\\V1')) + +_KEYMANAGEMENTSERVICE = _descriptor.ServiceDescriptor( + name='KeyManagementService', + full_name='google.cloud.kms.v1.KeyManagementService', + file=DESCRIPTOR, + index=0, + options=None, + serialized_start=2056, + serialized_end=5091, + methods=[ + _descriptor.MethodDescriptor( + name='ListKeyRings', + full_name='google.cloud.kms.v1.KeyManagementService.ListKeyRings', + index=0, + containing_service=None, + input_type=_LISTKEYRINGSREQUEST, + output_type=_LISTKEYRINGSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002.\022,/v1/{parent=projects/*/locations/*}/keyRings')), + ), + _descriptor.MethodDescriptor( + name='ListCryptoKeys', + full_name='google.cloud.kms.v1.KeyManagementService.ListCryptoKeys', + index=1, + containing_service=None, + input_type=_LISTCRYPTOKEYSREQUEST, + output_type=_LISTCRYPTOKEYSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002;\0229/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys')), + ), + _descriptor.MethodDescriptor( + name='ListCryptoKeyVersions', + full_name='google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions', + index=2, + containing_service=None, + input_type=_LISTCRYPTOKEYVERSIONSREQUEST, + output_type=_LISTCRYPTOKEYVERSIONSRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002O\022M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions')), + ), + _descriptor.MethodDescriptor( + name='GetKeyRing', + full_name='google.cloud.kms.v1.KeyManagementService.GetKeyRing', + index=3, + containing_service=None, + input_type=_GETKEYRINGREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002.\022,/v1/{name=projects/*/locations/*/keyRings/*}')), + ), + _descriptor.MethodDescriptor( + name='GetCryptoKey', + full_name='google.cloud.kms.v1.KeyManagementService.GetCryptoKey', + index=4, + containing_service=None, + input_type=_GETCRYPTOKEYREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002;\0229/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}')), + ), + _descriptor.MethodDescriptor( + name='GetCryptoKeyVersion', + full_name='google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion', + index=5, + containing_service=None, + input_type=_GETCRYPTOKEYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002O\022M/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}')), + ), + _descriptor.MethodDescriptor( + name='CreateKeyRing', + full_name='google.cloud.kms.v1.KeyManagementService.CreateKeyRing', + index=6, + containing_service=None, + input_type=_CREATEKEYRINGREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._KEYRING, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\0028\",/v1/{parent=projects/*/locations/*}/keyRings:\010key_ring')), + ), + _descriptor.MethodDescriptor( + name='CreateCryptoKey', + full_name='google.cloud.kms.v1.KeyManagementService.CreateCryptoKey', + index=7, + containing_service=None, + input_type=_CREATECRYPTOKEYREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002G\"9/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys:\ncrypto_key')), + ), + _descriptor.MethodDescriptor( + name='CreateCryptoKeyVersion', + full_name='google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion', + index=8, + containing_service=None, + input_type=_CREATECRYPTOKEYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002c\"M/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:\022crypto_key_version')), + ), + _descriptor.MethodDescriptor( + name='UpdateCryptoKey', + full_name='google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey', + index=9, + containing_service=None, + input_type=_UPDATECRYPTOKEYREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002R2D/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:\ncrypto_key')), + ), + _descriptor.MethodDescriptor( + name='UpdateCryptoKeyVersion', + full_name='google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion', + index=10, + containing_service=None, + input_type=_UPDATECRYPTOKEYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002v2`/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:\022crypto_key_version')), + ), + _descriptor.MethodDescriptor( + name='Encrypt', + full_name='google.cloud.kms.v1.KeyManagementService.Encrypt', + index=11, + containing_service=None, + input_type=_ENCRYPTREQUEST, + output_type=_ENCRYPTRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002G\"B/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt:\001*')), + ), + _descriptor.MethodDescriptor( + name='Decrypt', + full_name='google.cloud.kms.v1.KeyManagementService.Decrypt', + index=12, + containing_service=None, + input_type=_DECRYPTREQUEST, + output_type=_DECRYPTRESPONSE, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002F\"A/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt:\001*')), + ), + _descriptor.MethodDescriptor( + name='UpdateCryptoKeyPrimaryVersion', + full_name='google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion', + index=13, + containing_service=None, + input_type=_UPDATECRYPTOKEYPRIMARYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEY, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002S\"N/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion:\001*')), + ), + _descriptor.MethodDescriptor( + name='DestroyCryptoKeyVersion', + full_name='google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion', + index=14, + containing_service=None, + input_type=_DESTROYCRYPTOKEYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002Z\"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy:\001*')), + ), + _descriptor.MethodDescriptor( + name='RestoreCryptoKeyVersion', + full_name='google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion', + index=15, + containing_service=None, + input_type=_RESTORECRYPTOKEYVERSIONREQUEST, + output_type=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2._CRYPTOKEYVERSION, + options=_descriptor._ParseOptions(descriptor_pb2.MethodOptions(), _b('\202\323\344\223\002Z\"U/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore:\001*')), + ), +]) +_sym_db.RegisterServiceDescriptor(_KEYMANAGEMENTSERVICE) + +DESCRIPTOR.services_by_name['KeyManagementService'] = _KEYMANAGEMENTSERVICE + +# @@protoc_insertion_point(module_scope) diff --git a/kms/google/cloud/kms_v1/proto/service_pb2_grpc.py b/kms/google/cloud/kms_v1/proto/service_pb2_grpc.py new file mode 100644 index 000000000000..0db6a15f9762 --- /dev/null +++ b/kms/google/cloud/kms_v1/proto/service_pb2_grpc.py @@ -0,0 +1,346 @@ +# Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! +import grpc + +from google.cloud.kms_v1.proto import resources_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2 +from google.cloud.kms_v1.proto import service_pb2 as google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2 + + +class KeyManagementServiceStub(object): + """Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. Implements a REST + model with the following objects: + + * [KeyRing][google.cloud.kms.v1.KeyRing] + * [CryptoKey][google.cloud.kms.v1.CryptoKey] + * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + """ + + def __init__(self, channel): + """Constructor. + + Args: + channel: A grpc.Channel. + """ + self.ListKeyRings = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/ListKeyRings', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsResponse.FromString, + ) + self.ListCryptoKeys = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysResponse.FromString, + ) + self.ListCryptoKeyVersions = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsResponse.FromString, + ) + self.GetKeyRing = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/GetKeyRing', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetKeyRingRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.FromString, + ) + self.GetCryptoKey = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/GetCryptoKey', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, + ) + self.GetCryptoKeyVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, + ) + self.CreateKeyRing = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/CreateKeyRing', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateKeyRingRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.FromString, + ) + self.CreateCryptoKey = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, + ) + self.CreateCryptoKeyVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, + ) + self.UpdateCryptoKey = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, + ) + self.UpdateCryptoKeyVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, + ) + self.Encrypt = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/Encrypt', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptResponse.FromString, + ) + self.Decrypt = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/Decrypt', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptResponse.FromString, + ) + self.UpdateCryptoKeyPrimaryVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyPrimaryVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.FromString, + ) + self.DestroyCryptoKeyVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DestroyCryptoKeyVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, + ) + self.RestoreCryptoKeyVersion = channel.unary_unary( + '/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion', + request_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.RestoreCryptoKeyVersionRequest.SerializeToString, + response_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.FromString, + ) + + +class KeyManagementServiceServicer(object): + """Google Cloud Key Management Service + + Manages cryptographic keys and operations using those keys. Implements a REST + model with the following objects: + + * [KeyRing][google.cloud.kms.v1.KeyRing] + * [CryptoKey][google.cloud.kms.v1.CryptoKey] + * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + """ + + def ListKeyRings(self, request, context): + """Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def ListCryptoKeys(self, request, context): + """Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def ListCryptoKeyVersions(self, request, context): + """Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def GetKeyRing(self, request, context): + """Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def GetCryptoKey(self, request, context): + """Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its + [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def GetCryptoKeyVersion(self, request, context): + """Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def CreateKeyRing(self, request, context): + """Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def CreateCryptoKey(self, request, context): + """Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. + + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is required. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def CreateCryptoKeyVersion(self, request, context): + """Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + + The server will assign the next sequential id. If unset, + [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def UpdateCryptoKey(self, request, context): + """Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def UpdateCryptoKeyVersion(self, request, context): + """Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. + + [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between + [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and + [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this + method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to + move between other states. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def Encrypt(self, request, context): + """Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def Decrypt(self, request, context): + """Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def UpdateCryptoKeyPrimaryVersion(self, request, context): + """Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def DestroyCryptoKeyVersion(self, request, context): + """Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. + + Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 + hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be changed to + [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key + material will be irrevocably destroyed. + + Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, + [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + def RestoreCryptoKeyVersion(self, request, context): + """Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], + state. + + Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] + will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. + """ + context.set_code(grpc.StatusCode.UNIMPLEMENTED) + context.set_details('Method not implemented!') + raise NotImplementedError('Method not implemented!') + + +def add_KeyManagementServiceServicer_to_server(servicer, server): + rpc_method_handlers = { + 'ListKeyRings': grpc.unary_unary_rpc_method_handler( + servicer.ListKeyRings, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListKeyRingsResponse.SerializeToString, + ), + 'ListCryptoKeys': grpc.unary_unary_rpc_method_handler( + servicer.ListCryptoKeys, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeysResponse.SerializeToString, + ), + 'ListCryptoKeyVersions': grpc.unary_unary_rpc_method_handler( + servicer.ListCryptoKeyVersions, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.ListCryptoKeyVersionsResponse.SerializeToString, + ), + 'GetKeyRing': grpc.unary_unary_rpc_method_handler( + servicer.GetKeyRing, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetKeyRingRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.SerializeToString, + ), + 'GetCryptoKey': grpc.unary_unary_rpc_method_handler( + servicer.GetCryptoKey, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, + ), + 'GetCryptoKeyVersion': grpc.unary_unary_rpc_method_handler( + servicer.GetCryptoKeyVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.GetCryptoKeyVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, + ), + 'CreateKeyRing': grpc.unary_unary_rpc_method_handler( + servicer.CreateKeyRing, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateKeyRingRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.KeyRing.SerializeToString, + ), + 'CreateCryptoKey': grpc.unary_unary_rpc_method_handler( + servicer.CreateCryptoKey, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, + ), + 'CreateCryptoKeyVersion': grpc.unary_unary_rpc_method_handler( + servicer.CreateCryptoKeyVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.CreateCryptoKeyVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, + ), + 'UpdateCryptoKey': grpc.unary_unary_rpc_method_handler( + servicer.UpdateCryptoKey, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, + ), + 'UpdateCryptoKeyVersion': grpc.unary_unary_rpc_method_handler( + servicer.UpdateCryptoKeyVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, + ), + 'Encrypt': grpc.unary_unary_rpc_method_handler( + servicer.Encrypt, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.EncryptResponse.SerializeToString, + ), + 'Decrypt': grpc.unary_unary_rpc_method_handler( + servicer.Decrypt, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DecryptResponse.SerializeToString, + ), + 'UpdateCryptoKeyPrimaryVersion': grpc.unary_unary_rpc_method_handler( + servicer.UpdateCryptoKeyPrimaryVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.UpdateCryptoKeyPrimaryVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKey.SerializeToString, + ), + 'DestroyCryptoKeyVersion': grpc.unary_unary_rpc_method_handler( + servicer.DestroyCryptoKeyVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.DestroyCryptoKeyVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, + ), + 'RestoreCryptoKeyVersion': grpc.unary_unary_rpc_method_handler( + servicer.RestoreCryptoKeyVersion, + request_deserializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_service__pb2.RestoreCryptoKeyVersionRequest.FromString, + response_serializer=google_dot_cloud_dot_kms__v1_dot_proto_dot_resources__pb2.CryptoKeyVersion.SerializeToString, + ), + } + generic_handler = grpc.method_handlers_generic_handler( + 'google.cloud.kms.v1.KeyManagementService', rpc_method_handlers) + server.add_generic_rpc_handlers((generic_handler,)) diff --git a/kms/google/cloud/kms_v1/types.py b/kms/google/cloud/kms_v1/types.py new file mode 100644 index 000000000000..516d40979843 --- /dev/null +++ b/kms/google/cloud/kms_v1/types.py @@ -0,0 +1,63 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import +import sys + +from google.api_core.protobuf_helpers import get_messages + +from google.api import http_pb2 +from google.cloud.kms_v1.proto import resources_pb2 +from google.cloud.kms_v1.proto import service_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.iam.v1.logging import audit_data_pb2 +from google.protobuf import descriptor_pb2 +from google.protobuf import duration_pb2 +from google.protobuf import field_mask_pb2 +from google.protobuf import struct_pb2 +from google.protobuf import timestamp_pb2 +from google.protobuf import wrappers_pb2 + +_shared_modules = [ + http_pb2, + iam_policy_pb2, + policy_pb2, + audit_data_pb2, + descriptor_pb2, + duration_pb2, + field_mask_pb2, + struct_pb2, + timestamp_pb2, + wrappers_pb2, +] + +_local_modules = [ + resources_pb2, + service_pb2, +] + +names = [] + +for module in _shared_modules: + for name, message in get_messages(module).items(): + setattr(sys.modules[__name__], name, message) + names.append(name) +for module in _local_modules: + for name, message in get_messages(module).items(): + message.__module__ = 'google.cloud.kms_v1.types' + setattr(sys.modules[__name__], name, message) + names.append(name) + +__all__ = tuple(sorted(names)) diff --git a/kms/nox.py b/kms/nox.py new file mode 100644 index 000000000000..58f8c2b507ce --- /dev/null +++ b/kms/nox.py @@ -0,0 +1,52 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import +import os + +import nox + + +@nox.session +def default(session): + return unit(session, 'default') + + +@nox.session +@nox.parametrize('py', ['2.7', '3.5', '3.6', '3.7']) +def unit(session, py): + """Run the unit test suite.""" + + # Run unit tests against all supported versions of Python. + if py != 'default': + session.interpreter = 'python{}'.format(py) + + # Set the virtualenv directory name. + session.virtualenv_dirname = 'unit-' + py + + # Install all test dependencies, then install this package in-place. + session.install('pytest') + session.install('-e', '.') + + # Run py.test against the unit tests. + session.run('py.test', '--quiet', os.path.join('tests', 'unit')) + + +@nox.session +def lint_setup_py(session): + """Verify that setup.py is valid (including RST check).""" + session.interpreter = 'python3.6' + session.install('docutils', 'pygments') + session.run('python', 'setup.py', 'check', '--restructuredtext', + '--strict') diff --git a/kms/setup.cfg b/kms/setup.cfg new file mode 100644 index 000000000000..2a9acf13daa9 --- /dev/null +++ b/kms/setup.cfg @@ -0,0 +1,2 @@ +[bdist_wheel] +universal = 1 diff --git a/kms/setup.py b/kms/setup.py new file mode 100644 index 000000000000..24f9705ede64 --- /dev/null +++ b/kms/setup.py @@ -0,0 +1,74 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import io +import os + +import setuptools + +name = 'google-cloud-kms' +description = 'Google Cloud Key Management Service (KMS) API API client library' +version = '0.1.0' +release_status = 'Development Status :: 3 - Alpha' +dependencies = [ + 'google-api-core[grpc] >= 1.1.0, < 2.0.0dev', + 'grpc-google-iam-v1 >= 0.11.1, < 0.12dev', + 'enum34; python_version < "3.4"', +] + +package_root = os.path.abspath(os.path.dirname(__file__)) + +readme_filename = os.path.join(package_root, 'README.rst') +with io.open(readme_filename, encoding='utf-8') as readme_file: + readme = readme_file.read() + +packages = [ + package for package in setuptools.find_packages() + if package.startswith('google') +] + +namespaces = ['google'] +if 'google.cloud' in packages: + namespaces.append('google.cloud') + +setuptools.setup( + name=name, + version=version, + description=description, + long_description=readme, + author='Google LLC', + author_email='googleapis-packages@google.com', + license='Apache 2.0', + url='https://github.com/GoogleCloudPlatform/google-cloud-python', + classifiers=[ + release_status, + 'Intended Audience :: Developers', + 'License :: OSI Approved :: Apache Software License', + 'Programming Language :: Python', + 'Programming Language :: Python :: 2', + 'Programming Language :: Python :: 2.7', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.4', + 'Programming Language :: Python :: 3.5', + 'Programming Language :: Python :: 3.6', + 'Operating System :: OS Independent', + 'Topic :: Internet', + ], + platforms='Posix; MacOS X; Windows', + packages=packages, + namespace_packages=namespaces, + install_requires=dependencies, + include_package_data=True, + zip_safe=False, +) diff --git a/kms/synth.py b/kms/synth.py new file mode 100644 index 000000000000..1ab52fd80062 --- /dev/null +++ b/kms/synth.py @@ -0,0 +1,44 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""This script is used to synthesize generated parts of this library.""" + +import synthtool as s +import synthtool.gcp as gcp +import logging + +logging.basicConfig(level=logging.DEBUG) + +client_library_version = '0.1.0' + +gapic = gcp.GAPICGenerator() +common = gcp.CommonTemplates() + +version = 'v1beta1' +library = gapic.py_library( + 'kms', version, config_path='artman_cloudkms.yaml', + artman_output_name='kms-v1') + +s.copy(library) + +# Set Release Status +release_status = 'Development Status :: 3 - Alpha' +s.replace('setup.py', + '(release_status = )(.*)$', + f"\\1'{release_status}'") +s.replace('setup.py', 'version = .*', f"version = '{client_library_version}'") + +# Wrong import name. Drop _grpc +# https://github.com/googleapis/gapic-generator/issues/2160 +s.replace("**/*.py", "iam_policy_pb2_grpc", "iam_policy_pb2") diff --git a/kms/tests/unit/gapic/v1/test_key_management_service_client_v1.py b/kms/tests/unit/gapic/v1/test_key_management_service_client_v1.py new file mode 100644 index 000000000000..4fba0a132aaf --- /dev/null +++ b/kms/tests/unit/gapic/v1/test_key_management_service_client_v1.py @@ -0,0 +1,800 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Unit tests.""" + +import pytest + +from google.cloud import kms_v1 +from google.cloud.kms_v1 import enums +from google.cloud.kms_v1.proto import resources_pb2 +from google.cloud.kms_v1.proto import service_pb2 +from google.iam.v1 import iam_policy_pb2 +from google.iam.v1 import policy_pb2 +from google.protobuf import duration_pb2 +from google.protobuf import field_mask_pb2 +from google.protobuf import timestamp_pb2 + + +class MultiCallableStub(object): + """Stub for the grpc.UnaryUnaryMultiCallable interface.""" + + def __init__(self, method, channel_stub): + self.method = method + self.channel_stub = channel_stub + + def __call__(self, request, timeout=None, metadata=None, credentials=None): + self.channel_stub.requests.append((self.method, request)) + + response = None + if self.channel_stub.responses: + response = self.channel_stub.responses.pop() + + if isinstance(response, Exception): + raise response + + if response: + return response + + +class ChannelStub(object): + """Stub for the grpc.Channel interface.""" + + def __init__(self, responses=[]): + self.responses = responses + self.requests = [] + + def unary_unary(self, + method, + request_serializer=None, + response_deserializer=None): + return MultiCallableStub(method, self) + + +class CustomException(Exception): + pass + + +class TestKeyManagementServiceClient(object): + def test_list_key_rings(self): + # Setup Expected Response + next_page_token = '' + total_size = 705419236 + key_rings_element = {} + key_rings = [key_rings_element] + expected_response = { + 'next_page_token': next_page_token, + 'total_size': total_size, + 'key_rings': key_rings + } + expected_response = service_pb2.ListKeyRingsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.location_path('[PROJECT]', '[LOCATION]') + + paged_list_response = client.list_key_rings(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.key_rings[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = service_pb2.ListKeyRingsRequest(parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_key_rings_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.location_path('[PROJECT]', '[LOCATION]') + + paged_list_response = client.list_key_rings(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_list_crypto_keys(self): + # Setup Expected Response + next_page_token = '' + total_size = 705419236 + crypto_keys_element = {} + crypto_keys = [crypto_keys_element] + expected_response = { + 'next_page_token': next_page_token, + 'total_size': total_size, + 'crypto_keys': crypto_keys + } + expected_response = service_pb2.ListCryptoKeysResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + + paged_list_response = client.list_crypto_keys(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.crypto_keys[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = service_pb2.ListCryptoKeysRequest(parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_crypto_keys_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + + paged_list_response = client.list_crypto_keys(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_list_crypto_key_versions(self): + # Setup Expected Response + next_page_token = '' + total_size = 705419236 + crypto_key_versions_element = {} + crypto_key_versions = [crypto_key_versions_element] + expected_response = { + 'next_page_token': next_page_token, + 'total_size': total_size, + 'crypto_key_versions': crypto_key_versions + } + expected_response = service_pb2.ListCryptoKeyVersionsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]') + + paged_list_response = client.list_crypto_key_versions(parent) + resources = list(paged_list_response) + assert len(resources) == 1 + + assert expected_response.crypto_key_versions[0] == resources[0] + + assert len(channel.requests) == 1 + expected_request = service_pb2.ListCryptoKeyVersionsRequest( + parent=parent) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_list_crypto_key_versions_exception(self): + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]') + + paged_list_response = client.list_crypto_key_versions(parent) + with pytest.raises(CustomException): + list(paged_list_response) + + def test_get_key_ring(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.KeyRing(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + + response = client.get_key_ring(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.GetKeyRingRequest(name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_key_ring_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + + with pytest.raises(CustomException): + client.get_key_ring(name) + + def test_get_crypto_key(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.CryptoKey(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + + response = client.get_crypto_key(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.GetCryptoKeyRequest(name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_crypto_key_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + + with pytest.raises(CustomException): + client.get_crypto_key(name) + + def test_get_crypto_key_version(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.CryptoKeyVersion(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + response = client.get_crypto_key_version(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.GetCryptoKeyVersionRequest(name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_crypto_key_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + with pytest.raises(CustomException): + client.get_crypto_key_version(name) + + def test_create_key_ring(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = resources_pb2.KeyRing(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.location_path('[PROJECT]', '[LOCATION]') + key_ring_id = 'keyRingId-2056646742' + key_ring = {} + + response = client.create_key_ring(parent, key_ring_id, key_ring) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.CreateKeyRingRequest( + parent=parent, key_ring_id=key_ring_id, key_ring=key_ring) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_create_key_ring_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.location_path('[PROJECT]', '[LOCATION]') + key_ring_id = 'keyRingId-2056646742' + key_ring = {} + + with pytest.raises(CustomException): + client.create_key_ring(parent, key_ring_id, key_ring) + + def test_create_crypto_key(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = resources_pb2.CryptoKey(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + crypto_key_id = 'my-app-key' + purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + seconds = 2147483647 + next_rotation_time = {'seconds': seconds} + seconds_2 = 604800 + rotation_period = {'seconds': seconds_2} + crypto_key = { + 'purpose': purpose, + 'next_rotation_time': next_rotation_time, + 'rotation_period': rotation_period + } + + response = client.create_crypto_key(parent, crypto_key_id, crypto_key) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.CreateCryptoKeyRequest( + parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_create_crypto_key_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') + crypto_key_id = 'my-app-key' + purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + seconds = 2147483647 + next_rotation_time = {'seconds': seconds} + seconds_2 = 604800 + rotation_period = {'seconds': seconds_2} + crypto_key = { + 'purpose': purpose, + 'next_rotation_time': next_rotation_time, + 'rotation_period': rotation_period + } + + with pytest.raises(CustomException): + client.create_crypto_key(parent, crypto_key_id, crypto_key) + + def test_create_crypto_key_version(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = resources_pb2.CryptoKeyVersion(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]') + crypto_key_version = {} + + response = client.create_crypto_key_version(parent, crypto_key_version) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.CreateCryptoKeyVersionRequest( + parent=parent, crypto_key_version=crypto_key_version) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_create_crypto_key_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]') + crypto_key_version = {} + + with pytest.raises(CustomException): + client.create_crypto_key_version(parent, crypto_key_version) + + def test_update_crypto_key(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = resources_pb2.CryptoKey(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + crypto_key = {} + update_mask = {} + + response = client.update_crypto_key(crypto_key, update_mask) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.UpdateCryptoKeyRequest( + crypto_key=crypto_key, update_mask=update_mask) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_crypto_key_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + crypto_key = {} + update_mask = {} + + with pytest.raises(CustomException): + client.update_crypto_key(crypto_key, update_mask) + + def test_update_crypto_key_version(self): + # Setup Expected Response + name = 'name3373707' + expected_response = {'name': name} + expected_response = resources_pb2.CryptoKeyVersion(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + crypto_key_version = {} + update_mask = {} + + response = client.update_crypto_key_version(crypto_key_version, + update_mask) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.UpdateCryptoKeyVersionRequest( + crypto_key_version=crypto_key_version, update_mask=update_mask) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_crypto_key_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + crypto_key_version = {} + update_mask = {} + + with pytest.raises(CustomException): + client.update_crypto_key_version(crypto_key_version, update_mask) + + def test_encrypt(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + ciphertext = b'-72' + expected_response = {'name': name_2, 'ciphertext': ciphertext} + expected_response = service_pb2.EncryptResponse(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY_PATH]') + plaintext = b'-9' + + response = client.encrypt(name, plaintext) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.EncryptRequest( + name=name, plaintext=plaintext) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_encrypt_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY_PATH]') + plaintext = b'-9' + + with pytest.raises(CustomException): + client.encrypt(name, plaintext) + + def test_decrypt(self): + # Setup Expected Response + plaintext = b'-9' + expected_response = {'plaintext': plaintext} + expected_response = service_pb2.DecryptResponse(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + ciphertext = b'-72' + + response = client.decrypt(name, ciphertext) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.DecryptRequest( + name=name, ciphertext=ciphertext) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_decrypt_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + ciphertext = b'-72' + + with pytest.raises(CustomException): + client.decrypt(name, ciphertext) + + def test_update_crypto_key_primary_version(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.CryptoKey(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + crypto_key_version_id = 'cryptoKeyVersionId729489152' + + response = client.update_crypto_key_primary_version( + name, crypto_key_version_id) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( + name=name, crypto_key_version_id=crypto_key_version_id) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_update_crypto_key_primary_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', + '[CRYPTO_KEY]') + crypto_key_version_id = 'cryptoKeyVersionId729489152' + + with pytest.raises(CustomException): + client.update_crypto_key_primary_version(name, + crypto_key_version_id) + + def test_destroy_crypto_key_version(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.CryptoKeyVersion(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + response = client.destroy_crypto_key_version(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.DestroyCryptoKeyVersionRequest( + name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_destroy_crypto_key_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + with pytest.raises(CustomException): + client.destroy_crypto_key_version(name) + + def test_restore_crypto_key_version(self): + # Setup Expected Response + name_2 = 'name2-1052831874' + expected_response = {'name': name_2} + expected_response = resources_pb2.CryptoKeyVersion(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + response = client.restore_crypto_key_version(name) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = service_pb2.RestoreCryptoKeyVersionRequest( + name=name) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_restore_crypto_key_version_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]', '[CRYPTO_KEY]', + '[CRYPTO_KEY_VERSION]') + + with pytest.raises(CustomException): + client.restore_crypto_key_version(name) + + def test_set_iam_policy(self): + # Setup Expected Response + version = 351608024 + etag = b'21' + expected_response = {'version': version, 'etag': etag} + expected_response = policy_pb2.Policy(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + policy = {} + + response = client.set_iam_policy(resource, policy) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.SetIamPolicyRequest( + resource=resource, policy=policy) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_set_iam_policy_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + policy = {} + + with pytest.raises(CustomException): + client.set_iam_policy(resource, policy) + + def test_get_iam_policy(self): + # Setup Expected Response + version = 351608024 + etag = b'21' + expected_response = {'version': version, 'etag': etag} + expected_response = policy_pb2.Policy(**expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + + response = client.get_iam_policy(resource) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.GetIamPolicyRequest( + resource=resource) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_get_iam_policy_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + + with pytest.raises(CustomException): + client.get_iam_policy(resource) + + def test_test_iam_permissions(self): + # Setup Expected Response + expected_response = {} + expected_response = iam_policy_pb2.TestIamPermissionsResponse( + **expected_response) + + # Mock the API response + channel = ChannelStub(responses=[expected_response]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup Request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + permissions = [] + + response = client.test_iam_permissions(resource, permissions) + assert expected_response == response + + assert len(channel.requests) == 1 + expected_request = iam_policy_pb2.TestIamPermissionsRequest( + resource=resource, permissions=permissions) + actual_request = channel.requests[0][1] + assert expected_request == actual_request + + def test_test_iam_permissions_exception(self): + # Mock the API response + channel = ChannelStub(responses=[CustomException()]) + client = kms_v1.KeyManagementServiceClient(channel=channel) + + # Setup request + resource = client.key_ring_path('[PROJECT]', '[LOCATION]', + '[KEY_RING]') + permissions = [] + + with pytest.raises(CustomException): + client.test_iam_permissions(resource, permissions)