# -*- coding: utf-8 -*-
#
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Accesses the google.cloud.kms.v1 KeyManagementService API."""
import functools
import pkg_resources
import warnings
from google.oauth2 import service_account
import google.api_core.client_options
import google.api_core.gapic_v1.client_info
import google.api_core.gapic_v1.config
import google.api_core.gapic_v1.method
import google.api_core.gapic_v1.routing_header
import google.api_core.grpc_helpers
import google.api_core.page_iterator
import google.api_core.path_template
import google.api_core.protobuf_helpers
import grpc
from google.cloud.kms_v1.gapic import enums
from google.cloud.kms_v1.gapic import key_management_service_client_config
from google.cloud.kms_v1.gapic.transports import key_management_service_grpc_transport
from google.cloud.kms_v1.proto import resources_pb2
from google.cloud.kms_v1.proto import service_pb2
from google.cloud.kms_v1.proto import service_pb2_grpc
from google.iam.v1 import iam_policy_pb2
from google.iam.v1 import iam_policy_pb2_grpc
from google.iam.v1 import options_pb2
from google.iam.v1 import policy_pb2
from google.protobuf import field_mask_pb2
_GAPIC_LIBRARY_VERSION = pkg_resources.get_distribution("google-cloud-kms").version
class KeyManagementServiceClient(object):
"""
Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a
REST model with the following objects:
- ``KeyRing``
- ``CryptoKey``
- ``CryptoKeyVersion``
If you are using manual gRPC libraries, see `Using gRPC with Cloud
KMS <https://cloud.google.com/kms/docs/grpc>`__.
"""
SERVICE_ADDRESS = "cloudkms.googleapis.com:443"
"""The default address of the service."""
# The name of the interface for this client. This is the key used to
# find the method configuration in the client_config dictionary.
_INTERFACE_NAME = "google.cloud.kms.v1.KeyManagementService"
[docs] @classmethod
def from_service_account_file(cls, filename, *args, **kwargs):
"""Creates an instance of this client using the provided credentials
file.
Args:
filename (str): The path to the service account private key json
file.
args: Additional arguments to pass to the constructor.
kwargs: Additional arguments to pass to the constructor.
Returns:
KeyManagementServiceClient: The constructed client.
"""
credentials = service_account.Credentials.from_service_account_file(filename)
kwargs["credentials"] = credentials
return cls(*args, **kwargs)
from_service_account_json = from_service_account_file
[docs] @classmethod
def crypto_key_path(cls, project, location, key_ring, crypto_key):
"""Return a fully-qualified crypto_key string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}",
project=project,
location=location,
key_ring=key_ring,
crypto_key=crypto_key,
)
[docs] @classmethod
def crypto_key_path_path(cls, project, location, key_ring, crypto_key_path):
"""Return a fully-qualified crypto_key_path string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}",
project=project,
location=location,
key_ring=key_ring,
crypto_key_path=crypto_key_path,
)
[docs] @classmethod
def crypto_key_version_path(
cls, project, location, key_ring, crypto_key, crypto_key_version
):
"""Return a fully-qualified crypto_key_version string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}",
project=project,
location=location,
key_ring=key_ring,
crypto_key=crypto_key,
crypto_key_version=crypto_key_version,
)
[docs] @classmethod
def import_job_path(cls, project, location, key_ring, import_job):
"""Return a fully-qualified import_job string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}",
project=project,
location=location,
key_ring=key_ring,
import_job=import_job,
)
[docs] @classmethod
def key_ring_path(cls, project, location, key_ring):
"""Return a fully-qualified key_ring string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}",
project=project,
location=location,
key_ring=key_ring,
)
[docs] @classmethod
def location_path(cls, project, location):
"""Return a fully-qualified location string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}",
project=project,
location=location,
)
def __init__(
self,
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
):
"""Constructor.
Args:
transport (Union[~.KeyManagementServiceGrpcTransport,
Callable[[~.Credentials, type], ~.KeyManagementServiceGrpcTransport]): A transport
instance, responsible for actually making the API calls.
The default transport uses the gRPC protocol.
This argument may also be a callable which returns a
transport instance. Callables will be sent the credentials
as the first argument and the default transport class as
the second argument.
channel (grpc.Channel): DEPRECATED. A ``Channel`` instance
through which to make calls. This argument is mutually exclusive
with ``credentials``; providing both will raise an exception.
credentials (google.auth.credentials.Credentials): The
authorization credentials to attach to requests. These
credentials identify this application to the service. If none
are specified, the client will attempt to ascertain the
credentials from the environment.
This argument is mutually exclusive with providing a
transport instance to ``transport``; doing so will raise
an exception.
client_config (dict): DEPRECATED. A dictionary of call options for
each method. If not specified, the default configuration is used.
client_info (google.api_core.gapic_v1.client_info.ClientInfo):
The client info used to send a user-agent string along with
API requests. If ``None``, then default info will be used.
Generally, you only need to set this if you're developing
your own client library.
client_options (Union[dict, google.api_core.client_options.ClientOptions]):
Client options used to set user options on the client. API Endpoint
should be set through client_options.
"""
# Raise deprecation warnings for things we want to go away.
if client_config is not None:
warnings.warn(
"The `client_config` argument is deprecated.",
PendingDeprecationWarning,
stacklevel=2,
)
else:
client_config = key_management_service_client_config.config
if channel:
warnings.warn(
"The `channel` argument is deprecated; use " "`transport` instead.",
PendingDeprecationWarning,
stacklevel=2,
)
api_endpoint = self.SERVICE_ADDRESS
if client_options:
if type(client_options) == dict:
client_options = google.api_core.client_options.from_dict(
client_options
)
if client_options.api_endpoint:
api_endpoint = client_options.api_endpoint
# Instantiate the transport.
# The transport is responsible for handling serialization and
# deserialization and actually sending data to the service.
if transport:
if callable(transport):
self.transport = transport(
credentials=credentials,
default_class=key_management_service_grpc_transport.KeyManagementServiceGrpcTransport,
address=api_endpoint,
)
else:
if credentials:
raise ValueError(
"Received both a transport instance and "
"credentials; these are mutually exclusive."
)
self.transport = transport
else:
self.transport = key_management_service_grpc_transport.KeyManagementServiceGrpcTransport(
address=api_endpoint, channel=channel, credentials=credentials
)
if client_info is None:
client_info = google.api_core.gapic_v1.client_info.ClientInfo(
gapic_version=_GAPIC_LIBRARY_VERSION
)
else:
client_info.gapic_version = _GAPIC_LIBRARY_VERSION
self._client_info = client_info
# Parse out the default settings for retry and timeout for each RPC
# from the client configuration.
# (Ordinarily, these are the defaults specified in the `*_config.py`
# file next to this one.)
self._method_configs = google.api_core.gapic_v1.config.parse_method_configs(
client_config["interfaces"][self._INTERFACE_NAME]
)
# Save a dictionary of cached API call functions.
# These are the actual callables which invoke the proper
# transport methods, wrapped with `wrap_method` to add retry,
# timeout, and the like.
self._inner_api_calls = {}
# Service calls
[docs] def list_key_rings(
self,
parent,
page_size=None,
filter_=None,
order_by=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Lists ``KeyRings``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.location_path('[PROJECT]', '[LOCATION]')
>>>
>>> # Iterate over all results
>>> for element in client.list_key_rings(parent):
... # process element
... pass
>>>
>>>
>>> # Alternatively:
>>>
>>> # Iterate over results one page at a time
>>> for page in client.list_key_rings(parent).pages:
... for element in page:
... # process element
... pass
Args:
parent (str): Required. The resource name of the location associated with the
``KeyRings``, in the format ``projects/*/locations/*``.
page_size (int): The maximum number of resources contained in the
underlying API response. If page streaming is performed per-
resource, this parameter does not affect the return value. If page
streaming is performed per-page, this determines the maximum number
of resources in a page.
filter_ (str): Optional. Only include resources that match the filter in the response.
order_by (str): Optional. Specify how the results should be sorted. If not specified, the
results will be sorted in the default order.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.api_core.page_iterator.PageIterator` instance.
An iterable of :class:`~google.cloud.kms_v1.types.KeyRing` instances.
You can also iterate over the pages of the response
using its `pages` property.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "list_key_rings" not in self._inner_api_calls:
self._inner_api_calls[
"list_key_rings"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.list_key_rings,
default_retry=self._method_configs["ListKeyRings"].retry,
default_timeout=self._method_configs["ListKeyRings"].timeout,
client_info=self._client_info,
)
request = service_pb2.ListKeyRingsRequest(
parent=parent, page_size=page_size, filter=filter_, order_by=order_by
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
iterator = google.api_core.page_iterator.GRPCIterator(
client=None,
method=functools.partial(
self._inner_api_calls["list_key_rings"],
retry=retry,
timeout=timeout,
metadata=metadata,
),
request=request,
items_field="key_rings",
request_token_field="page_token",
response_token_field="next_page_token",
)
return iterator
[docs] def list_import_jobs(
self,
parent,
page_size=None,
filter_=None,
order_by=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Lists ``ImportJobs``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> # Iterate over all results
>>> for element in client.list_import_jobs(parent):
... # process element
... pass
>>>
>>>
>>> # Alternatively:
>>>
>>> # Iterate over results one page at a time
>>> for page in client.list_import_jobs(parent).pages:
... for element in page:
... # process element
... pass
Args:
parent (str): Required. The resource name of the ``KeyRing`` to list, in the format
``projects/*/locations/*/keyRings/*``.
page_size (int): The maximum number of resources contained in the
underlying API response. If page streaming is performed per-
resource, this parameter does not affect the return value. If page
streaming is performed per-page, this determines the maximum number
of resources in a page.
filter_ (str): Optional. Only include resources that match the filter in the response.
order_by (str): Optional. Specify how the results should be sorted. If not specified, the
results will be sorted in the default order.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.api_core.page_iterator.PageIterator` instance.
An iterable of :class:`~google.cloud.kms_v1.types.ImportJob` instances.
You can also iterate over the pages of the response
using its `pages` property.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "list_import_jobs" not in self._inner_api_calls:
self._inner_api_calls[
"list_import_jobs"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.list_import_jobs,
default_retry=self._method_configs["ListImportJobs"].retry,
default_timeout=self._method_configs["ListImportJobs"].timeout,
client_info=self._client_info,
)
request = service_pb2.ListImportJobsRequest(
parent=parent, page_size=page_size, filter=filter_, order_by=order_by
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
iterator = google.api_core.page_iterator.GRPCIterator(
client=None,
method=functools.partial(
self._inner_api_calls["list_import_jobs"],
retry=retry,
timeout=timeout,
metadata=metadata,
),
request=request,
items_field="import_jobs",
request_token_field="page_token",
response_token_field="next_page_token",
)
return iterator
[docs] def list_crypto_keys(
self,
parent,
page_size=None,
version_view=None,
filter_=None,
order_by=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Lists ``CryptoKeys``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> # Iterate over all results
>>> for element in client.list_crypto_keys(parent):
... # process element
... pass
>>>
>>>
>>> # Alternatively:
>>>
>>> # Iterate over results one page at a time
>>> for page in client.list_crypto_keys(parent).pages:
... for element in page:
... # process element
... pass
Args:
parent (str): Required. The resource name of the ``KeyRing`` to list, in the format
``projects/*/locations/*/keyRings/*``.
page_size (int): The maximum number of resources contained in the
underlying API response. If page streaming is performed per-
resource, this parameter does not affect the return value. If page
streaming is performed per-page, this determines the maximum number
of resources in a page.
version_view (~google.cloud.kms_v1.types.CryptoKeyVersionView): The fields of the primary version to include in the response.
filter_ (str): Optional. Only include resources that match the filter in the response.
order_by (str): Optional. Specify how the results should be sorted. If not specified, the
results will be sorted in the default order.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.api_core.page_iterator.PageIterator` instance.
An iterable of :class:`~google.cloud.kms_v1.types.CryptoKey` instances.
You can also iterate over the pages of the response
using its `pages` property.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "list_crypto_keys" not in self._inner_api_calls:
self._inner_api_calls[
"list_crypto_keys"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.list_crypto_keys,
default_retry=self._method_configs["ListCryptoKeys"].retry,
default_timeout=self._method_configs["ListCryptoKeys"].timeout,
client_info=self._client_info,
)
request = service_pb2.ListCryptoKeysRequest(
parent=parent,
page_size=page_size,
version_view=version_view,
filter=filter_,
order_by=order_by,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
iterator = google.api_core.page_iterator.GRPCIterator(
client=None,
method=functools.partial(
self._inner_api_calls["list_crypto_keys"],
retry=retry,
timeout=timeout,
metadata=metadata,
),
request=request,
items_field="crypto_keys",
request_token_field="page_token",
response_token_field="next_page_token",
)
return iterator
[docs] def list_crypto_key_versions(
self,
parent,
page_size=None,
view=None,
filter_=None,
order_by=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Lists ``CryptoKeyVersions``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> # Iterate over all results
>>> for element in client.list_crypto_key_versions(parent):
... # process element
... pass
>>>
>>>
>>> # Alternatively:
>>>
>>> # Iterate over results one page at a time
>>> for page in client.list_crypto_key_versions(parent).pages:
... for element in page:
... # process element
... pass
Args:
parent (str): Required. The resource name of the ``CryptoKey`` to list, in the format
``projects/*/locations/*/keyRings/*/cryptoKeys/*``.
page_size (int): The maximum number of resources contained in the
underlying API response. If page streaming is performed per-
resource, this parameter does not affect the return value. If page
streaming is performed per-page, this determines the maximum number
of resources in a page.
view (~google.cloud.kms_v1.types.CryptoKeyVersionView): The fields to include in the response.
filter_ (str): Optional. Only include resources that match the filter in the response.
order_by (str): Optional. Specify how the results should be sorted. If not specified, the
results will be sorted in the default order.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.api_core.page_iterator.PageIterator` instance.
An iterable of :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instances.
You can also iterate over the pages of the response
using its `pages` property.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "list_crypto_key_versions" not in self._inner_api_calls:
self._inner_api_calls[
"list_crypto_key_versions"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.list_crypto_key_versions,
default_retry=self._method_configs["ListCryptoKeyVersions"].retry,
default_timeout=self._method_configs["ListCryptoKeyVersions"].timeout,
client_info=self._client_info,
)
request = service_pb2.ListCryptoKeyVersionsRequest(
parent=parent,
page_size=page_size,
view=view,
filter=filter_,
order_by=order_by,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
iterator = google.api_core.page_iterator.GRPCIterator(
client=None,
method=functools.partial(
self._inner_api_calls["list_crypto_key_versions"],
retry=retry,
timeout=timeout,
metadata=metadata,
),
request=request,
items_field="crypto_key_versions",
request_token_field="page_token",
response_token_field="next_page_token",
)
return iterator
[docs] def get_key_ring(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns metadata for a given ``KeyRing``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> response = client.get_key_ring(name)
Args:
name (str): The ``name`` of the ``KeyRing`` to get.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.KeyRing` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_key_ring" not in self._inner_api_calls:
self._inner_api_calls[
"get_key_ring"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_key_ring,
default_retry=self._method_configs["GetKeyRing"].retry,
default_timeout=self._method_configs["GetKeyRing"].timeout,
client_info=self._client_info,
)
request = service_pb2.GetKeyRingRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_key_ring"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def get_import_job(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns metadata for a given ``ImportJob``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.import_job_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[IMPORT_JOB]')
>>>
>>> response = client.get_import_job(name)
Args:
name (str): The ``name`` of the ``ImportJob`` to get.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.ImportJob` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_import_job" not in self._inner_api_calls:
self._inner_api_calls[
"get_import_job"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_import_job,
default_retry=self._method_configs["GetImportJob"].retry,
default_timeout=self._method_configs["GetImportJob"].timeout,
client_info=self._client_info,
)
request = service_pb2.GetImportJobRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_import_job"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def get_crypto_key(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns metadata for a given ``CryptoKey``, as well as its ``primary``
``CryptoKeyVersion``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> response = client.get_crypto_key(name)
Args:
name (str): The ``name`` of the ``CryptoKey`` to get.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKey` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_crypto_key" not in self._inner_api_calls:
self._inner_api_calls[
"get_crypto_key"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_crypto_key,
default_retry=self._method_configs["GetCryptoKey"].retry,
default_timeout=self._method_configs["GetCryptoKey"].timeout,
client_info=self._client_info,
)
request = service_pb2.GetCryptoKeyRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_crypto_key"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def get_crypto_key_version(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns metadata for a given ``CryptoKeyVersion``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> response = client.get_crypto_key_version(name)
Args:
name (str): The ``name`` of the ``CryptoKeyVersion`` to get.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"get_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_crypto_key_version,
default_retry=self._method_configs["GetCryptoKeyVersion"].retry,
default_timeout=self._method_configs["GetCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
request = service_pb2.GetCryptoKeyVersionRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def create_key_ring(
self,
parent,
key_ring_id,
key_ring,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Create a new ``KeyRing`` in a given Project and Location.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.location_path('[PROJECT]', '[LOCATION]')
>>>
>>> # TODO: Initialize `key_ring_id`:
>>> key_ring_id = ''
>>>
>>> # TODO: Initialize `key_ring`:
>>> key_ring = {}
>>>
>>> response = client.create_key_ring(parent, key_ring_id, key_ring)
Args:
parent (str): Required. The resource name of the location associated with the
``KeyRings``, in the format ``projects/*/locations/*``.
key_ring_id (str): Required. It must be unique within a location and match the regular
expression ``[a-zA-Z0-9_-]{1,63}``
key_ring (Union[dict, ~google.cloud.kms_v1.types.KeyRing]): A ``KeyRing`` with initial field values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.KeyRing`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.KeyRing` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "create_key_ring" not in self._inner_api_calls:
self._inner_api_calls[
"create_key_ring"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.create_key_ring,
default_retry=self._method_configs["CreateKeyRing"].retry,
default_timeout=self._method_configs["CreateKeyRing"].timeout,
client_info=self._client_info,
)
request = service_pb2.CreateKeyRingRequest(
parent=parent, key_ring_id=key_ring_id, key_ring=key_ring
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["create_key_ring"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def create_import_job(
self,
parent,
import_job_id,
import_job,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Create a new ``ImportJob`` within a ``KeyRing``.
``ImportJob.import_method`` is required.
Example:
>>> from google.cloud import kms_v1
>>> from google.cloud.kms_v1 import enums
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>> import_job_id = 'my-import-job'
>>> import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256
>>> protection_level = enums.ProtectionLevel.HSM
>>> import_job = {'import_method': import_method, 'protection_level': protection_level}
>>>
>>> response = client.create_import_job(parent, import_job_id, import_job)
Args:
parent (str): Required. The ``name`` of the ``KeyRing`` associated with the
``ImportJobs``.
import_job_id (str): Required. It must be unique within a KeyRing and match the regular
expression ``[a-zA-Z0-9_-]{1,63}``
import_job (Union[dict, ~google.cloud.kms_v1.types.ImportJob]): Required. An ``ImportJob`` with initial field values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.ImportJob`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.ImportJob` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "create_import_job" not in self._inner_api_calls:
self._inner_api_calls[
"create_import_job"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.create_import_job,
default_retry=self._method_configs["CreateImportJob"].retry,
default_timeout=self._method_configs["CreateImportJob"].timeout,
client_info=self._client_info,
)
request = service_pb2.CreateImportJobRequest(
parent=parent, import_job_id=import_job_id, import_job=import_job
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["create_import_job"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def create_crypto_key(
self,
parent,
crypto_key_id,
crypto_key,
skip_initial_version_creation=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Create a new ``CryptoKey`` within a ``KeyRing``.
``CryptoKey.purpose`` and ``CryptoKey.version_template.algorithm`` are
required.
Example:
>>> from google.cloud import kms_v1
>>> from google.cloud.kms_v1 import enums
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>> crypto_key_id = 'my-app-key'
>>> purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
>>> seconds = 2147483647
>>> next_rotation_time = {'seconds': seconds}
>>> seconds_2 = 604800
>>> rotation_period = {'seconds': seconds_2}
>>> crypto_key = {'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period}
>>>
>>> response = client.create_crypto_key(parent, crypto_key_id, crypto_key)
Args:
parent (str): Required. The ``name`` of the KeyRing associated with the
``CryptoKeys``.
crypto_key_id (str): Required. It must be unique within a KeyRing and match the regular
expression ``[a-zA-Z0-9_-]{1,63}``
crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): A ``CryptoKey`` with initial field values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.CryptoKey`
skip_initial_version_creation (bool): If set to true, the request will create a ``CryptoKey`` without any
``CryptoKeyVersions``. You must manually call ``CreateCryptoKeyVersion``
or ``ImportCryptoKeyVersion`` before you can use this ``CryptoKey``.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKey` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "create_crypto_key" not in self._inner_api_calls:
self._inner_api_calls[
"create_crypto_key"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.create_crypto_key,
default_retry=self._method_configs["CreateCryptoKey"].retry,
default_timeout=self._method_configs["CreateCryptoKey"].timeout,
client_info=self._client_info,
)
request = service_pb2.CreateCryptoKeyRequest(
parent=parent,
crypto_key_id=crypto_key_id,
crypto_key=crypto_key,
skip_initial_version_creation=skip_initial_version_creation,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["create_crypto_key"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def create_crypto_key_version(
self,
parent,
crypto_key_version,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Create a new ``CryptoKeyVersion`` in a ``CryptoKey``.
The server will assign the next sequential id. If unset, ``state`` will
be set to ``ENABLED``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> # TODO: Initialize `crypto_key_version`:
>>> crypto_key_version = {}
>>>
>>> response = client.create_crypto_key_version(parent, crypto_key_version)
Args:
parent (str): Required. The ``name`` of the ``CryptoKey`` associated with the
``CryptoKeyVersions``.
crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): A ``CryptoKeyVersion`` with initial field values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "create_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"create_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.create_crypto_key_version,
default_retry=self._method_configs["CreateCryptoKeyVersion"].retry,
default_timeout=self._method_configs["CreateCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
request = service_pb2.CreateCryptoKeyVersionRequest(
parent=parent, crypto_key_version=crypto_key_version
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["create_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def import_crypto_key_version(
self,
parent,
algorithm,
import_job,
rsa_aes_wrapped_key=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Imports a new ``CryptoKeyVersion`` into an existing ``CryptoKey`` using
the wrapped key material provided in the request.
The version ID will be assigned the next sequential id within the
``CryptoKey``.
Example:
>>> from google.cloud import kms_v1
>>> from google.cloud.kms_v1 import enums
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> # TODO: Initialize `algorithm`:
>>> algorithm = enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
>>>
>>> # TODO: Initialize `import_job`:
>>> import_job = ''
>>>
>>> response = client.import_crypto_key_version(parent, algorithm, import_job)
Args:
parent (str): Required. The ``name`` of the ``CryptoKey`` to be imported into.
algorithm (~google.cloud.kms_v1.types.CryptoKeyVersionAlgorithm): Required. The ``algorithm`` of the key being imported. This does not
need to match the ``version_template`` of the ``CryptoKey`` this version
imports into.
import_job (str): Required. The ``name`` of the ``ImportJob`` that was used to wrap this
key material.
rsa_aes_wrapped_key (bytes): Wrapped key material produced with ``RSA_OAEP_3072_SHA1_AES_256`` or
``RSA_OAEP_4096_SHA1_AES_256``.
This field contains the concatenation of two wrapped keys:
.. raw:: html
<ol>
<li>An ephemeral AES-256 wrapping key wrapped with the
`public_key` using RSAES-OAEP with SHA-1,
MGF1 with SHA-1, and an empty label.
</li>
<li>The key to be imported, wrapped with the ephemeral AES-256 key
using AES-KWP (RFC 5649).
</li>
</ol>
This format is the same as the format produced by PKCS#11 mechanism
CKM\_RSA\_AES\_KEY\_WRAP.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "import_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"import_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.import_crypto_key_version,
default_retry=self._method_configs["ImportCryptoKeyVersion"].retry,
default_timeout=self._method_configs["ImportCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
# Sanity check: We have some fields which are mutually exclusive;
# raise ValueError if more than one is sent.
google.api_core.protobuf_helpers.check_oneof(
rsa_aes_wrapped_key=rsa_aes_wrapped_key
)
request = service_pb2.ImportCryptoKeyVersionRequest(
parent=parent,
algorithm=algorithm,
import_job=import_job,
rsa_aes_wrapped_key=rsa_aes_wrapped_key,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("parent", parent)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["import_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def update_crypto_key(
self,
crypto_key,
update_mask,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Update a ``CryptoKey``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> # TODO: Initialize `crypto_key`:
>>> crypto_key = {}
>>>
>>> # TODO: Initialize `update_mask`:
>>> update_mask = {}
>>>
>>> response = client.update_crypto_key(crypto_key, update_mask)
Args:
crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): ``CryptoKey`` with updated values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.CryptoKey`
update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.FieldMask`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKey` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "update_crypto_key" not in self._inner_api_calls:
self._inner_api_calls[
"update_crypto_key"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.update_crypto_key,
default_retry=self._method_configs["UpdateCryptoKey"].retry,
default_timeout=self._method_configs["UpdateCryptoKey"].timeout,
client_info=self._client_info,
)
request = service_pb2.UpdateCryptoKeyRequest(
crypto_key=crypto_key, update_mask=update_mask
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("crypto_key.name", crypto_key.name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["update_crypto_key"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def update_crypto_key_version(
self,
crypto_key_version,
update_mask,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Update a ``CryptoKeyVersion``'s metadata.
``state`` may be changed between ``ENABLED`` and ``DISABLED`` using this
method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion``
to move between other states.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> # TODO: Initialize `crypto_key_version`:
>>> crypto_key_version = {}
>>>
>>> # TODO: Initialize `update_mask`:
>>> update_mask = {}
>>>
>>> response = client.update_crypto_key_version(crypto_key_version, update_mask)
Args:
crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): ``CryptoKeyVersion`` with updated values.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion`
update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.FieldMask`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "update_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"update_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.update_crypto_key_version,
default_retry=self._method_configs["UpdateCryptoKeyVersion"].retry,
default_timeout=self._method_configs["UpdateCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
request = service_pb2.UpdateCryptoKeyVersionRequest(
crypto_key_version=crypto_key_version, update_mask=update_mask
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("crypto_key_version.name", crypto_key_version.name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["update_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def encrypt(
self,
name,
plaintext,
additional_authenticated_data=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Encrypts data, so that it can only be recovered by a call to
``Decrypt``. The ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]')
>>>
>>> # TODO: Initialize `plaintext`:
>>> plaintext = b''
>>>
>>> response = client.encrypt(name, plaintext)
Args:
name (str): Required. The resource name of the ``CryptoKey`` or ``CryptoKeyVersion``
to use for encryption.
If a ``CryptoKey`` is specified, the server will use its
``primary version``.
plaintext (bytes): Required. The data to encrypt. Must be no larger than 64KiB.
The maximum size depends on the key version's ``protection_level``. For
``SOFTWARE`` keys, the plaintext must be no larger than 64KiB. For
``HSM`` keys, the combined length of the plaintext and
additional\_authenticated\_data fields must be no larger than 8KiB.
additional_authenticated_data (bytes): Optional data that, if specified, must also be provided during
decryption through ``DecryptRequest.additional_authenticated_data``.
The maximum size depends on the key version's ``protection_level``. For
``SOFTWARE`` keys, the AAD must be no larger than 64KiB. For ``HSM``
keys, the combined length of the plaintext and
additional\_authenticated\_data fields must be no larger than 8KiB.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.EncryptResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "encrypt" not in self._inner_api_calls:
self._inner_api_calls[
"encrypt"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.encrypt,
default_retry=self._method_configs["Encrypt"].retry,
default_timeout=self._method_configs["Encrypt"].timeout,
client_info=self._client_info,
)
request = service_pb2.EncryptRequest(
name=name,
plaintext=plaintext,
additional_authenticated_data=additional_authenticated_data,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["encrypt"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def decrypt(
self,
name,
ciphertext,
additional_authenticated_data=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Decrypts data that was protected by ``Encrypt``. The
``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> # TODO: Initialize `ciphertext`:
>>> ciphertext = b''
>>>
>>> response = client.decrypt(name, ciphertext)
Args:
name (str): Required. The resource name of the ``CryptoKey`` to use for decryption.
The server will choose the appropriate version.
ciphertext (bytes): Required. The encrypted data originally returned in
``EncryptResponse.ciphertext``.
additional_authenticated_data (bytes): Optional data that must match the data originally supplied in
``EncryptRequest.additional_authenticated_data``.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.DecryptResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "decrypt" not in self._inner_api_calls:
self._inner_api_calls[
"decrypt"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.decrypt,
default_retry=self._method_configs["Decrypt"].retry,
default_timeout=self._method_configs["Decrypt"].timeout,
client_info=self._client_info,
)
request = service_pb2.DecryptRequest(
name=name,
ciphertext=ciphertext,
additional_authenticated_data=additional_authenticated_data,
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["decrypt"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def update_crypto_key_primary_version(
self,
name,
crypto_key_version_id,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Update the version of a ``CryptoKey`` that will be used in ``Encrypt``.
Returns an error if called on an asymmetric key.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
>>>
>>> # TODO: Initialize `crypto_key_version_id`:
>>> crypto_key_version_id = ''
>>>
>>> response = client.update_crypto_key_primary_version(name, crypto_key_version_id)
Args:
name (str): The resource name of the ``CryptoKey`` to update.
crypto_key_version_id (str): The id of the child ``CryptoKeyVersion`` to use as primary.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKey` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "update_crypto_key_primary_version" not in self._inner_api_calls:
self._inner_api_calls[
"update_crypto_key_primary_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.update_crypto_key_primary_version,
default_retry=self._method_configs[
"UpdateCryptoKeyPrimaryVersion"
].retry,
default_timeout=self._method_configs[
"UpdateCryptoKeyPrimaryVersion"
].timeout,
client_info=self._client_info,
)
request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest(
name=name, crypto_key_version_id=crypto_key_version_id
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["update_crypto_key_primary_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def destroy_crypto_key_version(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Schedule a ``CryptoKeyVersion`` for destruction.
Upon calling this method, ``CryptoKeyVersion.state`` will be set to
``DESTROY_SCHEDULED`` and ``destroy_time`` will be set to a time 24
hours in the future, at which point the ``state`` will be changed to
``DESTROYED``, and the key material will be irrevocably destroyed.
Before the ``destroy_time`` is reached, ``RestoreCryptoKeyVersion`` may
be called to reverse the process.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> response = client.destroy_crypto_key_version(name)
Args:
name (str): The resource name of the ``CryptoKeyVersion`` to destroy.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "destroy_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"destroy_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.destroy_crypto_key_version,
default_retry=self._method_configs["DestroyCryptoKeyVersion"].retry,
default_timeout=self._method_configs["DestroyCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
request = service_pb2.DestroyCryptoKeyVersionRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["destroy_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def restore_crypto_key_version(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Restore a ``CryptoKeyVersion`` in the ``DESTROY_SCHEDULED`` state.
Upon restoration of the CryptoKeyVersion, ``state`` will be set to
``DISABLED``, and ``destroy_time`` will be cleared.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> response = client.restore_crypto_key_version(name)
Args:
name (str): The resource name of the ``CryptoKeyVersion`` to restore.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "restore_crypto_key_version" not in self._inner_api_calls:
self._inner_api_calls[
"restore_crypto_key_version"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.restore_crypto_key_version,
default_retry=self._method_configs["RestoreCryptoKeyVersion"].retry,
default_timeout=self._method_configs["RestoreCryptoKeyVersion"].timeout,
client_info=self._client_info,
)
request = service_pb2.RestoreCryptoKeyVersionRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["restore_crypto_key_version"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def get_public_key(
self,
name,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns the public key for the given ``CryptoKeyVersion``. The
``CryptoKey.purpose`` must be ``ASYMMETRIC_SIGN`` or
``ASYMMETRIC_DECRYPT``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> response = client.get_public_key(name)
Args:
name (str): The ``name`` of the ``CryptoKeyVersion`` public key to get.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.PublicKey` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_public_key" not in self._inner_api_calls:
self._inner_api_calls[
"get_public_key"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_public_key,
default_retry=self._method_configs["GetPublicKey"].retry,
default_timeout=self._method_configs["GetPublicKey"].timeout,
client_info=self._client_info,
)
request = service_pb2.GetPublicKeyRequest(name=name)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_public_key"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def asymmetric_decrypt(
self,
name,
ciphertext,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Decrypts data that was encrypted with a public key retrieved from
``GetPublicKey`` corresponding to a ``CryptoKeyVersion`` with
``CryptoKey.purpose`` ASYMMETRIC\_DECRYPT.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> # TODO: Initialize `ciphertext`:
>>> ciphertext = b''
>>>
>>> response = client.asymmetric_decrypt(name, ciphertext)
Args:
name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for
decryption.
ciphertext (bytes): Required. The data encrypted with the named ``CryptoKeyVersion``'s
public key using OAEP.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.AsymmetricDecryptResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "asymmetric_decrypt" not in self._inner_api_calls:
self._inner_api_calls[
"asymmetric_decrypt"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.asymmetric_decrypt,
default_retry=self._method_configs["AsymmetricDecrypt"].retry,
default_timeout=self._method_configs["AsymmetricDecrypt"].timeout,
client_info=self._client_info,
)
request = service_pb2.AsymmetricDecryptRequest(name=name, ciphertext=ciphertext)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["asymmetric_decrypt"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def asymmetric_sign(
self,
name,
digest,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Signs data using a ``CryptoKeyVersion`` with ``CryptoKey.purpose``
ASYMMETRIC\_SIGN, producing a signature that can be verified with the
public key retrieved from ``GetPublicKey``.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
>>>
>>> # TODO: Initialize `digest`:
>>> digest = {}
>>>
>>> response = client.asymmetric_sign(name, digest)
Args:
name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for
signing.
digest (Union[dict, ~google.cloud.kms_v1.types.Digest]): Required. The digest of the data to sign. The digest must be produced
with the same digest algorithm as specified by the key version's
``algorithm``.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.Digest`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.AsymmetricSignResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "asymmetric_sign" not in self._inner_api_calls:
self._inner_api_calls[
"asymmetric_sign"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.asymmetric_sign,
default_retry=self._method_configs["AsymmetricSign"].retry,
default_timeout=self._method_configs["AsymmetricSign"].timeout,
client_info=self._client_info,
)
request = service_pb2.AsymmetricSignRequest(name=name, digest=digest)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("name", name)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["asymmetric_sign"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def set_iam_policy(
self,
resource,
policy,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Sets the access control policy on the specified resource. Replaces
any existing policy.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> # TODO: Initialize `policy`:
>>> policy = {}
>>>
>>> response = client.set_iam_policy(resource, policy)
Args:
resource (str): REQUIRED: The resource for which the policy is being specified.
See the operation documentation for the appropriate value for this field.
policy (Union[dict, ~google.cloud.kms_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The
size of the policy is limited to a few 10s of KB. An empty policy is a
valid policy but certain Cloud Platform services (such as Projects)
might reject them.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.Policy`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.Policy` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "set_iam_policy" not in self._inner_api_calls:
self._inner_api_calls[
"set_iam_policy"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.set_iam_policy,
default_retry=self._method_configs["SetIamPolicy"].retry,
default_timeout=self._method_configs["SetIamPolicy"].timeout,
client_info=self._client_info,
)
request = iam_policy_pb2.SetIamPolicyRequest(resource=resource, policy=policy)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("resource", resource)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["set_iam_policy"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def get_iam_policy(
self,
resource,
options_=None,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Gets the access control policy for a resource. Returns an empty policy
if the resource exists and does not have a policy set.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> response = client.get_iam_policy(resource)
Args:
resource (str): REQUIRED: The resource for which the policy is being requested.
See the operation documentation for the appropriate value for this field.
options_ (Union[dict, ~google.cloud.kms_v1.types.GetPolicyOptions]): OPTIONAL: A ``GetPolicyOptions`` object for specifying options to
``GetIamPolicy``. This field is only used by Cloud IAM.
If a dict is provided, it must be of the same form as the protobuf
message :class:`~google.cloud.kms_v1.types.GetPolicyOptions`
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.Policy` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "get_iam_policy" not in self._inner_api_calls:
self._inner_api_calls[
"get_iam_policy"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.get_iam_policy,
default_retry=self._method_configs["GetIamPolicy"].retry,
default_timeout=self._method_configs["GetIamPolicy"].timeout,
client_info=self._client_info,
)
request = iam_policy_pb2.GetIamPolicyRequest(
resource=resource, options=options_
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("resource", resource)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["get_iam_policy"](
request, retry=retry, timeout=timeout, metadata=metadata
)
[docs] def test_iam_permissions(
self,
resource,
permissions,
retry=google.api_core.gapic_v1.method.DEFAULT,
timeout=google.api_core.gapic_v1.method.DEFAULT,
metadata=None,
):
"""
Returns permissions that a caller has on the specified resource. If the
resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building
permission-aware UIs and command-line tools, not for authorization
checking. This operation may "fail open" without warning.
Example:
>>> from google.cloud import kms_v1
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>>
>>> # TODO: Initialize `permissions`:
>>> permissions = []
>>>
>>> response = client.test_iam_permissions(resource, permissions)
Args:
resource (str): REQUIRED: The resource for which the policy detail is being requested.
See the operation documentation for the appropriate value for this field.
permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with
wildcards (such as '*' or 'storage.*') are not allowed. For more
information see `IAM
Overview <https://cloud.google.com/iam/docs/overview#permissions>`__.
retry (Optional[google.api_core.retry.Retry]): A retry object used
to retry requests. If ``None`` is specified, requests will
be retried using a default configuration.
timeout (Optional[float]): The amount of time, in seconds, to wait
for the request to complete. Note that if ``retry`` is
specified, the timeout applies to each individual attempt.
metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata
that is provided to the method.
Returns:
A :class:`~google.cloud.kms_v1.types.TestIamPermissionsResponse` instance.
Raises:
google.api_core.exceptions.GoogleAPICallError: If the request
failed for any reason.
google.api_core.exceptions.RetryError: If the request failed due
to a retryable error and retry attempts failed.
ValueError: If the parameters are invalid.
"""
# Wrap the transport method to add retry and timeout logic.
if "test_iam_permissions" not in self._inner_api_calls:
self._inner_api_calls[
"test_iam_permissions"
] = google.api_core.gapic_v1.method.wrap_method(
self.transport.test_iam_permissions,
default_retry=self._method_configs["TestIamPermissions"].retry,
default_timeout=self._method_configs["TestIamPermissions"].timeout,
client_info=self._client_info,
)
request = iam_policy_pb2.TestIamPermissionsRequest(
resource=resource, permissions=permissions
)
if metadata is None:
metadata = []
metadata = list(metadata)
try:
routing_header = [("resource", resource)]
except AttributeError:
pass
else:
routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata(
routing_header
)
metadata.append(routing_metadata)
return self._inner_api_calls["test_iam_permissions"](
request, retry=retry, timeout=timeout, metadata=metadata
)