Skip to content

Commit

Permalink
feat: add support for Key Reimport (#167)
Browse files Browse the repository at this point in the history
- [ ] Regenerate this pull request now.

PiperOrigin-RevId: 393749648

Source-Link: googleapis/googleapis@e3d9b11

Source-Link: googleapis/googleapis-gen@0157996
  • Loading branch information
gcf-owl-bot[bot] authored Aug 30, 2021
1 parent 6638fba commit 5f4d4e6
Show file tree
Hide file tree
Showing 8 changed files with 129 additions and 46 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1390,13 +1390,16 @@ async def import_crypto_key_version(
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> resources.CryptoKeyVersion:
r"""Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
r"""Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].
Args:
Expand Down Expand Up @@ -1938,12 +1941,14 @@ async def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1550,13 +1550,16 @@ def import_crypto_key_version(
timeout: float = None,
metadata: Sequence[Tuple[str, str]] = (),
) -> resources.CryptoKeyVersion:
r"""Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
r"""Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].
Args:
Expand Down Expand Up @@ -2065,12 +2068,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -582,13 +582,16 @@ def import_crypto_key_version(
) -> Callable[[service.ImportCryptoKeyVersionRequest], resources.CryptoKeyVersion]:
r"""Return a callable for the import crypto key version method over gRPC.
Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].
Returns:
Callable[[~.ImportCryptoKeyVersionRequest],
Expand Down Expand Up @@ -750,12 +753,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -600,13 +600,16 @@ def import_crypto_key_version(
]:
r"""Return a callable for the import crypto key version method over gRPC.
Imports a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an
existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
wrapped key material provided in the request.
Import wrapped key material into a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
The version ID will be assigned the next sequential id within
the [CryptoKey][google.cloud.kms.v1.CryptoKey].
All requests must specify a
[CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
additionally specified in the request, key material will be
reimported into that version. Otherwise, a new version will be
created, and will be assigned the next sequential id within the
[CryptoKey][google.cloud.kms.v1.CryptoKey].
Returns:
Callable[[~.ImportCryptoKeyVersionRequest],
Expand Down Expand Up @@ -774,12 +777,14 @@ def destroy_crypto_key_version(
Upon calling this method,
[CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state]
will be set to
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
and
[destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time]
will be set to a time 24 hours in the future, at which point the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will be
changed to
will be set to the time
[destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
in the future. At that time, the
[state][google.cloud.kms.v1.CryptoKeyVersion.state] will
automatically change to
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
and the key material will be irrevocably destroyed.
Expand Down
15 changes: 10 additions & 5 deletions packages/google-cloud-kms/google/cloud/kms_v1/types/resources.py
Original file line number Diff line number Diff line change
Expand Up @@ -323,17 +323,17 @@ class CryptoKeyVersion(proto.Message):
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
import_job (str):
Output only. The name of the
[ImportJob][google.cloud.kms.v1.ImportJob] used to import
this
[ImportJob][google.cloud.kms.v1.ImportJob] used in the most
recent import of this
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Only present if the underlying key material was imported.
import_time (google.protobuf.timestamp_pb2.Timestamp):
Output only. The time at which this
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
key material was imported.
key material was most recently imported.
import_failure_reason (str):
Output only. The root cause of an import failure. Only
present if
Output only. The root cause of the most recent import
failure. Only present if
[state][google.cloud.kms.v1.CryptoKeyVersion.state] is
[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
external_protection_level_options (google.cloud.kms_v1.types.ExternalProtectionLevelOptions):
Expand All @@ -343,6 +343,10 @@ class CryptoKeyVersion(proto.Message):
that are specific to the
[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL]
protection level.
reimport_eligible (bool):
Output only. Whether or not this key version is eligible for
reimport, by being specified as a target in
[ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
"""

class CryptoKeyVersionAlgorithm(proto.Enum):
Expand Down Expand Up @@ -465,6 +469,7 @@ class CryptoKeyVersionView(proto.Enum):
external_protection_level_options = proto.Field(
proto.MESSAGE, number=17, message="ExternalProtectionLevelOptions",
)
reimport_eligible = proto.Field(proto.BOOL, number=18,)


class PublicKey(proto.Message):
Expand Down
34 changes: 34 additions & 0 deletions packages/google-cloud-kms/google/cloud/kms_v1/types/service.py
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,39 @@ class ImportCryptoKeyVersionRequest(proto.Message):
Required. The [name][google.cloud.kms.v1.CryptoKey.name] of
the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be
imported into.
The create permission is only required on this key when
creating a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
crypto_key_version (str):
Optional. The optional
[name][google.cloud.kms.v1.CryptoKeyVersion.name] of an
existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to
target for an import operation. If this field is not
present, a new
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
containing the supplied key material is created.
If this field is present, the supplied key material is
imported into the existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To
import into an existing
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion],
the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
must be a child of
[ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent],
have been previously created via [ImportCryptoKeyVersion][],
and be in
[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]
or
[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
state. The key material and algorithm must match the
previous
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
exactly if the
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has
ever contained key material.
algorithm (google.cloud.kms_v1.types.CryptoKeyVersion.CryptoKeyVersionAlgorithm):
Required. The
[algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
Expand Down Expand Up @@ -543,6 +576,7 @@ class ImportCryptoKeyVersionRequest(proto.Message):
"""

parent = proto.Field(proto.STRING, number=1,)
crypto_key_version = proto.Field(proto.STRING, number=6,)
algorithm = proto.Field(
proto.ENUM, number=2, enum=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm,
)
Expand Down
2 changes: 1 addition & 1 deletion packages/google-cloud-kms/scripts/fixup_kms_v1_keywords.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ class kmsCallTransformer(cst.CSTTransformer):
'get_import_job': ('name', ),
'get_key_ring': ('name', ),
'get_public_key': ('name', ),
'import_crypto_key_version': ('parent', 'algorithm', 'import_job', 'rsa_aes_wrapped_key', ),
'import_crypto_key_version': ('parent', 'algorithm', 'import_job', 'crypto_key_version', 'rsa_aes_wrapped_key', ),
'list_crypto_keys': ('parent', 'page_size', 'page_token', 'version_view', 'filter', 'order_by', ),
'list_crypto_key_versions': ('parent', 'page_size', 'page_token', 'view', 'filter', 'order_by', ),
'list_import_jobs': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ),
Expand Down
Loading

0 comments on commit 5f4d4e6

Please sign in to comment.