Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

Commit

Permalink
feat: add support for external key manager (via synth) (#8)
Browse files Browse the repository at this point in the history
This PR was generated using Autosynth. 🌈


<details><summary>Log from Synthtool</summary>

```
2020-04-09 05:17:46,671 synthtool > Executing /tmpfs/src/git/autosynth/working_repo/synth.py.
On branch autosynth
nothing to commit, working tree clean
2020-04-09 05:17:46,744 synthtool > Ensuring dependencies.
2020-04-09 05:17:46,749 synthtool > Pulling artman image.
latest: Pulling from googleapis/artman
fe703b657a32: Pulling fs layer
f9df1fafd224: Pulling fs layer
a645a4b887f9: Pulling fs layer
57db7fe0b522: Pulling fs layer
21813e587ee0: Pulling fs layer
c1a422e3936c: Pulling fs layer
7896fdb9a0c9: Pulling fs layer
0de4b0ae0d3f: Pulling fs layer
01bd40777c31: Pulling fs layer
56b5bb33902f: Pulling fs layer
1614ad0d8336: Pulling fs layer
1966fa070a3e: Pulling fs layer
bdec75005236: Pulling fs layer
926959728054: Pulling fs layer
6336bbde4243: Pulling fs layer
528525f78682: Pulling fs layer
e563a20cd63b: Pulling fs layer
5c8b90802b46: Pulling fs layer
1779990e45c7: Pulling fs layer
b5fe0cb05c88: Pulling fs layer
09523ca76318: Pulling fs layer
a097eb4cee97: Pulling fs layer
45a97578bd37: Pulling fs layer
1abced54aff8: Pulling fs layer
32448d22ea50: Pulling fs layer
cca4a4de1600: Pulling fs layer
bd1b621d3208: Pulling fs layer
690f3c005fd3: Pulling fs layer
7896fdb9a0c9: Waiting
0de4b0ae0d3f: Waiting
01bd40777c31: Waiting
56b5bb33902f: Waiting
1614ad0d8336: Waiting
1966fa070a3e: Waiting
bdec75005236: Waiting
926959728054: Waiting
57db7fe0b522: Waiting
21813e587ee0: Waiting
c1a422e3936c: Waiting
6336bbde4243: Waiting
528525f78682: Waiting
e563a20cd63b: Waiting
5c8b90802b46: Waiting
1779990e45c7: Waiting
b5fe0cb05c88: Waiting
09523ca76318: Waiting
a097eb4cee97: Waiting
45a97578bd37: Waiting
1abced54aff8: Waiting
32448d22ea50: Waiting
cca4a4de1600: Waiting
bd1b621d3208: Waiting
690f3c005fd3: Waiting
a645a4b887f9: Download complete
f9df1fafd224: Verifying Checksum
f9df1fafd224: Download complete
57db7fe0b522: Verifying Checksum
57db7fe0b522: Download complete
fe703b657a32: Verifying Checksum
fe703b657a32: Download complete
21813e587ee0: Verifying Checksum
21813e587ee0: Download complete
7896fdb9a0c9: Verifying Checksum
7896fdb9a0c9: Download complete
0de4b0ae0d3f: Verifying Checksum
0de4b0ae0d3f: Download complete
56b5bb33902f: Verifying Checksum
56b5bb33902f: Download complete
01bd40777c31: Verifying Checksum
01bd40777c31: Download complete
1966fa070a3e: Verifying Checksum
1966fa070a3e: Download complete
1614ad0d8336: Verifying Checksum
1614ad0d8336: Download complete
926959728054: Verifying Checksum
926959728054: Download complete
c1a422e3936c: Verifying Checksum
c1a422e3936c: Download complete
6336bbde4243: Verifying Checksum
6336bbde4243: Download complete
fe703b657a32: Pull complete
528525f78682: Verifying Checksum
528525f78682: Download complete
e563a20cd63b: Verifying Checksum
e563a20cd63b: Download complete
f9df1fafd224: Pull complete
a645a4b887f9: Pull complete
bdec75005236: Verifying Checksum
bdec75005236: Download complete
57db7fe0b522: Pull complete
5c8b90802b46: Verifying Checksum
5c8b90802b46: Download complete
1779990e45c7: Verifying Checksum
1779990e45c7: Download complete
09523ca76318: Verifying Checksum
09523ca76318: Download complete
45a97578bd37: Verifying Checksum
45a97578bd37: Download complete
1abced54aff8: Verifying Checksum
1abced54aff8: Download complete
32448d22ea50: Verifying Checksum
32448d22ea50: Download complete
21813e587ee0: Pull complete
b5fe0cb05c88: Verifying Checksum
b5fe0cb05c88: Download complete
cca4a4de1600: Download complete
bd1b621d3208: Download complete
690f3c005fd3: Verifying Checksum
690f3c005fd3: Download complete
c1a422e3936c: Pull complete
7896fdb9a0c9: Pull complete
0de4b0ae0d3f: Pull complete
01bd40777c31: Pull complete
56b5bb33902f: Pull complete
a097eb4cee97: Verifying Checksum
a097eb4cee97: Download complete
1614ad0d8336: Pull complete
1966fa070a3e: Pull complete
bdec75005236: Pull complete
926959728054: Pull complete
6336bbde4243: Pull complete
528525f78682: Pull complete
e563a20cd63b: Pull complete
5c8b90802b46: Pull complete
1779990e45c7: Pull complete
b5fe0cb05c88: Pull complete
09523ca76318: Pull complete
a097eb4cee97: Pull complete
45a97578bd37: Pull complete
1abced54aff8: Pull complete
32448d22ea50: Pull complete
cca4a4de1600: Pull complete
bd1b621d3208: Pull complete
690f3c005fd3: Pull complete
Digest: sha256:ef1a5b367dbe1e37cea1c7c814c801a638473e8dd66f87f4a2b8c2a146013673
Status: Downloaded newer image for googleapis/artman:latest
2020-04-09 05:18:30,711 synthtool > Cloning googleapis.
2020-04-09 05:18:31,217 synthtool > Running generator for google/cloud/kms/artman_cloudkms.yaml.
2020-04-09 05:18:57,649 synthtool > Generated code into /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1.
2020-04-09 05:18:57,650 synthtool > Copy: /home/kbuilder/.cache/synthtool/googleapis/google/cloud/kms/v1/service.proto to /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto/service.proto
2020-04-09 05:18:57,650 synthtool > Copy: /home/kbuilder/.cache/synthtool/googleapis/google/cloud/kms/v1/resources.proto to /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto/resources.proto
2020-04-09 05:18:57,650 synthtool > Placed proto files into /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto.
2020-04-09 05:18:57,679 synthtool > Replaced 'from google.iam.v1 import iam_policy_pb2' in google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py.
.coveragerc
.flake8
.github/CONTRIBUTING.md
.github/ISSUE_TEMPLATE/bug_report.md
.github/ISSUE_TEMPLATE/feature_request.md
.github/ISSUE_TEMPLATE/support_request.md
.github/PULL_REQUEST_TEMPLATE.md
.github/release-please.yml
.gitignore
.kokoro/build.sh
.kokoro/continuous/common.cfg
.kokoro/continuous/continuous.cfg
.kokoro/docs/common.cfg
.kokoro/docs/docs.cfg
.kokoro/presubmit/common.cfg
.kokoro/presubmit/presubmit.cfg
.kokoro/publish-docs.sh
.kokoro/release.sh
.kokoro/release/common.cfg
.kokoro/release/release.cfg
.kokoro/trampoline.sh
CODE_OF_CONDUCT.md
CONTRIBUTING.rst
LICENSE
MANIFEST.in
docs/_static/custom.css
docs/_templates/layout.html
docs/conf.py.j2
noxfile.py.j2
renovate.json
setup.cfg
Running session blacken
Creating virtual environment (virtualenv) using python3.6 in .nox/blacken
pip install black==19.3b0
black docs google tests noxfile.py setup.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/enums.py
reformatted /tmpfs/src/git/autosynth/working_repo/docs/conf.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/key_management_service_client_config.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/resources_pb2_grpc.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/service_pb2_grpc.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/types.py
reformatted /tmpfs/src/git/autosynth/working_repo/noxfile.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/key_management_service_client.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/resources_pb2.py
reformatted /tmpfs/src/git/autosynth/working_repo/tests/unit/gapic/v1/test_key_management_service_client_v1.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/service_pb2.py
All done! ✨ 🍰 ✨
16 files reformatted, 5 files left unchanged.
Session blacken was successful.
2020-04-09 05:19:04,531 synthtool > Wrote metadata to synth.metadata.

```
</details>
  • Loading branch information
yoshi-automation authored Apr 14, 2020
1 parent d55ddd9 commit 4077fc8
Show file tree
Hide file tree
Showing 16 changed files with 491 additions and 356 deletions.
16 changes: 16 additions & 0 deletions .coveragerc
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
# -*- coding: utf-8 -*-
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Generated by synthtool. DO NOT EDIT!
[run]
branch = True
Expand Down
16 changes: 16 additions & 0 deletions .flake8
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
# -*- coding: utf-8 -*-
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Generated by synthtool. DO NOT EDIT!
[flake8]
ignore = E203, E266, E501, W503
Expand Down
3 changes: 1 addition & 2 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ Thanks for stopping by to let us know something could be better!
Please run down the following list and make sure you've tried the usual "quick fixes":

- Search the issues already opened: https://github.com/googleapis/python-kms/issues
- Search the issues on our "catch-all" repository: https://github.com/googleapis/google-cloud-python
- Search StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform+python
- Search StackOverflow: https://stackoverflow.com/questions/tagged/google-cloud-platform+python

If you are still having issues, please be sure to include as much information as possible:

Expand Down
15 changes: 3 additions & 12 deletions CONTRIBUTING.rst
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ In order to add a feature:
documentation.

- The feature must work fully on the following CPython versions: 2.7,
3.5, 3.6, and 3.7 on both UNIX and Windows.
3.5, 3.6, 3.7 and 3.8 on both UNIX and Windows.

- The feature must not add unnecessary dependencies (where
"unnecessary" is of course subjective, but new dependencies should
Expand Down Expand Up @@ -214,26 +214,18 @@ We support:
- `Python 3.5`_
- `Python 3.6`_
- `Python 3.7`_
- `Python 3.8`_

.. _Python 3.5: https://docs.python.org/3.5/
.. _Python 3.6: https://docs.python.org/3.6/
.. _Python 3.7: https://docs.python.org/3.7/
.. _Python 3.8: https://docs.python.org/3.8/


Supported versions can be found in our ``noxfile.py`` `config`_.

.. _config: https://github.com/googleapis/python-kms/blob/master/noxfile.py

We explicitly decided not to support `Python 2.5`_ due to `decreased usage`_
and lack of continuous integration `support`_.

.. _Python 2.5: https://docs.python.org/2.5/
.. _decreased usage: https://caremad.io/2013/10/a-look-at-pypi-downloads/
.. _support: https://blog.travis-ci.com/2013-11-18-upcoming-build-environment-updates/

We have `dropped 2.6`_ as a supported version as well since Python 2.6 is no
longer supported by the core development team.

Python 2.7 support is deprecated. All code changes should maintain Python 2.7 compatibility until January 1, 2020.

We also explicitly decided to support Python 3 beginning with version
Expand All @@ -247,7 +239,6 @@ We also explicitly decided to support Python 3 beginning with version
.. _prominent: https://docs.djangoproject.com/en/1.9/faq/install/#what-python-version-can-i-use-with-django
.. _projects: http://flask.pocoo.org/docs/0.10/python3/
.. _Unicode literal support: https://www.python.org/dev/peps/pep-0414/
.. _dropped 2.6: https://github.com/googleapis/google-cloud-python/issues/995

**********
Versioning
Expand Down
16 changes: 16 additions & 0 deletions MANIFEST.in
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
# -*- coding: utf-8 -*-
#
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Generated by synthtool. DO NOT EDIT!
include README.rst LICENSE
recursive-include google *.json *.proto
Expand Down
2 changes: 2 additions & 0 deletions google/cloud/kms_v1/gapic/enums.py
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ class CryptoKeyVersionAlgorithm(enum.IntEnum):
RSA_DECRYPT_OAEP_4096_SHA512 (int): RSAES-OAEP 4096 bit key with a SHA512 digest.
EC_SIGN_P256_SHA256 (int): ECDSA on the NIST P-256 curve with a SHA256 digest.
EC_SIGN_P384_SHA384 (int): ECDSA on the NIST P-384 curve with a SHA384 digest.
EXTERNAL_SYMMETRIC_ENCRYPTION (int): Algorithm representing symmetric encryption by an external key manager.
"""

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0
Expand All @@ -132,6 +133,7 @@ class CryptoKeyVersionAlgorithm(enum.IntEnum):
RSA_DECRYPT_OAEP_4096_SHA512 = 17
EC_SIGN_P256_SHA256 = 12
EC_SIGN_P384_SHA384 = 13
EXTERNAL_SYMMETRIC_ENCRYPTION = 18

class CryptoKeyVersionState(enum.IntEnum):
"""
Expand Down
13 changes: 9 additions & 4 deletions google/cloud/kms_v1/gapic/key_management_service_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ def crypto_key_path_path(cls, project, location, key_ring, crypto_key_path):
def crypto_key_version_path(
cls, project, location, key_ring, crypto_key, crypto_key_version
):

"""Return a fully-qualified crypto_key_version string."""
return google.api_core.path_template.expand(
"projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}",
Expand Down Expand Up @@ -1676,7 +1677,8 @@ def encrypt(
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]')
>>> # TODO: Initialize `name`:
>>> name = ''
>>>
>>> # TODO: Initialize `plaintext`:
>>> plaintext = b''
Expand Down Expand Up @@ -2320,7 +2322,8 @@ def set_iam_policy(
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>> # TODO: Initialize `resource`:
>>> resource = ''
>>>
>>> # TODO: Initialize `policy`:
>>> policy = {}
Expand Down Expand Up @@ -2402,7 +2405,8 @@ def get_iam_policy(
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>> # TODO: Initialize `resource`:
>>> resource = ''
>>>
>>> response = client.get_iam_policy(resource)
Expand Down Expand Up @@ -2486,7 +2490,8 @@ def test_iam_permissions(
>>>
>>> client = kms_v1.KeyManagementServiceClient()
>>>
>>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
>>> # TODO: Initialize `resource`:
>>> resource = ''
>>>
>>> # TODO: Initialize `permissions`:
>>> permissions = []
Expand Down
30 changes: 23 additions & 7 deletions google/cloud/kms_v1/proto/resources.proto
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright 2019 Google LLC.
// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -16,11 +16,11 @@ syntax = "proto3";

package google.cloud.kms.v1;

import "google/api/annotations.proto";
import "google/api/field_behavior.proto";
import "google/api/resource.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/timestamp.proto";
import "google/api/annotations.proto";

option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Kms.V1";
Expand Down Expand Up @@ -142,11 +142,6 @@ message CryptoKey {
map<string, string> labels = 10;
}

option (google.api.resource_definition) = {
type: "cloudkms.googleapis.com/CryptoKey"
pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}"
};

// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating
// a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with
// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
Expand Down Expand Up @@ -289,6 +284,9 @@ message CryptoKeyVersion {

// ECDSA on the NIST P-384 curve with a SHA384 digest.
EC_SIGN_P384_SHA384 = 13;

// Algorithm representing symmetric encryption by an external key manager.
EXTERNAL_SYMMETRIC_ENCRYPTION = 18;
}

// The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.
Expand Down Expand Up @@ -395,11 +393,21 @@ message CryptoKeyVersion {
// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY];

// ExternalProtectionLevelOptions stores a group of additional fields for
// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
ExternalProtectionLevelOptions external_protection_level_options = 17;
}

// The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via
// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
message PublicKey {
option (google.api.resource) = {
type: "cloudkms.googleapis.com/PublicKey"
pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey"
};

// The public key, encoded in PEM format. For more information, see the
// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
Expand Down Expand Up @@ -565,3 +573,11 @@ enum ProtectionLevel {
// Crypto operations are performed by an external key manager.
EXTERNAL = 3;
}

// ExternalProtectionLevelOptions stores a group of additional fields for
// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
message ExternalProtectionLevelOptions {
// The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
string external_key_uri = 1;
}
Loading

0 comments on commit 4077fc8

Please sign in to comment.