Beispiel #1
0
  def UpdateOthers(self, args, crypto_key, fields_to_update):
    """Updates labels,  nextRotationTime, rotationPeriod, and algorithm."""

    client = cloudkms_base.GetClientInstance()
    messages = cloudkms_base.GetMessagesModule()
    crypto_key_ref = flags.ParseCryptoKeyName(args)
    valid_algorithms = maps.VALID_ALGORITHMS_MAP[crypto_key.purpose]

    req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest(
        name=crypto_key_ref.RelativeName(),
        cryptoKey=messages.CryptoKey(
            labels=labels_util.Diff.FromUpdateArgs(args).Apply(
                messages.CryptoKey.LabelsValue, crypto_key.labels).GetOrNone()))
    req.updateMask = ','.join(fields_to_update)
    flags.SetNextRotationTime(args, req.cryptoKey)
    flags.SetRotationPeriod(args, req.cryptoKey)
    if args.default_algorithm:
      if args.default_algorithm not in valid_algorithms:
        raise exceptions.ToolException(
            'Update failed: Algorithm {algorithm} is not valid. Here are the '
            'valid algorithm(s) for purpose {purpose}: {all_algorithms}'.format(
                algorithm=args.default_algorithm,
                purpose=crypto_key.purpose,
                all_algorithms=', '.join(valid_algorithms)))
      req.cryptoKey.versionTemplate = messages.CryptoKeyVersionTemplate(
          algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice(
              args.default_algorithm))

    try:
      response = client.projects_locations_keyRings_cryptoKeys.Patch(req)
    except apitools_exceptions.HttpError:
      return None

    return response
Beispiel #2
0
    def Run(self, args):
        client = cloudkms_base.GetClientInstance()
        messages = cloudkms_base.GetMessagesModule()

        crypto_key_ref = flags.ParseCryptoKeyName(args)
        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest(
            projectsId=crypto_key_ref.projectsId,
            locationsId=crypto_key_ref.locationsId,
            keyRingsId=crypto_key_ref.keyRingsId,
            cryptoKeysId=crypto_key_ref.cryptoKeysId,
            cryptoKey=messages.CryptoKey())

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        fields_to_update = []
        if args.rotation_period is not None:
            fields_to_update.append('rotationPeriod')
        if args.next_rotation_time is not None:
            fields_to_update.append('nextRotationTime')

        if not fields_to_update:
            raise exceptions.ToolException(
                'At least one of --next-rotation-time or --rotation-period must be '
                'specified.')
        req.updateMask = ','.join(fields_to_update)

        return client.projects_locations_keyRings_cryptoKeys.Patch(req)
Beispiel #3
0
    def Run(self, args):
        client = cloudkms_base.GetClientInstance()
        messages = cloudkms_base.GetMessagesModule()

        crypto_key_ref = flags.ParseCryptoKeyName(args)
        parent_ref = flags.ParseParentFromResource(crypto_key_ref)

        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            parent=parent_ref.RelativeName(),
            cryptoKeyId=crypto_key_ref.Name(),
            cryptoKey=messages.CryptoKey(
                # TODO(b/35914817): Find a better way to get the enum value by name.
                purpose=getattr(messages.CryptoKey.PurposeValueValuesEnum,
                                PURPOSE_MAP[args.purpose]),
                labels=labels_util.UpdateLabels(
                    None,
                    messages.CryptoKey.LabelsValue,
                    update_labels=labels_util.GetUpdateLabelsDictFromArgs(
                        args))),
        )

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        return client.projects_locations_keyRings_cryptoKeys.Create(req)
Beispiel #4
0
    def _CreateRequest(self, args):
        messages = cloudkms_base.GetMessagesModule()
        purpose = maps.PURPOSE_MAP[args.purpose]
        valid_algorithms = maps.VALID_ALGORITHMS_MAP[purpose]

        # Check default algorithm has been specified for asymmetric keys. For
        # backward compatibility, the algorithm is google-symmetric-encryption by
        # default if the purpose is encryption.
        if not args.default_algorithm:
            if args.purpose != 'encryption':
                raise exceptions.ToolException(
                    '--default-algorithm needs to be specified when creating a key with'
                    ' --purpose={}. The valid algorithms are: {}'.format(
                        args.purpose, ', '.join(valid_algorithms)))
            args.default_algorithm = 'google-symmetric-encryption'

        # Check default algorithm and purpose are compatible.
        if args.default_algorithm not in valid_algorithms:
            raise exceptions.ToolException(
                'Default algorithm and purpose are incompatible. Here are the valid '
                'algorithms for --purpose={}: {}'.format(
                    args.purpose, ', '.join(valid_algorithms)))

        # Raise exception if attestations are requested for software key.
        if args.attestation_file and args.protection_level != 'hsm':
            raise exceptions.ToolException(
                '--attestation-file requires --protection-level=hsm.')

        crypto_key_ref = flags.ParseCryptoKeyName(args)
        parent_ref = flags.ParseParentFromResource(crypto_key_ref)

        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            parent=parent_ref.RelativeName(),
            cryptoKeyId=crypto_key_ref.Name(),
            cryptoKey=messages.CryptoKey(
                purpose=purpose,
                versionTemplate=messages.CryptoKeyVersionTemplate(
                    # TODO(b/35914817): Find a better way to get the enum value by
                    # name.
                    protectionLevel=maps.PROTECTION_LEVEL_MAPPER.
                    GetEnumForChoice(args.protection_level),
                    algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice(
                        args.default_algorithm)),
                labels=labels_util.ParseCreateArgs(
                    args, messages.CryptoKey.LabelsValue)))

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        return req
    def _CreateRequest(self, args):
        messages = cloudkms_base.GetMessagesModule()
        purpose = maps.PURPOSE_MAP[args.purpose]
        valid_algorithms = maps.VALID_ALGORITHMS_MAP[purpose]

        # Check default algorithm has been specified for non-symmetric-encryption
        # keys. For backward compatibility, the algorithm is
        # google-symmetric-encryption by default if the purpose is encryption.
        if not args.default_algorithm:
            if args.purpose != 'encryption':
                raise kms_exceptions.ArgumentError(
                    '--default-algorithm needs to be specified when creating a key with'
                    ' --purpose={}. The valid algorithms are: {}'.format(
                        args.purpose, ', '.join(valid_algorithms)))
            args.default_algorithm = 'google-symmetric-encryption'

        # Check default algorithm and purpose are compatible.
        if args.default_algorithm not in valid_algorithms:
            raise kms_exceptions.ArgumentError(
                'Default algorithm and purpose are incompatible. Here are the valid '
                'algorithms for --purpose={}: {}'.format(
                    args.purpose, ', '.join(valid_algorithms)))

        crypto_key_ref = args.CONCEPTS.key.Parse()
        parent_ref = crypto_key_ref.Parent()
        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            parent=parent_ref.RelativeName(),
            cryptoKeyId=crypto_key_ref.Name(),
            cryptoKey=messages.CryptoKey(
                purpose=purpose,
                versionTemplate=messages.CryptoKeyVersionTemplate(
                    protectionLevel=maps.PROTECTION_LEVEL_MAPPER.
                    GetEnumForChoice(args.protection_level),
                    algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice(
                        args.default_algorithm)),
                labels=labels_util.ParseCreateArgs(
                    args, messages.CryptoKey.LabelsValue),
                importOnly=args.import_only,
                cryptoKeyBackend=args.crypto_key_backend),
            skipInitialVersionCreation=args.skip_initial_version_creation)

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)
        flags.SetDestroyScheduledDuration(args, req.cryptoKey)

        return req
Beispiel #6
0
    def _CreateRequest(self, args):
        messages = cloudkms_base.GetMessagesModule()

        crypto_key_ref = flags.ParseCryptoKeyName(args)
        parent_ref = flags.ParseParentFromResource(crypto_key_ref)

        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            parent=parent_ref.RelativeName(),
            cryptoKeyId=crypto_key_ref.Name(),
            cryptoKey=messages.CryptoKey(
                # TODO(b/35914817): Find a better way to get the enum value by name.
                purpose=maps.PURPOSE_MAP[args.purpose],
                labels=labels_util.ParseCreateArgs(
                    args, messages.CryptoKey.LabelsValue)))

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)
        return req
Beispiel #7
0
  def UpdateOthers(self, args, crypto_key, fields_to_update):
    client = cloudkms_base.GetClientInstance()
    messages = cloudkms_base.GetMessagesModule()
    crypto_key_ref = flags.ParseCryptoKeyName(args)
    req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest(
        name=crypto_key_ref.RelativeName(),
        cryptoKey=messages.CryptoKey(
            labels=labels_util.Diff.FromUpdateArgs(args).Apply(
                messages.CryptoKey.LabelsValue, crypto_key.labels).GetOrNone()))
    req.updateMask = ','.join(fields_to_update)
    flags.SetNextRotationTime(args, req.cryptoKey)
    flags.SetRotationPeriod(args, req.cryptoKey)

    try:
      response = client.projects_locations_keyRings_cryptoKeys.Patch(req)
    except apitools_exceptions.HttpError:
      return None

    return response
Beispiel #8
0
    def Run(self, args):
        client = cloudkms_base.GetClientInstance()
        messages = cloudkms_base.GetMessagesModule()

        crypto_key_ref = flags.ParseCryptoKeyName(args)
        parent_ref = flags.ParseKeyRingName(args)

        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            parent=parent_ref.RelativeName(),
            cryptoKeyId=crypto_key_ref.Name(),
            cryptoKey=messages.CryptoKey(purpose=getattr(
                messages.CryptoKey.PurposeValueValuesEnum,
                PURPOSE_MAP[args.purpose]), ),
        )

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        return client.projects_locations_keyRings_cryptoKeys.Create(req)
    def Run(self, args):
        client = cloudkms_base.GetClientInstance()
        messages = cloudkms_base.GetMessagesModule()

        crypto_key_ref = flags.ParseCryptoKeyName(args)

        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
            projectsId=crypto_key_ref.projectsId,
            locationsId=crypto_key_ref.locationsId,
            keyRingsId=crypto_key_ref.keyRingsId,
            cryptoKeyId=crypto_key_ref.cryptoKeysId,
            cryptoKey=messages.CryptoKey(
                # TODO(user): Find a better way to get the enum value by name.
                purpose=getattr(messages.CryptoKey.PurposeValueValuesEnum,
                                PURPOSE_MAP[args.purpose]), ),
        )

        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        return client.projects_locations_keyRings_cryptoKeys.Create(req)
    def UpdateOthers(self, args, crypto_key, fields_to_update):
        # pylint: disable=line-too-long
        client = cloudkms_base.GetClientInstance()
        messages = cloudkms_base.GetMessagesModule()
        crypto_key_ref = flags.ParseCryptoKeyName(args)
        req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest(
            name=crypto_key_ref.RelativeName(),
            cryptoKey=messages.CryptoKey(labels=labels_util.UpdateLabels(
                crypto_key.labels,
                messages.CryptoKey.LabelsValue,
                update_labels=labels_util.GetUpdateLabelsDictFromArgs(args),
                remove_labels=labels_util.GetRemoveLabelsListFromArgs(args))),
        )
        req.updateMask = ','.join(fields_to_update)
        flags.SetNextRotationTime(args, req.cryptoKey)
        flags.SetRotationPeriod(args, req.cryptoKey)

        try:
            response = client.projects_locations_keyRings_cryptoKeys.Patch(req)
        except apitools_exceptions.HttpError:
            return None

        return response