def Run(self, args):
client = cloudkms_base.GetClientInstance()
messages = cloudkms_base.GetMessagesModule()
crypto_key_ref = flags.ParseCryptoKeyName(args)
parent_ref = flags.ParseParentFromResource(crypto_key_ref)
req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
parent=parent_ref.RelativeName(),
cryptoKeyId=crypto_key_ref.Name(),
cryptoKey=messages.CryptoKey(
# TODO(b/35914817): Find a better way to get the enum value by name.
purpose=getattr(messages.CryptoKey.PurposeValueValuesEnum,
PURPOSE_MAP[args.purpose]),
labels=labels_util.UpdateLabels(
None,
messages.CryptoKey.LabelsValue,
update_labels=labels_util.GetUpdateLabelsDictFromArgs(
args))),
)
flags.SetNextRotationTime(args, req.cryptoKey)
flags.SetRotationPeriod(args, req.cryptoKey)
return client.projects_locations_keyRings_cryptoKeys.Create(req)
def Run(self, args):
client = cloudkms_base.GetClientInstance()
messages = cloudkms_base.GetMessagesModule()
key_ring_ref = flags.ParseKeyRingName(args)
parent_ref = flags.ParseParentFromResource(key_ring_ref)
req = messages.CloudkmsProjectsLocationsKeyRingsCreateRequest(
parent=parent_ref.RelativeName(),
keyRingId=key_ring_ref.Name(),
keyRing=messages.KeyRing())
return client.projects_locations_keyRings.Create(req)
def _CreateRequest(self, args):
messages = cloudkms_base.GetMessagesModule()
purpose = maps.PURPOSE_MAP[args.purpose]
valid_algorithms = maps.VALID_ALGORITHMS_MAP[purpose]
# Check default algorithm has been specified for asymmetric keys. For
# backward compatibility, the algorithm is google-symmetric-encryption by
# default if the purpose is encryption.
if not args.default_algorithm:
if args.purpose != 'encryption':
raise exceptions.ToolException(
'--default-algorithm needs to be specified when creating a key with'
' --purpose={}. The valid algorithms are: {}'.format(
args.purpose, ', '.join(valid_algorithms)))
args.default_algorithm = 'google-symmetric-encryption'
# Check default algorithm and purpose are compatible.
if args.default_algorithm not in valid_algorithms:
raise exceptions.ToolException(
'Default algorithm and purpose are incompatible. Here are the valid '
'algorithms for --purpose={}: {}'.format(
args.purpose, ', '.join(valid_algorithms)))
# Raise exception if attestations are requested for software key.
if args.attestation_file and args.protection_level != 'hsm':
raise exceptions.ToolException(
'--attestation-file requires --protection-level=hsm.')
crypto_key_ref = flags.ParseCryptoKeyName(args)
parent_ref = flags.ParseParentFromResource(crypto_key_ref)
req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
parent=parent_ref.RelativeName(),
cryptoKeyId=crypto_key_ref.Name(),
cryptoKey=messages.CryptoKey(
purpose=purpose,
versionTemplate=messages.CryptoKeyVersionTemplate(
# TODO(b/35914817): Find a better way to get the enum value by
# name.
protectionLevel=maps.PROTECTION_LEVEL_MAPPER.
GetEnumForChoice(args.protection_level),
algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice(
args.default_algorithm)),
labels=labels_util.ParseCreateArgs(
args, messages.CryptoKey.LabelsValue)))
flags.SetNextRotationTime(args, req.cryptoKey)
flags.SetRotationPeriod(args, req.cryptoKey)
return req
def _CreateRequest(self, args):
messages = cloudkms_base.GetMessagesModule()
crypto_key_ref = flags.ParseCryptoKeyName(args)
parent_ref = flags.ParseParentFromResource(crypto_key_ref)
req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest(
parent=parent_ref.RelativeName(),
cryptoKeyId=crypto_key_ref.Name(),
cryptoKey=messages.CryptoKey(
# TODO(b/35914817): Find a better way to get the enum value by name.
purpose=maps.PURPOSE_MAP[args.purpose],
labels=labels_util.ParseCreateArgs(
args, messages.CryptoKey.LabelsValue)))
flags.SetNextRotationTime(args, req.cryptoKey)
flags.SetRotationPeriod(args, req.cryptoKey)
return req
def _CreateRequest(self, args):
messages = cloudkms_base.GetMessagesModule()
if not args.protection_level:
raise exceptions.ToolException(
"--protection-level needs to be specified when creating an import job"
)
if not args.import_method:
raise exceptions.ToolException(
"--import-method needs to be specified when creating an import job")
import_job_ref = flags.ParseImportJobName(args)
parent_ref = flags.ParseParentFromResource(import_job_ref)
return messages.CloudkmsProjectsLocationsKeyRingsImportJobsCreateRequest(
parent=parent_ref.RelativeName(),
importJobId=import_job_ref.Name(),
importJob=messages.ImportJob(
protectionLevel=maps.IMPORT_PROTECTION_LEVEL_MAPPER
.GetEnumForChoice(args.protection_level),
importMethod=maps.IMPORT_METHOD_MAPPER.GetEnumForChoice(
args.import_method)))
