def UpdateOthers(self, args, crypto_key, fields_to_update): """Updates labels, nextRotationTime, rotationPeriod, and algorithm.""" client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) valid_algorithms = maps.VALID_ALGORITHMS_MAP[crypto_key.purpose] req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest( name=crypto_key_ref.RelativeName(), cryptoKey=messages.CryptoKey( labels=labels_util.Diff.FromUpdateArgs(args).Apply( messages.CryptoKey.LabelsValue, crypto_key.labels).GetOrNone())) req.updateMask = ','.join(fields_to_update) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) if args.default_algorithm: if args.default_algorithm not in valid_algorithms: raise exceptions.ToolException( 'Update failed: Algorithm {algorithm} is not valid. Here are the ' 'valid algorithm(s) for purpose {purpose}: {all_algorithms}'.format( algorithm=args.default_algorithm, purpose=crypto_key.purpose, all_algorithms=', '.join(valid_algorithms))) req.cryptoKey.versionTemplate = messages.CryptoKeyVersionTemplate( algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice( args.default_algorithm)) try: response = client.projects_locations_keyRings_cryptoKeys.Patch(req) except apitools_exceptions.HttpError: return None return response
def Run(self, args): client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest( projectsId=crypto_key_ref.projectsId, locationsId=crypto_key_ref.locationsId, keyRingsId=crypto_key_ref.keyRingsId, cryptoKeysId=crypto_key_ref.cryptoKeysId, cryptoKey=messages.CryptoKey()) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) fields_to_update = [] if args.rotation_period is not None: fields_to_update.append('rotationPeriod') if args.next_rotation_time is not None: fields_to_update.append('nextRotationTime') if not fields_to_update: raise exceptions.ToolException( 'At least one of --next-rotation-time or --rotation-period must be ' 'specified.') req.updateMask = ','.join(fields_to_update) return client.projects_locations_keyRings_cryptoKeys.Patch(req)
def Run(self, args): client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) parent_ref = flags.ParseParentFromResource(crypto_key_ref) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( parent=parent_ref.RelativeName(), cryptoKeyId=crypto_key_ref.Name(), cryptoKey=messages.CryptoKey( # TODO(b/35914817): Find a better way to get the enum value by name. purpose=getattr(messages.CryptoKey.PurposeValueValuesEnum, PURPOSE_MAP[args.purpose]), labels=labels_util.UpdateLabels( None, messages.CryptoKey.LabelsValue, update_labels=labels_util.GetUpdateLabelsDictFromArgs( args))), ) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) return client.projects_locations_keyRings_cryptoKeys.Create(req)
def _CreateRequest(self, args): messages = cloudkms_base.GetMessagesModule() purpose = maps.PURPOSE_MAP[args.purpose] valid_algorithms = maps.VALID_ALGORITHMS_MAP[purpose] # Check default algorithm has been specified for asymmetric keys. For # backward compatibility, the algorithm is google-symmetric-encryption by # default if the purpose is encryption. if not args.default_algorithm: if args.purpose != 'encryption': raise exceptions.ToolException( '--default-algorithm needs to be specified when creating a key with' ' --purpose={}. The valid algorithms are: {}'.format( args.purpose, ', '.join(valid_algorithms))) args.default_algorithm = 'google-symmetric-encryption' # Check default algorithm and purpose are compatible. if args.default_algorithm not in valid_algorithms: raise exceptions.ToolException( 'Default algorithm and purpose are incompatible. Here are the valid ' 'algorithms for --purpose={}: {}'.format( args.purpose, ', '.join(valid_algorithms))) # Raise exception if attestations are requested for software key. if args.attestation_file and args.protection_level != 'hsm': raise exceptions.ToolException( '--attestation-file requires --protection-level=hsm.') crypto_key_ref = flags.ParseCryptoKeyName(args) parent_ref = flags.ParseParentFromResource(crypto_key_ref) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( parent=parent_ref.RelativeName(), cryptoKeyId=crypto_key_ref.Name(), cryptoKey=messages.CryptoKey( purpose=purpose, versionTemplate=messages.CryptoKeyVersionTemplate( # TODO(b/35914817): Find a better way to get the enum value by # name. protectionLevel=maps.PROTECTION_LEVEL_MAPPER. GetEnumForChoice(args.protection_level), algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice( args.default_algorithm)), labels=labels_util.ParseCreateArgs( args, messages.CryptoKey.LabelsValue))) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) return req
def _CreateRequest(self, args): messages = cloudkms_base.GetMessagesModule() purpose = maps.PURPOSE_MAP[args.purpose] valid_algorithms = maps.VALID_ALGORITHMS_MAP[purpose] # Check default algorithm has been specified for non-symmetric-encryption # keys. For backward compatibility, the algorithm is # google-symmetric-encryption by default if the purpose is encryption. if not args.default_algorithm: if args.purpose != 'encryption': raise kms_exceptions.ArgumentError( '--default-algorithm needs to be specified when creating a key with' ' --purpose={}. The valid algorithms are: {}'.format( args.purpose, ', '.join(valid_algorithms))) args.default_algorithm = 'google-symmetric-encryption' # Check default algorithm and purpose are compatible. if args.default_algorithm not in valid_algorithms: raise kms_exceptions.ArgumentError( 'Default algorithm and purpose are incompatible. Here are the valid ' 'algorithms for --purpose={}: {}'.format( args.purpose, ', '.join(valid_algorithms))) crypto_key_ref = args.CONCEPTS.key.Parse() parent_ref = crypto_key_ref.Parent() req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( parent=parent_ref.RelativeName(), cryptoKeyId=crypto_key_ref.Name(), cryptoKey=messages.CryptoKey( purpose=purpose, versionTemplate=messages.CryptoKeyVersionTemplate( protectionLevel=maps.PROTECTION_LEVEL_MAPPER. GetEnumForChoice(args.protection_level), algorithm=maps.ALGORITHM_MAPPER.GetEnumForChoice( args.default_algorithm)), labels=labels_util.ParseCreateArgs( args, messages.CryptoKey.LabelsValue), importOnly=args.import_only, cryptoKeyBackend=args.crypto_key_backend), skipInitialVersionCreation=args.skip_initial_version_creation) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) flags.SetDestroyScheduledDuration(args, req.cryptoKey) return req
def _CreateRequest(self, args): messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) parent_ref = flags.ParseParentFromResource(crypto_key_ref) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( parent=parent_ref.RelativeName(), cryptoKeyId=crypto_key_ref.Name(), cryptoKey=messages.CryptoKey( # TODO(b/35914817): Find a better way to get the enum value by name. purpose=maps.PURPOSE_MAP[args.purpose], labels=labels_util.ParseCreateArgs( args, messages.CryptoKey.LabelsValue))) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) return req
def UpdateOthers(self, args, crypto_key, fields_to_update): client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest( name=crypto_key_ref.RelativeName(), cryptoKey=messages.CryptoKey( labels=labels_util.Diff.FromUpdateArgs(args).Apply( messages.CryptoKey.LabelsValue, crypto_key.labels).GetOrNone())) req.updateMask = ','.join(fields_to_update) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) try: response = client.projects_locations_keyRings_cryptoKeys.Patch(req) except apitools_exceptions.HttpError: return None return response
def Run(self, args): client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) parent_ref = flags.ParseKeyRingName(args) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( parent=parent_ref.RelativeName(), cryptoKeyId=crypto_key_ref.Name(), cryptoKey=messages.CryptoKey(purpose=getattr( messages.CryptoKey.PurposeValueValuesEnum, PURPOSE_MAP[args.purpose]), ), ) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) return client.projects_locations_keyRings_cryptoKeys.Create(req)
def Run(self, args): client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequest( projectsId=crypto_key_ref.projectsId, locationsId=crypto_key_ref.locationsId, keyRingsId=crypto_key_ref.keyRingsId, cryptoKeyId=crypto_key_ref.cryptoKeysId, cryptoKey=messages.CryptoKey( # TODO(user): Find a better way to get the enum value by name. purpose=getattr(messages.CryptoKey.PurposeValueValuesEnum, PURPOSE_MAP[args.purpose]), ), ) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) return client.projects_locations_keyRings_cryptoKeys.Create(req)
def UpdateOthers(self, args, crypto_key, fields_to_update): # pylint: disable=line-too-long client = cloudkms_base.GetClientInstance() messages = cloudkms_base.GetMessagesModule() crypto_key_ref = flags.ParseCryptoKeyName(args) req = messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequest( name=crypto_key_ref.RelativeName(), cryptoKey=messages.CryptoKey(labels=labels_util.UpdateLabels( crypto_key.labels, messages.CryptoKey.LabelsValue, update_labels=labels_util.GetUpdateLabelsDictFromArgs(args), remove_labels=labels_util.GetRemoveLabelsListFromArgs(args))), ) req.updateMask = ','.join(fields_to_update) flags.SetNextRotationTime(args, req.cryptoKey) flags.SetRotationPeriod(args, req.cryptoKey) try: response = client.projects_locations_keyRings_cryptoKeys.Patch(req) except apitools_exceptions.HttpError: return None return response