def Args(cls, parser):
# Create KMS key presentation spec.
kms_flag_overrides = {
'kms-key': '--topic-encryption-key',
'kms-keyring': '--topic-encryption-key-keyring',
'kms-location': '--topic-encryption-key-location',
'kms-project': '--topic-encryption-key-project'
}
permission_info = """
The specified CloudKMS key should have purpose set to "ENCRYPT_DECRYPT".
The service account,
"service-${CONSUMER_PROJECT_NUMBER}@gcp-sa-pubsub.iam.gserviceaccount.com"
requires the IAM cryptoKeyEncrypterDecrypter role for the given CloudKMS key.
CONSUMER_PROJECT_NUMBER is the project number of the project that is the parent of the
topic being created"""
kms_key_presentation_spec = kms_resource_args.GetKmsKeyPresentationSpec(
'topic',
flag_overrides=kms_flag_overrides,
permission_info=permission_info)
# Create Topic presentation spec.
topic_presentation_spec = resource_args.CreateTopicResourceArg(
'to create.', positional=True, plural=True)
resource_args.AddResourceArgs(
parser, [kms_key_presentation_spec, topic_presentation_spec])
labels_util.AddCreateLabelsFlags(parser)
def Args(parser):
"""Registers flags for this command."""
resource_args.AddTopicResourceArg(parser, 'to update.')
labels_util.AddUpdateLabelsFlags(parser)
resource_args.AddResourceArgs(parser, [
kms_resource_args.GetKmsKeyPresentationSpec(
'topic',
flag_overrides=_KMS_FLAG_OVERRIDES,
permission_info=_KMS_PERMISSION_INFO)
])
flags.AddTopicMessageRetentionFlags(parser, is_update=True)
msp_group = parser.add_group(mutex=True,
help='Message storage policy options.')
msp_group.add_argument(
'--recompute-message-storage-policy',
action='store_true',
help=
'If given, Cloud Pub/Sub will recompute the regions where messages'
' can be stored at rest, based on your organization\'s "Resource '
' Location Restriction" policy.')
msp_group.add_argument(
'--message-storage-policy-allowed-regions',
metavar='REGION',
type=arg_parsers.ArgList(),
help=
'A list of one or more Cloud regions where messages are allowed to'
' be stored at rest.')
def Args(cls, parser):
# Create KMS key presentation spec.
kms_flag_overrides = {
'kms-key': '--topic-encryption-key',
'kms-keyring': '--topic-encryption-key-keyring',
'kms-location': '--topic-encryption-key-location',
'kms-project': '--topic-encryption-key-project'
}
permission_info = """
The specified CloudKMS key should have purpose set to "ENCRYPT_DECRYPT".
The service account,
"service-${CONSUMER_PROJECT_NUMBER}@gcp-sa-pubsub.iam.gserviceaccount.com"
requires the IAM cryptoKeyEncrypterDecrypter role for the given CloudKMS key.
CONSUMER_PROJECT_NUMBER is the project number of the project that is the parent of the
topic being created"""
kms_key_presentation_spec = kms_resource_args.GetKmsKeyPresentationSpec(
'topic',
flag_overrides=kms_flag_overrides,
permission_info=permission_info)
# Create Topic presentation spec.
topic_presentation_spec = resource_args.CreateTopicResourceArg(
'to create.', positional=True, plural=True)
resource_args.AddResourceArgs(
parser, [kms_key_presentation_spec, topic_presentation_spec])
labels_util.AddCreateLabelsFlags(parser)
parser.add_argument(
'--message-storage-policy-allowed-regions',
metavar='REGION',
type=arg_parsers.ArgList(),
help=
'A list of one or more Cloud regions where messages are allowed to'
' be stored at rest.')
def _GetKmsKeyPresentationSpec():
return kms_resource_args.GetKmsKeyPresentationSpec(
'topic',
flag_overrides=_KMS_FLAG_OVERRIDES,
permission_info=_KMS_PERMISSION_INFO)