feat!: migrate to microgenerator. (#16)

GoogleCloudPlatform · Nov 14, 2022 · 656593d · 656593d
1 parent cd68144
commit 656593d
Show file tree

Hide file tree

Showing 35 changed files with 180 additions and 162 deletions.
diff --git a/kms/attestations/README.rst b/kms/attestations/README.rst
@@ -32,7 +32,7 @@ Install Dependencies
    .. _Python Development Environment Setup Guide:
        https://cloud.google.com/python/setup
 
-#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
+#. Create a virtualenv. Samples are compatible with Python 3.6+.
 
     .. code-block:: bash
 
@@ -48,9 +48,15 @@ Install Dependencies
 .. _pip: https://pip.pypa.io/
 .. _virtualenv: https://virtualenv.pypa.io/
 
+
+
+
+
+
 Samples
 -------------------------------------------------------------------------------
 
+
 Verify attestations for keys generated by Cloud HSM
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
@@ -66,9 +72,26 @@ To run this sample:
 
     $ python verify_attestation.py
 
-    
+
+    usage: verify_attestation.py [-h] attestation_file bundle_file
+
+    This application verifies HSM attestations using certificate bundles obtained
+    from Cloud HSM. For more information, visit
+    https://cloud.google.com/kms/docs/attest-key.
+
+    positional arguments:
+      attestation_file  Name of attestation file.
+      bundle_file       Name of certificate bundle file.
+
+    optional arguments:
+      -h, --help        show this help message and exit
+
+
+
+
+
 
 
 
 
-.. _Google Cloud SDK: https://cloud.google.com/sdk/
+.. _Google Cloud SDK: https://cloud.google.com/sdk/
diff --git a/kms/attestations/noxfile.py b/kms/attestations/noxfile.py
@@ -43,7 +43,7 @@
     # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a
     # build specific Cloud project. You can also use your own string
     # to use your own Cloud project.
-    'gcloud_project_env': 'GCLOUD_PROJECT',
+    'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT',
     # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT',
 
     # A dictionary you want to inject into your test. Don't put any
@@ -72,7 +72,6 @@ def get_pytest_env_vars():
     env_key = TEST_CONFIG['gcloud_project_env']
     # This should error out if not set.
     ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key]
-    ret['GCLOUD_PROJECT'] = os.environ[env_key]
 
     # Apply user supplied envs.
     ret.update(TEST_CONFIG['envs'])

diff --git a/kms/snippets/create_key_asymmetric_decrypt.py b/kms/snippets/create_key_asymmetric_decrypt.py
@@ -38,8 +38,8 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id):
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256
     key = {
         'purpose': purpose,
         'version_template': {
@@ -48,7 +48,7 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id):
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created asymmetric decrypt key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_asymmetric_decrypt]
diff --git a/kms/snippets/create_key_asymmetric_sign.py b/kms/snippets/create_key_asymmetric_sign.py
@@ -38,8 +38,8 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id):
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
     key = {
         'purpose': purpose,
         'version_template': {
@@ -48,7 +48,7 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id):
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created asymmetric signing key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_asymmetric_sign]
diff --git a/kms/snippets/create_key_hsm.py b/kms/snippets/create_key_hsm.py
@@ -38,9 +38,9 @@ def create_key_hsm(project_id, location_id, key_ring_id, id):
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
-    protection_level = kms.enums.ProtectionLevel.HSM
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    protection_level = kms.ProtectionLevel.HSM
     key = {
         'purpose': purpose,
         'version_template': {
@@ -50,7 +50,7 @@ def create_key_hsm(project_id, location_id, key_ring_id, id):
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created hsm key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_hsm]
diff --git a/kms/snippets/create_key_labels.py b/kms/snippets/create_key_labels.py
@@ -38,8 +38,8 @@ def create_key_labels(project_id, location_id, key_ring_id, id):
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
     key = {
         'purpose': purpose,
         'version_template': {
@@ -52,7 +52,7 @@ def create_key_labels(project_id, location_id, key_ring_id, id):
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created labeled key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_labels]
diff --git a/kms/snippets/create_key_ring.py b/kms/snippets/create_key_ring.py
@@ -34,13 +34,13 @@ def create_key_ring(project_id, location_id, id):
     client = kms.KeyManagementServiceClient()
 
     # Build the parent location name.
-    location_name = client.location_path(project_id, location_id)
+    location_name = f'projects/{project_id}/locations/{location_id}'
 
     # Build the key ring.
     key_ring = {}
 
     # Call the API.
-    created_key_ring = client.create_key_ring(location_name, id, key_ring)
+    created_key_ring = client.create_key_ring(request={'parent': location_name, 'key_ring_id': id, 'key_ring': key_ring})
     print('Created key ring: {}'.format(created_key_ring.name))
     return created_key_ring
 # [END kms_create_key_ring]
diff --git a/kms/snippets/create_key_rotation_schedule.py b/kms/snippets/create_key_rotation_schedule.py
@@ -41,8 +41,8 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id):
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
     key = {
         'purpose': purpose,
         'version_template': {
@@ -61,7 +61,7 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id):
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created labeled key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_rotation_schedule]
diff --git a/kms/snippets/create_key_symmetric_encrypt_decrypt.py b/kms/snippets/create_key_symmetric_encrypt_decrypt.py
@@ -38,8 +38,8 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i
     key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
 
     # Build the key.
-    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
-    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
     key = {
         'purpose': purpose,
         'version_template': {
@@ -48,7 +48,7 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i
     }
 
     # Call the API.
-    created_key = client.create_crypto_key(key_ring_name, id, key)
+    created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key})
     print('Created symmetric key: {}'.format(created_key.name))
     return created_key
 # [END kms_create_key_symmetric_encrypt_decrypt]
diff --git a/kms/snippets/create_key_version.py b/kms/snippets/create_key_version.py
@@ -41,7 +41,7 @@ def create_key_version(project_id, location_id, key_ring_id, key_id):
     version = {}
 
     # Call the API.
-    created_version = client.create_crypto_key_version(key_name, version)
+    created_version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': version})
     print('Created key version: {}'.format(created_version.name))
     return created_version
 # [END kms_create_key_version]
diff --git a/kms/snippets/decrypt_asymmetric.py b/kms/snippets/decrypt_asymmetric.py
@@ -40,7 +40,7 @@ def decrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id,
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
     # Call the API.
-    decrypt_response = client.asymmetric_decrypt(key_version_name, ciphertext)
+    decrypt_response = client.asymmetric_decrypt(request={'name': key_version_name, 'ciphertext': ciphertext})
     print('Plaintext: {}'.format(decrypt_response.plaintext))
     return decrypt_response
 # [END kms_decrypt_asymmetric]
diff --git a/kms/snippets/decrypt_symmetric.py b/kms/snippets/decrypt_symmetric.py
@@ -39,7 +39,7 @@ def decrypt_symmetric(project_id, location_id, key_ring_id, key_id, ciphertext):
     key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)
 
     # Call the API.
-    decrypt_response = client.decrypt(key_name, ciphertext)
+    decrypt_response = client.decrypt(request={'name': key_name, 'ciphertext': ciphertext})
     print('Plaintext: {}'.format(decrypt_response.plaintext))
     return decrypt_response
 # [END kms_decrypt_symmetric]
diff --git a/kms/snippets/destroy_key_version.py b/kms/snippets/destroy_key_version.py
@@ -39,7 +39,7 @@ def destroy_key_version(project_id, location_id, key_ring_id, key_id, version_id
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
     # Call the API.
-    destroyed_version = client.destroy_crypto_key_version(key_version_name)
+    destroyed_version = client.destroy_crypto_key_version(request={'name': key_version_name})
     print('Destroyed key version: {}'.format(destroyed_version.name))
     return destroyed_version
 # [END kms_destroy_key_version]
diff --git a/kms/snippets/disable_key_version.py b/kms/snippets/disable_key_version.py
@@ -38,18 +38,16 @@ def disable_key_version(project_id, location_id, key_ring_id, key_id, version_id
     # Build the key version name.
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
-    # Build the key version. We need to build a full proto instead of a dict due
-    # to https://github.com/googleapis/gapic-generator-python/issues/364.
-    from google.cloud.kms_v1.proto import resources_pb2
-    key_version = resources_pb2.CryptoKeyVersion()
-    key_version.name = key_version_name
-    key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED
+    key_version = {
+        'name': key_version_name,
+        'state': kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED
+    }
 
     # Build the update mask.
     update_mask = {'paths': ['state']}
 
     # Call the API.
-    disabled_version = client.update_crypto_key_version(key_version, update_mask)
+    disabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask})
     print('Disabled key version: {}'.format(disabled_version.name))
     return disabled_version
 # [END kms_disable_key_version]
diff --git a/kms/snippets/enable_key_version.py b/kms/snippets/enable_key_version.py
@@ -38,18 +38,16 @@ def enable_key_version(project_id, location_id, key_ring_id, key_id, version_id)
     # Build the key version name.
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
-    # Build the key version. We need to build a full proto instead of a dict due
-    # to https://github.com/googleapis/gapic-generator-python/issues/364.
-    from google.cloud.kms_v1.proto import resources_pb2
-    key_version = resources_pb2.CryptoKeyVersion()
-    key_version.name = key_version_name
-    key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED
+    key_version = {
+        'name': key_version_name,
+        'state': kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED
+    }
 
     # Build the update mask.
     update_mask = {'paths': ['state']}
 
     # Call the API.
-    enabled_version = client.update_crypto_key_version(key_version, update_mask)
+    enabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask})
     print('Enabled key version: {}'.format(enabled_version.name))
     return enabled_version
 # [END kms_enable_key_version]
diff --git a/kms/snippets/encrypt_asymmetric.py b/kms/snippets/encrypt_asymmetric.py
@@ -51,7 +51,7 @@ def encrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id,
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
     # Get the public key.
-    public_key = client.get_public_key(key_version_name)
+    public_key = client.get_public_key(request={'name': key_version_name})
 
     # Extract and parse the public key as a PEM-encoded RSA key.
     pem = public_key.pem.encode('utf-8')

diff --git a/kms/snippets/encrypt_symmetric.py b/kms/snippets/encrypt_symmetric.py
@@ -45,7 +45,7 @@ def encrypt_symmetric(project_id, location_id, key_ring_id, key_id, plaintext):
     key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)
 
     # Call the API.
-    encrypt_response = client.encrypt(key_name, plaintext_bytes)
+    encrypt_response = client.encrypt(request={'name': key_name, 'plaintext': plaintext_bytes})
     print('Ciphertext: {}'.format(base64.b64encode(encrypt_response.ciphertext)))
     return encrypt_response
 # [END kms_encrypt_symmetric]
diff --git a/kms/snippets/get_key_labels.py b/kms/snippets/get_key_labels.py
@@ -38,7 +38,7 @@ def get_key_labels(project_id, location_id, key_ring_id, key_id):
     key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)
 
     # Call the API.
-    key = client.get_crypto_key(key_name)
+    key = client.get_crypto_key(request={'name': key_name})
 
     # Example of iterating over labels.
     for k, v in key.labels.items():

diff --git a/kms/snippets/get_key_version_attestation.py b/kms/snippets/get_key_version_attestation.py
@@ -42,7 +42,7 @@ def get_key_version_attestation(project_id, location_id, key_ring_id, key_id, ve
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
     # Call the API.
-    version = client.get_crypto_key_version(key_version_name)
+    version = client.get_crypto_key_version(request={'name': key_version_name})
 
     # Only HSM keys have an attestation. For other key types, the attestion
     # will be None.

diff --git a/kms/snippets/get_public_key.py b/kms/snippets/get_public_key.py
@@ -39,7 +39,7 @@ def get_public_key(project_id, location_id, key_ring_id, key_id, version_id):
     key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
 
     # Call the API.
-    public_key = client.get_public_key(key_version_name)
+    public_key = client.get_public_key(request={'name': key_version_name})
     print('Public key: {}'.format(public_key.pem))
     return public_key
 # [END kms_get_public_key]
diff --git a/kms/snippets/iam_add_member.py b/kms/snippets/iam_add_member.py
@@ -42,15 +42,20 @@ def iam_add_member(project_id, location_id, key_ring_id, key_id, member):
     # resource_name = client.key_ring_path(project_id, location_id, key_ring_id);
 
     # Get the current policy.
-    policy = client.get_iam_policy(resource_name)
+    policy = client.get_iam_policy(request={'resource': resource_name})
 
     # Add the member to the policy.
     policy.bindings.add(
         role='roles/cloudkms.cryptoKeyEncrypterDecrypter',
         members=[member])
 
     # Save the updated IAM policy.
-    updated_policy = client.set_iam_policy(resource_name, policy)
+    request = {
+        'resource': resource_name,
+        'policy': policy
+    }
+
+    updated_policy = client.set_iam_policy(request=request)
     print('Added {} to {}'.format(member, resource_name))
     return updated_policy
 # [END kms_iam_add_member]
diff --git a/kms/snippets/iam_get_policy.py b/kms/snippets/iam_get_policy.py
@@ -41,7 +41,7 @@ def iam_get_policy(project_id, location_id, key_ring_id, key_id):
     # resource_name = client.key_ring_path(project_id, location_id, key_ring_id);
 
     # Get the current policy.
-    policy = client.get_iam_policy(resource_name)
+    policy = client.get_iam_policy(request={'resource': resource_name})
 
     # Print the policy
     print('IAM policy for {}'.format(resource_name))

diff --git a/kms/snippets/iam_remove_member.py b/kms/snippets/iam_remove_member.py
@@ -42,7 +42,7 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member):
     # resource_name = client.key_ring_path(project_id, location_id, key_ring_id);
 
     # Get the current policy.
-    policy = client.get_iam_policy(resource_name)
+    policy = client.get_iam_policy(request={'resource': resource_name})
 
     # Remove the member from the policy.
     for binding in policy.bindings:
@@ -51,7 +51,11 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member):
                 binding.members.remove(member)
 
     # Save the updated IAM policy.
-    updated_policy = client.set_iam_policy(resource_name, policy)
+    request = {
+        'resource': resource_name,
+        'policy': policy
+    }
+    updated_policy = client.set_iam_policy(request=request)
     print('Removed {} from {}'.format(member, resource_name))
     return updated_policy
 # [END kms_iam_remove_member]