From 656593d53e0107b6169ac9d2734b5564ac30b604 Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Thu, 30 Jul 2020 13:35:29 -0700 Subject: [PATCH] feat!: migrate to microgenerator. (#16) --- kms/attestations/README.rst | 29 +++- kms/attestations/noxfile.py | 3 +- kms/snippets/create_key_asymmetric_decrypt.py | 6 +- kms/snippets/create_key_asymmetric_sign.py | 6 +- kms/snippets/create_key_hsm.py | 8 +- kms/snippets/create_key_labels.py | 6 +- kms/snippets/create_key_ring.py | 4 +- kms/snippets/create_key_rotation_schedule.py | 6 +- .../create_key_symmetric_encrypt_decrypt.py | 6 +- kms/snippets/create_key_version.py | 2 +- kms/snippets/decrypt_asymmetric.py | 2 +- kms/snippets/decrypt_symmetric.py | 2 +- kms/snippets/destroy_key_version.py | 2 +- kms/snippets/disable_key_version.py | 12 +- kms/snippets/enable_key_version.py | 12 +- kms/snippets/encrypt_asymmetric.py | 2 +- kms/snippets/encrypt_symmetric.py | 2 +- kms/snippets/get_key_labels.py | 2 +- kms/snippets/get_key_version_attestation.py | 2 +- kms/snippets/get_public_key.py | 2 +- kms/snippets/iam_add_member.py | 9 +- kms/snippets/iam_get_policy.py | 2 +- kms/snippets/iam_remove_member.py | 8 +- kms/snippets/noxfile.py | 3 +- kms/snippets/quickstart.py | 4 +- kms/snippets/restore_key_version.py | 2 +- kms/snippets/sign_asymmetric.py | 2 +- kms/snippets/snippets_test.py | 132 +++++++++--------- kms/snippets/update_key_add_rotation.py | 22 ++- kms/snippets/update_key_remove_labels.py | 12 +- kms/snippets/update_key_remove_rotation.py | 10 +- kms/snippets/update_key_set_primary.py | 2 +- kms/snippets/update_key_update_labels.py | 14 +- kms/snippets/verify_asymmetric_ec.py | 2 +- kms/snippets/verify_asymmetric_rsa.py | 2 +- 35 files changed, 180 insertions(+), 162 deletions(-) diff --git a/kms/attestations/README.rst b/kms/attestations/README.rst index dddddfbcd7d3..0c56a914359f 100644 --- a/kms/attestations/README.rst +++ b/kms/attestations/README.rst @@ -32,7 +32,7 @@ Install Dependencies .. _Python Development Environment Setup Guide: https://cloud.google.com/python/setup -#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+. +#. Create a virtualenv. Samples are compatible with Python 3.6+. .. code-block:: bash @@ -48,9 +48,15 @@ Install Dependencies .. _pip: https://pip.pypa.io/ .. _virtualenv: https://virtualenv.pypa.io/ + + + + + Samples ------------------------------------------------------------------------------- + Verify attestations for keys generated by Cloud HSM +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -66,9 +72,26 @@ To run this sample: $ python verify_attestation.py - + + usage: verify_attestation.py [-h] attestation_file bundle_file + + This application verifies HSM attestations using certificate bundles obtained + from Cloud HSM. For more information, visit + https://cloud.google.com/kms/docs/attest-key. + + positional arguments: + attestation_file Name of attestation file. + bundle_file Name of certificate bundle file. + + optional arguments: + -h, --help show this help message and exit + + + + + -.. _Google Cloud SDK: https://cloud.google.com/sdk/ \ No newline at end of file +.. _Google Cloud SDK: https://cloud.google.com/sdk/ diff --git a/kms/attestations/noxfile.py b/kms/attestations/noxfile.py index b23055f14a65..ba55d7ce53ca 100644 --- a/kms/attestations/noxfile.py +++ b/kms/attestations/noxfile.py @@ -43,7 +43,7 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GCLOUD_PROJECT', + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # A dictionary you want to inject into your test. Don't put any @@ -72,7 +72,6 @@ def get_pytest_env_vars(): env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] - ret['GCLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. ret.update(TEST_CONFIG['envs']) diff --git a/kms/snippets/create_key_asymmetric_decrypt.py b/kms/snippets/create_key_asymmetric_decrypt.py index cac157958ebd..4865a266cf45 100644 --- a/kms/snippets/create_key_asymmetric_decrypt.py +++ b/kms/snippets/create_key_asymmetric_decrypt.py @@ -38,8 +38,8 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created asymmetric decrypt key: {}'.format(created_key.name)) return created_key # [END kms_create_key_asymmetric_decrypt] diff --git a/kms/snippets/create_key_asymmetric_sign.py b/kms/snippets/create_key_asymmetric_sign.py index 9bf18a7a996d..1b05799727b4 100644 --- a/kms/snippets/create_key_asymmetric_sign.py +++ b/kms/snippets/create_key_asymmetric_sign.py @@ -38,8 +38,8 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created asymmetric signing key: {}'.format(created_key.name)) return created_key # [END kms_create_key_asymmetric_sign] diff --git a/kms/snippets/create_key_hsm.py b/kms/snippets/create_key_hsm.py index 84ba37e5d00e..34a9c8a2c509 100644 --- a/kms/snippets/create_key_hsm.py +++ b/kms/snippets/create_key_hsm.py @@ -38,9 +38,9 @@ def create_key_hsm(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - protection_level = kms.enums.ProtectionLevel.HSM + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + protection_level = kms.ProtectionLevel.HSM key = { 'purpose': purpose, 'version_template': { @@ -50,7 +50,7 @@ def create_key_hsm(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created hsm key: {}'.format(created_key.name)) return created_key # [END kms_create_key_hsm] diff --git a/kms/snippets/create_key_labels.py b/kms/snippets/create_key_labels.py index e64a10cb955f..1bef62ebfb24 100644 --- a/kms/snippets/create_key_labels.py +++ b/kms/snippets/create_key_labels.py @@ -38,8 +38,8 @@ def create_key_labels(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -52,7 +52,7 @@ def create_key_labels(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created labeled key: {}'.format(created_key.name)) return created_key # [END kms_create_key_labels] diff --git a/kms/snippets/create_key_ring.py b/kms/snippets/create_key_ring.py index c01e8490516b..49348aa9a20d 100644 --- a/kms/snippets/create_key_ring.py +++ b/kms/snippets/create_key_ring.py @@ -34,13 +34,13 @@ def create_key_ring(project_id, location_id, id): client = kms.KeyManagementServiceClient() # Build the parent location name. - location_name = client.location_path(project_id, location_id) + location_name = f'projects/{project_id}/locations/{location_id}' # Build the key ring. key_ring = {} # Call the API. - created_key_ring = client.create_key_ring(location_name, id, key_ring) + created_key_ring = client.create_key_ring(request={'parent': location_name, 'key_ring_id': id, 'key_ring': key_ring}) print('Created key ring: {}'.format(created_key_ring.name)) return created_key_ring # [END kms_create_key_ring] diff --git a/kms/snippets/create_key_rotation_schedule.py b/kms/snippets/create_key_rotation_schedule.py index e6bbdb62d361..02e323345e6f 100644 --- a/kms/snippets/create_key_rotation_schedule.py +++ b/kms/snippets/create_key_rotation_schedule.py @@ -41,8 +41,8 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -61,7 +61,7 @@ def create_key_rotation_schedule(project_id, location_id, key_ring_id, id): } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created labeled key: {}'.format(created_key.name)) return created_key # [END kms_create_key_rotation_schedule] diff --git a/kms/snippets/create_key_symmetric_encrypt_decrypt.py b/kms/snippets/create_key_symmetric_encrypt_decrypt.py index 54b9c5f40981..1b6b88c5cf50 100644 --- a/kms/snippets/create_key_symmetric_encrypt_decrypt.py +++ b/kms/snippets/create_key_symmetric_encrypt_decrypt.py @@ -38,8 +38,8 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) # Build the key. - purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + purpose = kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + algorithm = kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION key = { 'purpose': purpose, 'version_template': { @@ -48,7 +48,7 @@ def create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, i } # Call the API. - created_key = client.create_crypto_key(key_ring_name, id, key) + created_key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': id, 'crypto_key': key}) print('Created symmetric key: {}'.format(created_key.name)) return created_key # [END kms_create_key_symmetric_encrypt_decrypt] diff --git a/kms/snippets/create_key_version.py b/kms/snippets/create_key_version.py index 9c84f808a943..aced5abfc9db 100644 --- a/kms/snippets/create_key_version.py +++ b/kms/snippets/create_key_version.py @@ -41,7 +41,7 @@ def create_key_version(project_id, location_id, key_ring_id, key_id): version = {} # Call the API. - created_version = client.create_crypto_key_version(key_name, version) + created_version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': version}) print('Created key version: {}'.format(created_version.name)) return created_version # [END kms_create_key_version] diff --git a/kms/snippets/decrypt_asymmetric.py b/kms/snippets/decrypt_asymmetric.py index 7b040cdd4203..7f5397c92392 100644 --- a/kms/snippets/decrypt_asymmetric.py +++ b/kms/snippets/decrypt_asymmetric.py @@ -40,7 +40,7 @@ def decrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - decrypt_response = client.asymmetric_decrypt(key_version_name, ciphertext) + decrypt_response = client.asymmetric_decrypt(request={'name': key_version_name, 'ciphertext': ciphertext}) print('Plaintext: {}'.format(decrypt_response.plaintext)) return decrypt_response # [END kms_decrypt_asymmetric] diff --git a/kms/snippets/decrypt_symmetric.py b/kms/snippets/decrypt_symmetric.py index a5cbe714279b..c0b64d3b2d16 100644 --- a/kms/snippets/decrypt_symmetric.py +++ b/kms/snippets/decrypt_symmetric.py @@ -39,7 +39,7 @@ def decrypt_symmetric(project_id, location_id, key_ring_id, key_id, ciphertext): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - decrypt_response = client.decrypt(key_name, ciphertext) + decrypt_response = client.decrypt(request={'name': key_name, 'ciphertext': ciphertext}) print('Plaintext: {}'.format(decrypt_response.plaintext)) return decrypt_response # [END kms_decrypt_symmetric] diff --git a/kms/snippets/destroy_key_version.py b/kms/snippets/destroy_key_version.py index 7423ca7e099e..1425c890e4b0 100644 --- a/kms/snippets/destroy_key_version.py +++ b/kms/snippets/destroy_key_version.py @@ -39,7 +39,7 @@ def destroy_key_version(project_id, location_id, key_ring_id, key_id, version_id key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - destroyed_version = client.destroy_crypto_key_version(key_version_name) + destroyed_version = client.destroy_crypto_key_version(request={'name': key_version_name}) print('Destroyed key version: {}'.format(destroyed_version.name)) return destroyed_version # [END kms_destroy_key_version] diff --git a/kms/snippets/disable_key_version.py b/kms/snippets/disable_key_version.py index a4a16dd57a65..a4625d704393 100644 --- a/kms/snippets/disable_key_version.py +++ b/kms/snippets/disable_key_version.py @@ -38,18 +38,16 @@ def disable_key_version(project_id, location_id, key_ring_id, key_id, version_id # Build the key version name. key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) - # Build the key version. We need to build a full proto instead of a dict due - # to https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key_version = resources_pb2.CryptoKeyVersion() - key_version.name = key_version_name - key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + key_version = { + 'name': key_version_name, + 'state': kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + } # Build the update mask. update_mask = {'paths': ['state']} # Call the API. - disabled_version = client.update_crypto_key_version(key_version, update_mask) + disabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask}) print('Disabled key version: {}'.format(disabled_version.name)) return disabled_version # [END kms_disable_key_version] diff --git a/kms/snippets/enable_key_version.py b/kms/snippets/enable_key_version.py index 9cb8daadd66f..edad8eabe1c9 100644 --- a/kms/snippets/enable_key_version.py +++ b/kms/snippets/enable_key_version.py @@ -38,18 +38,16 @@ def enable_key_version(project_id, location_id, key_ring_id, key_id, version_id) # Build the key version name. key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) - # Build the key version. We need to build a full proto instead of a dict due - # to https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key_version = resources_pb2.CryptoKeyVersion() - key_version.name = key_version_name - key_version.state = kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + key_version = { + 'name': key_version_name, + 'state': kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + } # Build the update mask. update_mask = {'paths': ['state']} # Call the API. - enabled_version = client.update_crypto_key_version(key_version, update_mask) + enabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask}) print('Enabled key version: {}'.format(enabled_version.name)) return enabled_version # [END kms_enable_key_version] diff --git a/kms/snippets/encrypt_asymmetric.py b/kms/snippets/encrypt_asymmetric.py index efe40322c425..065c7e9bf70d 100644 --- a/kms/snippets/encrypt_asymmetric.py +++ b/kms/snippets/encrypt_asymmetric.py @@ -51,7 +51,7 @@ def encrypt_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8') diff --git a/kms/snippets/encrypt_symmetric.py b/kms/snippets/encrypt_symmetric.py index b90da358f676..9cc3b1a5d12c 100644 --- a/kms/snippets/encrypt_symmetric.py +++ b/kms/snippets/encrypt_symmetric.py @@ -45,7 +45,7 @@ def encrypt_symmetric(project_id, location_id, key_ring_id, key_id, plaintext): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - encrypt_response = client.encrypt(key_name, plaintext_bytes) + encrypt_response = client.encrypt(request={'name': key_name, 'plaintext': plaintext_bytes}) print('Ciphertext: {}'.format(base64.b64encode(encrypt_response.ciphertext))) return encrypt_response # [END kms_encrypt_symmetric] diff --git a/kms/snippets/get_key_labels.py b/kms/snippets/get_key_labels.py index 363bcfbaf03b..504dbcaa0c03 100644 --- a/kms/snippets/get_key_labels.py +++ b/kms/snippets/get_key_labels.py @@ -38,7 +38,7 @@ def get_key_labels(project_id, location_id, key_ring_id, key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - key = client.get_crypto_key(key_name) + key = client.get_crypto_key(request={'name': key_name}) # Example of iterating over labels. for k, v in key.labels.items(): diff --git a/kms/snippets/get_key_version_attestation.py b/kms/snippets/get_key_version_attestation.py index 615d4653d8ef..569cf2045bba 100644 --- a/kms/snippets/get_key_version_attestation.py +++ b/kms/snippets/get_key_version_attestation.py @@ -42,7 +42,7 @@ def get_key_version_attestation(project_id, location_id, key_ring_id, key_id, ve key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - version = client.get_crypto_key_version(key_version_name) + version = client.get_crypto_key_version(request={'name': key_version_name}) # Only HSM keys have an attestation. For other key types, the attestion # will be None. diff --git a/kms/snippets/get_public_key.py b/kms/snippets/get_public_key.py index 1b810d15f6ad..bdc91139944d 100644 --- a/kms/snippets/get_public_key.py +++ b/kms/snippets/get_public_key.py @@ -39,7 +39,7 @@ def get_public_key(project_id, location_id, key_ring_id, key_id, version_id): key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) print('Public key: {}'.format(public_key.pem)) return public_key # [END kms_get_public_key] diff --git a/kms/snippets/iam_add_member.py b/kms/snippets/iam_add_member.py index 442f248390de..7847aa4a7079 100644 --- a/kms/snippets/iam_add_member.py +++ b/kms/snippets/iam_add_member.py @@ -42,7 +42,7 @@ def iam_add_member(project_id, location_id, key_ring_id, key_id, member): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Add the member to the policy. policy.bindings.add( @@ -50,7 +50,12 @@ def iam_add_member(project_id, location_id, key_ring_id, key_id, member): members=[member]) # Save the updated IAM policy. - updated_policy = client.set_iam_policy(resource_name, policy) + request = { + 'resource': resource_name, + 'policy': policy + } + + updated_policy = client.set_iam_policy(request=request) print('Added {} to {}'.format(member, resource_name)) return updated_policy # [END kms_iam_add_member] diff --git a/kms/snippets/iam_get_policy.py b/kms/snippets/iam_get_policy.py index c00172e98a5b..96ae743ebb5a 100644 --- a/kms/snippets/iam_get_policy.py +++ b/kms/snippets/iam_get_policy.py @@ -41,7 +41,7 @@ def iam_get_policy(project_id, location_id, key_ring_id, key_id): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Print the policy print('IAM policy for {}'.format(resource_name)) diff --git a/kms/snippets/iam_remove_member.py b/kms/snippets/iam_remove_member.py index ad73fab943c5..890a027d9e54 100644 --- a/kms/snippets/iam_remove_member.py +++ b/kms/snippets/iam_remove_member.py @@ -42,7 +42,7 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member): # resource_name = client.key_ring_path(project_id, location_id, key_ring_id); # Get the current policy. - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={'resource': resource_name}) # Remove the member from the policy. for binding in policy.bindings: @@ -51,7 +51,11 @@ def iam_remove_member(project_id, location_id, key_ring_id, key_id, member): binding.members.remove(member) # Save the updated IAM policy. - updated_policy = client.set_iam_policy(resource_name, policy) + request = { + 'resource': resource_name, + 'policy': policy + } + updated_policy = client.set_iam_policy(request=request) print('Removed {} from {}'.format(member, resource_name)) return updated_policy # [END kms_iam_remove_member] diff --git a/kms/snippets/noxfile.py b/kms/snippets/noxfile.py index b23055f14a65..ba55d7ce53ca 100644 --- a/kms/snippets/noxfile.py +++ b/kms/snippets/noxfile.py @@ -43,7 +43,7 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GCLOUD_PROJECT', + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # A dictionary you want to inject into your test. Don't put any @@ -72,7 +72,6 @@ def get_pytest_env_vars(): env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] - ret['GCLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. ret.update(TEST_CONFIG['envs']) diff --git a/kms/snippets/quickstart.py b/kms/snippets/quickstart.py index 91b5a49ad41f..6b24d643f5e0 100644 --- a/kms/snippets/quickstart.py +++ b/kms/snippets/quickstart.py @@ -25,10 +25,10 @@ def quickstart(project_id, location_id): client = kms.KeyManagementServiceClient() # Build the parent location name. - location_name = client.location_path(project_id, location_id) + location_name = f'projects/{project_id}/locations/{location_id}' # Call the API. - key_rings = client.list_key_rings(location_name) + key_rings = client.list_key_rings(request={'parent': location_name}) # Example of iterating over key rings. for key_ring in key_rings: diff --git a/kms/snippets/restore_key_version.py b/kms/snippets/restore_key_version.py index 3c4668d6bedf..c65456b2dff2 100644 --- a/kms/snippets/restore_key_version.py +++ b/kms/snippets/restore_key_version.py @@ -39,7 +39,7 @@ def restore_key_version(project_id, location_id, key_ring_id, key_id, version_id key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Call the API. - restored_version = client.restore_crypto_key_version(key_version_name) + restored_version = client.restore_crypto_key_version(request={'name': key_version_name}) print('Restored key version: {}'.format(restored_version.name)) return restored_version # [END kms_restore_key_version] diff --git a/kms/snippets/sign_asymmetric.py b/kms/snippets/sign_asymmetric.py index a92a13ec20e2..c12a31d2d1f5 100644 --- a/kms/snippets/sign_asymmetric.py +++ b/kms/snippets/sign_asymmetric.py @@ -58,7 +58,7 @@ def sign_asymmetric(project_id, location_id, key_ring_id, key_id, version_id, me digest = {'sha256': hash_} # Call the API - sign_response = client.asymmetric_sign(key_version_name, digest) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': digest}) print('Signature: {}'.format(base64.b64encode(sign_response.signature))) return sign_response # [END kms_sign_asymmetric] diff --git a/kms/snippets/snippets_test.py b/kms/snippets/snippets_test.py index 795edeb47370..7e3f02ef04ce 100644 --- a/kms/snippets/snippets_test.py +++ b/kms/snippets/snippets_test.py @@ -11,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and +import datetime import hashlib import os import time @@ -21,7 +22,6 @@ from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import padding, utils from google.cloud import kms -from google.cloud.kms_v1.proto import resources_pb2 import pytest from create_key_asymmetric_decrypt import create_key_asymmetric_decrypt @@ -64,7 +64,7 @@ def client(): @pytest.fixture(scope="module") def project_id(): - return os.environ['GCLOUD_PROJECT'] + return os.environ['GOOGLE_CLOUD_PROJECT'] @pytest.fixture(scope="module") @@ -74,36 +74,34 @@ def location_id(): @pytest.fixture(scope="module") def key_ring_id(client, project_id, location_id): - location_name = client.location_path(project_id, location_id) + location_name = f"projects/{project_id}/locations/{location_id}" key_ring_id = '{}'.format(uuid.uuid4()) - key_ring = client.create_key_ring(location_name, key_ring_id, {}) + key_ring = client.create_key_ring(request={'parent': location_name, 'key_ring_id': key_ring_id, 'key_ring': {}}) yield key_ring_id - for key in client.list_crypto_keys(key_ring.name): - if key.rotation_period.seconds > 0 or key.next_rotation_time.seconds > 0: - # https://github.com/googleapis/gapic-generator-python/issues/364 - updated_key = resources_pb2.CryptoKey() - updated_key.name = key.name + for key in client.list_crypto_keys(request={'parent': key_ring.name}): + if key.rotation_period or key.next_rotation_time: + updated_key = {'name': key.name} update_mask = {'paths': ['rotation_period', 'next_rotation_time']} - client.update_crypto_key(updated_key, update_mask) + client.update_crypto_key(request={'crypto_key': updated_key, 'update_mask': update_mask}) f = 'state != DESTROYED AND state != DESTROY_SCHEDULED' - for version in client.list_crypto_key_versions(key.name, filter_=f): - client.destroy_crypto_key_version(version.name) + for version in client.list_crypto_key_versions(request={'parent': key.name, 'filter': f}): + client.destroy_crypto_key_version(request={'name': version.name}) @pytest.fixture(scope="module") def asymmetric_decrypt_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -112,13 +110,13 @@ def asymmetric_decrypt_key_id(client, project_id, location_id, key_ring_id): def asymmetric_sign_ec_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -127,13 +125,13 @@ def asymmetric_sign_ec_key_id(client, project_id, location_id, key_ring_id): def asymmetric_sign_rsa_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -142,14 +140,14 @@ def asymmetric_sign_rsa_key_id(client, project_id, location_id, key_ring_id): def hsm_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - 'protection_level': kms.enums.ProtectionLevel.HSM + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + 'protection_level': kms.ProtectionLevel.HSM }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id @@ -158,21 +156,21 @@ def hsm_key_id(client, project_id, location_id, key_ring_id): def symmetric_key_id(client, project_id, location_id, key_ring_id): key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id) key_id = '{}'.format(uuid.uuid4()) - key = client.create_crypto_key(key_ring_name, key_id, { - 'purpose': kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + key = client.create_crypto_key(request={'parent': key_ring_name, 'crypto_key_id': key_id, 'crypto_key': { + 'purpose': kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, 'version_template': { - 'algorithm': kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + 'algorithm': kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION }, 'labels': {'foo': 'bar', 'zip': 'zap'} - }) + }}) wait_for_ready(client, '{}/cryptoKeyVersions/1'.format(key.name)) return key_id def wait_for_ready(client, key_version_name): for i in range(5): - key_version = client.get_crypto_key_version(key_version_name) - if key_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED: + key_version = client.get_crypto_key_version(request={'name': key_version_name}) + if key_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED: return time.sleep(0.1*(i**2)) pytest.fail('{} not ready'.format(key_version_name)) @@ -181,30 +179,30 @@ def wait_for_ready(client, key_version_name): def test_create_key_asymmetric_decrypt(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256 def test_create_key_asymmetric_sign(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_asymmetric_sign(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256 def test_create_key_hsm(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_hsm(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - assert key.version_template.protection_level == kms.enums.ProtectionLevel.HSM + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.version_template.protection_level == kms.ProtectionLevel.HSM def test_create_key_labels(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_labels(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION assert key.labels == {'team': 'alpha', 'cost_center': 'cc1234'} @@ -217,15 +215,15 @@ def test_create_key_ring(project_id, location_id): def test_create_key_rotation_schedule(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_rotation_schedule(project_id, location_id, key_ring_id, key_id) - assert key.rotation_period.seconds == 60*60*24*30 - assert key.next_rotation_time.seconds > 0 + assert key.rotation_period == datetime.timedelta(seconds=60*60*24*30) + assert key.next_rotation_time def test_create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id): key_id = '{}'.format(uuid.uuid4()) key = create_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, key_id) - assert key.purpose == kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert key.version_template.algorithm == kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + assert key.purpose == kms.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert key.version_template.algorithm == kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION def test_create_key_version(project_id, location_id, key_ring_id, symmetric_key_id): @@ -237,7 +235,7 @@ def test_decrypt_asymmetric(client, project_id, location_id, key_ring_id, asymme message = 'my message'.encode('utf-8') key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1') - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) pem = public_key.pem.encode('utf-8') rsa_key = serialization.load_pem_public_key(pem, default_backend()) @@ -255,7 +253,7 @@ def test_decrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr plaintext = 'my message'.encode('utf-8') key_version_name = client.crypto_key_path(project_id, location_id, key_ring_id, symmetric_key_id) - encrypt_response = client.encrypt(key_version_name, plaintext) + encrypt_response = client.encrypt(request={'name': key_version_name, 'plaintext': plaintext}) ciphertext = encrypt_response.ciphertext decrypt_response = decrypt_symmetric(project_id, location_id, key_ring_id, symmetric_key_id, ciphertext) @@ -264,30 +262,30 @@ def test_decrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr def test_destroy_restore_key_version(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id) - version = client.create_crypto_key_version(key_name, {}) + version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': {}}) version_id = version.name.split('/')[-1] wait_for_ready(client, version.name) destroyed_version = destroy_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert destroyed_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED + assert destroyed_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED restored_version = restore_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert restored_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + assert restored_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED def test_disable_enable_key_version(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): key_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id) - version = client.create_crypto_key_version(key_name, {}) + version = client.create_crypto_key_version(request={'parent': key_name, 'crypto_key_version': {}}) version_id = version.name.split('/')[-1] wait_for_ready(client, version.name) disabled_version = disable_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert disabled_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.DISABLED + assert disabled_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED enabled_version = enable_key_version(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, version_id) - assert enabled_version.state == kms.enums.CryptoKeyVersion.CryptoKeyVersionState.ENABLED + assert enabled_version.state == kms.CryptoKeyVersion.CryptoKeyVersionState.ENABLED def test_encrypt_asymmetric(client, project_id, location_id, key_ring_id, asymmetric_decrypt_key_id): @@ -295,7 +293,7 @@ def test_encrypt_asymmetric(client, project_id, location_id, key_ring_id, asymme ciphertext = encrypt_asymmetric(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1', plaintext) key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_decrypt_key_id, '1') - response = client.asymmetric_decrypt(key_version_name, ciphertext) + response = client.asymmetric_decrypt(request={'name': key_version_name, 'ciphertext': ciphertext}) assert response.plaintext == plaintext.encode('utf-8') @@ -304,7 +302,7 @@ def test_encrypt_symmetric(client, project_id, location_id, key_ring_id, symmetr encrypt_response = encrypt_symmetric(project_id, location_id, key_ring_id, symmetric_key_id, plaintext) key_name = client.crypto_key_path(project_id, location_id, key_ring_id, symmetric_key_id) - decrypt_response = client.decrypt(key_name, encrypt_response.ciphertext) + decrypt_response = client.decrypt(request={'name': key_name, 'ciphertext': encrypt_response.ciphertext}) assert decrypt_response.plaintext == plaintext.encode('utf-8') @@ -338,11 +336,11 @@ def test_iam_get_policy(project_id, location_id, key_ring_id, symmetric_key_id): def test_iam_remove_member(client, project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id): resource_name = client.crypto_key_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id) - policy = client.get_iam_policy(resource_name) + policy = client.get_iam_policy(request={"resource": resource_name}) policy.bindings.add( role='roles/cloudkms.cryptoKeyEncrypterDecrypter', members=['group:test@google.com', 'group:tester@google.com']) - client.set_iam_policy(resource_name, policy) + client.set_iam_policy(request={"resource": resource_name, "policy": policy}) policy = iam_remove_member(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, 'group:test@google.com') assert not any('group:test@google.com' in b.members for b in policy.bindings) @@ -356,7 +354,7 @@ def test_sign_asymmetric(client, project_id, location_id, key_ring_id, asymmetri assert sign_response.signature key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1') - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) pem = public_key.pem.encode('utf-8') rsa_key = serialization.load_pem_public_key(pem, default_backend()) hash_ = hashlib.sha256(message.encode('utf-8')).digest() @@ -371,8 +369,8 @@ def test_sign_asymmetric(client, project_id, location_id, key_ring_id, asymmetri def test_update_key_add_rotation(project_id, location_id, key_ring_id, symmetric_key_id): key = update_key_add_rotation(project_id, location_id, key_ring_id, symmetric_key_id) - assert key.rotation_period.seconds == 60*60*24*30 - assert key.next_rotation_time.seconds > 0 + assert key.rotation_period == datetime.timedelta(seconds=60*60*24*30) + assert key.next_rotation_time def test_update_key_remove_labels(project_id, location_id, key_ring_id, symmetric_key_id): @@ -382,8 +380,8 @@ def test_update_key_remove_labels(project_id, location_id, key_ring_id, symmetri def test_update_key_remove_rotation(project_id, location_id, key_ring_id, symmetric_key_id): key = update_key_remove_rotation(project_id, location_id, key_ring_id, symmetric_key_id) - assert key.rotation_period.seconds == 0 - assert key.next_rotation_time.seconds == 0 + assert not key.rotation_period + assert not key.next_rotation_time def test_update_key_set_primary(project_id, location_id, key_ring_id, symmetric_key_id): @@ -401,7 +399,7 @@ def test_verify_asymmetric_ec(client, project_id, location_id, key_ring_id, asym key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_ec_key_id, '1') hash_ = hashlib.sha256(message.encode('utf-8')).digest() - sign_response = client.asymmetric_sign(key_version_name, {'sha256': hash_}) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': {'sha256': hash_}}) verified = verify_asymmetric_ec(project_id, location_id, key_ring_id, asymmetric_sign_ec_key_id, '1', message, sign_response.signature) assert verified @@ -412,7 +410,7 @@ def test_verify_asymmetric_rsa(client, project_id, location_id, key_ring_id, asy key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1') hash_ = hashlib.sha256(message.encode('utf-8')).digest() - sign_response = client.asymmetric_sign(key_version_name, {'sha256': hash_}) + sign_response = client.asymmetric_sign(request={'name': key_version_name, 'digest': {'sha256': hash_}}) verified = verify_asymmetric_rsa(project_id, location_id, key_ring_id, asymmetric_sign_rsa_key_id, '1', message, sign_response.signature) assert verified diff --git a/kms/snippets/update_key_add_rotation.py b/kms/snippets/update_key_add_rotation.py index 22dd6b6622fc..acc4d95612a9 100644 --- a/kms/snippets/update_key_add_rotation.py +++ b/kms/snippets/update_key_add_rotation.py @@ -40,23 +40,21 @@ def update_key_add_rotation(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - - # Rotate the key every 30 days. - key.rotation_period.seconds = 60*60*24*30 - - # Start the first rotation in 24 hours. - key.next_rotation_time.seconds = int(time.time()) + 60*60*24 + key = { + 'name': key_name, + 'rotation_period': { + 'seconds': 60*60*24*30 # Rotate the key every 30 days. + }, + 'next_rotation_time': { + 'seconds': int(time.time()) + 60*60*24 # Start the first rotation in 24 hours. + } + } # Build the update mask. update_mask = {'paths': ['rotation_period', 'next_rotation_time']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_add_rotation_schedule] diff --git a/kms/snippets/update_key_remove_labels.py b/kms/snippets/update_key_remove_labels.py index a44ab214b7a8..648db99c5973 100644 --- a/kms/snippets/update_key_remove_labels.py +++ b/kms/snippets/update_key_remove_labels.py @@ -37,18 +37,16 @@ def update_key_remove_labels(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - key.labels.clear() + key = { + 'name': key_name, + 'labels': [], + } # Build the update mask. update_mask = {'paths': ['labels']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_remove_labels] diff --git a/kms/snippets/update_key_remove_rotation.py b/kms/snippets/update_key_remove_rotation.py index 7f8707eb6eb0..5dd596a7822b 100644 --- a/kms/snippets/update_key_remove_rotation.py +++ b/kms/snippets/update_key_remove_rotation.py @@ -37,17 +37,15 @@ def update_key_remove_rotation(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name + key = { + 'name': key_name + } # Build the update mask. update_mask = {'paths': ['rotation_period', 'next_rotation_time']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_remove_rotation_schedule] diff --git a/kms/snippets/update_key_set_primary.py b/kms/snippets/update_key_set_primary.py index dd889dbd407f..74ba5cdf845a 100644 --- a/kms/snippets/update_key_set_primary.py +++ b/kms/snippets/update_key_set_primary.py @@ -39,7 +39,7 @@ def update_key_set_primary(project_id, location_id, key_ring_id, key_id, version key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Call the API. - updated_key = client.update_crypto_key_primary_version(key_name, version_id) + updated_key = client.update_crypto_key_primary_version(request={'name': key_name, 'crypto_key_version_id': version_id}) print('Updated {} primary to {}'.format(updated_key.name, version_id)) return updated_key # [END kms_update_key_set_primary] diff --git a/kms/snippets/update_key_update_labels.py b/kms/snippets/update_key_update_labels.py index 21372472bc2a..3f58f15f142c 100644 --- a/kms/snippets/update_key_update_labels.py +++ b/kms/snippets/update_key_update_labels.py @@ -37,18 +37,18 @@ def update_key_update_labels(project_id, location_id, key_ring_id, key_id): # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) - # Build the key. We need to build a full proto instead of a dict due to - # https://github.com/googleapis/gapic-generator-python/issues/364. - from google.cloud.kms_v1.proto import resources_pb2 - key = resources_pb2.CryptoKey() - key.name = key_name - key.labels.update({'new_label': 'new_value'}) + key = { + 'name': key_name, + 'labels': { + 'new_label': 'new_value' + } + } # Build the update mask. update_mask = {'paths': ['labels']} # Call the API. - updated_key = client.update_crypto_key(key, update_mask) + updated_key = client.update_crypto_key(request={'crypto_key': key, 'update_mask': update_mask}) print('Updated key: {}'.format(updated_key.name)) return updated_key # [END kms_update_key_update_labels] diff --git a/kms/snippets/verify_asymmetric_ec.py b/kms/snippets/verify_asymmetric_ec.py index ac77a64b8681..d29128bd8aca 100644 --- a/kms/snippets/verify_asymmetric_ec.py +++ b/kms/snippets/verify_asymmetric_ec.py @@ -53,7 +53,7 @@ def verify_asymmetric_ec(project_id, location_id, key_ring_id, key_id, version_i key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8') diff --git a/kms/snippets/verify_asymmetric_rsa.py b/kms/snippets/verify_asymmetric_rsa.py index 6df3d862f83b..ee7330367d75 100644 --- a/kms/snippets/verify_asymmetric_rsa.py +++ b/kms/snippets/verify_asymmetric_rsa.py @@ -53,7 +53,7 @@ def verify_asymmetric_rsa(project_id, location_id, key_ring_id, key_id, version_ key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id) # Get the public key. - public_key = client.get_public_key(key_version_name) + public_key = client.get_public_key(request={'name': key_version_name}) # Extract and parse the public key as a PEM-encoded RSA key. pem = public_key.pem.encode('utf-8')