diff --git a/apis/kms/v1alpha1/autokeyconfig_reference.go b/apis/kms/v1alpha1/autokeyconfig_reference.go new file mode 100644 index 0000000000..318653fd76 --- /dev/null +++ b/apis/kms/v1alpha1/autokeyconfig_reference.go @@ -0,0 +1,167 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha1 + +import ( + "context" + "fmt" + "strings" + + refsv1beta1 "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s" + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +var _ refsv1beta1.ExternalNormalizer = &KMSAutokeyConfigRef{} + +// KMSAutokeyConfigRef defines the resource reference to KMSAutokeyConfig, which "External" field +// holds the GCP identifier for the KRM object. +type KMSAutokeyConfigRef struct { + // A reference to an externally managed KMSAutokeyConfig resource. + // Should be in the format "folders//autokeyConfig". + External string `json:"external,omitempty"` + + // The name of a KMSAutokeyConfig resource. + Name string `json:"name,omitempty"` + + // The namespace of a KMSAutokeyConfig resource. + Namespace string `json:"namespace,omitempty"` + + parent *KMSAutokeyConfigParent +} + +// NormalizedExternal provision the "External" value for other resource that depends on KMSAutokeyConfig. +// If the "External" is given in the other resource's spec.KMSAutokeyConfigRef, the given value will be used. +// Otherwise, the "Name" and "Namespace" will be used to query the actual KMSAutokeyConfig object from the cluster. +func (r *KMSAutokeyConfigRef) NormalizedExternal(ctx context.Context, reader client.Reader, otherNamespace string) (string, error) { + if r.External != "" && r.Name != "" { + return "", fmt.Errorf("cannot specify both name and external on %s reference", KMSAutokeyConfigGVK.Kind) + } + // From given External + if r.External != "" { + if _, err := ParseKMSAutokeyConfigExternal(r.External); err != nil { + return "", err + } + return r.External, nil + } + + // From the Config Connector object + if r.Namespace == "" { + r.Namespace = otherNamespace + } + key := types.NamespacedName{Name: r.Name, Namespace: r.Namespace} + u := &unstructured.Unstructured{} + u.SetGroupVersionKind(KMSAutokeyConfigGVK) + if err := reader.Get(ctx, key, u); err != nil { + if apierrors.IsNotFound(err) { + return "", k8s.NewReferenceNotFoundError(u.GroupVersionKind(), key) + } + return "", fmt.Errorf("reading referenced %s %s: %w", KMSAutokeyConfigGVK, key, err) + } + // Get external from status.externalRef. This is the most trustworthy place. + actualExternalRef, _, err := unstructured.NestedString(u.Object, "status", "externalRef") + if err != nil { + return "", fmt.Errorf("reading status.externalRef: %w", err) + } + if actualExternalRef == "" { + return "", k8s.NewReferenceNotReadyError(u.GroupVersionKind(), key) + } + r.External = actualExternalRef + return r.External, nil +} + +// New builds a KMSAutokeyConfigRef from the Config Connector KMSAutokeyConfig object. +func NewKMSAutokeyConfigRef(ctx context.Context, reader client.Reader, obj *KMSAutokeyConfig) (*KMSAutokeyConfigRef, error) { + id := &KMSAutokeyConfigRef{} + + // Get Parent + folderRef, err := refsv1beta1.ResolveFolder(ctx, reader, obj, obj.Spec.FolderRef) + if err != nil { + return nil, err + } + folderID := folderRef.FolderID + if folderID == "" { + return nil, fmt.Errorf("cannot resolve project") + } + id.parent = &KMSAutokeyConfigParent{FolderID: folderID} + + // Use approved External + externalRef := valueOf(obj.Status.ExternalRef) + if externalRef == "" { + id.External = AsKMSAutokeyConfigExternal(id.parent) + return id, nil + } + + // Validate desired with actual + actualParent, err := ParseKMSAutokeyConfigExternal(externalRef) + if err != nil { + return nil, err + } + if actualParent.FolderID != folderID { + return nil, fmt.Errorf("spec.folderRef changed, expect %s, got %s", actualParent.FolderID, folderID) + } + id.External = externalRef + id.parent = &KMSAutokeyConfigParent{FolderID: folderID} + return id, nil +} + +func (r *KMSAutokeyConfigRef) Parent() (*KMSAutokeyConfigParent, error) { + if r.parent != nil { + return r.parent, nil + } + if r.External != "" { + parent, err := ParseKMSAutokeyConfigExternal(r.External) + if err != nil { + return nil, err + } + return parent, nil + } + return nil, fmt.Errorf("KMSAutokeyConfigRef not initialized from `NewKMSAutokeyConfigRef` or `NormalizedExternal`") +} + +type KMSAutokeyConfigParent struct { + FolderID string +} + +func (p *KMSAutokeyConfigParent) String() string { + return "folders/" + p.FolderID +} + +func AsKMSAutokeyConfigExternal(parent *KMSAutokeyConfigParent) (external string) { + return parent.String() + "/autokeyConfig" +} + +func ParseKMSAutokeyConfigExternal(external string) (parent *KMSAutokeyConfigParent, err error) { + external = strings.TrimPrefix(external, "/") + tokens := strings.Split(external, "/") + if len(tokens) != 3 || tokens[0] != "folders" || tokens[2] != "autokeyConfig" { + return nil, fmt.Errorf("format of KMSAutokeyConfig external=%q was not known (use folders//autokeyConfig)", external) + } + parent = &KMSAutokeyConfigParent{ + FolderID: tokens[1], + } + return parent, nil +} + +func valueOf[T any](t *T) T { + var zeroVal T + if t == nil { + return zeroVal + } + return *t +} diff --git a/apis/kms/v1alpha1/doc.go b/apis/kms/v1alpha1/doc.go new file mode 100644 index 0000000000..194758bdfb --- /dev/null +++ b/apis/kms/v1alpha1/doc.go @@ -0,0 +1,16 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +kcc:proto=google.cloud.kms.v1 +package v1alpha1 diff --git a/apis/kms/v1alpha1/groupversion_info.go b/apis/kms/v1alpha1/groupversion_info.go new file mode 100644 index 0000000000..4cc5d2e3b4 --- /dev/null +++ b/apis/kms/v1alpha1/groupversion_info.go @@ -0,0 +1,33 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +kubebuilder:object:generate=true +// +groupName=kms.cnrm.cloud.google.com +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "kms.cnrm.cloud.google.com", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/apis/kms/v1alpha1/kmsautokeyconfig_types.go b/apis/kms/v1alpha1/kmsautokeyconfig_types.go new file mode 100644 index 0000000000..ce339fbe77 --- /dev/null +++ b/apis/kms/v1alpha1/kmsautokeyconfig_types.go @@ -0,0 +1,97 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha1 + +import ( + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1" + + refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var KMSAutokeyConfigGVK = GroupVersion.WithKind("KMSAutokeyConfig") + +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig +// +kcc:proto=google.cloud.kms.v1.AutokeyConfig +type KMSAutokeyConfigSpec struct { + + // NOTE: ResourceID field is not required for AutokeyConfig as its ID has the format folders//autokeyConfig i.e., it doesnt have any unique ID of its own and relies on folderID for uniqueness. + + // Immutable. The folder that this resource belongs to. + // +required + FolderRef *refs.FolderRef `json:"folderRef"` + + // +optional + KeyProjectRef *refs.ProjectRef `json:"keyProject,omitempty"` +} + +// KMSAutokeyConfigStatus defines the config connector machine state of KMSAutokeyConfig +type KMSAutokeyConfigStatus struct { + /* Conditions represent the latest available observations of the + object's current state. */ + Conditions []v1alpha1.Condition `json:"conditions,omitempty"` + + // ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + + // A unique specifier for the KMSAutokeyConfig resource in GCP. + ExternalRef *string `json:"externalRef,omitempty"` + + // ObservedState is the state of the resource as most recently observed in GCP. + ObservedState *KMSAutokeyConfigObservedState `json:"observedState,omitempty"` +} + +// KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig +// +kcc:proto=google.cloud.kms.v1.AutokeyConfig +type KMSAutokeyConfigObservedState struct { + // Output only. Current state of this AutokeyConfig. + // +optional + State *string `json:"state,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=gcp,shortName=gcpkmsautokeyconfig;gcpkmsautokeyconfigs +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="cnrm.cloud.google.com/managed-by-kcc=true";"cnrm.cloud.google.com/system=true" +// +kubebuilder:printcolumn:name="Age",JSONPath=".metadata.creationTimestamp",type="date" +// +kubebuilder:printcolumn:name="Ready",JSONPath=".status.conditions[?(@.type=='Ready')].status",type="string",description="When 'True', the most recent reconcile of the resource succeeded" +// +kubebuilder:printcolumn:name="Status",JSONPath=".status.conditions[?(@.type=='Ready')].reason",type="string",description="The reason for the value in 'Ready'" +// +kubebuilder:printcolumn:name="Status Age",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",type="date",description="The last transition time for the value in 'Status'" + +// KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API +// +k8s:openapi-gen=true +type KMSAutokeyConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec KMSAutokeyConfigSpec `json:"spec,omitempty"` + Status KMSAutokeyConfigStatus `json:"status,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// KMSAutokeyConfigList contains a list of KMSAutokeyConfig +type KMSAutokeyConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []KMSAutokeyConfig `json:"items"` +} + +func init() { + SchemeBuilder.Register(&KMSAutokeyConfig{}, &KMSAutokeyConfigList{}) +} diff --git a/apis/kms/v1alpha1/types.generated.go b/apis/kms/v1alpha1/types.generated.go new file mode 100644 index 0000000000..7fc498e227 --- /dev/null +++ b/apis/kms/v1alpha1/types.generated.go @@ -0,0 +1,42 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1alpha1 + +import ( + refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" +) + +// +kcc:proto=google.cloud.kms.v1.AutokeyConfig +type AutokeyConfig struct { + // Identifier. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] + // resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`. + Name *string `json:"name,omitempty"` + + // Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or + // `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new + // [CryptoKey][google.cloud.kms.v1.CryptoKey] when a + // [KeyHandle][google.cloud.kms.v1.KeyHandle] is created. On + // [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig], + // the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on + // this key project. Once configured, for Cloud KMS Autokey to function + // properly, this key project must have the Cloud KMS API activated and the + // Cloud KMS Service Agent for this key project must be granted the + // `cloudkms.admin` role (or pertinent permissions). A request with an empty + // key project field will clear the configuration. + KeyProject *refs.ProjectRef `json:"keyProject,omitempty"` + + // Output only. The state for the AutokeyConfig. + State *string `json:"state,omitempty"` +} diff --git a/apis/kms/v1alpha1/zz_generated.deepcopy.go b/apis/kms/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..7089af9da9 --- /dev/null +++ b/apis/kms/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,229 @@ +//go:build !ignore_autogenerated + +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + k8sv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutokeyConfig) DeepCopyInto(out *AutokeyConfig) { + *out = *in + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.KeyProject != nil { + in, out := &in.KeyProject, &out.KeyProject + *out = new(v1beta1.ProjectRef) + **out = **in + } + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutokeyConfig. +func (in *AutokeyConfig) DeepCopy() *AutokeyConfig { + if in == nil { + return nil + } + out := new(AutokeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfig) DeepCopyInto(out *KMSAutokeyConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfig. +func (in *KMSAutokeyConfig) DeepCopy() *KMSAutokeyConfig { + if in == nil { + return nil + } + out := new(KMSAutokeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KMSAutokeyConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigList) DeepCopyInto(out *KMSAutokeyConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KMSAutokeyConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigList. +func (in *KMSAutokeyConfigList) DeepCopy() *KMSAutokeyConfigList { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KMSAutokeyConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigObservedState) DeepCopyInto(out *KMSAutokeyConfigObservedState) { + *out = *in + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigObservedState. +func (in *KMSAutokeyConfigObservedState) DeepCopy() *KMSAutokeyConfigObservedState { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigObservedState) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigParent) DeepCopyInto(out *KMSAutokeyConfigParent) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigParent. +func (in *KMSAutokeyConfigParent) DeepCopy() *KMSAutokeyConfigParent { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigParent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigRef) DeepCopyInto(out *KMSAutokeyConfigRef) { + *out = *in + if in.parent != nil { + in, out := &in.parent, &out.parent + *out = new(KMSAutokeyConfigParent) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigRef. +func (in *KMSAutokeyConfigRef) DeepCopy() *KMSAutokeyConfigRef { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigSpec) DeepCopyInto(out *KMSAutokeyConfigSpec) { + *out = *in + if in.FolderRef != nil { + in, out := &in.FolderRef, &out.FolderRef + *out = new(v1beta1.FolderRef) + **out = **in + } + if in.KeyProjectRef != nil { + in, out := &in.KeyProjectRef, &out.KeyProjectRef + *out = new(v1beta1.ProjectRef) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigSpec. +func (in *KMSAutokeyConfigSpec) DeepCopy() *KMSAutokeyConfigSpec { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigStatus) DeepCopyInto(out *KMSAutokeyConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]k8sv1alpha1.Condition, len(*in)) + copy(*out, *in) + } + if in.ObservedGeneration != nil { + in, out := &in.ObservedGeneration, &out.ObservedGeneration + *out = new(int64) + **out = **in + } + if in.ExternalRef != nil { + in, out := &in.ExternalRef, &out.ExternalRef + *out = new(string) + **out = **in + } + if in.ObservedState != nil { + in, out := &in.ObservedState, &out.ObservedState + *out = new(KMSAutokeyConfigObservedState) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigStatus. +func (in *KMSAutokeyConfigStatus) DeepCopy() *KMSAutokeyConfigStatus { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigStatus) + in.DeepCopyInto(out) + return out +} diff --git a/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_kmsautokeyconfigs.kms.cnrm.cloud.google.com.yaml b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_kmsautokeyconfigs.kms.cnrm.cloud.google.com.yaml new file mode 100644 index 0000000000..9b30f7086b --- /dev/null +++ b/config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_kmsautokeyconfigs.kms.cnrm.cloud.google.com.yaml @@ -0,0 +1,187 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 0.0.0-dev + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/system: "true" + name: kmsautokeyconfigs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSAutokeyConfig + listKind: KMSAutokeyConfigList + plural: kmsautokeyconfigs + shortNames: + - gcpkmsautokeyconfig + - gcpkmsautokeyconfigs + singular: kmsautokeyconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KMSAutokeyConfig is the Schema for the KMSAutokeyConfig API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KMSAutokeyConfigSpec defines the desired state of KMSAutokeyConfig + properties: + folderRef: + description: Immutable. The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The 'name' field of a folder, when not managed by + Config Connector. This field must be set when 'name' field is + not set. + type: string + name: + description: The 'name' field of a 'Folder' resource. This field + must be set when 'external' field is not set. + type: string + namespace: + description: The 'namespace' field of a 'Folder' resource. If + unset, the namespace is defaulted to the namespace of the referencer + resource. + type: string + type: object + keyProject: + description: The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: The `projectID` field of a project, when not managed + by Config Connector. + type: string + kind: + description: The kind of the Project resource; optional but must + be `Project` if provided. + type: string + name: + description: The `name` field of a `Project` resource. + type: string + namespace: + description: The `namespace` field of a `Project` resource. + type: string + type: object + required: + - folderRef + type: object + status: + description: KMSAutokeyConfigStatus defines the config connector machine + state of KMSAutokeyConfig + properties: + conditions: + description: Conditions represent the latest available observations + of the object's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + externalRef: + description: A unique specifier for the KMSAutokeyConfig resource + in GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + format: int64 + type: integer + observedState: + description: ObservedState is the state of the resource as most recently + observed in GCP. + properties: + state: + description: Output only. Current state of this AutokeyConfig. + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/tests/samples/create/harness.go b/config/tests/samples/create/harness.go index 3d3d86a17a..94094d6300 100644 --- a/config/tests/samples/create/harness.go +++ b/config/tests/samples/create/harness.go @@ -769,6 +769,7 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured case schema.GroupKind{Group: "kms.cnrm.cloud.google.com", Kind: "KMSKeyRing"}: case schema.GroupKind{Group: "kms.cnrm.cloud.google.com", Kind: "KMSCryptoKey"}: + case schema.GroupKind{Group: "kms.cnrm.cloud.google.com", Kind: "KMSAutokeyConfig"}: case schema.GroupKind{Group: "logging.cnrm.cloud.google.com", Kind: "LoggingLogMetric"}: case schema.GroupKind{Group: "logging.cnrm.cloud.google.com", Kind: "LoggingLogBucket"}: diff --git a/dev/tools/controllerbuilder/pkg/codegen/mappergenerator.go b/dev/tools/controllerbuilder/pkg/codegen/mappergenerator.go index 6a98d3f474..00bcc2a0de 100644 --- a/dev/tools/controllerbuilder/pkg/codegen/mappergenerator.go +++ b/dev/tools/controllerbuilder/pkg/codegen/mappergenerator.go @@ -728,6 +728,8 @@ func krmFromProtoFunctionName(protoField protoreflect.FieldDescriptor, krmFieldN return krmFieldName + "_FromProto" case "google.protobuf.Duration": return "direct.StringDuration_FromProto" + case "google.protobuf.Int64Value": + return "direct.Int64Value_FromProto" } klog.Fatalf("unhandled case in krmFromProtoFunctionName for proto field %s", fullname) return "" @@ -742,6 +744,8 @@ func krmToProtoFunctionName(protoField protoreflect.FieldDescriptor, krmFieldNam return krmFieldName + "_ToProto" case "google.protobuf.Duration": return "direct.StringDuration_ToProto" + case "google.protobuf.Int64Value": + return "direct.Int64Value_ToProto" } klog.Fatalf("unhandled case in krmToProtoFunctionName for proto field %s", fullname) return "" diff --git a/go.mod b/go.mod index e960375465..5dea0b31e6 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( cloud.google.com/go/dataflow v0.10.0 cloud.google.com/go/dataform v0.10.0 cloud.google.com/go/firestore v1.16.0 + cloud.google.com/go/kms v1.20.0 cloud.google.com/go/gkemulticloud v1.3.0 cloud.google.com/go/iam v1.2.0 cloud.google.com/go/monitoring v1.21.0 @@ -61,14 +62,14 @@ require ( github.com/zclconf/go-cty v1.13.0 go.opencensus.io v0.24.0 go.uber.org/zap v1.26.0 - golang.org/x/oauth2 v0.22.0 + golang.org/x/oauth2 v0.23.0 golang.org/x/sync v0.8.0 golang.org/x/time v0.6.0 - google.golang.org/api v0.196.0 + google.golang.org/api v0.197.0 google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 - google.golang.org/grpc v1.66.0 + google.golang.org/grpc v1.66.2 google.golang.org/protobuf v1.34.2 gopkg.in/dnaeon/go-vcr.v3 v3.2.0 gopkg.in/yaml.v2 v2.4.0 @@ -93,7 +94,7 @@ require ( cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/bigtable v1.31.0 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/longrunning v0.6.0 // indirect + cloud.google.com/go/longrunning v0.6.1 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect @@ -147,7 +148,7 @@ require ( github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/gosimple/unidecode v1.0.1 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect @@ -227,13 +228,13 @@ require ( go.opentelemetry.io/otel/trace v1.29.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect go.uber.org/multierr v1.10.0 // indirect - golang.org/x/crypto v0.26.0 // indirect + golang.org/x/crypto v0.27.0 // indirect golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/tools v0.22.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect diff --git a/go.sum b/go.sum index 0d770c01e1..551d56f975 100644 --- a/go.sum +++ b/go.sum @@ -59,6 +59,8 @@ cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/firestore v1.16.0 h1:YwmDHcyrxVRErWcgxunzEaZxtNbc8QoFYA/JOEwDPgc= cloud.google.com/go/firestore v1.16.0/go.mod h1:+22v/7p+WNBSQwdSwP57vz47aZiY+HrDkrOsJNhk7rg= +cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY= +cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= cloud.google.com/go/gkemulticloud v1.3.0 h1:4wJPaNK7HFYLniVqMue+Eo/SpX+yf+aMvRITjUpirgM= cloud.google.com/go/gkemulticloud v1.3.0/go.mod h1:XmcOUQ+hJI62fi/klCjEGs6lhQ56Zjs14sGPXsGP0mE= cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= @@ -517,8 +519,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= -github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -1041,8 +1043,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1147,8 +1149,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1161,8 +1163,8 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1263,8 +1265,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1272,8 +1274,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1289,8 +1291,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1399,8 +1401,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= -google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= -google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= +google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= +google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1481,8 +1483,8 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/mockgcp/apis/mockgcp/cloud/kms/v1/service.proto b/mockgcp/apis/mockgcp/cloud/kms/v1/service.proto new file mode 100644 index 0000000000..8353a87def --- /dev/null +++ b/mockgcp/apis/mockgcp/cloud/kms/v1/service.proto @@ -0,0 +1,1304 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto2"; +package mockgcp.cloud.kms.v1; +import "google/api/annotations.proto"; +import "google/longrunning/operations.proto"; +import "google/protobuf/any.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; +option go_package = "cloud.google.com/go/kms/apiv1/kmspb;kmspb"; + +service FoldersServer { + + // Returns the AutokeyConfig for a folder. + rpc GetAutokeyConfigFolder(GetAutokeyConfigFolderRequest) returns (AutokeyConfig) { + option (google.api.http) = { + get: "/v1/{name=folders/*/autokeyConfig}" + }; + }; + + // Updates the AutokeyConfig for a folder. The caller must have both `cloudkms.autokeyConfigs.update` permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey. + rpc UpdateAutokeyConfigFolder(UpdateAutokeyConfigFolderRequest) returns (AutokeyConfig) { + option (google.api.http) = { + patch: "/v1/{name=folders/*/autokeyConfig}" + body: "folder" + }; + }; +} + +service ProjectsServer { + + // Returns the effective Cloud KMS Autokey configuration for a given project. + rpc ShowEffectiveAutokeyConfigProject(ShowEffectiveAutokeyConfigProjectRequest) returns (ShowEffectiveAutokeyConfigResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*}:showEffectiveAutokeyConfig" + }; + }; +} + +service ProjectsLocationsServer { + + // Generate random bytes using the Cloud KMS randomness source in the provided location. + rpc GenerateRandomBytesProjectsLocation(GenerateRandomBytesProjectsLocationRequest) returns (GenerateRandomBytesResponse) { + option (google.api.http) = { + post: "/v1/{location=projects/*/locations/*}:generateRandomBytes" + body: "projects_location" + }; + }; + + // Gets information about a location. + rpc GetProjectsLocation(GetProjectsLocationRequest) returns (Location) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*}" + }; + }; + + // Returns the EkmConfig singleton resource for a given project and location. + rpc GetEkmConfigProjectsLocation(GetEkmConfigProjectsLocationRequest) returns (EkmConfig) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/ekmConfig}" + }; + }; + + // Lists information about the supported locations for this service. + rpc ListProjectsLocations(ListProjectsLocationsRequest) returns (ListLocationsResponse) { + option (google.api.http) = { + get: "/v1/{name=projects/*}/locations" + }; + }; + + // Updates the EkmConfig singleton resource for a given project and location. + rpc UpdateEkmConfigProjectsLocation(UpdateEkmConfigProjectsLocationRequest) returns (EkmConfig) { + option (google.api.http) = { + patch: "/v1/{name=projects/*/locations/*/ekmConfig}" + body: "projects_location" + }; + }; +} + +service ProjectsLocationsEkmConfigServer { +} + +service ProjectsLocationsEkmConnectionsServer { + + // Creates a new EkmConnection in a given Project and Location. + rpc CreateProjectsLocationsEkmConnection(CreateProjectsLocationsEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/ekmConnections" + body: "projects_locations_ekm_connection" + }; + }; + + // Returns metadata for a given EkmConnection. + rpc GetProjectsLocationsEkmConnection(GetProjectsLocationsEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/ekmConnections/*}" + }; + }; + + // Lists EkmConnections. + rpc ListProjectsLocationsEkmConnections(ListProjectsLocationsEkmConnectionsRequest) returns (ListEkmConnectionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/ekmConnections" + }; + }; + + // Updates an EkmConnection's metadata. + rpc PatchProjectsLocationsEkmConnection(PatchProjectsLocationsEkmConnectionRequest) returns (EkmConnection) { + option (google.api.http) = { + patch: "/v1/{name=projects/*/locations/*/ekmConnections/*}" + body: "projects_locations_ekm_connection" + }; + }; + + // Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors. + rpc VerifyConnectivityProjectsLocationsEkmConnection(VerifyConnectivityProjectsLocationsEkmConnectionRequest) returns (VerifyConnectivityResponse) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/ekmConnections/*}:verifyConnectivity" + }; + }; +} + +service ProjectsLocationsKeyHandlesServer { + + // Creates a new KeyHandle, triggering the provisioning of a new CryptoKey for CMEK use with the given resource type in the configured key project and the same location. GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and CryptoKey. + rpc CreateProjectsLocationsKeyHandle(CreateProjectsLocationsKeyHandleRequest) returns (.google.longrunning.Operation) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/keyHandles" + body: "projects_locations_key_handle" + }; + }; + + // Returns the KeyHandle. + rpc GetProjectsLocationsKeyHandle(GetProjectsLocationsKeyHandleRequest) returns (KeyHandle) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyHandles/*}" + }; + }; + + // Lists KeyHandles. + rpc ListProjectsLocationsKeyHandles(ListProjectsLocationsKeyHandlesRequest) returns (ListKeyHandlesResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/keyHandles" + }; + }; +} + +service ProjectsLocationsKeyRingsServer { + + // Create a new KeyRing in a given Project and Location. + rpc CreateProjectsLocationsKeyRing(CreateProjectsLocationsKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/keyRings" + body: "projects_locations_key_ring" + }; + }; + + // Returns metadata for a given KeyRing. + rpc GetProjectsLocationsKeyRing(GetProjectsLocationsKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*}" + }; + }; + + // Lists KeyRings. + rpc ListProjectsLocationsKeyRings(ListProjectsLocationsKeyRingsRequest) returns (ListKeyRingsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/keyRings" + }; + }; +} + +service ProjectsLocationsKeyRingsCryptoKeysServer { + + // Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. + rpc CreateProjectsLocationsKeyRingsCryptoKey(CreateProjectsLocationsKeyRingsCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + body: "projects_locations_key_rings_crypto_key" + }; + }; + + // Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT. + rpc DecryptProjectsLocationsKeyRingsCryptoKey(DecryptProjectsLocationsKeyRingsCryptoKeyRequest) returns (DecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" + body: "projects_locations_key_rings_crypto_key" + }; + }; + + // Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT. + rpc EncryptProjectsLocationsKeyRingsCryptoKey(EncryptProjectsLocationsKeyRingsCryptoKeyRequest) returns (EncryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/.*}:encrypt" + body: "projects_locations_key_rings_crypto_key" + }; + }; + + // Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion. + rpc GetProjectsLocationsKeyRingsCryptoKey(GetProjectsLocationsKeyRingsCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + }; + }; + + // Lists CryptoKeys. + rpc ListProjectsLocationsKeyRingsCryptoKeys(ListProjectsLocationsKeyRingsCryptoKeysRequest) returns (ListCryptoKeysResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + }; + }; + + // Update a CryptoKey. + rpc PatchProjectsLocationsKeyRingsCryptoKey(PatchProjectsLocationsKeyRingsCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + patch: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + body: "projects_locations_key_rings_crypto_key" + }; + }; + + // Update the version of a CryptoKey that will be used in Encrypt. Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT. + rpc UpdatePrimaryVersionProjectsLocationsKeyRingsCryptoKey(UpdatePrimaryVersionProjectsLocationsKeyRingsCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" + body: "projects_locations_key_rings_crypto_key" + }; + }; +} + +service ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsServer { + + // Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT. + rpc AsymmetricDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(AsymmetricDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (AsymmetricDecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey. + rpc AsymmetricSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(AsymmetricSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (AsymmetricSignResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED. + rpc CreateProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(CreateProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Schedule a CryptoKeyVersion for destruction. Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed. Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process. + rpc DestroyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(DestroyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Returns metadata for a given CryptoKeyVersion. + rpc GetProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(GetProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + }; + }; + + // Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT. + rpc GetPublicKeyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(GetPublicKeyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (PublicKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" + }; + }; + + // Import wrapped key material into a CryptoKeyVersion. All requests must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey. + rpc ImportProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(ImportProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Lists CryptoKeyVersions. + rpc ListProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersions(ListProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRequest) returns (ListCryptoKeyVersionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + }; + }; + + // Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key. + rpc MacSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(MacSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (MacSignResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macSign" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful. + rpc MacVerifyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(MacVerifyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (MacVerifyResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macVerify" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Update a CryptoKeyVersion's metadata. state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states. + rpc PatchProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(PatchProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + patch: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Decrypts data that was originally encrypted using a raw cryptographic mechanism. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT. + rpc RawDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(RawDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (RawDecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawDecrypt" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Encrypts data using portable cryptographic primitives. Most users should choose Encrypt and Decrypt rather than their raw counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT. + rpc RawEncryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(RawEncryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (RawEncryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawEncrypt" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; + + // Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared. + rpc RestoreProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersion(RestoreProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest) returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" + body: "projects_locations_key_rings_crypto_keys_crypto_key_version" + }; + }; +} + +service ProjectsLocationsKeyRingsImportJobsServer { + + // Create a new ImportJob within a KeyRing. ImportJob.import_method is required. + rpc CreateProjectsLocationsKeyRingsImportJob(CreateProjectsLocationsKeyRingsImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + body: "projects_locations_key_rings_import_job" + }; + }; + + // Returns metadata for a given ImportJob. + rpc GetProjectsLocationsKeyRingsImportJob(GetProjectsLocationsKeyRingsImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" + }; + }; + + // Lists ImportJobs. + rpc ListProjectsLocationsKeyRingsImportJobs(ListProjectsLocationsKeyRingsImportJobsRequest) returns (ListImportJobsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + }; + }; +} + + // Request message for KeyManagementService.AsymmetricDecrypt. +message AsymmetricDecryptRequest { + // Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP. + optional bytes ciphertext = 1 [json_name="ciphertext"]; + // Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 ciphertext_crc32c = 2 [json_name="ciphertextCrc32c"]; +} + + // Response message for KeyManagementService.AsymmetricDecrypt. +message AsymmetricDecryptResponse { + // The decrypted data originally encrypted with the matching public key. + optional bytes plaintext = 1 [json_name="plaintext"]; + // Integrity verification field. A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An integrity check of AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 plaintext_crc32c = 2 [json_name="plaintextCrc32c"]; + // The ProtectionLevel of the CryptoKeyVersion used in decryption. + optional string protection_level = 3 [json_name="protectionLevel"]; + // Integrity verification field. A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_ciphertext_crc32c = 4 [json_name="verifiedCiphertextCrc32c"]; +} + + // Request message for KeyManagementService.AsymmetricSign. +message AsymmetricSignRequest { + // Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.digest is supplied. + optional bytes data = 1 [json_name="data"]; + // Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.data) is equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 data_crc32c = 2 [json_name="dataCrc32c"]; + // Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied. + optional Digest digest = 3 [json_name="digest"]; + // Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 digest_crc32c = 4 [json_name="digestCrc32c"]; +} + + // Response message for KeyManagementService.AsymmetricSign. +message AsymmetricSignResponse { + // The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing. + optional string name = 1 [json_name="name"]; + // The ProtectionLevel of the CryptoKeyVersion used for signing. + optional string protection_level = 2 [json_name="protectionLevel"]; + // The created signature. + optional bytes signature = 3 [json_name="signature"]; + // Integrity verification field. A CRC32C checksum of the returned AsymmetricSignResponse.signature. An integrity check of AsymmetricSignResponse.signature can be performed by computing the CRC32C checksum of AsymmetricSignResponse.signature and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 signature_crc32c = 4 [json_name="signatureCrc32c"]; + // Integrity verification field. A flag indicating whether AsymmetricSignRequest.data_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that AsymmetricSignRequest.data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_data_crc32c = 5 [json_name="verifiedDataCrc32c"]; + // Integrity verification field. A flag indicating whether AsymmetricSignRequest.digest_crc32c was received by KeyManagementService and used for the integrity verification of the digest. A false value of this field indicates either that AsymmetricSignRequest.digest_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set AsymmetricSignRequest.digest_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_digest_crc32c = 6 [json_name="verifiedDigestCrc32c"]; +} + + // Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. +message AuditConfig { + // The configuration for logging of each type of permission. + repeated AuditLogConfig audit_log_configs = 1 [json_name="auditLogConfigs"]; + // Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. + optional string service = 2 [json_name="service"]; +} + + // Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. +message AuditLogConfig { + // Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. + repeated string exempted_members = 1 [json_name="exemptedMembers"]; + // The log type that this config enables. + optional string log_type = 2 [json_name="logType"]; +} + + // Cloud KMS Autokey configuration for a folder. +message AutokeyConfig { + // Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new CryptoKey when a KeyHandle is created. On UpdateAutokeyConfig, the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on this key project. Once configured, for Cloud KMS Autokey to function properly, this key project must have the Cloud KMS API activated and the Cloud KMS Service Agent for this key project must be granted the `cloudkms.admin` role (or pertinent permissions). A request with an empty key project field will clear the configuration. + optional string key_project = 1 [json_name="keyProject"]; + // Identifier. Name of the AutokeyConfig resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`. + optional string name = 2 [json_name="name"]; + // Output only. The state for the AutokeyConfig. + optional string state = 3 [json_name="state"]; +} + + // Associates `members`, or principals, with a `role`. +message Binding { + // The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + optional Expr condition = 1 [json_name="condition"]; + // Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + repeated string members = 2 [json_name="members"]; + // Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). + optional string role = 3 [json_name="role"]; +} + + // A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas. +message Certificate { + // Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true. + optional string issuer = 1 [json_name="issuer"]; + // Output only. The certificate is not valid after this time. Only present if parsed is true. + optional .google.protobuf.Timestamp not_after_time = 2 [json_name="notAfterTime"]; + // Output only. The certificate is not valid before this time. Only present if parsed is true. + optional .google.protobuf.Timestamp not_before_time = 3 [json_name="notBeforeTime"]; + // Output only. True if the certificate was parsed successfully. + optional bool parsed = 4 [json_name="parsed"]; + // Required. The raw certificate bytes in DER format. + optional bytes raw_der = 5 [json_name="rawDer"]; + // Output only. The certificate serial number as a hex string. Only present if parsed is true. + optional string serial_number = 6 [json_name="serialNumber"]; + // Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true. + optional string sha256_fingerprint = 7 [json_name="sha256Fingerprint"]; + // Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true. + optional string subject = 8 [json_name="subject"]; + // Output only. The subject Alternative DNS names. Only present if parsed is true. + repeated string subject_alternative_dns_names = 9 [json_name="subjectAlternativeDnsNames"]; +} + + // Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. +message CertificateChains { + // Cavium certificate chain corresponding to the attestation. + repeated string cavium_certs = 1 [json_name="caviumCerts"]; + // Google card certificate chain corresponding to the attestation. + repeated string google_card_certs = 2 [json_name="googleCardCerts"]; + // Google partition certificate chain corresponding to the attestation. + repeated string google_partition_certs = 3 [json_name="googlePartitionCerts"]; +} + + // A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations. +message CryptoKey { + // Output only. The time at which this CryptoKey was created. + optional .google.protobuf.Timestamp create_time = 1 [json_name="createTime"]; + // Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format `projects/*/locations/*/ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future. + optional string crypto_key_backend = 2 [json_name="cryptoKeyBackend"]; + // Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days. + optional .google.protobuf.Duration destroy_scheduled_duration = 3 [json_name="destroyScheduledDuration"]; + // Immutable. Whether this key may contain imported versions only. + optional bool import_only = 4 [json_name="importOnly"]; + // Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. + optional KeyAccessJustificationsPolicy key_access_justifications_policy = 5 [json_name="keyAccessJustificationsPolicy"]; + // Labels with user-defined metadata. For more information, see [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). + map labels = 6 [json_name="labels"]; + // Output only. The resource name for this CryptoKey in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + optional string name = 7 [json_name="name"]; + // At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted. + optional .google.protobuf.Timestamp next_rotation_time = 8 [json_name="nextRotationTime"]; + // Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted. + optional CryptoKeyVersion primary = 9 [json_name="primary"]; + // Immutable. The immutable purpose of this CryptoKey. + optional string purpose = 10 [json_name="purpose"]; + // next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted. + optional .google.protobuf.Duration rotation_period = 11 [json_name="rotationPeriod"]; + // A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template. + optional CryptoKeyVersionTemplate version_template = 12 [json_name="versionTemplate"]; +} + + // A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. +message CryptoKeyVersion { + // Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. + optional string algorithm = 1 [json_name="algorithm"]; + // Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM. + optional KeyOperationAttestation attestation = 2 [json_name="attestation"]; + // Output only. The time at which this CryptoKeyVersion was created. + optional .google.protobuf.Timestamp create_time = 3 [json_name="createTime"]; + // Output only. The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED. + optional .google.protobuf.Timestamp destroy_event_time = 4 [json_name="destroyEventTime"]; + // Output only. The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED. + optional .google.protobuf.Timestamp destroy_time = 5 [json_name="destroyTime"]; + // Output only. The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED. + optional string external_destruction_failure_reason = 6 [json_name="externalDestructionFailureReason"]; + // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + optional ExternalProtectionLevelOptions external_protection_level_options = 7 [json_name="externalProtectionLevelOptions"]; + // Output only. The time this CryptoKeyVersion's key material was generated. + optional .google.protobuf.Timestamp generate_time = 8 [json_name="generateTime"]; + // Output only. The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED. + optional string generation_failure_reason = 9 [json_name="generationFailureReason"]; + // Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED. + optional string import_failure_reason = 10 [json_name="importFailureReason"]; + // Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported. + optional string import_job = 11 [json_name="importJob"]; + // Output only. The time at which this CryptoKeyVersion's key material was most recently imported. + optional .google.protobuf.Timestamp import_time = 12 [json_name="importTime"]; + // Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + optional string name = 13 [json_name="name"]; + // Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. + optional string protection_level = 14 [json_name="protectionLevel"]; + // Output only. Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version. + optional bool reimport_eligible = 15 [json_name="reimportEligible"]; + // The current state of the CryptoKeyVersion. + optional string state = 16 [json_name="state"]; +} + + // A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation. +message CryptoKeyVersionTemplate { + // Required. Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT. + optional string algorithm = 1 [json_name="algorithm"]; + // ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE. + optional string protection_level = 2 [json_name="protectionLevel"]; +} + + // Request message for KeyManagementService.Decrypt. +message DecryptRequest { + // Optional. Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data. + optional bytes additional_authenticated_data = 1 [json_name="additionalAuthenticatedData"]; + // Optional. An optional CRC32C checksum of the DecryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.additional_authenticated_data) is equal to DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 additional_authenticated_data_crc32c = 2 [json_name="additionalAuthenticatedDataCrc32c"]; + // Required. The encrypted data originally returned in EncryptResponse.ciphertext. + optional bytes ciphertext = 3 [json_name="ciphertext"]; + // Optional. An optional CRC32C checksum of the DecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.ciphertext) is equal to DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 ciphertext_crc32c = 4 [json_name="ciphertextCrc32c"]; +} + + // Response message for KeyManagementService.Decrypt. +message DecryptResponse { + // The decrypted data originally supplied in EncryptRequest.plaintext. + optional bytes plaintext = 1 [json_name="plaintext"]; + // Integrity verification field. A CRC32C checksum of the returned DecryptResponse.plaintext. An integrity check of DecryptResponse.plaintext can be performed by computing the CRC32C checksum of DecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that KeyManagementService is able to successfully decrypt the ciphertext. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 plaintext_crc32c = 2 [json_name="plaintextCrc32c"]; + // The ProtectionLevel of the CryptoKeyVersion used in decryption. + optional string protection_level = 3 [json_name="protectionLevel"]; + // Whether the Decryption was performed using the primary key version. + optional bool used_primary = 4 [json_name="usedPrimary"]; +} + + // Request message for KeyManagementService.DestroyCryptoKeyVersion. +message DestroyCryptoKeyVersionRequest { +} + + // A Digest holds a cryptographic message digest. +message Digest { + // A message digest produced with the SHA-256 algorithm. + optional bytes sha256 = 1 [json_name="sha256"]; + // A message digest produced with the SHA-384 algorithm. + optional bytes sha384 = 2 [json_name="sha384"]; + // A message digest produced with the SHA-512 algorithm. + optional bytes sha512 = 3 [json_name="sha512"]; +} + + // An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location. +message EkmConfig { + // Optional. Resource name of the default EkmConnection. Setting this field to the empty string removes the default. + optional string default_ekm_connection = 1 [json_name="defaultEkmConnection"]; + // Output only. The resource name for the EkmConfig in the format `projects/*/locations/*/ekmConfig`. + optional string name = 2 [json_name="name"]; +} + + // An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection. +message EkmConnection { + // Output only. The time at which the EkmConnection was created. + optional .google.protobuf.Timestamp create_time = 1 [json_name="createTime"]; + // Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. + optional string crypto_space_path = 2 [json_name="cryptoSpacePath"]; + // Optional. Etag of the currently stored EkmConnection. + optional string etag = 3 [json_name="etag"]; + // Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL. + optional string key_management_mode = 4 [json_name="keyManagementMode"]; + // Output only. The resource name for the EkmConnection in the format `projects/*/locations/*/ekmConnections/*`. + optional string name = 5 [json_name="name"]; + // Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported. + repeated ServiceResolver service_resolvers = 6 [json_name="serviceResolvers"]; +} + + // Request message for KeyManagementService.Encrypt. +message EncryptRequest { + // Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. + optional bytes additional_authenticated_data = 1 [json_name="additionalAuthenticatedData"]; + // Optional. An optional CRC32C checksum of the EncryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.additional_authenticated_data) is equal to EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 additional_authenticated_data_crc32c = 2 [json_name="additionalAuthenticatedDataCrc32c"]; + // Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. + optional bytes plaintext = 3 [json_name="plaintext"]; + // Optional. An optional CRC32C checksum of the EncryptRequest.plaintext. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.plaintext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.plaintext) is equal to EncryptRequest.plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 plaintext_crc32c = 4 [json_name="plaintextCrc32c"]; +} + + // Response message for KeyManagementService.Encrypt. +message EncryptResponse { + // The encrypted data. + optional bytes ciphertext = 1 [json_name="ciphertext"]; + // Integrity verification field. A CRC32C checksum of the returned EncryptResponse.ciphertext. An integrity check of EncryptResponse.ciphertext can be performed by computing the CRC32C checksum of EncryptResponse.ciphertext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 ciphertext_crc32c = 2 [json_name="ciphertextCrc32c"]; + // The resource name of the CryptoKeyVersion used in encryption. Check this field to verify that the intended resource was used for encryption. + optional string name = 3 [json_name="name"]; + // The ProtectionLevel of the CryptoKeyVersion used in encryption. + optional string protection_level = 4 [json_name="protectionLevel"]; + // Integrity verification field. A flag indicating whether EncryptRequest.additional_authenticated_data_crc32c was received by KeyManagementService and used for the integrity verification of the AAD. A false value of this field indicates either that EncryptRequest.additional_authenticated_data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set EncryptRequest.additional_authenticated_data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_additional_authenticated_data_crc32c = 5 [json_name="verifiedAdditionalAuthenticatedDataCrc32c"]; + // Integrity verification field. A flag indicating whether EncryptRequest.plaintext_crc32c was received by KeyManagementService and used for the integrity verification of the plaintext. A false value of this field indicates either that EncryptRequest.plaintext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set EncryptRequest.plaintext_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_plaintext_crc32c = 6 [json_name="verifiedPlaintextCrc32c"]; +} + + // Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. +message Expr { + // Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. + optional string description = 1 [json_name="description"]; + // Textual representation of an expression in Common Expression Language syntax. + optional string expression = 2 [json_name="expression"]; + // Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. + optional string location = 3 [json_name="location"]; + // Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. + optional string title = 4 [json_name="title"]; +} + + // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. +message ExternalProtectionLevelOptions { + // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection. + optional string ekm_connection_key_path = 1 [json_name="ekmConnectionKeyPath"]; + // The URI for an external resource that this CryptoKeyVersion represents. + optional string external_key_uri = 2 [json_name="externalKeyUri"]; +} + + // Request message for KeyManagementService.GenerateRandomBytes. +message GenerateRandomBytesRequest { + // The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes. + optional int32 length_bytes = 1 [json_name="lengthBytes"]; + // The ProtectionLevel to use when generating the random data. Currently, only HSM protection level is supported. + optional string protection_level = 2 [json_name="protectionLevel"]; +} + + // Response message for KeyManagementService.GenerateRandomBytes. +message GenerateRandomBytesResponse { + // The generated data. + optional bytes data = 1 [json_name="data"]; + // Integrity verification field. A CRC32C checksum of the returned GenerateRandomBytesResponse.data. An integrity check of GenerateRandomBytesResponse.data can be performed by computing the CRC32C checksum of GenerateRandomBytesResponse.data and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 data_crc32c = 2 [json_name="dataCrc32c"]; +} + + // Request message for KeyManagementService.ImportCryptoKeyVersion. +message ImportCryptoKeyVersionRequest { + // Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into. + optional string algorithm = 1 [json_name="algorithm"]; + // Optional. The optional name of an existing CryptoKeyVersion to target for an import operation. If this field is not present, a new CryptoKeyVersion containing the supplied key material is created. If this field is present, the supplied key material is imported into the existing CryptoKeyVersion. To import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of ImportCryptoKeyVersionRequest.parent, have been previously created via ImportCryptoKeyVersion, and be in DESTROYED or IMPORT_FAILED state. The key material and algorithm must match the previous CryptoKeyVersion exactly if the CryptoKeyVersion has ever contained key material. + optional string crypto_key_version = 2 [json_name="cryptoKeyVersion"]; + // Required. The name of the ImportJob that was used to wrap this key material. + optional string import_job = 3 [json_name="importJob"]; + // Optional. This field has the same meaning as wrapped_key. Prefer to use that field in new work. Either that field or this field (but not both) must be specified. + optional bytes rsa_aes_wrapped_key = 4 [json_name="rsaAesWrappedKey"]; + // Optional. The wrapped key material to import. Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or RSA_OAEP_4096_SHA256_AES_256), this field must contain the concatenation of: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label. 2. The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256), this field must contain the formatted key to be imported, wrapped with the public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label. + optional bytes wrapped_key = 5 [json_name="wrappedKey"]; +} + + // An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). +message ImportJob { + // Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. + optional KeyOperationAttestation attestation = 1 [json_name="attestation"]; + // Output only. The time at which this ImportJob was created. + optional .google.protobuf.Timestamp create_time = 2 [json_name="createTime"]; + // Output only. The time this ImportJob expired. Only present if state is EXPIRED. + optional .google.protobuf.Timestamp expire_event_time = 3 [json_name="expireEventTime"]; + // Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material. + optional .google.protobuf.Timestamp expire_time = 4 [json_name="expireTime"]; + // Output only. The time this ImportJob's key material was generated. + optional .google.protobuf.Timestamp generate_time = 5 [json_name="generateTime"]; + // Required. Immutable. The wrapping method to be used for incoming key material. + optional string import_method = 6 [json_name="importMethod"]; + // Output only. The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`. + optional string name = 7 [json_name="name"]; + // Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into. + optional string protection_level = 8 [json_name="protectionLevel"]; + // Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE. + optional WrappingPublicKey public_key = 9 [json_name="publicKey"]; + // Output only. The current state of the ImportJob, indicating if it can be used. + optional string state = 10 [json_name="state"]; +} + + // A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason values for encrypt, decrypt, and sign operations on a CryptoKey. +message KeyAccessJustificationsPolicy { + // The list of allowed reasons for access to a CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for the CryptoKey associated with this policy will fail. + repeated string allowed_access_reasons = 1 [json_name="allowedAccessReasons"]; +} + + // Resource-oriented representation of a request to Cloud KMS Autokey and the resulting provisioning of a CryptoKey. +message KeyHandle { + // Output only. Name of a CryptoKey that has been provisioned for Customer Managed Encryption Key (CMEK) use in the KeyHandle project and location for the requested resource type. The CryptoKey project will reflect the value configured in the AutokeyConfig on the resource project's ancestor folder at the time of the KeyHandle creation. If more than one ancestor folder has a configured AutokeyConfig, the nearest of these configurations is used. + optional string kms_key = 1 [json_name="kmsKey"]; + // Identifier. Name of the KeyHandle resource, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`. + optional string name = 2 [json_name="name"]; + // Required. Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See documentation for supported resource types. + optional string resource_type_selector = 3 [json_name="resourceTypeSelector"]; +} + + // Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). +message KeyOperationAttestation { + // Output only. The certificate chains needed to validate the attestation + optional CertificateChains cert_chains = 1 [json_name="certChains"]; + // Output only. The attestation data provided by the HSM when the key operation was performed. + optional bytes content = 2 [json_name="content"]; + // Output only. The format of the attestation data. + optional string format = 3 [json_name="format"]; +} + + // A KeyRing is a toplevel logical grouping of CryptoKeys. +message KeyRing { + // Output only. The time at which this KeyRing was created. + optional .google.protobuf.Timestamp create_time = 1 [json_name="createTime"]; + // Output only. The resource name for the KeyRing in the format `projects/*/locations/*/keyRings/*`. + optional string name = 2 [json_name="name"]; +} + + // Response message for KeyManagementService.ListCryptoKeyVersions. +message ListCryptoKeyVersionsResponse { + // The list of CryptoKeyVersions. + repeated CryptoKeyVersion crypto_key_versions = 1 [json_name="cryptoKeyVersions"]; + // A token to retrieve next page of results. Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; + // The total number of CryptoKeyVersions that matched the query. + optional int32 total_size = 3 [json_name="totalSize"]; +} + + // Response message for KeyManagementService.ListCryptoKeys. +message ListCryptoKeysResponse { + // The list of CryptoKeys. + repeated CryptoKey crypto_keys = 1 [json_name="cryptoKeys"]; + // A token to retrieve next page of results. Pass this value in ListCryptoKeysRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; + // The total number of CryptoKeys that matched the query. + optional int32 total_size = 3 [json_name="totalSize"]; +} + + // Response message for EkmService.ListEkmConnections. +message ListEkmConnectionsResponse { + // The list of EkmConnections. + repeated EkmConnection ekm_connections = 1 [json_name="ekmConnections"]; + // A token to retrieve next page of results. Pass this value in ListEkmConnectionsRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; + // The total number of EkmConnections that matched the query. + optional int32 total_size = 3 [json_name="totalSize"]; +} + + // Response message for KeyManagementService.ListImportJobs. +message ListImportJobsResponse { + // The list of ImportJobs. + repeated ImportJob import_jobs = 1 [json_name="importJobs"]; + // A token to retrieve next page of results. Pass this value in ListImportJobsRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; + // The total number of ImportJobs that matched the query. + optional int32 total_size = 3 [json_name="totalSize"]; +} + + // Response message for Autokey.ListKeyHandles. +message ListKeyHandlesResponse { + // Resulting KeyHandles. + repeated KeyHandle key_handles = 1 [json_name="keyHandles"]; + // A token to retrieve next page of results. Pass this value in ListKeyHandlesRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; +} + + // Response message for KeyManagementService.ListKeyRings. +message ListKeyRingsResponse { + // The list of KeyRings. + repeated KeyRing key_rings = 1 [json_name="keyRings"]; + // A token to retrieve next page of results. Pass this value in ListKeyRingsRequest.page_token to retrieve the next page of results. + optional string next_page_token = 2 [json_name="nextPageToken"]; + // The total number of KeyRings that matched the query. + optional int32 total_size = 3 [json_name="totalSize"]; +} + + // The response message for Locations.ListLocations. +message ListLocationsResponse { + // A list of locations that matches the specified filter in the request. + repeated Location locations = 1 [json_name="locations"]; + // The standard List next-page token. + optional string next_page_token = 2 [json_name="nextPageToken"]; +} + + // A resource that represents a Google Cloud location. +message Location { + // The friendly name for this location, typically a nearby city name. For example, "Tokyo". + optional string display_name = 1 [json_name="displayName"]; + // Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"} + map labels = 2 [json_name="labels"]; + // The canonical id for this location. For example: `"us-east1"`. + optional string location_id = 3 [json_name="locationId"]; + // Service-specific metadata. For example the available capacity at the given location. + map metadata = 4 [json_name="metadata"]; + // Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"` + optional string name = 5 [json_name="name"]; +} + + // Cloud KMS metadata for the given google.cloud.location.Location. +message LocationMetadata { + // Indicates whether CryptoKeys with protection_level EXTERNAL can be created in this location. + optional bool ekm_available = 1 [json_name="ekmAvailable"]; + // Indicates whether CryptoKeys with protection_level HSM can be created in this location. + optional bool hsm_available = 2 [json_name="hsmAvailable"]; +} + + // Request message for KeyManagementService.MacSign. +message MacSignRequest { + // Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm. + optional bytes data = 1 [json_name="data"]; + // Optional. An optional CRC32C checksum of the MacSignRequest.data. If specified, KeyManagementService will verify the integrity of the received MacSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacSignRequest.data) is equal to MacSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 data_crc32c = 2 [json_name="dataCrc32c"]; +} + + // Response message for KeyManagementService.MacSign. +message MacSignResponse { + // The created signature. + optional bytes mac = 1 [json_name="mac"]; + // Integrity verification field. A CRC32C checksum of the returned MacSignResponse.mac. An integrity check of MacSignResponse.mac can be performed by computing the CRC32C checksum of MacSignResponse.mac and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 mac_crc32c = 2 [json_name="macCrc32c"]; + // The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing. + optional string name = 3 [json_name="name"]; + // The ProtectionLevel of the CryptoKeyVersion used for signing. + optional string protection_level = 4 [json_name="protectionLevel"]; + // Integrity verification field. A flag indicating whether MacSignRequest.data_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that MacSignRequest.data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set MacSignRequest.data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_data_crc32c = 5 [json_name="verifiedDataCrc32c"]; +} + + // Request message for KeyManagementService.MacVerify. +message MacVerifyRequest { + // Required. The data used previously as a MacSignRequest.data to generate the MAC tag. + optional bytes data = 1 [json_name="data"]; + // Optional. An optional CRC32C checksum of the MacVerifyRequest.data. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 data_crc32c = 2 [json_name="dataCrc32c"]; + // Required. The signature to verify. + optional bytes mac = 3 [json_name="mac"]; + // Optional. An optional CRC32C checksum of the MacVerifyRequest.mac. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.mac using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacVerifyRequest.tag) is equal to MacVerifyRequest.mac_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 mac_crc32c = 4 [json_name="macCrc32c"]; +} + + // Response message for KeyManagementService.MacVerify. +message MacVerifyResponse { + // The resource name of the CryptoKeyVersion used for verification. Check this field to verify that the intended resource was used for verification. + optional string name = 1 [json_name="name"]; + // The ProtectionLevel of the CryptoKeyVersion used for verification. + optional string protection_level = 2 [json_name="protectionLevel"]; + // This field indicates whether or not the verification operation for MacVerifyRequest.mac over MacVerifyRequest.data was successful. + optional bool success = 3 [json_name="success"]; + // Integrity verification field. A flag indicating whether MacVerifyRequest.data_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that MacVerifyRequest.data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set MacVerifyRequest.data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_data_crc32c = 4 [json_name="verifiedDataCrc32c"]; + // Integrity verification field. A flag indicating whether MacVerifyRequest.mac_crc32c was received by KeyManagementService and used for the integrity verification of the data. A false value of this field indicates either that MacVerifyRequest.mac_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set MacVerifyRequest.mac_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_mac_crc32c = 5 [json_name="verifiedMacCrc32c"]; + // Integrity verification field. This value is used for the integrity verification of [MacVerifyResponse.success]. If the value of this field contradicts the value of [MacVerifyResponse.success], discard the response and perform a limited number of retries. + optional bool verified_success_integrity = 6 [json_name="verifiedSuccessIntegrity"]; +} + + // An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). +message Policy { + // Specifies cloud audit logging configuration for this policy. + repeated AuditConfig audit_configs = 1 [json_name="auditConfigs"]; + // Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. + repeated Binding bindings = 2 [json_name="bindings"]; + // `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. + optional bytes etag = 3 [json_name="etag"]; + // Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). + optional int32 version = 4 [json_name="version"]; +} + + // The public keys for a given CryptoKeyVersion. Obtained via GetPublicKey. +message PublicKey { + // The Algorithm associated with this key. + optional string algorithm = 1 [json_name="algorithm"]; + // The name of the CryptoKeyVersion public key. Provided here for verification. NOTE: This field is in Beta. + optional string name = 2 [json_name="name"]; + // The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13). + optional string pem = 3 [json_name="pem"]; + // Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta. + optional int64 pem_crc32c = 4 [json_name="pemCrc32c"]; + // The ProtectionLevel of the CryptoKeyVersion public key. + optional string protection_level = 5 [json_name="protectionLevel"]; +} + + // Request message for KeyManagementService.RawDecrypt. +message RawDecryptRequest { + // Optional. Optional data that must match the data originally supplied in RawEncryptRequest.additional_authenticated_data. + optional bytes additional_authenticated_data = 1 [json_name="additionalAuthenticatedData"]; + // Optional. An optional CRC32C checksum of the RawDecryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 additional_authenticated_data_crc32c = 2 [json_name="additionalAuthenticatedDataCrc32c"]; + // Required. The encrypted data originally returned in RawEncryptResponse.ciphertext. + optional bytes ciphertext = 3 [json_name="ciphertext"]; + // Optional. An optional CRC32C checksum of the RawDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(ciphertext) is equal to ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 ciphertext_crc32c = 4 [json_name="ciphertextCrc32c"]; + // Required. The initialization vector (IV) used during encryption, which must match the data originally provided in RawEncryptResponse.initialization_vector. + optional bytes initialization_vector = 5 [json_name="initializationVector"]; + // Optional. An optional CRC32C checksum of the RawDecryptRequest.initialization_vector. If specified, KeyManagementService will verify the integrity of the received initialization_vector using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 initialization_vector_crc32c = 6 [json_name="initializationVectorCrc32c"]; + // The length of the authentication tag that is appended to the end of the ciphertext. If unspecified (0), the default value for the key's algorithm will be used (for AES-GCM, the default value is 16). + optional int32 tag_length = 7 [json_name="tagLength"]; +} + + // Response message for KeyManagementService.RawDecrypt. +message RawDecryptResponse { + // The decrypted data. + optional bytes plaintext = 1 [json_name="plaintext"]; + // Integrity verification field. A CRC32C checksum of the returned RawDecryptResponse.plaintext. An integrity check of plaintext can be performed by computing the CRC32C checksum of plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: receiving this response message indicates that KeyManagementService is able to successfully decrypt the ciphertext. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 plaintext_crc32c = 2 [json_name="plaintextCrc32c"]; + // The ProtectionLevel of the CryptoKeyVersion used in decryption. + optional string protection_level = 3 [json_name="protectionLevel"]; + // Integrity verification field. A flag indicating whether RawDecryptRequest.additional_authenticated_data_crc32c was received by KeyManagementService and used for the integrity verification of additional_authenticated_data. A false value of this field indicates either that // RawDecryptRequest.additional_authenticated_data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawDecryptRequest.additional_authenticated_data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_additional_authenticated_data_crc32c = 4 [json_name="verifiedAdditionalAuthenticatedDataCrc32c"]; + // Integrity verification field. A flag indicating whether RawDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that RawDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_ciphertext_crc32c = 5 [json_name="verifiedCiphertextCrc32c"]; + // Integrity verification field. A flag indicating whether RawDecryptRequest.initialization_vector_crc32c was received by KeyManagementService and used for the integrity verification of initialization_vector. A false value of this field indicates either that RawDecryptRequest.initialization_vector_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawDecryptRequest.initialization_vector_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_initialization_vector_crc32c = 6 [json_name="verifiedInitializationVectorCrc32c"]; +} + + // Request message for KeyManagementService.RawEncrypt. +message RawEncryptRequest { + // Optional. Optional data that, if specified, must also be provided during decryption through RawDecryptRequest.additional_authenticated_data. This field may only be used in conjunction with an algorithm that accepts additional authenticated data (for example, AES-GCM). The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. + optional bytes additional_authenticated_data = 1 [json_name="additionalAuthenticatedData"]; + // Optional. An optional CRC32C checksum of the RawEncryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 additional_authenticated_data_crc32c = 2 [json_name="additionalAuthenticatedDataCrc32c"]; + // Optional. A customer-supplied initialization vector that will be used for encryption. If it is not provided for AES-CBC and AES-CTR, one will be generated. It will be returned in RawEncryptResponse.initialization_vector. + optional bytes initialization_vector = 3 [json_name="initializationVector"]; + // Optional. An optional CRC32C checksum of the RawEncryptRequest.initialization_vector. If specified, KeyManagementService will verify the integrity of the received initialization_vector using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 initialization_vector_crc32c = 4 [json_name="initializationVectorCrc32c"]; + // Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. + optional bytes plaintext = 5 [json_name="plaintext"]; + // Optional. An optional CRC32C checksum of the RawEncryptRequest.plaintext. If specified, KeyManagementService will verify the integrity of the received plaintext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(plaintext) is equal to plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 plaintext_crc32c = 6 [json_name="plaintextCrc32c"]; +} + + // Response message for KeyManagementService.RawEncrypt. +message RawEncryptResponse { + // The encrypted data. In the case of AES-GCM, the authentication tag is the tag_length bytes at the end of this field. + optional bytes ciphertext = 1 [json_name="ciphertext"]; + // Integrity verification field. A CRC32C checksum of the returned RawEncryptResponse.ciphertext. An integrity check of ciphertext can be performed by computing the CRC32C checksum of ciphertext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 ciphertext_crc32c = 2 [json_name="ciphertextCrc32c"]; + // The initialization vector (IV) generated by the service during encryption. This value must be stored and provided in RawDecryptRequest.initialization_vector at decryption time. + optional bytes initialization_vector = 3 [json_name="initializationVector"]; + // Integrity verification field. A CRC32C checksum of the returned RawEncryptResponse.initialization_vector. An integrity check of initialization_vector can be performed by computing the CRC32C checksum of initialization_vector and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. + optional int64 initialization_vector_crc32c = 4 [json_name="initializationVectorCrc32c"]; + // The resource name of the CryptoKeyVersion used in encryption. Check this field to verify that the intended resource was used for encryption. + optional string name = 5 [json_name="name"]; + // The ProtectionLevel of the CryptoKeyVersion used in encryption. + optional string protection_level = 6 [json_name="protectionLevel"]; + // The length of the authentication tag that is appended to the end of the ciphertext. + optional int32 tag_length = 7 [json_name="tagLength"]; + // Integrity verification field. A flag indicating whether RawEncryptRequest.additional_authenticated_data_crc32c was received by KeyManagementService and used for the integrity verification of additional_authenticated_data. A false value of this field indicates either that // RawEncryptRequest.additional_authenticated_data_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawEncryptRequest.additional_authenticated_data_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_additional_authenticated_data_crc32c = 8 [json_name="verifiedAdditionalAuthenticatedDataCrc32c"]; + // Integrity verification field. A flag indicating whether RawEncryptRequest.initialization_vector_crc32c was received by KeyManagementService and used for the integrity verification of initialization_vector. A false value of this field indicates either that RawEncryptRequest.initialization_vector_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawEncryptRequest.initialization_vector_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_initialization_vector_crc32c = 9 [json_name="verifiedInitializationVectorCrc32c"]; + // Integrity verification field. A flag indicating whether RawEncryptRequest.plaintext_crc32c was received by KeyManagementService and used for the integrity verification of the plaintext. A false value of this field indicates either that RawEncryptRequest.plaintext_crc32c was left unset or that it was not delivered to KeyManagementService. If you've set RawEncryptRequest.plaintext_crc32c but this field is still false, discard the response and perform a limited number of retries. + optional bool verified_plaintext_crc32c = 10 [json_name="verifiedPlaintextCrc32c"]; +} + + // Request message for KeyManagementService.RestoreCryptoKeyVersion. +message RestoreCryptoKeyVersionRequest { +} + + // A ServiceResolver represents an EKM replica that can be reached within an EkmConnection. +message ServiceResolver { + // Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. + optional string endpoint_filter = 1 [json_name="endpointFilter"]; + // Required. The hostname of the EKM replica used at TLS and HTTP layers. + optional string hostname = 2 [json_name="hostname"]; + // Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. + repeated Certificate server_certificates = 3 [json_name="serverCertificates"]; + // Required. The resource name of the Service Directory service pointing to an EKM replica, in the format `projects/*/locations/*/namespaces/*/services/*`. + optional string service_directory_service = 4 [json_name="serviceDirectoryService"]; +} + + // Request message for `SetIamPolicy` method. +message SetIamPolicyRequest { + // REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them. + optional Policy policy = 1 [json_name="policy"]; + // OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"` + optional string update_mask = 2 [json_name="updateMask"]; +} + + // Response message for ShowEffectiveAutokeyConfig. +message ShowEffectiveAutokeyConfigResponse { + // Name of the key project configured in the resource project's folder ancestry. + optional string key_project = 1 [json_name="keyProject"]; +} + + // The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). +message Status { + // The status code, which should be an enum value of google.rpc.Code. + optional int32 code = 1 [json_name="code"]; + // A list of messages that carry the error details. There is a common set of message types for APIs to use. + repeated .google.protobuf.Any details = 2 [json_name="details"]; + // A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. + optional string message = 3 [json_name="message"]; +} + + // Request message for `TestIamPermissions` method. +message TestIamPermissionsRequest { + // The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). + repeated string permissions = 1 [json_name="permissions"]; +} + + // Response message for `TestIamPermissions` method. +message TestIamPermissionsResponse { + // A subset of `TestPermissionsRequest.permissions` that the caller is allowed. + repeated string permissions = 1 [json_name="permissions"]; +} + + // Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion. +message UpdateCryptoKeyPrimaryVersionRequest { + // Required. The id of the child CryptoKeyVersion to use as primary. + optional string crypto_key_version_id = 1 [json_name="cryptoKeyVersionId"]; +} + + // Response message for EkmService.VerifyConnectivity. +message VerifyConnectivityResponse { +} + + // The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod. +message WrappingPublicKey { + // The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13). + optional string pem = 1 [json_name="pem"]; +} + +message GetAutokeyConfigFolderRequest { + optional string name = 1; +} + +message UpdateAutokeyConfigFolderRequest { + optional string name = 1; + optional string update_mask = 2; + optional AutokeyConfig folder = 3; +} + +message ShowEffectiveAutokeyConfigProjectRequest { + optional string parent = 1; +} + +message GenerateRandomBytesProjectsLocationRequest { + optional string location = 1; + optional GenerateRandomBytesRequest projects_location = 2; +} + +message GetProjectsLocationRequest { + optional string name = 1; +} + +message GetEkmConfigProjectsLocationRequest { + optional string name = 1; +} + +message ListProjectsLocationsRequest { + optional string filter = 1; + optional string name = 2; + optional int32 page_size = 3; + optional string page_token = 4; +} + +message UpdateEkmConfigProjectsLocationRequest { + optional string name = 1; + optional string update_mask = 2; + optional EkmConfig projects_location = 3; +} + +message CreateProjectsLocationsEkmConnectionRequest { + optional string ekm_connection_id = 1; + optional string parent = 2; + optional EkmConnection projects_locations_ekm_connection = 3; +} + +message GetProjectsLocationsEkmConnectionRequest { + optional string name = 1; +} + +message ListProjectsLocationsEkmConnectionsRequest { + optional string filter = 1; + optional string order_by = 2; + optional int32 page_size = 3; + optional string page_token = 4; + optional string parent = 5; +} + +message PatchProjectsLocationsEkmConnectionRequest { + optional string name = 1; + optional string update_mask = 2; + optional EkmConnection projects_locations_ekm_connection = 3; +} + +message VerifyConnectivityProjectsLocationsEkmConnectionRequest { + optional string name = 1; +} + +message CreateProjectsLocationsKeyHandleRequest { + optional string key_handle_id = 1; + optional string parent = 2; + optional KeyHandle projects_locations_key_handle = 3; +} + +message GetProjectsLocationsKeyHandleRequest { + optional string name = 1; +} + +message ListProjectsLocationsKeyHandlesRequest { + optional string filter = 1; + optional int32 page_size = 2; + optional string page_token = 3; + optional string parent = 4; +} + +message CreateProjectsLocationsKeyRingRequest { + optional string key_ring_id = 1; + optional string parent = 2; + optional KeyRing projects_locations_key_ring = 3; +} + +message GetProjectsLocationsKeyRingRequest { + optional string name = 1; +} + +message ListProjectsLocationsKeyRingsRequest { + optional string filter = 1; + optional string order_by = 2; + optional int32 page_size = 3; + optional string page_token = 4; + optional string parent = 5; +} + +message CreateProjectsLocationsKeyRingsCryptoKeyRequest { + optional string crypto_key_id = 1; + optional string parent = 2; + optional bool skip_initial_version_creation = 3; + optional CryptoKey projects_locations_key_rings_crypto_key = 4; +} + +message DecryptProjectsLocationsKeyRingsCryptoKeyRequest { + optional string name = 1; + optional DecryptRequest projects_locations_key_rings_crypto_key = 2; +} + +message EncryptProjectsLocationsKeyRingsCryptoKeyRequest { + optional string name = 1; + optional EncryptRequest projects_locations_key_rings_crypto_key = 2; +} + +message GetProjectsLocationsKeyRingsCryptoKeyRequest { + optional string name = 1; +} + +message ListProjectsLocationsKeyRingsCryptoKeysRequest { + optional string filter = 1; + optional string order_by = 2; + optional int32 page_size = 3; + optional string page_token = 4; + optional string parent = 5; + optional string version_view = 6; +} + +message PatchProjectsLocationsKeyRingsCryptoKeyRequest { + optional string name = 1; + optional string update_mask = 2; + optional CryptoKey projects_locations_key_rings_crypto_key = 3; +} + +message UpdatePrimaryVersionProjectsLocationsKeyRingsCryptoKeyRequest { + optional string name = 1; + optional UpdateCryptoKeyPrimaryVersionRequest projects_locations_key_rings_crypto_key = 2; +} + +message AsymmetricDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional AsymmetricDecryptRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message AsymmetricSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional AsymmetricSignRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message CreateProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string parent = 1; + optional CryptoKeyVersion projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message DestroyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional DestroyCryptoKeyVersionRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message GetProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; +} + +message GetPublicKeyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; +} + +message ImportProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string parent = 1; + optional ImportCryptoKeyVersionRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message ListProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRequest { + optional string filter = 1; + optional string order_by = 2; + optional int32 page_size = 3; + optional string page_token = 4; + optional string parent = 5; + optional string view = 6; +} + +message MacSignProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional MacSignRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message MacVerifyProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional MacVerifyRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message PatchProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional string update_mask = 2; + optional CryptoKeyVersion projects_locations_key_rings_crypto_keys_crypto_key_version = 3; +} + +message RawDecryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional RawDecryptRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message RawEncryptProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional RawEncryptRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message RestoreProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionRequest { + optional string name = 1; + optional RestoreCryptoKeyVersionRequest projects_locations_key_rings_crypto_keys_crypto_key_version = 2; +} + +message CreateProjectsLocationsKeyRingsImportJobRequest { + optional string import_job_id = 1; + optional string parent = 2; + optional ImportJob projects_locations_key_rings_import_job = 3; +} + +message GetProjectsLocationsKeyRingsImportJobRequest { + optional string name = 1; +} + +message ListProjectsLocationsKeyRingsImportJobsRequest { + optional string filter = 1; + optional string order_by = 2; + optional int32 page_size = 3; + optional string page_token = 4; + optional string parent = 5; +} diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.go new file mode 100644 index 0000000000..a5a22c2e79 --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.go @@ -0,0 +1,698 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.12.4 +// source: mockgcp/cloud/kms/v1/autokey.proto + +package kmspb + +import ( + longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Request message for +// [Autokey.CreateKeyHandle][mockgcp.cloud.kms.v1.Autokey.CreateKeyHandle]. +type CreateKeyHandleRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. Name of the resource project and location to create the + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] in, e.g. + // `projects/{PROJECT_ID}/locations/{LOCATION}`. + Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` + // Optional. Id of the [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle]. Must be + // unique to the resource project and location. If not provided by the caller, + // a new UUID is used. + KeyHandleId string `protobuf:"bytes,2,opt,name=key_handle_id,json=keyHandleId,proto3" json:"key_handle_id,omitempty"` + // Required. [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] to create. + KeyHandle *KeyHandle `protobuf:"bytes,3,opt,name=key_handle,json=keyHandle,proto3" json:"key_handle,omitempty"` +} + +func (x *CreateKeyHandleRequest) Reset() { + *x = CreateKeyHandleRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateKeyHandleRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateKeyHandleRequest) ProtoMessage() {} + +func (x *CreateKeyHandleRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateKeyHandleRequest.ProtoReflect.Descriptor instead. +func (*CreateKeyHandleRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{0} +} + +func (x *CreateKeyHandleRequest) GetParent() string { + if x != nil { + return x.Parent + } + return "" +} + +func (x *CreateKeyHandleRequest) GetKeyHandleId() string { + if x != nil { + return x.KeyHandleId + } + return "" +} + +func (x *CreateKeyHandleRequest) GetKeyHandle() *KeyHandle { + if x != nil { + return x.KeyHandle + } + return nil +} + +// Request message for [GetKeyHandle][mockgcp.cloud.kms.v1.Autokey.GetKeyHandle]. +type GetKeyHandleRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. Name of the [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] resource, + // e.g. + // `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *GetKeyHandleRequest) Reset() { + *x = GetKeyHandleRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetKeyHandleRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetKeyHandleRequest) ProtoMessage() {} + +func (x *GetKeyHandleRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetKeyHandleRequest.ProtoReflect.Descriptor instead. +func (*GetKeyHandleRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{1} +} + +func (x *GetKeyHandleRequest) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Resource-oriented representation of a request to Cloud KMS Autokey and the +// resulting provisioning of a [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey]. +type KeyHandle struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Identifier. Name of the [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] + // resource, e.g. + // `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Output only. Name of a [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] that has + // been provisioned for Customer Managed Encryption Key (CMEK) use in the + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] project and location for the + // requested resource type. The [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] + // project will reflect the value configured in the + // [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] on the resource + // project's ancestor folder at the time of the + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] creation. If more than one + // ancestor folder has a configured + // [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig], the nearest of these + // configurations is used. + KmsKey string `protobuf:"bytes,3,opt,name=kms_key,json=kmsKey,proto3" json:"kms_key,omitempty"` + // Required. Indicates the resource type that the resulting + // [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] is meant to protect, e.g. + // `{SERVICE}.googleapis.com/{TYPE}`. See documentation for supported resource + // types. + ResourceTypeSelector string `protobuf:"bytes,4,opt,name=resource_type_selector,json=resourceTypeSelector,proto3" json:"resource_type_selector,omitempty"` +} + +func (x *KeyHandle) Reset() { + *x = KeyHandle{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *KeyHandle) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyHandle) ProtoMessage() {} + +func (x *KeyHandle) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyHandle.ProtoReflect.Descriptor instead. +func (*KeyHandle) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{2} +} + +func (x *KeyHandle) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *KeyHandle) GetKmsKey() string { + if x != nil { + return x.KmsKey + } + return "" +} + +func (x *KeyHandle) GetResourceTypeSelector() string { + if x != nil { + return x.ResourceTypeSelector + } + return "" +} + +// Metadata message for +// [CreateKeyHandle][mockgcp.cloud.kms.v1.Autokey.CreateKeyHandle] long-running +// operation response. +type CreateKeyHandleMetadata struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *CreateKeyHandleMetadata) Reset() { + *x = CreateKeyHandleMetadata{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateKeyHandleMetadata) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateKeyHandleMetadata) ProtoMessage() {} + +func (x *CreateKeyHandleMetadata) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateKeyHandleMetadata.ProtoReflect.Descriptor instead. +func (*CreateKeyHandleMetadata) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{3} +} + +// Request message for +// [Autokey.ListKeyHandles][mockgcp.cloud.kms.v1.Autokey.ListKeyHandles]. +type ListKeyHandlesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. Name of the resource project and location from which to list + // [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle], e.g. + // `projects/{PROJECT_ID}/locations/{LOCATION}`. + Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` + // Optional. Optional limit on the number of + // [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle] to include in the response. The + // service may return fewer than this value. Further + // [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle] can subsequently be obtained by + // including the + // [ListKeyHandlesResponse.next_page_token][mockgcp.cloud.kms.v1.ListKeyHandlesResponse.next_page_token] + // in a subsequent request. If unspecified, at most + // 100 [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle] will be returned. + PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + // Optional. Optional pagination token, returned earlier via + // [ListKeyHandlesResponse.next_page_token][mockgcp.cloud.kms.v1.ListKeyHandlesResponse.next_page_token]. + PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` + // Optional. Filter to apply when listing + // [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle], e.g. + // `resource_type_selector="{SERVICE}.googleapis.com/{TYPE}"`. + Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"` +} + +func (x *ListKeyHandlesRequest) Reset() { + *x = ListKeyHandlesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListKeyHandlesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListKeyHandlesRequest) ProtoMessage() {} + +func (x *ListKeyHandlesRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListKeyHandlesRequest.ProtoReflect.Descriptor instead. +func (*ListKeyHandlesRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{4} +} + +func (x *ListKeyHandlesRequest) GetParent() string { + if x != nil { + return x.Parent + } + return "" +} + +func (x *ListKeyHandlesRequest) GetPageSize() int32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListKeyHandlesRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +func (x *ListKeyHandlesRequest) GetFilter() string { + if x != nil { + return x.Filter + } + return "" +} + +// Response message for +// [Autokey.ListKeyHandles][mockgcp.cloud.kms.v1.Autokey.ListKeyHandles]. +type ListKeyHandlesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Resulting [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle]. + KeyHandles []*KeyHandle `protobuf:"bytes,1,rep,name=key_handles,json=keyHandles,proto3" json:"key_handles,omitempty"` + // A token to retrieve next page of results. Pass this value in + // [ListKeyHandlesRequest.page_token][mockgcp.cloud.kms.v1.ListKeyHandlesRequest.page_token] + // to retrieve the next page of results. + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` +} + +func (x *ListKeyHandlesResponse) Reset() { + *x = ListKeyHandlesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListKeyHandlesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListKeyHandlesResponse) ProtoMessage() {} + +func (x *ListKeyHandlesResponse) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListKeyHandlesResponse.ProtoReflect.Descriptor instead. +func (*ListKeyHandlesResponse) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP(), []int{5} +} + +func (x *ListKeyHandlesResponse) GetKeyHandles() []*KeyHandle { + if x != nil { + return x.KeyHandles + } + return nil +} + +func (x *ListKeyHandlesResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +var File_mockgcp_cloud_kms_v1_autokey_proto protoreflect.FileDescriptor + +var file_mockgcp_cloud_kms_v1_autokey_proto_rawDesc = []byte{ + 0x0a, 0x22, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, + 0x6b, 0x6d, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, + 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, + 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x6c, 0x6f, 0x6e, 0x67, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, + 0x67, 0x2f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xc9, 0x01, 0x0a, 0x16, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x41, 0x0a, + 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, + 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x12, 0x27, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0b, 0x6b, 0x65, + 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x43, 0x0a, 0x0a, 0x6b, 0x65, 0x79, + 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, + 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, + 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x42, 0x03, + 0xe0, 0x41, 0x02, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x54, + 0x0a, 0x13, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, + 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xa3, 0x02, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, + 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x03, 0xe0, 0x41, 0x08, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x07, 0x6b, + 0x6d, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x29, 0xe0, 0x41, + 0x03, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x43, 0x72, + 0x79, 0x70, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6b, 0x6d, 0x73, 0x4b, 0x65, 0x79, 0x12, + 0x39, 0x0a, 0x16, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, + 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x03, 0xe0, 0x41, 0x02, 0x52, 0x14, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, + 0x70, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x3a, 0x7e, 0xea, 0x41, 0x7b, 0x0a, + 0x21, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, + 0x6c, 0x65, 0x12, 0x3f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x7b, 0x70, 0x72, + 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x7d, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x2f, 0x7b, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x48, + 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x2f, 0x7b, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, + 0x6c, 0x65, 0x7d, 0x2a, 0x0a, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x32, + 0x09, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x19, 0x0a, 0x17, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xbd, 0x01, 0x0a, 0x15, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, + 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x41, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x29, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x23, 0x0a, 0x21, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, + 0x6e, 0x74, 0x12, 0x20, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, + 0x53, 0x69, 0x7a, 0x65, 0x12, 0x22, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x09, 0x70, + 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x06, 0x66, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x22, 0x82, 0x01, 0x0a, 0x16, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, + 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x40, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, + 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x0a, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, + 0x65, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, + 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0xb9, 0x05, 0x0a, 0x07, 0x41, + 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x12, 0xec, 0x01, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x2c, 0x2e, 0x6d, 0x6f, 0x63, + 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, + 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x6c, 0x6f, 0x6e, 0x67, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x4f, 0x70, + 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x8b, 0x01, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x3c, + 0x22, 0x2e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, + 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x6b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, + 0x3a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0xda, 0x41, 0x1f, 0x70, + 0x61, 0x72, 0x65, 0x6e, 0x74, 0x2c, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, + 0x2c, 0x6b, 0x65, 0x79, 0x5f, 0x68, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0xca, 0x41, + 0x24, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x17, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x99, 0x01, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x29, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, + 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, + 0x74, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x1f, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, + 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, + 0x6c, 0x65, 0x22, 0x3d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x30, 0x12, 0x2e, 0x2f, 0x76, 0x31, 0x2f, + 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, + 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x2f, 0x6b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x2f, 0x2a, 0x7d, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0xac, 0x01, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, + 0x64, 0x6c, 0x65, 0x73, 0x12, 0x2b, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, + 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, + 0x4b, 0x65, 0x79, 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x2c, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, + 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x3f, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x30, 0x12, 0x2e, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, + 0x72, 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x2f, + 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x2a, 0x7d, 0x2f, 0x6b, 0x65, 0x79, + 0x48, 0x61, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x1a, 0x74, 0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0xd2, 0x41, 0x57, 0x68, + 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x63, + 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2c, 0x68, 0x74, + 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x63, 0x6c, + 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x42, 0x55, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x6d, 0x6f, + 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, + 0x76, 0x31, 0x42, 0x0c, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, 0x6b, 0x6d, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x76, + 0x31, 0x2f, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0x3b, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_mockgcp_cloud_kms_v1_autokey_proto_rawDescOnce sync.Once + file_mockgcp_cloud_kms_v1_autokey_proto_rawDescData = file_mockgcp_cloud_kms_v1_autokey_proto_rawDesc +) + +func file_mockgcp_cloud_kms_v1_autokey_proto_rawDescGZIP() []byte { + file_mockgcp_cloud_kms_v1_autokey_proto_rawDescOnce.Do(func() { + file_mockgcp_cloud_kms_v1_autokey_proto_rawDescData = protoimpl.X.CompressGZIP(file_mockgcp_cloud_kms_v1_autokey_proto_rawDescData) + }) + return file_mockgcp_cloud_kms_v1_autokey_proto_rawDescData +} + +var file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_mockgcp_cloud_kms_v1_autokey_proto_goTypes = []interface{}{ + (*CreateKeyHandleRequest)(nil), // 0: mockgcp.cloud.kms.v1.CreateKeyHandleRequest + (*GetKeyHandleRequest)(nil), // 1: mockgcp.cloud.kms.v1.GetKeyHandleRequest + (*KeyHandle)(nil), // 2: mockgcp.cloud.kms.v1.KeyHandle + (*CreateKeyHandleMetadata)(nil), // 3: mockgcp.cloud.kms.v1.CreateKeyHandleMetadata + (*ListKeyHandlesRequest)(nil), // 4: mockgcp.cloud.kms.v1.ListKeyHandlesRequest + (*ListKeyHandlesResponse)(nil), // 5: mockgcp.cloud.kms.v1.ListKeyHandlesResponse + (*longrunningpb.Operation)(nil), // 6: google.longrunning.Operation +} +var file_mockgcp_cloud_kms_v1_autokey_proto_depIdxs = []int32{ + 2, // 0: mockgcp.cloud.kms.v1.CreateKeyHandleRequest.key_handle:type_name -> mockgcp.cloud.kms.v1.KeyHandle + 2, // 1: mockgcp.cloud.kms.v1.ListKeyHandlesResponse.key_handles:type_name -> mockgcp.cloud.kms.v1.KeyHandle + 0, // 2: mockgcp.cloud.kms.v1.Autokey.CreateKeyHandle:input_type -> mockgcp.cloud.kms.v1.CreateKeyHandleRequest + 1, // 3: mockgcp.cloud.kms.v1.Autokey.GetKeyHandle:input_type -> mockgcp.cloud.kms.v1.GetKeyHandleRequest + 4, // 4: mockgcp.cloud.kms.v1.Autokey.ListKeyHandles:input_type -> mockgcp.cloud.kms.v1.ListKeyHandlesRequest + 6, // 5: mockgcp.cloud.kms.v1.Autokey.CreateKeyHandle:output_type -> google.longrunning.Operation + 2, // 6: mockgcp.cloud.kms.v1.Autokey.GetKeyHandle:output_type -> mockgcp.cloud.kms.v1.KeyHandle + 5, // 7: mockgcp.cloud.kms.v1.Autokey.ListKeyHandles:output_type -> mockgcp.cloud.kms.v1.ListKeyHandlesResponse + 5, // [5:8] is the sub-list for method output_type + 2, // [2:5] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_mockgcp_cloud_kms_v1_autokey_proto_init() } +func file_mockgcp_cloud_kms_v1_autokey_proto_init() { + if File_mockgcp_cloud_kms_v1_autokey_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateKeyHandleRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetKeyHandleRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*KeyHandle); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateKeyHandleMetadata); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListKeyHandlesRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListKeyHandlesResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_mockgcp_cloud_kms_v1_autokey_proto_rawDesc, + NumEnums: 0, + NumMessages: 6, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_mockgcp_cloud_kms_v1_autokey_proto_goTypes, + DependencyIndexes: file_mockgcp_cloud_kms_v1_autokey_proto_depIdxs, + MessageInfos: file_mockgcp_cloud_kms_v1_autokey_proto_msgTypes, + }.Build() + File_mockgcp_cloud_kms_v1_autokey_proto = out.File + file_mockgcp_cloud_kms_v1_autokey_proto_rawDesc = nil + file_mockgcp_cloud_kms_v1_autokey_proto_goTypes = nil + file_mockgcp_cloud_kms_v1_autokey_proto_depIdxs = nil +} diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.gw.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.gw.go new file mode 100644 index 0000000000..ff6d22c47c --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey.pb.gw.go @@ -0,0 +1,447 @@ +// Code generated by protoc-gen-grpc-gateway. DO NOT EDIT. +// source: mockgcp/cloud/kms/v1/autokey.proto + +/* +Package kmspb is a reverse proxy. + +It translates gRPC into RESTful JSON APIs. +*/ +package kmspb + +import ( + "context" + "io" + "net/http" + + "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" + "github.com/grpc-ecosystem/grpc-gateway/v2/utilities" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) + +// Suppress "imported and not used" errors +var _ codes.Code +var _ io.Reader +var _ status.Status +var _ = runtime.String +var _ = utilities.NewDoubleArray +var _ = metadata.Join + +var ( + filter_Autokey_CreateKeyHandle_0 = &utilities.DoubleArray{Encoding: map[string]int{"key_handle": 0, "parent": 1}, Base: []int{1, 1, 2, 0, 0}, Check: []int{0, 1, 1, 2, 3}} +) + +func request_Autokey_CreateKeyHandle_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq CreateKeyHandleRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.KeyHandle); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Autokey_CreateKeyHandle_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.CreateKeyHandle(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Autokey_CreateKeyHandle_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq CreateKeyHandleRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.KeyHandle); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Autokey_CreateKeyHandle_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.CreateKeyHandle(ctx, &protoReq) + return msg, metadata, err + +} + +func request_Autokey_GetKeyHandle_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetKeyHandleRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + msg, err := client.GetKeyHandle(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Autokey_GetKeyHandle_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetKeyHandleRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + msg, err := server.GetKeyHandle(ctx, &protoReq) + return msg, metadata, err + +} + +var ( + filter_Autokey_ListKeyHandles_0 = &utilities.DoubleArray{Encoding: map[string]int{"parent": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} +) + +func request_Autokey_ListKeyHandles_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListKeyHandlesRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Autokey_ListKeyHandles_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.ListKeyHandles(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_Autokey_ListKeyHandles_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ListKeyHandlesRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_Autokey_ListKeyHandles_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.ListKeyHandles(ctx, &protoReq) + return msg, metadata, err + +} + +// RegisterAutokeyHandlerServer registers the http handlers for service Autokey to "mux". +// UnaryRPC :call AutokeyServer directly. +// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. +// Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAutokeyHandlerFromEndpoint instead. +func RegisterAutokeyHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AutokeyServer) error { + + mux.Handle("POST", pattern_Autokey_CreateKeyHandle_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/CreateKeyHandle", runtime.WithHTTPPathPattern("/v1/{parent=projects/*/locations/*}/keyHandles")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Autokey_CreateKeyHandle_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_CreateKeyHandle_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Autokey_GetKeyHandle_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/GetKeyHandle", runtime.WithHTTPPathPattern("/v1/{name=projects/*/locations/*/keyHandles/*}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Autokey_GetKeyHandle_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_GetKeyHandle_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Autokey_ListKeyHandles_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/ListKeyHandles", runtime.WithHTTPPathPattern("/v1/{parent=projects/*/locations/*}/keyHandles")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_Autokey_ListKeyHandles_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_ListKeyHandles_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +// RegisterAutokeyHandlerFromEndpoint is same as RegisterAutokeyHandler but +// automatically dials to "endpoint" and closes the connection when "ctx" gets done. +func RegisterAutokeyHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { + conn, err := grpc.Dial(endpoint, opts...) + if err != nil { + return err + } + defer func() { + if err != nil { + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + return + } + go func() { + <-ctx.Done() + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + }() + }() + + return RegisterAutokeyHandler(ctx, mux, conn) +} + +// RegisterAutokeyHandler registers the http handlers for service Autokey to "mux". +// The handlers forward requests to the grpc endpoint over "conn". +func RegisterAutokeyHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error { + return RegisterAutokeyHandlerClient(ctx, mux, NewAutokeyClient(conn)) +} + +// RegisterAutokeyHandlerClient registers the http handlers for service Autokey +// to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AutokeyClient". +// Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AutokeyClient" +// doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in +// "AutokeyClient" to call the correct interceptors. +func RegisterAutokeyHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AutokeyClient) error { + + mux.Handle("POST", pattern_Autokey_CreateKeyHandle_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/CreateKeyHandle", runtime.WithHTTPPathPattern("/v1/{parent=projects/*/locations/*}/keyHandles")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Autokey_CreateKeyHandle_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_CreateKeyHandle_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Autokey_GetKeyHandle_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/GetKeyHandle", runtime.WithHTTPPathPattern("/v1/{name=projects/*/locations/*/keyHandles/*}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Autokey_GetKeyHandle_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_GetKeyHandle_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_Autokey_ListKeyHandles_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.Autokey/ListKeyHandles", runtime.WithHTTPPathPattern("/v1/{parent=projects/*/locations/*}/keyHandles")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_Autokey_ListKeyHandles_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_Autokey_ListKeyHandles_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +var ( + pattern_Autokey_CreateKeyHandle_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 2, 2, 1, 0, 4, 4, 5, 3, 2, 4}, []string{"v1", "projects", "locations", "parent", "keyHandles"}, "")) + + pattern_Autokey_GetKeyHandle_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 2, 2, 1, 0, 2, 3, 1, 0, 4, 6, 5, 4}, []string{"v1", "projects", "locations", "keyHandles", "name"}, "")) + + pattern_Autokey_ListKeyHandles_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 2, 2, 1, 0, 4, 4, 5, 3, 2, 4}, []string{"v1", "projects", "locations", "parent", "keyHandles"}, "")) +) + +var ( + forward_Autokey_CreateKeyHandle_0 = runtime.ForwardResponseMessage + + forward_Autokey_GetKeyHandle_0 = runtime.ForwardResponseMessage + + forward_Autokey_ListKeyHandles_0 = runtime.ForwardResponseMessage +) diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.go new file mode 100644 index 0000000000..5d7ad80c30 --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.go @@ -0,0 +1,638 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.12.4 +// source: mockgcp/cloud/kms/v1/autokey_admin.proto + +package kmspb + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + field_mask "google.golang.org/genproto/protobuf/field_mask" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// The states AutokeyConfig can be in. +type AutokeyConfig_State int32 + +const ( + // The state of the AutokeyConfig is unspecified. + AutokeyConfig_STATE_UNSPECIFIED AutokeyConfig_State = 0 + // The AutokeyConfig is currently active. + AutokeyConfig_ACTIVE AutokeyConfig_State = 1 + // A previously configured key project has been deleted and the current + // AutokeyConfig is unusable. + AutokeyConfig_KEY_PROJECT_DELETED AutokeyConfig_State = 2 + // The AutokeyConfig is not yet initialized or has been reset to its default + // uninitialized state. + AutokeyConfig_UNINITIALIZED AutokeyConfig_State = 3 +) + +// Enum value maps for AutokeyConfig_State. +var ( + AutokeyConfig_State_name = map[int32]string{ + 0: "STATE_UNSPECIFIED", + 1: "ACTIVE", + 2: "KEY_PROJECT_DELETED", + 3: "UNINITIALIZED", + } + AutokeyConfig_State_value = map[string]int32{ + "STATE_UNSPECIFIED": 0, + "ACTIVE": 1, + "KEY_PROJECT_DELETED": 2, + "UNINITIALIZED": 3, + } +) + +func (x AutokeyConfig_State) Enum() *AutokeyConfig_State { + p := new(AutokeyConfig_State) + *p = x + return p +} + +func (x AutokeyConfig_State) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (AutokeyConfig_State) Descriptor() protoreflect.EnumDescriptor { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_enumTypes[0].Descriptor() +} + +func (AutokeyConfig_State) Type() protoreflect.EnumType { + return &file_mockgcp_cloud_kms_v1_autokey_admin_proto_enumTypes[0] +} + +func (x AutokeyConfig_State) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use AutokeyConfig_State.Descriptor instead. +func (AutokeyConfig_State) EnumDescriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{2, 0} +} + +// Request message for +// [UpdateAutokeyConfig][mockgcp.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig]. +type UpdateAutokeyConfigRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] with values to + // update. + AutokeyConfig *AutokeyConfig `protobuf:"bytes,1,opt,name=autokey_config,json=autokeyConfig,proto3" json:"autokey_config,omitempty"` + // Required. Masks which fields of the + // [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] to update, e.g. + // `keyProject`. + UpdateMask *field_mask.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"` +} + +func (x *UpdateAutokeyConfigRequest) Reset() { + *x = UpdateAutokeyConfigRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateAutokeyConfigRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateAutokeyConfigRequest) ProtoMessage() {} + +func (x *UpdateAutokeyConfigRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateAutokeyConfigRequest.ProtoReflect.Descriptor instead. +func (*UpdateAutokeyConfigRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{0} +} + +func (x *UpdateAutokeyConfigRequest) GetAutokeyConfig() *AutokeyConfig { + if x != nil { + return x.AutokeyConfig + } + return nil +} + +func (x *UpdateAutokeyConfigRequest) GetUpdateMask() *field_mask.FieldMask { + if x != nil { + return x.UpdateMask + } + return nil +} + +// Request message for +// [GetAutokeyConfig][mockgcp.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig]. +type GetAutokeyConfigRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. Name of the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] + // resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *GetAutokeyConfigRequest) Reset() { + *x = GetAutokeyConfigRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetAutokeyConfigRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetAutokeyConfigRequest) ProtoMessage() {} + +func (x *GetAutokeyConfigRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetAutokeyConfigRequest.ProtoReflect.Descriptor instead. +func (*GetAutokeyConfigRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{1} +} + +func (x *GetAutokeyConfigRequest) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Cloud KMS Autokey configuration for a folder. +type AutokeyConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Identifier. Name of the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] + // resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or + // `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new + // [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] when a + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] is created. On + // [UpdateAutokeyConfig][mockgcp.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig], + // the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on + // this key project. Once configured, for Cloud KMS Autokey to function + // properly, this key project must have the Cloud KMS API activated and the + // Cloud KMS Service Agent for this key project must be granted the + // `cloudkms.admin` role (or pertinent permissions). A request with an empty + // key project field will clear the configuration. + KeyProject string `protobuf:"bytes,2,opt,name=key_project,json=keyProject,proto3" json:"key_project,omitempty"` + // Output only. The state for the AutokeyConfig. + State AutokeyConfig_State `protobuf:"varint,4,opt,name=state,proto3,enum=mockgcp.cloud.kms.v1.AutokeyConfig_State" json:"state,omitempty"` +} + +func (x *AutokeyConfig) Reset() { + *x = AutokeyConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AutokeyConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AutokeyConfig) ProtoMessage() {} + +func (x *AutokeyConfig) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AutokeyConfig.ProtoReflect.Descriptor instead. +func (*AutokeyConfig) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{2} +} + +func (x *AutokeyConfig) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *AutokeyConfig) GetKeyProject() string { + if x != nil { + return x.KeyProject + } + return "" +} + +func (x *AutokeyConfig) GetState() AutokeyConfig_State { + if x != nil { + return x.State + } + return AutokeyConfig_STATE_UNSPECIFIED +} + +// Request message for +// [ShowEffectiveAutokeyConfig][mockgcp.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]. +type ShowEffectiveAutokeyConfigRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required. Name of the resource project to the show effective Cloud KMS + // Autokey configuration for. This may be helpful for interrogating the effect + // of nested folder configurations on a given resource project. + Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` +} + +func (x *ShowEffectiveAutokeyConfigRequest) Reset() { + *x = ShowEffectiveAutokeyConfigRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ShowEffectiveAutokeyConfigRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ShowEffectiveAutokeyConfigRequest) ProtoMessage() {} + +func (x *ShowEffectiveAutokeyConfigRequest) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ShowEffectiveAutokeyConfigRequest.ProtoReflect.Descriptor instead. +func (*ShowEffectiveAutokeyConfigRequest) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{3} +} + +func (x *ShowEffectiveAutokeyConfigRequest) GetParent() string { + if x != nil { + return x.Parent + } + return "" +} + +// Response message for +// [ShowEffectiveAutokeyConfig][mockgcp.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig]. +type ShowEffectiveAutokeyConfigResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Name of the key project configured in the resource project's folder + // ancestry. + KeyProject string `protobuf:"bytes,1,opt,name=key_project,json=keyProject,proto3" json:"key_project,omitempty"` +} + +func (x *ShowEffectiveAutokeyConfigResponse) Reset() { + *x = ShowEffectiveAutokeyConfigResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ShowEffectiveAutokeyConfigResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ShowEffectiveAutokeyConfigResponse) ProtoMessage() {} + +func (x *ShowEffectiveAutokeyConfigResponse) ProtoReflect() protoreflect.Message { + mi := &file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ShowEffectiveAutokeyConfigResponse.ProtoReflect.Descriptor instead. +func (*ShowEffectiveAutokeyConfigResponse) Descriptor() ([]byte, []int) { + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP(), []int{4} +} + +func (x *ShowEffectiveAutokeyConfigResponse) GetKeyProject() string { + if x != nil { + return x.KeyProject + } + return "" +} + +var File_mockgcp_cloud_kms_v1_autokey_admin_proto protoreflect.FileDescriptor + +var file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDesc = []byte{ + 0x0a, 0x28, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2f, + 0x6b, 0x6d, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x5f, 0x61, + 0x64, 0x6d, 0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x6d, 0x6f, 0x63, 0x6b, + 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, + 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, + 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xaf, 0x01, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, + 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x4f, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x5f, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x6d, + 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x40, 0x0a, 0x0b, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, + 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, + 0x6c, 0x64, 0x4d, 0x61, 0x73, 0x6b, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x75, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x4d, 0x61, 0x73, 0x6b, 0x22, 0x5c, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x41, 0x75, + 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x41, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x2d, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x27, 0x0a, 0x25, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, + 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xd7, 0x02, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, + 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x08, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x24, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x01, 0x52, 0x0a, 0x6b, 0x65, 0x79, 0x50, + 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x44, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, + 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, + 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x42, 0x03, 0xe0, 0x41, 0x03, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x56, 0x0a, 0x05, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x45, 0x59, 0x5f, + 0x50, 0x52, 0x4f, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, + 0x02, 0x12, 0x11, 0x0a, 0x0d, 0x55, 0x4e, 0x49, 0x4e, 0x49, 0x54, 0x49, 0x41, 0x4c, 0x49, 0x5a, + 0x45, 0x44, 0x10, 0x03, 0x3a, 0x69, 0xea, 0x41, 0x66, 0x0a, 0x25, 0x63, 0x6c, 0x6f, 0x75, 0x64, + 0x6b, 0x6d, 0x73, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x1e, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x73, 0x2f, 0x7b, 0x66, 0x6f, 0x6c, 0x64, 0x65, + 0x72, 0x7d, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2a, 0x0e, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x73, + 0x32, 0x0d, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, + 0x70, 0x0a, 0x21, 0x53, 0x68, 0x6f, 0x77, 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, + 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x4b, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x33, 0xe0, 0x41, 0x02, 0xfa, 0x41, 0x2d, 0x0a, 0x2b, 0x63, 0x6c, + 0x6f, 0x75, 0x64, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x6d, 0x61, 0x6e, 0x61, 0x67, + 0x65, 0x72, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x22, 0x45, 0x0a, 0x22, 0x53, 0x68, 0x6f, 0x77, 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, + 0x76, 0x65, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6b, 0x65, 0x79, 0x5f, 0x70, + 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6b, 0x65, + 0x79, 0x50, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x32, 0xce, 0x05, 0x0a, 0x0c, 0x41, 0x75, 0x74, + 0x6f, 0x6b, 0x65, 0x79, 0x41, 0x64, 0x6d, 0x69, 0x6e, 0x12, 0xd4, 0x01, 0x0a, 0x13, 0x55, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x30, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, + 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, + 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, + 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x6f, 0x6b, + 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x66, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x43, + 0x32, 0x31, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x5f, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x66, 0x6f, 0x6c, 0x64, 0x65, + 0x72, 0x73, 0x2f, 0x2a, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x7d, 0x3a, 0x0e, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0xda, 0x41, 0x1a, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x2c, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x6d, 0x61, 0x73, 0x6b, + 0x12, 0x99, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2d, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, + 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, + 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, + 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x6f, + 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x31, 0x82, 0xd3, 0xe4, 0x93, 0x02, + 0x24, 0x12, 0x22, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x3d, 0x66, 0x6f, 0x6c, + 0x64, 0x65, 0x72, 0x73, 0x2f, 0x2a, 0x2f, 0x61, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x7d, 0xda, 0x41, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0xd4, 0x01, 0x0a, + 0x1a, 0x53, 0x68, 0x6f, 0x77, 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x75, + 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x37, 0x2e, 0x6d, 0x6f, + 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, + 0x76, 0x31, 0x2e, 0x53, 0x68, 0x6f, 0x77, 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, + 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, + 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x68, 0x6f, 0x77, + 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x43, + 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x34, 0x12, 0x32, 0x2f, 0x76, 0x31, 0x2f, 0x7b, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x3d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x2a, 0x7d, 0x3a, + 0x73, 0x68, 0x6f, 0x77, 0x45, 0x66, 0x66, 0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x41, 0x75, 0x74, + 0x6f, 0x6b, 0x65, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0xda, 0x41, 0x06, 0x70, 0x61, 0x72, + 0x65, 0x6e, 0x74, 0x1a, 0x74, 0xca, 0x41, 0x17, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0xd2, + 0x41, 0x57, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, + 0x68, 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, + 0x2c, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, + 0x2f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x6b, 0x6d, 0x73, 0x42, 0x5a, 0x0a, 0x18, 0x63, 0x6f, 0x6d, + 0x2e, 0x6d, 0x6f, 0x63, 0x6b, 0x67, 0x63, 0x70, 0x2e, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2e, 0x6b, + 0x6d, 0x73, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x41, 0x75, 0x74, 0x6f, 0x6b, 0x65, 0x79, 0x41, 0x64, + 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x6c, 0x6f, 0x75, + 0x64, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x2f, + 0x6b, 0x6d, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x76, 0x31, 0x2f, 0x6b, 0x6d, 0x73, 0x70, 0x62, 0x3b, + 0x6b, 0x6d, 0x73, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescOnce sync.Once + file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescData = file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDesc +) + +func file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescGZIP() []byte { + file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescOnce.Do(func() { + file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescData = protoimpl.X.CompressGZIP(file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescData) + }) + return file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDescData +} + +var file_mockgcp_cloud_kms_v1_autokey_admin_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_mockgcp_cloud_kms_v1_autokey_admin_proto_goTypes = []interface{}{ + (AutokeyConfig_State)(0), // 0: mockgcp.cloud.kms.v1.AutokeyConfig.State + (*UpdateAutokeyConfigRequest)(nil), // 1: mockgcp.cloud.kms.v1.UpdateAutokeyConfigRequest + (*GetAutokeyConfigRequest)(nil), // 2: mockgcp.cloud.kms.v1.GetAutokeyConfigRequest + (*AutokeyConfig)(nil), // 3: mockgcp.cloud.kms.v1.AutokeyConfig + (*ShowEffectiveAutokeyConfigRequest)(nil), // 4: mockgcp.cloud.kms.v1.ShowEffectiveAutokeyConfigRequest + (*ShowEffectiveAutokeyConfigResponse)(nil), // 5: mockgcp.cloud.kms.v1.ShowEffectiveAutokeyConfigResponse + (*field_mask.FieldMask)(nil), // 6: google.protobuf.FieldMask +} +var file_mockgcp_cloud_kms_v1_autokey_admin_proto_depIdxs = []int32{ + 3, // 0: mockgcp.cloud.kms.v1.UpdateAutokeyConfigRequest.autokey_config:type_name -> mockgcp.cloud.kms.v1.AutokeyConfig + 6, // 1: mockgcp.cloud.kms.v1.UpdateAutokeyConfigRequest.update_mask:type_name -> google.protobuf.FieldMask + 0, // 2: mockgcp.cloud.kms.v1.AutokeyConfig.state:type_name -> mockgcp.cloud.kms.v1.AutokeyConfig.State + 1, // 3: mockgcp.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig:input_type -> mockgcp.cloud.kms.v1.UpdateAutokeyConfigRequest + 2, // 4: mockgcp.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig:input_type -> mockgcp.cloud.kms.v1.GetAutokeyConfigRequest + 4, // 5: mockgcp.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig:input_type -> mockgcp.cloud.kms.v1.ShowEffectiveAutokeyConfigRequest + 3, // 6: mockgcp.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig:output_type -> mockgcp.cloud.kms.v1.AutokeyConfig + 3, // 7: mockgcp.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig:output_type -> mockgcp.cloud.kms.v1.AutokeyConfig + 5, // 8: mockgcp.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig:output_type -> mockgcp.cloud.kms.v1.ShowEffectiveAutokeyConfigResponse + 6, // [6:9] is the sub-list for method output_type + 3, // [3:6] is the sub-list for method input_type + 3, // [3:3] is the sub-list for extension type_name + 3, // [3:3] is the sub-list for extension extendee + 0, // [0:3] is the sub-list for field type_name +} + +func init() { file_mockgcp_cloud_kms_v1_autokey_admin_proto_init() } +func file_mockgcp_cloud_kms_v1_autokey_admin_proto_init() { + if File_mockgcp_cloud_kms_v1_autokey_admin_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateAutokeyConfigRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetAutokeyConfigRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AutokeyConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ShowEffectiveAutokeyConfigRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ShowEffectiveAutokeyConfigResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDesc, + NumEnums: 1, + NumMessages: 5, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_mockgcp_cloud_kms_v1_autokey_admin_proto_goTypes, + DependencyIndexes: file_mockgcp_cloud_kms_v1_autokey_admin_proto_depIdxs, + EnumInfos: file_mockgcp_cloud_kms_v1_autokey_admin_proto_enumTypes, + MessageInfos: file_mockgcp_cloud_kms_v1_autokey_admin_proto_msgTypes, + }.Build() + File_mockgcp_cloud_kms_v1_autokey_admin_proto = out.File + file_mockgcp_cloud_kms_v1_autokey_admin_proto_rawDesc = nil + file_mockgcp_cloud_kms_v1_autokey_admin_proto_goTypes = nil + file_mockgcp_cloud_kms_v1_autokey_admin_proto_depIdxs = nil +} diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.gw.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.gw.go new file mode 100644 index 0000000000..437a6d5fdd --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin.pb.gw.go @@ -0,0 +1,443 @@ +// Code generated by protoc-gen-grpc-gateway. DO NOT EDIT. +// source: mockgcp/cloud/kms/v1/autokey_admin.proto + +/* +Package kmspb is a reverse proxy. + +It translates gRPC into RESTful JSON APIs. +*/ +package kmspb + +import ( + "context" + "io" + "net/http" + + "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" + "github.com/grpc-ecosystem/grpc-gateway/v2/utilities" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) + +// Suppress "imported and not used" errors +var _ codes.Code +var _ io.Reader +var _ status.Status +var _ = runtime.String +var _ = utilities.NewDoubleArray +var _ = metadata.Join + +var ( + filter_AutokeyAdmin_UpdateAutokeyConfig_0 = &utilities.DoubleArray{Encoding: map[string]int{"autokey_config": 0, "name": 1}, Base: []int{1, 2, 1, 0, 0}, Check: []int{0, 1, 2, 3, 2}} +) + +func request_AutokeyAdmin_UpdateAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq UpdateAutokeyConfigRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.AutokeyConfig); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if protoReq.UpdateMask == nil || len(protoReq.UpdateMask.GetPaths()) == 0 { + if fieldMask, err := runtime.FieldMaskFromRequestBody(newReader(), protoReq.AutokeyConfig); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } else { + protoReq.UpdateMask = fieldMask + } + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["autokey_config.name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "autokey_config.name") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "autokey_config.name", val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "autokey_config.name", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AutokeyAdmin_UpdateAutokeyConfig_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := client.UpdateAutokeyConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_AutokeyAdmin_UpdateAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyAdminServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq UpdateAutokeyConfigRequest + var metadata runtime.ServerMetadata + + newReader, berr := utilities.IOReaderFactory(req.Body) + if berr != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) + } + if err := marshaler.NewDecoder(newReader()).Decode(&protoReq.AutokeyConfig); err != nil && err != io.EOF { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if protoReq.UpdateMask == nil || len(protoReq.UpdateMask.GetPaths()) == 0 { + if fieldMask, err := runtime.FieldMaskFromRequestBody(newReader(), protoReq.AutokeyConfig); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } else { + protoReq.UpdateMask = fieldMask + } + } + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["autokey_config.name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "autokey_config.name") + } + + err = runtime.PopulateFieldFromPath(&protoReq, "autokey_config.name", val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "autokey_config.name", err) + } + + if err := req.ParseForm(); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AutokeyAdmin_UpdateAutokeyConfig_0); err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) + } + + msg, err := server.UpdateAutokeyConfig(ctx, &protoReq) + return msg, metadata, err + +} + +func request_AutokeyAdmin_GetAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetAutokeyConfigRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + msg, err := client.GetAutokeyConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_AutokeyAdmin_GetAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyAdminServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq GetAutokeyConfigRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["name"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") + } + + protoReq.Name, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) + } + + msg, err := server.GetAutokeyConfig(ctx, &protoReq) + return msg, metadata, err + +} + +func request_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, client AutokeyAdminClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ShowEffectiveAutokeyConfigRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + msg, err := client.ShowEffectiveAutokeyConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) + return msg, metadata, err + +} + +func local_request_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(ctx context.Context, marshaler runtime.Marshaler, server AutokeyAdminServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { + var protoReq ShowEffectiveAutokeyConfigRequest + var metadata runtime.ServerMetadata + + var ( + val string + ok bool + err error + _ = err + ) + + val, ok = pathParams["parent"] + if !ok { + return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "parent") + } + + protoReq.Parent, err = runtime.String(val) + if err != nil { + return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "parent", err) + } + + msg, err := server.ShowEffectiveAutokeyConfig(ctx, &protoReq) + return msg, metadata, err + +} + +// RegisterAutokeyAdminHandlerServer registers the http handlers for service AutokeyAdmin to "mux". +// UnaryRPC :call AutokeyAdminServer directly. +// StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. +// Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAutokeyAdminHandlerFromEndpoint instead. +func RegisterAutokeyAdminHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AutokeyAdminServer) error { + + mux.Handle("PATCH", pattern_AutokeyAdmin_UpdateAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/UpdateAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{autokey_config.name=folders/*/autokeyConfig}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AutokeyAdmin_UpdateAutokeyConfig_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_UpdateAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AutokeyAdmin_GetAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/GetAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{name=folders/*/autokeyConfig}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AutokeyAdmin_GetAutokeyConfig_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_GetAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AutokeyAdmin_ShowEffectiveAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + var stream runtime.ServerTransportStream + ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateIncomingContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/ShowEffectiveAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{parent=projects/*}:showEffectiveAutokeyConfig")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := local_request_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(annotatedContext, inboundMarshaler, server, req, pathParams) + md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +// RegisterAutokeyAdminHandlerFromEndpoint is same as RegisterAutokeyAdminHandler but +// automatically dials to "endpoint" and closes the connection when "ctx" gets done. +func RegisterAutokeyAdminHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) { + conn, err := grpc.Dial(endpoint, opts...) + if err != nil { + return err + } + defer func() { + if err != nil { + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + return + } + go func() { + <-ctx.Done() + if cerr := conn.Close(); cerr != nil { + grpclog.Infof("Failed to close conn to %s: %v", endpoint, cerr) + } + }() + }() + + return RegisterAutokeyAdminHandler(ctx, mux, conn) +} + +// RegisterAutokeyAdminHandler registers the http handlers for service AutokeyAdmin to "mux". +// The handlers forward requests to the grpc endpoint over "conn". +func RegisterAutokeyAdminHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error { + return RegisterAutokeyAdminHandlerClient(ctx, mux, NewAutokeyAdminClient(conn)) +} + +// RegisterAutokeyAdminHandlerClient registers the http handlers for service AutokeyAdmin +// to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AutokeyAdminClient". +// Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AutokeyAdminClient" +// doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in +// "AutokeyAdminClient" to call the correct interceptors. +func RegisterAutokeyAdminHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AutokeyAdminClient) error { + + mux.Handle("PATCH", pattern_AutokeyAdmin_UpdateAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/UpdateAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{autokey_config.name=folders/*/autokeyConfig}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AutokeyAdmin_UpdateAutokeyConfig_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_UpdateAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AutokeyAdmin_GetAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/GetAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{name=folders/*/autokeyConfig}")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AutokeyAdmin_GetAutokeyConfig_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_GetAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + mux.Handle("GET", pattern_AutokeyAdmin_ShowEffectiveAutokeyConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { + ctx, cancel := context.WithCancel(req.Context()) + defer cancel() + inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) + var err error + var annotatedContext context.Context + annotatedContext, err = runtime.AnnotateContext(ctx, mux, req, "/mockgcp.cloud.kms.v1.AutokeyAdmin/ShowEffectiveAutokeyConfig", runtime.WithHTTPPathPattern("/v1/{parent=projects/*}:showEffectiveAutokeyConfig")) + if err != nil { + runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) + return + } + resp, md, err := request_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(annotatedContext, inboundMarshaler, client, req, pathParams) + annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md) + if err != nil { + runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err) + return + } + + forward_AutokeyAdmin_ShowEffectiveAutokeyConfig_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) + + }) + + return nil +} + +var ( + pattern_AutokeyAdmin_UpdateAutokeyConfig_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 2, 2, 4, 3, 5, 3}, []string{"v1", "folders", "autokeyConfig", "autokey_config.name"}, "")) + + pattern_AutokeyAdmin_GetAutokeyConfig_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 2, 2, 4, 3, 5, 3}, []string{"v1", "folders", "autokeyConfig", "name"}, "")) + + pattern_AutokeyAdmin_ShowEffectiveAutokeyConfig_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 2, 5, 2}, []string{"v1", "projects", "parent"}, "showEffectiveAutokeyConfig")) +) + +var ( + forward_AutokeyAdmin_UpdateAutokeyConfig_0 = runtime.ForwardResponseMessage + + forward_AutokeyAdmin_GetAutokeyConfig_0 = runtime.ForwardResponseMessage + + forward_AutokeyAdmin_ShowEffectiveAutokeyConfig_0 = runtime.ForwardResponseMessage +) diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin_grpc.pb.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin_grpc.pb.go new file mode 100644 index 0000000000..601da1bc35 --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_admin_grpc.pb.go @@ -0,0 +1,197 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.12.4 +// source: mockgcp/cloud/kms/v1/autokey_admin.proto + +package kmspb + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// AutokeyAdminClient is the client API for AutokeyAdmin service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AutokeyAdminClient interface { + // Updates the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] for a + // folder. The caller must have both `cloudkms.autokeyConfigs.update` + // permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` + // permission on the provided key project. A + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] creation in the folder's + // descendant projects will use this configuration to determine where to + // create the resulting [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey]. + UpdateAutokeyConfig(ctx context.Context, in *UpdateAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error) + // Returns the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] for a + // folder. + GetAutokeyConfig(ctx context.Context, in *GetAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error) + // Returns the effective Cloud KMS Autokey configuration for a given project. + ShowEffectiveAutokeyConfig(ctx context.Context, in *ShowEffectiveAutokeyConfigRequest, opts ...grpc.CallOption) (*ShowEffectiveAutokeyConfigResponse, error) +} + +type autokeyAdminClient struct { + cc grpc.ClientConnInterface +} + +func NewAutokeyAdminClient(cc grpc.ClientConnInterface) AutokeyAdminClient { + return &autokeyAdminClient{cc} +} + +func (c *autokeyAdminClient) UpdateAutokeyConfig(ctx context.Context, in *UpdateAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error) { + out := new(AutokeyConfig) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.AutokeyAdmin/UpdateAutokeyConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *autokeyAdminClient) GetAutokeyConfig(ctx context.Context, in *GetAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error) { + out := new(AutokeyConfig) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.AutokeyAdmin/GetAutokeyConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *autokeyAdminClient) ShowEffectiveAutokeyConfig(ctx context.Context, in *ShowEffectiveAutokeyConfigRequest, opts ...grpc.CallOption) (*ShowEffectiveAutokeyConfigResponse, error) { + out := new(ShowEffectiveAutokeyConfigResponse) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.AutokeyAdmin/ShowEffectiveAutokeyConfig", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AutokeyAdminServer is the server API for AutokeyAdmin service. +// All implementations must embed UnimplementedAutokeyAdminServer +// for forward compatibility +type AutokeyAdminServer interface { + // Updates the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] for a + // folder. The caller must have both `cloudkms.autokeyConfigs.update` + // permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy` + // permission on the provided key project. A + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] creation in the folder's + // descendant projects will use this configuration to determine where to + // create the resulting [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey]. + UpdateAutokeyConfig(context.Context, *UpdateAutokeyConfigRequest) (*AutokeyConfig, error) + // Returns the [AutokeyConfig][mockgcp.cloud.kms.v1.AutokeyConfig] for a + // folder. + GetAutokeyConfig(context.Context, *GetAutokeyConfigRequest) (*AutokeyConfig, error) + // Returns the effective Cloud KMS Autokey configuration for a given project. + ShowEffectiveAutokeyConfig(context.Context, *ShowEffectiveAutokeyConfigRequest) (*ShowEffectiveAutokeyConfigResponse, error) + mustEmbedUnimplementedAutokeyAdminServer() +} + +// UnimplementedAutokeyAdminServer must be embedded to have forward compatible implementations. +type UnimplementedAutokeyAdminServer struct { +} + +func (UnimplementedAutokeyAdminServer) UpdateAutokeyConfig(context.Context, *UpdateAutokeyConfigRequest) (*AutokeyConfig, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateAutokeyConfig not implemented") +} +func (UnimplementedAutokeyAdminServer) GetAutokeyConfig(context.Context, *GetAutokeyConfigRequest) (*AutokeyConfig, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetAutokeyConfig not implemented") +} +func (UnimplementedAutokeyAdminServer) ShowEffectiveAutokeyConfig(context.Context, *ShowEffectiveAutokeyConfigRequest) (*ShowEffectiveAutokeyConfigResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ShowEffectiveAutokeyConfig not implemented") +} +func (UnimplementedAutokeyAdminServer) mustEmbedUnimplementedAutokeyAdminServer() {} + +// UnsafeAutokeyAdminServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AutokeyAdminServer will +// result in compilation errors. +type UnsafeAutokeyAdminServer interface { + mustEmbedUnimplementedAutokeyAdminServer() +} + +func RegisterAutokeyAdminServer(s grpc.ServiceRegistrar, srv AutokeyAdminServer) { + s.RegisterService(&AutokeyAdmin_ServiceDesc, srv) +} + +func _AutokeyAdmin_UpdateAutokeyConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateAutokeyConfigRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyAdminServer).UpdateAutokeyConfig(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.AutokeyAdmin/UpdateAutokeyConfig", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyAdminServer).UpdateAutokeyConfig(ctx, req.(*UpdateAutokeyConfigRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AutokeyAdmin_GetAutokeyConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetAutokeyConfigRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyAdminServer).GetAutokeyConfig(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.AutokeyAdmin/GetAutokeyConfig", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyAdminServer).GetAutokeyConfig(ctx, req.(*GetAutokeyConfigRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _AutokeyAdmin_ShowEffectiveAutokeyConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ShowEffectiveAutokeyConfigRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyAdminServer).ShowEffectiveAutokeyConfig(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.AutokeyAdmin/ShowEffectiveAutokeyConfig", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyAdminServer).ShowEffectiveAutokeyConfig(ctx, req.(*ShowEffectiveAutokeyConfigRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// AutokeyAdmin_ServiceDesc is the grpc.ServiceDesc for AutokeyAdmin service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var AutokeyAdmin_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "mockgcp.cloud.kms.v1.AutokeyAdmin", + HandlerType: (*AutokeyAdminServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "UpdateAutokeyConfig", + Handler: _AutokeyAdmin_UpdateAutokeyConfig_Handler, + }, + { + MethodName: "GetAutokeyConfig", + Handler: _AutokeyAdmin_GetAutokeyConfig_Handler, + }, + { + MethodName: "ShowEffectiveAutokeyConfig", + Handler: _AutokeyAdmin_ShowEffectiveAutokeyConfig_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "mockgcp/cloud/kms/v1/autokey_admin.proto", +} diff --git a/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_grpc.pb.go b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_grpc.pb.go new file mode 100644 index 0000000000..4e53e9fe1b --- /dev/null +++ b/mockgcp/generated/mockgcp/cloud/kms/v1/autokey_grpc.pb.go @@ -0,0 +1,196 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.12.4 +// source: mockgcp/cloud/kms/v1/autokey.proto + +package kmspb + +import ( + longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb" + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// AutokeyClient is the client API for Autokey service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AutokeyClient interface { + // Creates a new [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle], triggering the + // provisioning of a new [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] for CMEK + // use with the given resource type in the configured key project and the same + // location. [GetOperation][Operations.GetOperation] should be used to resolve + // the resulting long-running operation and get the resulting + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] and + // [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey]. + CreateKeyHandle(ctx context.Context, in *CreateKeyHandleRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error) + // Returns the [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle]. + GetKeyHandle(ctx context.Context, in *GetKeyHandleRequest, opts ...grpc.CallOption) (*KeyHandle, error) + // Lists [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle]. + ListKeyHandles(ctx context.Context, in *ListKeyHandlesRequest, opts ...grpc.CallOption) (*ListKeyHandlesResponse, error) +} + +type autokeyClient struct { + cc grpc.ClientConnInterface +} + +func NewAutokeyClient(cc grpc.ClientConnInterface) AutokeyClient { + return &autokeyClient{cc} +} + +func (c *autokeyClient) CreateKeyHandle(ctx context.Context, in *CreateKeyHandleRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error) { + out := new(longrunningpb.Operation) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.Autokey/CreateKeyHandle", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *autokeyClient) GetKeyHandle(ctx context.Context, in *GetKeyHandleRequest, opts ...grpc.CallOption) (*KeyHandle, error) { + out := new(KeyHandle) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.Autokey/GetKeyHandle", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *autokeyClient) ListKeyHandles(ctx context.Context, in *ListKeyHandlesRequest, opts ...grpc.CallOption) (*ListKeyHandlesResponse, error) { + out := new(ListKeyHandlesResponse) + err := c.cc.Invoke(ctx, "/mockgcp.cloud.kms.v1.Autokey/ListKeyHandles", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AutokeyServer is the server API for Autokey service. +// All implementations must embed UnimplementedAutokeyServer +// for forward compatibility +type AutokeyServer interface { + // Creates a new [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle], triggering the + // provisioning of a new [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey] for CMEK + // use with the given resource type in the configured key project and the same + // location. [GetOperation][Operations.GetOperation] should be used to resolve + // the resulting long-running operation and get the resulting + // [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle] and + // [CryptoKey][mockgcp.cloud.kms.v1.CryptoKey]. + CreateKeyHandle(context.Context, *CreateKeyHandleRequest) (*longrunningpb.Operation, error) + // Returns the [KeyHandle][mockgcp.cloud.kms.v1.KeyHandle]. + GetKeyHandle(context.Context, *GetKeyHandleRequest) (*KeyHandle, error) + // Lists [KeyHandles][mockgcp.cloud.kms.v1.KeyHandle]. + ListKeyHandles(context.Context, *ListKeyHandlesRequest) (*ListKeyHandlesResponse, error) + mustEmbedUnimplementedAutokeyServer() +} + +// UnimplementedAutokeyServer must be embedded to have forward compatible implementations. +type UnimplementedAutokeyServer struct { +} + +func (UnimplementedAutokeyServer) CreateKeyHandle(context.Context, *CreateKeyHandleRequest) (*longrunningpb.Operation, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateKeyHandle not implemented") +} +func (UnimplementedAutokeyServer) GetKeyHandle(context.Context, *GetKeyHandleRequest) (*KeyHandle, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetKeyHandle not implemented") +} +func (UnimplementedAutokeyServer) ListKeyHandles(context.Context, *ListKeyHandlesRequest) (*ListKeyHandlesResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListKeyHandles not implemented") +} +func (UnimplementedAutokeyServer) mustEmbedUnimplementedAutokeyServer() {} + +// UnsafeAutokeyServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AutokeyServer will +// result in compilation errors. +type UnsafeAutokeyServer interface { + mustEmbedUnimplementedAutokeyServer() +} + +func RegisterAutokeyServer(s grpc.ServiceRegistrar, srv AutokeyServer) { + s.RegisterService(&Autokey_ServiceDesc, srv) +} + +func _Autokey_CreateKeyHandle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateKeyHandleRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyServer).CreateKeyHandle(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.Autokey/CreateKeyHandle", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyServer).CreateKeyHandle(ctx, req.(*CreateKeyHandleRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Autokey_GetKeyHandle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetKeyHandleRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyServer).GetKeyHandle(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.Autokey/GetKeyHandle", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyServer).GetKeyHandle(ctx, req.(*GetKeyHandleRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _Autokey_ListKeyHandles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListKeyHandlesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AutokeyServer).ListKeyHandles(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/mockgcp.cloud.kms.v1.Autokey/ListKeyHandles", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AutokeyServer).ListKeyHandles(ctx, req.(*ListKeyHandlesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Autokey_ServiceDesc is the grpc.ServiceDesc for Autokey service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Autokey_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "mockgcp.cloud.kms.v1.Autokey", + HandlerType: (*AutokeyServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "CreateKeyHandle", + Handler: _Autokey_CreateKeyHandle_Handler, + }, + { + MethodName: "GetKeyHandle", + Handler: _Autokey_GetKeyHandle_Handler, + }, + { + MethodName: "ListKeyHandles", + Handler: _Autokey_ListKeyHandles_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "mockgcp/cloud/kms/v1/autokey.proto", +} diff --git a/mockgcp/mockkms/autokeyconfig.go b/mockgcp/mockkms/autokeyconfig.go new file mode 100644 index 0000000000..566d92d5d6 --- /dev/null +++ b/mockgcp/mockkms/autokeyconfig.go @@ -0,0 +1,113 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +mockgcp-support +// apiVersion: kms.cnrm.cloud.google.com/v1beta1 +// kind: KMSAutokeyConfig +// service: google.cloud.kms.v1.AutokeyAdmin +// resource: AutokeyConfig + +package mockkms + +import ( + "context" + "strings" + + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + + pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1" +) + +type autokeyAdminServer struct { + *MockService + pb.UnimplementedAutokeyAdminServer +} + +func (r *autokeyAdminServer) GetAutokeyConfig(ctx context.Context, req *pb.GetAutokeyConfigRequest) (*pb.AutokeyConfig, error) { + name, err := r.parseAutokeyConfigName(req.Name) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.AutokeyConfig{} + if err := r.storage.Get(ctx, fqn, obj); err != nil { + if status.Code(err) == codes.NotFound { + obj.State = pb.AutokeyConfig_UNINITIALIZED + r.storage.Create(ctx, fqn, obj) + return obj, nil + } + return nil, err + } + + return obj, nil +} + +func (r *autokeyAdminServer) UpdateAutokeyConfig(ctx context.Context, req *pb.UpdateAutokeyConfigRequest) (*pb.AutokeyConfig, error) { + reqName := req.GetAutokeyConfig().GetName() + name, err := r.parseAutokeyConfigName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := proto.Clone(req.GetAutokeyConfig()).(*pb.AutokeyConfig) + obj.Name = fqn + if len(req.AutokeyConfig.KeyProject) > 0 { + obj.State = pb.AutokeyConfig_ACTIVE + } else { + obj.State = pb.AutokeyConfig_UNINITIALIZED + } + if err := r.storage.Update(ctx, fqn, obj); err != nil { + return nil, err + } + + return obj, nil +} + +func (r *autokeyAdminServer) ShowEffectiveAutokeyConfig(ctx context.Context, req *pb.ShowEffectiveAutokeyConfigRequest) (*pb.ShowEffectiveAutokeyConfigResponse, error) { + project := req.Parent + obj := &pb.ShowEffectiveAutokeyConfigResponse{} + obj.KeyProject = project + + return obj, nil +} + +type autokeyConfigName struct { + folder string +} + +func (a *autokeyConfigName) String() string { + return "folders/" + a.folder + "/autokeyConfig" +} + +// parseAutokeyConfigName parses a string into an AutoKeyConfig name. +// The expected form is `folders/{FOLDER_NUMBER}/autokeyConfig`. +func (r *autokeyAdminServer) parseAutokeyConfigName(name string) (*autokeyConfigName, error) { + tokens := strings.Split(name, "/") + if len(tokens) == 3 && tokens[0] == "folders" && tokens[2] == "autokeyConfig" { + //fmt.Printf("Inside mock gcp controller %s\n\n", tokens[1]) + name := &autokeyConfigName{ + folder: tokens[1], + } + + return name, nil + } + + return nil, status.Errorf(codes.InvalidArgument, "name %q is not valid", name) +} diff --git a/mockgcp/mockkms/service.go b/mockgcp/mockkms/service.go index 720158f3ca..d7875e5bd2 100644 --- a/mockgcp/mockkms/service.go +++ b/mockgcp/mockkms/service.go @@ -17,6 +17,7 @@ package mockkms import ( "context" "net/http" + "strings" "google.golang.org/grpc" @@ -32,6 +33,7 @@ type MockService struct { *common.MockEnvironment storage storage.Storage operations *operations.Operations + v1 *autokeyAdminServer } // New creates a MockService. @@ -41,6 +43,7 @@ func New(env *common.MockEnvironment, storage storage.Storage) *MockService { storage: storage, operations: operations.NewOperationsService(storage), } + s.v1 = &autokeyAdminServer{MockService: s} return s } @@ -50,11 +53,13 @@ func (s *MockService) ExpectedHosts() []string { func (s *MockService) Register(grpcServer *grpc.Server) { pb.RegisterKeyManagementServiceServer(grpcServer, &kmsServer{MockService: s}) + pb.RegisterAutokeyAdminServer(grpcServer, s.v1) } func (s *MockService) NewHTTPMux(ctx context.Context, conn *grpc.ClientConn) (http.Handler, error) { mux, err := httpmux.NewServeMux(ctx, conn, httpmux.Options{}, pb.RegisterKeyManagementServiceHandler, + pb.RegisterAutokeyAdminHandler, // TODO: Any LROs on this API? // s.operations.RegisterOperationsPath("/v1/{prefix=**}/operations/{name}"), ) @@ -64,10 +69,9 @@ func (s *MockService) NewHTTPMux(ctx context.Context, conn *grpc.ClientConn) (ht // Returns slightly non-standard errors mux.RewriteError = func(ctx context.Context, error *httpmux.ErrorResponse) { - if error.Code == 404 { + if error.Code == 404 && (strings.Contains(error.Message, "KeyRing") || strings.Contains(error.Message, "CryptoKey")) { error.Errors = nil } } - return mux, nil } diff --git a/pkg/clients/generated/apis/kms/v1alpha1/kmsautokeyconfig_types.go b/pkg/clients/generated/apis/kms/v1alpha1/kmsautokeyconfig_types.go new file mode 100644 index 0000000000..18d15c09d7 --- /dev/null +++ b/pkg/clients/generated/apis/kms/v1alpha1/kmsautokeyconfig_types.go @@ -0,0 +1,119 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Config Connector and manual +// changes will be clobbered when the file is regenerated. +// +// ---------------------------------------------------------------------------- + +// *** DISCLAIMER *** +// Config Connector's go-client for CRDs is currently in ALPHA, which means +// that future versions of the go-client may include breaking changes. +// Please try it out and give us feedback! + +package v1alpha1 + +import ( + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/k8s/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type AutokeyconfigKeyProject struct { + /* The `projectID` field of a project, when not managed by Config Connector. */ + // +optional + External *string `json:"external,omitempty"` + + /* The kind of the Project resource; optional but must be `Project` if provided. */ + // +optional + Kind *string `json:"kind,omitempty"` + + /* The `name` field of a `Project` resource. */ + // +optional + Name *string `json:"name,omitempty"` + + /* The `namespace` field of a `Project` resource. */ + // +optional + Namespace *string `json:"namespace,omitempty"` +} + +type KMSAutokeyConfigSpec struct { + /* Immutable. The folder that this resource belongs to. */ + FolderRef v1alpha1.ResourceRef `json:"folderRef"` + + /* The Project that this resource belongs to. */ + // +optional + KeyProject *AutokeyconfigKeyProject `json:"keyProject,omitempty"` +} + +type AutokeyconfigObservedStateStatus struct { + /* Output only. Current state of this AutokeyConfig. */ + // +optional + State *string `json:"state,omitempty"` +} + +type KMSAutokeyConfigStatus struct { + /* Conditions represent the latest available observations of the + KMSAutokeyConfig's current state. */ + Conditions []v1alpha1.Condition `json:"conditions,omitempty"` + /* A unique specifier for the KMSAutokeyConfig resource in GCP. */ + // +optional + ExternalRef *string `json:"externalRef,omitempty"` + + /* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */ + // +optional + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + + /* ObservedState is the state of the resource as most recently observed in GCP. */ + // +optional + ObservedState *AutokeyconfigObservedStateStatus `json:"observedState,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:categories=gcp,shortName=gcpkmsautokeyconfig;gcpkmsautokeyconfigs +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="cnrm.cloud.google.com/managed-by-kcc=true";"cnrm.cloud.google.com/system=true" +// +kubebuilder:printcolumn:name="Age",JSONPath=".metadata.creationTimestamp",type="date" +// +kubebuilder:printcolumn:name="Ready",JSONPath=".status.conditions[?(@.type=='Ready')].status",type="string",description="When 'True', the most recent reconcile of the resource succeeded" +// +kubebuilder:printcolumn:name="Status",JSONPath=".status.conditions[?(@.type=='Ready')].reason",type="string",description="The reason for the value in 'Ready'" +// +kubebuilder:printcolumn:name="Status Age",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",type="date",description="The last transition time for the value in 'Status'" + +// KMSAutokeyConfig is the Schema for the kms API +// +k8s:openapi-gen=true +type KMSAutokeyConfig struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec KMSAutokeyConfigSpec `json:"spec,omitempty"` + Status KMSAutokeyConfigStatus `json:"status,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// KMSAutokeyConfigList contains a list of KMSAutokeyConfig +type KMSAutokeyConfigList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []KMSAutokeyConfig `json:"items"` +} + +func init() { + SchemeBuilder.Register(&KMSAutokeyConfig{}, &KMSAutokeyConfigList{}) +} diff --git a/pkg/clients/generated/apis/kms/v1alpha1/register.go b/pkg/clients/generated/apis/kms/v1alpha1/register.go index 54571fcae3..eab598ee8d 100644 --- a/pkg/clients/generated/apis/kms/v1alpha1/register.go +++ b/pkg/clients/generated/apis/kms/v1alpha1/register.go @@ -53,6 +53,12 @@ var ( // AddToScheme is a global function that registers this API group & version to a scheme AddToScheme = SchemeBuilder.AddToScheme + KMSAutokeyConfigGVK = schema.GroupVersionKind{ + Group: SchemeGroupVersion.Group, + Version: SchemeGroupVersion.Version, + Kind: reflect.TypeOf(KMSAutokeyConfig{}).Name(), + } + KMSCryptoKeyVersionGVK = schema.GroupVersionKind{ Group: SchemeGroupVersion.Group, Version: SchemeGroupVersion.Version, diff --git a/pkg/clients/generated/apis/kms/v1alpha1/zz_generated.deepcopy.go b/pkg/clients/generated/apis/kms/v1alpha1/zz_generated.deepcopy.go index 8f733fcdf5..bcbe3d8b86 100644 --- a/pkg/clients/generated/apis/kms/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/clients/generated/apis/kms/v1alpha1/zz_generated.deepcopy.go @@ -29,6 +29,63 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutokeyconfigKeyProject) DeepCopyInto(out *AutokeyconfigKeyProject) { + *out = *in + if in.External != nil { + in, out := &in.External, &out.External + *out = new(string) + **out = **in + } + if in.Kind != nil { + in, out := &in.Kind, &out.Kind + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutokeyconfigKeyProject. +func (in *AutokeyconfigKeyProject) DeepCopy() *AutokeyconfigKeyProject { + if in == nil { + return nil + } + out := new(AutokeyconfigKeyProject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AutokeyconfigObservedStateStatus) DeepCopyInto(out *AutokeyconfigObservedStateStatus) { + *out = *in + if in.State != nil { + in, out := &in.State, &out.State + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AutokeyconfigObservedStateStatus. +func (in *AutokeyconfigObservedStateStatus) DeepCopy() *AutokeyconfigObservedStateStatus { + if in == nil { + return nil + } + out := new(AutokeyconfigObservedStateStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptokeyversionAttestationStatus) DeepCopyInto(out *CryptokeyversionAttestationStatus) { *out = *in @@ -122,6 +179,125 @@ func (in *CryptokeyversionExternalProtectionLevelOptionsStatus) DeepCopy() *Cryp return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfig) DeepCopyInto(out *KMSAutokeyConfig) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfig. +func (in *KMSAutokeyConfig) DeepCopy() *KMSAutokeyConfig { + if in == nil { + return nil + } + out := new(KMSAutokeyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KMSAutokeyConfig) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigList) DeepCopyInto(out *KMSAutokeyConfigList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]KMSAutokeyConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigList. +func (in *KMSAutokeyConfigList) DeepCopy() *KMSAutokeyConfigList { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *KMSAutokeyConfigList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigSpec) DeepCopyInto(out *KMSAutokeyConfigSpec) { + *out = *in + out.FolderRef = in.FolderRef + if in.KeyProject != nil { + in, out := &in.KeyProject, &out.KeyProject + *out = new(AutokeyconfigKeyProject) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigSpec. +func (in *KMSAutokeyConfigSpec) DeepCopy() *KMSAutokeyConfigSpec { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KMSAutokeyConfigStatus) DeepCopyInto(out *KMSAutokeyConfigStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]k8sv1alpha1.Condition, len(*in)) + copy(*out, *in) + } + if in.ExternalRef != nil { + in, out := &in.ExternalRef, &out.ExternalRef + *out = new(string) + **out = **in + } + if in.ObservedGeneration != nil { + in, out := &in.ObservedGeneration, &out.ObservedGeneration + *out = new(int64) + **out = **in + } + if in.ObservedState != nil { + in, out := &in.ObservedState, &out.ObservedState + *out = new(AutokeyconfigObservedStateStatus) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KMSAutokeyConfigStatus. +func (in *KMSAutokeyConfigStatus) DeepCopy() *KMSAutokeyConfigStatus { + if in == nil { + return nil + } + out := new(KMSAutokeyConfigStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KMSCryptoKeyVersion) DeepCopyInto(out *KMSCryptoKeyVersion) { *out = *in diff --git a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kms_client.go b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kms_client.go index 6fe4a9dbba..eca3433051 100644 --- a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kms_client.go +++ b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kms_client.go @@ -31,6 +31,10 @@ type FakeKmsV1alpha1 struct { *testing.Fake } +func (c *FakeKmsV1alpha1) KMSAutokeyConfigs(namespace string) v1alpha1.KMSAutokeyConfigInterface { + return &FakeKMSAutokeyConfigs{c, namespace} +} + func (c *FakeKmsV1alpha1) KMSCryptoKeyVersions(namespace string) v1alpha1.KMSCryptoKeyVersionInterface { return &FakeKMSCryptoKeyVersions{c, namespace} } diff --git a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kmsautokeyconfig.go b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kmsautokeyconfig.go new file mode 100644 index 0000000000..287d157b55 --- /dev/null +++ b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/fake/fake_kmsautokeyconfig.go @@ -0,0 +1,144 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// *** DISCLAIMER *** +// Config Connector's go-client for CRDs is currently in ALPHA, which means +// that future versions of the go-client may include breaking changes. +// Please try it out and give us feedback! + +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/kms/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeKMSAutokeyConfigs implements KMSAutokeyConfigInterface +type FakeKMSAutokeyConfigs struct { + Fake *FakeKmsV1alpha1 + ns string +} + +var kmsautokeyconfigsResource = v1alpha1.SchemeGroupVersion.WithResource("kmsautokeyconfigs") + +var kmsautokeyconfigsKind = v1alpha1.SchemeGroupVersion.WithKind("KMSAutokeyConfig") + +// Get takes name of the kMSAutokeyConfig, and returns the corresponding kMSAutokeyConfig object, and an error if there is any. +func (c *FakeKMSAutokeyConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + obj, err := c.Fake. + Invokes(testing.NewGetAction(kmsautokeyconfigsResource, c.ns, name), &v1alpha1.KMSAutokeyConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.KMSAutokeyConfig), err +} + +// List takes label and field selectors, and returns the list of KMSAutokeyConfigs that match those selectors. +func (c *FakeKMSAutokeyConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.KMSAutokeyConfigList, err error) { + obj, err := c.Fake. + Invokes(testing.NewListAction(kmsautokeyconfigsResource, kmsautokeyconfigsKind, c.ns, opts), &v1alpha1.KMSAutokeyConfigList{}) + + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.KMSAutokeyConfigList{ListMeta: obj.(*v1alpha1.KMSAutokeyConfigList).ListMeta} + for _, item := range obj.(*v1alpha1.KMSAutokeyConfigList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested kMSAutokeyConfigs. +func (c *FakeKMSAutokeyConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchAction(kmsautokeyconfigsResource, c.ns, opts)) + +} + +// Create takes the representation of a kMSAutokeyConfig and creates it. Returns the server's representation of the kMSAutokeyConfig, and an error, if there is any. +func (c *FakeKMSAutokeyConfigs) Create(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.CreateOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + obj, err := c.Fake. + Invokes(testing.NewCreateAction(kmsautokeyconfigsResource, c.ns, kMSAutokeyConfig), &v1alpha1.KMSAutokeyConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.KMSAutokeyConfig), err +} + +// Update takes the representation of a kMSAutokeyConfig and updates it. Returns the server's representation of the kMSAutokeyConfig, and an error, if there is any. +func (c *FakeKMSAutokeyConfigs) Update(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateAction(kmsautokeyconfigsResource, c.ns, kMSAutokeyConfig), &v1alpha1.KMSAutokeyConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.KMSAutokeyConfig), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeKMSAutokeyConfigs) UpdateStatus(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (*v1alpha1.KMSAutokeyConfig, error) { + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceAction(kmsautokeyconfigsResource, "status", c.ns, kMSAutokeyConfig), &v1alpha1.KMSAutokeyConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.KMSAutokeyConfig), err +} + +// Delete takes name of the kMSAutokeyConfig and deletes it. Returns an error if one occurs. +func (c *FakeKMSAutokeyConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(kmsautokeyconfigsResource, c.ns, name, opts), &v1alpha1.KMSAutokeyConfig{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeKMSAutokeyConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionAction(kmsautokeyconfigsResource, c.ns, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.KMSAutokeyConfigList{}) + return err +} + +// Patch applies the patch and returns the patched kMSAutokeyConfig. +func (c *FakeKMSAutokeyConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KMSAutokeyConfig, err error) { + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceAction(kmsautokeyconfigsResource, c.ns, name, pt, data, subresources...), &v1alpha1.KMSAutokeyConfig{}) + + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.KMSAutokeyConfig), err +} diff --git a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/generated_expansion.go b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/generated_expansion.go index 2c858c32b5..96b3aaaa74 100644 --- a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/generated_expansion.go +++ b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/generated_expansion.go @@ -21,6 +21,8 @@ package v1alpha1 +type KMSAutokeyConfigExpansion interface{} + type KMSCryptoKeyVersionExpansion interface{} type KMSKeyRingImportJobExpansion interface{} diff --git a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kms_client.go b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kms_client.go index 0c7aa5bdd6..35c5a1b8ac 100644 --- a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kms_client.go +++ b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kms_client.go @@ -31,6 +31,7 @@ import ( type KmsV1alpha1Interface interface { RESTClient() rest.Interface + KMSAutokeyConfigsGetter KMSCryptoKeyVersionsGetter KMSKeyRingImportJobsGetter KMSSecretCiphertextsGetter @@ -41,6 +42,10 @@ type KmsV1alpha1Client struct { restClient rest.Interface } +func (c *KmsV1alpha1Client) KMSAutokeyConfigs(namespace string) KMSAutokeyConfigInterface { + return newKMSAutokeyConfigs(c, namespace) +} + func (c *KmsV1alpha1Client) KMSCryptoKeyVersions(namespace string) KMSCryptoKeyVersionInterface { return newKMSCryptoKeyVersions(c, namespace) } diff --git a/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kmsautokeyconfig.go b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kmsautokeyconfig.go new file mode 100644 index 0000000000..33cbd161d3 --- /dev/null +++ b/pkg/clients/generated/client/clientset/versioned/typed/kms/v1alpha1/kmsautokeyconfig.go @@ -0,0 +1,198 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// *** DISCLAIMER *** +// Config Connector's go-client for CRDs is currently in ALPHA, which means +// that future versions of the go-client may include breaking changes. +// Please try it out and give us feedback! + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + "time" + + v1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/kms/v1alpha1" + scheme "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// KMSAutokeyConfigsGetter has a method to return a KMSAutokeyConfigInterface. +// A group's client should implement this interface. +type KMSAutokeyConfigsGetter interface { + KMSAutokeyConfigs(namespace string) KMSAutokeyConfigInterface +} + +// KMSAutokeyConfigInterface has methods to work with KMSAutokeyConfig resources. +type KMSAutokeyConfigInterface interface { + Create(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.CreateOptions) (*v1alpha1.KMSAutokeyConfig, error) + Update(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (*v1alpha1.KMSAutokeyConfig, error) + UpdateStatus(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (*v1alpha1.KMSAutokeyConfig, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.KMSAutokeyConfig, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.KMSAutokeyConfigList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KMSAutokeyConfig, err error) + KMSAutokeyConfigExpansion +} + +// kMSAutokeyConfigs implements KMSAutokeyConfigInterface +type kMSAutokeyConfigs struct { + client rest.Interface + ns string +} + +// newKMSAutokeyConfigs returns a KMSAutokeyConfigs +func newKMSAutokeyConfigs(c *KmsV1alpha1Client, namespace string) *kMSAutokeyConfigs { + return &kMSAutokeyConfigs{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the kMSAutokeyConfig, and returns the corresponding kMSAutokeyConfig object, and an error if there is any. +func (c *kMSAutokeyConfigs) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + result = &v1alpha1.KMSAutokeyConfig{} + err = c.client.Get(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of KMSAutokeyConfigs that match those selectors. +func (c *kMSAutokeyConfigs) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.KMSAutokeyConfigList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.KMSAutokeyConfigList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested kMSAutokeyConfigs. +func (c *kMSAutokeyConfigs) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a kMSAutokeyConfig and creates it. Returns the server's representation of the kMSAutokeyConfig, and an error, if there is any. +func (c *kMSAutokeyConfigs) Create(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.CreateOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + result = &v1alpha1.KMSAutokeyConfig{} + err = c.client.Post(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(kMSAutokeyConfig). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a kMSAutokeyConfig and updates it. Returns the server's representation of the kMSAutokeyConfig, and an error, if there is any. +func (c *kMSAutokeyConfigs) Update(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + result = &v1alpha1.KMSAutokeyConfig{} + err = c.client.Put(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + Name(kMSAutokeyConfig.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(kMSAutokeyConfig). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *kMSAutokeyConfigs) UpdateStatus(ctx context.Context, kMSAutokeyConfig *v1alpha1.KMSAutokeyConfig, opts v1.UpdateOptions) (result *v1alpha1.KMSAutokeyConfig, err error) { + result = &v1alpha1.KMSAutokeyConfig{} + err = c.client.Put(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + Name(kMSAutokeyConfig.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(kMSAutokeyConfig). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the kMSAutokeyConfig and deletes it. Returns an error if one occurs. +func (c *kMSAutokeyConfigs) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *kMSAutokeyConfigs) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched kMSAutokeyConfig. +func (c *kMSAutokeyConfigs) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.KMSAutokeyConfig, err error) { + result = &v1alpha1.KMSAutokeyConfig{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("kmsautokeyconfigs"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/pkg/controller/direct/kms/autokeyconfig/autokeyconfig_controller.go b/pkg/controller/direct/kms/autokeyconfig/autokeyconfig_controller.go new file mode 100644 index 0000000000..ff340e5e13 --- /dev/null +++ b/pkg/controller/direct/kms/autokeyconfig/autokeyconfig_controller.go @@ -0,0 +1,251 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kmsautokeyconfig + +import ( + "context" + "fmt" + "reflect" + + krm "github.com/GoogleCloudPlatform/k8s-config-connector/apis/kms/v1alpha1" + refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/config" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/directbase" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/registry" + + // TODO(user): Update the import with the google cloud client + gcp "cloud.google.com/go/kms/apiv1" + + // TODO(user): Update the import with the google cloud client api protobuf + kmspb "cloud.google.com/go/kms/apiv1/kmspb" + "google.golang.org/api/option" + "google.golang.org/protobuf/types/known/fieldmaskpb" + + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + ctrlName = "kms-autokeyconfig-controller" +) + +func init() { + registry.RegisterModel(krm.KMSAutokeyConfigGVK, NewModel) +} + +func NewModel(ctx context.Context, config *config.ControllerConfig) (directbase.Model, error) { + return &model{config: *config}, nil +} + +var _ directbase.Model = &model{} + +type model struct { + config config.ControllerConfig +} + +func (m *model) client(ctx context.Context) (*gcp.AutokeyAdminClient, error) { + var opts []option.ClientOption + opts, err := m.config.RESTClientOptions() + if err != nil { + return nil, err + } + gcpClient, err := gcp.NewAutokeyAdminRESTClient(ctx, opts...) + if err != nil { + return nil, fmt.Errorf("building AutokeyConfig client: %w", err) + } + return gcpClient, err +} + +func (m *model) AdapterForObject(ctx context.Context, reader client.Reader, u *unstructured.Unstructured) (directbase.Adapter, error) { + obj := &krm.KMSAutokeyConfig{} + if err := runtime.DefaultUnstructuredConverter.FromUnstructured(u.Object, &obj); err != nil { + return nil, fmt.Errorf("error converting to %T: %w", obj, err) + } + + id, err := krm.NewKMSAutokeyConfigRef(ctx, reader, obj) + if err != nil { + return nil, fmt.Errorf("unable to resolve folder for autokeyConfig name: %s", obj.GetName()) + } + var keyProject *refs.Project + if obj.Spec.KeyProjectRef != nil { + var err error + keyProject, err = refs.ResolveProject(ctx, reader, obj, obj.Spec.KeyProjectRef) + if err != nil { + return nil, fmt.Errorf("unable to resolve key project for autokeyConfig naem: %s", obj.GetName()) + } + } + gcpClient, err := m.client(ctx) + if err != nil { + return nil, err + } + return &Adapter{ + id: id, + desiredKeyProject: keyProject, + gcpClient: gcpClient, + desired: obj, + }, nil +} + +func (m *model) AdapterForURL(ctx context.Context, url string) (directbase.Adapter, error) { + // TODO: Support URLs + return nil, nil +} + +type Adapter struct { + id *krm.KMSAutokeyConfigRef + desiredKeyProject *refs.Project + gcpClient *gcp.AutokeyAdminClient + desired *krm.KMSAutokeyConfig + actual *kmspb.AutokeyConfig +} + +var _ directbase.Adapter = &Adapter{} + +// Find return true if AutokeyConfig exist and user has permission to read it. +// Else it will return false and error. +func (a *Adapter) Find(ctx context.Context) (bool, error) { + log := klog.FromContext(ctx).WithName(ctrlName) + log.V(2).Info("getting KMSAutokeyConfig", "name", a.id.External) + + req := &kmspb.GetAutokeyConfigRequest{Name: a.id.External} + autokeyconfigpb, err := a.gcpClient.GetAutokeyConfig(ctx, req) + if err != nil { + return false, fmt.Errorf("getting KMSAutokeyConfig %q: %w", a.id.External, err) + } + + a.actual = autokeyconfigpb + return true, nil +} + +func (a *Adapter) Create(ctx context.Context, createOp *directbase.CreateOperation) error { + log := klog.FromContext(ctx).WithName(ctrlName) + log.V(2).Info("Create operation not supported for AutokeyConfig resource.") + return fmt.Errorf("Create operation not supported for AutokeyConfig resource") +} + +func (a *Adapter) Update(ctx context.Context, updateOp *directbase.UpdateOperation) error { + + log := klog.FromContext(ctx).WithName(ctrlName) + log.V(2).Info("updating AutokeyConfig", "name", a.id.External) + mapCtx := &direct.MapContext{} + + resource := KMSAutokeyConfig_FromFields(mapCtx, a.id, a.desiredKeyProject) + if mapCtx.Err() != nil { + return mapCtx.Err() + } + + updated, err := a.updateAutokeyConfig(ctx, resource) + if err != nil { + return err + } + + status := &krm.KMSAutokeyConfigStatus{} + status.ObservedState = KMSAutokeyConfigObservedState_FromProto(mapCtx, updated) + if mapCtx.Err() != nil { + return mapCtx.Err() + } + return updateOp.UpdateStatus(ctx, status, nil) +} + +func (a *Adapter) updateAutokeyConfig(ctx context.Context, resource *kmspb.AutokeyConfig) (*kmspb.AutokeyConfig, error) { + log := klog.FromContext(ctx).WithName(ctrlName) + // To populate a.actual calling a.Find() + isExist, err := a.Find(ctx) + if !isExist { + return nil, fmt.Errorf("updateAutokeyConfig failed as AutokeyConfig does not exist, name: %s", a.id.External) + } + if err != nil { + return nil, err + } + updateMask := &fieldmaskpb.FieldMask{} + if resource.KeyProject != "" && !reflect.DeepEqual(resource.KeyProject, a.actual.KeyProject) { + updateMask.Paths = append(updateMask.Paths, "key_project") + } + + if len(updateMask.Paths) == 0 { + log.V(2).Info("no field needs update", "name", a.id.External) + return nil, nil + } + req := &kmspb.UpdateAutokeyConfigRequest{ + UpdateMask: updateMask, + AutokeyConfig: resource, + } + updated, err := a.gcpClient.UpdateAutokeyConfig(ctx, req) + if err != nil { + return nil, fmt.Errorf("updating AutokeyConfig %s: %w", a.id.External, err) + } + log.V(2).Info("successfully updated AutokeyConfig", "name", a.id.External) + return updated, nil +} + +func (a *Adapter) Export(ctx context.Context) (*unstructured.Unstructured, error) { + if a.actual == nil { + return nil, fmt.Errorf("Find() not called") + } + u := &unstructured.Unstructured{} + + obj := &krm.KMSAutokeyConfig{} + mapCtx := &direct.MapContext{} + obj.Spec = direct.ValueOf(KMSAutokeyConfigSpec_FromProto(mapCtx, a.actual)) + if mapCtx.Err() != nil { + return nil, mapCtx.Err() + } + parent, err := a.id.Parent() + if err != nil { + return nil, err + } + obj.Spec.FolderRef = &refs.FolderRef{External: parent.FolderID} + uObj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, err + } + u.Object = uObj + return u, nil +} + +// Delete implements the Adapter interface. +// Note: Delete operation is not supported for GCP AutokeyConfig resource. +// However in KCC, the user has full flexibility to delete the KCC AutokeyConfig resource. +// To make this KCC operation effective, as part of KCC AutokeyConfig deletion we will update the AutokeyConfig resource in GCP with empty key_project which will prevent further use of AutokeyConfig. +// Because of the above decision we will update the observedstate for AutokeyConfig with state = UNINITIALIZED +func (a *Adapter) Delete(ctx context.Context, deleteOp *directbase.DeleteOperation) (bool, error) { + log := klog.FromContext(ctx).WithName(ctrlName) + log.V(2).Info("deleting AutokeyConfig", "name", a.id.External) + _, err := a.Find(ctx) + if err != nil { + return false, err + } + mapCtx := &direct.MapContext{} + // make a copy of the a.actual i.e. from krm.AutokeyConfig to kmspb.AutokeyConfig + tempKrmAutokeyResource := AutokeyConfig_FromProto(mapCtx, a.actual) + resource := AutokeyConfig_ToProto(mapCtx, tempKrmAutokeyResource) + updated, err := a.updateAutokeyConfig(ctx, resource) + if err != nil { + return false, fmt.Errorf("updating AutokeyConfig %s: %w", a.id.External, err) + } + log.V(2).Info("successfully deleted AutokeyConfig in KCC by resetting the key_project", "name", a.id.External) + status := &krm.KMSAutokeyConfigStatus{} + // The state in ObservedState is expected to be UNINITIALIZED as we have set the key_project to empty + status.ObservedState = KMSAutokeyConfigObservedState_FromProto(mapCtx, updated) + if mapCtx.Err() != nil { + return false, mapCtx.Err() + } + // TODO: uncomment once we found a valid solution + //deleteOp.UpdateStatus(ctx, status, nil) + return true, nil +} diff --git a/pkg/controller/direct/kms/autokeyconfig/mapper.generated.go b/pkg/controller/direct/kms/autokeyconfig/mapper.generated.go new file mode 100644 index 0000000000..63fb1b3129 --- /dev/null +++ b/pkg/controller/direct/kms/autokeyconfig/mapper.generated.go @@ -0,0 +1,99 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package kmsautokeyconfig + +import ( + kmspb "cloud.google.com/go/kms/apiv1/kmspb" + pb "cloud.google.com/go/kms/apiv1/kmspb" + krm "github.com/GoogleCloudPlatform/k8s-config-connector/apis/kms/v1alpha1" + refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1" + "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct" +) + +func AutokeyConfig_FromProto(mapCtx *direct.MapContext, in *pb.AutokeyConfig) *krm.AutokeyConfig { + if in == nil { + return nil + } + out := &krm.AutokeyConfig{} + out.Name = direct.LazyPtr(in.GetName()) + if in.KeyProject != "" { + out.KeyProject = &refs.ProjectRef{ + External: in.KeyProject, + } + } + out.State = direct.Enum_FromProto(mapCtx, in.GetState()) + return out +} + +func AutokeyConfig_ToProto(mapCtx *direct.MapContext, in *krm.AutokeyConfig) *pb.AutokeyConfig { + if in == nil { + return nil + } + out := &pb.AutokeyConfig{} + out.Name = direct.ValueOf(in.Name) + if in.KeyProject != nil { + out.KeyProject = in.KeyProject.External + } + out.State = direct.Enum_ToProto[pb.AutokeyConfig_State](mapCtx, in.State) + return out +} + +func KMSAutokeyConfigObservedState_FromProto(mapCtx *direct.MapContext, in *pb.AutokeyConfig) *krm.KMSAutokeyConfigObservedState { + if in == nil { + return nil + } + out := &krm.KMSAutokeyConfigObservedState{} + out.State = direct.Enum_FromProto(mapCtx, in.GetState()) + return out +} + +func KMSAutokeyConfigSpec_FromProto(mapCtx *direct.MapContext, in *pb.AutokeyConfig) *krm.KMSAutokeyConfigSpec { + if in == nil { + return nil + } + out := &krm.KMSAutokeyConfigSpec{} + parent, _ := krm.ParseKMSAutokeyConfigExternal(in.Name) + out.FolderRef = &refs.FolderRef{ + External: parent.String(), + } + if in.GetKeyProject() != "" { + out.KeyProjectRef = &refs.ProjectRef{ + External: in.GetKeyProject(), + } + } + return out +} + +func KMSAutokeyConfig_FromFields(mapCtx *direct.MapContext, id *krm.KMSAutokeyConfigRef, keyProject *refs.Project) *pb.AutokeyConfig { + out := &pb.AutokeyConfig{} + parent, err := id.Parent() + if err != nil { + return nil + } + out.Name = krm.AsKMSAutokeyConfigExternal(parent) + if keyProject != nil { + out.KeyProject = "projects/" + keyProject.ProjectID // keyProject expects project of the form `projects/` or `projects/` + } + return out +} + +func KMSAutokeyConfigStatusObservedState_FromProto(mapCtx *direct.MapContext, updated *kmspb.AutokeyConfig) *krm.KMSAutokeyConfigObservedState { + if updated == nil { + return nil + } + out := &krm.KMSAutokeyConfigObservedState{} + out.State = direct.Enum_FromProto[pb.AutokeyConfig_State](mapCtx, updated.State) + return out +} diff --git a/pkg/controller/direct/maputils.go b/pkg/controller/direct/maputils.go index 46bb0c6b15..453980fc10 100644 --- a/pkg/controller/direct/maputils.go +++ b/pkg/controller/direct/maputils.go @@ -26,6 +26,7 @@ import ( "google.golang.org/protobuf/reflect/protoreflect" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/timestamppb" + "google.golang.org/protobuf/types/known/wrapperspb" "k8s.io/klog/v2" ) @@ -284,3 +285,13 @@ func SecondsString_ToProto(mapCtx *MapContext, in *string, fieldName string) *du out := &durationpb.Duration{Seconds: seconds} return out } +func Int64Value_FromProto(mapCtx *MapContext, ts *wrapperspb.Int64Value) int64 { + if ts == nil { + return 0 + } + + return ts.GetValue() +} +func Int64Value_ToProto(mapCtx *MapContext, s int64) *wrapperspb.Int64Value { + return wrapperspb.Int64(s) +} diff --git a/pkg/controller/direct/register/register.go b/pkg/controller/direct/register/register.go index d079c00943..5ec366903d 100644 --- a/pkg/controller/direct/register/register.go +++ b/pkg/controller/direct/register/register.go @@ -28,6 +28,7 @@ import ( _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/dataform" _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/firestore" _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/gkehub" + _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/kms/autokeyconfig" _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/logging" _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/monitoring" _ "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/controller/direct/networkconnectivity" diff --git a/pkg/gvks/supportedgvks/gvks_generated.go b/pkg/gvks/supportedgvks/gvks_generated.go index a460cadb9e..d044c9eff7 100644 --- a/pkg/gvks/supportedgvks/gvks_generated.go +++ b/pkg/gvks/supportedgvks/gvks_generated.go @@ -3046,6 +3046,16 @@ var SupportedGVKs = map[schema.GroupVersionKind]GVKMetadata{ "cnrm.cloud.google.com/system": "true", }, }, + { + Group: "kms.cnrm.cloud.google.com", + Version: "v1alpha1", + Kind: "KMSAutokeyConfig", + }: { + Labels: map[string]string{ + "cnrm.cloud.google.com/managed-by-kcc": "true", + "cnrm.cloud.google.com/system": "true", + }, + }, { Group: "kms.cnrm.cloud.google.com", Version: "v1beta1", diff --git a/pkg/test/resourcefixture/contexts/kms_context.go b/pkg/test/resourcefixture/contexts/kms_context.go index 99afea7b46..e23aa1aac3 100644 --- a/pkg/test/resourcefixture/contexts/kms_context.go +++ b/pkg/test/resourcefixture/contexts/kms_context.go @@ -29,4 +29,10 @@ func init() { // has value DESTROY_SCHEDULED in field crypto_key_version.state., failedPrecondition SkipDriftDetection: true, } + resourceContextMap["kmsautokeyconfig"] = ResourceContext{ + ResourceKind: "KMSAutokeyConfig", + // The AutokeyConfig resource does not support delete operation. + SkipDriftDetection: true, + SkipDelete: true, + } } diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_generated_object_kmsautokeyconfig.golden.yaml b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_generated_object_kmsautokeyconfig.golden.yaml new file mode 100644 index 0000000000..6bbce781f9 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_generated_object_kmsautokeyconfig.golden.yaml @@ -0,0 +1,26 @@ +apiVersion: kms.cnrm.cloud.google.com/v1alpha1 +kind: KMSAutokeyConfig +metadata: + finalizers: + - cnrm.cloud.google.com/finalizer + - cnrm.cloud.google.com/deletion-defender + generation: 2 + labels: + cnrm-test: "true" + name: autokeyconfig-${uniqueId} + namespace: ${uniqueId} +spec: + folderRef: + external: folders/123451001 + keyProject: + external: projects/diff-{uniqueId} +status: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: The resource is up to date + reason: UpToDate + status: "True" + type: Ready + observedGeneration: 2 + observedState: + state: ACTIVE diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_http.log b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_http.log new file mode 100644 index 0000000000..480cea25e7 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/_http.log @@ -0,0 +1,125 @@ +GET https://cloudkms.googleapis.com/v1/folders/${testFolderId}/autokeyConfig?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +User-Agent: kcc/controller-manager +x-goog-request-params: name=folders%2F${testFolderId}%2FautokeyConfig + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "state": 3 +} + +--- + +PATCH https://cloudkms.googleapis.com/v1/folders/${testFolderId}/autokeyConfig?%24alt=json%3Benum-encoding%3Dint&updateMask=keyProject +Content-Type: application/json +User-Agent: kcc/controller-manager +x-goog-request-params: autokey_config.name=folders%2F${testFolderId}%2FautokeyConfig + +{ + "keyProject": "projects/${uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "keyProject": "projects/${uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig", + "state": 1 +} + +--- + +GET https://cloudkms.googleapis.com/v1/folders/${testFolderId}/autokeyConfig?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +User-Agent: kcc/controller-manager +x-goog-request-params: name=folders%2F${testFolderId}%2FautokeyConfig + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "keyProject": "projects/${uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig", + "state": 1 +} + +--- + +PATCH https://cloudkms.googleapis.com/v1/folders/${testFolderId}/autokeyConfig?%24alt=json%3Benum-encoding%3Dint&updateMask=keyProject +Content-Type: application/json +User-Agent: kcc/controller-manager +x-goog-request-params: autokey_config.name=folders%2F${testFolderId}%2FautokeyConfig + +{ + "keyProject": "projects/diff-{uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig" +} + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "keyProject": "projects/diff-{uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig", + "state": 1 +} + +--- + +GET https://cloudkms.googleapis.com/v1/folders/${testFolderId}/autokeyConfig?%24alt=json%3Benum-encoding%3Dint +Content-Type: application/json +User-Agent: kcc/controller-manager +x-goog-request-params: name=folders%2F${testFolderId}%2FautokeyConfig + +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "keyProject": "projects/diff-{uniqueId}", + "name": "folders/${testFolderId}/autokeyConfig", + "state": 1 +} \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/create.yaml b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/create.yaml new file mode 100644 index 0000000000..9890198160 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/create.yaml @@ -0,0 +1,25 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kms.cnrm.cloud.google.com/v1alpha1 +kind: KMSAutokeyConfig +metadata: + #annotations: + # cnrm.cloud.google.com/folder-id: ${folderId} + name: autokeyconfig-${uniqueId} +spec: + folderRef: + external: folders/${TEST_FOLDER_ID} + keyProject: + external: projects/${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/update.yaml b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/update.yaml new file mode 100644 index 0000000000..b8a9e40e39 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1alpha1/kmsautokeyconfig/update.yaml @@ -0,0 +1,25 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: kms.cnrm.cloud.google.com/v1alpha1 +kind: KMSAutokeyConfig +metadata: + #annotations: + # cnrm.cloud.google.com/folder-id: ${folderId} + name: autokeyconfig-${uniqueId} +spec: + folderRef: + external: folders/${TEST_FOLDER_ID} + keyProject: + external: projects/diff-{uniqueId}