From 65a919db5a52b68a1a7bc8b435c459b3f4063d4a Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Tue, 2 Mar 2021 22:42:34 -0800 Subject: [PATCH 1/7] fix(mixins): enable RPC overrides to clobber mixed-in RPCs --- .../GrpcServiceStubClassComposer.java | 2 +- .../generator/gapic/protoparser/Parser.java | 27 +- test/integration/BUILD.bazel | 57 +- .../kms/v1}/cloudkms_test_mixins_v1.yaml | 0 test/integration/apis/kms/v1/resources.proto | 605 ++++++++ test/integration/apis/kms/v1/service.proto | 1321 +++++++++++++++++ .../kms/GrpcKeyManagementServiceStub.java | 52 +- .../kms/KeyManagementServiceClient.java | 60 +- .../kms/KeyManagementServiceClientTest.java | 54 +- .../kms/KeyManagementServiceSettings.java | 20 +- .../goldens/kms/KeyManagementServiceStub.java | 8 +- .../kms/KeyManagementServiceStubSettings.java | 38 +- .../kms/MockKeyManagementServiceImpl.java | 22 + 13 files changed, 2137 insertions(+), 129 deletions(-) rename test/integration/{ => apis/kms/v1}/cloudkms_test_mixins_v1.yaml (100%) create mode 100644 test/integration/apis/kms/v1/resources.proto create mode 100644 test/integration/apis/kms/v1/service.proto diff --git a/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java b/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java index 788c7272f6..7b21e8c692 100644 --- a/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java +++ b/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java @@ -105,7 +105,7 @@ public class GrpcServiceStubClassComposer implements ClassComposer { // Legacy support for the original reroute_to_grpc_interface option in gapic.yaml. These two APIs // predate the modern way, which is to add the RPCs directly into the proto. private static final Set REROUTE_TO_GRPC_INTERFACE_SERVICE_ALLOWLIST = - new HashSet<>(Arrays.asList("google.cloud.kms.v1", "google.pubsub.v1")); + new HashSet<>(Arrays.asList("google.pubsub.v1")); private static final Set REROUTE_TO_GRPC_INTERFACE_IAM_METHOD_ALLOWLIST = new HashSet<>(Arrays.asList("SetIamPolicy", "GetIamPolicy", "TestIamPermissions")); diff --git a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java index 795ace8eac..0f377ce748 100644 --- a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java +++ b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java @@ -229,6 +229,14 @@ public static List parseServices( .filter(a -> MIXIN_ALLOWLIST.contains(a.getName())) .map(a -> a.getName()) .collect(Collectors.toSet()); + Set apiDefinedRpcs = new HashSet<>(); + for (Service service : services) { + if (blockedCodegenMixinApis.contains(service)) { + continue; + } + apiDefinedRpcs.addAll( + service.methods().stream().map(m -> m.name()).collect(Collectors.toSet())); + } // Mix-in APIs only if the protos are present and they're defined in the service.yaml file. Set outputMixinServiceSet = new HashSet<>(); if (servicesContainBlocklistedApi && !mixedInApis.isEmpty()) { @@ -241,13 +249,18 @@ public static List parseServices( String.format("%s.%s", mixinService.protoPakkage(), mixinService.name()))) { continue; } - List mixinMethods = new ArrayList<>(mixinService.methods()); - mixinMethods.forEach( - m -> - updatedMethods.add( - m.toBuilder() - .setMixedInApiName(serviceFullNameFn.apply(mixinService)) - .build())); + mixinService + .methods() + .forEach( + m -> { + // Overridden RPCs defined in the protos take precedence. + if (!apiDefinedRpcs.contains(m.name())) { + updatedMethods.add( + m.toBuilder() + .setMixedInApiName(serviceFullNameFn.apply(mixinService)) + .build()); + } + }); outputMixinServiceSet.add(mixinService); } services.set(i, originalService.toBuilder().setMethods(updatedMethods).build()); diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 59a28a9608..004d8b1f9d 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -3,6 +3,8 @@ load( "java_gapic_assembly_gradle_pkg", "java_gapic_library", "java_gapic_test", + "java_grpc_library", + "java_proto_library", ) load( "//:rules_bazel/java/integration_test.bzl", @@ -19,7 +21,7 @@ package(default_visibility = ["//visibility:public"]) INTEGRATION_TEST_LIBRARIES = [ "asset", # Basic case. "credentials", # Check that the capital name edge case is handled. - "kms", # Mixins. + "kms", # Mixins, with an override in the proto file. "logging", # Java package remapping in gapic.yaml. "redis", # Has a gapic.yaml. "library", # No gRPC service config. @@ -156,18 +158,63 @@ java_gapic_assembly_gradle_pkg( ) # KMS (for mixins). +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "kms_proto", + srcs = [ + "apis/kms/v1/resources.proto", + "apis/kms/v1/service.proto", + ], + deps = [ + "@com_google_googleapis//google/api:annotations_proto", + "@com_google_googleapis//google/api:client_proto", + "@com_google_googleapis//google/api:field_behavior_proto", + "@com_google_googleapis//google/api:resource_proto", + "@com_google_googleapis//google/iam/v1:iam_policy_proto", + "@com_google_googleapis//google/iam/v1:policy_proto", + "@com_google_protobuf//:duration_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + "@com_google_protobuf//:wrappers_proto", + ], +) + +proto_library_with_info( + name = "kms_proto_with_info", + deps = [ + ":kms_proto", + "@com_google_googleapis//google/cloud:common_resources_proto", + "@com_google_googleapis//google/iam/v1:iam_policy_proto", + "@com_google_googleapis//google/iam/v1:policy_proto", + ], +) + +java_proto_library( + name = "kms_java_proto", + deps = [":kms_proto"], +) + +java_grpc_library( + name = "kms_java_grpc", + srcs = [":kms_proto"], + deps = [":kms_java_proto"], +) + java_gapic_library( name = "kms_java_gapic", - srcs = ["@com_google_googleapis//google/cloud/kms/v1:kms_proto_with_info"], + srcs = [":kms_proto_with_info"], grpc_service_config = "@com_google_googleapis//google/cloud/kms/v1:cloudkms_grpc_service_config.json", # For the IAM mixin. - service_yaml = "cloudkms_test_mixins_v1.yaml", + service_yaml = "apis/kms/v1/cloudkms_test_mixins_v1.yaml", test_deps = [ - "@com_google_googleapis//google/cloud/kms/v1:kms_java_grpc", + ":kms_java_grpc", "@com_google_googleapis//google/iam/v1:iam_java_grpc", ], deps = [ - "@com_google_googleapis//google/cloud/kms/v1:kms_java_proto", + ":kms_java_proto", "@com_google_googleapis//google/iam/v1:iam_java_proto", ], ) diff --git a/test/integration/cloudkms_test_mixins_v1.yaml b/test/integration/apis/kms/v1/cloudkms_test_mixins_v1.yaml similarity index 100% rename from test/integration/cloudkms_test_mixins_v1.yaml rename to test/integration/apis/kms/v1/cloudkms_test_mixins_v1.yaml diff --git a/test/integration/apis/kms/v1/resources.proto b/test/integration/apis/kms/v1/resources.proto new file mode 100644 index 0000000000..88e31bd95c --- /dev/null +++ b/test/integration/apis/kms/v1/resources.proto @@ -0,0 +1,605 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.kms.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; +import "google/api/annotations.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Kms.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms"; +option java_multiple_files = true; +option java_outer_classname = "KmsResourcesProto"; +option java_package = "com.google.cloud.kms.v1"; +option php_namespace = "Google\\Cloud\\Kms\\V1"; + +// A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. +message KeyRing { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/KeyRing" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}" + }; + + // Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format + // `projects/*/locations/*/keyRings/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created. + google.protobuf.Timestamp create_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic +// operations. +// +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], +// which represent the actual key material used in cryptographic operations. +message CryptoKey { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/CryptoKey" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" + }; + + // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by + // its purpose. For more information, see + // [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes). + enum CryptoKeyPurpose { + // Not specified. + CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + ENCRYPT_DECRYPT = 1; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + ASYMMETRIC_SIGN = 5; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + ASYMMETRIC_DECRYPT = 6; + } + + // Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used + // by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given + // in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. + // + // The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via + // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a + // primary. For other keys, this field will be omitted. + CryptoKeyVersion primary = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + CryptoKeyPurpose purpose = 3 [(google.api.field_behavior) = IMMUTABLE]; + + // Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. + google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically: + // + // 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // 2. Mark the new version as primary. + // + // Key rotations performed manually via + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and + // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] + // do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support + // automatic rotation. For other keys, this field must be omitted. + google.protobuf.Timestamp next_rotation_time = 7; + + // Controls the rate of automatic rotation. + oneof rotation_schedule { + // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service + // automatically rotates a key. Must be at least 24 hours and at most + // 876,000 hours. + // + // If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support + // automatic rotation. For other keys, this field must be omitted. + google.protobuf.Duration rotation_period = 8; + } + + // A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. + // The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or + // auto-rotation are controlled by this template. + CryptoKeyVersionTemplate version_template = 11; + + // Labels with user-defined metadata. For more information, see + // [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). + map labels = 10; +} + +// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating +// a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with +// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or +// automatically as a result of auto-rotation. +message CryptoKeyVersionTemplate { + // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on + // this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. + ProtectionLevel protection_level = 1; + + // Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use + // when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template. + // + // For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both + // this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Contains an HSM-generated attestation about a key operation. For more +// information, see [Verifying attestations] +// (https://cloud.google.com/kms/docs/attest-key). +message KeyOperationAttestation { + // Attestation formats provided by the HSM. + enum AttestationFormat { + // Not specified. + ATTESTATION_FORMAT_UNSPECIFIED = 0; + + // Cavium HSM attestation compressed with gzip. Note that this format is + // defined by Cavium and subject to change at any time. + CAVIUM_V1_COMPRESSED = 3; + + // Cavium HSM attestation V2 compressed with gzip. This is a new format + // introduced in Cavium's version 3.2-08. + CAVIUM_V2_COMPRESSED = 4; + } + + // Output only. The format of the attestation data. + AttestationFormat format = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The attestation data provided by the HSM when the key + // operation was performed. + bytes content = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the +// associated key material. +// +// An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be +// used for cryptographic operations. +// +// For security reasons, the raw cryptographic key material represented by a +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to +// encrypt, decrypt, or sign data when an authorized user or application invokes +// Cloud KMS. +message CryptoKeyVersion { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" + }; + + // The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what + // parameters must be used for each cryptographic operation. + // + // The + // [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] + // algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + // + // Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + // + // The fields in the name after "RSA_SIGN_" correspond to the following + // parameters: padding algorithm, modulus bit length, and digest algorithm. + // + // For PSS, the salt length used is equal to the length of digest + // algorithm. For example, + // [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] + // will use PSS with a salt length of 256 bits or 32 bytes. + // + // Algorithms beginning with "RSA_DECRYPT_" are usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + // + // The fields in the name after "RSA_DECRYPT_" correspond to the following + // parameters: padding algorithm, modulus bit length, and digest algorithm. + // + // Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + // + // The fields in the name after "EC_SIGN_" correspond to the following + // parameters: elliptic curve, digest algorithm. + // + // For more information, see [Key purposes and algorithms] + // (https://cloud.google.com/kms/docs/algorithms). + enum CryptoKeyVersionAlgorithm { + // Not specified. + CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0; + + // Creates symmetric encryption keys. + GOOGLE_SYMMETRIC_ENCRYPTION = 1; + + // RSASSA-PSS 2048 bit key with a SHA256 digest. + RSA_SIGN_PSS_2048_SHA256 = 2; + + // RSASSA-PSS 3072 bit key with a SHA256 digest. + RSA_SIGN_PSS_3072_SHA256 = 3; + + // RSASSA-PSS 4096 bit key with a SHA256 digest. + RSA_SIGN_PSS_4096_SHA256 = 4; + + // RSASSA-PSS 4096 bit key with a SHA512 digest. + RSA_SIGN_PSS_4096_SHA512 = 15; + + // RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_2048_SHA256 = 5; + + // RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_3072_SHA256 = 6; + + // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_4096_SHA256 = 7; + + // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. + RSA_SIGN_PKCS1_4096_SHA512 = 16; + + // RSAES-OAEP 2048 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_2048_SHA256 = 8; + + // RSAES-OAEP 3072 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_3072_SHA256 = 9; + + // RSAES-OAEP 4096 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_4096_SHA256 = 10; + + // RSAES-OAEP 4096 bit key with a SHA512 digest. + RSA_DECRYPT_OAEP_4096_SHA512 = 17; + + // ECDSA on the NIST P-256 curve with a SHA256 digest. + EC_SIGN_P256_SHA256 = 12; + + // ECDSA on the NIST P-384 curve with a SHA384 digest. + EC_SIGN_P384_SHA384 = 13; + + // Algorithm representing symmetric encryption by an external key manager. + EXTERNAL_SYMMETRIC_ENCRYPTION = 18; + } + + // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used. + enum CryptoKeyVersionState { + // Not specified. + CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0; + + // This version is still being generated. It may not be used, enabled, + // disabled, or destroyed yet. Cloud KMS will automatically mark this + // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + PENDING_GENERATION = 5; + + // This version may be used for cryptographic operations. + ENABLED = 1; + + // This version may not be used, but the key material is still available, + // and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state. + DISABLED = 2; + + // This version is destroyed, and the key material is no longer stored. + // A version may not leave this state once entered. + DESTROYED = 3; + + // This version is scheduled for destruction, and will be destroyed soon. + // Call + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state. + DESTROY_SCHEDULED = 4; + + // This version is still being imported. It may not be used, enabled, + // disabled, or destroyed yet. Cloud KMS will automatically mark this + // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + PENDING_IMPORT = 6; + + // This version was not imported successfully. It may not be used, enabled, + // disabled, or destroyed. The submitted key material has been discarded. + // Additional details can be found in + // [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason]. + IMPORT_FAILED = 7; + } + + // A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned + // for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in + // [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and + // [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + enum CryptoKeyVersionView { + // Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include + // the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field. + CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0; + + // Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the + // [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation]. + FULL = 1; + } + + // Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + CryptoKeyVersionState state = 3; + + // Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are + // performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + ProtectionLevel protection_level = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports. + CryptoKeyVersionAlgorithm algorithm = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Statement that was generated and signed by the HSM at key + // creation time. Use this statement to verify attributes of the key as stored + // on the HSM, independently of Google. Only provided for key versions with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created. + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was + // generated. + google.protobuf.Timestamp generate_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled + // for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]. + google.protobuf.Timestamp destroy_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this CryptoKeyVersion's key material was + // destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. + google.protobuf.Timestamp destroy_event_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was + // imported. + string import_job = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material + // was imported. + google.protobuf.Timestamp import_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The root cause of an import failure. Only present if + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. + string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // ExternalProtectionLevelOptions stores a group of additional fields for + // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. + ExternalProtectionLevelOptions external_protection_level_options = 17; +} + +// The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via +// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. +message PublicKey { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/PublicKey" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey" + }; + + // The public key, encoded in PEM format. For more information, see the + // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for + // [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and + // [Textual Encoding of Subject Public Key Info] + // (https://tools.ietf.org/html/rfc7468#section-13). + string pem = 1; + + // The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated + // with this key. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed + // by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and + // comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value pem_crc32c = 3; + + // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. + // Provided here for verification. + // + // NOTE: This field is in Beta. + string name = 4; +} + +// An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and +// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, +// generated outside of Cloud KMS. +// +// When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", +// which is a public/private key pair. You use the wrapping key to encrypt (also +// known as wrap) the pre-existing key material to protect it during the import +// process. The nature of the wrapping key depends on the choice of +// [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation +// is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to +// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] +// can be fetched. The fetched public key can then be used to wrap your +// pre-existing key material. +// +// Once the key material is wrapped, it can be imported into a new +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling +// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. +// Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single +// [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to +// unwrap the key material. Only Cloud KMS has access to the private key. +// +// An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS +// will no longer be able to import or unwrap any key material that was wrapped +// with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. +// +// For more information, see +// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). +message ImportJob { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/ImportJob" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}" + }; + + // The public key component of the wrapping key. For details of the type of + // key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. + message WrappingPublicKey { + // The public key, encoded in PEM format. For more information, see the [RFC + // 7468](https://tools.ietf.org/html/rfc7468) sections for [General + // Considerations](https://tools.ietf.org/html/rfc7468#section-2) and + // [Textual Encoding of Subject Public Key Info] + // (https://tools.ietf.org/html/rfc7468#section-13). + string pem = 1; + } + + // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this + // [ImportJob][google.cloud.kms.v1.ImportJob]. + enum ImportMethod { + // Not specified. + IMPORT_METHOD_UNSPECIFIED = 0; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 3072 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_3072_SHA1_AES_256 = 1; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 4096 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_4096_SHA1_AES_256 = 2; + } + + // The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used. + enum ImportJobState { + // Not specified. + IMPORT_JOB_STATE_UNSPECIFIED = 0; + + // The wrapping key for this job is still being generated. It may not be + // used. Cloud KMS will automatically mark this job as + // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated. + PENDING_GENERATION = 1; + + // This job may be used in + // [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // requests. + ACTIVE = 2; + + // This job can no longer be used and may not leave this state once entered. + EXPIRED = 3; + } + + // Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format + // `projects/*/locations/*/keyRings/*/importJobs/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Required. Immutable. The wrapping method to be used for incoming key material. + ImportMethod import_method = 2 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; + + // Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the + // [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you + // attempt to import into. + ProtectionLevel protection_level = 9 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; + + // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created. + google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated. + google.protobuf.Timestamp generate_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for + // expiration and can no longer be used to import key material. + google.protobuf.Timestamp expire_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if + // [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. + google.protobuf.Timestamp expire_event_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can + // be used. + ImportJobState state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The public key with which to wrap key material prior to + // import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is + // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. + WrappingPublicKey public_key = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Statement that was generated and signed by the key creator + // (for example, an HSM) at key creation time. Use this statement to verify + // attributes of the key as stored on the HSM, independently of Google. + // Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection + // level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. +// For more information, see [Protection levels] +// (https://cloud.google.com/kms/docs/algorithms#protection_levels). +enum ProtectionLevel { + // Not specified. + PROTECTION_LEVEL_UNSPECIFIED = 0; + + // Crypto operations are performed in software. + SOFTWARE = 1; + + // Crypto operations are performed in a Hardware Security Module. + HSM = 2; + + // Crypto operations are performed by an external key manager. + EXTERNAL = 3; +} + +// ExternalProtectionLevelOptions stores a group of additional fields for +// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the +// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. +message ExternalProtectionLevelOptions { + // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents. + string external_key_uri = 1; +} diff --git a/test/integration/apis/kms/v1/service.proto b/test/integration/apis/kms/v1/service.proto new file mode 100644 index 0000000000..b5884df1eb --- /dev/null +++ b/test/integration/apis/kms/v1/service.proto @@ -0,0 +1,1321 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.kms.v1; + +import "google/api/annotations.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/wrappers.proto"; +import "test/integration/apis/kms/v1/resources.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Kms.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms"; +option java_multiple_files = true; +option java_outer_classname = "KmsProto"; +option java_package = "com.google.cloud.kms.v1"; +option php_namespace = "Google\\Cloud\\Kms\\V1"; + +// Google Cloud Key Management Service +// +// Manages cryptographic keys and operations using those keys. Implements a REST +// model with the following objects: +// +// * [KeyRing][google.cloud.kms.v1.KeyRing] +// * [CryptoKey][google.cloud.kms.v1.CryptoKey] +// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] +// * [ImportJob][google.cloud.kms.v1.ImportJob] +// +// If you are using manual gRPC libraries, see +// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). +service KeyManagementService { + option (google.api.default_host) = "cloudkms.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform," + "https://www.googleapis.com/auth/cloudkms"; + + // Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + rpc ListKeyRings(ListKeyRingsRequest) returns (ListKeyRingsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/keyRings" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + rpc ListCryptoKeys(ListCryptoKeysRequest) returns (ListCryptoKeysResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest) + returns (ListCryptoKeyVersionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + rpc ListImportJobs(ListImportJobsRequest) returns (ListImportJobsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + }; + option (google.api.method_signature) = "parent"; + } + + // Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. + rpc GetKeyRing(GetKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as + // well as its [primary][google.cloud.kms.v1.CryptoKey.primary] + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns the public key for the given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + // or + // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. + rpc GetImportJob(GetImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and + // Location. + rpc CreateKeyRing(CreateKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/keyRings" + body: "key_ring" + }; + option (google.api.method_signature) = "parent,key_ring_id,key_ring"; + } + + // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. + // + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + // are required. + rpc CreateCryptoKey(CreateCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + body: "crypto_key" + }; + option (google.api.method_signature) = "parent,crypto_key_id,crypto_key"; + } + + // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // + // The server will assign the next sequential id. If unset, + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + body: "crypto_key_version" + }; + option (google.api.method_signature) = "parent,crypto_key_version"; + } + + // Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into + // an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the wrapped + // key material provided in the request. + // + // The version ID will be assigned the next sequential id within the + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. + rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import" + body: "*" + }; + } + + // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. + // + // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is + // required. + rpc CreateImportJob(CreateImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + body: "import_job" + }; + option (google.api.method_signature) = "parent,import_job_id,import_job"; + } + + // Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + rpc UpdateCryptoKey(UpdateCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + patch: "/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + body: "crypto_key" + }; + option (google.api.method_signature) = "crypto_key,update_mask"; + } + + // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + // metadata. + // + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // and + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + // using this method. See + // [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + // and + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // to move between other states. + rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + patch: "/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + body: "crypto_key_version" + }; + option (google.api.method_signature) = "crypto_key_version,update_mask"; + } + + // Encrypts data, so that it can only be recovered by a call to + // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + rpc Encrypt(EncryptRequest) returns (EncryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt" + body: "*" + }; + option (google.api.method_signature) = "name,plaintext"; + } + + // Decrypts data that was protected by + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + rpc Decrypt(DecryptRequest) returns (DecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" + body: "*" + }; + option (google.api.method_signature) = "name,ciphertext"; + } + + // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // ASYMMETRIC_SIGN, producing a signature that can be verified with the public + // key retrieved from + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + rpc AsymmetricSign(AsymmetricSignRequest) returns (AsymmetricSignResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign" + body: "*" + }; + option (google.api.method_signature) = "name,digest"; + } + + // Decrypts data that was encrypted with a public key retrieved from + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // ASYMMETRIC_DECRYPT. + rpc AsymmetricDecrypt(AsymmetricDecryptRequest) + returns (AsymmetricDecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt" + body: "*" + }; + option (google.api.method_signature) = "name,ciphertext"; + } + + // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that + // will be used in + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + // + // Returns an error if called on an asymmetric key. + rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) + returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" + body: "*" + }; + option (google.api.method_signature) = "name,crypto_key_version_id"; + } + + // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + // destruction. + // + // Upon calling this method, + // [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will + // be set to + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be set to a time 24 hours in the future, at which point the + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + // and the key material will be irrevocably destroyed. + // + // Before the + // [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is + // reached, + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // may be called to reverse the process. + rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + // state. + // + // Upon restoration of the CryptoKeyVersion, + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be cleared. + rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. + // Returns an empty policy if the resource exists and does not have a policy + // set. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) + returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:getIamPolicy" + body: "*" + }; + } +} + +// Request message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +message ListKeyRingsRequest { + // Required. The resource name of the location associated with the + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Optional. Optional limit on the number of + // [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further + // [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by + // including the + // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +message ListCryptoKeysRequest { + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Optional. Optional limit on the number of + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response. + // Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be + // obtained by including the + // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // The fields of the primary version to include in the response. + CryptoKeyVersion.CryptoKeyVersionView version_view = 4; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +message ListCryptoKeyVersionsRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Optional. Optional limit on the number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the + // response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + // can subsequently be obtained by including the + // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // The fields to include in the response. + CryptoKeyVersion.CryptoKeyVersionView view = 4; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +message ListImportJobsRequest { + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Optional. Optional limit on the number of + // [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response. + // Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be + // obtained by including the + // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +message ListKeyRingsResponse { + // The list of [KeyRings][google.cloud.kms.v1.KeyRing]. + repeated KeyRing key_rings = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched + // the query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +message ListCryptoKeysResponse { + // The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + repeated CryptoKey crypto_keys = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that + // matched the query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +message ListCryptoKeyVersionsResponse { + // The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + repeated CryptoKeyVersion crypto_key_versions = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the + // query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +message ListImportJobsResponse { + // The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. + repeated ImportJob import_jobs = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that + // matched the query. + int32 total_size = 3; +} + +// Request message for +// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. +message GetKeyRingRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; +} + +// Request message for +// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. +message GetCryptoKeyRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; +} + +// Request message for +// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. +message GetCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. +message GetPublicKeyRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. +message GetImportJobRequest { + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/ImportJob" + } + ]; +} + +// Request message for +// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. +message CreateKeyRingRequest { + // Required. The resource name of the location associated with the + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Required. It must be unique within a location and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string key_ring_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field + // values. + KeyRing key_ring = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. +message CreateCryptoKeyRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing + // associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Required. It must be unique within a KeyRing and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string crypto_key_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field + // values. + CryptoKey crypto_key = 3 [(google.api.field_behavior) = REQUIRED]; + + // If set to true, the request will create a + // [CryptoKey][google.cloud.kms.v1.CryptoKey] without any + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must + // manually call + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // or + // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] + // before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + bool skip_initial_version_creation = 5; +} + +// Request message for +// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. +message CreateCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // initial field values. + CryptoKeyVersion crypto_key_version = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. +message ImportCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The + // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // of the key being imported. This does not need to match the + // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 + [(google.api.field_behavior) = REQUIRED]; + + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key + // material. + string import_job = 4 [(google.api.field_behavior) = REQUIRED]; + + // Required. The incoming wrapped key material that is to be imported. + oneof wrapped_key_material { + // Wrapped key material produced with + // [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] + // or + // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]. + // + // This field contains the concatenation of two wrapped keys: + //
    + //
  1. An ephemeral AES-256 wrapping key wrapped with the + // [public_key][google.cloud.kms.v1.ImportJob.public_key] using + // RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. + //
    2. + //
  2. The key to be imported, wrapped with the ephemeral AES-256 key + // using AES-KWP (RFC 5649). + //
    3. + //
+ // + // If importing symmetric key material, it is expected that the unwrapped + // key contains plain bytes. If importing asymmetric key material, it is + // expected that the unwrapped key is in PKCS#8-encoded DER format (the + // PrivateKeyInfo structure from RFC 5208). + // + // This format is the same as the format produced by PKCS#11 mechanism + // CKM_RSA_AES_KEY_WRAP. + bytes rsa_aes_wrapped_key = 5; + } +} + +// Request message for +// [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. +message CreateImportJobRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] associated with the + // [ImportJobs][google.cloud.kms.v1.ImportJob]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Required. It must be unique within a KeyRing and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string import_job_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field + // values. + ImportJob import_job = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. +message UpdateCryptoKeyRequest { + // Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values. + CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of fields to be updated in this request. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. +message UpdateCryptoKeyVersionRequest { + // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // updated values. + CryptoKeyVersion crypto_key_version = 1 + [(google.api.field_behavior) = REQUIRED]; + + // Required. List of fields to be updated in this request. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +message EncryptRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] or + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // encryption. + // + // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server + // will use its [primary version][google.cloud.kms.v1.CryptoKey.primary]. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { type: "*" } + ]; + + // Required. The data to encrypt. Must be no larger than 64KiB. + // + // The maximum size depends on the key version's + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + // plaintext must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. + bytes plaintext = 2 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Optional data that, if specified, must also be provided during + // decryption through + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // + // The maximum size depends on the key version's + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD + // must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) + // is equal to + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 7 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) + // is equal to + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +message DecryptRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The + // server will choose the appropriate version. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The encrypted data originally returned in + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + bytes ciphertext = 2 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Optional data that must match the data originally supplied in + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) + // is equal to + // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 5 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) + // is equal to + // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +message AsymmetricSignRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // signing. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; + + // Required. The digest of the data to sign. The digest must be produced with + // the same digest algorithm as specified by the key version's + // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + Digest digest = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) + // is equal to + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value digest_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +message AsymmetricDecryptRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // decryption. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; + + // Required. The data encrypted with the named + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using + // OAEP. + bytes ciphertext = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) + // is equal to + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +message DecryptResponse { + // The decrypted data originally supplied in + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. + // An integrity check of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: receiving this response message indicates that + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to + // successfully decrypt the + // [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; +} + +// Response message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +message EncryptResponse { + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // encryption. Check this field to verify that the intended resource was used + // for encryption. + string name = 1; + + // The encrypted data. + bytes ciphertext = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + // An integrity check of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // can be performed by computing the CRC32C checksum of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of + // this field indicates either that + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_plaintext_crc32c = 5; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A + // false value of this field indicates either that + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_additional_authenticated_data_crc32c = 6; +} + +// Response message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +message AsymmetricSignResponse { + // The created signature. + bytes signature = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. + // An integrity check of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // can be performed by computing the CRC32C checksum of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value signature_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value + // of this field indicates either that + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_digest_crc32c = 3; + + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // Check this field to verify that the intended resource was used for signing. + // + // NOTE: This field is in Beta. + string name = 4; +} + +// Response message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +message AsymmetricDecryptResponse { + // The decrypted data originally encrypted with the matching public key. + bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. + // An integrity check of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A + // false value of this field indicates either that + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_ciphertext_crc32c = 3; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. +message UpdateCryptoKeyPrimaryVersionRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The id of the child + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. + string crypto_key_version_id = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. +message DestroyCryptoKeyVersionRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. +message RestoreCryptoKeyVersionRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest. +message Digest { + // Required. The message digest. + oneof digest { + // A message digest produced with the SHA-256 algorithm. + bytes sha256 = 1; + + // A message digest produced with the SHA-384 algorithm. + bytes sha384 = 2; + + // A message digest produced with the SHA-512 algorithm. + bytes sha512 = 3; + } +} + +// Cloud KMS metadata for the given +// [google.cloud.location.Location][google.cloud.location.Location]. +message LocationMetadata { + // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this + // location. + bool hsm_available = 1; + + // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in + // this location. + bool ekm_available = 2; +} diff --git a/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java b/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java index 19bac47baf..692563c0a8 100644 --- a/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java +++ b/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java @@ -313,19 +313,19 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub { .setResponseMarshaller(ProtoUtils.marshaller(CryptoKeyVersion.getDefaultInstance())) .build(); - private static final MethodDescriptor setIamPolicyMethodDescriptor = - MethodDescriptor.newBuilder() + private static final MethodDescriptor getIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() .setType(MethodDescriptor.MethodType.UNARY) - .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") - .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) + .setFullMethodName("google.cloud.kms.v1.KeyManagementService/GetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) .build(); - private static final MethodDescriptor getIamPolicyMethodDescriptor = - MethodDescriptor.newBuilder() + private static final MethodDescriptor setIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() .setType(MethodDescriptor.MethodType.UNARY) - .setFullMethodName("google.iam.v1.IAMPolicy/GetIamPolicy") - .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) + .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) .build(); @@ -380,8 +380,8 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub { destroyCryptoKeyVersionCallable; private final UnaryCallable restoreCryptoKeyVersionCallable; - private final UnaryCallable setIamPolicyCallable; private final UnaryCallable getIamPolicyCallable; + private final UnaryCallable setIamPolicyCallable; private final UnaryCallable testIamPermissionsCallable; @@ -744,26 +744,26 @@ public Map extract(RestoreCryptoKeyVersionRequest request) { } }) .build(); - GrpcCallSettings setIamPolicyTransportSettings = - GrpcCallSettings.newBuilder() - .setMethodDescriptor(setIamPolicyMethodDescriptor) + GrpcCallSettings getIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(getIamPolicyMethodDescriptor) .setParamsExtractor( - new RequestParamsExtractor() { + new RequestParamsExtractor() { @Override - public Map extract(SetIamPolicyRequest request) { + public Map extract(GetIamPolicyRequest request) { ImmutableMap.Builder params = ImmutableMap.builder(); params.put("resource", String.valueOf(request.getResource())); return params.build(); } }) .build(); - GrpcCallSettings getIamPolicyTransportSettings = - GrpcCallSettings.newBuilder() - .setMethodDescriptor(getIamPolicyMethodDescriptor) + GrpcCallSettings setIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(setIamPolicyMethodDescriptor) .setParamsExtractor( - new RequestParamsExtractor() { + new RequestParamsExtractor() { @Override - public Map extract(GetIamPolicyRequest request) { + public Map extract(SetIamPolicyRequest request) { ImmutableMap.Builder params = ImmutableMap.builder(); params.put("resource", String.valueOf(request.getResource())); return params.build(); @@ -886,12 +886,12 @@ public Map extract(TestIamPermissionsRequest request) { restoreCryptoKeyVersionTransportSettings, settings.restoreCryptoKeyVersionSettings(), clientContext); - this.setIamPolicyCallable = - callableFactory.createUnaryCallable( - setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); this.getIamPolicyCallable = callableFactory.createUnaryCallable( getIamPolicyTransportSettings, settings.getIamPolicySettings(), clientContext); + this.setIamPolicyCallable = + callableFactory.createUnaryCallable( + setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); this.testIamPermissionsCallable = callableFactory.createUnaryCallable( testIamPermissionsTransportSettings, @@ -1053,13 +1053,13 @@ public UnaryCallable asymmetricSi } @Override - public UnaryCallable setIamPolicyCallable() { - return setIamPolicyCallable; + public UnaryCallable getIamPolicyCallable() { + return getIamPolicyCallable; } @Override - public UnaryCallable getIamPolicyCallable() { - return getIamPolicyCallable; + public UnaryCallable setIamPolicyCallable() { + return setIamPolicyCallable; } @Override diff --git a/test/integration/goldens/kms/KeyManagementServiceClient.java b/test/integration/goldens/kms/KeyManagementServiceClient.java index a1580d3b66..6ce8a338f8 100644 --- a/test/integration/goldens/kms/KeyManagementServiceClient.java +++ b/test/integration/goldens/kms/KeyManagementServiceClient.java @@ -3107,104 +3107,104 @@ public final CryptoKeyVersion restoreCryptoKeyVersion(RestoreCryptoKeyVersionReq // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Sets the access control policy on the specified resource. Replaces any existing policy. + * Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. Returns an empty + * policy if the resource exists and does not have a policy set. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   SetIamPolicyRequest request =
-   *       SetIamPolicyRequest.newBuilder()
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setPolicy(Policy.newBuilder().build())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
    *           .build();
-   *   Policy response = keyManagementServiceClient.setIamPolicy(request);
+   *   Policy response = keyManagementServiceClient.getIamPolicy(request);
    * }
    * }
* * @param request The request object containing all of the parameters for the API call. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ - public final Policy setIamPolicy(SetIamPolicyRequest request) { - return setIamPolicyCallable().call(request); + public final Policy getIamPolicy(GetIamPolicyRequest request) { + return getIamPolicyCallable().call(request); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Sets the access control policy on the specified resource. Replaces any existing policy. + * Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. Returns an empty + * policy if the resource exists and does not have a policy set. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   SetIamPolicyRequest request =
-   *       SetIamPolicyRequest.newBuilder()
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setPolicy(Policy.newBuilder().build())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
    *           .build();
    *   ApiFuture future =
-   *       keyManagementServiceClient.setIamPolicyCallable().futureCall(request);
+   *       keyManagementServiceClient.getIamPolicyCallable().futureCall(request);
    *   // Do something.
    *   Policy response = future.get();
    * }
    * }
*/ - public final UnaryCallable setIamPolicyCallable() { - return stub.setIamPolicyCallable(); + public final UnaryCallable getIamPolicyCallable() { + return stub.getIamPolicyCallable(); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Gets the access control policy for a resource. Returns an empty policy if the resource exists - * and does not have a policy set. + * Sets the access control policy on the specified resource. Replaces any existing policy. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   GetIamPolicyRequest request =
-   *       GetIamPolicyRequest.newBuilder()
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .setPolicy(Policy.newBuilder().build())
    *           .build();
-   *   Policy response = keyManagementServiceClient.getIamPolicy(request);
+   *   Policy response = keyManagementServiceClient.setIamPolicy(request);
    * }
    * }
* * @param request The request object containing all of the parameters for the API call. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ - public final Policy getIamPolicy(GetIamPolicyRequest request) { - return getIamPolicyCallable().call(request); + public final Policy setIamPolicy(SetIamPolicyRequest request) { + return setIamPolicyCallable().call(request); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Gets the access control policy for a resource. Returns an empty policy if the resource exists - * and does not have a policy set. + * Sets the access control policy on the specified resource. Replaces any existing policy. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   GetIamPolicyRequest request =
-   *       GetIamPolicyRequest.newBuilder()
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .setPolicy(Policy.newBuilder().build())
    *           .build();
    *   ApiFuture future =
-   *       keyManagementServiceClient.getIamPolicyCallable().futureCall(request);
+   *       keyManagementServiceClient.setIamPolicyCallable().futureCall(request);
    *   // Do something.
    *   Policy response = future.get();
    * }
    * }
*/ - public final UnaryCallable getIamPolicyCallable() { - return stub.getIamPolicyCallable(); + public final UnaryCallable setIamPolicyCallable() { + return stub.setIamPolicyCallable(); } // AUTO-GENERATED DOCUMENTATION AND METHOD. diff --git a/test/integration/goldens/kms/KeyManagementServiceClientTest.java b/test/integration/goldens/kms/KeyManagementServiceClientTest.java index e185914bd3..9ed23027e3 100644 --- a/test/integration/goldens/kms/KeyManagementServiceClientTest.java +++ b/test/integration/goldens/kms/KeyManagementServiceClientTest.java @@ -2216,30 +2216,30 @@ public void restoreCryptoKeyVersionExceptionTest2() throws Exception { } @Test - public void setIamPolicyTest() throws Exception { + public void getIamPolicyTest() throws Exception { Policy expectedResponse = Policy.newBuilder() .setVersion(351608024) .addAllBindings(new ArrayList()) .setEtag(ByteString.EMPTY) .build(); - mockIAMPolicy.addResponse(expectedResponse); + mockKeyManagementService.addResponse(expectedResponse); - SetIamPolicyRequest request = - SetIamPolicyRequest.newBuilder() + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setPolicy(Policy.newBuilder().build()) + .setOptions(GetPolicyOptions.newBuilder().build()) .build(); - Policy actualResponse = client.setIamPolicy(request); + Policy actualResponse = client.getIamPolicy(request); Assert.assertEquals(expectedResponse, actualResponse); - List actualRequests = mockIAMPolicy.getRequests(); + List actualRequests = mockKeyManagementService.getRequests(); Assert.assertEquals(1, actualRequests.size()); - SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); + GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); Assert.assertEquals(request.getResource(), actualRequest.getResource()); - Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); + Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); Assert.assertTrue( channelProvider.isHeaderSent( ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), @@ -2247,17 +2247,17 @@ public void setIamPolicyTest() throws Exception { } @Test - public void setIamPolicyExceptionTest() throws Exception { + public void getIamPolicyExceptionTest() throws Exception { StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); - mockIAMPolicy.addException(exception); + mockKeyManagementService.addException(exception); try { - SetIamPolicyRequest request = - SetIamPolicyRequest.newBuilder() + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setPolicy(Policy.newBuilder().build()) + .setOptions(GetPolicyOptions.newBuilder().build()) .build(); - client.setIamPolicy(request); + client.getIamPolicy(request); Assert.fail("No exception raised"); } catch (InvalidArgumentException e) { // Expected exception. @@ -2265,7 +2265,7 @@ public void setIamPolicyExceptionTest() throws Exception { } @Test - public void getIamPolicyTest() throws Exception { + public void setIamPolicyTest() throws Exception { Policy expectedResponse = Policy.newBuilder() .setVersion(351608024) @@ -2274,21 +2274,21 @@ public void getIamPolicyTest() throws Exception { .build(); mockIAMPolicy.addResponse(expectedResponse); - GetIamPolicyRequest request = - GetIamPolicyRequest.newBuilder() + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setOptions(GetPolicyOptions.newBuilder().build()) + .setPolicy(Policy.newBuilder().build()) .build(); - Policy actualResponse = client.getIamPolicy(request); + Policy actualResponse = client.setIamPolicy(request); Assert.assertEquals(expectedResponse, actualResponse); List actualRequests = mockIAMPolicy.getRequests(); Assert.assertEquals(1, actualRequests.size()); - GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); + SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); Assert.assertEquals(request.getResource(), actualRequest.getResource()); - Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); + Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); Assert.assertTrue( channelProvider.isHeaderSent( ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), @@ -2296,17 +2296,17 @@ public void getIamPolicyTest() throws Exception { } @Test - public void getIamPolicyExceptionTest() throws Exception { + public void setIamPolicyExceptionTest() throws Exception { StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); mockIAMPolicy.addException(exception); try { - GetIamPolicyRequest request = - GetIamPolicyRequest.newBuilder() + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setOptions(GetPolicyOptions.newBuilder().build()) + .setPolicy(Policy.newBuilder().build()) .build(); - client.getIamPolicy(request); + client.setIamPolicy(request); Assert.fail("No exception raised"); } catch (InvalidArgumentException e) { // Expected exception. diff --git a/test/integration/goldens/kms/KeyManagementServiceSettings.java b/test/integration/goldens/kms/KeyManagementServiceSettings.java index acc300034d..862f6ca98d 100644 --- a/test/integration/goldens/kms/KeyManagementServiceSettings.java +++ b/test/integration/goldens/kms/KeyManagementServiceSettings.java @@ -212,16 +212,16 @@ public UnaryCallSettings asymmetr return ((KeyManagementServiceStubSettings) getStubSettings()).restoreCryptoKeyVersionSettings(); } - /** Returns the object with the settings used for calls to setIamPolicy. */ - public UnaryCallSettings setIamPolicySettings() { - return ((KeyManagementServiceStubSettings) getStubSettings()).setIamPolicySettings(); - } - /** Returns the object with the settings used for calls to getIamPolicy. */ public UnaryCallSettings getIamPolicySettings() { return ((KeyManagementServiceStubSettings) getStubSettings()).getIamPolicySettings(); } + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return ((KeyManagementServiceStubSettings) getStubSettings()).setIamPolicySettings(); + } + /** Returns the object with the settings used for calls to testIamPermissions. */ public UnaryCallSettings testIamPermissionsSettings() { @@ -461,16 +461,16 @@ public UnaryCallSettings.Builder decryptSetting return getStubSettingsBuilder().restoreCryptoKeyVersionSettings(); } - /** Returns the builder for the settings used for calls to setIamPolicy. */ - public UnaryCallSettings.Builder setIamPolicySettings() { - return getStubSettingsBuilder().setIamPolicySettings(); - } - /** Returns the builder for the settings used for calls to getIamPolicy. */ public UnaryCallSettings.Builder getIamPolicySettings() { return getStubSettingsBuilder().getIamPolicySettings(); } + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return getStubSettingsBuilder().setIamPolicySettings(); + } + /** Returns the builder for the settings used for calls to testIamPermissions. */ public UnaryCallSettings.Builder testIamPermissionsSettings() { diff --git a/test/integration/goldens/kms/KeyManagementServiceStub.java b/test/integration/goldens/kms/KeyManagementServiceStub.java index 837b4b0bab..b180582def 100644 --- a/test/integration/goldens/kms/KeyManagementServiceStub.java +++ b/test/integration/goldens/kms/KeyManagementServiceStub.java @@ -196,14 +196,14 @@ public UnaryCallable asymmetricSi throw new UnsupportedOperationException("Not implemented: restoreCryptoKeyVersionCallable()"); } - public UnaryCallable setIamPolicyCallable() { - throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); - } - public UnaryCallable getIamPolicyCallable() { throw new UnsupportedOperationException("Not implemented: getIamPolicyCallable()"); } + public UnaryCallable setIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); + } + public UnaryCallable testIamPermissionsCallable() { throw new UnsupportedOperationException("Not implemented: testIamPermissionsCallable()"); diff --git a/test/integration/goldens/kms/KeyManagementServiceStubSettings.java b/test/integration/goldens/kms/KeyManagementServiceStubSettings.java index f36350a7ce..efc069c515 100644 --- a/test/integration/goldens/kms/KeyManagementServiceStubSettings.java +++ b/test/integration/goldens/kms/KeyManagementServiceStubSettings.java @@ -178,8 +178,8 @@ public class KeyManagementServiceStubSettings destroyCryptoKeyVersionSettings; private final UnaryCallSettings restoreCryptoKeyVersionSettings; - private final UnaryCallSettings setIamPolicySettings; private final UnaryCallSettings getIamPolicySettings; + private final UnaryCallSettings setIamPolicySettings; private final UnaryCallSettings testIamPermissionsSettings; @@ -541,16 +541,16 @@ public UnaryCallSettings asymmetr return restoreCryptoKeyVersionSettings; } - /** Returns the object with the settings used for calls to setIamPolicy. */ - public UnaryCallSettings setIamPolicySettings() { - return setIamPolicySettings; - } - /** Returns the object with the settings used for calls to getIamPolicy. */ public UnaryCallSettings getIamPolicySettings() { return getIamPolicySettings; } + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return setIamPolicySettings; + } + /** Returns the object with the settings used for calls to testIamPermissions. */ public UnaryCallSettings testIamPermissionsSettings() { @@ -650,8 +650,8 @@ protected KeyManagementServiceStubSettings(Builder settingsBuilder) throws IOExc settingsBuilder.updateCryptoKeyPrimaryVersionSettings().build(); destroyCryptoKeyVersionSettings = settingsBuilder.destroyCryptoKeyVersionSettings().build(); restoreCryptoKeyVersionSettings = settingsBuilder.restoreCryptoKeyVersionSettings().build(); - setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); getIamPolicySettings = settingsBuilder.getIamPolicySettings().build(); + setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); testIamPermissionsSettings = settingsBuilder.testIamPermissionsSettings().build(); } @@ -704,8 +704,8 @@ public static class Builder destroyCryptoKeyVersionSettings; private final UnaryCallSettings.Builder restoreCryptoKeyVersionSettings; - private final UnaryCallSettings.Builder setIamPolicySettings; private final UnaryCallSettings.Builder getIamPolicySettings; + private final UnaryCallSettings.Builder setIamPolicySettings; private final UnaryCallSettings.Builder testIamPermissionsSettings; private static final ImmutableMap> @@ -782,8 +782,8 @@ protected Builder(ClientContext clientContext) { updateCryptoKeyPrimaryVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); destroyCryptoKeyVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); restoreCryptoKeyVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); - setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); getIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); testIamPermissionsSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); unaryMethodSettingsBuilders = @@ -811,8 +811,8 @@ protected Builder(ClientContext clientContext) { updateCryptoKeyPrimaryVersionSettings, destroyCryptoKeyVersionSettings, restoreCryptoKeyVersionSettings, - setIamPolicySettings, getIamPolicySettings, + setIamPolicySettings, testIamPermissionsSettings); initDefaults(this); } @@ -844,8 +844,8 @@ protected Builder(KeyManagementServiceStubSettings settings) { settings.updateCryptoKeyPrimaryVersionSettings.toBuilder(); destroyCryptoKeyVersionSettings = settings.destroyCryptoKeyVersionSettings.toBuilder(); restoreCryptoKeyVersionSettings = settings.restoreCryptoKeyVersionSettings.toBuilder(); - setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); getIamPolicySettings = settings.getIamPolicySettings.toBuilder(); + setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); testIamPermissionsSettings = settings.testIamPermissionsSettings.toBuilder(); unaryMethodSettingsBuilders = @@ -873,8 +873,8 @@ protected Builder(KeyManagementServiceStubSettings settings) { updateCryptoKeyPrimaryVersionSettings, destroyCryptoKeyVersionSettings, restoreCryptoKeyVersionSettings, - setIamPolicySettings, getIamPolicySettings, + setIamPolicySettings, testIamPermissionsSettings); } @@ -1006,12 +1006,12 @@ private static Builder initDefaults(Builder builder) { .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); builder - .setIamPolicySettings() + .getIamPolicySettings() .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes")) .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); builder - .getIamPolicySettings() + .setIamPolicySettings() .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes")) .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); @@ -1173,16 +1173,16 @@ public UnaryCallSettings.Builder decryptSetting return restoreCryptoKeyVersionSettings; } - /** Returns the builder for the settings used for calls to setIamPolicy. */ - public UnaryCallSettings.Builder setIamPolicySettings() { - return setIamPolicySettings; - } - /** Returns the builder for the settings used for calls to getIamPolicy. */ public UnaryCallSettings.Builder getIamPolicySettings() { return getIamPolicySettings; } + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return setIamPolicySettings; + } + /** Returns the builder for the settings used for calls to testIamPermissions. */ public UnaryCallSettings.Builder testIamPermissionsSettings() { diff --git a/test/integration/goldens/kms/MockKeyManagementServiceImpl.java b/test/integration/goldens/kms/MockKeyManagementServiceImpl.java index d979462264..b6b9fbda5c 100644 --- a/test/integration/goldens/kms/MockKeyManagementServiceImpl.java +++ b/test/integration/goldens/kms/MockKeyManagementServiceImpl.java @@ -18,6 +18,8 @@ import com.google.api.core.BetaApi; import com.google.cloud.kms.v1.KeyManagementServiceGrpc.KeyManagementServiceImplBase; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; import com.google.protobuf.AbstractMessage; import io.grpc.stub.StreamObserver; import java.util.ArrayList; @@ -539,4 +541,24 @@ public void restoreCryptoKeyVersion( Exception.class.getName()))); } } + + @Override + public void getIamPolicy(GetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method GetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } } From cdce15e668b72d9f9a8855d508e1d42ca161955d Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Tue, 2 Mar 2021 22:42:34 -0800 Subject: [PATCH 2/7] fix(mixins): enable RPC overrides to clobber mixed-in RPCs --- .github/workflows/ci.yaml | 2 +- .../GrpcServiceStubClassComposer.java | 2 +- .../generator/gapic/protoparser/Parser.java | 47 +- test/integration/BUILD.bazel | 89 +- .../kms/v1}/cloudkms_test_mixins_v1.yaml | 0 test/integration/apis/kms/v1/resources.proto | 605 ++++++++ test/integration/apis/kms/v1/service.proto | 1321 +++++++++++++++++ test/integration/goldens/iam/BUILD.bazel | 9 + .../iam/GrpcIAMPolicyCallableFactory.java | 113 ++ .../goldens/iam/GrpcIAMPolicyStub.java | 227 +++ .../goldens/iam/IAMPolicyClient.java | 348 +++++ .../goldens/iam/IAMPolicyClientTest.java | 222 +++ .../goldens/iam/IAMPolicySettings.java | 203 +++ .../goldens/iam/IAMPolicyStub.java | 52 + .../goldens/iam/IAMPolicyStubSettings.java | 313 ++++ .../goldens/iam/MockIAMPolicy.java | 59 + .../goldens/iam/MockIAMPolicyImpl.java | 122 ++ .../goldens/iam/PlaceholderFile.java | 0 .../goldens/iam/gapic_metadata.json | 27 + .../integration/goldens/iam/package-info.java | 61 + .../kms/GrpcKeyManagementServiceStub.java | 52 +- .../kms/KeyManagementServiceClient.java | 60 +- .../kms/KeyManagementServiceClientTest.java | 54 +- .../kms/KeyManagementServiceSettings.java | 20 +- .../goldens/kms/KeyManagementServiceStub.java | 8 +- .../kms/KeyManagementServiceStubSettings.java | 38 +- .../kms/MockKeyManagementServiceImpl.java | 22 + test/integration/iam_grpc_service_config.json | 21 + 28 files changed, 3961 insertions(+), 136 deletions(-) rename test/integration/{ => apis/kms/v1}/cloudkms_test_mixins_v1.yaml (100%) create mode 100644 test/integration/apis/kms/v1/resources.proto create mode 100644 test/integration/apis/kms/v1/service.proto create mode 100644 test/integration/goldens/iam/BUILD.bazel create mode 100644 test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java create mode 100644 test/integration/goldens/iam/GrpcIAMPolicyStub.java create mode 100644 test/integration/goldens/iam/IAMPolicyClient.java create mode 100644 test/integration/goldens/iam/IAMPolicyClientTest.java create mode 100644 test/integration/goldens/iam/IAMPolicySettings.java create mode 100644 test/integration/goldens/iam/IAMPolicyStub.java create mode 100644 test/integration/goldens/iam/IAMPolicyStubSettings.java create mode 100644 test/integration/goldens/iam/MockIAMPolicy.java create mode 100644 test/integration/goldens/iam/MockIAMPolicyImpl.java create mode 100644 test/integration/goldens/iam/PlaceholderFile.java create mode 100644 test/integration/goldens/iam/gapic_metadata.json create mode 100644 test/integration/goldens/iam/package-info.java create mode 100644 test/integration/iam_grpc_service_config.json diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9222c3e454..af57791e16 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: run: bazel --batch test $(bazel query "//src/test/..." | grep "Test$") --noshow_progress - name: Integration Tests - run: bazel --batch test //test/integration:asset //test/integration:credentials //test/integration:kms //test/integration:logging //test/integration:redis //test/integration:library --noshow_progress + run: bazel --batch test //test/integration:asset //test/integration:credentials //test/integration:kms //test/integration:logging //test/integration:iam //test/integration:redis //test/integration:library --noshow_progress - uses: actions/upload-artifact@v2 if: ${{ failure() }} diff --git a/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java b/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java index 788c7272f6..7b21e8c692 100644 --- a/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java +++ b/src/main/java/com/google/api/generator/gapic/composer/GrpcServiceStubClassComposer.java @@ -105,7 +105,7 @@ public class GrpcServiceStubClassComposer implements ClassComposer { // Legacy support for the original reroute_to_grpc_interface option in gapic.yaml. These two APIs // predate the modern way, which is to add the RPCs directly into the proto. private static final Set REROUTE_TO_GRPC_INTERFACE_SERVICE_ALLOWLIST = - new HashSet<>(Arrays.asList("google.cloud.kms.v1", "google.pubsub.v1")); + new HashSet<>(Arrays.asList("google.pubsub.v1")); private static final Set REROUTE_TO_GRPC_INTERFACE_IAM_METHOD_ALLOWLIST = new HashSet<>(Arrays.asList("SetIamPolicy", "GetIamPolicy", "TestIamPermissions")); diff --git a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java index 795ace8eac..ca5c992d04 100644 --- a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java +++ b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java @@ -215,13 +215,21 @@ public static List parseServices( // indicator that we are not generating a GAPIC client for the mixed-in service on its own. Function serviceFullNameFn = s -> String.format("%s.%s", s.protoPakkage(), s.name()); - Set blockedCodegenMixinApis = - services.stream() - .filter(s -> MIXIN_ALLOWLIST.contains(serviceFullNameFn.apply(s))) - .map(s -> s) - .collect(Collectors.toSet()); + Set blockedCodegenMixinApis = new HashSet<>(); + Set definedServices = new HashSet<>(); + for (Service s : services) { + if (MIXIN_ALLOWLIST.contains(serviceFullNameFn.apply(s))) { + blockedCodegenMixinApis.add(s); + } else { + definedServices.add(s); + } + } + // It's very unlikely the blocklisted APIs will contain the other, or any other service. - boolean servicesContainBlocklistedApi = !blockedCodegenMixinApis.isEmpty(); + boolean servicesContainBlocklistedApi = + !blockedCodegenMixinApis.isEmpty() && !definedServices.isEmpty(); + // Service names that are stated in the YAML file (as mixins). Used to filter + // blockedCodegenMixinApis. Set mixedInApis = !serviceYamlProtoOpt.isPresent() ? Collections.emptySet() @@ -229,6 +237,14 @@ public static List parseServices( .filter(a -> MIXIN_ALLOWLIST.contains(a.getName())) .map(a -> a.getName()) .collect(Collectors.toSet()); + Set apiDefinedRpcs = new HashSet<>(); + for (Service service : services) { + if (blockedCodegenMixinApis.contains(service)) { + continue; + } + apiDefinedRpcs.addAll( + service.methods().stream().map(m -> m.name()).collect(Collectors.toSet())); + } // Mix-in APIs only if the protos are present and they're defined in the service.yaml file. Set outputMixinServiceSet = new HashSet<>(); if (servicesContainBlocklistedApi && !mixedInApis.isEmpty()) { @@ -241,13 +257,18 @@ public static List parseServices( String.format("%s.%s", mixinService.protoPakkage(), mixinService.name()))) { continue; } - List mixinMethods = new ArrayList<>(mixinService.methods()); - mixinMethods.forEach( - m -> - updatedMethods.add( - m.toBuilder() - .setMixedInApiName(serviceFullNameFn.apply(mixinService)) - .build())); + mixinService + .methods() + .forEach( + m -> { + // Overridden RPCs defined in the protos take precedence. + if (!apiDefinedRpcs.contains(m.name())) { + updatedMethods.add( + m.toBuilder() + .setMixedInApiName(serviceFullNameFn.apply(mixinService)) + .build()); + } + }); outputMixinServiceSet.add(mixinService); } services.set(i, originalService.toBuilder().setMethods(updatedMethods).build()); diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 59a28a9608..70fa0d8b2c 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -3,6 +3,8 @@ load( "java_gapic_assembly_gradle_pkg", "java_gapic_library", "java_gapic_test", + "java_grpc_library", + "java_proto_library", ) load( "//:rules_bazel/java/integration_test.bzl", @@ -19,7 +21,8 @@ package(default_visibility = ["//visibility:public"]) INTEGRATION_TEST_LIBRARIES = [ "asset", # Basic case. "credentials", # Check that the capital name edge case is handled. - "kms", # Mixins. + "iam", # Mixin-only special-case API can build on its own. + "kms", # Mixins, with an override in the proto file. "logging", # Java package remapping in gapic.yaml. "redis", # Has a gapic.yaml. "library", # No gRPC service config. @@ -29,6 +32,7 @@ INTEGRATION_TEST_LIBRARIES = [ API_GAPIC_TARGETS = { "asset": "@com_google_googleapis//google/cloud/asset/v1:asset_java_gapic", "credentials": "@com_google_googleapis//google/iam/credentials/v1:credentials_java_gapic", + "iam": ":iam_java_gapic", # Googleapis' LRO does not have a Java Gapic. "kms": ":kms_java_gapic", # Local target because mixins are not rolled out yet. "logging": "@com_google_googleapis//google/logging/v2:logging_java_gapic", "redis": "@com_google_googleapis//google/cloud/redis/v1beta1:redis_java_gapic", @@ -155,19 +159,94 @@ java_gapic_assembly_gradle_pkg( ], ) +# Operations (for a standalone mixed-in API). +java_gapic_library( + name = "iam_java_gapic", + srcs = ["@com_google_googleapis//google/iam/v1:iam_proto_with_info"], + grpc_service_config = "iam_grpc_service_config.json", + test_deps = [ + "@com_google_googleapis//google/iam/v1:iam_java_grpc", + ], + deps = [ + "@com_google_googleapis//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "iam_java_gapic_test_suite", + test_classes = [ + "com.google.iam.v1.IAMPolicyClientTest", + ], + runtime_deps = ["iam_java_gapic_test"], +) + +java_gapic_assembly_gradle_pkg( + name = "google-cloud-iam-java", + deps = [ + ":iam_java_gapic", + "@com_google_googleapis//google/iam/v1:iam_java_grpc", + "@com_google_googleapis//google/iam/v1:iam_java_proto", + ], +) + # KMS (for mixins). +load("@rules_proto//proto:defs.bzl", "proto_library") +load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") + +proto_library( + name = "kms_proto", + srcs = [ + "apis/kms/v1/resources.proto", + "apis/kms/v1/service.proto", + ], + deps = [ + "@com_google_googleapis//google/api:annotations_proto", + "@com_google_googleapis//google/api:client_proto", + "@com_google_googleapis//google/api:field_behavior_proto", + "@com_google_googleapis//google/api:resource_proto", + "@com_google_googleapis//google/iam/v1:iam_policy_proto", + "@com_google_googleapis//google/iam/v1:policy_proto", + "@com_google_protobuf//:duration_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:struct_proto", + "@com_google_protobuf//:timestamp_proto", + "@com_google_protobuf//:wrappers_proto", + ], +) + +proto_library_with_info( + name = "kms_proto_with_info", + deps = [ + ":kms_proto", + "@com_google_googleapis//google/cloud:common_resources_proto", + "@com_google_googleapis//google/iam/v1:iam_policy_proto", + "@com_google_googleapis//google/iam/v1:policy_proto", + ], +) + +java_proto_library( + name = "kms_java_proto", + deps = [":kms_proto"], +) + +java_grpc_library( + name = "kms_java_grpc", + srcs = [":kms_proto"], + deps = [":kms_java_proto"], +) + java_gapic_library( name = "kms_java_gapic", - srcs = ["@com_google_googleapis//google/cloud/kms/v1:kms_proto_with_info"], + srcs = [":kms_proto_with_info"], grpc_service_config = "@com_google_googleapis//google/cloud/kms/v1:cloudkms_grpc_service_config.json", # For the IAM mixin. - service_yaml = "cloudkms_test_mixins_v1.yaml", + service_yaml = "apis/kms/v1/cloudkms_test_mixins_v1.yaml", test_deps = [ - "@com_google_googleapis//google/cloud/kms/v1:kms_java_grpc", + ":kms_java_grpc", "@com_google_googleapis//google/iam/v1:iam_java_grpc", ], deps = [ - "@com_google_googleapis//google/cloud/kms/v1:kms_java_proto", + ":kms_java_proto", "@com_google_googleapis//google/iam/v1:iam_java_proto", ], ) diff --git a/test/integration/cloudkms_test_mixins_v1.yaml b/test/integration/apis/kms/v1/cloudkms_test_mixins_v1.yaml similarity index 100% rename from test/integration/cloudkms_test_mixins_v1.yaml rename to test/integration/apis/kms/v1/cloudkms_test_mixins_v1.yaml diff --git a/test/integration/apis/kms/v1/resources.proto b/test/integration/apis/kms/v1/resources.proto new file mode 100644 index 0000000000..88e31bd95c --- /dev/null +++ b/test/integration/apis/kms/v1/resources.proto @@ -0,0 +1,605 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.kms.v1; + +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; +import "google/protobuf/wrappers.proto"; +import "google/api/annotations.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Kms.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms"; +option java_multiple_files = true; +option java_outer_classname = "KmsResourcesProto"; +option java_package = "com.google.cloud.kms.v1"; +option php_namespace = "Google\\Cloud\\Kms\\V1"; + +// A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. +message KeyRing { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/KeyRing" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}" + }; + + // Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format + // `projects/*/locations/*/keyRings/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created. + google.protobuf.Timestamp create_time = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic +// operations. +// +// A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], +// which represent the actual key material used in cryptographic operations. +message CryptoKey { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/CryptoKey" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}" + }; + + // [CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by + // its purpose. For more information, see + // [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes). + enum CryptoKeyPurpose { + // Not specified. + CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. + ENCRYPT_DECRYPT = 1; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + ASYMMETRIC_SIGN = 5; + + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with + // [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + ASYMMETRIC_DECRYPT = 6; + } + + // Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used + // by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given + // in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. + // + // The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via + // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a + // primary. For other keys, this field will be omitted. + CryptoKeyVersion primary = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + CryptoKeyPurpose purpose = 3 [(google.api.field_behavior) = IMMUTABLE]; + + // Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. + google.protobuf.Timestamp create_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically: + // + // 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // 2. Mark the new version as primary. + // + // Key rotations performed manually via + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and + // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] + // do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support + // automatic rotation. For other keys, this field must be omitted. + google.protobuf.Timestamp next_rotation_time = 7; + + // Controls the rate of automatic rotation. + oneof rotation_schedule { + // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service + // automatically rotates a key. Must be at least 24 hours and at most + // 876,000 hours. + // + // If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set. + // + // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support + // automatic rotation. For other keys, this field must be omitted. + google.protobuf.Duration rotation_period = 8; + } + + // A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. + // The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or + // auto-rotation are controlled by this template. + CryptoKeyVersionTemplate version_template = 11; + + // Labels with user-defined metadata. For more information, see + // [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). + map labels = 10; +} + +// A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating +// a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with +// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or +// automatically as a result of auto-rotation. +message CryptoKeyVersionTemplate { + // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on + // this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. + ProtectionLevel protection_level = 1; + + // Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use + // when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template. + // + // For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both + // this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Contains an HSM-generated attestation about a key operation. For more +// information, see [Verifying attestations] +// (https://cloud.google.com/kms/docs/attest-key). +message KeyOperationAttestation { + // Attestation formats provided by the HSM. + enum AttestationFormat { + // Not specified. + ATTESTATION_FORMAT_UNSPECIFIED = 0; + + // Cavium HSM attestation compressed with gzip. Note that this format is + // defined by Cavium and subject to change at any time. + CAVIUM_V1_COMPRESSED = 3; + + // Cavium HSM attestation V2 compressed with gzip. This is a new format + // introduced in Cavium's version 3.2-08. + CAVIUM_V2_COMPRESSED = 4; + } + + // Output only. The format of the attestation data. + AttestationFormat format = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The attestation data provided by the HSM when the key + // operation was performed. + bytes content = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the +// associated key material. +// +// An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be +// used for cryptographic operations. +// +// For security reasons, the raw cryptographic key material represented by a +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to +// encrypt, decrypt, or sign data when an authorized user or application invokes +// Cloud KMS. +message CryptoKeyVersion { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}" + }; + + // The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what + // parameters must be used for each cryptographic operation. + // + // The + // [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] + // algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + // + // Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + // + // The fields in the name after "RSA_SIGN_" correspond to the following + // parameters: padding algorithm, modulus bit length, and digest algorithm. + // + // For PSS, the salt length used is equal to the length of digest + // algorithm. For example, + // [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] + // will use PSS with a salt length of 256 bits or 32 bytes. + // + // Algorithms beginning with "RSA_DECRYPT_" are usable with + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + // + // The fields in the name after "RSA_DECRYPT_" correspond to the following + // parameters: padding algorithm, modulus bit length, and digest algorithm. + // + // Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]. + // + // The fields in the name after "EC_SIGN_" correspond to the following + // parameters: elliptic curve, digest algorithm. + // + // For more information, see [Key purposes and algorithms] + // (https://cloud.google.com/kms/docs/algorithms). + enum CryptoKeyVersionAlgorithm { + // Not specified. + CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0; + + // Creates symmetric encryption keys. + GOOGLE_SYMMETRIC_ENCRYPTION = 1; + + // RSASSA-PSS 2048 bit key with a SHA256 digest. + RSA_SIGN_PSS_2048_SHA256 = 2; + + // RSASSA-PSS 3072 bit key with a SHA256 digest. + RSA_SIGN_PSS_3072_SHA256 = 3; + + // RSASSA-PSS 4096 bit key with a SHA256 digest. + RSA_SIGN_PSS_4096_SHA256 = 4; + + // RSASSA-PSS 4096 bit key with a SHA512 digest. + RSA_SIGN_PSS_4096_SHA512 = 15; + + // RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_2048_SHA256 = 5; + + // RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_3072_SHA256 = 6; + + // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_4096_SHA256 = 7; + + // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. + RSA_SIGN_PKCS1_4096_SHA512 = 16; + + // RSAES-OAEP 2048 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_2048_SHA256 = 8; + + // RSAES-OAEP 3072 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_3072_SHA256 = 9; + + // RSAES-OAEP 4096 bit key with a SHA256 digest. + RSA_DECRYPT_OAEP_4096_SHA256 = 10; + + // RSAES-OAEP 4096 bit key with a SHA512 digest. + RSA_DECRYPT_OAEP_4096_SHA512 = 17; + + // ECDSA on the NIST P-256 curve with a SHA256 digest. + EC_SIGN_P256_SHA256 = 12; + + // ECDSA on the NIST P-384 curve with a SHA384 digest. + EC_SIGN_P384_SHA384 = 13; + + // Algorithm representing symmetric encryption by an external key manager. + EXTERNAL_SYMMETRIC_ENCRYPTION = 18; + } + + // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used. + enum CryptoKeyVersionState { + // Not specified. + CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0; + + // This version is still being generated. It may not be used, enabled, + // disabled, or destroyed yet. Cloud KMS will automatically mark this + // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + PENDING_GENERATION = 5; + + // This version may be used for cryptographic operations. + ENABLED = 1; + + // This version may not be used, but the key material is still available, + // and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state. + DISABLED = 2; + + // This version is destroyed, and the key material is no longer stored. + // A version may not leave this state once entered. + DESTROYED = 3; + + // This version is scheduled for destruction, and will be destroyed soon. + // Call + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state. + DESTROY_SCHEDULED = 4; + + // This version is still being imported. It may not be used, enabled, + // disabled, or destroyed yet. Cloud KMS will automatically mark this + // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. + PENDING_IMPORT = 6; + + // This version was not imported successfully. It may not be used, enabled, + // disabled, or destroyed. The submitted key material has been discarded. + // Additional details can be found in + // [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason]. + IMPORT_FAILED = 7; + } + + // A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned + // for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in + // [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and + // [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. + enum CryptoKeyVersionView { + // Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include + // the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field. + CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0; + + // Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the + // [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation]. + FULL = 1; + } + + // Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + CryptoKeyVersionState state = 3; + + // Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are + // performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + ProtectionLevel protection_level = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports. + CryptoKeyVersionAlgorithm algorithm = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Statement that was generated and signed by the HSM at key + // creation time. Use this statement to verify attributes of the key as stored + // on the HSM, independently of Google. Only provided for key versions with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created. + google.protobuf.Timestamp create_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was + // generated. + google.protobuf.Timestamp generate_time = 11 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled + // for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]. + google.protobuf.Timestamp destroy_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this CryptoKeyVersion's key material was + // destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. + google.protobuf.Timestamp destroy_event_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was + // imported. + string import_job = 14 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material + // was imported. + google.protobuf.Timestamp import_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The root cause of an import failure. Only present if + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. + string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // ExternalProtectionLevelOptions stores a group of additional fields for + // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. + ExternalProtectionLevelOptions external_protection_level_options = 17; +} + +// The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via +// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. +message PublicKey { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/PublicKey" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey" + }; + + // The public key, encoded in PEM format. For more information, see the + // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for + // [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and + // [Textual Encoding of Subject Public Key Info] + // (https://tools.ietf.org/html/rfc7468#section-13). + string pem = 1; + + // The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated + // with this key. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed + // by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and + // comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. + // Note: This field is defined as int64 for reasons of compatibility across + // different languages. However, it is a non-negative integer, which will + // never exceed 2^32-1, and can be safely downconverted to uint32 in languages + // that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value pem_crc32c = 3; + + // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. + // Provided here for verification. + // + // NOTE: This field is in Beta. + string name = 4; +} + +// An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and +// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, +// generated outside of Cloud KMS. +// +// When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", +// which is a public/private key pair. You use the wrapping key to encrypt (also +// known as wrap) the pre-existing key material to protect it during the import +// process. The nature of the wrapping key depends on the choice of +// [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation +// is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to +// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] +// can be fetched. The fetched public key can then be used to wrap your +// pre-existing key material. +// +// Once the key material is wrapped, it can be imported into a new +// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling +// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. +// Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single +// [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to +// unwrap the key material. Only Cloud KMS has access to the private key. +// +// An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS +// will no longer be able to import or unwrap any key material that was wrapped +// with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key. +// +// For more information, see +// [Importing a key](https://cloud.google.com/kms/docs/importing-a-key). +message ImportJob { + option (google.api.resource) = { + type: "cloudkms.googleapis.com/ImportJob" + pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}" + }; + + // The public key component of the wrapping key. For details of the type of + // key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod]. + message WrappingPublicKey { + // The public key, encoded in PEM format. For more information, see the [RFC + // 7468](https://tools.ietf.org/html/rfc7468) sections for [General + // Considerations](https://tools.ietf.org/html/rfc7468#section-2) and + // [Textual Encoding of Subject Public Key Info] + // (https://tools.ietf.org/html/rfc7468#section-13). + string pem = 1; + } + + // [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this + // [ImportJob][google.cloud.kms.v1.ImportJob]. + enum ImportMethod { + // Not specified. + IMPORT_METHOD_UNSPECIFIED = 0; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 3072 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_3072_SHA1_AES_256 = 1; + + // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping + // scheme defined in the PKCS #11 standard. In summary, this involves + // wrapping the raw key with an ephemeral AES key, and wrapping the + // ephemeral AES key with a 4096 bit RSA key. For more details, see + // [RSA AES key wrap + // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). + RSA_OAEP_4096_SHA1_AES_256 = 2; + } + + // The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used. + enum ImportJobState { + // Not specified. + IMPORT_JOB_STATE_UNSPECIFIED = 0; + + // The wrapping key for this job is still being generated. It may not be + // used. Cloud KMS will automatically mark this job as + // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated. + PENDING_GENERATION = 1; + + // This job may be used in + // [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // requests. + ACTIVE = 2; + + // This job can no longer be used and may not leave this state once entered. + EXPIRED = 3; + } + + // Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format + // `projects/*/locations/*/keyRings/*/importJobs/*`. + string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Required. Immutable. The wrapping method to be used for incoming key material. + ImportMethod import_method = 2 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; + + // Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the + // [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you + // attempt to import into. + ProtectionLevel protection_level = 9 [ + (google.api.field_behavior) = REQUIRED, + (google.api.field_behavior) = IMMUTABLE + ]; + + // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created. + google.protobuf.Timestamp create_time = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated. + google.protobuf.Timestamp generate_time = 4 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for + // expiration and can no longer be used to import key material. + google.protobuf.Timestamp expire_time = 5 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if + // [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. + google.protobuf.Timestamp expire_event_time = 10 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can + // be used. + ImportJobState state = 6 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. The public key with which to wrap key material prior to + // import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is + // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. + WrappingPublicKey public_key = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; + + // Output only. Statement that was generated and signed by the key creator + // (for example, an HSM) at key creation time. Use this statement to verify + // attributes of the key as stored on the HSM, independently of Google. + // Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection + // level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. + KeyOperationAttestation attestation = 8 [(google.api.field_behavior) = OUTPUT_ONLY]; +} + +// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. +// For more information, see [Protection levels] +// (https://cloud.google.com/kms/docs/algorithms#protection_levels). +enum ProtectionLevel { + // Not specified. + PROTECTION_LEVEL_UNSPECIFIED = 0; + + // Crypto operations are performed in software. + SOFTWARE = 1; + + // Crypto operations are performed in a Hardware Security Module. + HSM = 2; + + // Crypto operations are performed by an external key manager. + EXTERNAL = 3; +} + +// ExternalProtectionLevelOptions stores a group of additional fields for +// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the +// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. +message ExternalProtectionLevelOptions { + // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents. + string external_key_uri = 1; +} diff --git a/test/integration/apis/kms/v1/service.proto b/test/integration/apis/kms/v1/service.proto new file mode 100644 index 0000000000..b5884df1eb --- /dev/null +++ b/test/integration/apis/kms/v1/service.proto @@ -0,0 +1,1321 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.cloud.kms.v1; + +import "google/api/annotations.proto"; +import "google/iam/v1/iam_policy.proto"; +import "google/iam/v1/policy.proto"; +import "google/api/client.proto"; +import "google/api/field_behavior.proto"; +import "google/api/resource.proto"; +import "google/protobuf/field_mask.proto"; +import "google/protobuf/wrappers.proto"; +import "test/integration/apis/kms/v1/resources.proto"; + +option cc_enable_arenas = true; +option csharp_namespace = "Google.Cloud.Kms.V1"; +option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms"; +option java_multiple_files = true; +option java_outer_classname = "KmsProto"; +option java_package = "com.google.cloud.kms.v1"; +option php_namespace = "Google\\Cloud\\Kms\\V1"; + +// Google Cloud Key Management Service +// +// Manages cryptographic keys and operations using those keys. Implements a REST +// model with the following objects: +// +// * [KeyRing][google.cloud.kms.v1.KeyRing] +// * [CryptoKey][google.cloud.kms.v1.CryptoKey] +// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] +// * [ImportJob][google.cloud.kms.v1.ImportJob] +// +// If you are using manual gRPC libraries, see +// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). +service KeyManagementService { + option (google.api.default_host) = "cloudkms.googleapis.com"; + option (google.api.oauth_scopes) = + "https://www.googleapis.com/auth/cloud-platform," + "https://www.googleapis.com/auth/cloudkms"; + + // Lists [KeyRings][google.cloud.kms.v1.KeyRing]. + rpc ListKeyRings(ListKeyRingsRequest) returns (ListKeyRingsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*}/keyRings" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + rpc ListCryptoKeys(ListCryptoKeysRequest) returns (ListCryptoKeysResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest) + returns (ListCryptoKeyVersionsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + }; + option (google.api.method_signature) = "parent"; + } + + // Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. + rpc ListImportJobs(ListImportJobsRequest) returns (ListImportJobsResponse) { + option (google.api.http) = { + get: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + }; + option (google.api.method_signature) = "parent"; + } + + // Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. + rpc GetKeyRing(GetKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as + // well as its [primary][google.cloud.kms.v1.CryptoKey.primary] + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Returns the public key for the given + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] + // or + // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. + rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKey) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" + }; + option (google.api.method_signature) = "name"; + } + + // Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. + rpc GetImportJob(GetImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + get: "/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" + }; + option (google.api.method_signature) = "name"; + } + + // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and + // Location. + rpc CreateKeyRing(CreateKeyRingRequest) returns (KeyRing) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*}/keyRings" + body: "key_ring" + }; + option (google.api.method_signature) = "parent,key_ring_id,key_ring"; + } + + // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. + // + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and + // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] + // are required. + rpc CreateCryptoKey(CreateCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + body: "crypto_key" + }; + option (google.api.method_signature) = "parent,crypto_key_id,crypto_key"; + } + + // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. + // + // The server will assign the next sequential id. If unset, + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. + rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + body: "crypto_key_version" + }; + option (google.api.method_signature) = "parent,crypto_key_version"; + } + + // Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into + // an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the wrapped + // key material provided in the request. + // + // The version ID will be assigned the next sequential id within the + // [CryptoKey][google.cloud.kms.v1.CryptoKey]. + rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import" + body: "*" + }; + } + + // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a + // [KeyRing][google.cloud.kms.v1.KeyRing]. + // + // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is + // required. + rpc CreateImportJob(CreateImportJobRequest) returns (ImportJob) { + option (google.api.http) = { + post: "/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + body: "import_job" + }; + option (google.api.method_signature) = "parent,import_job_id,import_job"; + } + + // Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. + rpc UpdateCryptoKey(UpdateCryptoKeyRequest) returns (CryptoKey) { + option (google.api.http) = { + patch: "/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + body: "crypto_key" + }; + option (google.api.method_signature) = "crypto_key,update_mask"; + } + + // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s + // metadata. + // + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between + // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] + // and + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] + // using this method. See + // [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] + // and + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // to move between other states. + rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + patch: "/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + body: "crypto_key_version" + }; + option (google.api.method_signature) = "crypto_key_version,update_mask"; + } + + // Encrypts data, so that it can only be recovered by a call to + // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + rpc Encrypt(EncryptRequest) returns (EncryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt" + body: "*" + }; + option (google.api.method_signature) = "name,plaintext"; + } + + // Decrypts data that was protected by + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The + // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be + // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. + rpc Decrypt(DecryptRequest) returns (DecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" + body: "*" + }; + option (google.api.method_signature) = "name,ciphertext"; + } + + // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // ASYMMETRIC_SIGN, producing a signature that can be verified with the public + // key retrieved from + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + rpc AsymmetricSign(AsymmetricSignRequest) returns (AsymmetricSignResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign" + body: "*" + }; + option (google.api.method_signature) = "name,digest"; + } + + // Decrypts data that was encrypted with a public key retrieved from + // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] + // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] + // ASYMMETRIC_DECRYPT. + rpc AsymmetricDecrypt(AsymmetricDecryptRequest) + returns (AsymmetricDecryptResponse) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt" + body: "*" + }; + option (google.api.method_signature) = "name,ciphertext"; + } + + // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that + // will be used in + // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. + // + // Returns an error if called on an asymmetric key. + rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) + returns (CryptoKey) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" + body: "*" + }; + option (google.api.method_signature) = "name,crypto_key_version_id"; + } + + // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for + // destruction. + // + // Upon calling this method, + // [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will + // be set to + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be set to a time 24 hours in the future, at which point the + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to + // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], + // and the key material will be irrevocably destroyed. + // + // Before the + // [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is + // reached, + // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] + // may be called to reverse the process. + rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the + // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] + // state. + // + // Upon restoration of the CryptoKeyVersion, + // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to + // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], + // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will + // be cleared. + rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest) + returns (CryptoKeyVersion) { + option (google.api.http) = { + post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" + body: "*" + }; + option (google.api.method_signature) = "name"; + } + + // Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. + // Returns an empty policy if the resource exists and does not have a policy + // set. + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) + returns (google.iam.v1.Policy) { + option (google.api.http) = { + post: "/v1/{resource=**}:getIamPolicy" + body: "*" + }; + } +} + +// Request message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +message ListKeyRingsRequest { + // Required. The resource name of the location associated with the + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Optional. Optional limit on the number of + // [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further + // [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by + // including the + // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +message ListCryptoKeysRequest { + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Optional. Optional limit on the number of + // [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response. + // Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be + // obtained by including the + // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // The fields of the primary version to include in the response. + CryptoKeyVersion.CryptoKeyVersionView version_view = 4; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +message ListCryptoKeyVersionsRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Optional. Optional limit on the number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the + // response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] + // can subsequently be obtained by including the + // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // The fields to include in the response. + CryptoKeyVersion.CryptoKeyVersionView view = 4; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 5 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 6 [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +message ListImportJobsRequest { + // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] + // to list, in the format `projects/*/locations/*/keyRings/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Optional. Optional limit on the number of + // [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response. + // Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be + // obtained by including the + // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] + // in a subsequent request. If unspecified, the server will pick an + // appropriate default. + int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Optional pagination token, returned earlier via + // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]. + string page_token = 3 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Only include resources that match the filter in the response. For + // more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string filter = 4 [(google.api.field_behavior) = OPTIONAL]; + + // Optional. Specify how the results should be sorted. If not specified, the + // results will be sorted in the default order. For more information, see + // [Sorting and filtering list + // results](https://cloud.google.com/kms/docs/sorting-and-filtering). + string order_by = 5 [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for +// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings]. +message ListKeyRingsResponse { + // The list of [KeyRings][google.cloud.kms.v1.KeyRing]. + repeated KeyRing key_rings = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched + // the query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. +message ListCryptoKeysResponse { + // The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + repeated CryptoKey crypto_keys = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that + // matched the query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions]. +message ListCryptoKeyVersionsResponse { + // The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + repeated CryptoKeyVersion crypto_key_versions = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the + // query. + int32 total_size = 3; +} + +// Response message for +// [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs]. +message ListImportJobsResponse { + // The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. + repeated ImportJob import_jobs = 1; + + // A token to retrieve next page of results. Pass this value in + // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] + // to retrieve the next page of results. + string next_page_token = 2; + + // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that + // matched the query. + int32 total_size = 3; +} + +// Request message for +// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing]. +message GetKeyRingRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; +} + +// Request message for +// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey]. +message GetCryptoKeyRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; +} + +// Request message for +// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion]. +message GetCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. +message GetPublicKeyRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob]. +message GetImportJobRequest { + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] to get. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/ImportJob" + } + ]; +} + +// Request message for +// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing]. +message CreateKeyRingRequest { + // Required. The resource name of the location associated with the + // [KeyRings][google.cloud.kms.v1.KeyRing], in the format + // `projects/*/locations/*`. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "locations.googleapis.com/Location" + } + ]; + + // Required. It must be unique within a location and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string key_ring_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field + // values. + KeyRing key_ring = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]. +message CreateCryptoKeyRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing + // associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Required. It must be unique within a KeyRing and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string crypto_key_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field + // values. + CryptoKey crypto_key = 3 [(google.api.field_behavior) = REQUIRED]; + + // If set to true, the request will create a + // [CryptoKey][google.cloud.kms.v1.CryptoKey] without any + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must + // manually call + // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] + // or + // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] + // before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey]. + bool skip_initial_version_creation = 5; +} + +// Request message for +// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]. +message CreateCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the + // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // initial field values. + CryptoKeyVersion crypto_key_version = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. +message ImportCryptoKeyVersionRequest { + // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The + // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] + // of the key being imported. This does not need to match the + // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into. + CryptoKeyVersion.CryptoKeyVersionAlgorithm algorithm = 2 + [(google.api.field_behavior) = REQUIRED]; + + // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the + // [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key + // material. + string import_job = 4 [(google.api.field_behavior) = REQUIRED]; + + // Required. The incoming wrapped key material that is to be imported. + oneof wrapped_key_material { + // Wrapped key material produced with + // [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] + // or + // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]. + // + // This field contains the concatenation of two wrapped keys: + //
    + //
  1. An ephemeral AES-256 wrapping key wrapped with the + // [public_key][google.cloud.kms.v1.ImportJob.public_key] using + // RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. + //
    2. + //
  2. The key to be imported, wrapped with the ephemeral AES-256 key + // using AES-KWP (RFC 5649). + //
    3. + //
+ // + // If importing symmetric key material, it is expected that the unwrapped + // key contains plain bytes. If importing asymmetric key material, it is + // expected that the unwrapped key is in PKCS#8-encoded DER format (the + // PrivateKeyInfo structure from RFC 5208). + // + // This format is the same as the format produced by PKCS#11 mechanism + // CKM_RSA_AES_KEY_WRAP. + bytes rsa_aes_wrapped_key = 5; + } +} + +// Request message for +// [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob]. +message CreateImportJobRequest { + // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the + // [KeyRing][google.cloud.kms.v1.KeyRing] associated with the + // [ImportJobs][google.cloud.kms.v1.ImportJob]. + string parent = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/KeyRing" + } + ]; + + // Required. It must be unique within a KeyRing and match the regular + // expression `[a-zA-Z0-9_-]{1,63}` + string import_job_id = 2 [(google.api.field_behavior) = REQUIRED]; + + // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field + // values. + ImportJob import_job = 3 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey]. +message UpdateCryptoKeyRequest { + // Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values. + CryptoKey crypto_key = 1 [(google.api.field_behavior) = REQUIRED]; + + // Required. List of fields to be updated in this request. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion]. +message UpdateCryptoKeyVersionRequest { + // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with + // updated values. + CryptoKeyVersion crypto_key_version = 1 + [(google.api.field_behavior) = REQUIRED]; + + // Required. List of fields to be updated in this request. + google.protobuf.FieldMask update_mask = 2 + [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +message EncryptRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] or + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // encryption. + // + // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server + // will use its [primary version][google.cloud.kms.v1.CryptoKey.primary]. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { type: "*" } + ]; + + // Required. The data to encrypt. Must be no larger than 64KiB. + // + // The maximum size depends on the key version's + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the + // plaintext must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. + bytes plaintext = 2 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Optional data that, if specified, must also be provided during + // decryption through + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // + // The maximum size depends on the key version's + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + // For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD + // must be no larger than 64KiB. For + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of + // the plaintext and additional_authenticated_data fields must be no larger + // than 8KiB. + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) + // is equal to + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 7 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) + // is equal to + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 8 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +message DecryptRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The + // server will choose the appropriate version. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The encrypted data originally returned in + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + bytes ciphertext = 2 [(google.api.field_behavior) = REQUIRED]; + + // Optional. Optional data that must match the data originally supplied in + // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. + bytes additional_authenticated_data = 3 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) + // is equal to + // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 5 + [(google.api.field_behavior) = OPTIONAL]; + + // Optional. An optional CRC32C checksum of the + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) + // is equal to + // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value additional_authenticated_data_crc32c = 6 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +message AsymmetricSignRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // signing. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; + + // Required. The digest of the data to sign. The digest must be produced with + // the same digest algorithm as specified by the key version's + // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. + Digest digest = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) + // is equal to + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value digest_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Request message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +message AsymmetricDecryptRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for + // decryption. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; + + // Required. The data encrypted with the named + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using + // OAEP. + bytes ciphertext = 3 [(google.api.field_behavior) = REQUIRED]; + + // Optional. An optional CRC32C checksum of the + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. + // If specified, + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // verify the integrity of the received + // [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] + // using this checksum. + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will + // report an error if the checksum verification fails. If you receive a + // checksum error, your client should verify that + // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) + // is equal to + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], + // and if so, perform a limited number of retries. A persistent mismatch may + // indicate an issue in your computation of the CRC32C checksum. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4 + [(google.api.field_behavior) = OPTIONAL]; +} + +// Response message for +// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. +message DecryptResponse { + // The decrypted data originally supplied in + // [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. + bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. + // An integrity check of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: receiving this response message indicates that + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to + // successfully decrypt the + // [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This + // field is defined as int64 for reasons of compatibility across different + // languages. However, it is a non-negative integer, which will never exceed + // 2^32-1, and can be safely downconverted to uint32 in languages that support + // this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; +} + +// Response message for +// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. +message EncryptResponse { + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in + // encryption. Check this field to verify that the intended resource was used + // for encryption. + string name = 1; + + // The encrypted data. + bytes ciphertext = 2; + + // Integrity verification field. A CRC32C checksum of the returned + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. + // An integrity check of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // can be performed by computing the CRC32C checksum of + // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value ciphertext_crc32c = 4; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of + // this field indicates either that + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_plaintext_crc32c = 5; + + // Integrity verification field. A flag indicating whether + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A + // false value of this field indicates either that + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_additional_authenticated_data_crc32c = 6; +} + +// Response message for +// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. +message AsymmetricSignResponse { + // The created signature. + bytes signature = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. + // An integrity check of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // can be performed by computing the CRC32C checksum of + // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value signature_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value + // of this field indicates either that + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_digest_crc32c = 3; + + // The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. + // Check this field to verify that the intended resource was used for signing. + // + // NOTE: This field is in Beta. + string name = 4; +} + +// Response message for +// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]. +message AsymmetricDecryptResponse { + // The decrypted data originally encrypted with the matching public key. + bytes plaintext = 1; + + // Integrity verification field. A CRC32C checksum of the returned + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. + // An integrity check of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // can be performed by computing the CRC32C checksum of + // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] + // and comparing your results to this field. Discard the response in case of + // non-matching checksum values, and perform a limited number of retries. A + // persistent mismatch may indicate an issue in your computation of the CRC32C + // checksum. Note: This field is defined as int64 for reasons of compatibility + // across different languages. However, it is a non-negative integer, which + // will never exceed 2^32-1, and can be safely downconverted to uint32 in + // languages that support this type. + // + // NOTE: This field is in Beta. + google.protobuf.Int64Value plaintext_crc32c = 2; + + // Integrity verification field. A flag indicating whether + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was received by + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used + // for the integrity verification of the + // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A + // false value of this field indicates either that + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // was left unset or that it was not delivered to + // [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've + // set + // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] + // but this field is still false, discard the response and perform a limited + // number of retries. + // + // NOTE: This field is in Beta. + bool verified_ciphertext_crc32c = 3; +} + +// Request message for +// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. +message UpdateCryptoKeyPrimaryVersionRequest { + // Required. The resource name of the + // [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKey" + } + ]; + + // Required. The id of the child + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. + string crypto_key_version_id = 2 [(google.api.field_behavior) = REQUIRED]; +} + +// Request message for +// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]. +message DestroyCryptoKeyVersionRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// Request message for +// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]. +message RestoreCryptoKeyVersionRequest { + // Required. The resource name of the + // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. + string name = 1 [ + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudkms.googleapis.com/CryptoKeyVersion" + } + ]; +} + +// A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest. +message Digest { + // Required. The message digest. + oneof digest { + // A message digest produced with the SHA-256 algorithm. + bytes sha256 = 1; + + // A message digest produced with the SHA-384 algorithm. + bytes sha384 = 2; + + // A message digest produced with the SHA-512 algorithm. + bytes sha512 = 3; + } +} + +// Cloud KMS metadata for the given +// [google.cloud.location.Location][google.cloud.location.Location]. +message LocationMetadata { + // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this + // location. + bool hsm_available = 1; + + // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with + // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] + // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in + // this location. + bool ekm_available = 2; +} diff --git a/test/integration/goldens/iam/BUILD.bazel b/test/integration/goldens/iam/BUILD.bazel new file mode 100644 index 0000000000..667772f01b --- /dev/null +++ b/test/integration/goldens/iam/BUILD.bazel @@ -0,0 +1,9 @@ +package(default_visibility = ["//visibility:public"]) + +filegroup( + name = "goldens_files", + srcs = glob([ + "*.java", + "gapic_metadata.json", + ]), +) diff --git a/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java b/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java new file mode 100644 index 0000000000..5b96cd1ec8 --- /dev/null +++ b/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java @@ -0,0 +1,113 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.grpc.GrpcCallSettings; +import com.google.api.gax.grpc.GrpcCallableFactory; +import com.google.api.gax.grpc.GrpcStubCallableFactory; +import com.google.api.gax.rpc.BatchingCallSettings; +import com.google.api.gax.rpc.BidiStreamingCallable; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.ClientStreamingCallable; +import com.google.api.gax.rpc.OperationCallSettings; +import com.google.api.gax.rpc.OperationCallable; +import com.google.api.gax.rpc.PagedCallSettings; +import com.google.api.gax.rpc.ServerStreamingCallSettings; +import com.google.api.gax.rpc.ServerStreamingCallable; +import com.google.api.gax.rpc.StreamingCallSettings; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.longrunning.Operation; +import com.google.longrunning.stub.OperationsStub; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * gRPC callable factory implementation for the IAMPolicy service API. + * + *

This class is for advanced usage. + */ +@Generated("by gapic-generator-java") +public class GrpcIAMPolicyCallableFactory implements GrpcStubCallableFactory { + + @Override + public UnaryCallable createUnaryCallable( + GrpcCallSettings grpcCallSettings, + UnaryCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext); + } + + @Override + public + UnaryCallable createPagedCallable( + GrpcCallSettings grpcCallSettings, + PagedCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext); + } + + @Override + public UnaryCallable createBatchingCallable( + GrpcCallSettings grpcCallSettings, + BatchingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createBatchingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + OperationCallable createOperationCallable( + GrpcCallSettings grpcCallSettings, + OperationCallSettings callSettings, + ClientContext clientContext, + OperationsStub operationsStub) { + return GrpcCallableFactory.createOperationCallable( + grpcCallSettings, callSettings, clientContext, operationsStub); + } + + @Override + public + BidiStreamingCallable createBidiStreamingCallable( + GrpcCallSettings grpcCallSettings, + StreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createBidiStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + ServerStreamingCallable createServerStreamingCallable( + GrpcCallSettings grpcCallSettings, + ServerStreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createServerStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + ClientStreamingCallable createClientStreamingCallable( + GrpcCallSettings grpcCallSettings, + StreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createClientStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } +} diff --git a/test/integration/goldens/iam/GrpcIAMPolicyStub.java b/test/integration/goldens/iam/GrpcIAMPolicyStub.java new file mode 100644 index 0000000000..b12e0f6863 --- /dev/null +++ b/test/integration/goldens/iam/GrpcIAMPolicyStub.java @@ -0,0 +1,227 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.core.BackgroundResourceAggregation; +import com.google.api.gax.grpc.GrpcCallSettings; +import com.google.api.gax.grpc.GrpcStubCallableFactory; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.RequestParamsExtractor; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.common.collect.ImmutableMap; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import com.google.longrunning.stub.GrpcOperationsStub; +import io.grpc.MethodDescriptor; +import io.grpc.protobuf.ProtoUtils; +import java.io.IOException; +import java.util.Map; +import java.util.concurrent.TimeUnit; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * gRPC stub implementation for the IAMPolicy service API. + * + *

This class is for advanced usage and reflects the underlying API directly. + */ +@Generated("by gapic-generator-java") +public class GrpcIAMPolicyStub extends IAMPolicyStub { + private static final MethodDescriptor setIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) + .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) + .build(); + + private static final MethodDescriptor getIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/GetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) + .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) + .build(); + + private static final MethodDescriptor + testIamPermissionsMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/TestIamPermissions") + .setRequestMarshaller( + ProtoUtils.marshaller(TestIamPermissionsRequest.getDefaultInstance())) + .setResponseMarshaller( + ProtoUtils.marshaller(TestIamPermissionsResponse.getDefaultInstance())) + .build(); + + private final UnaryCallable setIamPolicyCallable; + private final UnaryCallable getIamPolicyCallable; + private final UnaryCallable + testIamPermissionsCallable; + + private final BackgroundResource backgroundResources; + private final GrpcOperationsStub operationsStub; + private final GrpcStubCallableFactory callableFactory; + + public static final GrpcIAMPolicyStub create(IAMPolicyStubSettings settings) throws IOException { + return new GrpcIAMPolicyStub(settings, ClientContext.create(settings)); + } + + public static final GrpcIAMPolicyStub create(ClientContext clientContext) throws IOException { + return new GrpcIAMPolicyStub(IAMPolicyStubSettings.newBuilder().build(), clientContext); + } + + public static final GrpcIAMPolicyStub create( + ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException { + return new GrpcIAMPolicyStub( + IAMPolicyStubSettings.newBuilder().build(), clientContext, callableFactory); + } + + /** + * Constructs an instance of GrpcIAMPolicyStub, using the given settings. This is protected so + * that it is easy to make a subclass, but otherwise, the static factory methods should be + * preferred. + */ + protected GrpcIAMPolicyStub(IAMPolicyStubSettings settings, ClientContext clientContext) + throws IOException { + this(settings, clientContext, new GrpcIAMPolicyCallableFactory()); + } + + /** + * Constructs an instance of GrpcIAMPolicyStub, using the given settings. This is protected so + * that it is easy to make a subclass, but otherwise, the static factory methods should be + * preferred. + */ + protected GrpcIAMPolicyStub( + IAMPolicyStubSettings settings, + ClientContext clientContext, + GrpcStubCallableFactory callableFactory) + throws IOException { + this.callableFactory = callableFactory; + this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory); + + GrpcCallSettings setIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(setIamPolicyMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(SetIamPolicyRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + GrpcCallSettings getIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(getIamPolicyMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(GetIamPolicyRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + GrpcCallSettings + testIamPermissionsTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(testIamPermissionsMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(TestIamPermissionsRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + + this.setIamPolicyCallable = + callableFactory.createUnaryCallable( + setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); + this.getIamPolicyCallable = + callableFactory.createUnaryCallable( + getIamPolicyTransportSettings, settings.getIamPolicySettings(), clientContext); + this.testIamPermissionsCallable = + callableFactory.createUnaryCallable( + testIamPermissionsTransportSettings, + settings.testIamPermissionsSettings(), + clientContext); + + this.backgroundResources = + new BackgroundResourceAggregation(clientContext.getBackgroundResources()); + } + + public GrpcOperationsStub getOperationsStub() { + return operationsStub; + } + + @Override + public UnaryCallable setIamPolicyCallable() { + return setIamPolicyCallable; + } + + @Override + public UnaryCallable getIamPolicyCallable() { + return getIamPolicyCallable; + } + + @Override + public UnaryCallable + testIamPermissionsCallable() { + return testIamPermissionsCallable; + } + + @Override + public final void close() { + shutdown(); + } + + @Override + public void shutdown() { + backgroundResources.shutdown(); + } + + @Override + public boolean isShutdown() { + return backgroundResources.isShutdown(); + } + + @Override + public boolean isTerminated() { + return backgroundResources.isTerminated(); + } + + @Override + public void shutdownNow() { + backgroundResources.shutdownNow(); + } + + @Override + public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException { + return backgroundResources.awaitTermination(duration, unit); + } +} diff --git a/test/integration/goldens/iam/IAMPolicyClient.java b/test/integration/goldens/iam/IAMPolicyClient.java new file mode 100644 index 0000000000..d7ec4a68e7 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyClient.java @@ -0,0 +1,348 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.iam.v1.stub.IAMPolicyStub; +import com.google.iam.v1.stub.IAMPolicyStubSettings; +import java.io.IOException; +import java.util.concurrent.TimeUnit; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Service Description: ## API Overview + * + *

Manages Identity and Access Management (IAM) policies. + * + *

Any implementation of an API that offers access control features implements the + * google.iam.v1.IAMPolicy interface. + * + *

## Data model + * + *

Access control is applied when a principal (user or service account), takes some action on a + * resource exposed by a service. Resources, identified by URI-like names, are the unit of access + * control specification. Service implementations can choose the granularity of access control and + * the supported permissions for their resources. For example one database service may allow access + * control to be specified only at the Table level, whereas another might allow access control to + * also be specified at the Column level. + * + *

## Policy Structure + * + *

See google.iam.v1.Policy + * + *

This is intentionally not a CRUD style API because access control policies are created and + * deleted implicitly with the resources to which they are attached. + * + *

This class provides the ability to make remote calls to the backing service through method + * calls that map to API methods. Sample code to get started: + * + * 

{@code
+ * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+ *   SetIamPolicyRequest request =
+ *       SetIamPolicyRequest.newBuilder()
+ *           .setResource("SetIamPolicyRequest1223629066".toString())
+ *           .setPolicy(Policy.newBuilder().build())
+ *           .build();
+ *   Policy response = iAMPolicyClient.setIamPolicy(request);
+ * }
+ * }
+ * + *

Note: close() needs to be called on the IAMPolicyClient object to clean up resources such as + * threads. In the example above, try-with-resources is used, which automatically calls close(). + * + *

The surface of this class includes several types of Java methods for each of the API's + * methods: + * + *

    + *
  1. A "flattened" method. With this type of method, the fields of the request type have been + * converted into function parameters. It may be the case that not all fields are available as + * parameters, and not every API method will have a flattened method entry point. + *
  2. A "request object" method. This type of method only takes one parameter, a request object, + * which must be constructed before the call. Not every API method will have a request object + * method. + *
  3. A "callable" method. This type of method takes no parameters and returns an immutable API + * callable object, which can be used to initiate calls to the service. + *
+ * + *

See the individual methods for example code. + * + *

Many parameters require resource names to be formatted in a particular way. To assist with + * these names, this class includes a format method for each type of name, and additionally a parse + * method to extract the individual identifiers contained within names that are returned. + * + *

This class can be customized by passing in a custom instance of IAMPolicySettings to create(). + * For example: + * + *

To customize credentials: + * + * 

{@code
+ * IAMPolicySettings iAMPolicySettings =
+ *     IAMPolicySettings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create(iAMPolicySettings);
+ * }
+ * + *

To customize the endpoint: + * + * 

{@code
+ * IAMPolicySettings iAMPolicySettings =
+ *     IAMPolicySettings.newBuilder().setEndpoint(myEndpoint).build();
+ * IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create(iAMPolicySettings);
+ * }
+ * + *

Please refer to the GitHub repository's samples for more quickstart code snippets. + */ +@Generated("by gapic-generator-java") +public class IAMPolicyClient implements BackgroundResource { + private final IAMPolicySettings settings; + private final IAMPolicyStub stub; + + /** Constructs an instance of IAMPolicyClient with default settings. */ + public static final IAMPolicyClient create() throws IOException { + return create(IAMPolicySettings.newBuilder().build()); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given settings. The channels are created + * based on the settings passed in, or defaults for any settings that are not set. + */ + public static final IAMPolicyClient create(IAMPolicySettings settings) throws IOException { + return new IAMPolicyClient(settings); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given stub for making calls. This is for + * advanced usage - prefer using create(IAMPolicySettings). + */ + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public static final IAMPolicyClient create(IAMPolicyStub stub) { + return new IAMPolicyClient(stub); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given settings. This is protected so that + * it is easy to make a subclass, but otherwise, the static factory methods should be preferred. + */ + protected IAMPolicyClient(IAMPolicySettings settings) throws IOException { + this.settings = settings; + this.stub = ((IAMPolicyStubSettings) settings.getStubSettings()).createStub(); + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + protected IAMPolicyClient(IAMPolicyStub stub) { + this.settings = null; + this.stub = stub; + } + + public final IAMPolicySettings getSettings() { + return settings; + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public IAMPolicyStub getStub() { + return stub; + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Sets the access control policy on the specified resource. Replaces any existing policy. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
+   *           .setResource("SetIamPolicyRequest1223629066".toString())
+   *           .setPolicy(Policy.newBuilder().build())
+   *           .build();
+   *   Policy response = iAMPolicyClient.setIamPolicy(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final Policy setIamPolicy(SetIamPolicyRequest request) { + return setIamPolicyCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Sets the access control policy on the specified resource. Replaces any existing policy. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
+   *           .setResource("SetIamPolicyRequest1223629066".toString())
+   *           .setPolicy(Policy.newBuilder().build())
+   *           .build();
+   *   ApiFuture future = iAMPolicyClient.setIamPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Policy response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable setIamPolicyCallable() { + return stub.setIamPolicyCallable(); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Gets the access control policy for a resource. Returns an empty policy if the resource exists + * and does not have a policy set. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
+   *           .setResource("GetIamPolicyRequest-1527610370".toString())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .build();
+   *   Policy response = iAMPolicyClient.getIamPolicy(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final Policy getIamPolicy(GetIamPolicyRequest request) { + return getIamPolicyCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Gets the access control policy for a resource. Returns an empty policy if the resource exists + * and does not have a policy set. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
+   *           .setResource("GetIamPolicyRequest-1527610370".toString())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .build();
+   *   ApiFuture future = iAMPolicyClient.getIamPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Policy response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable getIamPolicyCallable() { + return stub.getIamPolicyCallable(); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Returns permissions that a caller has on the specified resource. If the resource does not + * exist, this will return an empty set of permissions, not a NOT_FOUND error. + * + *

Note: This operation is designed to be used for building permission-aware UIs and + * command-line tools, not for authorization checking. This operation may "fail open" without + * warning. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   TestIamPermissionsRequest request =
+   *       TestIamPermissionsRequest.newBuilder()
+   *           .setResource("TestIamPermissionsRequest942398222".toString())
+   *           .addAllPermissions(new ArrayList())
+   *           .build();
+   *   TestIamPermissionsResponse response = iAMPolicyClient.testIamPermissions(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final TestIamPermissionsResponse testIamPermissions(TestIamPermissionsRequest request) { + return testIamPermissionsCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Returns permissions that a caller has on the specified resource. If the resource does not + * exist, this will return an empty set of permissions, not a NOT_FOUND error. + * + *

Note: This operation is designed to be used for building permission-aware UIs and + * command-line tools, not for authorization checking. This operation may "fail open" without + * warning. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   TestIamPermissionsRequest request =
+   *       TestIamPermissionsRequest.newBuilder()
+   *           .setResource("TestIamPermissionsRequest942398222".toString())
+   *           .addAllPermissions(new ArrayList())
+   *           .build();
+   *   ApiFuture future =
+   *       iAMPolicyClient.testIamPermissionsCallable().futureCall(request);
+   *   // Do something.
+   *   TestIamPermissionsResponse response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable + testIamPermissionsCallable() { + return stub.testIamPermissionsCallable(); + } + + @Override + public final void close() { + stub.close(); + } + + @Override + public void shutdown() { + stub.shutdown(); + } + + @Override + public boolean isShutdown() { + return stub.isShutdown(); + } + + @Override + public boolean isTerminated() { + return stub.isTerminated(); + } + + @Override + public void shutdownNow() { + stub.shutdownNow(); + } + + @Override + public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException { + return stub.awaitTermination(duration, unit); + } +} diff --git a/test/integration/goldens/iam/IAMPolicyClientTest.java b/test/integration/goldens/iam/IAMPolicyClientTest.java new file mode 100644 index 0000000000..cd911b0459 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyClientTest.java @@ -0,0 +1,222 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.gax.core.NoCredentialsProvider; +import com.google.api.gax.grpc.GaxGrpcProperties; +import com.google.api.gax.grpc.testing.LocalChannelProvider; +import com.google.api.gax.grpc.testing.MockGrpcService; +import com.google.api.gax.grpc.testing.MockServiceHelper; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.InvalidArgumentException; +import com.google.protobuf.AbstractMessage; +import com.google.protobuf.ByteString; +import io.grpc.StatusRuntimeException; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.UUID; +import javax.annotation.Generated; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +@Generated("by gapic-generator-java") +public class IAMPolicyClientTest { + private static MockServiceHelper mockServiceHelper; + private IAMPolicyClient client; + private static MockIAMPolicy mockIAMPolicy; + private LocalChannelProvider channelProvider; + + @BeforeClass + public static void startStaticServer() { + mockIAMPolicy = new MockIAMPolicy(); + mockServiceHelper = + new MockServiceHelper( + UUID.randomUUID().toString(), Arrays.asList(mockIAMPolicy)); + mockServiceHelper.start(); + } + + @AfterClass + public static void stopServer() { + mockServiceHelper.stop(); + } + + @Before + public void setUp() throws IOException { + mockServiceHelper.reset(); + channelProvider = mockServiceHelper.createChannelProvider(); + IAMPolicySettings settings = + IAMPolicySettings.newBuilder() + .setTransportChannelProvider(channelProvider) + .setCredentialsProvider(NoCredentialsProvider.create()) + .build(); + client = IAMPolicyClient.create(settings); + } + + @After + public void tearDown() throws Exception { + client.close(); + } + + @Test + public void setIamPolicyTest() throws Exception { + Policy expectedResponse = + Policy.newBuilder() + .setVersion(351608024) + .addAllBindings(new ArrayList()) + .setEtag(ByteString.EMPTY) + .build(); + mockIAMPolicy.addResponse(expectedResponse); + + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() + .setResource("SetIamPolicyRequest1223629066".toString()) + .setPolicy(Policy.newBuilder().build()) + .build(); + + Policy actualResponse = client.setIamPolicy(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void setIamPolicyExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() + .setResource("SetIamPolicyRequest1223629066".toString()) + .setPolicy(Policy.newBuilder().build()) + .build(); + client.setIamPolicy(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } + + @Test + public void getIamPolicyTest() throws Exception { + Policy expectedResponse = + Policy.newBuilder() + .setVersion(351608024) + .addAllBindings(new ArrayList()) + .setEtag(ByteString.EMPTY) + .build(); + mockIAMPolicy.addResponse(expectedResponse); + + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() + .setResource("GetIamPolicyRequest-1527610370".toString()) + .setOptions(GetPolicyOptions.newBuilder().build()) + .build(); + + Policy actualResponse = client.getIamPolicy(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void getIamPolicyExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() + .setResource("GetIamPolicyRequest-1527610370".toString()) + .setOptions(GetPolicyOptions.newBuilder().build()) + .build(); + client.getIamPolicy(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } + + @Test + public void testIamPermissionsTest() throws Exception { + TestIamPermissionsResponse expectedResponse = + TestIamPermissionsResponse.newBuilder().addAllPermissions(new ArrayList()).build(); + mockIAMPolicy.addResponse(expectedResponse); + + TestIamPermissionsRequest request = + TestIamPermissionsRequest.newBuilder() + .setResource("TestIamPermissionsRequest942398222".toString()) + .addAllPermissions(new ArrayList()) + .build(); + + TestIamPermissionsResponse actualResponse = client.testIamPermissions(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + TestIamPermissionsRequest actualRequest = ((TestIamPermissionsRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getPermissionsList(), actualRequest.getPermissionsList()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void testIamPermissionsExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + TestIamPermissionsRequest request = + TestIamPermissionsRequest.newBuilder() + .setResource("TestIamPermissionsRequest942398222".toString()) + .addAllPermissions(new ArrayList()) + .build(); + client.testIamPermissions(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } +} diff --git a/test/integration/goldens/iam/IAMPolicySettings.java b/test/integration/goldens/iam/IAMPolicySettings.java new file mode 100644 index 0000000000..b190fa6b2f --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicySettings.java @@ -0,0 +1,203 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.ApiFunction; +import com.google.api.core.BetaApi; +import com.google.api.gax.core.GoogleCredentialsProvider; +import com.google.api.gax.core.InstantiatingExecutorProvider; +import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.ClientSettings; +import com.google.api.gax.rpc.StubSettings; +import com.google.api.gax.rpc.TransportChannelProvider; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.iam.v1.stub.IAMPolicyStubSettings; +import java.io.IOException; +import java.util.List; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Settings class to configure an instance of {@link IAMPolicyClient}. + * + *

The default instance has everything set to sensible defaults: + * + *

    + *
  • The default service address (iam-meta-api.googleapis.com) and default port (443) are used. + *
  • Credentials are acquired automatically through Application Default Credentials. + *
  • Retries are configured for idempotent methods but not for non-idempotent methods. + *
+ * + *

The builder of this class is recursive, so contained classes are themselves builders. When + * build() is called, the tree of builders is called to create the complete settings object. + * + *

For example, to set the total timeout of setIamPolicy to 30 seconds: + * + * 

{@code
+ * IAMPolicySettings.Builder iAMPolicySettingsBuilder = IAMPolicySettings.newBuilder();
+ * iAMPolicySettingsBuilder
+ *     .setIamPolicySettings()
+ *     .setRetrySettings(
+ *         iAMPolicySettingsBuilder
+ *             .setIamPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * IAMPolicySettings iAMPolicySettings = iAMPolicySettingsBuilder.build();
+ * }
+ */ +@Generated("by gapic-generator-java") +public class IAMPolicySettings extends ClientSettings { + + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return ((IAMPolicyStubSettings) getStubSettings()).setIamPolicySettings(); + } + + /** Returns the object with the settings used for calls to getIamPolicy. */ + public UnaryCallSettings getIamPolicySettings() { + return ((IAMPolicyStubSettings) getStubSettings()).getIamPolicySettings(); + } + + /** Returns the object with the settings used for calls to testIamPermissions. */ + public UnaryCallSettings + testIamPermissionsSettings() { + return ((IAMPolicyStubSettings) getStubSettings()).testIamPermissionsSettings(); + } + + public static final IAMPolicySettings create(IAMPolicyStubSettings stub) throws IOException { + return new IAMPolicySettings.Builder(stub.toBuilder()).build(); + } + + /** Returns a builder for the default ExecutorProvider for this service. */ + public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() { + return IAMPolicyStubSettings.defaultExecutorProviderBuilder(); + } + + /** Returns the default service endpoint. */ + public static String getDefaultEndpoint() { + return IAMPolicyStubSettings.getDefaultEndpoint(); + } + + /** Returns the default service scopes. */ + public static List getDefaultServiceScopes() { + return IAMPolicyStubSettings.getDefaultServiceScopes(); + } + + /** Returns a builder for the default credentials for this service. */ + public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() { + return IAMPolicyStubSettings.defaultCredentialsProviderBuilder(); + } + + /** Returns a builder for the default ChannelProvider for this service. */ + public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() { + return IAMPolicyStubSettings.defaultGrpcTransportProviderBuilder(); + } + + public static TransportChannelProvider defaultTransportChannelProvider() { + return IAMPolicyStubSettings.defaultTransportChannelProvider(); + } + + @BetaApi("The surface for customizing headers is not stable yet and may change in the future.") + public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() { + return IAMPolicyStubSettings.defaultApiClientHeaderProviderBuilder(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder() { + return Builder.createDefault(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder(ClientContext clientContext) { + return new Builder(clientContext); + } + + /** Returns a builder containing all the values of this settings class. */ + public Builder toBuilder() { + return new Builder(this); + } + + protected IAMPolicySettings(Builder settingsBuilder) throws IOException { + super(settingsBuilder); + } + + /** Builder for IAMPolicySettings. */ + public static class Builder extends ClientSettings.Builder { + + protected Builder() throws IOException { + this(((ClientContext) null)); + } + + protected Builder(ClientContext clientContext) { + super(IAMPolicyStubSettings.newBuilder(clientContext)); + } + + protected Builder(IAMPolicySettings settings) { + super(settings.getStubSettings().toBuilder()); + } + + protected Builder(IAMPolicyStubSettings.Builder stubSettings) { + super(stubSettings); + } + + private static Builder createDefault() { + return new Builder(IAMPolicyStubSettings.newBuilder()); + } + + public IAMPolicyStubSettings.Builder getStubSettingsBuilder() { + return ((IAMPolicyStubSettings.Builder) getStubSettings()); + } + + // NEXT_MAJOR_VER: remove 'throws Exception'. + /** + * Applies the given settings updater function to all of the unary API methods in this service. + * + *

Note: This method does not support applying settings to streaming methods. + */ + public Builder applyToAllUnaryMethods( + ApiFunction, Void> settingsUpdater) throws Exception { + super.applyToAllUnaryMethods( + getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater); + return this; + } + + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return getStubSettingsBuilder().setIamPolicySettings(); + } + + /** Returns the builder for the settings used for calls to getIamPolicy. */ + public UnaryCallSettings.Builder getIamPolicySettings() { + return getStubSettingsBuilder().getIamPolicySettings(); + } + + /** Returns the builder for the settings used for calls to testIamPermissions. */ + public UnaryCallSettings.Builder + testIamPermissionsSettings() { + return getStubSettingsBuilder().testIamPermissionsSettings(); + } + + @Override + public IAMPolicySettings build() throws IOException { + return new IAMPolicySettings(this); + } + } +} diff --git a/test/integration/goldens/iam/IAMPolicyStub.java b/test/integration/goldens/iam/IAMPolicyStub.java new file mode 100644 index 0000000000..6cfd45226b --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyStub.java @@ -0,0 +1,52 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Base stub class for the IAMPolicy service API. + * + *

This class is for advanced usage and reflects the underlying API directly. + */ +@Generated("by gapic-generator-java") +public abstract class IAMPolicyStub implements BackgroundResource { + + public UnaryCallable setIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); + } + + public UnaryCallable getIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: getIamPolicyCallable()"); + } + + public UnaryCallable + testIamPermissionsCallable() { + throw new UnsupportedOperationException("Not implemented: testIamPermissionsCallable()"); + } + + @Override + public abstract void close(); +} diff --git a/test/integration/goldens/iam/IAMPolicyStubSettings.java b/test/integration/goldens/iam/IAMPolicyStubSettings.java new file mode 100644 index 0000000000..51fd4491d6 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyStubSettings.java @@ -0,0 +1,313 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.core.ApiFunction; +import com.google.api.core.BetaApi; +import com.google.api.gax.core.GaxProperties; +import com.google.api.gax.core.GoogleCredentialsProvider; +import com.google.api.gax.core.InstantiatingExecutorProvider; +import com.google.api.gax.grpc.GaxGrpcProperties; +import com.google.api.gax.grpc.GrpcTransportChannel; +import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider; +import com.google.api.gax.retrying.RetrySettings; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.StatusCode; +import com.google.api.gax.rpc.StubSettings; +import com.google.api.gax.rpc.TransportChannelProvider; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Lists; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import java.io.IOException; +import java.util.List; +import javax.annotation.Generated; +import org.threeten.bp.Duration; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Settings class to configure an instance of {@link IAMPolicyStub}. + * + *

The default instance has everything set to sensible defaults: + * + *

    + *
  • The default service address (iam-meta-api.googleapis.com) and default port (443) are used. + *
  • Credentials are acquired automatically through Application Default Credentials. + *
  • Retries are configured for idempotent methods but not for non-idempotent methods. + *
+ * + *

The builder of this class is recursive, so contained classes are themselves builders. When + * build() is called, the tree of builders is called to create the complete settings object. + * + *

For example, to set the total timeout of setIamPolicy to 30 seconds: + * + * 

{@code
+ * IAMPolicyStubSettings.Builder iAMPolicySettingsBuilder = IAMPolicyStubSettings.newBuilder();
+ * iAMPolicySettingsBuilder
+ *     .setIamPolicySettings()
+ *     .setRetrySettings(
+ *         iAMPolicySettingsBuilder
+ *             .setIamPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * IAMPolicyStubSettings iAMPolicySettings = iAMPolicySettingsBuilder.build();
+ * }
+ */ +@Generated("by gapic-generator-java") +public class IAMPolicyStubSettings extends StubSettings { + /** The default scopes of the service. */ + private static final ImmutableList DEFAULT_SERVICE_SCOPES = + ImmutableList.builder().build(); + + private final UnaryCallSettings setIamPolicySettings; + private final UnaryCallSettings getIamPolicySettings; + private final UnaryCallSettings + testIamPermissionsSettings; + + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return setIamPolicySettings; + } + + /** Returns the object with the settings used for calls to getIamPolicy. */ + public UnaryCallSettings getIamPolicySettings() { + return getIamPolicySettings; + } + + /** Returns the object with the settings used for calls to testIamPermissions. */ + public UnaryCallSettings + testIamPermissionsSettings() { + return testIamPermissionsSettings; + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public IAMPolicyStub createStub() throws IOException { + if (getTransportChannelProvider() + .getTransportName() + .equals(GrpcTransportChannel.getGrpcTransportName())) { + return GrpcIAMPolicyStub.create(this); + } + throw new UnsupportedOperationException( + String.format( + "Transport not supported: %s", getTransportChannelProvider().getTransportName())); + } + + /** Returns a builder for the default ExecutorProvider for this service. */ + public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() { + return InstantiatingExecutorProvider.newBuilder(); + } + + /** Returns the default service endpoint. */ + public static String getDefaultEndpoint() { + return "iam-meta-api.googleapis.com:443"; + } + + /** Returns the default service scopes. */ + public static List getDefaultServiceScopes() { + return DEFAULT_SERVICE_SCOPES; + } + + /** Returns a builder for the default credentials for this service. */ + public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() { + return GoogleCredentialsProvider.newBuilder().setScopesToApply(DEFAULT_SERVICE_SCOPES); + } + + /** Returns a builder for the default ChannelProvider for this service. */ + public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() { + return InstantiatingGrpcChannelProvider.newBuilder() + .setMaxInboundMessageSize(Integer.MAX_VALUE); + } + + public static TransportChannelProvider defaultTransportChannelProvider() { + return defaultGrpcTransportProviderBuilder().build(); + } + + @BetaApi("The surface for customizing headers is not stable yet and may change in the future.") + public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() { + return ApiClientHeaderProvider.newBuilder() + .setGeneratedLibToken("gapic", GaxProperties.getLibraryVersion(IAMPolicyStubSettings.class)) + .setTransportToken( + GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion()); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder() { + return Builder.createDefault(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder(ClientContext clientContext) { + return new Builder(clientContext); + } + + /** Returns a builder containing all the values of this settings class. */ + public Builder toBuilder() { + return new Builder(this); + } + + protected IAMPolicyStubSettings(Builder settingsBuilder) throws IOException { + super(settingsBuilder); + + setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); + getIamPolicySettings = settingsBuilder.getIamPolicySettings().build(); + testIamPermissionsSettings = settingsBuilder.testIamPermissionsSettings().build(); + } + + /** Builder for IAMPolicyStubSettings. */ + public static class Builder extends StubSettings.Builder { + private final ImmutableList> unaryMethodSettingsBuilders; + private final UnaryCallSettings.Builder setIamPolicySettings; + private final UnaryCallSettings.Builder getIamPolicySettings; + private final UnaryCallSettings.Builder + testIamPermissionsSettings; + private static final ImmutableMap> + RETRYABLE_CODE_DEFINITIONS; + + static { + ImmutableMap.Builder> definitions = + ImmutableMap.builder(); + definitions.put( + "retry_policy_0_codes", + ImmutableSet.copyOf(Lists.newArrayList(StatusCode.Code.UNAVAILABLE))); + RETRYABLE_CODE_DEFINITIONS = definitions.build(); + } + + private static final ImmutableMap RETRY_PARAM_DEFINITIONS; + + static { + ImmutableMap.Builder definitions = ImmutableMap.builder(); + RetrySettings settings = null; + settings = + RetrySettings.newBuilder() + .setInitialRetryDelay(Duration.ofMillis(500L)) + .setRetryDelayMultiplier(2.0) + .setMaxRetryDelay(Duration.ofMillis(10000L)) + .setInitialRpcTimeout(Duration.ofMillis(10000L)) + .setRpcTimeoutMultiplier(1.0) + .setMaxRpcTimeout(Duration.ofMillis(10000L)) + .setTotalTimeout(Duration.ofMillis(10000L)) + .build(); + definitions.put("retry_policy_0_params", settings); + RETRY_PARAM_DEFINITIONS = definitions.build(); + } + + protected Builder() { + this(((ClientContext) null)); + } + + protected Builder(ClientContext clientContext) { + super(clientContext); + + setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + getIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + testIamPermissionsSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + + unaryMethodSettingsBuilders = + ImmutableList.>of( + setIamPolicySettings, getIamPolicySettings, testIamPermissionsSettings); + initDefaults(this); + } + + protected Builder(IAMPolicyStubSettings settings) { + super(settings); + + setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); + getIamPolicySettings = settings.getIamPolicySettings.toBuilder(); + testIamPermissionsSettings = settings.testIamPermissionsSettings.toBuilder(); + + unaryMethodSettingsBuilders = + ImmutableList.>of( + setIamPolicySettings, getIamPolicySettings, testIamPermissionsSettings); + } + + private static Builder createDefault() { + Builder builder = new Builder(((ClientContext) null)); + + builder.setTransportChannelProvider(defaultTransportChannelProvider()); + builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build()); + builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build()); + builder.setEndpoint(getDefaultEndpoint()); + + return initDefaults(builder); + } + + private static Builder initDefaults(Builder builder) { + builder + .setIamPolicySettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + builder + .getIamPolicySettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + builder + .testIamPermissionsSettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + return builder; + } + + // NEXT_MAJOR_VER: remove 'throws Exception'. + /** + * Applies the given settings updater function to all of the unary API methods in this service. + * + *

Note: This method does not support applying settings to streaming methods. + */ + public Builder applyToAllUnaryMethods( + ApiFunction, Void> settingsUpdater) throws Exception { + super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater); + return this; + } + + public ImmutableList> unaryMethodSettingsBuilders() { + return unaryMethodSettingsBuilders; + } + + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return setIamPolicySettings; + } + + /** Returns the builder for the settings used for calls to getIamPolicy. */ + public UnaryCallSettings.Builder getIamPolicySettings() { + return getIamPolicySettings; + } + + /** Returns the builder for the settings used for calls to testIamPermissions. */ + public UnaryCallSettings.Builder + testIamPermissionsSettings() { + return testIamPermissionsSettings; + } + + @Override + public IAMPolicyStubSettings build() throws IOException { + return new IAMPolicyStubSettings(this); + } + } +} diff --git a/test/integration/goldens/iam/MockIAMPolicy.java b/test/integration/goldens/iam/MockIAMPolicy.java new file mode 100644 index 0000000000..b7ebc56b18 --- /dev/null +++ b/test/integration/goldens/iam/MockIAMPolicy.java @@ -0,0 +1,59 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.api.gax.grpc.testing.MockGrpcService; +import com.google.protobuf.AbstractMessage; +import io.grpc.ServerServiceDefinition; +import java.util.List; +import javax.annotation.Generated; + +@BetaApi +@Generated("by gapic-generator-java") +public class MockIAMPolicy implements MockGrpcService { + private final MockIAMPolicyImpl serviceImpl; + + public MockIAMPolicy() { + serviceImpl = new MockIAMPolicyImpl(); + } + + @Override + public List getRequests() { + return serviceImpl.getRequests(); + } + + @Override + public void addResponse(AbstractMessage response) { + serviceImpl.addResponse(response); + } + + @Override + public void addException(Exception exception) { + serviceImpl.addException(exception); + } + + @Override + public ServerServiceDefinition getServiceDefinition() { + return serviceImpl.bindService(); + } + + @Override + public void reset() { + serviceImpl.reset(); + } +} diff --git a/test/integration/goldens/iam/MockIAMPolicyImpl.java b/test/integration/goldens/iam/MockIAMPolicyImpl.java new file mode 100644 index 0000000000..920aec564d --- /dev/null +++ b/test/integration/goldens/iam/MockIAMPolicyImpl.java @@ -0,0 +1,122 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.iam.v1.IAMPolicyGrpc.IAMPolicyImplBase; +import com.google.protobuf.AbstractMessage; +import io.grpc.stub.StreamObserver; +import java.util.ArrayList; +import java.util.LinkedList; +import java.util.List; +import java.util.Queue; +import javax.annotation.Generated; + +@BetaApi +@Generated("by gapic-generator-java") +public class MockIAMPolicyImpl extends IAMPolicyImplBase { + private List requests; + private Queue responses; + + public MockIAMPolicyImpl() { + requests = new ArrayList<>(); + responses = new LinkedList<>(); + } + + public List getRequests() { + return requests; + } + + public void addResponse(AbstractMessage response) { + responses.add(response); + } + + public void setResponses(List responses) { + this.responses = new LinkedList(responses); + } + + public void addException(Exception exception) { + responses.add(exception); + } + + public void reset() { + requests = new ArrayList<>(); + responses = new LinkedList<>(); + } + + @Override + public void setIamPolicy(SetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method SetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } + + @Override + public void getIamPolicy(GetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method GetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } + + @Override + public void testIamPermissions( + TestIamPermissionsRequest request, + StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof TestIamPermissionsResponse) { + requests.add(request); + responseObserver.onNext(((TestIamPermissionsResponse) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method TestIamPermissions, expected %s or %s", + response.getClass().getName(), + TestIamPermissionsResponse.class.getName(), + Exception.class.getName()))); + } + } +} diff --git a/test/integration/goldens/iam/PlaceholderFile.java b/test/integration/goldens/iam/PlaceholderFile.java new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/integration/goldens/iam/gapic_metadata.json b/test/integration/goldens/iam/gapic_metadata.json new file mode 100644 index 0000000000..7169270d1e --- /dev/null +++ b/test/integration/goldens/iam/gapic_metadata.json @@ -0,0 +1,27 @@ +{ + "schema": "1.0", + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "java", + "protoPackage": "google.iam.v1", + "libraryPackage": "com.google.iam.v1", + "services": { + "IAMPolicy": { + "clients": { + "grpc": { + "libraryClient": "IAMPolicyClient", + "rpcs": { + "GetIamPolicy": { + "methods": ["getIamPolicy", "getIamPolicyCallable"] + }, + "SetIamPolicy": { + "methods": ["setIamPolicy", "setIamPolicyCallable"] + }, + "TestIamPermissions": { + "methods": ["testIamPermissions", "testIamPermissionsCallable"] + } + } + } + } + } + } +} \ No newline at end of file diff --git a/test/integration/goldens/iam/package-info.java b/test/integration/goldens/iam/package-info.java new file mode 100644 index 0000000000..45e257e56c --- /dev/null +++ b/test/integration/goldens/iam/package-info.java @@ -0,0 +1,61 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * The interfaces provided are listed below, along with usage samples. + * + *

======================= IAMPolicyClient ======================= + * + *

Service Description: ## API Overview + * + *

Manages Identity and Access Management (IAM) policies. + * + *

Any implementation of an API that offers access control features implements the + * google.iam.v1.IAMPolicy interface. + * + *

## Data model + * + *

Access control is applied when a principal (user or service account), takes some action on a + * resource exposed by a service. Resources, identified by URI-like names, are the unit of access + * control specification. Service implementations can choose the granularity of access control and + * the supported permissions for their resources. For example one database service may allow access + * control to be specified only at the Table level, whereas another might allow access control to + * also be specified at the Column level. + * + *

## Policy Structure + * + *

See google.iam.v1.Policy + * + *

This is intentionally not a CRUD style API because access control policies are created and + * deleted implicitly with the resources to which they are attached. + * + *

Sample for IAMPolicyClient: + * + * 

{@code
+ * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+ *   SetIamPolicyRequest request =
+ *       SetIamPolicyRequest.newBuilder()
+ *           .setResource("SetIamPolicyRequest1223629066".toString())
+ *           .setPolicy(Policy.newBuilder().build())
+ *           .build();
+ *   Policy response = iAMPolicyClient.setIamPolicy(request);
+ * }
+ * }
+ */ +@Generated("by gapic-generator-java") +package com.google.iam.v1; + +import javax.annotation.Generated; diff --git a/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java b/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java index 19bac47baf..692563c0a8 100644 --- a/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java +++ b/test/integration/goldens/kms/GrpcKeyManagementServiceStub.java @@ -313,19 +313,19 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub { .setResponseMarshaller(ProtoUtils.marshaller(CryptoKeyVersion.getDefaultInstance())) .build(); - private static final MethodDescriptor setIamPolicyMethodDescriptor = - MethodDescriptor.newBuilder() + private static final MethodDescriptor getIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() .setType(MethodDescriptor.MethodType.UNARY) - .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") - .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) + .setFullMethodName("google.cloud.kms.v1.KeyManagementService/GetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) .build(); - private static final MethodDescriptor getIamPolicyMethodDescriptor = - MethodDescriptor.newBuilder() + private static final MethodDescriptor setIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() .setType(MethodDescriptor.MethodType.UNARY) - .setFullMethodName("google.iam.v1.IAMPolicy/GetIamPolicy") - .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) + .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) .build(); @@ -380,8 +380,8 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub { destroyCryptoKeyVersionCallable; private final UnaryCallable restoreCryptoKeyVersionCallable; - private final UnaryCallable setIamPolicyCallable; private final UnaryCallable getIamPolicyCallable; + private final UnaryCallable setIamPolicyCallable; private final UnaryCallable testIamPermissionsCallable; @@ -744,26 +744,26 @@ public Map extract(RestoreCryptoKeyVersionRequest request) { } }) .build(); - GrpcCallSettings setIamPolicyTransportSettings = - GrpcCallSettings.newBuilder() - .setMethodDescriptor(setIamPolicyMethodDescriptor) + GrpcCallSettings getIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(getIamPolicyMethodDescriptor) .setParamsExtractor( - new RequestParamsExtractor() { + new RequestParamsExtractor() { @Override - public Map extract(SetIamPolicyRequest request) { + public Map extract(GetIamPolicyRequest request) { ImmutableMap.Builder params = ImmutableMap.builder(); params.put("resource", String.valueOf(request.getResource())); return params.build(); } }) .build(); - GrpcCallSettings getIamPolicyTransportSettings = - GrpcCallSettings.newBuilder() - .setMethodDescriptor(getIamPolicyMethodDescriptor) + GrpcCallSettings setIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(setIamPolicyMethodDescriptor) .setParamsExtractor( - new RequestParamsExtractor() { + new RequestParamsExtractor() { @Override - public Map extract(GetIamPolicyRequest request) { + public Map extract(SetIamPolicyRequest request) { ImmutableMap.Builder params = ImmutableMap.builder(); params.put("resource", String.valueOf(request.getResource())); return params.build(); @@ -886,12 +886,12 @@ public Map extract(TestIamPermissionsRequest request) { restoreCryptoKeyVersionTransportSettings, settings.restoreCryptoKeyVersionSettings(), clientContext); - this.setIamPolicyCallable = - callableFactory.createUnaryCallable( - setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); this.getIamPolicyCallable = callableFactory.createUnaryCallable( getIamPolicyTransportSettings, settings.getIamPolicySettings(), clientContext); + this.setIamPolicyCallable = + callableFactory.createUnaryCallable( + setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); this.testIamPermissionsCallable = callableFactory.createUnaryCallable( testIamPermissionsTransportSettings, @@ -1053,13 +1053,13 @@ public UnaryCallable asymmetricSi } @Override - public UnaryCallable setIamPolicyCallable() { - return setIamPolicyCallable; + public UnaryCallable getIamPolicyCallable() { + return getIamPolicyCallable; } @Override - public UnaryCallable getIamPolicyCallable() { - return getIamPolicyCallable; + public UnaryCallable setIamPolicyCallable() { + return setIamPolicyCallable; } @Override diff --git a/test/integration/goldens/kms/KeyManagementServiceClient.java b/test/integration/goldens/kms/KeyManagementServiceClient.java index a1580d3b66..6ce8a338f8 100644 --- a/test/integration/goldens/kms/KeyManagementServiceClient.java +++ b/test/integration/goldens/kms/KeyManagementServiceClient.java @@ -3107,104 +3107,104 @@ public final CryptoKeyVersion restoreCryptoKeyVersion(RestoreCryptoKeyVersionReq // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Sets the access control policy on the specified resource. Replaces any existing policy. + * Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. Returns an empty + * policy if the resource exists and does not have a policy set. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   SetIamPolicyRequest request =
-   *       SetIamPolicyRequest.newBuilder()
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setPolicy(Policy.newBuilder().build())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
    *           .build();
-   *   Policy response = keyManagementServiceClient.setIamPolicy(request);
+   *   Policy response = keyManagementServiceClient.getIamPolicy(request);
    * }
    * }
* * @param request The request object containing all of the parameters for the API call. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ - public final Policy setIamPolicy(SetIamPolicyRequest request) { - return setIamPolicyCallable().call(request); + public final Policy getIamPolicy(GetIamPolicyRequest request) { + return getIamPolicyCallable().call(request); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Sets the access control policy on the specified resource. Replaces any existing policy. + * Gets the access control policy for a resource. ADDED ONLY FOR MIXIN TESTS. Returns an empty + * policy if the resource exists and does not have a policy set. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   SetIamPolicyRequest request =
-   *       SetIamPolicyRequest.newBuilder()
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setPolicy(Policy.newBuilder().build())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
    *           .build();
    *   ApiFuture future =
-   *       keyManagementServiceClient.setIamPolicyCallable().futureCall(request);
+   *       keyManagementServiceClient.getIamPolicyCallable().futureCall(request);
    *   // Do something.
    *   Policy response = future.get();
    * }
    * }
*/ - public final UnaryCallable setIamPolicyCallable() { - return stub.setIamPolicyCallable(); + public final UnaryCallable getIamPolicyCallable() { + return stub.getIamPolicyCallable(); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Gets the access control policy for a resource. Returns an empty policy if the resource exists - * and does not have a policy set. + * Sets the access control policy on the specified resource. Replaces any existing policy. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   GetIamPolicyRequest request =
-   *       GetIamPolicyRequest.newBuilder()
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .setPolicy(Policy.newBuilder().build())
    *           .build();
-   *   Policy response = keyManagementServiceClient.getIamPolicy(request);
+   *   Policy response = keyManagementServiceClient.setIamPolicy(request);
    * }
    * }
* * @param request The request object containing all of the parameters for the API call. * @throws com.google.api.gax.rpc.ApiException if the remote call fails */ - public final Policy getIamPolicy(GetIamPolicyRequest request) { - return getIamPolicyCallable().call(request); + public final Policy setIamPolicy(SetIamPolicyRequest request) { + return setIamPolicyCallable().call(request); } // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Gets the access control policy for a resource. Returns an empty policy if the resource exists - * and does not have a policy set. + * Sets the access control policy on the specified resource. Replaces any existing policy. * *

Sample code: * * 

{@code
    * try (KeyManagementServiceClient keyManagementServiceClient =
    *     KeyManagementServiceClient.create()) {
-   *   GetIamPolicyRequest request =
-   *       GetIamPolicyRequest.newBuilder()
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
    *           .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
-   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .setPolicy(Policy.newBuilder().build())
    *           .build();
    *   ApiFuture future =
-   *       keyManagementServiceClient.getIamPolicyCallable().futureCall(request);
+   *       keyManagementServiceClient.setIamPolicyCallable().futureCall(request);
    *   // Do something.
    *   Policy response = future.get();
    * }
    * }
*/ - public final UnaryCallable getIamPolicyCallable() { - return stub.getIamPolicyCallable(); + public final UnaryCallable setIamPolicyCallable() { + return stub.setIamPolicyCallable(); } // AUTO-GENERATED DOCUMENTATION AND METHOD. diff --git a/test/integration/goldens/kms/KeyManagementServiceClientTest.java b/test/integration/goldens/kms/KeyManagementServiceClientTest.java index e185914bd3..9ed23027e3 100644 --- a/test/integration/goldens/kms/KeyManagementServiceClientTest.java +++ b/test/integration/goldens/kms/KeyManagementServiceClientTest.java @@ -2216,30 +2216,30 @@ public void restoreCryptoKeyVersionExceptionTest2() throws Exception { } @Test - public void setIamPolicyTest() throws Exception { + public void getIamPolicyTest() throws Exception { Policy expectedResponse = Policy.newBuilder() .setVersion(351608024) .addAllBindings(new ArrayList()) .setEtag(ByteString.EMPTY) .build(); - mockIAMPolicy.addResponse(expectedResponse); + mockKeyManagementService.addResponse(expectedResponse); - SetIamPolicyRequest request = - SetIamPolicyRequest.newBuilder() + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setPolicy(Policy.newBuilder().build()) + .setOptions(GetPolicyOptions.newBuilder().build()) .build(); - Policy actualResponse = client.setIamPolicy(request); + Policy actualResponse = client.getIamPolicy(request); Assert.assertEquals(expectedResponse, actualResponse); - List actualRequests = mockIAMPolicy.getRequests(); + List actualRequests = mockKeyManagementService.getRequests(); Assert.assertEquals(1, actualRequests.size()); - SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); + GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); Assert.assertEquals(request.getResource(), actualRequest.getResource()); - Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); + Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); Assert.assertTrue( channelProvider.isHeaderSent( ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), @@ -2247,17 +2247,17 @@ public void setIamPolicyTest() throws Exception { } @Test - public void setIamPolicyExceptionTest() throws Exception { + public void getIamPolicyExceptionTest() throws Exception { StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); - mockIAMPolicy.addException(exception); + mockKeyManagementService.addException(exception); try { - SetIamPolicyRequest request = - SetIamPolicyRequest.newBuilder() + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setPolicy(Policy.newBuilder().build()) + .setOptions(GetPolicyOptions.newBuilder().build()) .build(); - client.setIamPolicy(request); + client.getIamPolicy(request); Assert.fail("No exception raised"); } catch (InvalidArgumentException e) { // Expected exception. @@ -2265,7 +2265,7 @@ public void setIamPolicyExceptionTest() throws Exception { } @Test - public void getIamPolicyTest() throws Exception { + public void setIamPolicyTest() throws Exception { Policy expectedResponse = Policy.newBuilder() .setVersion(351608024) @@ -2274,21 +2274,21 @@ public void getIamPolicyTest() throws Exception { .build(); mockIAMPolicy.addResponse(expectedResponse); - GetIamPolicyRequest request = - GetIamPolicyRequest.newBuilder() + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setOptions(GetPolicyOptions.newBuilder().build()) + .setPolicy(Policy.newBuilder().build()) .build(); - Policy actualResponse = client.getIamPolicy(request); + Policy actualResponse = client.setIamPolicy(request); Assert.assertEquals(expectedResponse, actualResponse); List actualRequests = mockIAMPolicy.getRequests(); Assert.assertEquals(1, actualRequests.size()); - GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); + SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); Assert.assertEquals(request.getResource(), actualRequest.getResource()); - Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); + Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); Assert.assertTrue( channelProvider.isHeaderSent( ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), @@ -2296,17 +2296,17 @@ public void getIamPolicyTest() throws Exception { } @Test - public void getIamPolicyExceptionTest() throws Exception { + public void setIamPolicyExceptionTest() throws Exception { StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); mockIAMPolicy.addException(exception); try { - GetIamPolicyRequest request = - GetIamPolicyRequest.newBuilder() + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() .setResource(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString()) - .setOptions(GetPolicyOptions.newBuilder().build()) + .setPolicy(Policy.newBuilder().build()) .build(); - client.getIamPolicy(request); + client.setIamPolicy(request); Assert.fail("No exception raised"); } catch (InvalidArgumentException e) { // Expected exception. diff --git a/test/integration/goldens/kms/KeyManagementServiceSettings.java b/test/integration/goldens/kms/KeyManagementServiceSettings.java index acc300034d..862f6ca98d 100644 --- a/test/integration/goldens/kms/KeyManagementServiceSettings.java +++ b/test/integration/goldens/kms/KeyManagementServiceSettings.java @@ -212,16 +212,16 @@ public UnaryCallSettings asymmetr return ((KeyManagementServiceStubSettings) getStubSettings()).restoreCryptoKeyVersionSettings(); } - /** Returns the object with the settings used for calls to setIamPolicy. */ - public UnaryCallSettings setIamPolicySettings() { - return ((KeyManagementServiceStubSettings) getStubSettings()).setIamPolicySettings(); - } - /** Returns the object with the settings used for calls to getIamPolicy. */ public UnaryCallSettings getIamPolicySettings() { return ((KeyManagementServiceStubSettings) getStubSettings()).getIamPolicySettings(); } + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return ((KeyManagementServiceStubSettings) getStubSettings()).setIamPolicySettings(); + } + /** Returns the object with the settings used for calls to testIamPermissions. */ public UnaryCallSettings testIamPermissionsSettings() { @@ -461,16 +461,16 @@ public UnaryCallSettings.Builder decryptSetting return getStubSettingsBuilder().restoreCryptoKeyVersionSettings(); } - /** Returns the builder for the settings used for calls to setIamPolicy. */ - public UnaryCallSettings.Builder setIamPolicySettings() { - return getStubSettingsBuilder().setIamPolicySettings(); - } - /** Returns the builder for the settings used for calls to getIamPolicy. */ public UnaryCallSettings.Builder getIamPolicySettings() { return getStubSettingsBuilder().getIamPolicySettings(); } + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return getStubSettingsBuilder().setIamPolicySettings(); + } + /** Returns the builder for the settings used for calls to testIamPermissions. */ public UnaryCallSettings.Builder testIamPermissionsSettings() { diff --git a/test/integration/goldens/kms/KeyManagementServiceStub.java b/test/integration/goldens/kms/KeyManagementServiceStub.java index 837b4b0bab..b180582def 100644 --- a/test/integration/goldens/kms/KeyManagementServiceStub.java +++ b/test/integration/goldens/kms/KeyManagementServiceStub.java @@ -196,14 +196,14 @@ public UnaryCallable asymmetricSi throw new UnsupportedOperationException("Not implemented: restoreCryptoKeyVersionCallable()"); } - public UnaryCallable setIamPolicyCallable() { - throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); - } - public UnaryCallable getIamPolicyCallable() { throw new UnsupportedOperationException("Not implemented: getIamPolicyCallable()"); } + public UnaryCallable setIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); + } + public UnaryCallable testIamPermissionsCallable() { throw new UnsupportedOperationException("Not implemented: testIamPermissionsCallable()"); diff --git a/test/integration/goldens/kms/KeyManagementServiceStubSettings.java b/test/integration/goldens/kms/KeyManagementServiceStubSettings.java index f36350a7ce..efc069c515 100644 --- a/test/integration/goldens/kms/KeyManagementServiceStubSettings.java +++ b/test/integration/goldens/kms/KeyManagementServiceStubSettings.java @@ -178,8 +178,8 @@ public class KeyManagementServiceStubSettings destroyCryptoKeyVersionSettings; private final UnaryCallSettings restoreCryptoKeyVersionSettings; - private final UnaryCallSettings setIamPolicySettings; private final UnaryCallSettings getIamPolicySettings; + private final UnaryCallSettings setIamPolicySettings; private final UnaryCallSettings testIamPermissionsSettings; @@ -541,16 +541,16 @@ public UnaryCallSettings asymmetr return restoreCryptoKeyVersionSettings; } - /** Returns the object with the settings used for calls to setIamPolicy. */ - public UnaryCallSettings setIamPolicySettings() { - return setIamPolicySettings; - } - /** Returns the object with the settings used for calls to getIamPolicy. */ public UnaryCallSettings getIamPolicySettings() { return getIamPolicySettings; } + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return setIamPolicySettings; + } + /** Returns the object with the settings used for calls to testIamPermissions. */ public UnaryCallSettings testIamPermissionsSettings() { @@ -650,8 +650,8 @@ protected KeyManagementServiceStubSettings(Builder settingsBuilder) throws IOExc settingsBuilder.updateCryptoKeyPrimaryVersionSettings().build(); destroyCryptoKeyVersionSettings = settingsBuilder.destroyCryptoKeyVersionSettings().build(); restoreCryptoKeyVersionSettings = settingsBuilder.restoreCryptoKeyVersionSettings().build(); - setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); getIamPolicySettings = settingsBuilder.getIamPolicySettings().build(); + setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); testIamPermissionsSettings = settingsBuilder.testIamPermissionsSettings().build(); } @@ -704,8 +704,8 @@ public static class Builder destroyCryptoKeyVersionSettings; private final UnaryCallSettings.Builder restoreCryptoKeyVersionSettings; - private final UnaryCallSettings.Builder setIamPolicySettings; private final UnaryCallSettings.Builder getIamPolicySettings; + private final UnaryCallSettings.Builder setIamPolicySettings; private final UnaryCallSettings.Builder testIamPermissionsSettings; private static final ImmutableMap> @@ -782,8 +782,8 @@ protected Builder(ClientContext clientContext) { updateCryptoKeyPrimaryVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); destroyCryptoKeyVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); restoreCryptoKeyVersionSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); - setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); getIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); testIamPermissionsSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); unaryMethodSettingsBuilders = @@ -811,8 +811,8 @@ protected Builder(ClientContext clientContext) { updateCryptoKeyPrimaryVersionSettings, destroyCryptoKeyVersionSettings, restoreCryptoKeyVersionSettings, - setIamPolicySettings, getIamPolicySettings, + setIamPolicySettings, testIamPermissionsSettings); initDefaults(this); } @@ -844,8 +844,8 @@ protected Builder(KeyManagementServiceStubSettings settings) { settings.updateCryptoKeyPrimaryVersionSettings.toBuilder(); destroyCryptoKeyVersionSettings = settings.destroyCryptoKeyVersionSettings.toBuilder(); restoreCryptoKeyVersionSettings = settings.restoreCryptoKeyVersionSettings.toBuilder(); - setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); getIamPolicySettings = settings.getIamPolicySettings.toBuilder(); + setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); testIamPermissionsSettings = settings.testIamPermissionsSettings.toBuilder(); unaryMethodSettingsBuilders = @@ -873,8 +873,8 @@ protected Builder(KeyManagementServiceStubSettings settings) { updateCryptoKeyPrimaryVersionSettings, destroyCryptoKeyVersionSettings, restoreCryptoKeyVersionSettings, - setIamPolicySettings, getIamPolicySettings, + setIamPolicySettings, testIamPermissionsSettings); } @@ -1006,12 +1006,12 @@ private static Builder initDefaults(Builder builder) { .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); builder - .setIamPolicySettings() + .getIamPolicySettings() .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes")) .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); builder - .getIamPolicySettings() + .setIamPolicySettings() .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_1_codes")) .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_1_params")); @@ -1173,16 +1173,16 @@ public UnaryCallSettings.Builder decryptSetting return restoreCryptoKeyVersionSettings; } - /** Returns the builder for the settings used for calls to setIamPolicy. */ - public UnaryCallSettings.Builder setIamPolicySettings() { - return setIamPolicySettings; - } - /** Returns the builder for the settings used for calls to getIamPolicy. */ public UnaryCallSettings.Builder getIamPolicySettings() { return getIamPolicySettings; } + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return setIamPolicySettings; + } + /** Returns the builder for the settings used for calls to testIamPermissions. */ public UnaryCallSettings.Builder testIamPermissionsSettings() { diff --git a/test/integration/goldens/kms/MockKeyManagementServiceImpl.java b/test/integration/goldens/kms/MockKeyManagementServiceImpl.java index d979462264..b6b9fbda5c 100644 --- a/test/integration/goldens/kms/MockKeyManagementServiceImpl.java +++ b/test/integration/goldens/kms/MockKeyManagementServiceImpl.java @@ -18,6 +18,8 @@ import com.google.api.core.BetaApi; import com.google.cloud.kms.v1.KeyManagementServiceGrpc.KeyManagementServiceImplBase; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; import com.google.protobuf.AbstractMessage; import io.grpc.stub.StreamObserver; import java.util.ArrayList; @@ -539,4 +541,24 @@ public void restoreCryptoKeyVersion( Exception.class.getName()))); } } + + @Override + public void getIamPolicy(GetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method GetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } } diff --git a/test/integration/iam_grpc_service_config.json b/test/integration/iam_grpc_service_config.json new file mode 100644 index 0000000000..caed5be6bb --- /dev/null +++ b/test/integration/iam_grpc_service_config.json @@ -0,0 +1,21 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.iam.v1.IAMPolicy" + } + ], + "timeout": "10s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.5s", + "maxBackoff": "10s", + "backoffMultiplier": 2.0, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + } + ] +} From 69dc803413f987872e8cc55bba04877e9bb857db Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Tue, 2 Mar 2021 22:42:34 -0800 Subject: [PATCH 3/7] fix(mixins): enable RPC overrides to clobber mixed-in RPCs --- test/integration/BUILD.bazel | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 70fa0d8b2c..f64f078f5b 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -5,6 +5,7 @@ load( "java_gapic_test", "java_grpc_library", "java_proto_library", + "proto_library_with_info", ) load( "//:rules_bazel/java/integration_test.bzl", @@ -12,6 +13,9 @@ load( "integration_test", ) +# KMS (for mixins). +load("@rules_proto//proto:defs.bzl", "proto_library") + package(default_visibility = ["//visibility:public"]) #################################################### @@ -189,10 +193,6 @@ java_gapic_assembly_gradle_pkg( ], ) -# KMS (for mixins). -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - proto_library( name = "kms_proto", srcs = [ From cbdde57f3f0bd843a6ed4efe06961103afcdb21d Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Wed, 3 Mar 2021 01:02:44 -0800 Subject: [PATCH 4/7] fix(mixins): enable codegen for standalone mixin APIs, add IAM integ test --- .../generator/gapic/protoparser/Parser.java | 17 +- test/integration/BUILD.bazel | 32 ++ test/integration/goldens/iam/BUILD.bazel | 9 + .../iam/GrpcIAMPolicyCallableFactory.java | 113 ++++++ .../goldens/iam/GrpcIAMPolicyStub.java | 227 ++++++++++++ .../goldens/iam/IAMPolicyClient.java | 348 ++++++++++++++++++ .../goldens/iam/IAMPolicyClientTest.java | 222 +++++++++++ .../goldens/iam/IAMPolicySettings.java | 203 ++++++++++ .../goldens/iam/IAMPolicyStub.java | 52 +++ .../goldens/iam/IAMPolicyStubSettings.java | 313 ++++++++++++++++ .../goldens/iam/MockIAMPolicy.java | 59 +++ .../goldens/iam/MockIAMPolicyImpl.java | 122 ++++++ .../goldens/iam/PlaceholderFile.java | 0 .../goldens/iam/gapic_metadata.json | 27 ++ .../integration/goldens/iam/package-info.java | 61 +++ test/integration/iam_grpc_service_config.json | 21 ++ 16 files changed, 1820 insertions(+), 6 deletions(-) create mode 100644 test/integration/goldens/iam/BUILD.bazel create mode 100644 test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java create mode 100644 test/integration/goldens/iam/GrpcIAMPolicyStub.java create mode 100644 test/integration/goldens/iam/IAMPolicyClient.java create mode 100644 test/integration/goldens/iam/IAMPolicyClientTest.java create mode 100644 test/integration/goldens/iam/IAMPolicySettings.java create mode 100644 test/integration/goldens/iam/IAMPolicyStub.java create mode 100644 test/integration/goldens/iam/IAMPolicyStubSettings.java create mode 100644 test/integration/goldens/iam/MockIAMPolicy.java create mode 100644 test/integration/goldens/iam/MockIAMPolicyImpl.java create mode 100644 test/integration/goldens/iam/PlaceholderFile.java create mode 100644 test/integration/goldens/iam/gapic_metadata.json create mode 100644 test/integration/goldens/iam/package-info.java create mode 100644 test/integration/iam_grpc_service_config.json diff --git a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java index 0f377ce748..9f4eaad93b 100644 --- a/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java +++ b/src/main/java/com/google/api/generator/gapic/protoparser/Parser.java @@ -215,13 +215,18 @@ public static List parseServices( // indicator that we are not generating a GAPIC client for the mixed-in service on its own. Function serviceFullNameFn = s -> String.format("%s.%s", s.protoPakkage(), s.name()); - Set blockedCodegenMixinApis = - services.stream() - .filter(s -> MIXIN_ALLOWLIST.contains(serviceFullNameFn.apply(s))) - .map(s -> s) - .collect(Collectors.toSet()); + Set blockedCodegenMixinApis = new HashSet<>(); + Set definedServices = new HashSet<>(); + for (Service s : services) { + if (MIXIN_ALLOWLIST.contains(serviceFullNameFn.apply(s))) { + blockedCodegenMixinApis.add(s); + } else { + definedServices.add(s); + } + } // It's very unlikely the blocklisted APIs will contain the other, or any other service. - boolean servicesContainBlocklistedApi = !blockedCodegenMixinApis.isEmpty(); + boolean servicesContainBlocklistedApi = + !blockedCodegenMixinApis.isEmpty() && !definedServices.isEmpty(); Set mixedInApis = !serviceYamlProtoOpt.isPresent() ? Collections.emptySet() diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 004d8b1f9d..70fa0d8b2c 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -21,6 +21,7 @@ package(default_visibility = ["//visibility:public"]) INTEGRATION_TEST_LIBRARIES = [ "asset", # Basic case. "credentials", # Check that the capital name edge case is handled. + "iam", # Mixin-only special-case API can build on its own. "kms", # Mixins, with an override in the proto file. "logging", # Java package remapping in gapic.yaml. "redis", # Has a gapic.yaml. @@ -31,6 +32,7 @@ INTEGRATION_TEST_LIBRARIES = [ API_GAPIC_TARGETS = { "asset": "@com_google_googleapis//google/cloud/asset/v1:asset_java_gapic", "credentials": "@com_google_googleapis//google/iam/credentials/v1:credentials_java_gapic", + "iam": ":iam_java_gapic", # Googleapis' LRO does not have a Java Gapic. "kms": ":kms_java_gapic", # Local target because mixins are not rolled out yet. "logging": "@com_google_googleapis//google/logging/v2:logging_java_gapic", "redis": "@com_google_googleapis//google/cloud/redis/v1beta1:redis_java_gapic", @@ -157,6 +159,36 @@ java_gapic_assembly_gradle_pkg( ], ) +# Operations (for a standalone mixed-in API). +java_gapic_library( + name = "iam_java_gapic", + srcs = ["@com_google_googleapis//google/iam/v1:iam_proto_with_info"], + grpc_service_config = "iam_grpc_service_config.json", + test_deps = [ + "@com_google_googleapis//google/iam/v1:iam_java_grpc", + ], + deps = [ + "@com_google_googleapis//google/iam/v1:iam_java_proto", + ], +) + +java_gapic_test( + name = "iam_java_gapic_test_suite", + test_classes = [ + "com.google.iam.v1.IAMPolicyClientTest", + ], + runtime_deps = ["iam_java_gapic_test"], +) + +java_gapic_assembly_gradle_pkg( + name = "google-cloud-iam-java", + deps = [ + ":iam_java_gapic", + "@com_google_googleapis//google/iam/v1:iam_java_grpc", + "@com_google_googleapis//google/iam/v1:iam_java_proto", + ], +) + # KMS (for mixins). load("@rules_proto//proto:defs.bzl", "proto_library") load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") diff --git a/test/integration/goldens/iam/BUILD.bazel b/test/integration/goldens/iam/BUILD.bazel new file mode 100644 index 0000000000..667772f01b --- /dev/null +++ b/test/integration/goldens/iam/BUILD.bazel @@ -0,0 +1,9 @@ +package(default_visibility = ["//visibility:public"]) + +filegroup( + name = "goldens_files", + srcs = glob([ + "*.java", + "gapic_metadata.json", + ]), +) diff --git a/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java b/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java new file mode 100644 index 0000000000..5b96cd1ec8 --- /dev/null +++ b/test/integration/goldens/iam/GrpcIAMPolicyCallableFactory.java @@ -0,0 +1,113 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.grpc.GrpcCallSettings; +import com.google.api.gax.grpc.GrpcCallableFactory; +import com.google.api.gax.grpc.GrpcStubCallableFactory; +import com.google.api.gax.rpc.BatchingCallSettings; +import com.google.api.gax.rpc.BidiStreamingCallable; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.ClientStreamingCallable; +import com.google.api.gax.rpc.OperationCallSettings; +import com.google.api.gax.rpc.OperationCallable; +import com.google.api.gax.rpc.PagedCallSettings; +import com.google.api.gax.rpc.ServerStreamingCallSettings; +import com.google.api.gax.rpc.ServerStreamingCallable; +import com.google.api.gax.rpc.StreamingCallSettings; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.longrunning.Operation; +import com.google.longrunning.stub.OperationsStub; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * gRPC callable factory implementation for the IAMPolicy service API. + * + *

This class is for advanced usage. + */ +@Generated("by gapic-generator-java") +public class GrpcIAMPolicyCallableFactory implements GrpcStubCallableFactory { + + @Override + public UnaryCallable createUnaryCallable( + GrpcCallSettings grpcCallSettings, + UnaryCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext); + } + + @Override + public + UnaryCallable createPagedCallable( + GrpcCallSettings grpcCallSettings, + PagedCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createPagedCallable(grpcCallSettings, callSettings, clientContext); + } + + @Override + public UnaryCallable createBatchingCallable( + GrpcCallSettings grpcCallSettings, + BatchingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createBatchingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + OperationCallable createOperationCallable( + GrpcCallSettings grpcCallSettings, + OperationCallSettings callSettings, + ClientContext clientContext, + OperationsStub operationsStub) { + return GrpcCallableFactory.createOperationCallable( + grpcCallSettings, callSettings, clientContext, operationsStub); + } + + @Override + public + BidiStreamingCallable createBidiStreamingCallable( + GrpcCallSettings grpcCallSettings, + StreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createBidiStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + ServerStreamingCallable createServerStreamingCallable( + GrpcCallSettings grpcCallSettings, + ServerStreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createServerStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } + + @Override + public + ClientStreamingCallable createClientStreamingCallable( + GrpcCallSettings grpcCallSettings, + StreamingCallSettings callSettings, + ClientContext clientContext) { + return GrpcCallableFactory.createClientStreamingCallable( + grpcCallSettings, callSettings, clientContext); + } +} diff --git a/test/integration/goldens/iam/GrpcIAMPolicyStub.java b/test/integration/goldens/iam/GrpcIAMPolicyStub.java new file mode 100644 index 0000000000..b12e0f6863 --- /dev/null +++ b/test/integration/goldens/iam/GrpcIAMPolicyStub.java @@ -0,0 +1,227 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.core.BackgroundResourceAggregation; +import com.google.api.gax.grpc.GrpcCallSettings; +import com.google.api.gax.grpc.GrpcStubCallableFactory; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.RequestParamsExtractor; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.common.collect.ImmutableMap; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import com.google.longrunning.stub.GrpcOperationsStub; +import io.grpc.MethodDescriptor; +import io.grpc.protobuf.ProtoUtils; +import java.io.IOException; +import java.util.Map; +import java.util.concurrent.TimeUnit; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * gRPC stub implementation for the IAMPolicy service API. + * + *

This class is for advanced usage and reflects the underlying API directly. + */ +@Generated("by gapic-generator-java") +public class GrpcIAMPolicyStub extends IAMPolicyStub { + private static final MethodDescriptor setIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/SetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(SetIamPolicyRequest.getDefaultInstance())) + .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) + .build(); + + private static final MethodDescriptor getIamPolicyMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/GetIamPolicy") + .setRequestMarshaller(ProtoUtils.marshaller(GetIamPolicyRequest.getDefaultInstance())) + .setResponseMarshaller(ProtoUtils.marshaller(Policy.getDefaultInstance())) + .build(); + + private static final MethodDescriptor + testIamPermissionsMethodDescriptor = + MethodDescriptor.newBuilder() + .setType(MethodDescriptor.MethodType.UNARY) + .setFullMethodName("google.iam.v1.IAMPolicy/TestIamPermissions") + .setRequestMarshaller( + ProtoUtils.marshaller(TestIamPermissionsRequest.getDefaultInstance())) + .setResponseMarshaller( + ProtoUtils.marshaller(TestIamPermissionsResponse.getDefaultInstance())) + .build(); + + private final UnaryCallable setIamPolicyCallable; + private final UnaryCallable getIamPolicyCallable; + private final UnaryCallable + testIamPermissionsCallable; + + private final BackgroundResource backgroundResources; + private final GrpcOperationsStub operationsStub; + private final GrpcStubCallableFactory callableFactory; + + public static final GrpcIAMPolicyStub create(IAMPolicyStubSettings settings) throws IOException { + return new GrpcIAMPolicyStub(settings, ClientContext.create(settings)); + } + + public static final GrpcIAMPolicyStub create(ClientContext clientContext) throws IOException { + return new GrpcIAMPolicyStub(IAMPolicyStubSettings.newBuilder().build(), clientContext); + } + + public static final GrpcIAMPolicyStub create( + ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException { + return new GrpcIAMPolicyStub( + IAMPolicyStubSettings.newBuilder().build(), clientContext, callableFactory); + } + + /** + * Constructs an instance of GrpcIAMPolicyStub, using the given settings. This is protected so + * that it is easy to make a subclass, but otherwise, the static factory methods should be + * preferred. + */ + protected GrpcIAMPolicyStub(IAMPolicyStubSettings settings, ClientContext clientContext) + throws IOException { + this(settings, clientContext, new GrpcIAMPolicyCallableFactory()); + } + + /** + * Constructs an instance of GrpcIAMPolicyStub, using the given settings. This is protected so + * that it is easy to make a subclass, but otherwise, the static factory methods should be + * preferred. + */ + protected GrpcIAMPolicyStub( + IAMPolicyStubSettings settings, + ClientContext clientContext, + GrpcStubCallableFactory callableFactory) + throws IOException { + this.callableFactory = callableFactory; + this.operationsStub = GrpcOperationsStub.create(clientContext, callableFactory); + + GrpcCallSettings setIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(setIamPolicyMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(SetIamPolicyRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + GrpcCallSettings getIamPolicyTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(getIamPolicyMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(GetIamPolicyRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + GrpcCallSettings + testIamPermissionsTransportSettings = + GrpcCallSettings.newBuilder() + .setMethodDescriptor(testIamPermissionsMethodDescriptor) + .setParamsExtractor( + new RequestParamsExtractor() { + @Override + public Map extract(TestIamPermissionsRequest request) { + ImmutableMap.Builder params = ImmutableMap.builder(); + params.put("resource", String.valueOf(request.getResource())); + return params.build(); + } + }) + .build(); + + this.setIamPolicyCallable = + callableFactory.createUnaryCallable( + setIamPolicyTransportSettings, settings.setIamPolicySettings(), clientContext); + this.getIamPolicyCallable = + callableFactory.createUnaryCallable( + getIamPolicyTransportSettings, settings.getIamPolicySettings(), clientContext); + this.testIamPermissionsCallable = + callableFactory.createUnaryCallable( + testIamPermissionsTransportSettings, + settings.testIamPermissionsSettings(), + clientContext); + + this.backgroundResources = + new BackgroundResourceAggregation(clientContext.getBackgroundResources()); + } + + public GrpcOperationsStub getOperationsStub() { + return operationsStub; + } + + @Override + public UnaryCallable setIamPolicyCallable() { + return setIamPolicyCallable; + } + + @Override + public UnaryCallable getIamPolicyCallable() { + return getIamPolicyCallable; + } + + @Override + public UnaryCallable + testIamPermissionsCallable() { + return testIamPermissionsCallable; + } + + @Override + public final void close() { + shutdown(); + } + + @Override + public void shutdown() { + backgroundResources.shutdown(); + } + + @Override + public boolean isShutdown() { + return backgroundResources.isShutdown(); + } + + @Override + public boolean isTerminated() { + return backgroundResources.isTerminated(); + } + + @Override + public void shutdownNow() { + backgroundResources.shutdownNow(); + } + + @Override + public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException { + return backgroundResources.awaitTermination(duration, unit); + } +} diff --git a/test/integration/goldens/iam/IAMPolicyClient.java b/test/integration/goldens/iam/IAMPolicyClient.java new file mode 100644 index 0000000000..d7ec4a68e7 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyClient.java @@ -0,0 +1,348 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.iam.v1.stub.IAMPolicyStub; +import com.google.iam.v1.stub.IAMPolicyStubSettings; +import java.io.IOException; +import java.util.concurrent.TimeUnit; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Service Description: ## API Overview + * + *

Manages Identity and Access Management (IAM) policies. + * + *

Any implementation of an API that offers access control features implements the + * google.iam.v1.IAMPolicy interface. + * + *

## Data model + * + *

Access control is applied when a principal (user or service account), takes some action on a + * resource exposed by a service. Resources, identified by URI-like names, are the unit of access + * control specification. Service implementations can choose the granularity of access control and + * the supported permissions for their resources. For example one database service may allow access + * control to be specified only at the Table level, whereas another might allow access control to + * also be specified at the Column level. + * + *

## Policy Structure + * + *

See google.iam.v1.Policy + * + *

This is intentionally not a CRUD style API because access control policies are created and + * deleted implicitly with the resources to which they are attached. + * + *

This class provides the ability to make remote calls to the backing service through method + * calls that map to API methods. Sample code to get started: + * + * 

{@code
+ * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+ *   SetIamPolicyRequest request =
+ *       SetIamPolicyRequest.newBuilder()
+ *           .setResource("SetIamPolicyRequest1223629066".toString())
+ *           .setPolicy(Policy.newBuilder().build())
+ *           .build();
+ *   Policy response = iAMPolicyClient.setIamPolicy(request);
+ * }
+ * }
+ * + *

Note: close() needs to be called on the IAMPolicyClient object to clean up resources such as + * threads. In the example above, try-with-resources is used, which automatically calls close(). + * + *

The surface of this class includes several types of Java methods for each of the API's + * methods: + * + *

    + *
  1. A "flattened" method. With this type of method, the fields of the request type have been + * converted into function parameters. It may be the case that not all fields are available as + * parameters, and not every API method will have a flattened method entry point. + *
  2. A "request object" method. This type of method only takes one parameter, a request object, + * which must be constructed before the call. Not every API method will have a request object + * method. + *
  3. A "callable" method. This type of method takes no parameters and returns an immutable API + * callable object, which can be used to initiate calls to the service. + *
+ * + *

See the individual methods for example code. + * + *

Many parameters require resource names to be formatted in a particular way. To assist with + * these names, this class includes a format method for each type of name, and additionally a parse + * method to extract the individual identifiers contained within names that are returned. + * + *

This class can be customized by passing in a custom instance of IAMPolicySettings to create(). + * For example: + * + *

To customize credentials: + * + * 

{@code
+ * IAMPolicySettings iAMPolicySettings =
+ *     IAMPolicySettings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create(iAMPolicySettings);
+ * }
+ * + *

To customize the endpoint: + * + * 

{@code
+ * IAMPolicySettings iAMPolicySettings =
+ *     IAMPolicySettings.newBuilder().setEndpoint(myEndpoint).build();
+ * IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create(iAMPolicySettings);
+ * }
+ * + *

Please refer to the GitHub repository's samples for more quickstart code snippets. + */ +@Generated("by gapic-generator-java") +public class IAMPolicyClient implements BackgroundResource { + private final IAMPolicySettings settings; + private final IAMPolicyStub stub; + + /** Constructs an instance of IAMPolicyClient with default settings. */ + public static final IAMPolicyClient create() throws IOException { + return create(IAMPolicySettings.newBuilder().build()); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given settings. The channels are created + * based on the settings passed in, or defaults for any settings that are not set. + */ + public static final IAMPolicyClient create(IAMPolicySettings settings) throws IOException { + return new IAMPolicyClient(settings); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given stub for making calls. This is for + * advanced usage - prefer using create(IAMPolicySettings). + */ + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public static final IAMPolicyClient create(IAMPolicyStub stub) { + return new IAMPolicyClient(stub); + } + + /** + * Constructs an instance of IAMPolicyClient, using the given settings. This is protected so that + * it is easy to make a subclass, but otherwise, the static factory methods should be preferred. + */ + protected IAMPolicyClient(IAMPolicySettings settings) throws IOException { + this.settings = settings; + this.stub = ((IAMPolicyStubSettings) settings.getStubSettings()).createStub(); + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + protected IAMPolicyClient(IAMPolicyStub stub) { + this.settings = null; + this.stub = stub; + } + + public final IAMPolicySettings getSettings() { + return settings; + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public IAMPolicyStub getStub() { + return stub; + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Sets the access control policy on the specified resource. Replaces any existing policy. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
+   *           .setResource("SetIamPolicyRequest1223629066".toString())
+   *           .setPolicy(Policy.newBuilder().build())
+   *           .build();
+   *   Policy response = iAMPolicyClient.setIamPolicy(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final Policy setIamPolicy(SetIamPolicyRequest request) { + return setIamPolicyCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Sets the access control policy on the specified resource. Replaces any existing policy. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   SetIamPolicyRequest request =
+   *       SetIamPolicyRequest.newBuilder()
+   *           .setResource("SetIamPolicyRequest1223629066".toString())
+   *           .setPolicy(Policy.newBuilder().build())
+   *           .build();
+   *   ApiFuture future = iAMPolicyClient.setIamPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Policy response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable setIamPolicyCallable() { + return stub.setIamPolicyCallable(); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Gets the access control policy for a resource. Returns an empty policy if the resource exists + * and does not have a policy set. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
+   *           .setResource("GetIamPolicyRequest-1527610370".toString())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .build();
+   *   Policy response = iAMPolicyClient.getIamPolicy(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final Policy getIamPolicy(GetIamPolicyRequest request) { + return getIamPolicyCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Gets the access control policy for a resource. Returns an empty policy if the resource exists + * and does not have a policy set. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   GetIamPolicyRequest request =
+   *       GetIamPolicyRequest.newBuilder()
+   *           .setResource("GetIamPolicyRequest-1527610370".toString())
+   *           .setOptions(GetPolicyOptions.newBuilder().build())
+   *           .build();
+   *   ApiFuture future = iAMPolicyClient.getIamPolicyCallable().futureCall(request);
+   *   // Do something.
+   *   Policy response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable getIamPolicyCallable() { + return stub.getIamPolicyCallable(); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Returns permissions that a caller has on the specified resource. If the resource does not + * exist, this will return an empty set of permissions, not a NOT_FOUND error. + * + *

Note: This operation is designed to be used for building permission-aware UIs and + * command-line tools, not for authorization checking. This operation may "fail open" without + * warning. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   TestIamPermissionsRequest request =
+   *       TestIamPermissionsRequest.newBuilder()
+   *           .setResource("TestIamPermissionsRequest942398222".toString())
+   *           .addAllPermissions(new ArrayList())
+   *           .build();
+   *   TestIamPermissionsResponse response = iAMPolicyClient.testIamPermissions(request);
+   * }
+   * }
+ * + * @param request The request object containing all of the parameters for the API call. + * @throws com.google.api.gax.rpc.ApiException if the remote call fails + */ + public final TestIamPermissionsResponse testIamPermissions(TestIamPermissionsRequest request) { + return testIamPermissionsCallable().call(request); + } + + // AUTO-GENERATED DOCUMENTATION AND METHOD. + /** + * Returns permissions that a caller has on the specified resource. If the resource does not + * exist, this will return an empty set of permissions, not a NOT_FOUND error. + * + *

Note: This operation is designed to be used for building permission-aware UIs and + * command-line tools, not for authorization checking. This operation may "fail open" without + * warning. + * + *

Sample code: + * + * 

{@code
+   * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+   *   TestIamPermissionsRequest request =
+   *       TestIamPermissionsRequest.newBuilder()
+   *           .setResource("TestIamPermissionsRequest942398222".toString())
+   *           .addAllPermissions(new ArrayList())
+   *           .build();
+   *   ApiFuture future =
+   *       iAMPolicyClient.testIamPermissionsCallable().futureCall(request);
+   *   // Do something.
+   *   TestIamPermissionsResponse response = future.get();
+   * }
+   * }
+ */ + public final UnaryCallable + testIamPermissionsCallable() { + return stub.testIamPermissionsCallable(); + } + + @Override + public final void close() { + stub.close(); + } + + @Override + public void shutdown() { + stub.shutdown(); + } + + @Override + public boolean isShutdown() { + return stub.isShutdown(); + } + + @Override + public boolean isTerminated() { + return stub.isTerminated(); + } + + @Override + public void shutdownNow() { + stub.shutdownNow(); + } + + @Override + public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException { + return stub.awaitTermination(duration, unit); + } +} diff --git a/test/integration/goldens/iam/IAMPolicyClientTest.java b/test/integration/goldens/iam/IAMPolicyClientTest.java new file mode 100644 index 0000000000..cd911b0459 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyClientTest.java @@ -0,0 +1,222 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.gax.core.NoCredentialsProvider; +import com.google.api.gax.grpc.GaxGrpcProperties; +import com.google.api.gax.grpc.testing.LocalChannelProvider; +import com.google.api.gax.grpc.testing.MockGrpcService; +import com.google.api.gax.grpc.testing.MockServiceHelper; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.InvalidArgumentException; +import com.google.protobuf.AbstractMessage; +import com.google.protobuf.ByteString; +import io.grpc.StatusRuntimeException; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.UUID; +import javax.annotation.Generated; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +@Generated("by gapic-generator-java") +public class IAMPolicyClientTest { + private static MockServiceHelper mockServiceHelper; + private IAMPolicyClient client; + private static MockIAMPolicy mockIAMPolicy; + private LocalChannelProvider channelProvider; + + @BeforeClass + public static void startStaticServer() { + mockIAMPolicy = new MockIAMPolicy(); + mockServiceHelper = + new MockServiceHelper( + UUID.randomUUID().toString(), Arrays.asList(mockIAMPolicy)); + mockServiceHelper.start(); + } + + @AfterClass + public static void stopServer() { + mockServiceHelper.stop(); + } + + @Before + public void setUp() throws IOException { + mockServiceHelper.reset(); + channelProvider = mockServiceHelper.createChannelProvider(); + IAMPolicySettings settings = + IAMPolicySettings.newBuilder() + .setTransportChannelProvider(channelProvider) + .setCredentialsProvider(NoCredentialsProvider.create()) + .build(); + client = IAMPolicyClient.create(settings); + } + + @After + public void tearDown() throws Exception { + client.close(); + } + + @Test + public void setIamPolicyTest() throws Exception { + Policy expectedResponse = + Policy.newBuilder() + .setVersion(351608024) + .addAllBindings(new ArrayList()) + .setEtag(ByteString.EMPTY) + .build(); + mockIAMPolicy.addResponse(expectedResponse); + + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() + .setResource("SetIamPolicyRequest1223629066".toString()) + .setPolicy(Policy.newBuilder().build()) + .build(); + + Policy actualResponse = client.setIamPolicy(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + SetIamPolicyRequest actualRequest = ((SetIamPolicyRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getPolicy(), actualRequest.getPolicy()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void setIamPolicyExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + SetIamPolicyRequest request = + SetIamPolicyRequest.newBuilder() + .setResource("SetIamPolicyRequest1223629066".toString()) + .setPolicy(Policy.newBuilder().build()) + .build(); + client.setIamPolicy(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } + + @Test + public void getIamPolicyTest() throws Exception { + Policy expectedResponse = + Policy.newBuilder() + .setVersion(351608024) + .addAllBindings(new ArrayList()) + .setEtag(ByteString.EMPTY) + .build(); + mockIAMPolicy.addResponse(expectedResponse); + + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() + .setResource("GetIamPolicyRequest-1527610370".toString()) + .setOptions(GetPolicyOptions.newBuilder().build()) + .build(); + + Policy actualResponse = client.getIamPolicy(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + GetIamPolicyRequest actualRequest = ((GetIamPolicyRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getOptions(), actualRequest.getOptions()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void getIamPolicyExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + GetIamPolicyRequest request = + GetIamPolicyRequest.newBuilder() + .setResource("GetIamPolicyRequest-1527610370".toString()) + .setOptions(GetPolicyOptions.newBuilder().build()) + .build(); + client.getIamPolicy(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } + + @Test + public void testIamPermissionsTest() throws Exception { + TestIamPermissionsResponse expectedResponse = + TestIamPermissionsResponse.newBuilder().addAllPermissions(new ArrayList()).build(); + mockIAMPolicy.addResponse(expectedResponse); + + TestIamPermissionsRequest request = + TestIamPermissionsRequest.newBuilder() + .setResource("TestIamPermissionsRequest942398222".toString()) + .addAllPermissions(new ArrayList()) + .build(); + + TestIamPermissionsResponse actualResponse = client.testIamPermissions(request); + Assert.assertEquals(expectedResponse, actualResponse); + + List actualRequests = mockIAMPolicy.getRequests(); + Assert.assertEquals(1, actualRequests.size()); + TestIamPermissionsRequest actualRequest = ((TestIamPermissionsRequest) actualRequests.get(0)); + + Assert.assertEquals(request.getResource(), actualRequest.getResource()); + Assert.assertEquals(request.getPermissionsList(), actualRequest.getPermissionsList()); + Assert.assertTrue( + channelProvider.isHeaderSent( + ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), + GaxGrpcProperties.getDefaultApiClientHeaderPattern())); + } + + @Test + public void testIamPermissionsExceptionTest() throws Exception { + StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT); + mockIAMPolicy.addException(exception); + + try { + TestIamPermissionsRequest request = + TestIamPermissionsRequest.newBuilder() + .setResource("TestIamPermissionsRequest942398222".toString()) + .addAllPermissions(new ArrayList()) + .build(); + client.testIamPermissions(request); + Assert.fail("No exception raised"); + } catch (InvalidArgumentException e) { + // Expected exception. + } + } +} diff --git a/test/integration/goldens/iam/IAMPolicySettings.java b/test/integration/goldens/iam/IAMPolicySettings.java new file mode 100644 index 0000000000..b190fa6b2f --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicySettings.java @@ -0,0 +1,203 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.ApiFunction; +import com.google.api.core.BetaApi; +import com.google.api.gax.core.GoogleCredentialsProvider; +import com.google.api.gax.core.InstantiatingExecutorProvider; +import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.ClientSettings; +import com.google.api.gax.rpc.StubSettings; +import com.google.api.gax.rpc.TransportChannelProvider; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.iam.v1.stub.IAMPolicyStubSettings; +import java.io.IOException; +import java.util.List; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Settings class to configure an instance of {@link IAMPolicyClient}. + * + *

The default instance has everything set to sensible defaults: + * + *

    + *
  • The default service address (iam-meta-api.googleapis.com) and default port (443) are used. + *
  • Credentials are acquired automatically through Application Default Credentials. + *
  • Retries are configured for idempotent methods but not for non-idempotent methods. + *
+ * + *

The builder of this class is recursive, so contained classes are themselves builders. When + * build() is called, the tree of builders is called to create the complete settings object. + * + *

For example, to set the total timeout of setIamPolicy to 30 seconds: + * + * 

{@code
+ * IAMPolicySettings.Builder iAMPolicySettingsBuilder = IAMPolicySettings.newBuilder();
+ * iAMPolicySettingsBuilder
+ *     .setIamPolicySettings()
+ *     .setRetrySettings(
+ *         iAMPolicySettingsBuilder
+ *             .setIamPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * IAMPolicySettings iAMPolicySettings = iAMPolicySettingsBuilder.build();
+ * }
+ */ +@Generated("by gapic-generator-java") +public class IAMPolicySettings extends ClientSettings { + + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return ((IAMPolicyStubSettings) getStubSettings()).setIamPolicySettings(); + } + + /** Returns the object with the settings used for calls to getIamPolicy. */ + public UnaryCallSettings getIamPolicySettings() { + return ((IAMPolicyStubSettings) getStubSettings()).getIamPolicySettings(); + } + + /** Returns the object with the settings used for calls to testIamPermissions. */ + public UnaryCallSettings + testIamPermissionsSettings() { + return ((IAMPolicyStubSettings) getStubSettings()).testIamPermissionsSettings(); + } + + public static final IAMPolicySettings create(IAMPolicyStubSettings stub) throws IOException { + return new IAMPolicySettings.Builder(stub.toBuilder()).build(); + } + + /** Returns a builder for the default ExecutorProvider for this service. */ + public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() { + return IAMPolicyStubSettings.defaultExecutorProviderBuilder(); + } + + /** Returns the default service endpoint. */ + public static String getDefaultEndpoint() { + return IAMPolicyStubSettings.getDefaultEndpoint(); + } + + /** Returns the default service scopes. */ + public static List getDefaultServiceScopes() { + return IAMPolicyStubSettings.getDefaultServiceScopes(); + } + + /** Returns a builder for the default credentials for this service. */ + public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() { + return IAMPolicyStubSettings.defaultCredentialsProviderBuilder(); + } + + /** Returns a builder for the default ChannelProvider for this service. */ + public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() { + return IAMPolicyStubSettings.defaultGrpcTransportProviderBuilder(); + } + + public static TransportChannelProvider defaultTransportChannelProvider() { + return IAMPolicyStubSettings.defaultTransportChannelProvider(); + } + + @BetaApi("The surface for customizing headers is not stable yet and may change in the future.") + public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() { + return IAMPolicyStubSettings.defaultApiClientHeaderProviderBuilder(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder() { + return Builder.createDefault(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder(ClientContext clientContext) { + return new Builder(clientContext); + } + + /** Returns a builder containing all the values of this settings class. */ + public Builder toBuilder() { + return new Builder(this); + } + + protected IAMPolicySettings(Builder settingsBuilder) throws IOException { + super(settingsBuilder); + } + + /** Builder for IAMPolicySettings. */ + public static class Builder extends ClientSettings.Builder { + + protected Builder() throws IOException { + this(((ClientContext) null)); + } + + protected Builder(ClientContext clientContext) { + super(IAMPolicyStubSettings.newBuilder(clientContext)); + } + + protected Builder(IAMPolicySettings settings) { + super(settings.getStubSettings().toBuilder()); + } + + protected Builder(IAMPolicyStubSettings.Builder stubSettings) { + super(stubSettings); + } + + private static Builder createDefault() { + return new Builder(IAMPolicyStubSettings.newBuilder()); + } + + public IAMPolicyStubSettings.Builder getStubSettingsBuilder() { + return ((IAMPolicyStubSettings.Builder) getStubSettings()); + } + + // NEXT_MAJOR_VER: remove 'throws Exception'. + /** + * Applies the given settings updater function to all of the unary API methods in this service. + * + *

Note: This method does not support applying settings to streaming methods. + */ + public Builder applyToAllUnaryMethods( + ApiFunction, Void> settingsUpdater) throws Exception { + super.applyToAllUnaryMethods( + getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater); + return this; + } + + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return getStubSettingsBuilder().setIamPolicySettings(); + } + + /** Returns the builder for the settings used for calls to getIamPolicy. */ + public UnaryCallSettings.Builder getIamPolicySettings() { + return getStubSettingsBuilder().getIamPolicySettings(); + } + + /** Returns the builder for the settings used for calls to testIamPermissions. */ + public UnaryCallSettings.Builder + testIamPermissionsSettings() { + return getStubSettingsBuilder().testIamPermissionsSettings(); + } + + @Override + public IAMPolicySettings build() throws IOException { + return new IAMPolicySettings(this); + } + } +} diff --git a/test/integration/goldens/iam/IAMPolicyStub.java b/test/integration/goldens/iam/IAMPolicyStub.java new file mode 100644 index 0000000000..6cfd45226b --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyStub.java @@ -0,0 +1,52 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.gax.core.BackgroundResource; +import com.google.api.gax.rpc.UnaryCallable; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import javax.annotation.Generated; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Base stub class for the IAMPolicy service API. + * + *

This class is for advanced usage and reflects the underlying API directly. + */ +@Generated("by gapic-generator-java") +public abstract class IAMPolicyStub implements BackgroundResource { + + public UnaryCallable setIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: setIamPolicyCallable()"); + } + + public UnaryCallable getIamPolicyCallable() { + throw new UnsupportedOperationException("Not implemented: getIamPolicyCallable()"); + } + + public UnaryCallable + testIamPermissionsCallable() { + throw new UnsupportedOperationException("Not implemented: testIamPermissionsCallable()"); + } + + @Override + public abstract void close(); +} diff --git a/test/integration/goldens/iam/IAMPolicyStubSettings.java b/test/integration/goldens/iam/IAMPolicyStubSettings.java new file mode 100644 index 0000000000..51fd4491d6 --- /dev/null +++ b/test/integration/goldens/iam/IAMPolicyStubSettings.java @@ -0,0 +1,313 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1.stub; + +import com.google.api.core.ApiFunction; +import com.google.api.core.BetaApi; +import com.google.api.gax.core.GaxProperties; +import com.google.api.gax.core.GoogleCredentialsProvider; +import com.google.api.gax.core.InstantiatingExecutorProvider; +import com.google.api.gax.grpc.GaxGrpcProperties; +import com.google.api.gax.grpc.GrpcTransportChannel; +import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider; +import com.google.api.gax.retrying.RetrySettings; +import com.google.api.gax.rpc.ApiClientHeaderProvider; +import com.google.api.gax.rpc.ClientContext; +import com.google.api.gax.rpc.StatusCode; +import com.google.api.gax.rpc.StubSettings; +import com.google.api.gax.rpc.TransportChannelProvider; +import com.google.api.gax.rpc.UnaryCallSettings; +import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Lists; +import com.google.iam.v1.GetIamPolicyRequest; +import com.google.iam.v1.Policy; +import com.google.iam.v1.SetIamPolicyRequest; +import com.google.iam.v1.TestIamPermissionsRequest; +import com.google.iam.v1.TestIamPermissionsResponse; +import java.io.IOException; +import java.util.List; +import javax.annotation.Generated; +import org.threeten.bp.Duration; + +// AUTO-GENERATED DOCUMENTATION AND CLASS. +/** + * Settings class to configure an instance of {@link IAMPolicyStub}. + * + *

The default instance has everything set to sensible defaults: + * + *

    + *
  • The default service address (iam-meta-api.googleapis.com) and default port (443) are used. + *
  • Credentials are acquired automatically through Application Default Credentials. + *
  • Retries are configured for idempotent methods but not for non-idempotent methods. + *
+ * + *

The builder of this class is recursive, so contained classes are themselves builders. When + * build() is called, the tree of builders is called to create the complete settings object. + * + *

For example, to set the total timeout of setIamPolicy to 30 seconds: + * + * 

{@code
+ * IAMPolicyStubSettings.Builder iAMPolicySettingsBuilder = IAMPolicyStubSettings.newBuilder();
+ * iAMPolicySettingsBuilder
+ *     .setIamPolicySettings()
+ *     .setRetrySettings(
+ *         iAMPolicySettingsBuilder
+ *             .setIamPolicySettings()
+ *             .getRetrySettings()
+ *             .toBuilder()
+ *             .setTotalTimeout(Duration.ofSeconds(30))
+ *             .build());
+ * IAMPolicyStubSettings iAMPolicySettings = iAMPolicySettingsBuilder.build();
+ * }
+ */ +@Generated("by gapic-generator-java") +public class IAMPolicyStubSettings extends StubSettings { + /** The default scopes of the service. */ + private static final ImmutableList DEFAULT_SERVICE_SCOPES = + ImmutableList.builder().build(); + + private final UnaryCallSettings setIamPolicySettings; + private final UnaryCallSettings getIamPolicySettings; + private final UnaryCallSettings + testIamPermissionsSettings; + + /** Returns the object with the settings used for calls to setIamPolicy. */ + public UnaryCallSettings setIamPolicySettings() { + return setIamPolicySettings; + } + + /** Returns the object with the settings used for calls to getIamPolicy. */ + public UnaryCallSettings getIamPolicySettings() { + return getIamPolicySettings; + } + + /** Returns the object with the settings used for calls to testIamPermissions. */ + public UnaryCallSettings + testIamPermissionsSettings() { + return testIamPermissionsSettings; + } + + @BetaApi("A restructuring of stub classes is planned, so this may break in the future") + public IAMPolicyStub createStub() throws IOException { + if (getTransportChannelProvider() + .getTransportName() + .equals(GrpcTransportChannel.getGrpcTransportName())) { + return GrpcIAMPolicyStub.create(this); + } + throw new UnsupportedOperationException( + String.format( + "Transport not supported: %s", getTransportChannelProvider().getTransportName())); + } + + /** Returns a builder for the default ExecutorProvider for this service. */ + public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() { + return InstantiatingExecutorProvider.newBuilder(); + } + + /** Returns the default service endpoint. */ + public static String getDefaultEndpoint() { + return "iam-meta-api.googleapis.com:443"; + } + + /** Returns the default service scopes. */ + public static List getDefaultServiceScopes() { + return DEFAULT_SERVICE_SCOPES; + } + + /** Returns a builder for the default credentials for this service. */ + public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() { + return GoogleCredentialsProvider.newBuilder().setScopesToApply(DEFAULT_SERVICE_SCOPES); + } + + /** Returns a builder for the default ChannelProvider for this service. */ + public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() { + return InstantiatingGrpcChannelProvider.newBuilder() + .setMaxInboundMessageSize(Integer.MAX_VALUE); + } + + public static TransportChannelProvider defaultTransportChannelProvider() { + return defaultGrpcTransportProviderBuilder().build(); + } + + @BetaApi("The surface for customizing headers is not stable yet and may change in the future.") + public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() { + return ApiClientHeaderProvider.newBuilder() + .setGeneratedLibToken("gapic", GaxProperties.getLibraryVersion(IAMPolicyStubSettings.class)) + .setTransportToken( + GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion()); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder() { + return Builder.createDefault(); + } + + /** Returns a new builder for this class. */ + public static Builder newBuilder(ClientContext clientContext) { + return new Builder(clientContext); + } + + /** Returns a builder containing all the values of this settings class. */ + public Builder toBuilder() { + return new Builder(this); + } + + protected IAMPolicyStubSettings(Builder settingsBuilder) throws IOException { + super(settingsBuilder); + + setIamPolicySettings = settingsBuilder.setIamPolicySettings().build(); + getIamPolicySettings = settingsBuilder.getIamPolicySettings().build(); + testIamPermissionsSettings = settingsBuilder.testIamPermissionsSettings().build(); + } + + /** Builder for IAMPolicyStubSettings. */ + public static class Builder extends StubSettings.Builder { + private final ImmutableList> unaryMethodSettingsBuilders; + private final UnaryCallSettings.Builder setIamPolicySettings; + private final UnaryCallSettings.Builder getIamPolicySettings; + private final UnaryCallSettings.Builder + testIamPermissionsSettings; + private static final ImmutableMap> + RETRYABLE_CODE_DEFINITIONS; + + static { + ImmutableMap.Builder> definitions = + ImmutableMap.builder(); + definitions.put( + "retry_policy_0_codes", + ImmutableSet.copyOf(Lists.newArrayList(StatusCode.Code.UNAVAILABLE))); + RETRYABLE_CODE_DEFINITIONS = definitions.build(); + } + + private static final ImmutableMap RETRY_PARAM_DEFINITIONS; + + static { + ImmutableMap.Builder definitions = ImmutableMap.builder(); + RetrySettings settings = null; + settings = + RetrySettings.newBuilder() + .setInitialRetryDelay(Duration.ofMillis(500L)) + .setRetryDelayMultiplier(2.0) + .setMaxRetryDelay(Duration.ofMillis(10000L)) + .setInitialRpcTimeout(Duration.ofMillis(10000L)) + .setRpcTimeoutMultiplier(1.0) + .setMaxRpcTimeout(Duration.ofMillis(10000L)) + .setTotalTimeout(Duration.ofMillis(10000L)) + .build(); + definitions.put("retry_policy_0_params", settings); + RETRY_PARAM_DEFINITIONS = definitions.build(); + } + + protected Builder() { + this(((ClientContext) null)); + } + + protected Builder(ClientContext clientContext) { + super(clientContext); + + setIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + getIamPolicySettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + testIamPermissionsSettings = UnaryCallSettings.newUnaryCallSettingsBuilder(); + + unaryMethodSettingsBuilders = + ImmutableList.>of( + setIamPolicySettings, getIamPolicySettings, testIamPermissionsSettings); + initDefaults(this); + } + + protected Builder(IAMPolicyStubSettings settings) { + super(settings); + + setIamPolicySettings = settings.setIamPolicySettings.toBuilder(); + getIamPolicySettings = settings.getIamPolicySettings.toBuilder(); + testIamPermissionsSettings = settings.testIamPermissionsSettings.toBuilder(); + + unaryMethodSettingsBuilders = + ImmutableList.>of( + setIamPolicySettings, getIamPolicySettings, testIamPermissionsSettings); + } + + private static Builder createDefault() { + Builder builder = new Builder(((ClientContext) null)); + + builder.setTransportChannelProvider(defaultTransportChannelProvider()); + builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build()); + builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build()); + builder.setEndpoint(getDefaultEndpoint()); + + return initDefaults(builder); + } + + private static Builder initDefaults(Builder builder) { + builder + .setIamPolicySettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + builder + .getIamPolicySettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + builder + .testIamPermissionsSettings() + .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("retry_policy_0_codes")) + .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("retry_policy_0_params")); + + return builder; + } + + // NEXT_MAJOR_VER: remove 'throws Exception'. + /** + * Applies the given settings updater function to all of the unary API methods in this service. + * + *

Note: This method does not support applying settings to streaming methods. + */ + public Builder applyToAllUnaryMethods( + ApiFunction, Void> settingsUpdater) throws Exception { + super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater); + return this; + } + + public ImmutableList> unaryMethodSettingsBuilders() { + return unaryMethodSettingsBuilders; + } + + /** Returns the builder for the settings used for calls to setIamPolicy. */ + public UnaryCallSettings.Builder setIamPolicySettings() { + return setIamPolicySettings; + } + + /** Returns the builder for the settings used for calls to getIamPolicy. */ + public UnaryCallSettings.Builder getIamPolicySettings() { + return getIamPolicySettings; + } + + /** Returns the builder for the settings used for calls to testIamPermissions. */ + public UnaryCallSettings.Builder + testIamPermissionsSettings() { + return testIamPermissionsSettings; + } + + @Override + public IAMPolicyStubSettings build() throws IOException { + return new IAMPolicyStubSettings(this); + } + } +} diff --git a/test/integration/goldens/iam/MockIAMPolicy.java b/test/integration/goldens/iam/MockIAMPolicy.java new file mode 100644 index 0000000000..b7ebc56b18 --- /dev/null +++ b/test/integration/goldens/iam/MockIAMPolicy.java @@ -0,0 +1,59 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.api.gax.grpc.testing.MockGrpcService; +import com.google.protobuf.AbstractMessage; +import io.grpc.ServerServiceDefinition; +import java.util.List; +import javax.annotation.Generated; + +@BetaApi +@Generated("by gapic-generator-java") +public class MockIAMPolicy implements MockGrpcService { + private final MockIAMPolicyImpl serviceImpl; + + public MockIAMPolicy() { + serviceImpl = new MockIAMPolicyImpl(); + } + + @Override + public List getRequests() { + return serviceImpl.getRequests(); + } + + @Override + public void addResponse(AbstractMessage response) { + serviceImpl.addResponse(response); + } + + @Override + public void addException(Exception exception) { + serviceImpl.addException(exception); + } + + @Override + public ServerServiceDefinition getServiceDefinition() { + return serviceImpl.bindService(); + } + + @Override + public void reset() { + serviceImpl.reset(); + } +} diff --git a/test/integration/goldens/iam/MockIAMPolicyImpl.java b/test/integration/goldens/iam/MockIAMPolicyImpl.java new file mode 100644 index 0000000000..920aec564d --- /dev/null +++ b/test/integration/goldens/iam/MockIAMPolicyImpl.java @@ -0,0 +1,122 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.google.iam.v1; + +import com.google.api.core.BetaApi; +import com.google.iam.v1.IAMPolicyGrpc.IAMPolicyImplBase; +import com.google.protobuf.AbstractMessage; +import io.grpc.stub.StreamObserver; +import java.util.ArrayList; +import java.util.LinkedList; +import java.util.List; +import java.util.Queue; +import javax.annotation.Generated; + +@BetaApi +@Generated("by gapic-generator-java") +public class MockIAMPolicyImpl extends IAMPolicyImplBase { + private List requests; + private Queue responses; + + public MockIAMPolicyImpl() { + requests = new ArrayList<>(); + responses = new LinkedList<>(); + } + + public List getRequests() { + return requests; + } + + public void addResponse(AbstractMessage response) { + responses.add(response); + } + + public void setResponses(List responses) { + this.responses = new LinkedList(responses); + } + + public void addException(Exception exception) { + responses.add(exception); + } + + public void reset() { + requests = new ArrayList<>(); + responses = new LinkedList<>(); + } + + @Override + public void setIamPolicy(SetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method SetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } + + @Override + public void getIamPolicy(GetIamPolicyRequest request, StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof Policy) { + requests.add(request); + responseObserver.onNext(((Policy) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method GetIamPolicy, expected %s or %s", + response.getClass().getName(), + Policy.class.getName(), + Exception.class.getName()))); + } + } + + @Override + public void testIamPermissions( + TestIamPermissionsRequest request, + StreamObserver responseObserver) { + Object response = responses.remove(); + if (response instanceof TestIamPermissionsResponse) { + requests.add(request); + responseObserver.onNext(((TestIamPermissionsResponse) response)); + responseObserver.onCompleted(); + } else if (response instanceof Exception) { + responseObserver.onError(((Exception) response)); + } else { + responseObserver.onError( + new IllegalArgumentException( + String.format( + "Unrecognized response type %s for method TestIamPermissions, expected %s or %s", + response.getClass().getName(), + TestIamPermissionsResponse.class.getName(), + Exception.class.getName()))); + } + } +} diff --git a/test/integration/goldens/iam/PlaceholderFile.java b/test/integration/goldens/iam/PlaceholderFile.java new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/integration/goldens/iam/gapic_metadata.json b/test/integration/goldens/iam/gapic_metadata.json new file mode 100644 index 0000000000..7169270d1e --- /dev/null +++ b/test/integration/goldens/iam/gapic_metadata.json @@ -0,0 +1,27 @@ +{ + "schema": "1.0", + "comment": "This file maps proto services/RPCs to the corresponding library clients/methods", + "language": "java", + "protoPackage": "google.iam.v1", + "libraryPackage": "com.google.iam.v1", + "services": { + "IAMPolicy": { + "clients": { + "grpc": { + "libraryClient": "IAMPolicyClient", + "rpcs": { + "GetIamPolicy": { + "methods": ["getIamPolicy", "getIamPolicyCallable"] + }, + "SetIamPolicy": { + "methods": ["setIamPolicy", "setIamPolicyCallable"] + }, + "TestIamPermissions": { + "methods": ["testIamPermissions", "testIamPermissionsCallable"] + } + } + } + } + } + } +} \ No newline at end of file diff --git a/test/integration/goldens/iam/package-info.java b/test/integration/goldens/iam/package-info.java new file mode 100644 index 0000000000..45e257e56c --- /dev/null +++ b/test/integration/goldens/iam/package-info.java @@ -0,0 +1,61 @@ +/* + * Copyright 2020 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * The interfaces provided are listed below, along with usage samples. + * + *

======================= IAMPolicyClient ======================= + * + *

Service Description: ## API Overview + * + *

Manages Identity and Access Management (IAM) policies. + * + *

Any implementation of an API that offers access control features implements the + * google.iam.v1.IAMPolicy interface. + * + *

## Data model + * + *

Access control is applied when a principal (user or service account), takes some action on a + * resource exposed by a service. Resources, identified by URI-like names, are the unit of access + * control specification. Service implementations can choose the granularity of access control and + * the supported permissions for their resources. For example one database service may allow access + * control to be specified only at the Table level, whereas another might allow access control to + * also be specified at the Column level. + * + *

## Policy Structure + * + *

See google.iam.v1.Policy + * + *

This is intentionally not a CRUD style API because access control policies are created and + * deleted implicitly with the resources to which they are attached. + * + *

Sample for IAMPolicyClient: + * + * 

{@code
+ * try (IAMPolicyClient iAMPolicyClient = IAMPolicyClient.create()) {
+ *   SetIamPolicyRequest request =
+ *       SetIamPolicyRequest.newBuilder()
+ *           .setResource("SetIamPolicyRequest1223629066".toString())
+ *           .setPolicy(Policy.newBuilder().build())
+ *           .build();
+ *   Policy response = iAMPolicyClient.setIamPolicy(request);
+ * }
+ * }
+ */ +@Generated("by gapic-generator-java") +package com.google.iam.v1; + +import javax.annotation.Generated; diff --git a/test/integration/iam_grpc_service_config.json b/test/integration/iam_grpc_service_config.json new file mode 100644 index 0000000000..caed5be6bb --- /dev/null +++ b/test/integration/iam_grpc_service_config.json @@ -0,0 +1,21 @@ +{ + "methodConfig": [ + { + "name": [ + { + "service": "google.iam.v1.IAMPolicy" + } + ], + "timeout": "10s", + "retryPolicy": { + "maxAttempts": 5, + "initialBackoff": "0.5s", + "maxBackoff": "10s", + "backoffMultiplier": 2.0, + "retryableStatusCodes": [ + "UNAVAILABLE" + ] + } + } + ] +} From 5e78ce9023bbdab8b0167e9c7e334df8ef753222 Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Wed, 3 Mar 2021 01:04:52 -0800 Subject: [PATCH 5/7] fix(build): Add build files and CI --- .github/workflows/ci.yaml | 2 +- test/integration/BUILD.bazel | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9222c3e454..28863d218b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -49,7 +49,7 @@ jobs: run: bazel --batch test $(bazel query "//src/test/..." | grep "Test$") --noshow_progress - name: Integration Tests - run: bazel --batch test //test/integration:asset //test/integration:credentials //test/integration:kms //test/integration:logging //test/integration:redis //test/integration:library --noshow_progress + run: bazel --batch test //test/integration:asset //test/integration:credentials //test/integration:iam //test/integration:kms //test/integration:logging //test/integration:redis //test/integration:library --noshow_progress - uses: actions/upload-artifact@v2 if: ${{ failure() }} diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 70fa0d8b2c..f64f078f5b 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -5,6 +5,7 @@ load( "java_gapic_test", "java_grpc_library", "java_proto_library", + "proto_library_with_info", ) load( "//:rules_bazel/java/integration_test.bzl", @@ -12,6 +13,9 @@ load( "integration_test", ) +# KMS (for mixins). +load("@rules_proto//proto:defs.bzl", "proto_library") + package(default_visibility = ["//visibility:public"]) #################################################### @@ -189,10 +193,6 @@ java_gapic_assembly_gradle_pkg( ], ) -# KMS (for mixins). -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - proto_library( name = "kms_proto", srcs = [ From ed1534ea570c4ee7c2a393a1a84beffc6b51e874 Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Wed, 3 Mar 2021 01:05:22 -0800 Subject: [PATCH 6/7] chore: release 1.0.1 Release-As: 1.0.1 From d51723ca5e23ef98070ec14871ee2ab8637f35fc Mon Sep 17 00:00:00 2001 From: Mira Leung Date: Wed, 3 Mar 2021 11:47:46 -0800 Subject: [PATCH 7/7] fix: don't check license for blank files --- .githooks/pre-commit | 2 +- .github/workflows/ci.yaml | 2 +- .../google/api/generator/gapic/composer/constants/BUILD.bazel | 2 ++ .../api/generator/gapic/composer/defaultvalue/BUILD.bazel | 2 +- .../api/generator/gapic/composer/resourcename/BUILD.bazel | 2 +- test/integration/BUILD.bazel | 4 ---- 6 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.githooks/pre-commit b/.githooks/pre-commit index 04b029dee6..b6829aa65c 100755 --- a/.githooks/pre-commit +++ b/.githooks/pre-commit @@ -134,7 +134,7 @@ if [ $NUM_JAVA_FILES_CHANGED -gt 0 ] then echo_status "Checking Apache License Header ..." header_check_preparation - addlicense -c "Google LLC" -l apache -check $(find $PWD -type f -name '*.java') + addlicense -c "Google LLC" -l apache -check $(find $PWD -type f -name '*.java' ! -iname '*PlaceholderFile.java') CHECK_STATUS=$? if [ $CHECK_STATUS != 0 ] then diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 28863d218b..33b7738029 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -90,5 +90,5 @@ jobs: - name: License Header Check run: | go get -u github.com/google/addlicense - addlicense -c "Google LLC" -l apache -check $(find $PWD -type f -name '*.java') + addlicense -c "Google LLC" -l apache -check $(find $PWD -type f -name '*.java' ! -iname '*PlaceholderFile.java') diff --git a/src/test/java/com/google/api/generator/gapic/composer/constants/BUILD.bazel b/src/test/java/com/google/api/generator/gapic/composer/constants/BUILD.bazel index d77098ae19..c83471c30b 100644 --- a/src/test/java/com/google/api/generator/gapic/composer/constants/BUILD.bazel +++ b/src/test/java/com/google/api/generator/gapic/composer/constants/BUILD.bazel @@ -1,3 +1,5 @@ +load("@rules_java//java:defs.bzl", "java_binary") + package(default_visibility = ["//visibility:public"]) filegroup( diff --git a/src/test/java/com/google/api/generator/gapic/composer/defaultvalue/BUILD.bazel b/src/test/java/com/google/api/generator/gapic/composer/defaultvalue/BUILD.bazel index dd73c0bef7..c14999e877 100644 --- a/src/test/java/com/google/api/generator/gapic/composer/defaultvalue/BUILD.bazel +++ b/src/test/java/com/google/api/generator/gapic/composer/defaultvalue/BUILD.bazel @@ -1,4 +1,4 @@ -load("@rules_java//java:defs.bzl", "java_test") +load("@rules_java//java:defs.bzl", "java_proto_library", "java_test") package(default_visibility = ["//visibility:public"]) diff --git a/src/test/java/com/google/api/generator/gapic/composer/resourcename/BUILD.bazel b/src/test/java/com/google/api/generator/gapic/composer/resourcename/BUILD.bazel index 16db1b17b0..17b37c640b 100644 --- a/src/test/java/com/google/api/generator/gapic/composer/resourcename/BUILD.bazel +++ b/src/test/java/com/google/api/generator/gapic/composer/resourcename/BUILD.bazel @@ -1,4 +1,4 @@ -load("@rules_java//java:defs.bzl", "java_test") +load("@rules_java//java:defs.bzl", "java_proto_library", "java_test") package(default_visibility = ["//visibility:public"]) diff --git a/test/integration/BUILD.bazel b/test/integration/BUILD.bazel index 603ff7671e..f64f078f5b 100644 --- a/test/integration/BUILD.bazel +++ b/test/integration/BUILD.bazel @@ -193,10 +193,6 @@ java_gapic_assembly_gradle_pkg( ], ) -# KMS (for mixins). -load("@rules_proto//proto:defs.bzl", "proto_library") -load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info") - proto_library( name = "kms_proto", srcs = [