1// Copyright 2019 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// https://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// Code generated by gapic-generator. DO NOT EDIT. 16 17package kms 18 19import ( 20 "context" 21 "fmt" 22 "math" 23 "time" 24 25 "github.com/golang/protobuf/proto" 26 gax "github.com/googleapis/gax-go/v2" 27 "google.golang.org/api/iterator" 28 "google.golang.org/api/option" 29 "google.golang.org/api/transport" 30 kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" 31 "google.golang.org/grpc" 32 "google.golang.org/grpc/codes" 33 "google.golang.org/grpc/metadata" 34) 35 36// KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient. 37type KeyManagementCallOptions struct { 38 ListKeyRings []gax.CallOption 39 ListCryptoKeys []gax.CallOption 40 ListCryptoKeyVersions []gax.CallOption 41 GetKeyRing []gax.CallOption 42 GetCryptoKey []gax.CallOption 43 GetCryptoKeyVersion []gax.CallOption 44 CreateKeyRing []gax.CallOption 45 CreateCryptoKey []gax.CallOption 46 CreateCryptoKeyVersion []gax.CallOption 47 UpdateCryptoKey []gax.CallOption 48 UpdateCryptoKeyVersion []gax.CallOption 49 Encrypt []gax.CallOption 50 Decrypt []gax.CallOption 51 UpdateCryptoKeyPrimaryVersion []gax.CallOption 52 DestroyCryptoKeyVersion []gax.CallOption 53 RestoreCryptoKeyVersion []gax.CallOption 54 GetPublicKey []gax.CallOption 55 AsymmetricDecrypt []gax.CallOption 56 AsymmetricSign []gax.CallOption 57} 58 59func defaultKeyManagementClientOptions() []option.ClientOption { 60 return []option.ClientOption{ 61 option.WithEndpoint("cloudkms.googleapis.com:443"), 62 option.WithScopes(DefaultAuthScopes()...), 63 } 64} 65 66func defaultKeyManagementCallOptions() *KeyManagementCallOptions { 67 retry := map[[2]string][]gax.CallOption{ 68 {"default", "idempotent"}: { 69 gax.WithRetry(func() gax.Retryer { 70 return gax.OnCodes([]codes.Code{ 71 codes.Unavailable, 72 }, gax.Backoff{ 73 Initial: 100 * time.Millisecond, 74 Max: 60000 * time.Millisecond, 75 Multiplier: 1.3, 76 }) 77 }), 78 }, 79 } 80 return &KeyManagementCallOptions{ 81 ListKeyRings: retry[[2]string{"default", "idempotent"}], 82 ListCryptoKeys: retry[[2]string{"default", "idempotent"}], 83 ListCryptoKeyVersions: retry[[2]string{"default", "idempotent"}], 84 GetKeyRing: retry[[2]string{"default", "idempotent"}], 85 GetCryptoKey: retry[[2]string{"default", "idempotent"}], 86 GetCryptoKeyVersion: retry[[2]string{"default", "idempotent"}], 87 CreateKeyRing: retry[[2]string{"default", "non_idempotent"}], 88 CreateCryptoKey: retry[[2]string{"default", "non_idempotent"}], 89 CreateCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}], 90 UpdateCryptoKey: retry[[2]string{"default", "non_idempotent"}], 91 UpdateCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}], 92 Encrypt: retry[[2]string{"default", "idempotent"}], 93 Decrypt: retry[[2]string{"default", "idempotent"}], 94 UpdateCryptoKeyPrimaryVersion: retry[[2]string{"default", "non_idempotent"}], 95 DestroyCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}], 96 RestoreCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}], 97 GetPublicKey: retry[[2]string{"default", "idempotent"}], 98 AsymmetricDecrypt: retry[[2]string{"default", "idempotent"}], 99 AsymmetricSign: retry[[2]string{"default", "idempotent"}], 100 } 101} 102 103// KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API. 104// 105// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. 106type KeyManagementClient struct { 107 // The connection to the service. 108 conn *grpc.ClientConn 109 110 // The gRPC API client. 111 keyManagementClient kmspb.KeyManagementServiceClient 112 113 // The call options for this service. 114 CallOptions *KeyManagementCallOptions 115 116 // The x-goog-* metadata to be sent with each request. 117 xGoogMetadata metadata.MD 118} 119 120// NewKeyManagementClient creates a new key management service client. 121// 122// Google Cloud Key Management Service 123// 124// Manages cryptographic keys and operations using those keys. Implements a REST 125// model with the following objects: 126// 127// [KeyRing][google.cloud.kms.v1.KeyRing] 128// 129// [CryptoKey][google.cloud.kms.v1.CryptoKey] 130// 131// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 132// 133// If you are using manual gRPC libraries, see 134// Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc). 135func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error) { 136 conn, err := transport.DialGRPC(ctx, append(defaultKeyManagementClientOptions(), opts...)...) 137 if err != nil { 138 return nil, err 139 } 140 c := &KeyManagementClient{ 141 conn: conn, 142 CallOptions: defaultKeyManagementCallOptions(), 143 144 keyManagementClient: kmspb.NewKeyManagementServiceClient(conn), 145 } 146 c.setGoogleClientInfo() 147 return c, nil 148} 149 150// Connection returns the client's connection to the API service. 151func (c *KeyManagementClient) Connection() *grpc.ClientConn { 152 return c.conn 153} 154 155// Close closes the connection to the API service. The user should invoke this when 156// the client is no longer required. 157func (c *KeyManagementClient) Close() error { 158 return c.conn.Close() 159} 160 161// setGoogleClientInfo sets the name and version of the application in 162// the `x-goog-api-client` header passed on each request. Intended for 163// use by Google-written clients. 164func (c *KeyManagementClient) setGoogleClientInfo(keyval ...string) { 165 kv := append([]string{"gl-go", versionGo()}, keyval...) 166 kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version) 167 c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...)) 168} 169 170// ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing]. 171func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator { 172 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 173 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 174 opts = append(c.CallOptions.ListKeyRings[0:len(c.CallOptions.ListKeyRings):len(c.CallOptions.ListKeyRings)], opts...) 175 it := &KeyRingIterator{} 176 req = proto.Clone(req).(*kmspb.ListKeyRingsRequest) 177 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.KeyRing, string, error) { 178 var resp *kmspb.ListKeyRingsResponse 179 req.PageToken = pageToken 180 if pageSize > math.MaxInt32 { 181 req.PageSize = math.MaxInt32 182 } else { 183 req.PageSize = int32(pageSize) 184 } 185 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 186 var err error 187 resp, err = c.keyManagementClient.ListKeyRings(ctx, req, settings.GRPC...) 188 return err 189 }, opts...) 190 if err != nil { 191 return nil, "", err 192 } 193 return resp.KeyRings, resp.NextPageToken, nil 194 } 195 fetch := func(pageSize int, pageToken string) (string, error) { 196 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 197 if err != nil { 198 return "", err 199 } 200 it.items = append(it.items, items...) 201 return nextPageToken, nil 202 } 203 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 204 it.pageInfo.MaxSize = int(req.PageSize) 205 it.pageInfo.Token = req.PageToken 206 return it 207} 208 209// ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. 210func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator { 211 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 212 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 213 opts = append(c.CallOptions.ListCryptoKeys[0:len(c.CallOptions.ListCryptoKeys):len(c.CallOptions.ListCryptoKeys)], opts...) 214 it := &CryptoKeyIterator{} 215 req = proto.Clone(req).(*kmspb.ListCryptoKeysRequest) 216 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKey, string, error) { 217 var resp *kmspb.ListCryptoKeysResponse 218 req.PageToken = pageToken 219 if pageSize > math.MaxInt32 { 220 req.PageSize = math.MaxInt32 221 } else { 222 req.PageSize = int32(pageSize) 223 } 224 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 225 var err error 226 resp, err = c.keyManagementClient.ListCryptoKeys(ctx, req, settings.GRPC...) 227 return err 228 }, opts...) 229 if err != nil { 230 return nil, "", err 231 } 232 return resp.CryptoKeys, resp.NextPageToken, nil 233 } 234 fetch := func(pageSize int, pageToken string) (string, error) { 235 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 236 if err != nil { 237 return "", err 238 } 239 it.items = append(it.items, items...) 240 return nextPageToken, nil 241 } 242 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 243 it.pageInfo.MaxSize = int(req.PageSize) 244 it.pageInfo.Token = req.PageToken 245 return it 246} 247 248// ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. 249func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator { 250 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 251 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 252 opts = append(c.CallOptions.ListCryptoKeyVersions[0:len(c.CallOptions.ListCryptoKeyVersions):len(c.CallOptions.ListCryptoKeyVersions)], opts...) 253 it := &CryptoKeyVersionIterator{} 254 req = proto.Clone(req).(*kmspb.ListCryptoKeyVersionsRequest) 255 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKeyVersion, string, error) { 256 var resp *kmspb.ListCryptoKeyVersionsResponse 257 req.PageToken = pageToken 258 if pageSize > math.MaxInt32 { 259 req.PageSize = math.MaxInt32 260 } else { 261 req.PageSize = int32(pageSize) 262 } 263 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 264 var err error 265 resp, err = c.keyManagementClient.ListCryptoKeyVersions(ctx, req, settings.GRPC...) 266 return err 267 }, opts...) 268 if err != nil { 269 return nil, "", err 270 } 271 return resp.CryptoKeyVersions, resp.NextPageToken, nil 272 } 273 fetch := func(pageSize int, pageToken string) (string, error) { 274 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 275 if err != nil { 276 return "", err 277 } 278 it.items = append(it.items, items...) 279 return nextPageToken, nil 280 } 281 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 282 it.pageInfo.MaxSize = int(req.PageSize) 283 it.pageInfo.Token = req.PageToken 284 return it 285} 286 287// GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. 288func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) { 289 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 290 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 291 opts = append(c.CallOptions.GetKeyRing[0:len(c.CallOptions.GetKeyRing):len(c.CallOptions.GetKeyRing)], opts...) 292 var resp *kmspb.KeyRing 293 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 294 var err error 295 resp, err = c.keyManagementClient.GetKeyRing(ctx, req, settings.GRPC...) 296 return err 297 }, opts...) 298 if err != nil { 299 return nil, err 300 } 301 return resp, nil 302} 303 304// GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as 305// well as its [primary][google.cloud.kms.v1.CryptoKey.primary] 306// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 307func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 308 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 309 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 310 opts = append(c.CallOptions.GetCryptoKey[0:len(c.CallOptions.GetCryptoKey):len(c.CallOptions.GetCryptoKey)], opts...) 311 var resp *kmspb.CryptoKey 312 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 313 var err error 314 resp, err = c.keyManagementClient.GetCryptoKey(ctx, req, settings.GRPC...) 315 return err 316 }, opts...) 317 if err != nil { 318 return nil, err 319 } 320 return resp, nil 321} 322 323// GetCryptoKeyVersion returns metadata for a given 324// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 325func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 326 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 327 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 328 opts = append(c.CallOptions.GetCryptoKeyVersion[0:len(c.CallOptions.GetCryptoKeyVersion):len(c.CallOptions.GetCryptoKeyVersion)], opts...) 329 var resp *kmspb.CryptoKeyVersion 330 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 331 var err error 332 resp, err = c.keyManagementClient.GetCryptoKeyVersion(ctx, req, settings.GRPC...) 333 return err 334 }, opts...) 335 if err != nil { 336 return nil, err 337 } 338 return resp, nil 339} 340 341// CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and 342// Location. 343func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) { 344 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 345 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 346 opts = append(c.CallOptions.CreateKeyRing[0:len(c.CallOptions.CreateKeyRing):len(c.CallOptions.CreateKeyRing)], opts...) 347 var resp *kmspb.KeyRing 348 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 349 var err error 350 resp, err = c.keyManagementClient.CreateKeyRing(ctx, req, settings.GRPC...) 351 return err 352 }, opts...) 353 if err != nil { 354 return nil, err 355 } 356 return resp, nil 357} 358 359// CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a 360// [KeyRing][google.cloud.kms.v1.KeyRing]. 361// 362// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and 363// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] 364// are required. 365func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 366 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 367 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 368 opts = append(c.CallOptions.CreateCryptoKey[0:len(c.CallOptions.CreateCryptoKey):len(c.CallOptions.CreateCryptoKey)], opts...) 369 var resp *kmspb.CryptoKey 370 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 371 var err error 372 resp, err = c.keyManagementClient.CreateCryptoKey(ctx, req, settings.GRPC...) 373 return err 374 }, opts...) 375 if err != nil { 376 return nil, err 377 } 378 return resp, nil 379} 380 381// CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a 382// [CryptoKey][google.cloud.kms.v1.CryptoKey]. 383// 384// The server will assign the next sequential id. If unset, 385// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 386// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. 387func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 388 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent())) 389 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 390 opts = append(c.CallOptions.CreateCryptoKeyVersion[0:len(c.CallOptions.CreateCryptoKeyVersion):len(c.CallOptions.CreateCryptoKeyVersion)], opts...) 391 var resp *kmspb.CryptoKeyVersion 392 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 393 var err error 394 resp, err = c.keyManagementClient.CreateCryptoKeyVersion(ctx, req, settings.GRPC...) 395 return err 396 }, opts...) 397 if err != nil { 398 return nil, err 399 } 400 return resp, nil 401} 402 403// UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. 404func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 405 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", req.GetCryptoKey().GetName())) 406 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 407 opts = append(c.CallOptions.UpdateCryptoKey[0:len(c.CallOptions.UpdateCryptoKey):len(c.CallOptions.UpdateCryptoKey)], opts...) 408 var resp *kmspb.CryptoKey 409 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 410 var err error 411 resp, err = c.keyManagementClient.UpdateCryptoKey(ctx, req, settings.GRPC...) 412 return err 413 }, opts...) 414 if err != nil { 415 return nil, err 416 } 417 return resp, nil 418} 419 420// UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s 421// metadata. 422// 423// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between 424// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] 425// and 426// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] 427// using this method. See 428// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] 429// and 430// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] 431// to move between other states. 432func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 433 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", req.GetCryptoKeyVersion().GetName())) 434 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 435 opts = append(c.CallOptions.UpdateCryptoKeyVersion[0:len(c.CallOptions.UpdateCryptoKeyVersion):len(c.CallOptions.UpdateCryptoKeyVersion)], opts...) 436 var resp *kmspb.CryptoKeyVersion 437 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 438 var err error 439 resp, err = c.keyManagementClient.UpdateCryptoKeyVersion(ctx, req, settings.GRPC...) 440 return err 441 }, opts...) 442 if err != nil { 443 return nil, err 444 } 445 return resp, nil 446} 447 448// Encrypt encrypts data, so that it can only be recovered by a call to 449// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The 450// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 451// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 452func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) { 453 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 454 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 455 opts = append(c.CallOptions.Encrypt[0:len(c.CallOptions.Encrypt):len(c.CallOptions.Encrypt)], opts...) 456 var resp *kmspb.EncryptResponse 457 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 458 var err error 459 resp, err = c.keyManagementClient.Encrypt(ctx, req, settings.GRPC...) 460 return err 461 }, opts...) 462 if err != nil { 463 return nil, err 464 } 465 return resp, nil 466} 467 468// Decrypt decrypts data that was protected by 469// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The 470// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 471// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 472func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) { 473 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 474 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 475 opts = append(c.CallOptions.Decrypt[0:len(c.CallOptions.Decrypt):len(c.CallOptions.Decrypt)], opts...) 476 var resp *kmspb.DecryptResponse 477 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 478 var err error 479 resp, err = c.keyManagementClient.Decrypt(ctx, req, settings.GRPC...) 480 return err 481 }, opts...) 482 if err != nil { 483 return nil, err 484 } 485 return resp, nil 486} 487 488// UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that 489// will be used in 490// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. 491// 492// Returns an error if called on an asymmetric key. 493func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 494 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 495 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 496 opts = append(c.CallOptions.UpdateCryptoKeyPrimaryVersion[0:len(c.CallOptions.UpdateCryptoKeyPrimaryVersion):len(c.CallOptions.UpdateCryptoKeyPrimaryVersion)], opts...) 497 var resp *kmspb.CryptoKey 498 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 499 var err error 500 resp, err = c.keyManagementClient.UpdateCryptoKeyPrimaryVersion(ctx, req, settings.GRPC...) 501 return err 502 }, opts...) 503 if err != nil { 504 return nil, err 505 } 506 return resp, nil 507} 508 509// DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for 510// destruction. 511// 512// Upon calling this method, 513// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will 514// be set to 515// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] 516// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will 517// be set to a time 24 hours in the future, at which point the 518// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to 519// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], 520// and the key material will be irrevocably destroyed. 521// 522// Before the 523// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is 524// reached, 525// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] 526// may be called to reverse the process. 527func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 528 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 529 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 530 opts = append(c.CallOptions.DestroyCryptoKeyVersion[0:len(c.CallOptions.DestroyCryptoKeyVersion):len(c.CallOptions.DestroyCryptoKeyVersion)], opts...) 531 var resp *kmspb.CryptoKeyVersion 532 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 533 var err error 534 resp, err = c.keyManagementClient.DestroyCryptoKeyVersion(ctx, req, settings.GRPC...) 535 return err 536 }, opts...) 537 if err != nil { 538 return nil, err 539 } 540 return resp, nil 541} 542 543// RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the 544// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] 545// state. 546// 547// Upon restoration of the CryptoKeyVersion, 548// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 549// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], 550// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will 551// be cleared. 552func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 553 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 554 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 555 opts = append(c.CallOptions.RestoreCryptoKeyVersion[0:len(c.CallOptions.RestoreCryptoKeyVersion):len(c.CallOptions.RestoreCryptoKeyVersion)], opts...) 556 var resp *kmspb.CryptoKeyVersion 557 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 558 var err error 559 resp, err = c.keyManagementClient.RestoreCryptoKeyVersion(ctx, req, settings.GRPC...) 560 return err 561 }, opts...) 562 if err != nil { 563 return nil, err 564 } 565 return resp, nil 566} 567 568// GetPublicKey returns the public key for the given 569// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The 570// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 571// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] 572// or 573// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. 574func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) { 575 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 576 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 577 opts = append(c.CallOptions.GetPublicKey[0:len(c.CallOptions.GetPublicKey):len(c.CallOptions.GetPublicKey)], opts...) 578 var resp *kmspb.PublicKey 579 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 580 var err error 581 resp, err = c.keyManagementClient.GetPublicKey(ctx, req, settings.GRPC...) 582 return err 583 }, opts...) 584 if err != nil { 585 return nil, err 586 } 587 return resp, nil 588} 589 590// AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from 591// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] 592// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 593// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 594// ASYMMETRIC_DECRYPT. 595func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) { 596 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 597 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 598 opts = append(c.CallOptions.AsymmetricDecrypt[0:len(c.CallOptions.AsymmetricDecrypt):len(c.CallOptions.AsymmetricDecrypt)], opts...) 599 var resp *kmspb.AsymmetricDecryptResponse 600 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 601 var err error 602 resp, err = c.keyManagementClient.AsymmetricDecrypt(ctx, req, settings.GRPC...) 603 return err 604 }, opts...) 605 if err != nil { 606 return nil, err 607 } 608 return resp, nil 609} 610 611// AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 612// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 613// ASYMMETRIC_SIGN, producing a signature that can be verified with the public 614// key retrieved from 615// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. 616func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) { 617 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName())) 618 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 619 opts = append(c.CallOptions.AsymmetricSign[0:len(c.CallOptions.AsymmetricSign):len(c.CallOptions.AsymmetricSign)], opts...) 620 var resp *kmspb.AsymmetricSignResponse 621 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 622 var err error 623 resp, err = c.keyManagementClient.AsymmetricSign(ctx, req, settings.GRPC...) 624 return err 625 }, opts...) 626 if err != nil { 627 return nil, err 628 } 629 return resp, nil 630} 631 632// CryptoKeyIterator manages a stream of *kmspb.CryptoKey. 633type CryptoKeyIterator struct { 634 items []*kmspb.CryptoKey 635 pageInfo *iterator.PageInfo 636 nextFunc func() error 637 638 // InternalFetch is for use by the Google Cloud Libraries only. 639 // It is not part of the stable interface of this package. 640 // 641 // InternalFetch returns results from a single call to the underlying RPC. 642 // The number of results is no greater than pageSize. 643 // If there are no more results, nextPageToken is empty and err is nil. 644 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error) 645} 646 647// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 648func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo { 649 return it.pageInfo 650} 651 652// Next returns the next result. Its second return value is iterator.Done if there are no more 653// results. Once Next returns Done, all subsequent calls will return Done. 654func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error) { 655 var item *kmspb.CryptoKey 656 if err := it.nextFunc(); err != nil { 657 return item, err 658 } 659 item = it.items[0] 660 it.items = it.items[1:] 661 return item, nil 662} 663 664func (it *CryptoKeyIterator) bufLen() int { 665 return len(it.items) 666} 667 668func (it *CryptoKeyIterator) takeBuf() interface{} { 669 b := it.items 670 it.items = nil 671 return b 672} 673 674// CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion. 675type CryptoKeyVersionIterator struct { 676 items []*kmspb.CryptoKeyVersion 677 pageInfo *iterator.PageInfo 678 nextFunc func() error 679 680 // InternalFetch is for use by the Google Cloud Libraries only. 681 // It is not part of the stable interface of this package. 682 // 683 // InternalFetch returns results from a single call to the underlying RPC. 684 // The number of results is no greater than pageSize. 685 // If there are no more results, nextPageToken is empty and err is nil. 686 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error) 687} 688 689// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 690func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo { 691 return it.pageInfo 692} 693 694// Next returns the next result. Its second return value is iterator.Done if there are no more 695// results. Once Next returns Done, all subsequent calls will return Done. 696func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error) { 697 var item *kmspb.CryptoKeyVersion 698 if err := it.nextFunc(); err != nil { 699 return item, err 700 } 701 item = it.items[0] 702 it.items = it.items[1:] 703 return item, nil 704} 705 706func (it *CryptoKeyVersionIterator) bufLen() int { 707 return len(it.items) 708} 709 710func (it *CryptoKeyVersionIterator) takeBuf() interface{} { 711 b := it.items 712 it.items = nil 713 return b 714} 715 716// KeyRingIterator manages a stream of *kmspb.KeyRing. 717type KeyRingIterator struct { 718 items []*kmspb.KeyRing 719 pageInfo *iterator.PageInfo 720 nextFunc func() error 721 722 // InternalFetch is for use by the Google Cloud Libraries only. 723 // It is not part of the stable interface of this package. 724 // 725 // InternalFetch returns results from a single call to the underlying RPC. 726 // The number of results is no greater than pageSize. 727 // If there are no more results, nextPageToken is empty and err is nil. 728 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error) 729} 730 731// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 732func (it *KeyRingIterator) PageInfo() *iterator.PageInfo { 733 return it.pageInfo 734} 735 736// Next returns the next result. Its second return value is iterator.Done if there are no more 737// results. Once Next returns Done, all subsequent calls will return Done. 738func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error) { 739 var item *kmspb.KeyRing 740 if err := it.nextFunc(); err != nil { 741 return item, err 742 } 743 item = it.items[0] 744 it.items = it.items[1:] 745 return item, nil 746} 747 748func (it *KeyRingIterator) bufLen() int { 749 return len(it.items) 750} 751 752func (it *KeyRingIterator) takeBuf() interface{} { 753 b := it.items 754 it.items = nil 755 return b 756} 757