1// Copyright 2019 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// https://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15// Code generated by gapic-generator. DO NOT EDIT. 16 17package kms 18 19import ( 20 "context" 21 "fmt" 22 "math" 23 "net/url" 24 "time" 25 26 "github.com/golang/protobuf/proto" 27 gax "github.com/googleapis/gax-go/v2" 28 "google.golang.org/api/iterator" 29 "google.golang.org/api/option" 30 "google.golang.org/api/transport" 31 kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" 32 "google.golang.org/grpc" 33 "google.golang.org/grpc/codes" 34 "google.golang.org/grpc/metadata" 35) 36 37// KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient. 38type KeyManagementCallOptions struct { 39 ListKeyRings []gax.CallOption 40 ListImportJobs []gax.CallOption 41 ListCryptoKeys []gax.CallOption 42 ListCryptoKeyVersions []gax.CallOption 43 GetKeyRing []gax.CallOption 44 GetImportJob []gax.CallOption 45 GetCryptoKey []gax.CallOption 46 GetCryptoKeyVersion []gax.CallOption 47 CreateKeyRing []gax.CallOption 48 CreateImportJob []gax.CallOption 49 CreateCryptoKey []gax.CallOption 50 CreateCryptoKeyVersion []gax.CallOption 51 ImportCryptoKeyVersion []gax.CallOption 52 UpdateCryptoKey []gax.CallOption 53 UpdateCryptoKeyVersion []gax.CallOption 54 Encrypt []gax.CallOption 55 Decrypt []gax.CallOption 56 UpdateCryptoKeyPrimaryVersion []gax.CallOption 57 DestroyCryptoKeyVersion []gax.CallOption 58 RestoreCryptoKeyVersion []gax.CallOption 59 GetPublicKey []gax.CallOption 60 AsymmetricDecrypt []gax.CallOption 61 AsymmetricSign []gax.CallOption 62} 63 64func defaultKeyManagementClientOptions() []option.ClientOption { 65 return []option.ClientOption{ 66 option.WithEndpoint("cloudkms.googleapis.com:443"), 67 option.WithScopes(DefaultAuthScopes()...), 68 option.WithGRPCDialOption(grpc.WithDefaultCallOptions( 69 grpc.MaxCallRecvMsgSize(math.MaxInt32))), 70 } 71} 72 73func defaultKeyManagementCallOptions() *KeyManagementCallOptions { 74 retry := map[[2]string][]gax.CallOption{ 75 {"default", "retryable"}: { 76 gax.WithRetry(func() gax.Retryer { 77 return gax.OnCodes([]codes.Code{ 78 codes.DeadlineExceeded, 79 codes.Internal, 80 codes.Unavailable, 81 }, gax.Backoff{ 82 Initial: 100 * time.Millisecond, 83 Max: 60000 * time.Millisecond, 84 Multiplier: 1.3, 85 }) 86 }), 87 }, 88 } 89 return &KeyManagementCallOptions{ 90 ListKeyRings: retry[[2]string{"default", "retryable"}], 91 ListImportJobs: retry[[2]string{"default", "retryable"}], 92 ListCryptoKeys: retry[[2]string{"default", "retryable"}], 93 ListCryptoKeyVersions: retry[[2]string{"default", "retryable"}], 94 GetKeyRing: retry[[2]string{"default", "retryable"}], 95 GetImportJob: retry[[2]string{"default", "retryable"}], 96 GetCryptoKey: retry[[2]string{"default", "retryable"}], 97 GetCryptoKeyVersion: retry[[2]string{"default", "retryable"}], 98 CreateKeyRing: retry[[2]string{"default", "retryable"}], 99 CreateImportJob: retry[[2]string{"default", "retryable"}], 100 CreateCryptoKey: retry[[2]string{"default", "retryable"}], 101 CreateCryptoKeyVersion: retry[[2]string{"default", "non_retryable"}], 102 ImportCryptoKeyVersion: retry[[2]string{"default", "non_retryable"}], 103 UpdateCryptoKey: retry[[2]string{"default", "retryable"}], 104 UpdateCryptoKeyVersion: retry[[2]string{"default", "retryable"}], 105 Encrypt: retry[[2]string{"default", "retryable"}], 106 Decrypt: retry[[2]string{"default", "retryable"}], 107 UpdateCryptoKeyPrimaryVersion: retry[[2]string{"default", "retryable"}], 108 DestroyCryptoKeyVersion: retry[[2]string{"default", "retryable"}], 109 RestoreCryptoKeyVersion: retry[[2]string{"default", "retryable"}], 110 GetPublicKey: retry[[2]string{"default", "retryable"}], 111 AsymmetricDecrypt: retry[[2]string{"default", "retryable"}], 112 AsymmetricSign: retry[[2]string{"default", "retryable"}], 113 } 114} 115 116// KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API. 117// 118// Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls. 119type KeyManagementClient struct { 120 // The connection to the service. 121 conn *grpc.ClientConn 122 123 // The gRPC API client. 124 keyManagementClient kmspb.KeyManagementServiceClient 125 126 // The call options for this service. 127 CallOptions *KeyManagementCallOptions 128 129 // The x-goog-* metadata to be sent with each request. 130 xGoogMetadata metadata.MD 131} 132 133// NewKeyManagementClient creates a new key management service client. 134// 135// Google Cloud Key Management Service 136// 137// Manages cryptographic keys and operations using those keys. Implements a REST 138// model with the following objects: 139// 140// [KeyRing][google.cloud.kms.v1.KeyRing] 141// 142// [CryptoKey][google.cloud.kms.v1.CryptoKey] 143// 144// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] 145// 146// If you are using manual gRPC libraries, see 147// Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc). 148func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error) { 149 conn, err := transport.DialGRPC(ctx, append(defaultKeyManagementClientOptions(), opts...)...) 150 if err != nil { 151 return nil, err 152 } 153 c := &KeyManagementClient{ 154 conn: conn, 155 CallOptions: defaultKeyManagementCallOptions(), 156 157 keyManagementClient: kmspb.NewKeyManagementServiceClient(conn), 158 } 159 c.setGoogleClientInfo() 160 return c, nil 161} 162 163// Connection returns the client's connection to the API service. 164func (c *KeyManagementClient) Connection() *grpc.ClientConn { 165 return c.conn 166} 167 168// Close closes the connection to the API service. The user should invoke this when 169// the client is no longer required. 170func (c *KeyManagementClient) Close() error { 171 return c.conn.Close() 172} 173 174// setGoogleClientInfo sets the name and version of the application in 175// the `x-goog-api-client` header passed on each request. Intended for 176// use by Google-written clients. 177func (c *KeyManagementClient) setGoogleClientInfo(keyval ...string) { 178 kv := append([]string{"gl-go", versionGo()}, keyval...) 179 kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version) 180 c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...)) 181} 182 183// ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing]. 184func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator { 185 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 186 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 187 opts = append(c.CallOptions.ListKeyRings[0:len(c.CallOptions.ListKeyRings):len(c.CallOptions.ListKeyRings)], opts...) 188 it := &KeyRingIterator{} 189 req = proto.Clone(req).(*kmspb.ListKeyRingsRequest) 190 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.KeyRing, string, error) { 191 var resp *kmspb.ListKeyRingsResponse 192 req.PageToken = pageToken 193 if pageSize > math.MaxInt32 { 194 req.PageSize = math.MaxInt32 195 } else { 196 req.PageSize = int32(pageSize) 197 } 198 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 199 var err error 200 resp, err = c.keyManagementClient.ListKeyRings(ctx, req, settings.GRPC...) 201 return err 202 }, opts...) 203 if err != nil { 204 return nil, "", err 205 } 206 return resp.KeyRings, resp.NextPageToken, nil 207 } 208 fetch := func(pageSize int, pageToken string) (string, error) { 209 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 210 if err != nil { 211 return "", err 212 } 213 it.items = append(it.items, items...) 214 return nextPageToken, nil 215 } 216 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 217 it.pageInfo.MaxSize = int(req.PageSize) 218 it.pageInfo.Token = req.PageToken 219 return it 220} 221 222// ListImportJobs lists [ImportJobs][google.cloud.kms.v1.ImportJob]. 223func (c *KeyManagementClient) ListImportJobs(ctx context.Context, req *kmspb.ListImportJobsRequest, opts ...gax.CallOption) *ImportJobIterator { 224 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 225 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 226 opts = append(c.CallOptions.ListImportJobs[0:len(c.CallOptions.ListImportJobs):len(c.CallOptions.ListImportJobs)], opts...) 227 it := &ImportJobIterator{} 228 req = proto.Clone(req).(*kmspb.ListImportJobsRequest) 229 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.ImportJob, string, error) { 230 var resp *kmspb.ListImportJobsResponse 231 req.PageToken = pageToken 232 if pageSize > math.MaxInt32 { 233 req.PageSize = math.MaxInt32 234 } else { 235 req.PageSize = int32(pageSize) 236 } 237 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 238 var err error 239 resp, err = c.keyManagementClient.ListImportJobs(ctx, req, settings.GRPC...) 240 return err 241 }, opts...) 242 if err != nil { 243 return nil, "", err 244 } 245 return resp.ImportJobs, resp.NextPageToken, nil 246 } 247 fetch := func(pageSize int, pageToken string) (string, error) { 248 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 249 if err != nil { 250 return "", err 251 } 252 it.items = append(it.items, items...) 253 return nextPageToken, nil 254 } 255 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 256 it.pageInfo.MaxSize = int(req.PageSize) 257 it.pageInfo.Token = req.PageToken 258 return it 259} 260 261// ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. 262func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator { 263 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 264 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 265 opts = append(c.CallOptions.ListCryptoKeys[0:len(c.CallOptions.ListCryptoKeys):len(c.CallOptions.ListCryptoKeys)], opts...) 266 it := &CryptoKeyIterator{} 267 req = proto.Clone(req).(*kmspb.ListCryptoKeysRequest) 268 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKey, string, error) { 269 var resp *kmspb.ListCryptoKeysResponse 270 req.PageToken = pageToken 271 if pageSize > math.MaxInt32 { 272 req.PageSize = math.MaxInt32 273 } else { 274 req.PageSize = int32(pageSize) 275 } 276 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 277 var err error 278 resp, err = c.keyManagementClient.ListCryptoKeys(ctx, req, settings.GRPC...) 279 return err 280 }, opts...) 281 if err != nil { 282 return nil, "", err 283 } 284 return resp.CryptoKeys, resp.NextPageToken, nil 285 } 286 fetch := func(pageSize int, pageToken string) (string, error) { 287 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 288 if err != nil { 289 return "", err 290 } 291 it.items = append(it.items, items...) 292 return nextPageToken, nil 293 } 294 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 295 it.pageInfo.MaxSize = int(req.PageSize) 296 it.pageInfo.Token = req.PageToken 297 return it 298} 299 300// ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. 301func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator { 302 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 303 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 304 opts = append(c.CallOptions.ListCryptoKeyVersions[0:len(c.CallOptions.ListCryptoKeyVersions):len(c.CallOptions.ListCryptoKeyVersions)], opts...) 305 it := &CryptoKeyVersionIterator{} 306 req = proto.Clone(req).(*kmspb.ListCryptoKeyVersionsRequest) 307 it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKeyVersion, string, error) { 308 var resp *kmspb.ListCryptoKeyVersionsResponse 309 req.PageToken = pageToken 310 if pageSize > math.MaxInt32 { 311 req.PageSize = math.MaxInt32 312 } else { 313 req.PageSize = int32(pageSize) 314 } 315 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 316 var err error 317 resp, err = c.keyManagementClient.ListCryptoKeyVersions(ctx, req, settings.GRPC...) 318 return err 319 }, opts...) 320 if err != nil { 321 return nil, "", err 322 } 323 return resp.CryptoKeyVersions, resp.NextPageToken, nil 324 } 325 fetch := func(pageSize int, pageToken string) (string, error) { 326 items, nextPageToken, err := it.InternalFetch(pageSize, pageToken) 327 if err != nil { 328 return "", err 329 } 330 it.items = append(it.items, items...) 331 return nextPageToken, nil 332 } 333 it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf) 334 it.pageInfo.MaxSize = int(req.PageSize) 335 it.pageInfo.Token = req.PageToken 336 return it 337} 338 339// GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. 340func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) { 341 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 342 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 343 opts = append(c.CallOptions.GetKeyRing[0:len(c.CallOptions.GetKeyRing):len(c.CallOptions.GetKeyRing)], opts...) 344 var resp *kmspb.KeyRing 345 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 346 var err error 347 resp, err = c.keyManagementClient.GetKeyRing(ctx, req, settings.GRPC...) 348 return err 349 }, opts...) 350 if err != nil { 351 return nil, err 352 } 353 return resp, nil 354} 355 356// GetImportJob returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. 357func (c *KeyManagementClient) GetImportJob(ctx context.Context, req *kmspb.GetImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) { 358 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 359 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 360 opts = append(c.CallOptions.GetImportJob[0:len(c.CallOptions.GetImportJob):len(c.CallOptions.GetImportJob)], opts...) 361 var resp *kmspb.ImportJob 362 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 363 var err error 364 resp, err = c.keyManagementClient.GetImportJob(ctx, req, settings.GRPC...) 365 return err 366 }, opts...) 367 if err != nil { 368 return nil, err 369 } 370 return resp, nil 371} 372 373// GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its 374// [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 375func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 376 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 377 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 378 opts = append(c.CallOptions.GetCryptoKey[0:len(c.CallOptions.GetCryptoKey):len(c.CallOptions.GetCryptoKey)], opts...) 379 var resp *kmspb.CryptoKey 380 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 381 var err error 382 resp, err = c.keyManagementClient.GetCryptoKey(ctx, req, settings.GRPC...) 383 return err 384 }, opts...) 385 if err != nil { 386 return nil, err 387 } 388 return resp, nil 389} 390 391// GetCryptoKeyVersion returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. 392func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 393 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 394 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 395 opts = append(c.CallOptions.GetCryptoKeyVersion[0:len(c.CallOptions.GetCryptoKeyVersion):len(c.CallOptions.GetCryptoKeyVersion)], opts...) 396 var resp *kmspb.CryptoKeyVersion 397 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 398 var err error 399 resp, err = c.keyManagementClient.GetCryptoKeyVersion(ctx, req, settings.GRPC...) 400 return err 401 }, opts...) 402 if err != nil { 403 return nil, err 404 } 405 return resp, nil 406} 407 408// CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. 409func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) { 410 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 411 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 412 opts = append(c.CallOptions.CreateKeyRing[0:len(c.CallOptions.CreateKeyRing):len(c.CallOptions.CreateKeyRing)], opts...) 413 var resp *kmspb.KeyRing 414 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 415 var err error 416 resp, err = c.keyManagementClient.CreateKeyRing(ctx, req, settings.GRPC...) 417 return err 418 }, opts...) 419 if err != nil { 420 return nil, err 421 } 422 return resp, nil 423} 424 425// CreateImportJob create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]. 426// 427// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required. 428func (c *KeyManagementClient) CreateImportJob(ctx context.Context, req *kmspb.CreateImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob, error) { 429 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 430 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 431 opts = append(c.CallOptions.CreateImportJob[0:len(c.CallOptions.CreateImportJob):len(c.CallOptions.CreateImportJob)], opts...) 432 var resp *kmspb.ImportJob 433 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 434 var err error 435 resp, err = c.keyManagementClient.CreateImportJob(ctx, req, settings.GRPC...) 436 return err 437 }, opts...) 438 if err != nil { 439 return nil, err 440 } 441 return resp, nil 442} 443 444// CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. 445// 446// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and 447// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] 448// are required. 449func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 450 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 451 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 452 opts = append(c.CallOptions.CreateCryptoKey[0:len(c.CallOptions.CreateCryptoKey):len(c.CallOptions.CreateCryptoKey)], opts...) 453 var resp *kmspb.CryptoKey 454 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 455 var err error 456 resp, err = c.keyManagementClient.CreateCryptoKey(ctx, req, settings.GRPC...) 457 return err 458 }, opts...) 459 if err != nil { 460 return nil, err 461 } 462 return resp, nil 463} 464 465// CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. 466// 467// The server will assign the next sequential id. If unset, 468// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 469// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. 470func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 471 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 472 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 473 opts = append(c.CallOptions.CreateCryptoKeyVersion[0:len(c.CallOptions.CreateCryptoKeyVersion):len(c.CallOptions.CreateCryptoKeyVersion)], opts...) 474 var resp *kmspb.CryptoKeyVersion 475 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 476 var err error 477 resp, err = c.keyManagementClient.CreateCryptoKeyVersion(ctx, req, settings.GRPC...) 478 return err 479 }, opts...) 480 if err != nil { 481 return nil, err 482 } 483 return resp, nil 484} 485 486// ImportCryptoKeyVersion imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the 487// wrapped key material provided in the request. 488// 489// The version ID will be assigned the next sequential id within the 490// [CryptoKey][google.cloud.kms.v1.CryptoKey]. 491func (c *KeyManagementClient) ImportCryptoKeyVersion(ctx context.Context, req *kmspb.ImportCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 492 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", url.QueryEscape(req.GetParent()))) 493 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 494 opts = append(c.CallOptions.ImportCryptoKeyVersion[0:len(c.CallOptions.ImportCryptoKeyVersion):len(c.CallOptions.ImportCryptoKeyVersion)], opts...) 495 var resp *kmspb.CryptoKeyVersion 496 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 497 var err error 498 resp, err = c.keyManagementClient.ImportCryptoKeyVersion(ctx, req, settings.GRPC...) 499 return err 500 }, opts...) 501 if err != nil { 502 return nil, err 503 } 504 return resp, nil 505} 506 507// UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. 508func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 509 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", url.QueryEscape(req.GetCryptoKey().GetName()))) 510 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 511 opts = append(c.CallOptions.UpdateCryptoKey[0:len(c.CallOptions.UpdateCryptoKey):len(c.CallOptions.UpdateCryptoKey)], opts...) 512 var resp *kmspb.CryptoKey 513 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 514 var err error 515 resp, err = c.keyManagementClient.UpdateCryptoKey(ctx, req, settings.GRPC...) 516 return err 517 }, opts...) 518 if err != nil { 519 return nil, err 520 } 521 return resp, nil 522} 523 524// UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. 525// 526// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between 527// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and 528// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this 529// method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to 530// move between other states. 531func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 532 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", url.QueryEscape(req.GetCryptoKeyVersion().GetName()))) 533 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 534 opts = append(c.CallOptions.UpdateCryptoKeyVersion[0:len(c.CallOptions.UpdateCryptoKeyVersion):len(c.CallOptions.UpdateCryptoKeyVersion)], opts...) 535 var resp *kmspb.CryptoKeyVersion 536 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 537 var err error 538 resp, err = c.keyManagementClient.UpdateCryptoKeyVersion(ctx, req, settings.GRPC...) 539 return err 540 }, opts...) 541 if err != nil { 542 return nil, err 543 } 544 return resp, nil 545} 546 547// Encrypt encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. 548// The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 549// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 550func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) { 551 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 552 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 553 opts = append(c.CallOptions.Encrypt[0:len(c.CallOptions.Encrypt):len(c.CallOptions.Encrypt)], opts...) 554 var resp *kmspb.EncryptResponse 555 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 556 var err error 557 resp, err = c.keyManagementClient.Encrypt(ctx, req, settings.GRPC...) 558 return err 559 }, opts...) 560 if err != nil { 561 return nil, err 562 } 563 return resp, nil 564} 565 566// Decrypt decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 567// must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 568func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) { 569 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 570 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 571 opts = append(c.CallOptions.Decrypt[0:len(c.CallOptions.Decrypt):len(c.CallOptions.Decrypt)], opts...) 572 var resp *kmspb.DecryptResponse 573 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 574 var err error 575 resp, err = c.keyManagementClient.Decrypt(ctx, req, settings.GRPC...) 576 return err 577 }, opts...) 578 if err != nil { 579 return nil, err 580 } 581 return resp, nil 582} 583 584// UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. 585// 586// Returns an error if called on an asymmetric key. 587func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) { 588 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 589 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 590 opts = append(c.CallOptions.UpdateCryptoKeyPrimaryVersion[0:len(c.CallOptions.UpdateCryptoKeyPrimaryVersion):len(c.CallOptions.UpdateCryptoKeyPrimaryVersion)], opts...) 591 var resp *kmspb.CryptoKey 592 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 593 var err error 594 resp, err = c.keyManagementClient.UpdateCryptoKeyPrimaryVersion(ctx, req, settings.GRPC...) 595 return err 596 }, opts...) 597 if err != nil { 598 return nil, err 599 } 600 return resp, nil 601} 602 603// DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. 604// 605// Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to 606// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] 607// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 608// hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] 609// will be changed to 610// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key 611// material will be irrevocably destroyed. 612// 613// Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, 614// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. 615func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 616 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 617 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 618 opts = append(c.CallOptions.DestroyCryptoKeyVersion[0:len(c.CallOptions.DestroyCryptoKeyVersion):len(c.CallOptions.DestroyCryptoKeyVersion)], opts...) 619 var resp *kmspb.CryptoKeyVersion 620 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 621 var err error 622 resp, err = c.keyManagementClient.DestroyCryptoKeyVersion(ctx, req, settings.GRPC...) 623 return err 624 }, opts...) 625 if err != nil { 626 return nil, err 627 } 628 return resp, nil 629} 630 631// RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the 632// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] 633// state. 634// 635// Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] 636// will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], 637// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. 638func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) { 639 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 640 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 641 opts = append(c.CallOptions.RestoreCryptoKeyVersion[0:len(c.CallOptions.RestoreCryptoKeyVersion):len(c.CallOptions.RestoreCryptoKeyVersion)], opts...) 642 var resp *kmspb.CryptoKeyVersion 643 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 644 var err error 645 resp, err = c.keyManagementClient.RestoreCryptoKeyVersion(ctx, req, settings.GRPC...) 646 return err 647 }, opts...) 648 if err != nil { 649 return nil, err 650 } 651 return resp, nil 652} 653 654// GetPublicKey returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The 655// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 656// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or 657// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. 658func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) { 659 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 660 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 661 opts = append(c.CallOptions.GetPublicKey[0:len(c.CallOptions.GetPublicKey):len(c.CallOptions.GetPublicKey)], opts...) 662 var resp *kmspb.PublicKey 663 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 664 var err error 665 resp, err = c.keyManagementClient.GetPublicKey(ctx, req, settings.GRPC...) 666 return err 667 }, opts...) 668 if err != nil { 669 return nil, err 670 } 671 return resp, nil 672} 673 674// AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from 675// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with 676// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT. 677func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) { 678 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 679 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 680 opts = append(c.CallOptions.AsymmetricDecrypt[0:len(c.CallOptions.AsymmetricDecrypt):len(c.CallOptions.AsymmetricDecrypt)], opts...) 681 var resp *kmspb.AsymmetricDecryptResponse 682 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 683 var err error 684 resp, err = c.keyManagementClient.AsymmetricDecrypt(ctx, req, settings.GRPC...) 685 return err 686 }, opts...) 687 if err != nil { 688 return nil, err 689 } 690 return resp, nil 691} 692 693// AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] 694// ASYMMETRIC_SIGN, producing a signature that can be verified with the public 695// key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. 696func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) { 697 md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", url.QueryEscape(req.GetName()))) 698 ctx = insertMetadata(ctx, c.xGoogMetadata, md) 699 opts = append(c.CallOptions.AsymmetricSign[0:len(c.CallOptions.AsymmetricSign):len(c.CallOptions.AsymmetricSign)], opts...) 700 var resp *kmspb.AsymmetricSignResponse 701 err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error { 702 var err error 703 resp, err = c.keyManagementClient.AsymmetricSign(ctx, req, settings.GRPC...) 704 return err 705 }, opts...) 706 if err != nil { 707 return nil, err 708 } 709 return resp, nil 710} 711 712// CryptoKeyIterator manages a stream of *kmspb.CryptoKey. 713type CryptoKeyIterator struct { 714 items []*kmspb.CryptoKey 715 pageInfo *iterator.PageInfo 716 nextFunc func() error 717 718 // InternalFetch is for use by the Google Cloud Libraries only. 719 // It is not part of the stable interface of this package. 720 // 721 // InternalFetch returns results from a single call to the underlying RPC. 722 // The number of results is no greater than pageSize. 723 // If there are no more results, nextPageToken is empty and err is nil. 724 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error) 725} 726 727// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 728func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo { 729 return it.pageInfo 730} 731 732// Next returns the next result. Its second return value is iterator.Done if there are no more 733// results. Once Next returns Done, all subsequent calls will return Done. 734func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error) { 735 var item *kmspb.CryptoKey 736 if err := it.nextFunc(); err != nil { 737 return item, err 738 } 739 item = it.items[0] 740 it.items = it.items[1:] 741 return item, nil 742} 743 744func (it *CryptoKeyIterator) bufLen() int { 745 return len(it.items) 746} 747 748func (it *CryptoKeyIterator) takeBuf() interface{} { 749 b := it.items 750 it.items = nil 751 return b 752} 753 754// CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion. 755type CryptoKeyVersionIterator struct { 756 items []*kmspb.CryptoKeyVersion 757 pageInfo *iterator.PageInfo 758 nextFunc func() error 759 760 // InternalFetch is for use by the Google Cloud Libraries only. 761 // It is not part of the stable interface of this package. 762 // 763 // InternalFetch returns results from a single call to the underlying RPC. 764 // The number of results is no greater than pageSize. 765 // If there are no more results, nextPageToken is empty and err is nil. 766 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error) 767} 768 769// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 770func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo { 771 return it.pageInfo 772} 773 774// Next returns the next result. Its second return value is iterator.Done if there are no more 775// results. Once Next returns Done, all subsequent calls will return Done. 776func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error) { 777 var item *kmspb.CryptoKeyVersion 778 if err := it.nextFunc(); err != nil { 779 return item, err 780 } 781 item = it.items[0] 782 it.items = it.items[1:] 783 return item, nil 784} 785 786func (it *CryptoKeyVersionIterator) bufLen() int { 787 return len(it.items) 788} 789 790func (it *CryptoKeyVersionIterator) takeBuf() interface{} { 791 b := it.items 792 it.items = nil 793 return b 794} 795 796// ImportJobIterator manages a stream of *kmspb.ImportJob. 797type ImportJobIterator struct { 798 items []*kmspb.ImportJob 799 pageInfo *iterator.PageInfo 800 nextFunc func() error 801 802 // InternalFetch is for use by the Google Cloud Libraries only. 803 // It is not part of the stable interface of this package. 804 // 805 // InternalFetch returns results from a single call to the underlying RPC. 806 // The number of results is no greater than pageSize. 807 // If there are no more results, nextPageToken is empty and err is nil. 808 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.ImportJob, nextPageToken string, err error) 809} 810 811// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 812func (it *ImportJobIterator) PageInfo() *iterator.PageInfo { 813 return it.pageInfo 814} 815 816// Next returns the next result. Its second return value is iterator.Done if there are no more 817// results. Once Next returns Done, all subsequent calls will return Done. 818func (it *ImportJobIterator) Next() (*kmspb.ImportJob, error) { 819 var item *kmspb.ImportJob 820 if err := it.nextFunc(); err != nil { 821 return item, err 822 } 823 item = it.items[0] 824 it.items = it.items[1:] 825 return item, nil 826} 827 828func (it *ImportJobIterator) bufLen() int { 829 return len(it.items) 830} 831 832func (it *ImportJobIterator) takeBuf() interface{} { 833 b := it.items 834 it.items = nil 835 return b 836} 837 838// KeyRingIterator manages a stream of *kmspb.KeyRing. 839type KeyRingIterator struct { 840 items []*kmspb.KeyRing 841 pageInfo *iterator.PageInfo 842 nextFunc func() error 843 844 // InternalFetch is for use by the Google Cloud Libraries only. 845 // It is not part of the stable interface of this package. 846 // 847 // InternalFetch returns results from a single call to the underlying RPC. 848 // The number of results is no greater than pageSize. 849 // If there are no more results, nextPageToken is empty and err is nil. 850 InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error) 851} 852 853// PageInfo supports pagination. See the google.golang.org/api/iterator package for details. 854func (it *KeyRingIterator) PageInfo() *iterator.PageInfo { 855 return it.pageInfo 856} 857 858// Next returns the next result. Its second return value is iterator.Done if there are no more 859// results. Once Next returns Done, all subsequent calls will return Done. 860func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error) { 861 var item *kmspb.KeyRing 862 if err := it.nextFunc(); err != nil { 863 return item, err 864 } 865 item = it.items[0] 866 it.items = it.items[1:] 867 return item, nil 868} 869 870func (it *KeyRingIterator) bufLen() int { 871 return len(it.items) 872} 873 874func (it *KeyRingIterator) takeBuf() interface{} { 875 b := it.items 876 it.items = nil 877 return b 878} 879