1# -*- coding: utf-8 -*- #
2# Copyright 2019 Google LLC. All Rights Reserved.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#    http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15"""Describe a version."""
16
17from __future__ import absolute_import
18from __future__ import division
19from __future__ import unicode_literals
20
21from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
22from googlecloudsdk.calliope import base
23from googlecloudsdk.calliope import exceptions
24from googlecloudsdk.command_lib.kms import flags
25from googlecloudsdk.core import log
26from googlecloudsdk.core.util import files
27
28
29class Describe(base.DescribeCommand):
30  r"""Get metadata for a given import job.
31
32  Returns metadata for the given import job.
33
34  The optional flag `--attestation-file` specifies file to write the attestation
35  into. The attestation enables the user to verify the integrity and provenance
36  of the key. See https://cloud.google.com/kms/docs/attest-key for more
37  information about attestations.
38
39  ## EXAMPLES
40
41  The following command returns metadata for import job 'strider' within the
42  keyring 'fellowship' in the location 'us-central1':
43
44    $ {command} strider --keyring=fellowship --location=us-central1
45
46  For import jobs with protection level `HSM`, use the `--attestation-file`
47  flag to save the attestation to a local file.
48
49    $ {command} strider --keyring=fellowship --location=us-central1 \
50        --attestation-file=path/to/attestation.dat
51  """
52
53  @staticmethod
54  def Args(parser):
55    flags.AddKeyRingFlag(parser, 'import job')
56    flags.AddLocationFlag(parser, 'import job')
57    flags.AddPositionalImportJobArgument(parser, 'to describe')
58    flags.AddAttestationFileFlag(parser)
59
60  def Run(self, args):
61    client = cloudkms_base.GetClientInstance()
62    messages = cloudkms_base.GetMessagesModule()
63
64    import_job_ref = flags.ParseImportJobName(args)
65    if not import_job_ref.Name():
66      raise exceptions.InvalidArgumentException(
67          'import_job', 'import job id must be non-empty.')
68    import_job = client.projects_locations_keyRings_importJobs.Get(  # pylint: disable=line-too-long
69        messages.CloudkmsProjectsLocationsKeyRingsImportJobsGetRequest(
70            name=import_job_ref.RelativeName()))
71
72    # Raise exception if --attestation-file is provided for software
73    # import jobs.
74    if (args.attestation_file and import_job.protectionLevel !=
75        messages.ImportJob.ProtectionLevelValueValuesEnum.HSM):
76      raise exceptions.ToolException(
77          'Attestations are only available for HSM import jobs.')
78
79    if (args.attestation_file and import_job.state == messages.ImportJob
80        .StateValueValuesEnum.PENDING_GENERATION):
81      raise exceptions.ToolException(
82          'The attestation is unavailable until the import job is generated.')
83
84    if args.attestation_file and import_job.attestation is not None:
85      try:
86        log.WriteToFileOrStdout(
87            args.attestation_file,
88            import_job.attestation.content,
89            overwrite=True,
90            binary=True)
91      except files.Error as e:
92        raise exceptions.BadFileException(e)
93
94    if import_job.attestation is not None:
95      # Suppress the attestation content in the printed output. Users can use
96      # --attestation-file to obtain it, instead.
97      import_job.attestation.content = None
98
99    return import_job
100