1# -*- coding: utf-8 -*- # 2# Copyright 2019 Google LLC. All Rights Reserved. 3# 4# Licensed under the Apache License, Version 2.0 (the "License"); 5# you may not use this file except in compliance with the License. 6# You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15"""Describe a version.""" 16 17from __future__ import absolute_import 18from __future__ import division 19from __future__ import unicode_literals 20 21from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base 22from googlecloudsdk.calliope import base 23from googlecloudsdk.calliope import exceptions 24from googlecloudsdk.command_lib.kms import flags 25from googlecloudsdk.core import log 26from googlecloudsdk.core.util import files 27 28 29class Describe(base.DescribeCommand): 30 r"""Get metadata for a given import job. 31 32 Returns metadata for the given import job. 33 34 The optional flag `--attestation-file` specifies file to write the attestation 35 into. The attestation enables the user to verify the integrity and provenance 36 of the key. See https://cloud.google.com/kms/docs/attest-key for more 37 information about attestations. 38 39 ## EXAMPLES 40 41 The following command returns metadata for import job 'strider' within the 42 keyring 'fellowship' in the location 'us-central1': 43 44 $ {command} strider --keyring=fellowship --location=us-central1 45 46 For import jobs with protection level `HSM`, use the `--attestation-file` 47 flag to save the attestation to a local file. 48 49 $ {command} strider --keyring=fellowship --location=us-central1 \ 50 --attestation-file=path/to/attestation.dat 51 """ 52 53 @staticmethod 54 def Args(parser): 55 flags.AddKeyRingFlag(parser, 'import job') 56 flags.AddLocationFlag(parser, 'import job') 57 flags.AddPositionalImportJobArgument(parser, 'to describe') 58 flags.AddAttestationFileFlag(parser) 59 60 def Run(self, args): 61 client = cloudkms_base.GetClientInstance() 62 messages = cloudkms_base.GetMessagesModule() 63 64 import_job_ref = flags.ParseImportJobName(args) 65 if not import_job_ref.Name(): 66 raise exceptions.InvalidArgumentException( 67 'import_job', 'import job id must be non-empty.') 68 import_job = client.projects_locations_keyRings_importJobs.Get( # pylint: disable=line-too-long 69 messages.CloudkmsProjectsLocationsKeyRingsImportJobsGetRequest( 70 name=import_job_ref.RelativeName())) 71 72 # Raise exception if --attestation-file is provided for software 73 # import jobs. 74 if (args.attestation_file and import_job.protectionLevel != 75 messages.ImportJob.ProtectionLevelValueValuesEnum.HSM): 76 raise exceptions.ToolException( 77 'Attestations are only available for HSM import jobs.') 78 79 if (args.attestation_file and import_job.state == messages.ImportJob 80 .StateValueValuesEnum.PENDING_GENERATION): 81 raise exceptions.ToolException( 82 'The attestation is unavailable until the import job is generated.') 83 84 if args.attestation_file and import_job.attestation is not None: 85 try: 86 log.WriteToFileOrStdout( 87 args.attestation_file, 88 import_job.attestation.content, 89 overwrite=True, 90 binary=True) 91 except files.Error as e: 92 raise exceptions.BadFileException(e) 93 94 if import_job.attestation is not None: 95 # Suppress the attestation content in the printed output. Users can use 96 # --attestation-file to obtain it, instead. 97 import_job.attestation.content = None 98 99 return import_job 100