|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754 |
- // Copyright 2019 Google LLC
- //
- // Licensed under the Apache License, Version 2.0 (the "License");
- // you may not use this file except in compliance with the License.
- // You may obtain a copy of the License at
- //
- // https://www.apache.org/licenses/LICENSE-2.0
- //
- // Unless required by applicable law or agreed to in writing, software
- // distributed under the License is distributed on an "AS IS" BASIS,
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- // See the License for the specific language governing permissions and
- // limitations under the License.
-
- // Code generated by gapic-generator. DO NOT EDIT.
-
- package kms
-
- import (
- "context"
- "fmt"
- "math"
- "time"
-
- "github.com/golang/protobuf/proto"
- gax "github.com/googleapis/gax-go/v2"
- "google.golang.org/api/iterator"
- "google.golang.org/api/option"
- "google.golang.org/api/transport"
- kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
- "google.golang.org/grpc"
- "google.golang.org/grpc/codes"
- "google.golang.org/grpc/metadata"
- )
-
- // KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.
- type KeyManagementCallOptions struct {
- ListKeyRings []gax.CallOption
- ListCryptoKeys []gax.CallOption
- ListCryptoKeyVersions []gax.CallOption
- GetKeyRing []gax.CallOption
- GetCryptoKey []gax.CallOption
- GetCryptoKeyVersion []gax.CallOption
- CreateKeyRing []gax.CallOption
- CreateCryptoKey []gax.CallOption
- CreateCryptoKeyVersion []gax.CallOption
- UpdateCryptoKey []gax.CallOption
- UpdateCryptoKeyVersion []gax.CallOption
- Encrypt []gax.CallOption
- Decrypt []gax.CallOption
- UpdateCryptoKeyPrimaryVersion []gax.CallOption
- DestroyCryptoKeyVersion []gax.CallOption
- RestoreCryptoKeyVersion []gax.CallOption
- GetPublicKey []gax.CallOption
- AsymmetricDecrypt []gax.CallOption
- AsymmetricSign []gax.CallOption
- }
-
- func defaultKeyManagementClientOptions() []option.ClientOption {
- return []option.ClientOption{
- option.WithEndpoint("cloudkms.googleapis.com:443"),
- option.WithScopes(DefaultAuthScopes()...),
- }
- }
-
- func defaultKeyManagementCallOptions() *KeyManagementCallOptions {
- retry := map[[2]string][]gax.CallOption{
- {"default", "idempotent"}: {
- gax.WithRetry(func() gax.Retryer {
- return gax.OnCodes([]codes.Code{
- codes.DeadlineExceeded,
- codes.Unavailable,
- }, gax.Backoff{
- Initial: 100 * time.Millisecond,
- Max: 60000 * time.Millisecond,
- Multiplier: 1.3,
- })
- }),
- },
- }
- return &KeyManagementCallOptions{
- ListKeyRings: retry[[2]string{"default", "idempotent"}],
- ListCryptoKeys: retry[[2]string{"default", "idempotent"}],
- ListCryptoKeyVersions: retry[[2]string{"default", "idempotent"}],
- GetKeyRing: retry[[2]string{"default", "idempotent"}],
- GetCryptoKey: retry[[2]string{"default", "idempotent"}],
- GetCryptoKeyVersion: retry[[2]string{"default", "idempotent"}],
- CreateKeyRing: retry[[2]string{"default", "non_idempotent"}],
- CreateCryptoKey: retry[[2]string{"default", "non_idempotent"}],
- CreateCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}],
- UpdateCryptoKey: retry[[2]string{"default", "non_idempotent"}],
- UpdateCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}],
- Encrypt: retry[[2]string{"default", "non_idempotent"}],
- Decrypt: retry[[2]string{"default", "non_idempotent"}],
- UpdateCryptoKeyPrimaryVersion: retry[[2]string{"default", "non_idempotent"}],
- DestroyCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}],
- RestoreCryptoKeyVersion: retry[[2]string{"default", "non_idempotent"}],
- GetPublicKey: retry[[2]string{"default", "idempotent"}],
- AsymmetricDecrypt: retry[[2]string{"default", "non_idempotent"}],
- AsymmetricSign: retry[[2]string{"default", "non_idempotent"}],
- }
- }
-
- // KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.
- //
- // Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
- type KeyManagementClient struct {
- // The connection to the service.
- conn *grpc.ClientConn
-
- // The gRPC API client.
- keyManagementClient kmspb.KeyManagementServiceClient
-
- // The call options for this service.
- CallOptions *KeyManagementCallOptions
-
- // The x-goog-* metadata to be sent with each request.
- xGoogMetadata metadata.MD
- }
-
- // NewKeyManagementClient creates a new key management service client.
- //
- // Google Cloud Key Management Service
- //
- // Manages cryptographic keys and operations using those keys. Implements a REST
- // model with the following objects:
- //
- // [KeyRing][google.cloud.kms.v1.KeyRing]
- //
- // [CryptoKey][google.cloud.kms.v1.CryptoKey]
- //
- // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
- //
- // If you are using manual gRPC libraries, see
- // Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).
- func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error) {
- conn, err := transport.DialGRPC(ctx, append(defaultKeyManagementClientOptions(), opts...)...)
- if err != nil {
- return nil, err
- }
- c := &KeyManagementClient{
- conn: conn,
- CallOptions: defaultKeyManagementCallOptions(),
-
- keyManagementClient: kmspb.NewKeyManagementServiceClient(conn),
- }
- c.setGoogleClientInfo()
- return c, nil
- }
-
- // Connection returns the client's connection to the API service.
- func (c *KeyManagementClient) Connection() *grpc.ClientConn {
- return c.conn
- }
-
- // Close closes the connection to the API service. The user should invoke this when
- // the client is no longer required.
- func (c *KeyManagementClient) Close() error {
- return c.conn.Close()
- }
-
- // setGoogleClientInfo sets the name and version of the application in
- // the `x-goog-api-client` header passed on each request. Intended for
- // use by Google-written clients.
- func (c *KeyManagementClient) setGoogleClientInfo(keyval ...string) {
- kv := append([]string{"gl-go", versionGo()}, keyval...)
- kv = append(kv, "gapic", versionClient, "gax", gax.Version, "grpc", grpc.Version)
- c.xGoogMetadata = metadata.Pairs("x-goog-api-client", gax.XGoogHeader(kv...))
- }
-
- // ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing].
- func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.ListKeyRings[0:len(c.CallOptions.ListKeyRings):len(c.CallOptions.ListKeyRings)], opts...)
- it := &KeyRingIterator{}
- req = proto.Clone(req).(*kmspb.ListKeyRingsRequest)
- it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.KeyRing, string, error) {
- var resp *kmspb.ListKeyRingsResponse
- req.PageToken = pageToken
- if pageSize > math.MaxInt32 {
- req.PageSize = math.MaxInt32
- } else {
- req.PageSize = int32(pageSize)
- }
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.ListKeyRings(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, "", err
- }
- return resp.KeyRings, resp.NextPageToken, nil
- }
- fetch := func(pageSize int, pageToken string) (string, error) {
- items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
- if err != nil {
- return "", err
- }
- it.items = append(it.items, items...)
- return nextPageToken, nil
- }
- it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
- it.pageInfo.MaxSize = int(req.PageSize)
- return it
- }
-
- // ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
- func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.ListCryptoKeys[0:len(c.CallOptions.ListCryptoKeys):len(c.CallOptions.ListCryptoKeys)], opts...)
- it := &CryptoKeyIterator{}
- req = proto.Clone(req).(*kmspb.ListCryptoKeysRequest)
- it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKey, string, error) {
- var resp *kmspb.ListCryptoKeysResponse
- req.PageToken = pageToken
- if pageSize > math.MaxInt32 {
- req.PageSize = math.MaxInt32
- } else {
- req.PageSize = int32(pageSize)
- }
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.ListCryptoKeys(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, "", err
- }
- return resp.CryptoKeys, resp.NextPageToken, nil
- }
- fetch := func(pageSize int, pageToken string) (string, error) {
- items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
- if err != nil {
- return "", err
- }
- it.items = append(it.items, items...)
- return nextPageToken, nil
- }
- it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
- it.pageInfo.MaxSize = int(req.PageSize)
- return it
- }
-
- // ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
- func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.ListCryptoKeyVersions[0:len(c.CallOptions.ListCryptoKeyVersions):len(c.CallOptions.ListCryptoKeyVersions)], opts...)
- it := &CryptoKeyVersionIterator{}
- req = proto.Clone(req).(*kmspb.ListCryptoKeyVersionsRequest)
- it.InternalFetch = func(pageSize int, pageToken string) ([]*kmspb.CryptoKeyVersion, string, error) {
- var resp *kmspb.ListCryptoKeyVersionsResponse
- req.PageToken = pageToken
- if pageSize > math.MaxInt32 {
- req.PageSize = math.MaxInt32
- } else {
- req.PageSize = int32(pageSize)
- }
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.ListCryptoKeyVersions(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, "", err
- }
- return resp.CryptoKeyVersions, resp.NextPageToken, nil
- }
- fetch := func(pageSize int, pageToken string) (string, error) {
- items, nextPageToken, err := it.InternalFetch(pageSize, pageToken)
- if err != nil {
- return "", err
- }
- it.items = append(it.items, items...)
- return nextPageToken, nil
- }
- it.pageInfo, it.nextFunc = iterator.NewPageInfo(fetch, it.bufLen, it.takeBuf)
- it.pageInfo.MaxSize = int(req.PageSize)
- return it
- }
-
- // GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
- func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.GetKeyRing[0:len(c.CallOptions.GetKeyRing):len(c.CallOptions.GetKeyRing)], opts...)
- var resp *kmspb.KeyRing
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.GetKeyRing(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
- // well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
- // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
- func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.GetCryptoKey[0:len(c.CallOptions.GetCryptoKey):len(c.CallOptions.GetCryptoKey)], opts...)
- var resp *kmspb.CryptoKey
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.GetCryptoKey(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // GetCryptoKeyVersion returns metadata for a given
- // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
- func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.GetCryptoKeyVersion[0:len(c.CallOptions.GetCryptoKeyVersion):len(c.CallOptions.GetCryptoKeyVersion)], opts...)
- var resp *kmspb.CryptoKeyVersion
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.GetCryptoKeyVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
- // Location.
- func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.CreateKeyRing[0:len(c.CallOptions.CreateKeyRing):len(c.CallOptions.CreateKeyRing)], opts...)
- var resp *kmspb.KeyRing
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.CreateKeyRing(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
- // [KeyRing][google.cloud.kms.v1.KeyRing].
- //
- // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
- // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
- // are required.
- func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.CreateCryptoKey[0:len(c.CallOptions.CreateCryptoKey):len(c.CallOptions.CreateCryptoKey)], opts...)
- var resp *kmspb.CryptoKey
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.CreateCryptoKey(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
- // [CryptoKey][google.cloud.kms.v1.CryptoKey].
- //
- // The server will assign the next sequential id. If unset,
- // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
- // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
- func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "parent", req.GetParent()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.CreateCryptoKeyVersion[0:len(c.CallOptions.CreateCryptoKeyVersion):len(c.CallOptions.CreateCryptoKeyVersion)], opts...)
- var resp *kmspb.CryptoKeyVersion
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.CreateCryptoKeyVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
- func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key.name", req.GetCryptoKey().GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.UpdateCryptoKey[0:len(c.CallOptions.UpdateCryptoKey):len(c.CallOptions.UpdateCryptoKey)], opts...)
- var resp *kmspb.CryptoKey
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.UpdateCryptoKey(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
- // metadata.
- //
- // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
- // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
- // and
- // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
- // using this method. See
- // [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
- // and
- // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
- // to move between other states.
- func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "crypto_key_version.name", req.GetCryptoKeyVersion().GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.UpdateCryptoKeyVersion[0:len(c.CallOptions.UpdateCryptoKeyVersion):len(c.CallOptions.UpdateCryptoKeyVersion)], opts...)
- var resp *kmspb.CryptoKeyVersion
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.UpdateCryptoKeyVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // Encrypt encrypts data, so that it can only be recovered by a call to
- // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
- // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
- // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
- func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.Encrypt[0:len(c.CallOptions.Encrypt):len(c.CallOptions.Encrypt)], opts...)
- var resp *kmspb.EncryptResponse
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.Encrypt(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // Decrypt decrypts data that was protected by
- // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
- // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
- // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
- func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.Decrypt[0:len(c.CallOptions.Decrypt):len(c.CallOptions.Decrypt)], opts...)
- var resp *kmspb.DecryptResponse
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.Decrypt(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
- // will be used in
- // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
- //
- // Returns an error if called on an asymmetric key.
- func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.UpdateCryptoKeyPrimaryVersion[0:len(c.CallOptions.UpdateCryptoKeyPrimaryVersion):len(c.CallOptions.UpdateCryptoKeyPrimaryVersion)], opts...)
- var resp *kmspb.CryptoKey
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.UpdateCryptoKeyPrimaryVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
- // destruction.
- //
- // Upon calling this method,
- // [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
- // be set to
- // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
- // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
- // be set to a time 24 hours in the future, at which point the
- // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to
- // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
- // and the key material will be irrevocably destroyed.
- //
- // Before the
- // [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
- // reached,
- // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
- // may be called to reverse the process.
- func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.DestroyCryptoKeyVersion[0:len(c.CallOptions.DestroyCryptoKeyVersion):len(c.CallOptions.DestroyCryptoKeyVersion)], opts...)
- var resp *kmspb.CryptoKeyVersion
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.DestroyCryptoKeyVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
- // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
- // state.
- //
- // Upon restoration of the CryptoKeyVersion,
- // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
- // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
- // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
- // be cleared.
- func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.RestoreCryptoKeyVersion[0:len(c.CallOptions.RestoreCryptoKeyVersion):len(c.CallOptions.RestoreCryptoKeyVersion)], opts...)
- var resp *kmspb.CryptoKeyVersion
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.RestoreCryptoKeyVersion(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // GetPublicKey returns the public key for the given
- // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
- // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
- // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
- // or
- // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
- func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.GetPublicKey[0:len(c.CallOptions.GetPublicKey):len(c.CallOptions.GetPublicKey)], opts...)
- var resp *kmspb.PublicKey
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.GetPublicKey(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from
- // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
- // corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
- // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
- // ASYMMETRIC_DECRYPT.
- func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.AsymmetricDecrypt[0:len(c.CallOptions.AsymmetricDecrypt):len(c.CallOptions.AsymmetricDecrypt)], opts...)
- var resp *kmspb.AsymmetricDecryptResponse
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.AsymmetricDecrypt(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
- // with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
- // ASYMMETRIC_SIGN, producing a signature that can be verified with the public
- // key retrieved from
- // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
- func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error) {
- md := metadata.Pairs("x-goog-request-params", fmt.Sprintf("%s=%v", "name", req.GetName()))
- ctx = insertMetadata(ctx, c.xGoogMetadata, md)
- opts = append(c.CallOptions.AsymmetricSign[0:len(c.CallOptions.AsymmetricSign):len(c.CallOptions.AsymmetricSign)], opts...)
- var resp *kmspb.AsymmetricSignResponse
- err := gax.Invoke(ctx, func(ctx context.Context, settings gax.CallSettings) error {
- var err error
- resp, err = c.keyManagementClient.AsymmetricSign(ctx, req, settings.GRPC...)
- return err
- }, opts...)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- // CryptoKeyIterator manages a stream of *kmspb.CryptoKey.
- type CryptoKeyIterator struct {
- items []*kmspb.CryptoKey
- pageInfo *iterator.PageInfo
- nextFunc func() error
-
- // InternalFetch is for use by the Google Cloud Libraries only.
- // It is not part of the stable interface of this package.
- //
- // InternalFetch returns results from a single call to the underlying RPC.
- // The number of results is no greater than pageSize.
- // If there are no more results, nextPageToken is empty and err is nil.
- InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error)
- }
-
- // PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
- func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo {
- return it.pageInfo
- }
-
- // Next returns the next result. Its second return value is iterator.Done if there are no more
- // results. Once Next returns Done, all subsequent calls will return Done.
- func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error) {
- var item *kmspb.CryptoKey
- if err := it.nextFunc(); err != nil {
- return item, err
- }
- item = it.items[0]
- it.items = it.items[1:]
- return item, nil
- }
-
- func (it *CryptoKeyIterator) bufLen() int {
- return len(it.items)
- }
-
- func (it *CryptoKeyIterator) takeBuf() interface{} {
- b := it.items
- it.items = nil
- return b
- }
-
- // CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.
- type CryptoKeyVersionIterator struct {
- items []*kmspb.CryptoKeyVersion
- pageInfo *iterator.PageInfo
- nextFunc func() error
-
- // InternalFetch is for use by the Google Cloud Libraries only.
- // It is not part of the stable interface of this package.
- //
- // InternalFetch returns results from a single call to the underlying RPC.
- // The number of results is no greater than pageSize.
- // If there are no more results, nextPageToken is empty and err is nil.
- InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error)
- }
-
- // PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
- func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo {
- return it.pageInfo
- }
-
- // Next returns the next result. Its second return value is iterator.Done if there are no more
- // results. Once Next returns Done, all subsequent calls will return Done.
- func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error) {
- var item *kmspb.CryptoKeyVersion
- if err := it.nextFunc(); err != nil {
- return item, err
- }
- item = it.items[0]
- it.items = it.items[1:]
- return item, nil
- }
-
- func (it *CryptoKeyVersionIterator) bufLen() int {
- return len(it.items)
- }
-
- func (it *CryptoKeyVersionIterator) takeBuf() interface{} {
- b := it.items
- it.items = nil
- return b
- }
-
- // KeyRingIterator manages a stream of *kmspb.KeyRing.
- type KeyRingIterator struct {
- items []*kmspb.KeyRing
- pageInfo *iterator.PageInfo
- nextFunc func() error
-
- // InternalFetch is for use by the Google Cloud Libraries only.
- // It is not part of the stable interface of this package.
- //
- // InternalFetch returns results from a single call to the underlying RPC.
- // The number of results is no greater than pageSize.
- // If there are no more results, nextPageToken is empty and err is nil.
- InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error)
- }
-
- // PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
- func (it *KeyRingIterator) PageInfo() *iterator.PageInfo {
- return it.pageInfo
- }
-
- // Next returns the next result. Its second return value is iterator.Done if there are no more
- // results. Once Next returns Done, all subsequent calls will return Done.
- func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error) {
- var item *kmspb.KeyRing
- if err := it.nextFunc(); err != nil {
- return item, err
- }
- item = it.items[0]
- it.items = it.items[1:]
- return item, nil
- }
-
- func (it *KeyRingIterator) bufLen() int {
- return len(it.items)
- }
-
- func (it *KeyRingIterator) takeBuf() interface{} {
- b := it.items
- it.items = nil
- return b
- }
|