diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index b8edda51..98994f47 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -13,4 +13,5 @@ # limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest - digest: sha256:2e247c7bf5154df7f98cce087a20ca7605e236340c7d6d1a14447e5c06791bd6 + digest: sha256:2d816f26f728ac8b24248741e7d4c461c09764ef9f7be3684d557c9632e46dbd +# created: 2023-06-28T17:03:33.371210701Z diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg index f5912293..5ad599e6 100644 --- a/.kokoro/release/common.cfg +++ b/.kokoro/release/common.cfg @@ -38,3 +38,12 @@ env_vars: { key: "SECRET_MANAGER_KEYS" value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem" } + +# Store the packages we uploaded to PyPI. That way, we have a record of exactly +# what we published, which we can use to generate SBOMs and attestations. +action { + define_artifacts { + regex: "github/python-kms/**/*.tar.gz" + strip_prefix: "github/python-kms" + } +} diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt index 66a2172a..c7929db6 100644 --- a/.kokoro/requirements.txt +++ b/.kokoro/requirements.txt @@ -113,28 +113,26 @@ commonmark==0.9.1 \ --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \ --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9 # via rich -cryptography==39.0.1 \ - --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \ - --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \ - --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \ - --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \ - --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \ - --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \ - --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \ - --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \ - --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \ - --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \ - --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \ - --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \ - --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \ - --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \ - --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \ - --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \ - --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \ - --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \ - --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \ - --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \ - --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8 +cryptography==41.0.0 \ + --hash=sha256:0ddaee209d1cf1f180f1efa338a68c4621154de0afaef92b89486f5f96047c55 \ + --hash=sha256:14754bcdae909d66ff24b7b5f166d69340ccc6cb15731670435efd5719294895 \ + --hash=sha256:344c6de9f8bda3c425b3a41b319522ba3208551b70c2ae00099c205f0d9fd3be \ + --hash=sha256:34d405ea69a8b34566ba3dfb0521379b210ea5d560fafedf9f800a9a94a41928 \ + --hash=sha256:3680248309d340fda9611498a5319b0193a8dbdb73586a1acf8109d06f25b92d \ + --hash=sha256:3c5ef25d060c80d6d9f7f9892e1d41bb1c79b78ce74805b8cb4aa373cb7d5ec8 \ + --hash=sha256:4ab14d567f7bbe7f1cdff1c53d5324ed4d3fc8bd17c481b395db224fb405c237 \ + --hash=sha256:5c1f7293c31ebc72163a9a0df246f890d65f66b4a40d9ec80081969ba8c78cc9 \ + --hash=sha256:6b71f64beeea341c9b4f963b48ee3b62d62d57ba93eb120e1196b31dc1025e78 \ + --hash=sha256:7d92f0248d38faa411d17f4107fc0bce0c42cae0b0ba5415505df72d751bf62d \ + --hash=sha256:8362565b3835ceacf4dc8f3b56471a2289cf51ac80946f9087e66dc283a810e0 \ + --hash=sha256:84a165379cb9d411d58ed739e4af3396e544eac190805a54ba2e0322feb55c46 \ + --hash=sha256:88ff107f211ea696455ea8d911389f6d2b276aabf3231bf72c8853d22db755c5 \ + --hash=sha256:9f65e842cb02550fac96536edb1d17f24c0a338fd84eaf582be25926e993dde4 \ + --hash=sha256:a4fc68d1c5b951cfb72dfd54702afdbbf0fb7acdc9b7dc4301bbf2225a27714d \ + --hash=sha256:b7f2f5c525a642cecad24ee8670443ba27ac1fab81bba4cc24c7b6b41f2d0c75 \ + --hash=sha256:b846d59a8d5a9ba87e2c3d757ca019fa576793e8758174d3868aecb88d6fc8eb \ + --hash=sha256:bf8fc66012ca857d62f6a347007e166ed59c0bc150cefa49f28376ebe7d992a2 \ + --hash=sha256:f5d0bf9b252f30a31664b6f64432b4730bb7038339bd18b1fafe129cfc2be9be # via # gcp-releasetool # secretstorage @@ -419,9 +417,9 @@ readme-renderer==37.3 \ --hash=sha256:cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273 \ --hash=sha256:f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343 # via twine -requests==2.28.1 \ - --hash=sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983 \ - --hash=sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349 +requests==2.31.0 \ + --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \ + --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 # via # gcp-releasetool # google-api-core diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 9a61761c..7723ed4f 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "2.17.0" + ".": "2.18.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index dc908738..57c8a530 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ [1]: https://pypi.org/project/google-cloud-kms/#history +## [2.18.0](https://github.com/googleapis/python-kms/compare/v2.17.0...v2.18.0) (2023-07-04) + + +### Features + +* Add interoperable symmetric encryption system ([#396](https://github.com/googleapis/python-kms/issues/396)) ([57141c2](https://github.com/googleapis/python-kms/commit/57141c20066600e7203bb7c2035800fe3c9dc2c7)) + + +### Bug Fixes + +* Add async context manager return types ([#398](https://github.com/googleapis/python-kms/issues/398)) ([cb7c193](https://github.com/googleapis/python-kms/commit/cb7c1930c9749d967556ec79ccdef3ae6fb8296d)) + ## [2.17.0](https://github.com/googleapis/python-kms/compare/v2.16.1...v2.17.0) (2023-05-12) diff --git a/google/cloud/kms/__init__.py b/google/cloud/kms/__init__.py index 6e58f005..7f924f16 100644 --- a/google/cloud/kms/__init__.py +++ b/google/cloud/kms/__init__.py @@ -87,6 +87,10 @@ MacSignResponse, MacVerifyRequest, MacVerifyResponse, + RawDecryptRequest, + RawDecryptResponse, + RawEncryptRequest, + RawEncryptResponse, RestoreCryptoKeyVersionRequest, UpdateCryptoKeyPrimaryVersionRequest, UpdateCryptoKeyRequest, @@ -154,6 +158,10 @@ "MacSignResponse", "MacVerifyRequest", "MacVerifyResponse", + "RawDecryptRequest", + "RawDecryptResponse", + "RawEncryptRequest", + "RawEncryptResponse", "RestoreCryptoKeyVersionRequest", "UpdateCryptoKeyPrimaryVersionRequest", "UpdateCryptoKeyRequest", diff --git a/google/cloud/kms/gapic_version.py b/google/cloud/kms/gapic_version.py index 8d4f4cfb..f09943f6 100644 --- a/google/cloud/kms/gapic_version.py +++ b/google/cloud/kms/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "2.17.0" # {x-release-please-version} +__version__ = "2.18.0" # {x-release-please-version} diff --git a/google/cloud/kms_v1/__init__.py b/google/cloud/kms_v1/__init__.py index bcb823b3..6a34ef72 100644 --- a/google/cloud/kms_v1/__init__.py +++ b/google/cloud/kms_v1/__init__.py @@ -84,6 +84,10 @@ MacSignResponse, MacVerifyRequest, MacVerifyResponse, + RawDecryptRequest, + RawDecryptResponse, + RawEncryptRequest, + RawEncryptResponse, RestoreCryptoKeyVersionRequest, UpdateCryptoKeyPrimaryVersionRequest, UpdateCryptoKeyRequest, @@ -147,6 +151,10 @@ "MacVerifyResponse", "ProtectionLevel", "PublicKey", + "RawDecryptRequest", + "RawDecryptResponse", + "RawEncryptRequest", + "RawEncryptResponse", "RestoreCryptoKeyVersionRequest", "UpdateCryptoKeyPrimaryVersionRequest", "UpdateCryptoKeyRequest", diff --git a/google/cloud/kms_v1/gapic_metadata.json b/google/cloud/kms_v1/gapic_metadata.json index 4e2e9842..f9f964fa 100644 --- a/google/cloud/kms_v1/gapic_metadata.json +++ b/google/cloud/kms_v1/gapic_metadata.json @@ -244,6 +244,16 @@ "mac_verify" ] }, + "RawDecrypt": { + "methods": [ + "raw_decrypt" + ] + }, + "RawEncrypt": { + "methods": [ + "raw_encrypt" + ] + }, "RestoreCryptoKeyVersion": { "methods": [ "restore_crypto_key_version" @@ -379,6 +389,16 @@ "mac_verify" ] }, + "RawDecrypt": { + "methods": [ + "raw_decrypt" + ] + }, + "RawEncrypt": { + "methods": [ + "raw_encrypt" + ] + }, "RestoreCryptoKeyVersion": { "methods": [ "restore_crypto_key_version" @@ -514,6 +534,16 @@ "mac_verify" ] }, + "RawDecrypt": { + "methods": [ + "raw_decrypt" + ] + }, + "RawEncrypt": { + "methods": [ + "raw_encrypt" + ] + }, "RestoreCryptoKeyVersion": { "methods": [ "restore_crypto_key_version" diff --git a/google/cloud/kms_v1/gapic_version.py b/google/cloud/kms_v1/gapic_version.py index 8d4f4cfb..f09943f6 100644 --- a/google/cloud/kms_v1/gapic_version.py +++ b/google/cloud/kms_v1/gapic_version.py @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. # -__version__ = "2.17.0" # {x-release-please-version} +__version__ = "2.18.0" # {x-release-please-version} diff --git a/google/cloud/kms_v1/services/ekm_service/async_client.py b/google/cloud/kms_v1/services/ekm_service/async_client.py index e0f88584..9b7883fe 100644 --- a/google/cloud/kms_v1/services/ekm_service/async_client.py +++ b/google/cloud/kms_v1/services/ekm_service/async_client.py @@ -1507,7 +1507,7 @@ async def test_iam_permissions( # Done; return the response. return response - async def __aenter__(self): + async def __aenter__(self) -> "EkmServiceAsyncClient": return self async def __aexit__(self, exc_type, exc, tb): diff --git a/google/cloud/kms_v1/services/ekm_service/transports/rest.py b/google/cloud/kms_v1/services/ekm_service/transports/rest.py index 79327e0b..9f8897c4 100644 --- a/google/cloud/kms_v1/services/ekm_service/transports/rest.py +++ b/google/cloud/kms_v1/services/ekm_service/transports/rest.py @@ -1557,7 +1557,7 @@ def __call__( request_kwargs = json_format.MessageToDict(request) transcoded_request = path_template.transcode(http_options, **request_kwargs) - body = json.loads(json.dumps(transcoded_request["body"])) + body = json.dumps(transcoded_request["body"]) uri = transcoded_request["uri"] method = transcoded_request["method"] @@ -1649,7 +1649,7 @@ def __call__( request_kwargs = json_format.MessageToDict(request) transcoded_request = path_template.transcode(http_options, **request_kwargs) - body = json.loads(json.dumps(transcoded_request["body"])) + body = json.dumps(transcoded_request["body"]) uri = transcoded_request["uri"] method = transcoded_request["method"] diff --git a/google/cloud/kms_v1/services/key_management_service/async_client.py b/google/cloud/kms_v1/services/key_management_service/async_client.py index 79979396..cd0208d2 100644 --- a/google/cloud/kms_v1/services/key_management_service/async_client.py +++ b/google/cloud/kms_v1/services/key_management_service/async_client.py @@ -3078,6 +3078,180 @@ async def sample_decrypt(): # Done; return the response. return response + async def raw_encrypt( + self, + request: Optional[Union[service.RawEncryptRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawEncryptResponse: + r"""Encrypts data using portable cryptographic primitives. Most + users should choose + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] + rather than their raw counterparts. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import kms_v1 + + async def sample_raw_encrypt(): + # Create a client + client = kms_v1.KeyManagementServiceAsyncClient() + + # Initialize request argument(s) + request = kms_v1.RawEncryptRequest( + name="name_value", + plaintext=b'plaintext_blob', + ) + + # Make the request + response = await client.raw_encrypt(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.kms_v1.types.RawEncryptRequest, dict]]): + The request object. Request message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.kms_v1.types.RawEncryptResponse: + Response message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + + """ + # Create or coerce a protobuf request object. + request = service.RawEncryptRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.raw_encrypt, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + async def raw_decrypt( + self, + request: Optional[Union[service.RawDecryptRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawDecryptResponse: + r"""Decrypts data that was originally encrypted using a raw + cryptographic mechanism. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import kms_v1 + + async def sample_raw_decrypt(): + # Create a client + client = kms_v1.KeyManagementServiceAsyncClient() + + # Initialize request argument(s) + request = kms_v1.RawDecryptRequest( + name="name_value", + ciphertext=b'ciphertext_blob', + initialization_vector=b'initialization_vector_blob', + ) + + # Make the request + response = await client.raw_decrypt(request=request) + + # Handle the response + print(response) + + Args: + request (Optional[Union[google.cloud.kms_v1.types.RawDecryptRequest, dict]]): + The request object. Request message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.kms_v1.types.RawDecryptResponse: + Response message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + + """ + # Create or coerce a protobuf request object. + request = service.RawDecryptRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = gapic_v1.method_async.wrap_method( + self._client._transport.raw_decrypt, + default_timeout=None, + client_info=DEFAULT_CLIENT_INFO, + ) + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = await rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + async def asymmetric_sign( self, request: Optional[Union[service.AsymmetricSignRequest, dict]] = None, @@ -4155,7 +4329,7 @@ async def test_iam_permissions( # Done; return the response. return response - async def __aenter__(self): + async def __aenter__(self) -> "KeyManagementServiceAsyncClient": return self async def __aexit__(self, exc_type, exc, tb): diff --git a/google/cloud/kms_v1/services/key_management_service/client.py b/google/cloud/kms_v1/services/key_management_service/client.py index de4214b6..4963c1bb 100644 --- a/google/cloud/kms_v1/services/key_management_service/client.py +++ b/google/cloud/kms_v1/services/key_management_service/client.py @@ -3211,6 +3211,182 @@ def sample_decrypt(): # Done; return the response. return response + def raw_encrypt( + self, + request: Optional[Union[service.RawEncryptRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawEncryptResponse: + r"""Encrypts data using portable cryptographic primitives. Most + users should choose + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] + rather than their raw counterparts. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import kms_v1 + + def sample_raw_encrypt(): + # Create a client + client = kms_v1.KeyManagementServiceClient() + + # Initialize request argument(s) + request = kms_v1.RawEncryptRequest( + name="name_value", + plaintext=b'plaintext_blob', + ) + + # Make the request + response = client.raw_encrypt(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.kms_v1.types.RawEncryptRequest, dict]): + The request object. Request message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.kms_v1.types.RawEncryptResponse: + Response message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.RawEncryptRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.RawEncryptRequest): + request = service.RawEncryptRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.raw_encrypt] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + + def raw_decrypt( + self, + request: Optional[Union[service.RawDecryptRequest, dict]] = None, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Union[float, object] = gapic_v1.method.DEFAULT, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawDecryptResponse: + r"""Decrypts data that was originally encrypted using a raw + cryptographic mechanism. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + .. code-block:: python + + # This snippet has been automatically generated and should be regarded as a + # code template only. + # It will require modifications to work: + # - It may require correct/in-range values for request initialization. + # - It may require specifying regional endpoints when creating the service + # client as shown in: + # https://googleapis.dev/python/google-api-core/latest/client_options.html + from google.cloud import kms_v1 + + def sample_raw_decrypt(): + # Create a client + client = kms_v1.KeyManagementServiceClient() + + # Initialize request argument(s) + request = kms_v1.RawDecryptRequest( + name="name_value", + ciphertext=b'ciphertext_blob', + initialization_vector=b'initialization_vector_blob', + ) + + # Make the request + response = client.raw_decrypt(request=request) + + # Handle the response + print(response) + + Args: + request (Union[google.cloud.kms_v1.types.RawDecryptRequest, dict]): + The request object. Request message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + google.cloud.kms_v1.types.RawDecryptResponse: + Response message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + + """ + # Create or coerce a protobuf request object. + # Minor optimization to avoid making a copy if the user passes + # in a service.RawDecryptRequest. + # There's no risk of modifying the input as we've already verified + # there are no flattened fields. + if not isinstance(request, service.RawDecryptRequest): + request = service.RawDecryptRequest(request) + + # Wrap the RPC method; this adds retry and timeout information, + # and friendly error handling. + rpc = self._transport._wrapped_methods[self._transport.raw_decrypt] + + # Certain fields should be provided within the metadata header; + # add these here. + metadata = tuple(metadata) + ( + gapic_v1.routing_header.to_grpc_metadata((("name", request.name),)), + ) + + # Send the request. + response = rpc( + request, + retry=retry, + timeout=timeout, + metadata=metadata, + ) + + # Done; return the response. + return response + def asymmetric_sign( self, request: Optional[Union[service.AsymmetricSignRequest, dict]] = None, diff --git a/google/cloud/kms_v1/services/key_management_service/transports/base.py b/google/cloud/kms_v1/services/key_management_service/transports/base.py index ade762ef..36954f6b 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/base.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/base.py @@ -423,6 +423,16 @@ def _prep_wrapped_messages(self, client_info): default_timeout=60.0, client_info=client_info, ), + self.raw_encrypt: gapic_v1.method.wrap_method( + self.raw_encrypt, + default_timeout=None, + client_info=client_info, + ), + self.raw_decrypt: gapic_v1.method.wrap_method( + self.raw_decrypt, + default_timeout=None, + client_info=client_info, + ), self.asymmetric_sign: gapic_v1.method.wrap_method( self.asymmetric_sign, default_retry=retries.Retry( @@ -705,6 +715,24 @@ def decrypt( ]: raise NotImplementedError() + @property + def raw_encrypt( + self, + ) -> Callable[ + [service.RawEncryptRequest], + Union[service.RawEncryptResponse, Awaitable[service.RawEncryptResponse]], + ]: + raise NotImplementedError() + + @property + def raw_decrypt( + self, + ) -> Callable[ + [service.RawDecryptRequest], + Union[service.RawDecryptResponse, Awaitable[service.RawDecryptResponse]], + ]: + raise NotImplementedError() + @property def asymmetric_sign( self, diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py index 54793ad1..8889532e 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/grpc.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc.py @@ -884,6 +884,69 @@ def decrypt(self) -> Callable[[service.DecryptRequest], service.DecryptResponse] ) return self._stubs["decrypt"] + @property + def raw_encrypt( + self, + ) -> Callable[[service.RawEncryptRequest], service.RawEncryptResponse]: + r"""Return a callable for the raw encrypt method over gRPC. + + Encrypts data using portable cryptographic primitives. Most + users should choose + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] + rather than their raw counterparts. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.RawEncryptRequest], + ~.RawEncryptResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "raw_encrypt" not in self._stubs: + self._stubs["raw_encrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RawEncrypt", + request_serializer=service.RawEncryptRequest.serialize, + response_deserializer=service.RawEncryptResponse.deserialize, + ) + return self._stubs["raw_encrypt"] + + @property + def raw_decrypt( + self, + ) -> Callable[[service.RawDecryptRequest], service.RawDecryptResponse]: + r"""Return a callable for the raw decrypt method over gRPC. + + Decrypts data that was originally encrypted using a raw + cryptographic mechanism. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.RawDecryptRequest], + ~.RawDecryptResponse]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "raw_decrypt" not in self._stubs: + self._stubs["raw_decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RawDecrypt", + request_serializer=service.RawDecryptRequest.serialize, + response_deserializer=service.RawDecryptResponse.deserialize, + ) + return self._stubs["raw_decrypt"] + @property def asymmetric_sign( self, diff --git a/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py index bb424925..a8630ad1 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/grpc_asyncio.py @@ -914,6 +914,69 @@ def decrypt( ) return self._stubs["decrypt"] + @property + def raw_encrypt( + self, + ) -> Callable[[service.RawEncryptRequest], Awaitable[service.RawEncryptResponse]]: + r"""Return a callable for the raw encrypt method over gRPC. + + Encrypts data using portable cryptographic primitives. Most + users should choose + [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and + [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] + rather than their raw counterparts. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.RawEncryptRequest], + Awaitable[~.RawEncryptResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "raw_encrypt" not in self._stubs: + self._stubs["raw_encrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RawEncrypt", + request_serializer=service.RawEncryptRequest.serialize, + response_deserializer=service.RawEncryptResponse.deserialize, + ) + return self._stubs["raw_encrypt"] + + @property + def raw_decrypt( + self, + ) -> Callable[[service.RawDecryptRequest], Awaitable[service.RawDecryptResponse]]: + r"""Return a callable for the raw decrypt method over gRPC. + + Decrypts data that was originally encrypted using a raw + cryptographic mechanism. The + [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must + be + [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT]. + + Returns: + Callable[[~.RawDecryptRequest], + Awaitable[~.RawDecryptResponse]]: + A function that, when called, will call the underlying RPC + on the server. + """ + # Generate a "stub function" on-the-fly which will actually make + # the request. + # gRPC handles serialization and deserialization, so we just need + # to pass in the functions for each. + if "raw_decrypt" not in self._stubs: + self._stubs["raw_decrypt"] = self.grpc_channel.unary_unary( + "/google.cloud.kms.v1.KeyManagementService/RawDecrypt", + request_serializer=service.RawDecryptRequest.serialize, + response_deserializer=service.RawDecryptResponse.deserialize, + ) + return self._stubs["raw_decrypt"] + @property def asymmetric_sign( self, diff --git a/google/cloud/kms_v1/services/key_management_service/transports/rest.py b/google/cloud/kms_v1/services/key_management_service/transports/rest.py index 1da480ad..f7ce1bf1 100644 --- a/google/cloud/kms_v1/services/key_management_service/transports/rest.py +++ b/google/cloud/kms_v1/services/key_management_service/transports/rest.py @@ -245,6 +245,22 @@ def post_mac_verify(self, response): logging.log(f"Received response: {response}") return response + def pre_raw_decrypt(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_raw_decrypt(self, response): + logging.log(f"Received response: {response}") + return response + + def pre_raw_encrypt(self, request, metadata): + logging.log(f"Received request: {request}") + return request, metadata + + def post_raw_encrypt(self, response): + logging.log(f"Received response: {response}") + return response + def pre_restore_crypto_key_version(self, request, metadata): logging.log(f"Received request: {request}") return request, metadata @@ -759,6 +775,48 @@ def post_mac_verify( """ return response + def pre_raw_decrypt( + self, request: service.RawDecryptRequest, metadata: Sequence[Tuple[str, str]] + ) -> Tuple[service.RawDecryptRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for raw_decrypt + + Override in a subclass to manipulate the request or metadata + before they are sent to the KeyManagementService server. + """ + return request, metadata + + def post_raw_decrypt( + self, response: service.RawDecryptResponse + ) -> service.RawDecryptResponse: + """Post-rpc interceptor for raw_decrypt + + Override in a subclass to manipulate the response + after it is returned by the KeyManagementService server but before + it is returned to user code. + """ + return response + + def pre_raw_encrypt( + self, request: service.RawEncryptRequest, metadata: Sequence[Tuple[str, str]] + ) -> Tuple[service.RawEncryptRequest, Sequence[Tuple[str, str]]]: + """Pre-rpc interceptor for raw_encrypt + + Override in a subclass to manipulate the request or metadata + before they are sent to the KeyManagementService server. + """ + return request, metadata + + def post_raw_encrypt( + self, response: service.RawEncryptResponse + ) -> service.RawEncryptResponse: + """Post-rpc interceptor for raw_encrypt + + Override in a subclass to manipulate the response + after it is returned by the KeyManagementService server but before + it is returned to user code. + """ + return response + def pre_restore_crypto_key_version( self, request: service.RestoreCryptoKeyVersionRequest, @@ -3319,6 +3377,202 @@ def __call__( resp = self._interceptor.post_mac_verify(resp) return resp + class _RawDecrypt(KeyManagementServiceRestStub): + def __hash__(self): + return hash("RawDecrypt") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: service.RawDecryptRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawDecryptResponse: + r"""Call the raw decrypt method over HTTP. + + Args: + request (~.service.RawDecryptRequest): + The request object. Request message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.RawDecryptResponse: + Response message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawDecrypt", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_raw_decrypt(request, metadata) + pb_request = service.RawDecryptRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = service.RawDecryptResponse() + pb_resp = service.RawDecryptResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_raw_decrypt(resp) + return resp + + class _RawEncrypt(KeyManagementServiceRestStub): + def __hash__(self): + return hash("RawEncrypt") + + __REQUIRED_FIELDS_DEFAULT_VALUES: Dict[str, Any] = {} + + @classmethod + def _get_unset_required_fields(cls, message_dict): + return { + k: v + for k, v in cls.__REQUIRED_FIELDS_DEFAULT_VALUES.items() + if k not in message_dict + } + + def __call__( + self, + request: service.RawEncryptRequest, + *, + retry: OptionalRetry = gapic_v1.method.DEFAULT, + timeout: Optional[float] = None, + metadata: Sequence[Tuple[str, str]] = (), + ) -> service.RawEncryptResponse: + r"""Call the raw encrypt method over HTTP. + + Args: + request (~.service.RawEncryptRequest): + The request object. Request message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + retry (google.api_core.retry.Retry): Designation of what errors, if any, + should be retried. + timeout (float): The timeout for this request. + metadata (Sequence[Tuple[str, str]]): Strings which should be + sent along with the request as metadata. + + Returns: + ~.service.RawEncryptResponse: + Response message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + + """ + + http_options: List[Dict[str, str]] = [ + { + "method": "post", + "uri": "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawEncrypt", + "body": "*", + }, + ] + request, metadata = self._interceptor.pre_raw_encrypt(request, metadata) + pb_request = service.RawEncryptRequest.pb(request) + transcoded_request = path_template.transcode(http_options, pb_request) + + # Jsonify the request body + + body = json_format.MessageToJson( + transcoded_request["body"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + uri = transcoded_request["uri"] + method = transcoded_request["method"] + + # Jsonify the query params + query_params = json.loads( + json_format.MessageToJson( + transcoded_request["query_params"], + including_default_value_fields=False, + use_integers_for_enums=True, + ) + ) + query_params.update(self._get_unset_required_fields(query_params)) + + query_params["$alt"] = "json;enum-encoding=int" + + # Send the request + headers = dict(metadata) + headers["Content-Type"] = "application/json" + response = getattr(self._session, method)( + "{host}{uri}".format(host=self._host, uri=uri), + timeout=timeout, + headers=headers, + params=rest_helpers.flatten_query_params(query_params, strict=True), + data=body, + ) + + # In case of error, raise the appropriate core_exceptions.GoogleAPICallError exception + # subclass. + if response.status_code >= 400: + raise core_exceptions.from_http_response(response) + + # Return the response + resp = service.RawEncryptResponse() + pb_resp = service.RawEncryptResponse.pb(resp) + + json_format.Parse(response.content, pb_resp, ignore_unknown_fields=True) + resp = self._interceptor.post_raw_encrypt(resp) + return resp + class _RestoreCryptoKeyVersion(KeyManagementServiceRestStub): def __hash__(self): return hash("RestoreCryptoKeyVersion") @@ -3939,6 +4193,22 @@ def mac_verify( # In C++ this would require a dynamic_cast return self._MacVerify(self._session, self._host, self._interceptor) # type: ignore + @property + def raw_decrypt( + self, + ) -> Callable[[service.RawDecryptRequest], service.RawDecryptResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RawDecrypt(self._session, self._host, self._interceptor) # type: ignore + + @property + def raw_encrypt( + self, + ) -> Callable[[service.RawEncryptRequest], service.RawEncryptResponse]: + # The return type is fine, but mypy isn't sophisticated enough to determine what's going on here. + # In C++ this would require a dynamic_cast + return self._RawEncrypt(self._session, self._host, self._interceptor) # type: ignore + @property def restore_crypto_key_version( self, @@ -4249,7 +4519,7 @@ def __call__( request_kwargs = json_format.MessageToDict(request) transcoded_request = path_template.transcode(http_options, **request_kwargs) - body = json.loads(json.dumps(transcoded_request["body"])) + body = json.dumps(transcoded_request["body"]) uri = transcoded_request["uri"] method = transcoded_request["method"] @@ -4341,7 +4611,7 @@ def __call__( request_kwargs = json_format.MessageToDict(request) transcoded_request = path_template.transcode(http_options, **request_kwargs) - body = json.loads(json.dumps(transcoded_request["body"])) + body = json.dumps(transcoded_request["body"]) uri = transcoded_request["uri"] method = transcoded_request["method"] diff --git a/google/cloud/kms_v1/types/__init__.py b/google/cloud/kms_v1/types/__init__.py index 183a8fcf..3bd05dd6 100644 --- a/google/cloud/kms_v1/types/__init__.py +++ b/google/cloud/kms_v1/types/__init__.py @@ -74,6 +74,10 @@ MacSignResponse, MacVerifyRequest, MacVerifyResponse, + RawDecryptRequest, + RawDecryptResponse, + RawEncryptRequest, + RawEncryptResponse, RestoreCryptoKeyVersionRequest, UpdateCryptoKeyPrimaryVersionRequest, UpdateCryptoKeyRequest, @@ -137,6 +141,10 @@ "MacSignResponse", "MacVerifyRequest", "MacVerifyResponse", + "RawDecryptRequest", + "RawDecryptResponse", + "RawEncryptRequest", + "RawEncryptResponse", "RestoreCryptoKeyVersionRequest", "UpdateCryptoKeyPrimaryVersionRequest", "UpdateCryptoKeyRequest", diff --git a/google/cloud/kms_v1/types/resources.py b/google/cloud/kms_v1/types/resources.py index cc482971..c004af43 100644 --- a/google/cloud/kms_v1/types/resources.py +++ b/google/cloud/kms_v1/types/resources.py @@ -239,6 +239,15 @@ class CryptoKeyPurpose(proto.Enum): [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. + RAW_ENCRYPT_DECRYPT (7): + [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this + purpose may be used with + [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt] + and + [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + This purpose is meant to be used for interoperable symmetric + encryption and does not support automatic CryptoKey + rotation. MAC (9): [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with @@ -248,6 +257,7 @@ class CryptoKeyPurpose(proto.Enum): ENCRYPT_DECRYPT = 1 ASYMMETRIC_SIGN = 5 ASYMMETRIC_DECRYPT = 6 + RAW_ENCRYPT_DECRYPT = 7 MAC = 9 name: str = proto.Field( @@ -586,6 +596,12 @@ class CryptoKeyVersionAlgorithm(proto.Enum): Not specified. GOOGLE_SYMMETRIC_ENCRYPTION (1): Creates symmetric encryption keys. + AES_128_GCM (41): + AES-GCM (Galois Counter Mode) using 128-bit + keys. + AES_256_GCM (19): + AES-GCM (Galois Counter Mode) using 256-bit + keys. RSA_SIGN_PSS_2048_SHA256 (2): RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 (3): @@ -654,6 +670,8 @@ class CryptoKeyVersionAlgorithm(proto.Enum): """ CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0 GOOGLE_SYMMETRIC_ENCRYPTION = 1 + AES_128_GCM = 41 + AES_256_GCM = 19 RSA_SIGN_PSS_2048_SHA256 = 2 RSA_SIGN_PSS_3072_SHA256 = 3 RSA_SIGN_PSS_4096_SHA256 = 4 diff --git a/google/cloud/kms_v1/types/service.py b/google/cloud/kms_v1/types/service.py index e331401a..670e88a8 100644 --- a/google/cloud/kms_v1/types/service.py +++ b/google/cloud/kms_v1/types/service.py @@ -51,6 +51,8 @@ "RestoreCryptoKeyVersionRequest", "EncryptRequest", "DecryptRequest", + "RawEncryptRequest", + "RawDecryptRequest", "AsymmetricSignRequest", "AsymmetricDecryptRequest", "MacSignRequest", @@ -58,6 +60,8 @@ "GenerateRandomBytesRequest", "EncryptResponse", "DecryptResponse", + "RawEncryptResponse", + "RawDecryptResponse", "AsymmetricSignResponse", "AsymmetricDecryptResponse", "MacSignResponse", @@ -1116,6 +1120,260 @@ class DecryptRequest(proto.Message): ) +class RawEncryptRequest(proto.Message): + r"""Request message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for encryption. + plaintext (bytes): + Required. The data to encrypt. Must be no larger than 64KiB. + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the plaintext must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger than + 8KiB. + additional_authenticated_data (bytes): + Optional. Optional data that, if specified, must also be + provided during decryption through + [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. + + This field may only be used in conjunction with an + [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm] + that accepts additional authenticated data (for example, + AES-GCM). + + The maximum size depends on the key version's + [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. + For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] + keys, the plaintext must be no larger than 64KiB. For + [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the + combined length of the plaintext and + additional_authenticated_data fields must be no larger than + 8KiB. + plaintext_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawEncryptRequest.plaintext][google.cloud.kms.v1.RawEncryptRequest.plaintext]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received plaintext using + this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(plaintext) is equal to plaintext_crc32c, and if so, + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + additional_authenticated_data_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + additional_authenticated_data using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(additional_authenticated_data) is equal to + additional_authenticated_data_crc32c, and if so, perform a + limited number of retries. A persistent mismatch may + indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + initialization_vector (bytes): + Optional. A customer-supplied initialization vector that + will be used for encryption. If it is not provided for + AES-CBC and AES-CTR, one will be generated. It will be + returned in + [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. + initialization_vector_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawEncryptRequest.initialization_vector][google.cloud.kms.v1.RawEncryptRequest.initialization_vector]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + initialization_vector using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(initialization_vector) is equal to + initialization_vector_crc32c, and if so, perform a limited + number of retries. A persistent mismatch may indicate an + issue in your computation of the CRC32C checksum. Note: This + field is defined as int64 for reasons of compatibility + across different languages. However, it is a non-negative + integer, which will never exceed 2^32-1, and can be safely + downconverted to uint32 in languages that support this type. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + plaintext: bytes = proto.Field( + proto.BYTES, + number=2, + ) + additional_authenticated_data: bytes = proto.Field( + proto.BYTES, + number=3, + ) + plaintext_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=4, + message=wrappers_pb2.Int64Value, + ) + additional_authenticated_data_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=5, + message=wrappers_pb2.Int64Value, + ) + initialization_vector: bytes = proto.Field( + proto.BYTES, + number=6, + ) + initialization_vector_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=7, + message=wrappers_pb2.Int64Value, + ) + + +class RawDecryptRequest(proto.Message): + r"""Request message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + + Attributes: + name (str): + Required. The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to + use for decryption. + ciphertext (bytes): + Required. The encrypted data originally returned in + [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext]. + additional_authenticated_data (bytes): + Optional. Optional data that must match the data originally + supplied in + [RawEncryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data]. + initialization_vector (bytes): + Required. The initialization vector (IV) used during + encryption, which must match the data originally provided in + [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. + tag_length (int): + The length of the authentication tag that is + appended to the end of the ciphertext. If + unspecified (0), the default value for the key's + algorithm will be used (for AES-GCM, the default + value is 16). + ciphertext_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawDecryptRequest.ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received ciphertext using + this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(ciphertext) is equal to ciphertext_crc32c, and if so, + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + additional_authenticated_data_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawDecryptRequest.additional_authenticated_data][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + additional_authenticated_data using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(additional_authenticated_data) is equal to + additional_authenticated_data_crc32c, and if so, perform a + limited number of retries. A persistent mismatch may + indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + initialization_vector_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Optional. An optional CRC32C checksum of the + [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector]. + If specified, + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will verify the integrity of the received + initialization_vector using this checksum. + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + will report an error if the checksum verification fails. If + you receive a checksum error, your client should verify that + CRC32C(initialization_vector) is equal to + initialization_vector_crc32c, and if so, perform a limited + number of retries. A persistent mismatch may indicate an + issue in your computation of the CRC32C checksum. Note: This + field is defined as int64 for reasons of compatibility + across different languages. However, it is a non-negative + integer, which will never exceed 2^32-1, and can be safely + downconverted to uint32 in languages that support this type. + """ + + name: str = proto.Field( + proto.STRING, + number=1, + ) + ciphertext: bytes = proto.Field( + proto.BYTES, + number=2, + ) + additional_authenticated_data: bytes = proto.Field( + proto.BYTES, + number=3, + ) + initialization_vector: bytes = proto.Field( + proto.BYTES, + number=4, + ) + tag_length: int = proto.Field( + proto.INT32, + number=5, + ) + ciphertext_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=6, + message=wrappers_pb2.Int64Value, + ) + additional_authenticated_data_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=7, + message=wrappers_pb2.Int64Value, + ) + initialization_vector_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=8, + message=wrappers_pb2.Int64Value, + ) + + class AsymmetricSignRequest(proto.Message): r"""Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. @@ -1580,6 +1838,259 @@ class DecryptResponse(proto.Message): ) +class RawEncryptResponse(proto.Message): + r"""Response message for + [KeyManagementService.RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]. + + Attributes: + ciphertext (bytes): + The encrypted data. In the case of AES-GCM, the + authentication tag is the + [tag_length][google.cloud.kms.v1.RawEncryptResponse.tag_length] + bytes at the end of this field. + initialization_vector (bytes): + The initialization vector (IV) generated by the service + during encryption. This value must be stored and provided in + [RawDecryptRequest.initialization_vector][google.cloud.kms.v1.RawDecryptRequest.initialization_vector] + at decryption time. + tag_length (int): + The length of the authentication tag that is + appended to the end of the ciphertext. + ciphertext_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext]. + An integrity check of ciphertext can be performed by + computing the CRC32C checksum of ciphertext and comparing + your results to this field. Discard the response in case of + non-matching checksum values, and perform a limited number + of retries. A persistent mismatch may indicate an issue in + your computation of the CRC32C checksum. Note: This field is + defined as int64 for reasons of compatibility across + different languages. However, it is a non-negative integer, + which will never exceed 2^32-1, and can be safely + downconverted to uint32 in languages that support this type. + initialization_vector_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector]. + An integrity check of initialization_vector can be performed + by computing the CRC32C checksum of initialization_vector + and comparing your results to this field. Discard the + response in case of non-matching checksum values, and + perform a limited number of retries. A persistent mismatch + may indicate an issue in your computation of the CRC32C + checksum. Note: This field is defined as int64 for reasons + of compatibility across different languages. However, it is + a non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + verified_plaintext_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the plaintext. A + false value of this field indicates either that + [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawEncryptRequest.plaintext_crc32c][google.cloud.kms.v1.RawEncryptRequest.plaintext_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + verified_additional_authenticated_data_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of + additional_authenticated_data. A false value of this field + indicates either that // + [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawEncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawEncryptRequest.additional_authenticated_data_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + verified_initialization_vector_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of + initialization_vector. A false value of this field indicates + either that + [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawEncryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawEncryptRequest.initialization_vector_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + name (str): + The resource name of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + used in encryption. Check this field to verify that the + intended resource was used for encryption. + protection_level (google.cloud.kms_v1.types.ProtectionLevel): + The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] + of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + used in encryption. + """ + + ciphertext: bytes = proto.Field( + proto.BYTES, + number=1, + ) + initialization_vector: bytes = proto.Field( + proto.BYTES, + number=2, + ) + tag_length: int = proto.Field( + proto.INT32, + number=3, + ) + ciphertext_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=4, + message=wrappers_pb2.Int64Value, + ) + initialization_vector_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=5, + message=wrappers_pb2.Int64Value, + ) + verified_plaintext_crc32c: bool = proto.Field( + proto.BOOL, + number=6, + ) + verified_additional_authenticated_data_crc32c: bool = proto.Field( + proto.BOOL, + number=7, + ) + verified_initialization_vector_crc32c: bool = proto.Field( + proto.BOOL, + number=10, + ) + name: str = proto.Field( + proto.STRING, + number=8, + ) + protection_level: resources.ProtectionLevel = proto.Field( + proto.ENUM, + number=9, + enum=resources.ProtectionLevel, + ) + + +class RawDecryptResponse(proto.Message): + r"""Response message for + [KeyManagementService.RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt]. + + Attributes: + plaintext (bytes): + The decrypted data. + plaintext_crc32c (google.protobuf.wrappers_pb2.Int64Value): + Integrity verification field. A CRC32C checksum of the + returned + [RawDecryptResponse.plaintext][google.cloud.kms.v1.RawDecryptResponse.plaintext]. + An integrity check of plaintext can be performed by + computing the CRC32C checksum of plaintext and comparing + your results to this field. Discard the response in case of + non-matching checksum values, and perform a limited number + of retries. A persistent mismatch may indicate an issue in + your computation of the CRC32C checksum. Note: receiving + this response message indicates that + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + is able to successfully decrypt the + [ciphertext][google.cloud.kms.v1.RawDecryptRequest.ciphertext]. + Note: This field is defined as int64 for reasons of + compatibility across different languages. However, it is a + non-negative integer, which will never exceed 2^32-1, and + can be safely downconverted to uint32 in languages that + support this type. + protection_level (google.cloud.kms_v1.types.ProtectionLevel): + The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] + of the + [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + used in decryption. + verified_ciphertext_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of the ciphertext. A + false value of this field indicates either that + [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.RawDecryptRequest.ciphertext_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + verified_additional_authenticated_data_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of + additional_authenticated_data. A false value of this field + indicates either that // + [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawDecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.RawDecryptRequest.additional_authenticated_data_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + verified_initialization_vector_crc32c (bool): + Integrity verification field. A flag indicating whether + [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] + was received by + [KeyManagementService][google.cloud.kms.v1.KeyManagementService] + and used for the integrity verification of + initialization_vector. A false value of this field indicates + either that + [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] + was left unset or that it was not delivered to + [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. + If you've set + [RawDecryptRequest.initialization_vector_crc32c][google.cloud.kms.v1.RawDecryptRequest.initialization_vector_crc32c] + but this field is still false, discard the response and + perform a limited number of retries. + """ + + plaintext: bytes = proto.Field( + proto.BYTES, + number=1, + ) + plaintext_crc32c: wrappers_pb2.Int64Value = proto.Field( + proto.MESSAGE, + number=2, + message=wrappers_pb2.Int64Value, + ) + protection_level: resources.ProtectionLevel = proto.Field( + proto.ENUM, + number=3, + enum=resources.ProtectionLevel, + ) + verified_ciphertext_crc32c: bool = proto.Field( + proto.BOOL, + number=4, + ) + verified_additional_authenticated_data_crc32c: bool = proto.Field( + proto.BOOL, + number=5, + ) + verified_initialization_vector_crc32c: bool = proto.Field( + proto.BOOL, + number=6, + ) + + class AsymmetricSignResponse(proto.Message): r"""Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]. diff --git a/noxfile.py b/noxfile.py index 95e58c52..7d411fea 100644 --- a/noxfile.py +++ b/noxfile.py @@ -305,10 +305,9 @@ def docfx(session): session.install("-e", ".") session.install( - "sphinx==4.0.1", + "gcp-sphinx-docfx-yaml", "alabaster", "recommonmark", - "gcp-sphinx-docfx-yaml", ) shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True) @@ -380,6 +379,7 @@ def prerelease_deps(session): "grpcio!=1.52.0rc1", "grpcio-status", "google-api-core", + "google-auth", "proto-plus", "google-cloud-testutils", # dependencies of google-cloud-testutils" @@ -392,7 +392,6 @@ def prerelease_deps(session): # Remaining dependencies other_deps = [ "requests", - "google-auth", ] session.install(*other_deps) diff --git a/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_async.py b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_async.py new file mode 100644 index 00000000..e8536589 --- /dev/null +++ b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_async.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RawDecrypt +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-kms + + +# [START cloudkms_v1_generated_KeyManagementService_RawDecrypt_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import kms_v1 + + +async def sample_raw_decrypt(): + # Create a client + client = kms_v1.KeyManagementServiceAsyncClient() + + # Initialize request argument(s) + request = kms_v1.RawDecryptRequest( + name="name_value", + ciphertext=b'ciphertext_blob', + initialization_vector=b'initialization_vector_blob', + ) + + # Make the request + response = await client.raw_decrypt(request=request) + + # Handle the response + print(response) + +# [END cloudkms_v1_generated_KeyManagementService_RawDecrypt_async] diff --git a/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_sync.py b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_sync.py new file mode 100644 index 00000000..1518c8c4 --- /dev/null +++ b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_decrypt_sync.py @@ -0,0 +1,54 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RawDecrypt +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-kms + + +# [START cloudkms_v1_generated_KeyManagementService_RawDecrypt_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import kms_v1 + + +def sample_raw_decrypt(): + # Create a client + client = kms_v1.KeyManagementServiceClient() + + # Initialize request argument(s) + request = kms_v1.RawDecryptRequest( + name="name_value", + ciphertext=b'ciphertext_blob', + initialization_vector=b'initialization_vector_blob', + ) + + # Make the request + response = client.raw_decrypt(request=request) + + # Handle the response + print(response) + +# [END cloudkms_v1_generated_KeyManagementService_RawDecrypt_sync] diff --git a/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_async.py b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_async.py new file mode 100644 index 00000000..b8859670 --- /dev/null +++ b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_async.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RawEncrypt +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-kms + + +# [START cloudkms_v1_generated_KeyManagementService_RawEncrypt_async] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import kms_v1 + + +async def sample_raw_encrypt(): + # Create a client + client = kms_v1.KeyManagementServiceAsyncClient() + + # Initialize request argument(s) + request = kms_v1.RawEncryptRequest( + name="name_value", + plaintext=b'plaintext_blob', + ) + + # Make the request + response = await client.raw_encrypt(request=request) + + # Handle the response + print(response) + +# [END cloudkms_v1_generated_KeyManagementService_RawEncrypt_async] diff --git a/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_sync.py b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_sync.py new file mode 100644 index 00000000..8b5f36be --- /dev/null +++ b/samples/generated_samples/cloudkms_v1_generated_key_management_service_raw_encrypt_sync.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Generated code. DO NOT EDIT! +# +# Snippet for RawEncrypt +# NOTE: This snippet has been automatically generated for illustrative purposes only. +# It may require modifications to work in your environment. + +# To install the latest published package dependency, execute the following: +# python3 -m pip install google-cloud-kms + + +# [START cloudkms_v1_generated_KeyManagementService_RawEncrypt_sync] +# This snippet has been automatically generated and should be regarded as a +# code template only. +# It will require modifications to work: +# - It may require correct/in-range values for request initialization. +# - It may require specifying regional endpoints when creating the service +# client as shown in: +# https://googleapis.dev/python/google-api-core/latest/client_options.html +from google.cloud import kms_v1 + + +def sample_raw_encrypt(): + # Create a client + client = kms_v1.KeyManagementServiceClient() + + # Initialize request argument(s) + request = kms_v1.RawEncryptRequest( + name="name_value", + plaintext=b'plaintext_blob', + ) + + # Make the request + response = client.raw_encrypt(request=request) + + # Handle the response + print(response) + +# [END cloudkms_v1_generated_KeyManagementService_RawEncrypt_sync] diff --git a/samples/generated_samples/snippet_metadata_google.cloud.kms.v1.json b/samples/generated_samples/snippet_metadata_google.cloud.kms.v1.json index b78c880e..e20eef20 100644 --- a/samples/generated_samples/snippet_metadata_google.cloud.kms.v1.json +++ b/samples/generated_samples/snippet_metadata_google.cloud.kms.v1.json @@ -8,7 +8,7 @@ ], "language": "PYTHON", "name": "google-cloud-kms", - "version": "2.17.0" + "version": "2.18.0" }, "snippets": [ { @@ -4832,6 +4832,312 @@ ], "title": "cloudkms_v1_generated_key_management_service_mac_verify_sync.py" }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.kms_v1.KeyManagementServiceAsyncClient", + "shortName": "KeyManagementServiceAsyncClient" + }, + "fullName": "google.cloud.kms_v1.KeyManagementServiceAsyncClient.raw_decrypt", + "method": { + "fullName": "google.cloud.kms.v1.KeyManagementService.RawDecrypt", + "service": { + "fullName": "google.cloud.kms.v1.KeyManagementService", + "shortName": "KeyManagementService" + }, + "shortName": "RawDecrypt" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.kms_v1.types.RawDecryptRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.kms_v1.types.RawDecryptResponse", + "shortName": "raw_decrypt" + }, + "description": "Sample for RawDecrypt", + "file": "cloudkms_v1_generated_key_management_service_raw_decrypt_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "cloudkms_v1_generated_KeyManagementService_RawDecrypt_async", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 47, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 50, + "start": 48, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 51, + "type": "RESPONSE_HANDLING" + } + ], + "title": "cloudkms_v1_generated_key_management_service_raw_decrypt_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.kms_v1.KeyManagementServiceClient", + "shortName": "KeyManagementServiceClient" + }, + "fullName": "google.cloud.kms_v1.KeyManagementServiceClient.raw_decrypt", + "method": { + "fullName": "google.cloud.kms.v1.KeyManagementService.RawDecrypt", + "service": { + "fullName": "google.cloud.kms.v1.KeyManagementService", + "shortName": "KeyManagementService" + }, + "shortName": "RawDecrypt" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.kms_v1.types.RawDecryptRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.kms_v1.types.RawDecryptResponse", + "shortName": "raw_decrypt" + }, + "description": "Sample for RawDecrypt", + "file": "cloudkms_v1_generated_key_management_service_raw_decrypt_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "cloudkms_v1_generated_KeyManagementService_RawDecrypt_sync", + "segments": [ + { + "end": 53, + "start": 27, + "type": "FULL" + }, + { + "end": 53, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 47, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 50, + "start": 48, + "type": "REQUEST_EXECUTION" + }, + { + "end": 54, + "start": 51, + "type": "RESPONSE_HANDLING" + } + ], + "title": "cloudkms_v1_generated_key_management_service_raw_decrypt_sync.py" + }, + { + "canonical": true, + "clientMethod": { + "async": true, + "client": { + "fullName": "google.cloud.kms_v1.KeyManagementServiceAsyncClient", + "shortName": "KeyManagementServiceAsyncClient" + }, + "fullName": "google.cloud.kms_v1.KeyManagementServiceAsyncClient.raw_encrypt", + "method": { + "fullName": "google.cloud.kms.v1.KeyManagementService.RawEncrypt", + "service": { + "fullName": "google.cloud.kms.v1.KeyManagementService", + "shortName": "KeyManagementService" + }, + "shortName": "RawEncrypt" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.kms_v1.types.RawEncryptRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.kms_v1.types.RawEncryptResponse", + "shortName": "raw_encrypt" + }, + "description": "Sample for RawEncrypt", + "file": "cloudkms_v1_generated_key_management_service_raw_encrypt_async.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "cloudkms_v1_generated_KeyManagementService_RawEncrypt_async", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "cloudkms_v1_generated_key_management_service_raw_encrypt_async.py" + }, + { + "canonical": true, + "clientMethod": { + "client": { + "fullName": "google.cloud.kms_v1.KeyManagementServiceClient", + "shortName": "KeyManagementServiceClient" + }, + "fullName": "google.cloud.kms_v1.KeyManagementServiceClient.raw_encrypt", + "method": { + "fullName": "google.cloud.kms.v1.KeyManagementService.RawEncrypt", + "service": { + "fullName": "google.cloud.kms.v1.KeyManagementService", + "shortName": "KeyManagementService" + }, + "shortName": "RawEncrypt" + }, + "parameters": [ + { + "name": "request", + "type": "google.cloud.kms_v1.types.RawEncryptRequest" + }, + { + "name": "retry", + "type": "google.api_core.retry.Retry" + }, + { + "name": "timeout", + "type": "float" + }, + { + "name": "metadata", + "type": "Sequence[Tuple[str, str]" + } + ], + "resultType": "google.cloud.kms_v1.types.RawEncryptResponse", + "shortName": "raw_encrypt" + }, + "description": "Sample for RawEncrypt", + "file": "cloudkms_v1_generated_key_management_service_raw_encrypt_sync.py", + "language": "PYTHON", + "origin": "API_DEFINITION", + "regionTag": "cloudkms_v1_generated_KeyManagementService_RawEncrypt_sync", + "segments": [ + { + "end": 52, + "start": 27, + "type": "FULL" + }, + { + "end": 52, + "start": 27, + "type": "SHORT" + }, + { + "end": 40, + "start": 38, + "type": "CLIENT_INITIALIZATION" + }, + { + "end": 46, + "start": 41, + "type": "REQUEST_INITIALIZATION" + }, + { + "end": 49, + "start": 47, + "type": "REQUEST_EXECUTION" + }, + { + "end": 53, + "start": 50, + "type": "RESPONSE_HANDLING" + } + ], + "title": "cloudkms_v1_generated_key_management_service_raw_encrypt_sync.py" + }, { "canonical": true, "clientMethod": { diff --git a/scripts/fixup_kms_v1_keywords.py b/scripts/fixup_kms_v1_keywords.py index 02cf7ba4..b72bbc25 100644 --- a/scripts/fixup_kms_v1_keywords.py +++ b/scripts/fixup_kms_v1_keywords.py @@ -65,6 +65,8 @@ class kmsCallTransformer(cst.CSTTransformer): 'list_key_rings': ('parent', 'page_size', 'page_token', 'filter', 'order_by', ), 'mac_sign': ('name', 'data', 'data_crc32c', ), 'mac_verify': ('name', 'data', 'mac', 'data_crc32c', 'mac_crc32c', ), + 'raw_decrypt': ('name', 'ciphertext', 'initialization_vector', 'additional_authenticated_data', 'tag_length', 'ciphertext_crc32c', 'additional_authenticated_data_crc32c', 'initialization_vector_crc32c', ), + 'raw_encrypt': ('name', 'plaintext', 'additional_authenticated_data', 'plaintext_crc32c', 'additional_authenticated_data_crc32c', 'initialization_vector', 'initialization_vector_crc32c', ), 'restore_crypto_key_version': ('name', ), 'update_crypto_key': ('crypto_key', 'update_mask', ), 'update_crypto_key_primary_version': ('name', 'crypto_key_version_id', ), diff --git a/tests/unit/gapic/kms_v1/test_ekm_service.py b/tests/unit/gapic/kms_v1/test_ekm_service.py index b8f93dcb..31b45701 100644 --- a/tests/unit/gapic/kms_v1/test_ekm_service.py +++ b/tests/unit/gapic/kms_v1/test_ekm_service.py @@ -1126,9 +1126,11 @@ async def test_list_ekm_connections_async_pages(): RuntimeError, ) pages = [] - async for page_ in ( + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch await client.list_ekm_connections(request={}) - ).pages: # pragma: no branch + ).pages: pages.append(page_) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token diff --git a/tests/unit/gapic/kms_v1/test_key_management_service.py b/tests/unit/gapic/kms_v1/test_key_management_service.py index ae3c7745..676bc7b3 100644 --- a/tests/unit/gapic/kms_v1/test_key_management_service.py +++ b/tests/unit/gapic/kms_v1/test_key_management_service.py @@ -1175,9 +1175,11 @@ async def test_list_key_rings_async_pages(): RuntimeError, ) pages = [] - async for page_ in ( + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch await client.list_key_rings(request={}) - ).pages: # pragma: no branch + ).pages: pages.append(page_) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -1599,9 +1601,11 @@ async def test_list_crypto_keys_async_pages(): RuntimeError, ) pages = [] - async for page_ in ( + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch await client.list_crypto_keys(request={}) - ).pages: # pragma: no branch + ).pages: pages.append(page_) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -2045,9 +2049,11 @@ async def test_list_crypto_key_versions_async_pages(): RuntimeError, ) pages = [] - async for page_ in ( + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch await client.list_crypto_key_versions(request={}) - ).pages: # pragma: no branch + ).pages: pages.append(page_) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -2469,9 +2475,11 @@ async def test_list_import_jobs_async_pages(): RuntimeError, ) pages = [] - async for page_ in ( + # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch` + # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372 + async for page_ in ( # pragma: no branch await client.list_import_jobs(request={}) - ).pages: # pragma: no branch + ).pages: pages.append(page_) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -2730,7 +2738,6 @@ def test_get_crypto_key(request_type, transport: str = "grpc"): purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, import_only=True, crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), ) response = client.get_crypto_key(request) @@ -4009,7 +4016,6 @@ def test_create_crypto_key(request_type, transport: str = "grpc"): purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, import_only=True, crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), ) response = client.create_crypto_key(request) @@ -5080,7 +5086,6 @@ def test_update_crypto_key(request_type, transport: str = "grpc"): purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, import_only=True, crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), ) response = client.update_crypto_key(request) @@ -5651,7 +5656,6 @@ def test_update_crypto_key_primary_version(request_type, transport: str = "grpc" purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, import_only=True, crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), ) response = client.update_crypto_key_primary_version(request) @@ -6993,11 +6997,11 @@ async def test_decrypt_flattened_error_async(): @pytest.mark.parametrize( "request_type", [ - service.AsymmetricSignRequest, + service.RawEncryptRequest, dict, ], ) -def test_asymmetric_sign(request_type, transport: str = "grpc"): +def test_raw_encrypt(request_type, transport: str = "grpc"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -7008,32 +7012,38 @@ def test_asymmetric_sign(request_type, transport: str = "grpc"): request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: + with mock.patch.object(type(client.transport.raw_encrypt), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricSignResponse( - signature=b"signature_blob", - verified_digest_crc32c=True, + call.return_value = service.RawEncryptResponse( + ciphertext=b"ciphertext_blob", + initialization_vector=b"initialization_vector_blob", + tag_length=1053, + verified_plaintext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, name="name_value", - verified_data_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, ) - response = client.asymmetric_sign(request) + response = client.raw_encrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricSignRequest() + assert args[0] == service.RawEncryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.AsymmetricSignResponse) - assert response.signature == b"signature_blob" - assert response.verified_digest_crc32c is True + assert isinstance(response, service.RawEncryptResponse) + assert response.ciphertext == b"ciphertext_blob" + assert response.initialization_vector == b"initialization_vector_blob" + assert response.tag_length == 1053 + assert response.verified_plaintext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True assert response.name == "name_value" - assert response.verified_data_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_asymmetric_sign_empty_call(): +def test_raw_encrypt_empty_call(): # This test is a coverage failsafe to make sure that totally empty calls, # i.e. request == None and no flattened fields passed, work. client = KeyManagementServiceClient( @@ -7042,16 +7052,16 @@ def test_asymmetric_sign_empty_call(): ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: - client.asymmetric_sign() + with mock.patch.object(type(client.transport.raw_encrypt), "__call__") as call: + client.raw_encrypt() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricSignRequest() + assert args[0] == service.RawEncryptRequest() @pytest.mark.asyncio -async def test_asymmetric_sign_async( - transport: str = "grpc_asyncio", request_type=service.AsymmetricSignRequest +async def test_raw_encrypt_async( + transport: str = "grpc_asyncio", request_type=service.RawEncryptRequest ): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), @@ -7063,53 +7073,59 @@ async def test_asymmetric_sign_async( request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: + with mock.patch.object(type(client.transport.raw_encrypt), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricSignResponse( - signature=b"signature_blob", - verified_digest_crc32c=True, + service.RawEncryptResponse( + ciphertext=b"ciphertext_blob", + initialization_vector=b"initialization_vector_blob", + tag_length=1053, + verified_plaintext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, name="name_value", - verified_data_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, ) ) - response = await client.asymmetric_sign(request) + response = await client.raw_encrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricSignRequest() + assert args[0] == service.RawEncryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.AsymmetricSignResponse) - assert response.signature == b"signature_blob" - assert response.verified_digest_crc32c is True + assert isinstance(response, service.RawEncryptResponse) + assert response.ciphertext == b"ciphertext_blob" + assert response.initialization_vector == b"initialization_vector_blob" + assert response.tag_length == 1053 + assert response.verified_plaintext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True assert response.name == "name_value" - assert response.verified_data_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE @pytest.mark.asyncio -async def test_asymmetric_sign_async_from_dict(): - await test_asymmetric_sign_async(request_type=dict) +async def test_raw_encrypt_async_from_dict(): + await test_raw_encrypt_async(request_type=dict) -def test_asymmetric_sign_field_headers(): +def test_raw_encrypt_field_headers(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.AsymmetricSignRequest() + request = service.RawEncryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: - call.return_value = service.AsymmetricSignResponse() - client.asymmetric_sign(request) + with mock.patch.object(type(client.transport.raw_encrypt), "__call__") as call: + call.return_value = service.RawEncryptResponse() + client.raw_encrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 @@ -7125,23 +7141,23 @@ def test_asymmetric_sign_field_headers(): @pytest.mark.asyncio -async def test_asymmetric_sign_field_headers_async(): +async def test_raw_encrypt_field_headers_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.AsymmetricSignRequest() + request = service.RawEncryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: + with mock.patch.object(type(client.transport.raw_encrypt), "__call__") as call: call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricSignResponse() + service.RawEncryptResponse() ) - await client.asymmetric_sign(request) + await client.raw_encrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) @@ -7156,106 +7172,14 @@ async def test_asymmetric_sign_field_headers_async(): ) in kw["metadata"] -def test_asymmetric_sign_flattened(): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricSignResponse() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.asymmetric_sign( - name="name_value", - digest=service.Digest(sha256=b"sha256_blob"), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = "name_value" - assert arg == mock_val - arg = args[0].digest - mock_val = service.Digest(sha256=b"sha256_blob") - assert arg == mock_val - - -def test_asymmetric_sign_flattened_error(): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.asymmetric_sign( - service.AsymmetricSignRequest(), - name="name_value", - digest=service.Digest(sha256=b"sha256_blob"), - ) - - -@pytest.mark.asyncio -async def test_asymmetric_sign_flattened_async(): - client = KeyManagementServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricSignResponse() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricSignResponse() - ) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.asymmetric_sign( - name="name_value", - digest=service.Digest(sha256=b"sha256_blob"), - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = "name_value" - assert arg == mock_val - arg = args[0].digest - mock_val = service.Digest(sha256=b"sha256_blob") - assert arg == mock_val - - -@pytest.mark.asyncio -async def test_asymmetric_sign_flattened_error_async(): - client = KeyManagementServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.asymmetric_sign( - service.AsymmetricSignRequest(), - name="name_value", - digest=service.Digest(sha256=b"sha256_blob"), - ) - - @pytest.mark.parametrize( "request_type", [ - service.AsymmetricDecryptRequest, + service.RawDecryptRequest, dict, ], ) -def test_asymmetric_decrypt(request_type, transport: str = "grpc"): +def test_raw_decrypt(request_type, transport: str = "grpc"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -7266,30 +7190,32 @@ def test_asymmetric_decrypt(request_type, transport: str = "grpc"): request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: + with mock.patch.object(type(client.transport.raw_decrypt), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricDecryptResponse( + call.return_value = service.RawDecryptResponse( plaintext=b"plaintext_blob", - verified_ciphertext_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, + verified_ciphertext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, ) - response = client.asymmetric_decrypt(request) + response = client.raw_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricDecryptRequest() + assert args[0] == service.RawDecryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.AsymmetricDecryptResponse) + assert isinstance(response, service.RawDecryptResponse) assert response.plaintext == b"plaintext_blob" - assert response.verified_ciphertext_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert response.verified_ciphertext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True -def test_asymmetric_decrypt_empty_call(): +def test_raw_decrypt_empty_call(): # This test is a coverage failsafe to make sure that totally empty calls, # i.e. request == None and no flattened fields passed, work. client = KeyManagementServiceClient( @@ -7298,18 +7224,16 @@ def test_asymmetric_decrypt_empty_call(): ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: - client.asymmetric_decrypt() + with mock.patch.object(type(client.transport.raw_decrypt), "__call__") as call: + client.raw_decrypt() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricDecryptRequest() + assert args[0] == service.RawDecryptRequest() @pytest.mark.asyncio -async def test_asymmetric_decrypt_async( - transport: str = "grpc_asyncio", request_type=service.AsymmetricDecryptRequest +async def test_raw_decrypt_async( + transport: str = "grpc_asyncio", request_type=service.RawDecryptRequest ): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), @@ -7321,53 +7245,53 @@ async def test_asymmetric_decrypt_async( request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: + with mock.patch.object(type(client.transport.raw_decrypt), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricDecryptResponse( + service.RawDecryptResponse( plaintext=b"plaintext_blob", - verified_ciphertext_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, + verified_ciphertext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, ) ) - response = await client.asymmetric_decrypt(request) + response = await client.raw_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == service.AsymmetricDecryptRequest() + assert args[0] == service.RawDecryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.AsymmetricDecryptResponse) + assert isinstance(response, service.RawDecryptResponse) assert response.plaintext == b"plaintext_blob" - assert response.verified_ciphertext_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert response.verified_ciphertext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True @pytest.mark.asyncio -async def test_asymmetric_decrypt_async_from_dict(): - await test_asymmetric_decrypt_async(request_type=dict) +async def test_raw_decrypt_async_from_dict(): + await test_raw_decrypt_async(request_type=dict) -def test_asymmetric_decrypt_field_headers(): +def test_raw_decrypt_field_headers(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.AsymmetricDecryptRequest() + request = service.RawDecryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: - call.return_value = service.AsymmetricDecryptResponse() - client.asymmetric_decrypt(request) + with mock.patch.object(type(client.transport.raw_decrypt), "__call__") as call: + call.return_value = service.RawDecryptResponse() + client.raw_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 @@ -7383,25 +7307,23 @@ def test_asymmetric_decrypt_field_headers(): @pytest.mark.asyncio -async def test_asymmetric_decrypt_field_headers_async(): +async def test_raw_decrypt_field_headers_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.AsymmetricDecryptRequest() + request = service.RawDecryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: + with mock.patch.object(type(client.transport.raw_decrypt), "__call__") as call: call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricDecryptResponse() + service.RawDecryptResponse() ) - await client.asymmetric_decrypt(request) + await client.raw_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) @@ -7416,162 +7338,68 @@ async def test_asymmetric_decrypt_field_headers_async(): ) in kw["metadata"] -def test_asymmetric_decrypt_flattened(): +@pytest.mark.parametrize( + "request_type", + [ + service.AsymmetricSignRequest, + dict, + ], +) +def test_asymmetric_sign(request_type, transport: str = "grpc"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricDecryptResponse() - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - client.asymmetric_decrypt( + call.return_value = service.AsymmetricSignResponse( + signature=b"signature_blob", + verified_digest_crc32c=True, name="name_value", - ciphertext=b"ciphertext_blob", + verified_data_crc32c=True, + protection_level=resources.ProtectionLevel.SOFTWARE, ) + response = client.asymmetric_sign(request) - # Establish that the underlying call was made with the expected - # request object values. + # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = "name_value" - assert arg == mock_val - arg = args[0].ciphertext - mock_val = b"ciphertext_blob" - assert arg == mock_val + assert args[0] == service.AsymmetricSignRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.AsymmetricSignResponse) + assert response.signature == b"signature_blob" + assert response.verified_digest_crc32c is True + assert response.name == "name_value" + assert response.verified_data_crc32c is True + assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_asymmetric_decrypt_flattened_error(): +def test_asymmetric_sign_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.asymmetric_decrypt( - service.AsymmetricDecryptRequest(), - name="name_value", - ciphertext=b"ciphertext_blob", - ) - - -@pytest.mark.asyncio -async def test_asymmetric_decrypt_flattened_async(): - client = KeyManagementServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.asymmetric_decrypt), "__call__" - ) as call: - # Designate an appropriate return value for the call. - call.return_value = service.AsymmetricDecryptResponse() - - call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.AsymmetricDecryptResponse() - ) - # Call the method with a truthy value for each flattened field, - # using the keyword arguments to the method. - response = await client.asymmetric_decrypt( - name="name_value", - ciphertext=b"ciphertext_blob", - ) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].name - mock_val = "name_value" - assert arg == mock_val - arg = args[0].ciphertext - mock_val = b"ciphertext_blob" - assert arg == mock_val - - -@pytest.mark.asyncio -async def test_asymmetric_decrypt_flattened_error_async(): - client = KeyManagementServiceAsyncClient( - credentials=ga_credentials.AnonymousCredentials(), - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - await client.asymmetric_decrypt( - service.AsymmetricDecryptRequest(), - name="name_value", - ciphertext=b"ciphertext_blob", - ) - - -@pytest.mark.parametrize( - "request_type", - [ - service.MacSignRequest, - dict, - ], -) -def test_mac_sign(request_type, transport: str = "grpc"): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Everything is optional in proto3 as far as the runtime is concerned, - # and we are mocking out the actual API, so just send an empty request. - request = request_type() - - # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: - # Designate an appropriate return value for the call. - call.return_value = service.MacSignResponse( - name="name_value", - mac=b"mac_blob", - verified_data_crc32c=True, - protection_level=resources.ProtectionLevel.SOFTWARE, - ) - response = client.mac_sign(request) - - # Establish that the underlying gRPC stub method was called. - assert len(call.mock_calls) == 1 - _, args, _ = call.mock_calls[0] - assert args[0] == service.MacSignRequest() - - # Establish that the response is the type that we expect. - assert isinstance(response, service.MacSignResponse) - assert response.name == "name_value" - assert response.mac == b"mac_blob" - assert response.verified_data_crc32c is True - assert response.protection_level == resources.ProtectionLevel.SOFTWARE - - -def test_mac_sign_empty_call(): - # This test is a coverage failsafe to make sure that totally empty calls, - # i.e. request == None and no flattened fields passed, work. - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="grpc", + transport="grpc", ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: - client.mac_sign() + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: + client.asymmetric_sign() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == service.MacSignRequest() + assert args[0] == service.AsymmetricSignRequest() @pytest.mark.asyncio -async def test_mac_sign_async( - transport: str = "grpc_asyncio", request_type=service.MacSignRequest +async def test_asymmetric_sign_async( + transport: str = "grpc_asyncio", request_type=service.AsymmetricSignRequest ): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), @@ -7583,51 +7411,53 @@ async def test_mac_sign_async( request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacSignResponse( + service.AsymmetricSignResponse( + signature=b"signature_blob", + verified_digest_crc32c=True, name="name_value", - mac=b"mac_blob", verified_data_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, ) ) - response = await client.mac_sign(request) + response = await client.asymmetric_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == service.MacSignRequest() + assert args[0] == service.AsymmetricSignRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.MacSignResponse) + assert isinstance(response, service.AsymmetricSignResponse) + assert response.signature == b"signature_blob" + assert response.verified_digest_crc32c is True assert response.name == "name_value" - assert response.mac == b"mac_blob" assert response.verified_data_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE @pytest.mark.asyncio -async def test_mac_sign_async_from_dict(): - await test_mac_sign_async(request_type=dict) +async def test_asymmetric_sign_async_from_dict(): + await test_asymmetric_sign_async(request_type=dict) -def test_mac_sign_field_headers(): +def test_asymmetric_sign_field_headers(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.MacSignRequest() + request = service.AsymmetricSignRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: - call.return_value = service.MacSignResponse() - client.mac_sign(request) + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: + call.return_value = service.AsymmetricSignResponse() + client.asymmetric_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 @@ -7643,23 +7473,23 @@ def test_mac_sign_field_headers(): @pytest.mark.asyncio -async def test_mac_sign_field_headers_async(): +async def test_asymmetric_sign_field_headers_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.MacSignRequest() + request = service.AsymmetricSignRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacSignResponse() + service.AsymmetricSignResponse() ) - await client.mac_sign(request) + await client.asymmetric_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) @@ -7674,20 +7504,20 @@ async def test_mac_sign_field_headers_async(): ) in kw["metadata"] -def test_mac_sign_flattened(): +def test_asymmetric_sign_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.MacSignResponse() + call.return_value = service.AsymmetricSignResponse() # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - client.mac_sign( + client.asymmetric_sign( name="name_value", - data=b"data_blob", + digest=service.Digest(sha256=b"sha256_blob"), ) # Establish that the underlying call was made with the expected @@ -7697,12 +7527,12 @@ def test_mac_sign_flattened(): arg = args[0].name mock_val = "name_value" assert arg == mock_val - arg = args[0].data - mock_val = b"data_blob" + arg = args[0].digest + mock_val = service.Digest(sha256=b"sha256_blob") assert arg == mock_val -def test_mac_sign_flattened_error(): +def test_asymmetric_sign_flattened_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) @@ -7710,32 +7540,32 @@ def test_mac_sign_flattened_error(): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.mac_sign( - service.MacSignRequest(), + client.asymmetric_sign( + service.AsymmetricSignRequest(), name="name_value", - data=b"data_blob", + digest=service.Digest(sha256=b"sha256_blob"), ) @pytest.mark.asyncio -async def test_mac_sign_flattened_async(): +async def test_asymmetric_sign_flattened_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + with mock.patch.object(type(client.transport.asymmetric_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.MacSignResponse() + call.return_value = service.AsymmetricSignResponse() call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacSignResponse() + service.AsymmetricSignResponse() ) # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - response = await client.mac_sign( + response = await client.asymmetric_sign( name="name_value", - data=b"data_blob", + digest=service.Digest(sha256=b"sha256_blob"), ) # Establish that the underlying call was made with the expected @@ -7745,13 +7575,13 @@ async def test_mac_sign_flattened_async(): arg = args[0].name mock_val = "name_value" assert arg == mock_val - arg = args[0].data - mock_val = b"data_blob" + arg = args[0].digest + mock_val = service.Digest(sha256=b"sha256_blob") assert arg == mock_val @pytest.mark.asyncio -async def test_mac_sign_flattened_error_async(): +async def test_asymmetric_sign_flattened_error_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) @@ -7759,21 +7589,21 @@ async def test_mac_sign_flattened_error_async(): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - await client.mac_sign( - service.MacSignRequest(), + await client.asymmetric_sign( + service.AsymmetricSignRequest(), name="name_value", - data=b"data_blob", + digest=service.Digest(sha256=b"sha256_blob"), ) @pytest.mark.parametrize( "request_type", [ - service.MacVerifyRequest, + service.AsymmetricDecryptRequest, dict, ], ) -def test_mac_verify(request_type, transport: str = "grpc"): +def test_asymmetric_decrypt(request_type, transport: str = "grpc"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -7784,34 +7614,30 @@ def test_mac_verify(request_type, transport: str = "grpc"): request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: # Designate an appropriate return value for the call. - call.return_value = service.MacVerifyResponse( - name="name_value", - success=True, - verified_data_crc32c=True, - verified_mac_crc32c=True, - verified_success_integrity=True, + call.return_value = service.AsymmetricDecryptResponse( + plaintext=b"plaintext_blob", + verified_ciphertext_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, ) - response = client.mac_verify(request) + response = client.asymmetric_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == service.MacVerifyRequest() + assert args[0] == service.AsymmetricDecryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.MacVerifyResponse) - assert response.name == "name_value" - assert response.success is True - assert response.verified_data_crc32c is True - assert response.verified_mac_crc32c is True - assert response.verified_success_integrity is True + assert isinstance(response, service.AsymmetricDecryptResponse) + assert response.plaintext == b"plaintext_blob" + assert response.verified_ciphertext_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_mac_verify_empty_call(): +def test_asymmetric_decrypt_empty_call(): # This test is a coverage failsafe to make sure that totally empty calls, # i.e. request == None and no flattened fields passed, work. client = KeyManagementServiceClient( @@ -7820,16 +7646,18 @@ def test_mac_verify_empty_call(): ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: - client.mac_verify() + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: + client.asymmetric_decrypt() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == service.MacVerifyRequest() + assert args[0] == service.AsymmetricDecryptRequest() @pytest.mark.asyncio -async def test_mac_verify_async( - transport: str = "grpc_asyncio", request_type=service.MacVerifyRequest +async def test_asymmetric_decrypt_async( + transport: str = "grpc_asyncio", request_type=service.AsymmetricDecryptRequest ): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), @@ -7841,55 +7669,53 @@ async def test_mac_verify_async( request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacVerifyResponse( - name="name_value", - success=True, - verified_data_crc32c=True, - verified_mac_crc32c=True, - verified_success_integrity=True, - protection_level=resources.ProtectionLevel.SOFTWARE, - ) + service.AsymmetricDecryptResponse( + plaintext=b"plaintext_blob", + verified_ciphertext_crc32c=True, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) ) - response = await client.mac_verify(request) + response = await client.asymmetric_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == service.MacVerifyRequest() + assert args[0] == service.AsymmetricDecryptRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.MacVerifyResponse) - assert response.name == "name_value" - assert response.success is True - assert response.verified_data_crc32c is True - assert response.verified_mac_crc32c is True - assert response.verified_success_integrity is True + assert isinstance(response, service.AsymmetricDecryptResponse) + assert response.plaintext == b"plaintext_blob" + assert response.verified_ciphertext_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE @pytest.mark.asyncio -async def test_mac_verify_async_from_dict(): - await test_mac_verify_async(request_type=dict) +async def test_asymmetric_decrypt_async_from_dict(): + await test_asymmetric_decrypt_async(request_type=dict) -def test_mac_verify_field_headers(): +def test_asymmetric_decrypt_field_headers(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.MacVerifyRequest() + request = service.AsymmetricDecryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: - call.return_value = service.MacVerifyResponse() - client.mac_verify(request) + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: + call.return_value = service.AsymmetricDecryptResponse() + client.asymmetric_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 @@ -7905,23 +7731,25 @@ def test_mac_verify_field_headers(): @pytest.mark.asyncio -async def test_mac_verify_field_headers_async(): +async def test_asymmetric_decrypt_field_headers_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.MacVerifyRequest() + request = service.AsymmetricDecryptRequest() request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacVerifyResponse() + service.AsymmetricDecryptResponse() ) - await client.mac_verify(request) + await client.asymmetric_decrypt(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) @@ -7936,21 +7764,22 @@ async def test_mac_verify_field_headers_async(): ) in kw["metadata"] -def test_mac_verify_flattened(): +def test_asymmetric_decrypt_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: # Designate an appropriate return value for the call. - call.return_value = service.MacVerifyResponse() + call.return_value = service.AsymmetricDecryptResponse() # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - client.mac_verify( + client.asymmetric_decrypt( name="name_value", - data=b"data_blob", - mac=b"mac_blob", + ciphertext=b"ciphertext_blob", ) # Establish that the underlying call was made with the expected @@ -7960,15 +7789,12 @@ def test_mac_verify_flattened(): arg = args[0].name mock_val = "name_value" assert arg == mock_val - arg = args[0].data - mock_val = b"data_blob" - assert arg == mock_val - arg = args[0].mac - mock_val = b"mac_blob" + arg = args[0].ciphertext + mock_val = b"ciphertext_blob" assert arg == mock_val -def test_mac_verify_flattened_error(): +def test_asymmetric_decrypt_flattened_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) @@ -7976,34 +7802,34 @@ def test_mac_verify_flattened_error(): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.mac_verify( - service.MacVerifyRequest(), + client.asymmetric_decrypt( + service.AsymmetricDecryptRequest(), name="name_value", - data=b"data_blob", - mac=b"mac_blob", + ciphertext=b"ciphertext_blob", ) @pytest.mark.asyncio -async def test_mac_verify_flattened_async(): +async def test_asymmetric_decrypt_flattened_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + with mock.patch.object( + type(client.transport.asymmetric_decrypt), "__call__" + ) as call: # Designate an appropriate return value for the call. - call.return_value = service.MacVerifyResponse() + call.return_value = service.AsymmetricDecryptResponse() call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.MacVerifyResponse() + service.AsymmetricDecryptResponse() ) # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - response = await client.mac_verify( + response = await client.asymmetric_decrypt( name="name_value", - data=b"data_blob", - mac=b"mac_blob", + ciphertext=b"ciphertext_blob", ) # Establish that the underlying call was made with the expected @@ -8013,16 +7839,13 @@ async def test_mac_verify_flattened_async(): arg = args[0].name mock_val = "name_value" assert arg == mock_val - arg = args[0].data - mock_val = b"data_blob" - assert arg == mock_val - arg = args[0].mac - mock_val = b"mac_blob" + arg = args[0].ciphertext + mock_val = b"ciphertext_blob" assert arg == mock_val @pytest.mark.asyncio -async def test_mac_verify_flattened_error_async(): +async def test_asymmetric_decrypt_flattened_error_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) @@ -8030,22 +7853,21 @@ async def test_mac_verify_flattened_error_async(): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - await client.mac_verify( - service.MacVerifyRequest(), + await client.asymmetric_decrypt( + service.AsymmetricDecryptRequest(), name="name_value", - data=b"data_blob", - mac=b"mac_blob", + ciphertext=b"ciphertext_blob", ) @pytest.mark.parametrize( "request_type", [ - service.GenerateRandomBytesRequest, + service.MacSignRequest, dict, ], ) -def test_generate_random_bytes(request_type, transport: str = "grpc"): +def test_mac_sign(request_type, transport: str = "grpc"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -8056,26 +7878,30 @@ def test_generate_random_bytes(request_type, transport: str = "grpc"): request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.GenerateRandomBytesResponse( - data=b"data_blob", + call.return_value = service.MacSignResponse( + name="name_value", + mac=b"mac_blob", + verified_data_crc32c=True, + protection_level=resources.ProtectionLevel.SOFTWARE, ) - response = client.generate_random_bytes(request) + response = client.mac_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - assert args[0] == service.GenerateRandomBytesRequest() + assert args[0] == service.MacSignRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.GenerateRandomBytesResponse) - assert response.data == b"data_blob" + assert isinstance(response, service.MacSignResponse) + assert response.name == "name_value" + assert response.mac == b"mac_blob" + assert response.verified_data_crc32c is True + assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_generate_random_bytes_empty_call(): +def test_mac_sign_empty_call(): # This test is a coverage failsafe to make sure that totally empty calls, # i.e. request == None and no flattened fields passed, work. client = KeyManagementServiceClient( @@ -8084,18 +7910,16 @@ def test_generate_random_bytes_empty_call(): ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: - client.generate_random_bytes() + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + client.mac_sign() call.assert_called() _, args, _ = call.mock_calls[0] - assert args[0] == service.GenerateRandomBytesRequest() + assert args[0] == service.MacSignRequest() @pytest.mark.asyncio -async def test_generate_random_bytes_async( - transport: str = "grpc_asyncio", request_type=service.GenerateRandomBytesRequest +async def test_mac_sign_async( + transport: str = "grpc_asyncio", request_type=service.MacSignRequest ): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), @@ -8107,49 +7931,51 @@ async def test_generate_random_bytes_async( request = request_type() # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: # Designate an appropriate return value for the call. call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.GenerateRandomBytesResponse( - data=b"data_blob", + service.MacSignResponse( + name="name_value", + mac=b"mac_blob", + verified_data_crc32c=True, + protection_level=resources.ProtectionLevel.SOFTWARE, ) ) - response = await client.generate_random_bytes(request) + response = await client.mac_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) _, args, _ = call.mock_calls[0] - assert args[0] == service.GenerateRandomBytesRequest() + assert args[0] == service.MacSignRequest() # Establish that the response is the type that we expect. - assert isinstance(response, service.GenerateRandomBytesResponse) - assert response.data == b"data_blob" + assert isinstance(response, service.MacSignResponse) + assert response.name == "name_value" + assert response.mac == b"mac_blob" + assert response.verified_data_crc32c is True + assert response.protection_level == resources.ProtectionLevel.SOFTWARE @pytest.mark.asyncio -async def test_generate_random_bytes_async_from_dict(): - await test_generate_random_bytes_async(request_type=dict) +async def test_mac_sign_async_from_dict(): + await test_mac_sign_async(request_type=dict) -def test_generate_random_bytes_field_headers(): +def test_mac_sign_field_headers(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.GenerateRandomBytesRequest() + request = service.MacSignRequest() - request.location = "location_value" + request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: - call.return_value = service.GenerateRandomBytesResponse() - client.generate_random_bytes(request) + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: + call.return_value = service.MacSignResponse() + client.mac_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) == 1 @@ -8160,30 +7986,28 @@ def test_generate_random_bytes_field_headers(): _, _, kw = call.mock_calls[0] assert ( "x-goog-request-params", - "location=location_value", + "name=name_value", ) in kw["metadata"] @pytest.mark.asyncio -async def test_generate_random_bytes_field_headers_async(): +async def test_mac_sign_field_headers_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Any value that is part of the HTTP/1.1 URI should be sent as # a field header. Set these to a non-empty value. - request = service.GenerateRandomBytesRequest() + request = service.MacSignRequest() - request.location = "location_value" + request.name = "name_value" # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.GenerateRandomBytesResponse() + service.MacSignResponse() ) - await client.generate_random_bytes(request) + await client.mac_sign(request) # Establish that the underlying gRPC stub method was called. assert len(call.mock_calls) @@ -8194,45 +8018,39 @@ async def test_generate_random_bytes_field_headers_async(): _, _, kw = call.mock_calls[0] assert ( "x-goog-request-params", - "location=location_value", + "name=name_value", ) in kw["metadata"] -def test_generate_random_bytes_flattened(): +def test_mac_sign_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.GenerateRandomBytesResponse() + call.return_value = service.MacSignResponse() # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - client.generate_random_bytes( - location="location_value", - length_bytes=1288, - protection_level=resources.ProtectionLevel.SOFTWARE, + client.mac_sign( + name="name_value", + data=b"data_blob", ) # Establish that the underlying call was made with the expected # request object values. assert len(call.mock_calls) == 1 _, args, _ = call.mock_calls[0] - arg = args[0].location - mock_val = "location_value" - assert arg == mock_val - arg = args[0].length_bytes - mock_val = 1288 + arg = args[0].name + mock_val = "name_value" assert arg == mock_val - arg = args[0].protection_level - mock_val = resources.ProtectionLevel.SOFTWARE + arg = args[0].data + mock_val = b"data_blob" assert arg == mock_val -def test_generate_random_bytes_flattened_error(): +def test_mac_sign_flattened_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), ) @@ -8240,91 +8058,1310 @@ def test_generate_random_bytes_flattened_error(): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.generate_random_bytes( - service.GenerateRandomBytesRequest(), - location="location_value", - length_bytes=1288, - protection_level=resources.ProtectionLevel.SOFTWARE, + client.mac_sign( + service.MacSignRequest(), + name="name_value", + data=b"data_blob", ) @pytest.mark.asyncio -async def test_generate_random_bytes_flattened_async(): +async def test_mac_sign_flattened_async(): client = KeyManagementServiceAsyncClient( credentials=ga_credentials.AnonymousCredentials(), ) # Mock the actual call within the gRPC stub, and fake the request. - with mock.patch.object( - type(client.transport.generate_random_bytes), "__call__" - ) as call: + with mock.patch.object(type(client.transport.mac_sign), "__call__") as call: # Designate an appropriate return value for the call. - call.return_value = service.GenerateRandomBytesResponse() + call.return_value = service.MacSignResponse() call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( - service.GenerateRandomBytesResponse() + service.MacSignResponse() ) # Call the method with a truthy value for each flattened field, # using the keyword arguments to the method. - response = await client.generate_random_bytes( - location="location_value", - length_bytes=1288, - protection_level=resources.ProtectionLevel.SOFTWARE, - ) + response = await client.mac_sign( + name="name_value", + data=b"data_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].data + mock_val = b"data_blob" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_mac_sign_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.mac_sign( + service.MacSignRequest(), + name="name_value", + data=b"data_blob", + ) + + +@pytest.mark.parametrize( + "request_type", + [ + service.MacVerifyRequest, + dict, + ], +) +def test_mac_verify(request_type, transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.MacVerifyResponse( + name="name_value", + success=True, + verified_data_crc32c=True, + verified_mac_crc32c=True, + verified_success_integrity=True, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + response = client.mac_verify(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.MacVerifyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.MacVerifyResponse) + assert response.name == "name_value" + assert response.success is True + assert response.verified_data_crc32c is True + assert response.verified_mac_crc32c is True + assert response.verified_success_integrity is True + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + +def test_mac_verify_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + client.mac_verify() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.MacVerifyRequest() + + +@pytest.mark.asyncio +async def test_mac_verify_async( + transport: str = "grpc_asyncio", request_type=service.MacVerifyRequest +): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.MacVerifyResponse( + name="name_value", + success=True, + verified_data_crc32c=True, + verified_mac_crc32c=True, + verified_success_integrity=True, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + ) + response = await client.mac_verify(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.MacVerifyRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.MacVerifyResponse) + assert response.name == "name_value" + assert response.success is True + assert response.verified_data_crc32c is True + assert response.verified_mac_crc32c is True + assert response.verified_success_integrity is True + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + + +@pytest.mark.asyncio +async def test_mac_verify_async_from_dict(): + await test_mac_verify_async(request_type=dict) + + +def test_mac_verify_field_headers(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.MacVerifyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + call.return_value = service.MacVerifyResponse() + client.mac_verify(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_mac_verify_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.MacVerifyRequest() + + request.name = "name_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.MacVerifyResponse() + ) + await client.mac_verify(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "name=name_value", + ) in kw["metadata"] + + +def test_mac_verify_flattened(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.MacVerifyResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.mac_verify( + name="name_value", + data=b"data_blob", + mac=b"mac_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].data + mock_val = b"data_blob" + assert arg == mock_val + arg = args[0].mac + mock_val = b"mac_blob" + assert arg == mock_val + + +def test_mac_verify_flattened_error(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.mac_verify( + service.MacVerifyRequest(), + name="name_value", + data=b"data_blob", + mac=b"mac_blob", + ) + + +@pytest.mark.asyncio +async def test_mac_verify_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object(type(client.transport.mac_verify), "__call__") as call: + # Designate an appropriate return value for the call. + call.return_value = service.MacVerifyResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.MacVerifyResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.mac_verify( + name="name_value", + data=b"data_blob", + mac=b"mac_blob", + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].name + mock_val = "name_value" + assert arg == mock_val + arg = args[0].data + mock_val = b"data_blob" + assert arg == mock_val + arg = args[0].mac + mock_val = b"mac_blob" + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_mac_verify_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.mac_verify( + service.MacVerifyRequest(), + name="name_value", + data=b"data_blob", + mac=b"mac_blob", + ) + + +@pytest.mark.parametrize( + "request_type", + [ + service.GenerateRandomBytesRequest, + dict, + ], +) +def test_generate_random_bytes(request_type, transport: str = "grpc"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.GenerateRandomBytesResponse( + data=b"data_blob", + ) + response = client.generate_random_bytes(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == service.GenerateRandomBytesRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.GenerateRandomBytesResponse) + assert response.data == b"data_blob" + + +def test_generate_random_bytes_empty_call(): + # This test is a coverage failsafe to make sure that totally empty calls, + # i.e. request == None and no flattened fields passed, work. + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="grpc", + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + client.generate_random_bytes() + call.assert_called() + _, args, _ = call.mock_calls[0] + assert args[0] == service.GenerateRandomBytesRequest() + + +@pytest.mark.asyncio +async def test_generate_random_bytes_async( + transport: str = "grpc_asyncio", request_type=service.GenerateRandomBytesRequest +): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Everything is optional in proto3 as far as the runtime is concerned, + # and we are mocking out the actual API, so just send an empty request. + request = request_type() + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.GenerateRandomBytesResponse( + data=b"data_blob", + ) + ) + response = await client.generate_random_bytes(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == service.GenerateRandomBytesRequest() + + # Establish that the response is the type that we expect. + assert isinstance(response, service.GenerateRandomBytesResponse) + assert response.data == b"data_blob" + + +@pytest.mark.asyncio +async def test_generate_random_bytes_async_from_dict(): + await test_generate_random_bytes_async(request_type=dict) + + +def test_generate_random_bytes_field_headers(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GenerateRandomBytesRequest() + + request.location = "location_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + call.return_value = service.GenerateRandomBytesResponse() + client.generate_random_bytes(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "location=location_value", + ) in kw["metadata"] + + +@pytest.mark.asyncio +async def test_generate_random_bytes_field_headers_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Any value that is part of the HTTP/1.1 URI should be sent as + # a field header. Set these to a non-empty value. + request = service.GenerateRandomBytesRequest() + + request.location = "location_value" + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.GenerateRandomBytesResponse() + ) + await client.generate_random_bytes(request) + + # Establish that the underlying gRPC stub method was called. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + assert args[0] == request + + # Establish that the field header was sent. + _, _, kw = call.mock_calls[0] + assert ( + "x-goog-request-params", + "location=location_value", + ) in kw["metadata"] + + +def test_generate_random_bytes_flattened(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.GenerateRandomBytesResponse() + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + client.generate_random_bytes( + location="location_value", + length_bytes=1288, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) == 1 + _, args, _ = call.mock_calls[0] + arg = args[0].location + mock_val = "location_value" + assert arg == mock_val + arg = args[0].length_bytes + mock_val = 1288 + assert arg == mock_val + arg = args[0].protection_level + mock_val = resources.ProtectionLevel.SOFTWARE + assert arg == mock_val + + +def test_generate_random_bytes_flattened_error(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.generate_random_bytes( + service.GenerateRandomBytesRequest(), + location="location_value", + length_bytes=1288, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + + +@pytest.mark.asyncio +async def test_generate_random_bytes_flattened_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Mock the actual call within the gRPC stub, and fake the request. + with mock.patch.object( + type(client.transport.generate_random_bytes), "__call__" + ) as call: + # Designate an appropriate return value for the call. + call.return_value = service.GenerateRandomBytesResponse() + + call.return_value = grpc_helpers_async.FakeUnaryUnaryCall( + service.GenerateRandomBytesResponse() + ) + # Call the method with a truthy value for each flattened field, + # using the keyword arguments to the method. + response = await client.generate_random_bytes( + location="location_value", + length_bytes=1288, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(call.mock_calls) + _, args, _ = call.mock_calls[0] + arg = args[0].location + mock_val = "location_value" + assert arg == mock_val + arg = args[0].length_bytes + mock_val = 1288 + assert arg == mock_val + arg = args[0].protection_level + mock_val = resources.ProtectionLevel.SOFTWARE + assert arg == mock_val + + +@pytest.mark.asyncio +async def test_generate_random_bytes_flattened_error_async(): + client = KeyManagementServiceAsyncClient( + credentials=ga_credentials.AnonymousCredentials(), + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + await client.generate_random_bytes( + service.GenerateRandomBytesRequest(), + location="location_value", + length_bytes=1288, + protection_level=resources.ProtectionLevel.SOFTWARE, + ) + + +@pytest.mark.parametrize( + "request_type", + [ + service.ListKeyRingsRequest, + dict, + ], +) +def test_list_key_rings_rest(request_type): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "projects/sample1/locations/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = service.ListKeyRingsResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = service.ListKeyRingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_key_rings(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListKeyRingsPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRequest): + transport_class = transports.KeyManagementServiceRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_key_rings._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_key_rings._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "filter", + "order_by", + "page_size", + "page_token", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = service.ListKeyRingsResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = service.ListKeyRingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_key_rings(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_key_rings_rest_unset_required_fields(): + transport = transports.KeyManagementServiceRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_key_rings._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "filter", + "orderBy", + "pageSize", + "pageToken", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_key_rings_rest_interceptors(null_interceptor): + transport = transports.KeyManagementServiceRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.KeyManagementServiceRestInterceptor(), + ) + client = KeyManagementServiceClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.KeyManagementServiceRestInterceptor, "post_list_key_rings" + ) as post, mock.patch.object( + transports.KeyManagementServiceRestInterceptor, "pre_list_key_rings" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = service.ListKeyRingsRequest.pb(service.ListKeyRingsRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = service.ListKeyRingsResponse.to_json( + service.ListKeyRingsResponse() + ) + + request = service.ListKeyRingsRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = service.ListKeyRingsResponse() + + client.list_key_rings( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_key_rings_rest_bad_request( + transport: str = "rest", request_type=service.ListKeyRingsRequest +): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "projects/sample1/locations/sample2"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_key_rings(request) + + +def test_list_key_rings_rest_flattened(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = service.ListKeyRingsResponse() + + # get arguments that satisfy an http rule for this method + sample_request = {"parent": "projects/sample1/locations/sample2"} + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = service.ListKeyRingsResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_key_rings(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=projects/*/locations/*}/keyRings" % client.transport._host, + args[1], + ) + + +def test_list_key_rings_rest_flattened_error(transport: str = "rest"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.list_key_rings( + service.ListKeyRingsRequest(), + parent="parent_value", + ) + + +def test_list_key_rings_rest_pager(transport: str = "rest"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + resources.KeyRing(), + ], + next_page_token="abc", + ), + service.ListKeyRingsResponse( + key_rings=[], + next_page_token="def", + ), + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + ], + next_page_token="ghi", + ), + service.ListKeyRingsResponse( + key_rings=[ + resources.KeyRing(), + resources.KeyRing(), + ], + ), + ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(service.ListKeyRingsResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = {"parent": "projects/sample1/locations/sample2"} + + pager = client.list_key_rings(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, resources.KeyRing) for i in results) + + pages = list(client.list_key_rings(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token + + +@pytest.mark.parametrize( + "request_type", + [ + service.ListCryptoKeysRequest, + dict, + ], +) +def test_list_crypto_keys_rest(request_type): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = service.ListCryptoKeysResponse( + next_page_token="next_page_token_value", + total_size=1086, + ) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + response = client.list_crypto_keys(request) + + # Establish that the response is the type that we expect. + assert isinstance(response, pagers.ListCryptoKeysPager) + assert response.next_page_token == "next_page_token_value" + assert response.total_size == 1086 + + +def test_list_crypto_keys_rest_required_fields( + request_type=service.ListCryptoKeysRequest, +): + transport_class = transports.KeyManagementServiceRestTransport + + request_init = {} + request_init["parent"] = "" + request = request_type(**request_init) + pb_request = request_type.pb(request) + jsonified_request = json.loads( + json_format.MessageToJson( + pb_request, + including_default_value_fields=False, + use_integers_for_enums=False, + ) + ) + + # verify fields with default values are dropped + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_crypto_keys._get_unset_required_fields(jsonified_request) + jsonified_request.update(unset_fields) + + # verify required fields with default values are now present + + jsonified_request["parent"] = "parent_value" + + unset_fields = transport_class( + credentials=ga_credentials.AnonymousCredentials() + ).list_crypto_keys._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "filter", + "order_by", + "page_size", + "page_token", + "version_view", + ) + ) + jsonified_request.update(unset_fields) + + # verify required fields with non-default values are left alone + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + request = request_type(**request_init) + + # Designate an appropriate value for the returned response. + return_value = service.ListCryptoKeysResponse() + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # We need to mock transcode() because providing default values + # for required fields will fail the real version if the http_options + # expect actual values for those fields. + with mock.patch.object(path_template, "transcode") as transcode: + # A uri without fields and an empty body will force all the + # request fields to show up in the query_params. + pb_request = request_type.pb(request) + transcode_result = { + "uri": "v1/sample_method", + "method": "get", + "query_params": pb_request, + } + transcode.return_value = transcode_result + + response_value = Response() + response_value.status_code = 200 + + pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + response = client.list_crypto_keys(request) + + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_list_crypto_keys_rest_unset_required_fields(): + transport = transports.KeyManagementServiceRestTransport( + credentials=ga_credentials.AnonymousCredentials + ) + + unset_fields = transport.list_crypto_keys._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "filter", + "orderBy", + "pageSize", + "pageToken", + "versionView", + ) + ) + & set(("parent",)) + ) + + +@pytest.mark.parametrize("null_interceptor", [True, False]) +def test_list_crypto_keys_rest_interceptors(null_interceptor): + transport = transports.KeyManagementServiceRestTransport( + credentials=ga_credentials.AnonymousCredentials(), + interceptor=None + if null_interceptor + else transports.KeyManagementServiceRestInterceptor(), + ) + client = KeyManagementServiceClient(transport=transport) + with mock.patch.object( + type(client.transport._session), "request" + ) as req, mock.patch.object( + path_template, "transcode" + ) as transcode, mock.patch.object( + transports.KeyManagementServiceRestInterceptor, "post_list_crypto_keys" + ) as post, mock.patch.object( + transports.KeyManagementServiceRestInterceptor, "pre_list_crypto_keys" + ) as pre: + pre.assert_not_called() + post.assert_not_called() + pb_message = service.ListCryptoKeysRequest.pb(service.ListCryptoKeysRequest()) + transcode.return_value = { + "method": "post", + "uri": "my_uri", + "body": pb_message, + "query_params": pb_message, + } + + req.return_value = Response() + req.return_value.status_code = 200 + req.return_value.request = PreparedRequest() + req.return_value._content = service.ListCryptoKeysResponse.to_json( + service.ListCryptoKeysResponse() + ) + + request = service.ListCryptoKeysRequest() + metadata = [ + ("key", "val"), + ("cephalopod", "squid"), + ] + pre.return_value = request, metadata + post.return_value = service.ListCryptoKeysResponse() + + client.list_crypto_keys( + request, + metadata=[ + ("key", "val"), + ("cephalopod", "squid"), + ], + ) + + pre.assert_called_once() + post.assert_called_once() + + +def test_list_crypto_keys_rest_bad_request( + transport: str = "rest", request_type=service.ListCryptoKeysRequest +): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # send a request that will satisfy transcoding + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request = request_type(**request_init) + + # Mock the http request call within the method and fake a BadRequest error. + with mock.patch.object(Session, "request") as req, pytest.raises( + core_exceptions.BadRequest + ): + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 400 + response_value.request = Request() + req.return_value = response_value + client.list_crypto_keys(request) + + +def test_list_crypto_keys_rest_flattened(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = service.ListCryptoKeysResponse() + + # get arguments that satisfy an http rule for this method + sample_request = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3" + } + + # get truthy value for each flattened field + mock_args = dict( + parent="parent_value", + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.list_crypto_keys(**mock_args) # Establish that the underlying call was made with the expected # request object values. - assert len(call.mock_calls) - _, args, _ = call.mock_calls[0] - arg = args[0].location - mock_val = "location_value" - assert arg == mock_val - arg = args[0].length_bytes - mock_val = 1288 - assert arg == mock_val - arg = args[0].protection_level - mock_val = resources.ProtectionLevel.SOFTWARE - assert arg == mock_val + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + % client.transport._host, + args[1], + ) -@pytest.mark.asyncio -async def test_generate_random_bytes_flattened_error_async(): - client = KeyManagementServiceAsyncClient( +def test_list_crypto_keys_rest_flattened_error(transport: str = "rest"): + client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), + transport=transport, ) # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - await client.generate_random_bytes( - service.GenerateRandomBytesRequest(), - location="location_value", - length_bytes=1288, - protection_level=resources.ProtectionLevel.SOFTWARE, + client.list_crypto_keys( + service.ListCryptoKeysRequest(), + parent="parent_value", + ) + + +def test_list_crypto_keys_rest_pager(transport: str = "rest"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(Session, "request") as req: + # TODO(kbandes): remove this mock unless there's a good reason for it. + # with mock.patch.object(path_template, 'transcode') as transcode: + # Set the response as a series of pages + response = ( + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + resources.CryptoKey(), + ], + next_page_token="abc", + ), + service.ListCryptoKeysResponse( + crypto_keys=[], + next_page_token="def", + ), + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + ], + next_page_token="ghi", + ), + service.ListCryptoKeysResponse( + crypto_keys=[ + resources.CryptoKey(), + resources.CryptoKey(), + ], + ), ) + # Two responses for two calls + response = response + response + + # Wrap the values into proper Response objs + response = tuple(service.ListCryptoKeysResponse.to_json(x) for x in response) + return_values = tuple(Response() for i in response) + for return_val, response_val in zip(return_values, response): + return_val._content = response_val.encode("UTF-8") + return_val.status_code = 200 + req.side_effect = return_values + + sample_request = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3" + } + + pager = client.list_crypto_keys(request=sample_request) + + results = list(pager) + assert len(results) == 6 + assert all(isinstance(i, resources.CryptoKey) for i in results) + + pages = list(client.list_crypto_keys(request=sample_request).pages) + for page_, token in zip(pages, ["abc", "def", "ghi", ""]): + assert page_.raw_page.next_page_token == token @pytest.mark.parametrize( "request_type", [ - service.ListKeyRingsRequest, + service.ListCryptoKeyVersionsRequest, dict, ], ) -def test_list_key_rings_rest(request_type): +def test_list_crypto_key_versions_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2"} + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListKeyRingsResponse( + return_value = service.ListCryptoKeyVersionsResponse( next_page_token="next_page_token_value", total_size=1086, ) @@ -8332,20 +9369,22 @@ def test_list_key_rings_rest(request_type): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListKeyRingsResponse.pb(return_value) + pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_key_rings(request) + response = client.list_crypto_key_versions(request) # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListKeyRingsPager) + assert isinstance(response, pagers.ListCryptoKeyVersionsPager) assert response.next_page_token == "next_page_token_value" assert response.total_size == 1086 -def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRequest): +def test_list_crypto_key_versions_rest_required_fields( + request_type=service.ListCryptoKeyVersionsRequest, +): transport_class = transports.KeyManagementServiceRestTransport request_init = {} @@ -8364,7 +9403,7 @@ def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRe unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_key_rings._get_unset_required_fields(jsonified_request) + ).list_crypto_key_versions._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -8373,7 +9412,7 @@ def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRe unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_key_rings._get_unset_required_fields(jsonified_request) + ).list_crypto_key_versions._get_unset_required_fields(jsonified_request) # Check that path parameters and body parameters are not mixing in. assert not set(unset_fields) - set( ( @@ -8381,6 +9420,7 @@ def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRe "order_by", "page_size", "page_token", + "view", ) ) jsonified_request.update(unset_fields) @@ -8396,7 +9436,7 @@ def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRe request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.ListKeyRingsResponse() + return_value = service.ListCryptoKeyVersionsResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -8416,25 +9456,25 @@ def test_list_key_rings_rest_required_fields(request_type=service.ListKeyRingsRe response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListKeyRingsResponse.pb(return_value) + pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_key_rings(request) + response = client.list_crypto_key_versions(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_list_key_rings_rest_unset_required_fields(): +def test_list_crypto_key_versions_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.list_key_rings._get_unset_required_fields({}) + unset_fields = transport.list_crypto_key_versions._get_unset_required_fields({}) assert set(unset_fields) == ( set( ( @@ -8442,6 +9482,7 @@ def test_list_key_rings_rest_unset_required_fields(): "orderBy", "pageSize", "pageToken", + "view", ) ) & set(("parent",)) @@ -8449,7 +9490,7 @@ def test_list_key_rings_rest_unset_required_fields(): @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_key_rings_rest_interceptors(null_interceptor): +def test_list_crypto_key_versions_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -8462,13 +9503,15 @@ def test_list_key_rings_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_list_key_rings" + transports.KeyManagementServiceRestInterceptor, "post_list_crypto_key_versions" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_list_key_rings" + transports.KeyManagementServiceRestInterceptor, "pre_list_crypto_key_versions" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.ListKeyRingsRequest.pb(service.ListKeyRingsRequest()) + pb_message = service.ListCryptoKeyVersionsRequest.pb( + service.ListCryptoKeyVersionsRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -8479,19 +9522,19 @@ def test_list_key_rings_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.ListKeyRingsResponse.to_json( - service.ListKeyRingsResponse() + req.return_value._content = service.ListCryptoKeyVersionsResponse.to_json( + service.ListCryptoKeyVersionsResponse() ) - request = service.ListKeyRingsRequest() + request = service.ListCryptoKeyVersionsRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.ListKeyRingsResponse() + post.return_value = service.ListCryptoKeyVersionsResponse() - client.list_key_rings( + client.list_crypto_key_versions( request, metadata=[ ("key", "val"), @@ -8503,8 +9546,8 @@ def test_list_key_rings_rest_interceptors(null_interceptor): post.assert_called_once() -def test_list_key_rings_rest_bad_request( - transport: str = "rest", request_type=service.ListKeyRingsRequest +def test_list_crypto_key_versions_rest_bad_request( + transport: str = "rest", request_type=service.ListCryptoKeyVersionsRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -8512,7 +9555,9 @@ def test_list_key_rings_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2"} + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } request = request_type(**request_init) # Mock the http request call within the method and fake a BadRequest error. @@ -8524,10 +9569,10 @@ def test_list_key_rings_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.list_key_rings(request) + client.list_crypto_key_versions(request) -def test_list_key_rings_rest_flattened(): +def test_list_crypto_key_versions_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -8536,10 +9581,12 @@ def test_list_key_rings_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListKeyRingsResponse() + return_value = service.ListCryptoKeyVersionsResponse() # get arguments that satisfy an http rule for this method - sample_request = {"parent": "projects/sample1/locations/sample2"} + sample_request = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } # get truthy value for each flattened field mock_args = dict( @@ -8550,24 +9597,25 @@ def test_list_key_rings_rest_flattened(): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListKeyRingsResponse.pb(return_value) + pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.list_key_rings(**mock_args) + client.list_crypto_key_versions(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*}/keyRings" % client.transport._host, + "%s/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + % client.transport._host, args[1], ) -def test_list_key_rings_rest_flattened_error(transport: str = "rest"): +def test_list_crypto_key_versions_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -8576,13 +9624,13 @@ def test_list_key_rings_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.list_key_rings( - service.ListKeyRingsRequest(), + client.list_crypto_key_versions( + service.ListCryptoKeyVersionsRequest(), parent="parent_value", ) -def test_list_key_rings_rest_pager(transport: str = "rest"): +def test_list_crypto_key_versions_rest_pager(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -8594,28 +9642,28 @@ def test_list_key_rings_rest_pager(transport: str = "rest"): # with mock.patch.object(path_template, 'transcode') as transcode: # Set the response as a series of pages response = ( - service.ListKeyRingsResponse( - key_rings=[ - resources.KeyRing(), - resources.KeyRing(), - resources.KeyRing(), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), ], next_page_token="abc", ), - service.ListKeyRingsResponse( - key_rings=[], + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[], next_page_token="def", ), - service.ListKeyRingsResponse( - key_rings=[ - resources.KeyRing(), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), ], next_page_token="ghi", ), - service.ListKeyRingsResponse( - key_rings=[ - resources.KeyRing(), - resources.KeyRing(), + service.ListCryptoKeyVersionsResponse( + crypto_key_versions=[ + resources.CryptoKeyVersion(), + resources.CryptoKeyVersion(), ], ), ) @@ -8623,22 +9671,26 @@ def test_list_key_rings_rest_pager(transport: str = "rest"): response = response + response # Wrap the values into proper Response objs - response = tuple(service.ListKeyRingsResponse.to_json(x) for x in response) + response = tuple( + service.ListCryptoKeyVersionsResponse.to_json(x) for x in response + ) return_values = tuple(Response() for i in response) for return_val, response_val in zip(return_values, response): return_val._content = response_val.encode("UTF-8") return_val.status_code = 200 req.side_effect = return_values - sample_request = {"parent": "projects/sample1/locations/sample2"} + sample_request = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } - pager = client.list_key_rings(request=sample_request) + pager = client.list_crypto_key_versions(request=sample_request) results = list(pager) assert len(results) == 6 - assert all(isinstance(i, resources.KeyRing) for i in results) + assert all(isinstance(i, resources.CryptoKeyVersion) for i in results) - pages = list(client.list_key_rings(request=sample_request).pages) + pages = list(client.list_crypto_key_versions(request=sample_request).pages) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -8646,11 +9698,11 @@ def test_list_key_rings_rest_pager(transport: str = "rest"): @pytest.mark.parametrize( "request_type", [ - service.ListCryptoKeysRequest, + service.ListImportJobsRequest, dict, ], ) -def test_list_crypto_keys_rest(request_type): +def test_list_import_jobs_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -8663,7 +9715,7 @@ def test_list_crypto_keys_rest(request_type): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeysResponse( + return_value = service.ListImportJobsResponse( next_page_token="next_page_token_value", total_size=1086, ) @@ -8671,21 +9723,21 @@ def test_list_crypto_keys_rest(request_type): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + pb_return_value = service.ListImportJobsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_crypto_keys(request) + response = client.list_import_jobs(request) # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListCryptoKeysPager) + assert isinstance(response, pagers.ListImportJobsPager) assert response.next_page_token == "next_page_token_value" assert response.total_size == 1086 -def test_list_crypto_keys_rest_required_fields( - request_type=service.ListCryptoKeysRequest, +def test_list_import_jobs_rest_required_fields( + request_type=service.ListImportJobsRequest, ): transport_class = transports.KeyManagementServiceRestTransport @@ -8705,7 +9757,7 @@ def test_list_crypto_keys_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_crypto_keys._get_unset_required_fields(jsonified_request) + ).list_import_jobs._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -8714,7 +9766,7 @@ def test_list_crypto_keys_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_crypto_keys._get_unset_required_fields(jsonified_request) + ).list_import_jobs._get_unset_required_fields(jsonified_request) # Check that path parameters and body parameters are not mixing in. assert not set(unset_fields) - set( ( @@ -8722,7 +9774,6 @@ def test_list_crypto_keys_rest_required_fields( "order_by", "page_size", "page_token", - "version_view", ) ) jsonified_request.update(unset_fields) @@ -8738,7 +9789,7 @@ def test_list_crypto_keys_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeysResponse() + return_value = service.ListImportJobsResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -8758,25 +9809,25 @@ def test_list_crypto_keys_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + pb_return_value = service.ListImportJobsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_crypto_keys(request) + response = client.list_import_jobs(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_list_crypto_keys_rest_unset_required_fields(): +def test_list_import_jobs_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.list_crypto_keys._get_unset_required_fields({}) + unset_fields = transport.list_import_jobs._get_unset_required_fields({}) assert set(unset_fields) == ( set( ( @@ -8784,7 +9835,6 @@ def test_list_crypto_keys_rest_unset_required_fields(): "orderBy", "pageSize", "pageToken", - "versionView", ) ) & set(("parent",)) @@ -8792,7 +9842,7 @@ def test_list_crypto_keys_rest_unset_required_fields(): @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_crypto_keys_rest_interceptors(null_interceptor): +def test_list_import_jobs_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -8805,13 +9855,13 @@ def test_list_crypto_keys_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_list_crypto_keys" + transports.KeyManagementServiceRestInterceptor, "post_list_import_jobs" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_list_crypto_keys" + transports.KeyManagementServiceRestInterceptor, "pre_list_import_jobs" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.ListCryptoKeysRequest.pb(service.ListCryptoKeysRequest()) + pb_message = service.ListImportJobsRequest.pb(service.ListImportJobsRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -8822,19 +9872,19 @@ def test_list_crypto_keys_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.ListCryptoKeysResponse.to_json( - service.ListCryptoKeysResponse() + req.return_value._content = service.ListImportJobsResponse.to_json( + service.ListImportJobsResponse() ) - request = service.ListCryptoKeysRequest() + request = service.ListImportJobsRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.ListCryptoKeysResponse() + post.return_value = service.ListImportJobsResponse() - client.list_crypto_keys( + client.list_import_jobs( request, metadata=[ ("key", "val"), @@ -8846,8 +9896,8 @@ def test_list_crypto_keys_rest_interceptors(null_interceptor): post.assert_called_once() -def test_list_crypto_keys_rest_bad_request( - transport: str = "rest", request_type=service.ListCryptoKeysRequest +def test_list_import_jobs_rest_bad_request( + transport: str = "rest", request_type=service.ListImportJobsRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -8867,10 +9917,10 @@ def test_list_crypto_keys_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.list_crypto_keys(request) + client.list_import_jobs(request) -def test_list_crypto_keys_rest_flattened(): +def test_list_import_jobs_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -8879,7 +9929,7 @@ def test_list_crypto_keys_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeysResponse() + return_value = service.ListImportJobsResponse() # get arguments that satisfy an http rule for this method sample_request = { @@ -8895,25 +9945,25 @@ def test_list_crypto_keys_rest_flattened(): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeysResponse.pb(return_value) + pb_return_value = service.ListImportJobsResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.list_crypto_keys(**mock_args) + client.list_import_jobs(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" + "%s/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" % client.transport._host, args[1], ) -def test_list_crypto_keys_rest_flattened_error(transport: str = "rest"): +def test_list_import_jobs_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -8922,13 +9972,13 @@ def test_list_crypto_keys_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.list_crypto_keys( - service.ListCryptoKeysRequest(), + client.list_import_jobs( + service.ListImportJobsRequest(), parent="parent_value", ) -def test_list_crypto_keys_rest_pager(transport: str = "rest"): +def test_list_import_jobs_rest_pager(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -8940,28 +9990,28 @@ def test_list_crypto_keys_rest_pager(transport: str = "rest"): # with mock.patch.object(path_template, 'transcode') as transcode: # Set the response as a series of pages response = ( - service.ListCryptoKeysResponse( - crypto_keys=[ - resources.CryptoKey(), - resources.CryptoKey(), - resources.CryptoKey(), + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), + resources.ImportJob(), ], next_page_token="abc", ), - service.ListCryptoKeysResponse( - crypto_keys=[], + service.ListImportJobsResponse( + import_jobs=[], next_page_token="def", ), - service.ListCryptoKeysResponse( - crypto_keys=[ - resources.CryptoKey(), + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), ], next_page_token="ghi", ), - service.ListCryptoKeysResponse( - crypto_keys=[ - resources.CryptoKey(), - resources.CryptoKey(), + service.ListImportJobsResponse( + import_jobs=[ + resources.ImportJob(), + resources.ImportJob(), ], ), ) @@ -8969,7 +10019,7 @@ def test_list_crypto_keys_rest_pager(transport: str = "rest"): response = response + response # Wrap the values into proper Response objs - response = tuple(service.ListCryptoKeysResponse.to_json(x) for x in response) + response = tuple(service.ListImportJobsResponse.to_json(x) for x in response) return_values = tuple(Response() for i in response) for return_val, response_val in zip(return_values, response): return_val._content = response_val.encode("UTF-8") @@ -8980,13 +10030,13 @@ def test_list_crypto_keys_rest_pager(transport: str = "rest"): "parent": "projects/sample1/locations/sample2/keyRings/sample3" } - pager = client.list_crypto_keys(request=sample_request) + pager = client.list_import_jobs(request=sample_request) results = list(pager) assert len(results) == 6 - assert all(isinstance(i, resources.CryptoKey) for i in results) + assert all(isinstance(i, resources.ImportJob) for i in results) - pages = list(client.list_crypto_keys(request=sample_request).pages) + pages = list(client.list_import_jobs(request=sample_request).pages) for page_, token in zip(pages, ["abc", "def", "ghi", ""]): assert page_.raw_page.next_page_token == token @@ -8994,53 +10044,47 @@ def test_list_crypto_keys_rest_pager(transport: str = "rest"): @pytest.mark.parametrize( "request_type", [ - service.ListCryptoKeyVersionsRequest, + service.GetKeyRingRequest, dict, ], ) -def test_list_crypto_key_versions_rest(request_type): +def test_get_key_ring_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } + request_init = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeyVersionsResponse( - next_page_token="next_page_token_value", - total_size=1086, + return_value = resources.KeyRing( + name="name_value", ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_crypto_key_versions(request) + response = client.get_key_ring(request) # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListCryptoKeyVersionsPager) - assert response.next_page_token == "next_page_token_value" - assert response.total_size == 1086 + assert isinstance(response, resources.KeyRing) + assert response.name == "name_value" -def test_list_crypto_key_versions_rest_required_fields( - request_type=service.ListCryptoKeyVersionsRequest, -): +def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["parent"] = "" + request_init["name"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -9055,31 +10099,21 @@ def test_list_crypto_key_versions_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_crypto_key_versions._get_unset_required_fields(jsonified_request) + ).get_key_ring._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - jsonified_request["parent"] = "parent_value" + jsonified_request["name"] = "name_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_crypto_key_versions._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set( - ( - "filter", - "order_by", - "page_size", - "page_token", - "view", - ) - ) + ).get_key_ring._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == "parent_value" + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -9088,7 +10122,7 @@ def test_list_crypto_key_versions_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeyVersionsResponse() + return_value = resources.KeyRing() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -9108,41 +10142,30 @@ def test_list_crypto_key_versions_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_crypto_key_versions(request) + response = client.get_key_ring(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_list_crypto_key_versions_rest_unset_required_fields(): +def test_get_key_ring_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.list_crypto_key_versions._get_unset_required_fields({}) - assert set(unset_fields) == ( - set( - ( - "filter", - "orderBy", - "pageSize", - "pageToken", - "view", - ) - ) - & set(("parent",)) - ) + unset_fields = transport.get_key_ring._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_crypto_key_versions_rest_interceptors(null_interceptor): +def test_get_key_ring_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -9155,15 +10178,13 @@ def test_list_crypto_key_versions_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_list_crypto_key_versions" + transports.KeyManagementServiceRestInterceptor, "post_get_key_ring" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_list_crypto_key_versions" + transports.KeyManagementServiceRestInterceptor, "pre_get_key_ring" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.ListCryptoKeyVersionsRequest.pb( - service.ListCryptoKeyVersionsRequest() - ) + pb_message = service.GetKeyRingRequest.pb(service.GetKeyRingRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -9174,19 +10195,17 @@ def test_list_crypto_key_versions_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.ListCryptoKeyVersionsResponse.to_json( - service.ListCryptoKeyVersionsResponse() - ) + req.return_value._content = resources.KeyRing.to_json(resources.KeyRing()) - request = service.ListCryptoKeyVersionsRequest() + request = service.GetKeyRingRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.ListCryptoKeyVersionsResponse() + post.return_value = resources.KeyRing() - client.list_crypto_key_versions( + client.get_key_ring( request, metadata=[ ("key", "val"), @@ -9198,8 +10217,8 @@ def test_list_crypto_key_versions_rest_interceptors(null_interceptor): post.assert_called_once() -def test_list_crypto_key_versions_rest_bad_request( - transport: str = "rest", request_type=service.ListCryptoKeyVersionsRequest +def test_get_key_ring_rest_bad_request( + transport: str = "rest", request_type=service.GetKeyRingRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -9207,9 +10226,7 @@ def test_list_crypto_key_versions_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } + request_init = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} request = request_type(**request_init) # Mock the http request call within the method and fake a BadRequest error. @@ -9221,10 +10238,10 @@ def test_list_crypto_key_versions_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.list_crypto_key_versions(request) + client.get_key_ring(request) -def test_list_crypto_key_versions_rest_flattened(): +def test_get_key_ring_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -9233,41 +10250,38 @@ def test_list_crypto_key_versions_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListCryptoKeyVersionsResponse() + return_value = resources.KeyRing() # get arguments that satisfy an http rule for this method - sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } + sample_request = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} # get truthy value for each flattened field mock_args = dict( - parent="parent_value", + name="name_value", ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListCryptoKeyVersionsResponse.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.list_crypto_key_versions(**mock_args) + client.get_key_ring(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" - % client.transport._host, + "%s/v1/{name=projects/*/locations/*/keyRings/*}" % client.transport._host, args[1], ) -def test_list_crypto_key_versions_rest_flattened_error(transport: str = "rest"): +def test_get_key_ring_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -9276,125 +10290,70 @@ def test_list_crypto_key_versions_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.list_crypto_key_versions( - service.ListCryptoKeyVersionsRequest(), - parent="parent_value", + client.get_key_ring( + service.GetKeyRingRequest(), + name="name_value", ) -def test_list_crypto_key_versions_rest_pager(transport: str = "rest"): +def test_get_key_ring_rest_error(): client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, + credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, "request") as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - # with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - service.ListCryptoKeyVersionsResponse( - crypto_key_versions=[ - resources.CryptoKeyVersion(), - resources.CryptoKeyVersion(), - resources.CryptoKeyVersion(), - ], - next_page_token="abc", - ), - service.ListCryptoKeyVersionsResponse( - crypto_key_versions=[], - next_page_token="def", - ), - service.ListCryptoKeyVersionsResponse( - crypto_key_versions=[ - resources.CryptoKeyVersion(), - ], - next_page_token="ghi", - ), - service.ListCryptoKeyVersionsResponse( - crypto_key_versions=[ - resources.CryptoKeyVersion(), - resources.CryptoKeyVersion(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple( - service.ListCryptoKeyVersionsResponse.to_json(x) for x in response - ) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode("UTF-8") - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - - pager = client.list_crypto_key_versions(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, resources.CryptoKeyVersion) for i in results) - - pages = list(client.list_crypto_key_versions(request=sample_request).pages) - for page_, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page_.raw_page.next_page_token == token - @pytest.mark.parametrize( "request_type", [ - service.ListImportJobsRequest, + service.GetCryptoKeyRequest, dict, ], ) -def test_list_import_jobs_rest(request_type): +def test_get_crypto_key_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListImportJobsResponse( - next_page_token="next_page_token_value", - total_size=1086, + return_value = resources.CryptoKey( + name="name_value", + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + import_only=True, + crypto_key_backend="crypto_key_backend_value", ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListImportJobsResponse.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_import_jobs(request) + response = client.get_crypto_key(request) # Establish that the response is the type that we expect. - assert isinstance(response, pagers.ListImportJobsPager) - assert response.next_page_token == "next_page_token_value" - assert response.total_size == 1086 + assert isinstance(response, resources.CryptoKey) + assert response.name == "name_value" + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert response.import_only is True + assert response.crypto_key_backend == "crypto_key_backend_value" -def test_list_import_jobs_rest_required_fields( - request_type=service.ListImportJobsRequest, -): +def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["parent"] = "" + request_init["name"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -9409,30 +10368,21 @@ def test_list_import_jobs_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_import_jobs._get_unset_required_fields(jsonified_request) + ).get_crypto_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - jsonified_request["parent"] = "parent_value" + jsonified_request["name"] = "name_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).list_import_jobs._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set( - ( - "filter", - "order_by", - "page_size", - "page_token", - ) - ) + ).get_crypto_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == "parent_value" + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -9441,7 +10391,7 @@ def test_list_import_jobs_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.ListImportJobsResponse() + return_value = resources.CryptoKey() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -9461,40 +10411,30 @@ def test_list_import_jobs_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListImportJobsResponse.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.list_import_jobs(request) + response = client.get_crypto_key(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_list_import_jobs_rest_unset_required_fields(): +def test_get_crypto_key_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.list_import_jobs._get_unset_required_fields({}) - assert set(unset_fields) == ( - set( - ( - "filter", - "orderBy", - "pageSize", - "pageToken", - ) - ) - & set(("parent",)) - ) + unset_fields = transport.get_crypto_key._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_list_import_jobs_rest_interceptors(null_interceptor): +def test_get_crypto_key_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -9507,13 +10447,13 @@ def test_list_import_jobs_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_list_import_jobs" + transports.KeyManagementServiceRestInterceptor, "post_get_crypto_key" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_list_import_jobs" + transports.KeyManagementServiceRestInterceptor, "pre_get_crypto_key" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.ListImportJobsRequest.pb(service.ListImportJobsRequest()) + pb_message = service.GetCryptoKeyRequest.pb(service.GetCryptoKeyRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -9524,19 +10464,17 @@ def test_list_import_jobs_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.ListImportJobsResponse.to_json( - service.ListImportJobsResponse() - ) + req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) - request = service.ListImportJobsRequest() + request = service.GetCryptoKeyRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.ListImportJobsResponse() + post.return_value = resources.CryptoKey() - client.list_import_jobs( + client.get_crypto_key( request, metadata=[ ("key", "val"), @@ -9548,8 +10486,8 @@ def test_list_import_jobs_rest_interceptors(null_interceptor): post.assert_called_once() -def test_list_import_jobs_rest_bad_request( - transport: str = "rest", request_type=service.ListImportJobsRequest +def test_get_crypto_key_rest_bad_request( + transport: str = "rest", request_type=service.GetCryptoKeyRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -9557,7 +10495,9 @@ def test_list_import_jobs_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } request = request_type(**request_init) # Mock the http request call within the method and fake a BadRequest error. @@ -9569,10 +10509,10 @@ def test_list_import_jobs_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.list_import_jobs(request) + client.get_crypto_key(request) -def test_list_import_jobs_rest_flattened(): +def test_get_crypto_key_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -9581,41 +10521,41 @@ def test_list_import_jobs_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.ListImportJobsResponse() + return_value = resources.CryptoKey() # get arguments that satisfy an http rule for this method sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } # get truthy value for each flattened field mock_args = dict( - parent="parent_value", + name="name_value", ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.ListImportJobsResponse.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.list_import_jobs(**mock_args) + client.get_crypto_key(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" % client.transport._host, args[1], ) -def test_list_import_jobs_rest_flattened_error(transport: str = "rest"): +def test_get_crypto_key_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -9624,115 +10564,87 @@ def test_list_import_jobs_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.list_import_jobs( - service.ListImportJobsRequest(), - parent="parent_value", - ) - - -def test_list_import_jobs_rest_pager(transport: str = "rest"): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(Session, "request") as req: - # TODO(kbandes): remove this mock unless there's a good reason for it. - # with mock.patch.object(path_template, 'transcode') as transcode: - # Set the response as a series of pages - response = ( - service.ListImportJobsResponse( - import_jobs=[ - resources.ImportJob(), - resources.ImportJob(), - resources.ImportJob(), - ], - next_page_token="abc", - ), - service.ListImportJobsResponse( - import_jobs=[], - next_page_token="def", - ), - service.ListImportJobsResponse( - import_jobs=[ - resources.ImportJob(), - ], - next_page_token="ghi", - ), - service.ListImportJobsResponse( - import_jobs=[ - resources.ImportJob(), - resources.ImportJob(), - ], - ), - ) - # Two responses for two calls - response = response + response - - # Wrap the values into proper Response objs - response = tuple(service.ListImportJobsResponse.to_json(x) for x in response) - return_values = tuple(Response() for i in response) - for return_val, response_val in zip(return_values, response): - return_val._content = response_val.encode("UTF-8") - return_val.status_code = 200 - req.side_effect = return_values - - sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3" - } - - pager = client.list_import_jobs(request=sample_request) - - results = list(pager) - assert len(results) == 6 - assert all(isinstance(i, resources.ImportJob) for i in results) + client.get_crypto_key( + service.GetCryptoKeyRequest(), + name="name_value", + ) - pages = list(client.list_import_jobs(request=sample_request).pages) - for page_, token in zip(pages, ["abc", "def", "ghi", ""]): - assert page_.raw_page.next_page_token == token + +def test_get_crypto_key_rest_error(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), transport="rest" + ) @pytest.mark.parametrize( "request_type", [ - service.GetKeyRingRequest, + service.GetCryptoKeyVersionRequest, dict, ], ) -def test_get_key_ring_rest(request_type): +def test_get_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.KeyRing( + return_value = resources.CryptoKeyVersion( name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + generation_failure_reason="generation_failure_reason_value", + external_destruction_failure_reason="external_destruction_failure_reason_value", + reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_key_ring(request) + response = client.get_crypto_key_version(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.KeyRing) + assert isinstance(response, resources.CryptoKeyVersion) assert response.name == "name_value" + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + assert response.import_job == "import_job_value" + assert response.import_failure_reason == "import_failure_reason_value" + assert response.generation_failure_reason == "generation_failure_reason_value" + assert ( + response.external_destruction_failure_reason + == "external_destruction_failure_reason_value" + ) + assert response.reimport_eligible is True -def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingRequest): +def test_get_crypto_key_version_rest_required_fields( + request_type=service.GetCryptoKeyVersionRequest, +): transport_class = transports.KeyManagementServiceRestTransport request_init = {} @@ -9751,7 +10663,7 @@ def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingReques unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_key_ring._get_unset_required_fields(jsonified_request) + ).get_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -9760,7 +10672,7 @@ def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingReques unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_key_ring._get_unset_required_fields(jsonified_request) + ).get_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone @@ -9774,7 +10686,7 @@ def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingReques request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.KeyRing() + return_value = resources.CryptoKeyVersion() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -9794,30 +10706,30 @@ def test_get_key_ring_rest_required_fields(request_type=service.GetKeyRingReques response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_key_ring(request) + response = client.get_crypto_key_version(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_get_key_ring_rest_unset_required_fields(): +def test_get_crypto_key_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.get_key_ring._get_unset_required_fields({}) + unset_fields = transport.get_crypto_key_version._get_unset_required_fields({}) assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_key_ring_rest_interceptors(null_interceptor): +def test_get_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -9830,13 +10742,15 @@ def test_get_key_ring_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_get_key_ring" + transports.KeyManagementServiceRestInterceptor, "post_get_crypto_key_version" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_get_key_ring" + transports.KeyManagementServiceRestInterceptor, "pre_get_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.GetKeyRingRequest.pb(service.GetKeyRingRequest()) + pb_message = service.GetCryptoKeyVersionRequest.pb( + service.GetCryptoKeyVersionRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -9847,17 +10761,19 @@ def test_get_key_ring_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.KeyRing.to_json(resources.KeyRing()) + req.return_value._content = resources.CryptoKeyVersion.to_json( + resources.CryptoKeyVersion() + ) - request = service.GetKeyRingRequest() + request = service.GetCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.KeyRing() + post.return_value = resources.CryptoKeyVersion() - client.get_key_ring( + client.get_crypto_key_version( request, metadata=[ ("key", "val"), @@ -9869,8 +10785,8 @@ def test_get_key_ring_rest_interceptors(null_interceptor): post.assert_called_once() -def test_get_key_ring_rest_bad_request( - transport: str = "rest", request_type=service.GetKeyRingRequest +def test_get_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.GetCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -9878,7 +10794,9 @@ def test_get_key_ring_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } request = request_type(**request_init) # Mock the http request call within the method and fake a BadRequest error. @@ -9890,10 +10808,10 @@ def test_get_key_ring_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.get_key_ring(request) + client.get_crypto_key_version(request) -def test_get_key_ring_rest_flattened(): +def test_get_crypto_key_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -9902,10 +10820,12 @@ def test_get_key_ring_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.KeyRing() + return_value = resources.CryptoKeyVersion() # get arguments that satisfy an http rule for this method - sample_request = {"name": "projects/sample1/locations/sample2/keyRings/sample3"} + sample_request = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } # get truthy value for each flattened field mock_args = dict( @@ -9916,24 +10836,25 @@ def test_get_key_ring_rest_flattened(): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.get_key_ring(**mock_args) + client.get_crypto_key_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*}" % client.transport._host, + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + % client.transport._host, args[1], ) -def test_get_key_ring_rest_flattened_error(transport: str = "rest"): +def test_get_crypto_key_version_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -9942,13 +10863,13 @@ def test_get_key_ring_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.get_key_ring( - service.GetKeyRingRequest(), + client.get_crypto_key_version( + service.GetCryptoKeyVersionRequest(), name="name_value", ) -def test_get_key_ring_rest_error(): +def test_get_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -9957,11 +10878,11 @@ def test_get_key_ring_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.GetCryptoKeyRequest, + service.GetPublicKeyRequest, dict, ], ) -def test_get_crypto_key_rest(request_type): +def test_get_public_key_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -9969,40 +10890,42 @@ def test_get_crypto_key_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey( + return_value = resources.PublicKey( + pem="pem_value", + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, name="name_value", - purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, - import_only=True, - crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), + protection_level=resources.ProtectionLevel.SOFTWARE, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.PublicKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_crypto_key(request) + response = client.get_public_key(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKey) + assert isinstance(response, resources.PublicKey) + assert response.pem == "pem_value" + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) assert response.name == "name_value" - assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert response.import_only is True - assert response.crypto_key_backend == "crypto_key_backend_value" + assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRequest): +def test_get_public_key_rest_required_fields(request_type=service.GetPublicKeyRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} @@ -10021,7 +10944,7 @@ def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRe unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_crypto_key._get_unset_required_fields(jsonified_request) + ).get_public_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -10030,7 +10953,7 @@ def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRe unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_crypto_key._get_unset_required_fields(jsonified_request) + ).get_public_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone @@ -10044,7 +10967,7 @@ def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRe request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() + return_value = resources.PublicKey() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -10064,30 +10987,30 @@ def test_get_crypto_key_rest_required_fields(request_type=service.GetCryptoKeyRe response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.PublicKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_crypto_key(request) + response = client.get_public_key(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_get_crypto_key_rest_unset_required_fields(): +def test_get_public_key_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.get_crypto_key._get_unset_required_fields({}) + unset_fields = transport.get_public_key._get_unset_required_fields({}) assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_crypto_key_rest_interceptors(null_interceptor): +def test_get_public_key_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -10100,13 +11023,13 @@ def test_get_crypto_key_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_get_crypto_key" + transports.KeyManagementServiceRestInterceptor, "post_get_public_key" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_get_crypto_key" + transports.KeyManagementServiceRestInterceptor, "pre_get_public_key" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.GetCryptoKeyRequest.pb(service.GetCryptoKeyRequest()) + pb_message = service.GetPublicKeyRequest.pb(service.GetPublicKeyRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -10117,17 +11040,17 @@ def test_get_crypto_key_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) + req.return_value._content = resources.PublicKey.to_json(resources.PublicKey()) - request = service.GetCryptoKeyRequest() + request = service.GetPublicKeyRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKey() + post.return_value = resources.PublicKey() - client.get_crypto_key( + client.get_public_key( request, metadata=[ ("key", "val"), @@ -10139,8 +11062,8 @@ def test_get_crypto_key_rest_interceptors(null_interceptor): post.assert_called_once() -def test_get_crypto_key_rest_bad_request( - transport: str = "rest", request_type=service.GetCryptoKeyRequest +def test_get_public_key_rest_bad_request( + transport: str = "rest", request_type=service.GetPublicKeyRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -10149,7 +11072,7 @@ def test_get_crypto_key_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -10162,10 +11085,10 @@ def test_get_crypto_key_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.get_crypto_key(request) + client.get_public_key(request) -def test_get_crypto_key_rest_flattened(): +def test_get_public_key_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -10174,11 +11097,11 @@ def test_get_crypto_key_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() + return_value = resources.PublicKey() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } # get truthy value for each flattened field @@ -10190,25 +11113,25 @@ def test_get_crypto_key_rest_flattened(): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.PublicKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.get_crypto_key(**mock_args) + client.get_public_key(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" % client.transport._host, args[1], ) -def test_get_crypto_key_rest_flattened_error(transport: str = "rest"): +def test_get_public_key_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -10217,13 +11140,13 @@ def test_get_crypto_key_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.get_crypto_key( - service.GetCryptoKeyRequest(), + client.get_public_key( + service.GetPublicKeyRequest(), name="name_value", ) -def test_get_crypto_key_rest_error(): +def test_get_public_key_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -10232,11 +11155,11 @@ def test_get_crypto_key_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.GetCryptoKeyVersionRequest, + service.GetImportJobRequest, dict, ], ) -def test_get_crypto_key_version_rest(request_type): +def test_get_import_job_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -10244,60 +11167,42 @@ def test_get_crypto_key_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion( + return_value = resources.ImportJob( name="name_value", - state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, protection_level=resources.ProtectionLevel.SOFTWARE, - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - import_job="import_job_value", - import_failure_reason="import_failure_reason_value", - generation_failure_reason="generation_failure_reason_value", - external_destruction_failure_reason="external_destruction_failure_reason_value", - reimport_eligible=True, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_crypto_key_version(request) + response = client.get_import_job(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKeyVersion) + assert isinstance(response, resources.ImportJob) assert response.name == "name_value" assert ( - response.state - == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 ) assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) - assert response.import_job == "import_job_value" - assert response.import_failure_reason == "import_failure_reason_value" - assert response.generation_failure_reason == "generation_failure_reason_value" - assert ( - response.external_destruction_failure_reason - == "external_destruction_failure_reason_value" - ) - assert response.reimport_eligible is True + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION -def test_get_crypto_key_version_rest_required_fields( - request_type=service.GetCryptoKeyVersionRequest, -): +def test_get_import_job_rest_required_fields(request_type=service.GetImportJobRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} @@ -10316,7 +11221,7 @@ def test_get_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_crypto_key_version._get_unset_required_fields(jsonified_request) + ).get_import_job._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -10325,7 +11230,7 @@ def test_get_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_crypto_key_version._get_unset_required_fields(jsonified_request) + ).get_import_job._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone @@ -10339,7 +11244,7 @@ def test_get_crypto_key_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = resources.ImportJob() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -10359,30 +11264,30 @@ def test_get_crypto_key_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_crypto_key_version(request) + response = client.get_import_job(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_get_crypto_key_version_rest_unset_required_fields(): +def test_get_import_job_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.get_crypto_key_version._get_unset_required_fields({}) + unset_fields = transport.get_import_job._get_unset_required_fields({}) assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_crypto_key_version_rest_interceptors(null_interceptor): +def test_get_import_job_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -10395,15 +11300,13 @@ def test_get_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_get_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "post_get_import_job" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_get_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_get_import_job" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.GetCryptoKeyVersionRequest.pb( - service.GetCryptoKeyVersionRequest() - ) + pb_message = service.GetImportJobRequest.pb(service.GetImportJobRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -10414,19 +11317,17 @@ def test_get_crypto_key_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKeyVersion.to_json( - resources.CryptoKeyVersion() - ) + req.return_value._content = resources.ImportJob.to_json(resources.ImportJob()) - request = service.GetCryptoKeyVersionRequest() + request = service.GetImportJobRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKeyVersion() + post.return_value = resources.ImportJob() - client.get_crypto_key_version( + client.get_import_job( request, metadata=[ ("key", "val"), @@ -10438,8 +11339,8 @@ def test_get_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_get_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.GetCryptoKeyVersionRequest +def test_get_import_job_rest_bad_request( + transport: str = "rest", request_type=service.GetImportJobRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -10448,7 +11349,7 @@ def test_get_crypto_key_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" } request = request_type(**request_init) @@ -10461,10 +11362,10 @@ def test_get_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.get_crypto_key_version(request) + client.get_import_job(request) -def test_get_crypto_key_version_rest_flattened(): +def test_get_import_job_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -10473,11 +11374,11 @@ def test_get_crypto_key_version_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = resources.ImportJob() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" } # get truthy value for each flattened field @@ -10489,25 +11390,25 @@ def test_get_crypto_key_version_rest_flattened(): # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.get_crypto_key_version(**mock_args) + client.get_import_job(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + "%s/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" % client.transport._host, args[1], ) -def test_get_crypto_key_version_rest_flattened_error(transport: str = "rest"): +def test_get_import_job_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -10516,13 +11417,13 @@ def test_get_crypto_key_version_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.get_crypto_key_version( - service.GetCryptoKeyVersionRequest(), + client.get_import_job( + service.GetImportJobRequest(), name="name_value", ) -def test_get_crypto_key_version_rest_error(): +def test_get_import_job_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -10531,58 +11432,54 @@ def test_get_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.GetPublicKeyRequest, + service.CreateKeyRingRequest, dict, ], ) -def test_get_public_key_rest(request_type): +def test_create_key_ring_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + request_init = {"parent": "projects/sample1/locations/sample2"} + request_init["key_ring"] = { + "name": "name_value", + "create_time": {"seconds": 751, "nanos": 543}, } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.PublicKey( - pem="pem_value", - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + return_value = resources.KeyRing( name="name_value", - protection_level=resources.ProtectionLevel.SOFTWARE, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.PublicKey.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_public_key(request) + response = client.create_key_ring(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.PublicKey) - assert response.pem == "pem_value" - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) + assert isinstance(response, resources.KeyRing) assert response.name == "name_value" - assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_get_public_key_rest_required_fields(request_type=service.GetPublicKeyRequest): +def test_create_key_ring_rest_required_fields( + request_type=service.CreateKeyRingRequest, +): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["name"] = "" + request_init["parent"] = "" + request_init["key_ring_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -10594,24 +11491,32 @@ def test_get_public_key_rest_required_fields(request_type=service.GetPublicKeyRe ) # verify fields with default values are dropped + assert "keyRingId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_public_key._get_unset_required_fields(jsonified_request) + ).create_key_ring._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present + assert "keyRingId" in jsonified_request + assert jsonified_request["keyRingId"] == request_init["key_ring_id"] - jsonified_request["name"] = "name_value" + jsonified_request["parent"] = "parent_value" + jsonified_request["keyRingId"] = "key_ring_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_public_key._get_unset_required_fields(jsonified_request) + ).create_key_ring._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("key_ring_id",)) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == "name_value" + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "keyRingId" in jsonified_request + assert jsonified_request["keyRingId"] == "key_ring_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -10620,7 +11525,7 @@ def test_get_public_key_rest_required_fields(request_type=service.GetPublicKeyRe request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.PublicKey() + return_value = resources.KeyRing() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -10632,38 +11537,54 @@ def test_get_public_key_rest_required_fields(request_type=service.GetPublicKeyRe pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "get", + "method": "post", "query_params": pb_request, } + transcode_result["body"] = pb_request transcode.return_value = transcode_result response_value = Response() response_value.status_code = 200 - pb_return_value = resources.PublicKey.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_public_key(request) + response = client.create_key_ring(request) - expected_params = [("$alt", "json;enum-encoding=int")] + expected_params = [ + ( + "keyRingId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_get_public_key_rest_unset_required_fields(): +def test_create_key_ring_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.get_public_key._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name",))) + unset_fields = transport.create_key_ring._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(("keyRingId",)) + & set( + ( + "parent", + "keyRingId", + "keyRing", + ) + ) + ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_public_key_rest_interceptors(null_interceptor): +def test_create_key_ring_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -10676,13 +11597,13 @@ def test_get_public_key_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_get_public_key" + transports.KeyManagementServiceRestInterceptor, "post_create_key_ring" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_get_public_key" + transports.KeyManagementServiceRestInterceptor, "pre_create_key_ring" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.GetPublicKeyRequest.pb(service.GetPublicKeyRequest()) + pb_message = service.CreateKeyRingRequest.pb(service.CreateKeyRingRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -10693,17 +11614,17 @@ def test_get_public_key_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.PublicKey.to_json(resources.PublicKey()) + req.return_value._content = resources.KeyRing.to_json(resources.KeyRing()) - request = service.GetPublicKeyRequest() + request = service.CreateKeyRingRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.PublicKey() + post.return_value = resources.KeyRing() - client.get_public_key( + client.create_key_ring( request, metadata=[ ("key", "val"), @@ -10715,8 +11636,8 @@ def test_get_public_key_rest_interceptors(null_interceptor): post.assert_called_once() -def test_get_public_key_rest_bad_request( - transport: str = "rest", request_type=service.GetPublicKeyRequest +def test_create_key_ring_rest_bad_request( + transport: str = "rest", request_type=service.CreateKeyRingRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -10724,8 +11645,10 @@ def test_get_public_key_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + request_init = {"parent": "projects/sample1/locations/sample2"} + request_init["key_ring"] = { + "name": "name_value", + "create_time": {"seconds": 751, "nanos": 543}, } request = request_type(**request_init) @@ -10738,10 +11661,10 @@ def test_get_public_key_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.get_public_key(request) + client.create_key_ring(request) -def test_get_public_key_rest_flattened(): +def test_create_key_ring_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -10750,41 +11673,40 @@ def test_get_public_key_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.PublicKey() + return_value = resources.KeyRing() # get arguments that satisfy an http rule for this method - sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" - } + sample_request = {"parent": "projects/sample1/locations/sample2"} # get truthy value for each flattened field mock_args = dict( - name="name_value", + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.PublicKey.pb(return_value) + pb_return_value = resources.KeyRing.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.get_public_key(**mock_args) + client.create_key_ring(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey" - % client.transport._host, + "%s/v1/{parent=projects/*/locations/*}/keyRings" % client.transport._host, args[1], ) -def test_get_public_key_rest_flattened_error(transport: str = "rest"): +def test_create_key_ring_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -10793,13 +11715,15 @@ def test_get_public_key_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.get_public_key( - service.GetPublicKeyRequest(), - name="name_value", + client.create_key_ring( + service.CreateKeyRingRequest(), + parent="parent_value", + key_ring_id="key_ring_id_value", + key_ring=resources.KeyRing(name="name_value"), ) -def test_get_public_key_rest_error(): +def test_create_key_ring_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -10808,58 +11732,103 @@ def test_get_public_key_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.GetImportJobRequest, + service.CreateCryptoKeyRequest, dict, ], ) -def test_get_import_job_rest(request_type): +def test_create_crypto_key_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init["crypto_key"] = { + "name": "name_value", + "primary": { + "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, + }, + "purpose": 1, + "create_time": {}, + "next_rotation_time": {}, + "rotation_period": {"seconds": 751, "nanos": 543}, + "version_template": {"protection_level": 1, "algorithm": 1}, + "labels": {}, + "import_only": True, + "destroy_scheduled_duration": {}, + "crypto_key_backend": "crypto_key_backend_value", } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.ImportJob( + return_value = resources.CryptoKey( name="name_value", - import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, - protection_level=resources.ProtectionLevel.SOFTWARE, - state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + import_only=True, + crypto_key_backend="crypto_key_backend_value", ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_import_job(request) + response = client.create_crypto_key(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.ImportJob) + assert isinstance(response, resources.CryptoKey) assert response.name == "name_value" - assert ( - response.import_method - == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 - ) - assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert response.import_only is True + assert response.crypto_key_backend == "crypto_key_backend_value" -def test_get_import_job_rest_required_fields(request_type=service.GetImportJobRequest): +def test_create_crypto_key_rest_required_fields( + request_type=service.CreateCryptoKeyRequest, +): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["name"] = "" + request_init["parent"] = "" + request_init["crypto_key_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -10871,24 +11840,37 @@ def test_get_import_job_rest_required_fields(request_type=service.GetImportJobRe ) # verify fields with default values are dropped + assert "cryptoKeyId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_import_job._get_unset_required_fields(jsonified_request) + ).create_crypto_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present + assert "cryptoKeyId" in jsonified_request + assert jsonified_request["cryptoKeyId"] == request_init["crypto_key_id"] - jsonified_request["name"] = "name_value" + jsonified_request["parent"] = "parent_value" + jsonified_request["cryptoKeyId"] = "crypto_key_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).get_import_job._get_unset_required_fields(jsonified_request) + ).create_crypto_key._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set( + ( + "crypto_key_id", + "skip_initial_version_creation", + ) + ) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "name" in jsonified_request - assert jsonified_request["name"] == "name_value" + assert "parent" in jsonified_request + assert jsonified_request["parent"] == "parent_value" + assert "cryptoKeyId" in jsonified_request + assert jsonified_request["cryptoKeyId"] == "crypto_key_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -10897,7 +11879,7 @@ def test_get_import_job_rest_required_fields(request_type=service.GetImportJobRe request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.ImportJob() + return_value = resources.CryptoKey() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -10909,38 +11891,59 @@ def test_get_import_job_rest_required_fields(request_type=service.GetImportJobRe pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "get", + "method": "post", "query_params": pb_request, } + transcode_result["body"] = pb_request transcode.return_value = transcode_result response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.get_import_job(request) + response = client.create_crypto_key(request) - expected_params = [("$alt", "json;enum-encoding=int")] + expected_params = [ + ( + "cryptoKeyId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_get_import_job_rest_unset_required_fields(): +def test_create_crypto_key_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.get_import_job._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name",))) + unset_fields = transport.create_crypto_key._get_unset_required_fields({}) + assert set(unset_fields) == ( + set( + ( + "cryptoKeyId", + "skipInitialVersionCreation", + ) + ) + & set( + ( + "parent", + "cryptoKeyId", + "cryptoKey", + ) + ) + ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_get_import_job_rest_interceptors(null_interceptor): +def test_create_crypto_key_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -10953,13 +11956,13 @@ def test_get_import_job_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_get_import_job" + transports.KeyManagementServiceRestInterceptor, "post_create_crypto_key" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_get_import_job" + transports.KeyManagementServiceRestInterceptor, "pre_create_crypto_key" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.GetImportJobRequest.pb(service.GetImportJobRequest()) + pb_message = service.CreateCryptoKeyRequest.pb(service.CreateCryptoKeyRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -10970,17 +11973,17 @@ def test_get_import_job_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.ImportJob.to_json(resources.ImportJob()) + req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) - request = service.GetImportJobRequest() + request = service.CreateCryptoKeyRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.ImportJob() + post.return_value = resources.CryptoKey() - client.get_import_job( + client.create_crypto_key( request, metadata=[ ("key", "val"), @@ -10992,8 +11995,8 @@ def test_get_import_job_rest_interceptors(null_interceptor): post.assert_called_once() -def test_get_import_job_rest_bad_request( - transport: str = "rest", request_type=service.GetImportJobRequest +def test_create_crypto_key_rest_bad_request( + transport: str = "rest", request_type=service.CreateCryptoKeyRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11001,8 +12004,53 @@ def test_get_import_job_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init["crypto_key"] = { + "name": "name_value", + "primary": { + "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, + }, + "purpose": 1, + "create_time": {}, + "next_rotation_time": {}, + "rotation_period": {"seconds": 751, "nanos": 543}, + "version_template": {"protection_level": 1, "algorithm": 1}, + "labels": {}, + "import_only": True, + "destroy_scheduled_duration": {}, + "crypto_key_backend": "crypto_key_backend_value", } request = request_type(**request_init) @@ -11015,10 +12063,10 @@ def test_get_import_job_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.get_import_job(request) + client.create_crypto_key(request) -def test_get_import_job_rest_flattened(): +def test_create_crypto_key_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -11027,41 +12075,43 @@ def test_get_import_job_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.ImportJob() + return_value = resources.CryptoKey() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/importJobs/sample4" + "parent": "projects/sample1/locations/sample2/keyRings/sample3" } # get truthy value for each flattened field mock_args = dict( - name="name_value", + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.get_import_job(**mock_args) + client.create_crypto_key(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/importJobs/*}" + "%s/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" % client.transport._host, args[1], ) -def test_get_import_job_rest_flattened_error(transport: str = "rest"): +def test_create_crypto_key_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -11070,13 +12120,15 @@ def test_get_import_job_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.get_import_job( - service.GetImportJobRequest(), - name="name_value", + client.create_crypto_key( + service.CreateCryptoKeyRequest(), + parent="parent_value", + crypto_key_id="crypto_key_id_value", + crypto_key=resources.CryptoKey(name="name_value"), ) -def test_get_import_job_rest_error(): +def test_create_crypto_key_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -11085,54 +12137,111 @@ def test_get_import_job_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.CreateKeyRingRequest, + service.CreateCryptoKeyVersionRequest, dict, ], ) -def test_create_key_ring_rest(request_type): +def test_create_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2"} - request_init["key_ring"] = { + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } + request_init["crypto_key_version"] = { "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.KeyRing( + return_value = resources.CryptoKeyVersion( name="name_value", + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + generation_failure_reason="generation_failure_reason_value", + external_destruction_failure_reason="external_destruction_failure_reason_value", + reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_key_ring(request) + response = client.create_crypto_key_version(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.KeyRing) + assert isinstance(response, resources.CryptoKeyVersion) assert response.name == "name_value" + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + assert response.import_job == "import_job_value" + assert response.import_failure_reason == "import_failure_reason_value" + assert response.generation_failure_reason == "generation_failure_reason_value" + assert ( + response.external_destruction_failure_reason + == "external_destruction_failure_reason_value" + ) + assert response.reimport_eligible is True -def test_create_key_ring_rest_required_fields( - request_type=service.CreateKeyRingRequest, +def test_create_crypto_key_version_rest_required_fields( + request_type=service.CreateCryptoKeyVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["parent"] = "" - request_init["key_ring_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -11144,32 +12253,24 @@ def test_create_key_ring_rest_required_fields( ) # verify fields with default values are dropped - assert "keyRingId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_key_ring._get_unset_required_fields(jsonified_request) + ).create_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - assert "keyRingId" in jsonified_request - assert jsonified_request["keyRingId"] == request_init["key_ring_id"] jsonified_request["parent"] = "parent_value" - jsonified_request["keyRingId"] = "key_ring_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_key_ring._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("key_ring_id",)) + ).create_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "parent" in jsonified_request assert jsonified_request["parent"] == "parent_value" - assert "keyRingId" in jsonified_request - assert jsonified_request["keyRingId"] == "key_ring_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11178,7 +12279,7 @@ def test_create_key_ring_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.KeyRing() + return_value = resources.CryptoKeyVersion() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -11199,45 +12300,38 @@ def test_create_key_ring_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_key_ring(request) + response = client.create_crypto_key_version(request) - expected_params = [ - ( - "keyRingId", - "", - ), - ("$alt", "json;enum-encoding=int"), - ] + expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_create_key_ring_rest_unset_required_fields(): +def test_create_crypto_key_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.create_key_ring._get_unset_required_fields({}) + unset_fields = transport.create_crypto_key_version._get_unset_required_fields({}) assert set(unset_fields) == ( - set(("keyRingId",)) + set(()) & set( ( "parent", - "keyRingId", - "keyRing", + "cryptoKeyVersion", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_key_ring_rest_interceptors(null_interceptor): +def test_create_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -11250,13 +12344,15 @@ def test_create_key_ring_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_create_key_ring" + transports.KeyManagementServiceRestInterceptor, "post_create_crypto_key_version" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_create_key_ring" + transports.KeyManagementServiceRestInterceptor, "pre_create_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.CreateKeyRingRequest.pb(service.CreateKeyRingRequest()) + pb_message = service.CreateCryptoKeyVersionRequest.pb( + service.CreateCryptoKeyVersionRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -11267,17 +12363,19 @@ def test_create_key_ring_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.KeyRing.to_json(resources.KeyRing()) + req.return_value._content = resources.CryptoKeyVersion.to_json( + resources.CryptoKeyVersion() + ) - request = service.CreateKeyRingRequest() + request = service.CreateCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.KeyRing() + post.return_value = resources.CryptoKeyVersion() - client.create_key_ring( + client.create_crypto_key_version( request, metadata=[ ("key", "val"), @@ -11289,8 +12387,8 @@ def test_create_key_ring_rest_interceptors(null_interceptor): post.assert_called_once() -def test_create_key_ring_rest_bad_request( - transport: str = "rest", request_type=service.CreateKeyRingRequest +def test_create_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.CreateCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11298,10 +12396,43 @@ def test_create_key_ring_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2"} - request_init["key_ring"] = { + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } + request_init["crypto_key_version"] = { "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, } request = request_type(**request_init) @@ -11314,10 +12445,10 @@ def test_create_key_ring_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.create_key_ring(request) + client.create_crypto_key_version(request) -def test_create_key_ring_rest_flattened(): +def test_create_crypto_key_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -11326,40 +12457,42 @@ def test_create_key_ring_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.KeyRing() + return_value = resources.CryptoKeyVersion() # get arguments that satisfy an http rule for this method - sample_request = {"parent": "projects/sample1/locations/sample2"} + sample_request = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } # get truthy value for each flattened field mock_args = dict( parent="parent_value", - key_ring_id="key_ring_id_value", - key_ring=resources.KeyRing(name="name_value"), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.KeyRing.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.create_key_ring(**mock_args) + client.create_crypto_key_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*}/keyRings" % client.transport._host, + "%s/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + % client.transport._host, args[1], ) -def test_create_key_ring_rest_flattened_error(transport: str = "rest"): +def test_create_crypto_key_version_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -11368,15 +12501,14 @@ def test_create_key_ring_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.create_key_ring( - service.CreateKeyRingRequest(), + client.create_crypto_key_version( + service.CreateCryptoKeyVersionRequest(), parent="parent_value", - key_ring_id="key_ring_id_value", - key_ring=resources.KeyRing(name="name_value"), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), ) -def test_create_key_ring_rest_error(): +def test_create_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -11385,104 +12517,77 @@ def test_create_key_ring_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.CreateCryptoKeyRequest, + service.ImportCryptoKeyVersionRequest, dict, ], ) -def test_create_crypto_key_rest(request_type): +def test_import_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} - request_init["crypto_key"] = { - "name": "name_value", - "primary": { - "name": "name_value", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, - }, - "purpose": 1, - "create_time": {}, - "next_rotation_time": {}, - "rotation_period": {"seconds": 751, "nanos": 543}, - "version_template": {"protection_level": 1, "algorithm": 1}, - "labels": {}, - "import_only": True, - "destroy_scheduled_duration": {}, - "crypto_key_backend": "crypto_key_backend_value", + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey( + return_value = resources.CryptoKeyVersion( name="name_value", - purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, - import_only=True, - crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + generation_failure_reason="generation_failure_reason_value", + external_destruction_failure_reason="external_destruction_failure_reason_value", + reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_crypto_key(request) + response = client.import_crypto_key_version(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKey) + assert isinstance(response, resources.CryptoKeyVersion) assert response.name == "name_value" - assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert response.import_only is True - assert response.crypto_key_backend == "crypto_key_backend_value" + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + assert response.import_job == "import_job_value" + assert response.import_failure_reason == "import_failure_reason_value" + assert response.generation_failure_reason == "generation_failure_reason_value" + assert ( + response.external_destruction_failure_reason + == "external_destruction_failure_reason_value" + ) + assert response.reimport_eligible is True -def test_create_crypto_key_rest_required_fields( - request_type=service.CreateCryptoKeyRequest, +def test_import_crypto_key_version_rest_required_fields( + request_type=service.ImportCryptoKeyVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["parent"] = "" - request_init["crypto_key_id"] = "" + request_init["import_job"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -11494,37 +12599,27 @@ def test_create_crypto_key_rest_required_fields( ) # verify fields with default values are dropped - assert "cryptoKeyId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_crypto_key._get_unset_required_fields(jsonified_request) + ).import_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - assert "cryptoKeyId" in jsonified_request - assert jsonified_request["cryptoKeyId"] == request_init["crypto_key_id"] jsonified_request["parent"] = "parent_value" - jsonified_request["cryptoKeyId"] = "crypto_key_id_value" + jsonified_request["importJob"] = "import_job_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_crypto_key._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set( - ( - "crypto_key_id", - "skip_initial_version_creation", - ) - ) + ).import_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "parent" in jsonified_request assert jsonified_request["parent"] == "parent_value" - assert "cryptoKeyId" in jsonified_request - assert jsonified_request["cryptoKeyId"] == "crypto_key_id_value" + assert "importJob" in jsonified_request + assert jsonified_request["importJob"] == "import_job_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11533,7 +12628,7 @@ def test_create_crypto_key_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() + return_value = resources.CryptoKeyVersion() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -11554,50 +12649,39 @@ def test_create_crypto_key_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_crypto_key(request) + response = client.import_crypto_key_version(request) - expected_params = [ - ( - "cryptoKeyId", - "", - ), - ("$alt", "json;enum-encoding=int"), - ] + expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_create_crypto_key_rest_unset_required_fields(): +def test_import_crypto_key_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.create_crypto_key._get_unset_required_fields({}) + unset_fields = transport.import_crypto_key_version._get_unset_required_fields({}) assert set(unset_fields) == ( - set( - ( - "cryptoKeyId", - "skipInitialVersionCreation", - ) - ) + set(()) & set( ( "parent", - "cryptoKeyId", - "cryptoKey", + "algorithm", + "importJob", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_crypto_key_rest_interceptors(null_interceptor): +def test_import_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -11610,13 +12694,15 @@ def test_create_crypto_key_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_create_crypto_key" + transports.KeyManagementServiceRestInterceptor, "post_import_crypto_key_version" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_create_crypto_key" + transports.KeyManagementServiceRestInterceptor, "pre_import_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.CreateCryptoKeyRequest.pb(service.CreateCryptoKeyRequest()) + pb_message = service.ImportCryptoKeyVersionRequest.pb( + service.ImportCryptoKeyVersionRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -11627,17 +12713,19 @@ def test_create_crypto_key_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) + req.return_value._content = resources.CryptoKeyVersion.to_json( + resources.CryptoKeyVersion() + ) - request = service.CreateCryptoKeyRequest() + request = service.ImportCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKey() + post.return_value = resources.CryptoKeyVersion() - client.create_crypto_key( + client.import_crypto_key_version( request, metadata=[ ("key", "val"), @@ -11649,8 +12737,8 @@ def test_create_crypto_key_rest_interceptors(null_interceptor): post.assert_called_once() -def test_create_crypto_key_rest_bad_request( - transport: str = "rest", request_type=service.CreateCryptoKeyRequest +def test_import_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.ImportCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11658,53 +12746,8 @@ def test_create_crypto_key_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} - request_init["crypto_key"] = { - "name": "name_value", - "primary": { - "name": "name_value", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, - }, - "purpose": 1, - "create_time": {}, - "next_rotation_time": {}, - "rotation_period": {"seconds": 751, "nanos": 543}, - "version_template": {"protection_level": 1, "algorithm": 1}, - "labels": {}, - "import_only": True, - "destroy_scheduled_duration": {}, - "crypto_key_backend": "crypto_key_backend_value", + request_init = { + "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) @@ -11717,72 +12760,10 @@ def test_create_crypto_key_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.create_crypto_key(request) - - -def test_create_crypto_key_rest_flattened(): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), "request") as req: - # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() - - # get arguments that satisfy an http rule for this method - sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3" - } - - # get truthy value for each flattened field - mock_args = dict( - parent="parent_value", - crypto_key_id="crypto_key_id_value", - crypto_key=resources.CryptoKey(name="name_value"), - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) - json_return_value = json_format.MessageToJson(pb_return_value) - response_value._content = json_return_value.encode("UTF-8") - req.return_value = response_value - - client.create_crypto_key(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys" - % client.transport._host, - args[1], - ) - - -def test_create_crypto_key_rest_flattened_error(transport: str = "rest"): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.create_crypto_key( - service.CreateCryptoKeyRequest(), - parent="parent_value", - crypto_key_id="crypto_key_id_value", - crypto_key=resources.CryptoKey(name="name_value"), - ) + client.import_crypto_key_version(request) -def test_create_crypto_key_rest_error(): +def test_import_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -11791,25 +12772,28 @@ def test_create_crypto_key_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.CreateCryptoKeyVersionRequest, + service.CreateImportJobRequest, dict, ], ) -def test_create_crypto_key_version_rest(request_type): +def test_create_import_job_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - request_init["crypto_key_version"] = { + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init["import_job"] = { "name": "name_value", - "state": 5, + "import_method": 1, "protection_level": 1, - "algorithm": 1, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "expire_time": {}, + "expire_event_time": {}, + "state": 1, + "public_key": {"pem": "pem_value"}, "attestation": { "format": 3, "content": b"content_blob", @@ -11825,77 +12809,48 @@ def test_create_crypto_key_version_rest(request_type): ], }, }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion( + return_value = resources.ImportJob( name="name_value", - state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, protection_level=resources.ProtectionLevel.SOFTWARE, - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - import_job="import_job_value", - import_failure_reason="import_failure_reason_value", - generation_failure_reason="generation_failure_reason_value", - external_destruction_failure_reason="external_destruction_failure_reason_value", - reimport_eligible=True, + state=resources.ImportJob.ImportJobState.PENDING_GENERATION, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_crypto_key_version(request) + response = client.create_import_job(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKeyVersion) + assert isinstance(response, resources.ImportJob) assert response.name == "name_value" assert ( - response.state - == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + response.import_method + == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 ) assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) - assert response.import_job == "import_job_value" - assert response.import_failure_reason == "import_failure_reason_value" - assert response.generation_failure_reason == "generation_failure_reason_value" - assert ( - response.external_destruction_failure_reason - == "external_destruction_failure_reason_value" - ) - assert response.reimport_eligible is True + assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION -def test_create_crypto_key_version_rest_required_fields( - request_type=service.CreateCryptoKeyVersionRequest, +def test_create_import_job_rest_required_fields( + request_type=service.CreateImportJobRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["parent"] = "" + request_init["import_job_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -11907,24 +12862,32 @@ def test_create_crypto_key_version_rest_required_fields( ) # verify fields with default values are dropped + assert "importJobId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_crypto_key_version._get_unset_required_fields(jsonified_request) + ).create_import_job._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present + assert "importJobId" in jsonified_request + assert jsonified_request["importJobId"] == request_init["import_job_id"] jsonified_request["parent"] = "parent_value" + jsonified_request["importJobId"] = "import_job_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_crypto_key_version._get_unset_required_fields(jsonified_request) + ).create_import_job._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("import_job_id",)) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "parent" in jsonified_request assert jsonified_request["parent"] == "parent_value" + assert "importJobId" in jsonified_request + assert jsonified_request["importJobId"] == "import_job_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -11933,7 +12896,7 @@ def test_create_crypto_key_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = resources.ImportJob() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -11954,38 +12917,45 @@ def test_create_crypto_key_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_crypto_key_version(request) + response = client.create_import_job(request) - expected_params = [("$alt", "json;enum-encoding=int")] + expected_params = [ + ( + "importJobId", + "", + ), + ("$alt", "json;enum-encoding=int"), + ] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_create_crypto_key_version_rest_unset_required_fields(): +def test_create_import_job_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.create_crypto_key_version._get_unset_required_fields({}) + unset_fields = transport.create_import_job._get_unset_required_fields({}) assert set(unset_fields) == ( - set(()) + set(("importJobId",)) & set( ( "parent", - "cryptoKeyVersion", + "importJobId", + "importJob", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_crypto_key_version_rest_interceptors(null_interceptor): +def test_create_import_job_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -11998,15 +12968,13 @@ def test_create_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_create_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "post_create_import_job" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_create_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_create_import_job" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.CreateCryptoKeyVersionRequest.pb( - service.CreateCryptoKeyVersionRequest() - ) + pb_message = service.CreateImportJobRequest.pb(service.CreateImportJobRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -12017,19 +12985,17 @@ def test_create_crypto_key_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKeyVersion.to_json( - resources.CryptoKeyVersion() - ) + req.return_value._content = resources.ImportJob.to_json(resources.ImportJob()) - request = service.CreateCryptoKeyVersionRequest() + request = service.CreateImportJobRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKeyVersion() + post.return_value = resources.ImportJob() - client.create_crypto_key_version( + client.create_import_job( request, metadata=[ ("key", "val"), @@ -12041,8 +13007,8 @@ def test_create_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_create_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.CreateCryptoKeyVersionRequest +def test_create_import_job_rest_bad_request( + transport: str = "rest", request_type=service.CreateImportJobRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12050,14 +13016,17 @@ def test_create_crypto_key_version_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - request_init["crypto_key_version"] = { + request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} + request_init["import_job"] = { "name": "name_value", - "state": 5, + "import_method": 1, "protection_level": 1, - "algorithm": 1, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "expire_time": {}, + "expire_event_time": {}, + "state": 1, + "public_key": {"pem": "pem_value"}, "attestation": { "format": 3, "content": b"content_blob", @@ -12073,20 +13042,6 @@ def test_create_crypto_key_version_rest_bad_request( ], }, }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, } request = request_type(**request_init) @@ -12099,10 +13054,10 @@ def test_create_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.create_crypto_key_version(request) + client.create_import_job(request) -def test_create_crypto_key_version_rest_flattened(): +def test_create_import_job_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -12111,42 +13066,43 @@ def test_create_crypto_key_version_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = resources.ImportJob() # get arguments that satisfy an http rule for this method sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "parent": "projects/sample1/locations/sample2/keyRings/sample3" } # get truthy value for each flattened field mock_args = dict( parent="parent_value", - crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.ImportJob.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.create_crypto_key_version(**mock_args) + client.create_import_job(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions" + "%s/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" % client.transport._host, args[1], ) -def test_create_crypto_key_version_rest_flattened_error(transport: str = "rest"): +def test_create_import_job_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -12155,14 +13111,15 @@ def test_create_crypto_key_version_rest_flattened_error(transport: str = "rest") # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.create_crypto_key_version( - service.CreateCryptoKeyVersionRequest(), + client.create_import_job( + service.CreateImportJobRequest(), parent="parent_value", - crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + import_job_id="import_job_id_value", + import_job=resources.ImportJob(name="name_value"), ) -def test_create_crypto_key_version_rest_error(): +def test_create_import_job_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -12171,11 +13128,11 @@ def test_create_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.ImportCryptoKeyVersionRequest, + service.UpdateCryptoKeyRequest, dict, ], ) -def test_import_crypto_key_version_rest(request_type): +def test_update_crypto_key_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -12183,65 +13140,93 @@ def test_import_crypto_key_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "crypto_key": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } + } + request_init["crypto_key"] = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4", + "primary": { + "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, + }, + "purpose": 1, + "create_time": {}, + "next_rotation_time": {}, + "rotation_period": {"seconds": 751, "nanos": 543}, + "version_template": {"protection_level": 1, "algorithm": 1}, + "labels": {}, + "import_only": True, + "destroy_scheduled_duration": {}, + "crypto_key_backend": "crypto_key_backend_value", } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion( + return_value = resources.CryptoKey( name="name_value", - state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, - protection_level=resources.ProtectionLevel.SOFTWARE, - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - import_job="import_job_value", - import_failure_reason="import_failure_reason_value", - generation_failure_reason="generation_failure_reason_value", - external_destruction_failure_reason="external_destruction_failure_reason_value", - reimport_eligible=True, + purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, + import_only=True, + crypto_key_backend="crypto_key_backend_value", ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.import_crypto_key_version(request) + response = client.update_crypto_key(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKeyVersion) + assert isinstance(response, resources.CryptoKey) assert response.name == "name_value" - assert ( - response.state - == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION - ) - assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) - assert response.import_job == "import_job_value" - assert response.import_failure_reason == "import_failure_reason_value" - assert response.generation_failure_reason == "generation_failure_reason_value" - assert ( - response.external_destruction_failure_reason - == "external_destruction_failure_reason_value" - ) - assert response.reimport_eligible is True + assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT + assert response.import_only is True + assert response.crypto_key_backend == "crypto_key_backend_value" -def test_import_crypto_key_version_rest_required_fields( - request_type=service.ImportCryptoKeyVersionRequest, +def test_update_crypto_key_rest_required_fields( + request_type=service.UpdateCryptoKeyRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["parent"] = "" - request_init["import_job"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -12256,24 +13241,19 @@ def test_import_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).import_crypto_key_version._get_unset_required_fields(jsonified_request) + ).update_crypto_key._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - jsonified_request["parent"] = "parent_value" - jsonified_request["importJob"] = "import_job_value" - unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).import_crypto_key_version._get_unset_required_fields(jsonified_request) + ).update_crypto_key._get_unset_required_fields(jsonified_request) + # Check that path parameters and body parameters are not mixing in. + assert not set(unset_fields) - set(("update_mask",)) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == "parent_value" - assert "importJob" in jsonified_request - assert jsonified_request["importJob"] == "import_job_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12282,7 +13262,7 @@ def test_import_crypto_key_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = resources.CryptoKey() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -12294,7 +13274,7 @@ def test_import_crypto_key_version_rest_required_fields( pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "post", + "method": "patch", "query_params": pb_request, } transcode_result["body"] = pb_request @@ -12303,39 +13283,38 @@ def test_import_crypto_key_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = resources.CryptoKey.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.import_crypto_key_version(request) + response = client.update_crypto_key(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_import_crypto_key_version_rest_unset_required_fields(): +def test_update_crypto_key_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.import_crypto_key_version._get_unset_required_fields({}) + unset_fields = transport.update_crypto_key._get_unset_required_fields({}) assert set(unset_fields) == ( - set(()) + set(("updateMask",)) & set( ( - "parent", - "algorithm", - "importJob", + "cryptoKey", + "updateMask", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_import_crypto_key_version_rest_interceptors(null_interceptor): +def test_update_crypto_key_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -12348,15 +13327,13 @@ def test_import_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_import_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "post_update_crypto_key" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_import_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_update_crypto_key" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.ImportCryptoKeyVersionRequest.pb( - service.ImportCryptoKeyVersionRequest() - ) + pb_message = service.UpdateCryptoKeyRequest.pb(service.UpdateCryptoKeyRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -12367,19 +13344,17 @@ def test_import_crypto_key_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKeyVersion.to_json( - resources.CryptoKeyVersion() - ) + req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) - request = service.ImportCryptoKeyVersionRequest() + request = service.UpdateCryptoKeyRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKeyVersion() + post.return_value = resources.CryptoKey() - client.import_crypto_key_version( + client.update_crypto_key( request, metadata=[ ("key", "val"), @@ -12391,8 +13366,8 @@ def test_import_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_import_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.ImportCryptoKeyVersionRequest +def test_update_crypto_key_rest_bad_request( + transport: str = "rest", request_type=service.UpdateCryptoKeyRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12401,7 +13376,56 @@ def test_import_crypto_key_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "crypto_key": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } + } + request_init["crypto_key"] = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4", + "primary": { + "name": "name_value", + "state": 5, + "protection_level": 1, + "algorithm": 1, + "attestation": { + "format": 3, + "content": b"content_blob", + "cert_chains": { + "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], + "google_card_certs": [ + "google_card_certs_value1", + "google_card_certs_value2", + ], + "google_partition_certs": [ + "google_partition_certs_value1", + "google_partition_certs_value2", + ], + }, + }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, + }, + "purpose": 1, + "create_time": {}, + "next_rotation_time": {}, + "rotation_period": {"seconds": 751, "nanos": 543}, + "version_template": {"protection_level": 1, "algorithm": 1}, + "labels": {}, + "import_only": True, + "destroy_scheduled_duration": {}, + "crypto_key_backend": "crypto_key_backend_value", } request = request_type(**request_init) @@ -12414,10 +13438,72 @@ def test_import_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.import_crypto_key_version(request) + client.update_crypto_key(request) -def test_import_crypto_key_version_rest_error(): +def test_update_crypto_key_rest_flattened(): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport="rest", + ) + + # Mock the http request call within the method and fake a response. + with mock.patch.object(type(client.transport._session), "request") as req: + # Designate an appropriate value for the returned response. + return_value = resources.CryptoKey() + + # get arguments that satisfy an http rule for this method + sample_request = { + "crypto_key": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + } + } + + # get truthy value for each flattened field + mock_args = dict( + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + mock_args.update(sample_request) + + # Wrap the value into a proper Response obj + response_value = Response() + response_value.status_code = 200 + pb_return_value = resources.CryptoKey.pb(return_value) + json_return_value = json_format.MessageToJson(pb_return_value) + response_value._content = json_return_value.encode("UTF-8") + req.return_value = response_value + + client.update_crypto_key(**mock_args) + + # Establish that the underlying call was made with the expected + # request object values. + assert len(req.mock_calls) == 1 + _, args, _ = req.mock_calls[0] + assert path_template.validate( + "%s/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + % client.transport._host, + args[1], + ) + + +def test_update_crypto_key_rest_flattened_error(transport: str = "rest"): + client = KeyManagementServiceClient( + credentials=ga_credentials.AnonymousCredentials(), + transport=transport, + ) + + # Attempting to call a method with both a request object and flattened + # fields is an error. + with pytest.raises(ValueError): + client.update_crypto_key( + service.UpdateCryptoKeyRequest(), + crypto_key=resources.CryptoKey(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + ) + + +def test_update_crypto_key_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -12426,28 +13512,27 @@ def test_import_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.CreateImportJobRequest, + service.UpdateCryptoKeyVersionRequest, dict, ], ) -def test_create_import_job_rest(request_type): +def test_update_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} - request_init["import_job"] = { - "name": "name_value", - "import_method": 1, + request_init = { + "crypto_key_version": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } + } + request_init["crypto_key_version"] = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5", + "state": 5, "protection_level": 1, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "expire_time": {}, - "expire_event_time": {}, - "state": 1, - "public_key": {"pem": "pem_value"}, + "algorithm": 1, "attestation": { "format": 3, "content": b"content_blob", @@ -12463,48 +13548,76 @@ def test_create_import_job_rest(request_type): ], }, }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.ImportJob( + return_value = resources.CryptoKeyVersion( name="name_value", - import_method=resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256, + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, protection_level=resources.ProtectionLevel.SOFTWARE, - state=resources.ImportJob.ImportJobState.PENDING_GENERATION, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + generation_failure_reason="generation_failure_reason_value", + external_destruction_failure_reason="external_destruction_failure_reason_value", + reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_import_job(request) + response = client.update_crypto_key_version(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.ImportJob) + assert isinstance(response, resources.CryptoKeyVersion) assert response.name == "name_value" assert ( - response.import_method - == resources.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION ) assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert response.state == resources.ImportJob.ImportJobState.PENDING_GENERATION + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + assert response.import_job == "import_job_value" + assert response.import_failure_reason == "import_failure_reason_value" + assert response.generation_failure_reason == "generation_failure_reason_value" + assert ( + response.external_destruction_failure_reason + == "external_destruction_failure_reason_value" + ) + assert response.reimport_eligible is True -def test_create_import_job_rest_required_fields( - request_type=service.CreateImportJobRequest, +def test_update_crypto_key_version_rest_required_fields( + request_type=service.UpdateCryptoKeyVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} - request_init["parent"] = "" - request_init["import_job_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -12516,32 +13629,22 @@ def test_create_import_job_rest_required_fields( ) # verify fields with default values are dropped - assert "importJobId" not in jsonified_request unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_import_job._get_unset_required_fields(jsonified_request) + ).update_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present - assert "importJobId" in jsonified_request - assert jsonified_request["importJobId"] == request_init["import_job_id"] - - jsonified_request["parent"] = "parent_value" - jsonified_request["importJobId"] = "import_job_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).create_import_job._get_unset_required_fields(jsonified_request) + ).update_crypto_key_version._get_unset_required_fields(jsonified_request) # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("import_job_id",)) + assert not set(unset_fields) - set(("update_mask",)) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone - assert "parent" in jsonified_request - assert jsonified_request["parent"] == "parent_value" - assert "importJobId" in jsonified_request - assert jsonified_request["importJobId"] == "import_job_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12550,7 +13653,7 @@ def test_create_import_job_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.ImportJob() + return_value = resources.CryptoKeyVersion() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -12562,7 +13665,7 @@ def test_create_import_job_rest_required_fields( pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "post", + "method": "patch", "query_params": pb_request, } transcode_result["body"] = pb_request @@ -12571,45 +13674,38 @@ def test_create_import_job_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.create_import_job(request) + response = client.update_crypto_key_version(request) - expected_params = [ - ( - "importJobId", - "", - ), - ("$alt", "json;enum-encoding=int"), - ] + expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_create_import_job_rest_unset_required_fields(): +def test_update_crypto_key_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.create_import_job._get_unset_required_fields({}) + unset_fields = transport.update_crypto_key_version._get_unset_required_fields({}) assert set(unset_fields) == ( - set(("importJobId",)) + set(("updateMask",)) & set( ( - "parent", - "importJobId", - "importJob", + "cryptoKeyVersion", + "updateMask", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_create_import_job_rest_interceptors(null_interceptor): +def test_update_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -12622,13 +13718,15 @@ def test_create_import_job_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_create_import_job" + transports.KeyManagementServiceRestInterceptor, "post_update_crypto_key_version" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_create_import_job" + transports.KeyManagementServiceRestInterceptor, "pre_update_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.CreateImportJobRequest.pb(service.CreateImportJobRequest()) + pb_message = service.UpdateCryptoKeyVersionRequest.pb( + service.UpdateCryptoKeyVersionRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -12639,17 +13737,19 @@ def test_create_import_job_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.ImportJob.to_json(resources.ImportJob()) + req.return_value._content = resources.CryptoKeyVersion.to_json( + resources.CryptoKeyVersion() + ) - request = service.CreateImportJobRequest() + request = service.UpdateCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.ImportJob() + post.return_value = resources.CryptoKeyVersion() - client.create_import_job( + client.update_crypto_key_version( request, metadata=[ ("key", "val"), @@ -12661,8 +13761,8 @@ def test_create_import_job_rest_interceptors(null_interceptor): post.assert_called_once() -def test_create_import_job_rest_bad_request( - transport: str = "rest", request_type=service.CreateImportJobRequest +def test_update_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.UpdateCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12670,17 +13770,16 @@ def test_create_import_job_rest_bad_request( ) # send a request that will satisfy transcoding - request_init = {"parent": "projects/sample1/locations/sample2/keyRings/sample3"} - request_init["import_job"] = { - "name": "name_value", - "import_method": 1, + request_init = { + "crypto_key_version": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } + } + request_init["crypto_key_version"] = { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5", + "state": 5, "protection_level": 1, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "expire_time": {}, - "expire_event_time": {}, - "state": 1, - "public_key": {"pem": "pem_value"}, + "algorithm": 1, "attestation": { "format": 3, "content": b"content_blob", @@ -12696,6 +13795,20 @@ def test_create_import_job_rest_bad_request( ], }, }, + "create_time": {"seconds": 751, "nanos": 543}, + "generate_time": {}, + "destroy_time": {}, + "destroy_event_time": {}, + "import_job": "import_job_value", + "import_time": {}, + "import_failure_reason": "import_failure_reason_value", + "generation_failure_reason": "generation_failure_reason_value", + "external_destruction_failure_reason": "external_destruction_failure_reason_value", + "external_protection_level_options": { + "external_key_uri": "external_key_uri_value", + "ekm_connection_key_path": "ekm_connection_key_path_value", + }, + "reimport_eligible": True, } request = request_type(**request_init) @@ -12708,10 +13821,10 @@ def test_create_import_job_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.create_import_job(request) + client.update_crypto_key_version(request) -def test_create_import_job_rest_flattened(): +def test_update_crypto_key_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -12720,43 +13833,44 @@ def test_create_import_job_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.ImportJob() + return_value = resources.CryptoKeyVersion() # get arguments that satisfy an http rule for this method sample_request = { - "parent": "projects/sample1/locations/sample2/keyRings/sample3" + "crypto_key_version": { + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + } } # get truthy value for each flattened field mock_args = dict( - parent="parent_value", - import_job_id="import_job_id_value", - import_job=resources.ImportJob(name="name_value"), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.ImportJob.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.create_import_job(**mock_args) + client.update_crypto_key_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{parent=projects/*/locations/*/keyRings/*}/importJobs" + "%s/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" % client.transport._host, args[1], ) -def test_create_import_job_rest_flattened_error(transport: str = "rest"): +def test_update_crypto_key_version_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -12765,15 +13879,14 @@ def test_create_import_job_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.create_import_job( - service.CreateImportJobRequest(), - parent="parent_value", - import_job_id="import_job_id_value", - import_job=resources.ImportJob(name="name_value"), + client.update_crypto_key_version( + service.UpdateCryptoKeyVersionRequest(), + crypto_key_version=resources.CryptoKeyVersion(name="name_value"), + update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), ) -def test_create_import_job_rest_error(): +def test_update_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -12782,11 +13895,11 @@ def test_create_import_job_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.UpdateCryptoKeyRequest, + service.UpdateCryptoKeyPrimaryVersionRequest, dict, ], ) -def test_update_crypto_key_rest(request_type): +def test_update_crypto_key_primary_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -12794,56 +13907,7 @@ def test_update_crypto_key_rest(request_type): # send a request that will satisfy transcoding request_init = { - "crypto_key": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - } - request_init["crypto_key"] = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4", - "primary": { - "name": "name_value", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, - }, - "purpose": 1, - "create_time": {}, - "next_rotation_time": {}, - "rotation_period": {"seconds": 751, "nanos": 543}, - "version_template": {"protection_level": 1, "algorithm": 1}, - "labels": {}, - "import_only": True, - "destroy_scheduled_duration": {}, - "crypto_key_backend": "crypto_key_backend_value", + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) @@ -12855,7 +13919,6 @@ def test_update_crypto_key_rest(request_type): purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, import_only=True, crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), ) # Wrap the value into a proper Response obj @@ -12866,7 +13929,7 @@ def test_update_crypto_key_rest(request_type): response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key(request) + response = client.update_crypto_key_primary_version(request) # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKey) @@ -12876,12 +13939,14 @@ def test_update_crypto_key_rest(request_type): assert response.crypto_key_backend == "crypto_key_backend_value" -def test_update_crypto_key_rest_required_fields( - request_type=service.UpdateCryptoKeyRequest, +def test_update_crypto_key_primary_version_rest_required_fields( + request_type=service.UpdateCryptoKeyPrimaryVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} + request_init["name"] = "" + request_init["crypto_key_version_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -12896,19 +13961,24 @@ def test_update_crypto_key_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key._get_unset_required_fields(jsonified_request) + ).update_crypto_key_primary_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present + jsonified_request["name"] = "name_value" + jsonified_request["cryptoKeyVersionId"] = "crypto_key_version_id_value" + unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("update_mask",)) + ).update_crypto_key_primary_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" + assert "cryptoKeyVersionId" in jsonified_request + assert jsonified_request["cryptoKeyVersionId"] == "crypto_key_version_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -12929,7 +13999,7 @@ def test_update_crypto_key_rest_required_fields( pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "patch", + "method": "post", "query_params": pb_request, } transcode_result["body"] = pb_request @@ -12944,32 +14014,34 @@ def test_update_crypto_key_rest_required_fields( response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key(request) + response = client.update_crypto_key_primary_version(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_update_crypto_key_rest_unset_required_fields(): +def test_update_crypto_key_primary_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.update_crypto_key._get_unset_required_fields({}) + unset_fields = ( + transport.update_crypto_key_primary_version._get_unset_required_fields({}) + ) assert set(unset_fields) == ( - set(("updateMask",)) + set(()) & set( ( - "cryptoKey", - "updateMask", + "name", + "cryptoKeyVersionId", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_update_crypto_key_rest_interceptors(null_interceptor): +def test_update_crypto_key_primary_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -12982,13 +14054,17 @@ def test_update_crypto_key_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_update_crypto_key" + transports.KeyManagementServiceRestInterceptor, + "post_update_crypto_key_primary_version", ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_update_crypto_key" + transports.KeyManagementServiceRestInterceptor, + "pre_update_crypto_key_primary_version", ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.UpdateCryptoKeyRequest.pb(service.UpdateCryptoKeyRequest()) + pb_message = service.UpdateCryptoKeyPrimaryVersionRequest.pb( + service.UpdateCryptoKeyPrimaryVersionRequest() + ) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -13001,7 +14077,7 @@ def test_update_crypto_key_rest_interceptors(null_interceptor): req.return_value.request = PreparedRequest() req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) - request = service.UpdateCryptoKeyRequest() + request = service.UpdateCryptoKeyPrimaryVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), @@ -13009,7 +14085,7 @@ def test_update_crypto_key_rest_interceptors(null_interceptor): pre.return_value = request, metadata post.return_value = resources.CryptoKey() - client.update_crypto_key( + client.update_crypto_key_primary_version( request, metadata=[ ("key", "val"), @@ -13021,8 +14097,8 @@ def test_update_crypto_key_rest_interceptors(null_interceptor): post.assert_called_once() -def test_update_crypto_key_rest_bad_request( - transport: str = "rest", request_type=service.UpdateCryptoKeyRequest +def test_update_crypto_key_primary_version_rest_bad_request( + transport: str = "rest", request_type=service.UpdateCryptoKeyPrimaryVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13031,56 +14107,7 @@ def test_update_crypto_key_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "crypto_key": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - } - request_init["crypto_key"] = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4", - "primary": { - "name": "name_value", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, - }, - "purpose": 1, - "create_time": {}, - "next_rotation_time": {}, - "rotation_period": {"seconds": 751, "nanos": 543}, - "version_template": {"protection_level": 1, "algorithm": 1}, - "labels": {}, - "import_only": True, - "destroy_scheduled_duration": {}, - "crypto_key_backend": "crypto_key_backend_value", + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) @@ -13093,10 +14120,10 @@ def test_update_crypto_key_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.update_crypto_key(request) + client.update_crypto_key_primary_version(request) -def test_update_crypto_key_rest_flattened(): +def test_update_crypto_key_primary_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13109,15 +14136,13 @@ def test_update_crypto_key_rest_flattened(): # get arguments that satisfy an http rule for this method sample_request = { - "crypto_key": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } # get truthy value for each flattened field mock_args = dict( - crypto_key=resources.CryptoKey(name="name_value"), - update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + name="name_value", + crypto_key_version_id="crypto_key_version_id_value", ) mock_args.update(sample_request) @@ -13129,20 +14154,22 @@ def test_update_crypto_key_rest_flattened(): response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.update_crypto_key(**mock_args) + client.update_crypto_key_primary_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" % client.transport._host, args[1], ) -def test_update_crypto_key_rest_flattened_error(transport: str = "rest"): +def test_update_crypto_key_primary_version_rest_flattened_error( + transport: str = "rest", +): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -13151,14 +14178,14 @@ def test_update_crypto_key_rest_flattened_error(transport: str = "rest"): # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.update_crypto_key( - service.UpdateCryptoKeyRequest(), - crypto_key=resources.CryptoKey(name="name_value"), - update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + client.update_crypto_key_primary_version( + service.UpdateCryptoKeyPrimaryVersionRequest(), + name="name_value", + crypto_key_version_id="crypto_key_version_id_value", ) -def test_update_crypto_key_rest_error(): +def test_update_crypto_key_primary_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -13167,11 +14194,11 @@ def test_update_crypto_key_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.UpdateCryptoKeyVersionRequest, + service.DestroyCryptoKeyVersionRequest, dict, ], ) -def test_update_crypto_key_version_rest(request_type): +def test_destroy_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13179,44 +14206,7 @@ def test_update_crypto_key_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "crypto_key_version": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" - } - } - request_init["crypto_key_version"] = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -13243,7 +14233,7 @@ def test_update_crypto_key_version_rest(request_type): response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key_version(request) + response = client.destroy_crypto_key_version(request) # Establish that the response is the type that we expect. assert isinstance(response, resources.CryptoKeyVersion) @@ -13267,12 +14257,13 @@ def test_update_crypto_key_version_rest(request_type): assert response.reimport_eligible is True -def test_update_crypto_key_version_rest_required_fields( - request_type=service.UpdateCryptoKeyVersionRequest, +def test_destroy_crypto_key_version_rest_required_fields( + request_type=service.DestroyCryptoKeyVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} + request_init["name"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -13287,19 +14278,21 @@ def test_update_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key_version._get_unset_required_fields(jsonified_request) + ).destroy_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present + jsonified_request["name"] = "name_value" + unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key_version._get_unset_required_fields(jsonified_request) - # Check that path parameters and body parameters are not mixing in. - assert not set(unset_fields) - set(("update_mask",)) + ).destroy_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone + assert "name" in jsonified_request + assert jsonified_request["name"] == "name_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13320,7 +14313,7 @@ def test_update_crypto_key_version_rest_required_fields( pb_request = request_type.pb(request) transcode_result = { "uri": "v1/sample_method", - "method": "patch", + "method": "post", "query_params": pb_request, } transcode_result["body"] = pb_request @@ -13335,32 +14328,24 @@ def test_update_crypto_key_version_rest_required_fields( response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key_version(request) + response = client.destroy_crypto_key_version(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_update_crypto_key_version_rest_unset_required_fields(): +def test_destroy_crypto_key_version_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.update_crypto_key_version._get_unset_required_fields({}) - assert set(unset_fields) == ( - set(("updateMask",)) - & set( - ( - "cryptoKeyVersion", - "updateMask", - ) - ) - ) + unset_fields = transport.destroy_crypto_key_version._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_update_crypto_key_version_rest_interceptors(null_interceptor): +def test_destroy_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -13373,14 +14358,15 @@ def test_update_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_update_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, + "post_destroy_crypto_key_version", ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_update_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_destroy_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.UpdateCryptoKeyVersionRequest.pb( - service.UpdateCryptoKeyVersionRequest() + pb_message = service.DestroyCryptoKeyVersionRequest.pb( + service.DestroyCryptoKeyVersionRequest() ) transcode.return_value = { "method": "post", @@ -13396,7 +14382,7 @@ def test_update_crypto_key_version_rest_interceptors(null_interceptor): resources.CryptoKeyVersion() ) - request = service.UpdateCryptoKeyVersionRequest() + request = service.DestroyCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), @@ -13404,7 +14390,7 @@ def test_update_crypto_key_version_rest_interceptors(null_interceptor): pre.return_value = request, metadata post.return_value = resources.CryptoKeyVersion() - client.update_crypto_key_version( + client.destroy_crypto_key_version( request, metadata=[ ("key", "val"), @@ -13416,8 +14402,8 @@ def test_update_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_update_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.UpdateCryptoKeyVersionRequest +def test_destroy_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.DestroyCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13426,44 +14412,7 @@ def test_update_crypto_key_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "crypto_key_version": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" - } - } - request_init["crypto_key_version"] = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5", - "state": 5, - "protection_level": 1, - "algorithm": 1, - "attestation": { - "format": 3, - "content": b"content_blob", - "cert_chains": { - "cavium_certs": ["cavium_certs_value1", "cavium_certs_value2"], - "google_card_certs": [ - "google_card_certs_value1", - "google_card_certs_value2", - ], - "google_partition_certs": [ - "google_partition_certs_value1", - "google_partition_certs_value2", - ], - }, - }, - "create_time": {"seconds": 751, "nanos": 543}, - "generate_time": {}, - "destroy_time": {}, - "destroy_event_time": {}, - "import_job": "import_job_value", - "import_time": {}, - "import_failure_reason": "import_failure_reason_value", - "generation_failure_reason": "generation_failure_reason_value", - "external_destruction_failure_reason": "external_destruction_failure_reason_value", - "external_protection_level_options": { - "external_key_uri": "external_key_uri_value", - "ekm_connection_key_path": "ekm_connection_key_path_value", - }, - "reimport_eligible": True, + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -13476,10 +14425,10 @@ def test_update_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.update_crypto_key_version(request) + client.destroy_crypto_key_version(request) -def test_update_crypto_key_version_rest_flattened(): +def test_destroy_crypto_key_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13492,15 +14441,12 @@ def test_update_crypto_key_version_rest_flattened(): # get arguments that satisfy an http rule for this method sample_request = { - "crypto_key_version": { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" - } + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } # get truthy value for each flattened field mock_args = dict( - crypto_key_version=resources.CryptoKeyVersion(name="name_value"), - update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + name="name_value", ) mock_args.update(sample_request) @@ -13512,20 +14458,20 @@ def test_update_crypto_key_version_rest_flattened(): response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.update_crypto_key_version(**mock_args) + client.destroy_crypto_key_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" % client.transport._host, args[1], ) -def test_update_crypto_key_version_rest_flattened_error(transport: str = "rest"): +def test_destroy_crypto_key_version_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -13534,14 +14480,13 @@ def test_update_crypto_key_version_rest_flattened_error(transport: str = "rest") # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.update_crypto_key_version( - service.UpdateCryptoKeyVersionRequest(), - crypto_key_version=resources.CryptoKeyVersion(name="name_value"), - update_mask=field_mask_pb2.FieldMask(paths=["paths_value"]), + client.destroy_crypto_key_version( + service.DestroyCryptoKeyVersionRequest(), + name="name_value", ) -def test_update_crypto_key_version_rest_error(): +def test_destroy_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -13550,11 +14495,11 @@ def test_update_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.UpdateCryptoKeyPrimaryVersionRequest, + service.RestoreCryptoKeyVersionRequest, dict, ], ) -def test_update_crypto_key_primary_version_rest(request_type): +def test_restore_crypto_key_version_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13562,47 +14507,64 @@ def test_update_crypto_key_primary_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey( + return_value = resources.CryptoKeyVersion( name="name_value", - purpose=resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT, - import_only=True, - crypto_key_backend="crypto_key_backend_value", - rotation_period=duration_pb2.Duration(seconds=751), + state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + protection_level=resources.ProtectionLevel.SOFTWARE, + algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, + import_job="import_job_value", + import_failure_reason="import_failure_reason_value", + generation_failure_reason="generation_failure_reason_value", + external_destruction_failure_reason="external_destruction_failure_reason_value", + reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key_primary_version(request) + response = client.restore_crypto_key_version(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKey) + assert isinstance(response, resources.CryptoKeyVersion) assert response.name == "name_value" - assert response.purpose == resources.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT - assert response.import_only is True - assert response.crypto_key_backend == "crypto_key_backend_value" + assert ( + response.state + == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION + ) + assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert ( + response.algorithm + == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION + ) + assert response.import_job == "import_job_value" + assert response.import_failure_reason == "import_failure_reason_value" + assert response.generation_failure_reason == "generation_failure_reason_value" + assert ( + response.external_destruction_failure_reason + == "external_destruction_failure_reason_value" + ) + assert response.reimport_eligible is True -def test_update_crypto_key_primary_version_rest_required_fields( - request_type=service.UpdateCryptoKeyPrimaryVersionRequest, +def test_restore_crypto_key_version_rest_required_fields( + request_type=service.RestoreCryptoKeyVersionRequest, ): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["name"] = "" - request_init["crypto_key_version_id"] = "" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -13617,24 +14579,21 @@ def test_update_crypto_key_primary_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key_primary_version._get_unset_required_fields(jsonified_request) + ).restore_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present jsonified_request["name"] = "name_value" - jsonified_request["cryptoKeyVersionId"] = "crypto_key_version_id_value" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).update_crypto_key_primary_version._get_unset_required_fields(jsonified_request) + ).restore_crypto_key_version._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "name" in jsonified_request assert jsonified_request["name"] == "name_value" - assert "cryptoKeyVersionId" in jsonified_request - assert jsonified_request["cryptoKeyVersionId"] == "crypto_key_version_id_value" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13643,7 +14602,7 @@ def test_update_crypto_key_primary_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() + return_value = resources.CryptoKeyVersion() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -13664,40 +14623,30 @@ def test_update_crypto_key_primary_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.update_crypto_key_primary_version(request) - - expected_params = [("$alt", "json;enum-encoding=int")] - actual_params = req.call_args.kwargs["params"] - assert expected_params == actual_params - - -def test_update_crypto_key_primary_version_rest_unset_required_fields(): - transport = transports.KeyManagementServiceRestTransport( - credentials=ga_credentials.AnonymousCredentials - ) + response = client.restore_crypto_key_version(request) - unset_fields = ( - transport.update_crypto_key_primary_version._get_unset_required_fields({}) - ) - assert set(unset_fields) == ( - set(()) - & set( - ( - "name", - "cryptoKeyVersionId", - ) - ) + expected_params = [("$alt", "json;enum-encoding=int")] + actual_params = req.call_args.kwargs["params"] + assert expected_params == actual_params + + +def test_restore_crypto_key_version_rest_unset_required_fields(): + transport = transports.KeyManagementServiceRestTransport( + credentials=ga_credentials.AnonymousCredentials ) + unset_fields = transport.restore_crypto_key_version._get_unset_required_fields({}) + assert set(unset_fields) == (set(()) & set(("name",))) + @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_update_crypto_key_primary_version_rest_interceptors(null_interceptor): +def test_restore_crypto_key_version_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -13711,15 +14660,14 @@ def test_update_crypto_key_primary_version_rest_interceptors(null_interceptor): path_template, "transcode" ) as transcode, mock.patch.object( transports.KeyManagementServiceRestInterceptor, - "post_update_crypto_key_primary_version", + "post_restore_crypto_key_version", ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, - "pre_update_crypto_key_primary_version", + transports.KeyManagementServiceRestInterceptor, "pre_restore_crypto_key_version" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.UpdateCryptoKeyPrimaryVersionRequest.pb( - service.UpdateCryptoKeyPrimaryVersionRequest() + pb_message = service.RestoreCryptoKeyVersionRequest.pb( + service.RestoreCryptoKeyVersionRequest() ) transcode.return_value = { "method": "post", @@ -13731,17 +14679,19 @@ def test_update_crypto_key_primary_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKey.to_json(resources.CryptoKey()) + req.return_value._content = resources.CryptoKeyVersion.to_json( + resources.CryptoKeyVersion() + ) - request = service.UpdateCryptoKeyPrimaryVersionRequest() + request = service.RestoreCryptoKeyVersionRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKey() + post.return_value = resources.CryptoKeyVersion() - client.update_crypto_key_primary_version( + client.restore_crypto_key_version( request, metadata=[ ("key", "val"), @@ -13753,8 +14703,8 @@ def test_update_crypto_key_primary_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_update_crypto_key_primary_version_rest_bad_request( - transport: str = "rest", request_type=service.UpdateCryptoKeyPrimaryVersionRequest +def test_restore_crypto_key_version_rest_bad_request( + transport: str = "rest", request_type=service.RestoreCryptoKeyVersionRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13763,7 +14713,7 @@ def test_update_crypto_key_primary_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -13776,10 +14726,10 @@ def test_update_crypto_key_primary_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.update_crypto_key_primary_version(request) + client.restore_crypto_key_version(request) -def test_update_crypto_key_primary_version_rest_flattened(): +def test_restore_crypto_key_version_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13788,44 +14738,41 @@ def test_update_crypto_key_primary_version_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKey() + return_value = resources.CryptoKeyVersion() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } # get truthy value for each flattened field mock_args = dict( name="name_value", - crypto_key_version_id="crypto_key_version_id_value", ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKey.pb(return_value) + pb_return_value = resources.CryptoKeyVersion.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.update_crypto_key_primary_version(**mock_args) + client.restore_crypto_key_version(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" % client.transport._host, args[1], ) -def test_update_crypto_key_primary_version_rest_flattened_error( - transport: str = "rest", -): +def test_restore_crypto_key_version_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -13834,14 +14781,13 @@ def test_update_crypto_key_primary_version_rest_flattened_error( # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.update_crypto_key_primary_version( - service.UpdateCryptoKeyPrimaryVersionRequest(), + client.restore_crypto_key_version( + service.RestoreCryptoKeyVersionRequest(), name="name_value", - crypto_key_version_id="crypto_key_version_id_value", ) -def test_update_crypto_key_primary_version_rest_error(): +def test_restore_crypto_key_version_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -13850,11 +14796,11 @@ def test_update_crypto_key_primary_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.DestroyCryptoKeyVersionRequest, + service.EncryptRequest, dict, ], ) -def test_destroy_crypto_key_version_rest(request_type): +def test_encrypt_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -13862,64 +14808,46 @@ def test_destroy_crypto_key_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion( + return_value = service.EncryptResponse( name="name_value", - state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + ciphertext=b"ciphertext_blob", + verified_plaintext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, protection_level=resources.ProtectionLevel.SOFTWARE, - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - import_job="import_job_value", - import_failure_reason="import_failure_reason_value", - generation_failure_reason="generation_failure_reason_value", - external_destruction_failure_reason="external_destruction_failure_reason_value", - reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.EncryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.destroy_crypto_key_version(request) + response = client.encrypt(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKeyVersion) + assert isinstance(response, service.EncryptResponse) assert response.name == "name_value" - assert ( - response.state - == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION - ) + assert response.ciphertext == b"ciphertext_blob" + assert response.verified_plaintext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) - assert response.import_job == "import_job_value" - assert response.import_failure_reason == "import_failure_reason_value" - assert response.generation_failure_reason == "generation_failure_reason_value" - assert ( - response.external_destruction_failure_reason - == "external_destruction_failure_reason_value" - ) - assert response.reimport_eligible is True -def test_destroy_crypto_key_version_rest_required_fields( - request_type=service.DestroyCryptoKeyVersionRequest, -): +def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["name"] = "" + request_init["plaintext"] = b"" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -13934,21 +14862,24 @@ def test_destroy_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).destroy_crypto_key_version._get_unset_required_fields(jsonified_request) + ).encrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present jsonified_request["name"] = "name_value" + jsonified_request["plaintext"] = b"plaintext_blob" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).destroy_crypto_key_version._get_unset_required_fields(jsonified_request) + ).encrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "name" in jsonified_request assert jsonified_request["name"] == "name_value" + assert "plaintext" in jsonified_request + assert jsonified_request["plaintext"] == b"plaintext_blob" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -13957,7 +14888,7 @@ def test_destroy_crypto_key_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = service.EncryptResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -13978,30 +14909,38 @@ def test_destroy_crypto_key_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.EncryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.destroy_crypto_key_version(request) + response = client.encrypt(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_destroy_crypto_key_version_rest_unset_required_fields(): +def test_encrypt_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.destroy_crypto_key_version._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name",))) + unset_fields = transport.encrypt._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "plaintext", + ) + ) + ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_destroy_crypto_key_version_rest_interceptors(null_interceptor): +def test_encrypt_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -14014,16 +14953,13 @@ def test_destroy_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, - "post_destroy_crypto_key_version", + transports.KeyManagementServiceRestInterceptor, "post_encrypt" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_destroy_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_encrypt" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.DestroyCryptoKeyVersionRequest.pb( - service.DestroyCryptoKeyVersionRequest() - ) + pb_message = service.EncryptRequest.pb(service.EncryptRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -14034,19 +14970,19 @@ def test_destroy_crypto_key_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKeyVersion.to_json( - resources.CryptoKeyVersion() + req.return_value._content = service.EncryptResponse.to_json( + service.EncryptResponse() ) - request = service.DestroyCryptoKeyVersionRequest() + request = service.EncryptRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKeyVersion() + post.return_value = service.EncryptResponse() - client.destroy_crypto_key_version( + client.encrypt( request, metadata=[ ("key", "val"), @@ -14058,8 +14994,8 @@ def test_destroy_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_destroy_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.DestroyCryptoKeyVersionRequest +def test_encrypt_rest_bad_request( + transport: str = "rest", request_type=service.EncryptRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14068,7 +15004,7 @@ def test_destroy_crypto_key_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) @@ -14081,10 +15017,10 @@ def test_destroy_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.destroy_crypto_key_version(request) + client.encrypt(request) -def test_destroy_crypto_key_version_rest_flattened(): +def test_encrypt_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -14093,41 +15029,42 @@ def test_destroy_crypto_key_version_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = service.EncryptResponse() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } # get truthy value for each flattened field mock_args = dict( name="name_value", + plaintext=b"plaintext_blob", ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.EncryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.destroy_crypto_key_version(**mock_args) + client.encrypt(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt" % client.transport._host, args[1], ) -def test_destroy_crypto_key_version_rest_flattened_error(transport: str = "rest"): +def test_encrypt_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -14136,13 +15073,14 @@ def test_destroy_crypto_key_version_rest_flattened_error(transport: str = "rest" # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.destroy_crypto_key_version( - service.DestroyCryptoKeyVersionRequest(), + client.encrypt( + service.EncryptRequest(), name="name_value", + plaintext=b"plaintext_blob", ) -def test_destroy_crypto_key_version_rest_error(): +def test_encrypt_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -14151,11 +15089,11 @@ def test_destroy_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.RestoreCryptoKeyVersionRequest, + service.DecryptRequest, dict, ], ) -def test_restore_crypto_key_version_rest(request_type): +def test_decrypt_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -14163,64 +15101,42 @@ def test_restore_crypto_key_version_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion( - name="name_value", - state=resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION, + return_value = service.DecryptResponse( + plaintext=b"plaintext_blob", + used_primary=True, protection_level=resources.ProtectionLevel.SOFTWARE, - algorithm=resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION, - import_job="import_job_value", - import_failure_reason="import_failure_reason_value", - generation_failure_reason="generation_failure_reason_value", - external_destruction_failure_reason="external_destruction_failure_reason_value", - reimport_eligible=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.DecryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.restore_crypto_key_version(request) + response = client.decrypt(request) # Establish that the response is the type that we expect. - assert isinstance(response, resources.CryptoKeyVersion) - assert response.name == "name_value" - assert ( - response.state - == resources.CryptoKeyVersion.CryptoKeyVersionState.PENDING_GENERATION - ) + assert isinstance(response, service.DecryptResponse) + assert response.plaintext == b"plaintext_blob" + assert response.used_primary is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE - assert ( - response.algorithm - == resources.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION - ) - assert response.import_job == "import_job_value" - assert response.import_failure_reason == "import_failure_reason_value" - assert response.generation_failure_reason == "generation_failure_reason_value" - assert ( - response.external_destruction_failure_reason - == "external_destruction_failure_reason_value" - ) - assert response.reimport_eligible is True -def test_restore_crypto_key_version_rest_required_fields( - request_type=service.RestoreCryptoKeyVersionRequest, -): +def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["name"] = "" + request_init["ciphertext"] = b"" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -14235,21 +15151,24 @@ def test_restore_crypto_key_version_rest_required_fields( unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).restore_crypto_key_version._get_unset_required_fields(jsonified_request) + ).decrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present jsonified_request["name"] = "name_value" + jsonified_request["ciphertext"] = b"ciphertext_blob" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).restore_crypto_key_version._get_unset_required_fields(jsonified_request) + ).decrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone assert "name" in jsonified_request assert jsonified_request["name"] == "name_value" + assert "ciphertext" in jsonified_request + assert jsonified_request["ciphertext"] == b"ciphertext_blob" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14258,7 +15177,7 @@ def test_restore_crypto_key_version_rest_required_fields( request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = service.DecryptResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -14279,30 +15198,38 @@ def test_restore_crypto_key_version_rest_required_fields( response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.DecryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.restore_crypto_key_version(request) + response = client.decrypt(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_restore_crypto_key_version_rest_unset_required_fields(): +def test_decrypt_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.restore_crypto_key_version._get_unset_required_fields({}) - assert set(unset_fields) == (set(()) & set(("name",))) - + unset_fields = transport.decrypt._get_unset_required_fields({}) + assert set(unset_fields) == ( + set(()) + & set( + ( + "name", + "ciphertext", + ) + ) + ) + @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_restore_crypto_key_version_rest_interceptors(null_interceptor): +def test_decrypt_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -14315,16 +15242,13 @@ def test_restore_crypto_key_version_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, - "post_restore_crypto_key_version", + transports.KeyManagementServiceRestInterceptor, "post_decrypt" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_restore_crypto_key_version" + transports.KeyManagementServiceRestInterceptor, "pre_decrypt" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.RestoreCryptoKeyVersionRequest.pb( - service.RestoreCryptoKeyVersionRequest() - ) + pb_message = service.DecryptRequest.pb(service.DecryptRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -14335,19 +15259,19 @@ def test_restore_crypto_key_version_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = resources.CryptoKeyVersion.to_json( - resources.CryptoKeyVersion() + req.return_value._content = service.DecryptResponse.to_json( + service.DecryptResponse() ) - request = service.RestoreCryptoKeyVersionRequest() + request = service.DecryptRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = resources.CryptoKeyVersion() + post.return_value = service.DecryptResponse() - client.restore_crypto_key_version( + client.decrypt( request, metadata=[ ("key", "val"), @@ -14359,8 +15283,8 @@ def test_restore_crypto_key_version_rest_interceptors(null_interceptor): post.assert_called_once() -def test_restore_crypto_key_version_rest_bad_request( - transport: str = "rest", request_type=service.RestoreCryptoKeyVersionRequest +def test_decrypt_rest_bad_request( + transport: str = "rest", request_type=service.DecryptRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14369,7 +15293,7 @@ def test_restore_crypto_key_version_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } request = request_type(**request_init) @@ -14382,10 +15306,10 @@ def test_restore_crypto_key_version_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.restore_crypto_key_version(request) + client.decrypt(request) -def test_restore_crypto_key_version_rest_flattened(): +def test_decrypt_rest_flattened(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -14394,41 +15318,42 @@ def test_restore_crypto_key_version_rest_flattened(): # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = resources.CryptoKeyVersion() + return_value = service.DecryptResponse() # get arguments that satisfy an http rule for this method sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" } # get truthy value for each flattened field mock_args = dict( name="name_value", + ciphertext=b"ciphertext_blob", ) mock_args.update(sample_request) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = resources.CryptoKeyVersion.pb(return_value) + pb_return_value = service.DecryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - client.restore_crypto_key_version(**mock_args) + client.decrypt(**mock_args) # Establish that the underlying call was made with the expected # request object values. assert len(req.mock_calls) == 1 _, args, _ = req.mock_calls[0] assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore" + "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" % client.transport._host, args[1], ) -def test_restore_crypto_key_version_rest_flattened_error(transport: str = "rest"): +def test_decrypt_rest_flattened_error(transport: str = "rest"): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport=transport, @@ -14437,13 +15362,14 @@ def test_restore_crypto_key_version_rest_flattened_error(transport: str = "rest" # Attempting to call a method with both a request object and flattened # fields is an error. with pytest.raises(ValueError): - client.restore_crypto_key_version( - service.RestoreCryptoKeyVersionRequest(), + client.decrypt( + service.DecryptRequest(), name="name_value", + ciphertext=b"ciphertext_blob", ) -def test_restore_crypto_key_version_rest_error(): +def test_decrypt_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -14452,11 +15378,11 @@ def test_restore_crypto_key_version_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.EncryptRequest, + service.RawEncryptRequest, dict, ], ) -def test_encrypt_rest(request_type): +def test_raw_encrypt_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -14464,41 +15390,47 @@ def test_encrypt_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.EncryptResponse( - name="name_value", + return_value = service.RawEncryptResponse( ciphertext=b"ciphertext_blob", + initialization_vector=b"initialization_vector_blob", + tag_length=1053, verified_plaintext_crc32c=True, verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, + name="name_value", protection_level=resources.ProtectionLevel.SOFTWARE, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.EncryptResponse.pb(return_value) + pb_return_value = service.RawEncryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.encrypt(request) + response = client.raw_encrypt(request) # Establish that the response is the type that we expect. - assert isinstance(response, service.EncryptResponse) - assert response.name == "name_value" + assert isinstance(response, service.RawEncryptResponse) assert response.ciphertext == b"ciphertext_blob" + assert response.initialization_vector == b"initialization_vector_blob" + assert response.tag_length == 1053 assert response.verified_plaintext_crc32c is True assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True + assert response.name == "name_value" assert response.protection_level == resources.ProtectionLevel.SOFTWARE -def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): +def test_raw_encrypt_rest_required_fields(request_type=service.RawEncryptRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} @@ -14518,7 +15450,7 @@ def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).encrypt._get_unset_required_fields(jsonified_request) + ).raw_encrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present @@ -14528,7 +15460,7 @@ def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).encrypt._get_unset_required_fields(jsonified_request) + ).raw_encrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone @@ -14544,7 +15476,7 @@ def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.EncryptResponse() + return_value = service.RawEncryptResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -14565,25 +15497,25 @@ def test_encrypt_rest_required_fields(request_type=service.EncryptRequest): response_value = Response() response_value.status_code = 200 - pb_return_value = service.EncryptResponse.pb(return_value) + pb_return_value = service.RawEncryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.encrypt(request) + response = client.raw_encrypt(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_encrypt_rest_unset_required_fields(): +def test_raw_encrypt_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.encrypt._get_unset_required_fields({}) + unset_fields = transport.raw_encrypt._get_unset_required_fields({}) assert set(unset_fields) == ( set(()) & set( @@ -14596,7 +15528,7 @@ def test_encrypt_rest_unset_required_fields(): @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_encrypt_rest_interceptors(null_interceptor): +def test_raw_encrypt_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -14609,13 +15541,13 @@ def test_encrypt_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_encrypt" + transports.KeyManagementServiceRestInterceptor, "post_raw_encrypt" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_encrypt" + transports.KeyManagementServiceRestInterceptor, "pre_raw_encrypt" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.EncryptRequest.pb(service.EncryptRequest()) + pb_message = service.RawEncryptRequest.pb(service.RawEncryptRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -14626,19 +15558,19 @@ def test_encrypt_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.EncryptResponse.to_json( - service.EncryptResponse() + req.return_value._content = service.RawEncryptResponse.to_json( + service.RawEncryptResponse() ) - request = service.EncryptRequest() + request = service.RawEncryptRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.EncryptResponse() + post.return_value = service.RawEncryptResponse() - client.encrypt( + client.raw_encrypt( request, metadata=[ ("key", "val"), @@ -14650,8 +15582,8 @@ def test_encrypt_rest_interceptors(null_interceptor): post.assert_called_once() -def test_encrypt_rest_bad_request( - transport: str = "rest", request_type=service.EncryptRequest +def test_raw_encrypt_rest_bad_request( + transport: str = "rest", request_type=service.RawEncryptRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14660,7 +15592,7 @@ def test_encrypt_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -14673,70 +15605,10 @@ def test_encrypt_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.encrypt(request) - - -def test_encrypt_rest_flattened(): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), "request") as req: - # Designate an appropriate value for the returned response. - return_value = service.EncryptResponse() - - # get arguments that satisfy an http rule for this method - sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - - # get truthy value for each flattened field - mock_args = dict( - name="name_value", - plaintext=b"plaintext_blob", - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - pb_return_value = service.EncryptResponse.pb(return_value) - json_return_value = json_format.MessageToJson(pb_return_value) - response_value._content = json_return_value.encode("UTF-8") - req.return_value = response_value - - client.encrypt(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt" - % client.transport._host, - args[1], - ) - - -def test_encrypt_rest_flattened_error(transport: str = "rest"): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.encrypt( - service.EncryptRequest(), - name="name_value", - plaintext=b"plaintext_blob", - ) + client.raw_encrypt(request) -def test_encrypt_rest_error(): +def test_raw_encrypt_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -14745,11 +15617,11 @@ def test_encrypt_rest_error(): @pytest.mark.parametrize( "request_type", [ - service.DecryptRequest, + service.RawDecryptRequest, dict, ], ) -def test_decrypt_rest(request_type): +def test_raw_decrypt_rest(request_type): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest", @@ -14757,42 +15629,47 @@ def test_decrypt_rest(request_type): # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) # Mock the http request call within the method and fake a response. with mock.patch.object(type(client.transport._session), "request") as req: # Designate an appropriate value for the returned response. - return_value = service.DecryptResponse( + return_value = service.RawDecryptResponse( plaintext=b"plaintext_blob", - used_primary=True, protection_level=resources.ProtectionLevel.SOFTWARE, + verified_ciphertext_crc32c=True, + verified_additional_authenticated_data_crc32c=True, + verified_initialization_vector_crc32c=True, ) # Wrap the value into a proper Response obj response_value = Response() response_value.status_code = 200 - pb_return_value = service.DecryptResponse.pb(return_value) + pb_return_value = service.RawDecryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.decrypt(request) + response = client.raw_decrypt(request) # Establish that the response is the type that we expect. - assert isinstance(response, service.DecryptResponse) + assert isinstance(response, service.RawDecryptResponse) assert response.plaintext == b"plaintext_blob" - assert response.used_primary is True assert response.protection_level == resources.ProtectionLevel.SOFTWARE + assert response.verified_ciphertext_crc32c is True + assert response.verified_additional_authenticated_data_crc32c is True + assert response.verified_initialization_vector_crc32c is True -def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): +def test_raw_decrypt_rest_required_fields(request_type=service.RawDecryptRequest): transport_class = transports.KeyManagementServiceRestTransport request_init = {} request_init["name"] = "" request_init["ciphertext"] = b"" + request_init["initialization_vector"] = b"" request = request_type(**request_init) pb_request = request_type.pb(request) jsonified_request = json.loads( @@ -14807,17 +15684,18 @@ def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).decrypt._get_unset_required_fields(jsonified_request) + ).raw_decrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with default values are now present jsonified_request["name"] = "name_value" jsonified_request["ciphertext"] = b"ciphertext_blob" + jsonified_request["initializationVector"] = b"initialization_vector_blob" unset_fields = transport_class( credentials=ga_credentials.AnonymousCredentials() - ).decrypt._get_unset_required_fields(jsonified_request) + ).raw_decrypt._get_unset_required_fields(jsonified_request) jsonified_request.update(unset_fields) # verify required fields with non-default values are left alone @@ -14825,6 +15703,8 @@ def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): assert jsonified_request["name"] == "name_value" assert "ciphertext" in jsonified_request assert jsonified_request["ciphertext"] == b"ciphertext_blob" + assert "initializationVector" in jsonified_request + assert jsonified_request["initializationVector"] == b"initialization_vector_blob" client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14833,7 +15713,7 @@ def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): request = request_type(**request_init) # Designate an appropriate value for the returned response. - return_value = service.DecryptResponse() + return_value = service.RawDecryptResponse() # Mock the http request call within the method and fake a response. with mock.patch.object(Session, "request") as req: # We need to mock transcode() because providing default values @@ -14854,38 +15734,39 @@ def test_decrypt_rest_required_fields(request_type=service.DecryptRequest): response_value = Response() response_value.status_code = 200 - pb_return_value = service.DecryptResponse.pb(return_value) + pb_return_value = service.RawDecryptResponse.pb(return_value) json_return_value = json_format.MessageToJson(pb_return_value) response_value._content = json_return_value.encode("UTF-8") req.return_value = response_value - response = client.decrypt(request) + response = client.raw_decrypt(request) expected_params = [("$alt", "json;enum-encoding=int")] actual_params = req.call_args.kwargs["params"] assert expected_params == actual_params -def test_decrypt_rest_unset_required_fields(): +def test_raw_decrypt_rest_unset_required_fields(): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials ) - unset_fields = transport.decrypt._get_unset_required_fields({}) + unset_fields = transport.raw_decrypt._get_unset_required_fields({}) assert set(unset_fields) == ( set(()) & set( ( "name", "ciphertext", + "initializationVector", ) ) ) @pytest.mark.parametrize("null_interceptor", [True, False]) -def test_decrypt_rest_interceptors(null_interceptor): +def test_raw_decrypt_rest_interceptors(null_interceptor): transport = transports.KeyManagementServiceRestTransport( credentials=ga_credentials.AnonymousCredentials(), interceptor=None @@ -14898,13 +15779,13 @@ def test_decrypt_rest_interceptors(null_interceptor): ) as req, mock.patch.object( path_template, "transcode" ) as transcode, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "post_decrypt" + transports.KeyManagementServiceRestInterceptor, "post_raw_decrypt" ) as post, mock.patch.object( - transports.KeyManagementServiceRestInterceptor, "pre_decrypt" + transports.KeyManagementServiceRestInterceptor, "pre_raw_decrypt" ) as pre: pre.assert_not_called() post.assert_not_called() - pb_message = service.DecryptRequest.pb(service.DecryptRequest()) + pb_message = service.RawDecryptRequest.pb(service.RawDecryptRequest()) transcode.return_value = { "method": "post", "uri": "my_uri", @@ -14915,19 +15796,19 @@ def test_decrypt_rest_interceptors(null_interceptor): req.return_value = Response() req.return_value.status_code = 200 req.return_value.request = PreparedRequest() - req.return_value._content = service.DecryptResponse.to_json( - service.DecryptResponse() + req.return_value._content = service.RawDecryptResponse.to_json( + service.RawDecryptResponse() ) - request = service.DecryptRequest() + request = service.RawDecryptRequest() metadata = [ ("key", "val"), ("cephalopod", "squid"), ] pre.return_value = request, metadata - post.return_value = service.DecryptResponse() + post.return_value = service.RawDecryptResponse() - client.decrypt( + client.raw_decrypt( request, metadata=[ ("key", "val"), @@ -14939,8 +15820,8 @@ def test_decrypt_rest_interceptors(null_interceptor): post.assert_called_once() -def test_decrypt_rest_bad_request( - transport: str = "rest", request_type=service.DecryptRequest +def test_raw_decrypt_rest_bad_request( + transport: str = "rest", request_type=service.RawDecryptRequest ): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), @@ -14949,7 +15830,7 @@ def test_decrypt_rest_bad_request( # send a request that will satisfy transcoding request_init = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" + "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4/cryptoKeyVersions/sample5" } request = request_type(**request_init) @@ -14962,70 +15843,10 @@ def test_decrypt_rest_bad_request( response_value.status_code = 400 response_value.request = Request() req.return_value = response_value - client.decrypt(request) - - -def test_decrypt_rest_flattened(): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport="rest", - ) - - # Mock the http request call within the method and fake a response. - with mock.patch.object(type(client.transport._session), "request") as req: - # Designate an appropriate value for the returned response. - return_value = service.DecryptResponse() - - # get arguments that satisfy an http rule for this method - sample_request = { - "name": "projects/sample1/locations/sample2/keyRings/sample3/cryptoKeys/sample4" - } - - # get truthy value for each flattened field - mock_args = dict( - name="name_value", - ciphertext=b"ciphertext_blob", - ) - mock_args.update(sample_request) - - # Wrap the value into a proper Response obj - response_value = Response() - response_value.status_code = 200 - pb_return_value = service.DecryptResponse.pb(return_value) - json_return_value = json_format.MessageToJson(pb_return_value) - response_value._content = json_return_value.encode("UTF-8") - req.return_value = response_value - - client.decrypt(**mock_args) - - # Establish that the underlying call was made with the expected - # request object values. - assert len(req.mock_calls) == 1 - _, args, _ = req.mock_calls[0] - assert path_template.validate( - "%s/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt" - % client.transport._host, - args[1], - ) - - -def test_decrypt_rest_flattened_error(transport: str = "rest"): - client = KeyManagementServiceClient( - credentials=ga_credentials.AnonymousCredentials(), - transport=transport, - ) - - # Attempting to call a method with both a request object and flattened - # fields is an error. - with pytest.raises(ValueError): - client.decrypt( - service.DecryptRequest(), - name="name_value", - ciphertext=b"ciphertext_blob", - ) + client.raw_decrypt(request) -def test_decrypt_rest_error(): +def test_raw_decrypt_rest_error(): client = KeyManagementServiceClient( credentials=ga_credentials.AnonymousCredentials(), transport="rest" ) @@ -16546,6 +17367,8 @@ def test_key_management_service_base_transport(): "restore_crypto_key_version", "encrypt", "decrypt", + "raw_encrypt", + "raw_decrypt", "asymmetric_sign", "asymmetric_decrypt", "mac_sign", @@ -16891,6 +17714,12 @@ def test_key_management_service_client_transport_session_collision(transport_nam session1 = client1.transport.decrypt._session session2 = client2.transport.decrypt._session assert session1 != session2 + session1 = client1.transport.raw_encrypt._session + session2 = client2.transport.raw_encrypt._session + assert session1 != session2 + session1 = client1.transport.raw_decrypt._session + session2 = client2.transport.raw_decrypt._session + assert session1 != session2 session1 = client1.transport.asymmetric_sign._session session2 = client2.transport.asymmetric_sign._session assert session1 != session2