diff --git a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/enums.py b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/enums.py index 81a5666c862e..0edc531438a0 100644 --- a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/enums.py +++ b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/enums.py @@ -20,7 +20,8 @@ class ProtectionLevel(enum.IntEnum): """ - ``ProtectionLevel`` specifies how cryptographic operations are performed. + ``ProtectionLevel`` specifies how cryptographic operations are + performed. Attributes: PROTECTION_LEVEL_UNSPECIFIED (int): Not specified. @@ -36,20 +37,17 @@ class CryptoKey(object): class CryptoKeyPurpose(enum.IntEnum): """ ``CryptoKeyPurpose`` describes the cryptographic capabilities of a - ``CryptoKey``. A given key can only be used for the operations allowed by - its purpose. + ``CryptoKey``. A given key can only be used for the operations allowed + by its purpose. Attributes: CRYPTO_KEY_PURPOSE_UNSPECIFIED (int): Not specified. - ENCRYPT_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with - ``Encrypt`` and + ENCRYPT_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with ``Encrypt`` and ``Decrypt``. - ASYMMETRIC_SIGN (int): ``CryptoKeys`` with this purpose may be used with - ``AsymmetricSign`` and - ``GetPublicKey``. - ASYMMETRIC_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with - ``AsymmetricDecrypt`` and + ASYMMETRIC_SIGN (int): ``CryptoKeys`` with this purpose may be used with ``AsymmetricSign`` and ``GetPublicKey``. + ASYMMETRIC_DECRYPT (int): ``CryptoKeys`` with this purpose may be used with ``AsymmetricDecrypt`` + and ``GetPublicKey``. """ CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0 ENCRYPT_DECRYPT = 1 @@ -74,36 +72,33 @@ class AttestationFormat(enum.IntEnum): class CryptoKeyVersion(object): class CryptoKeyVersionAlgorithm(enum.IntEnum): """ - The algorithm of the ``CryptoKeyVersion``, indicating what - parameters must be used for each cryptographic operation. + The algorithm of the ``CryptoKeyVersion``, indicating what parameters + must be used for each cryptographic operation. - The - ``GOOGLE_SYMMETRIC_ENCRYPTION`` - algorithm is usable with ``CryptoKey.purpose`` - ``ENCRYPT_DECRYPT``. + The ``GOOGLE_SYMMETRIC_ENCRYPTION`` algorithm is usable with + ``CryptoKey.purpose`` ``ENCRYPT_DECRYPT``. - Algorithms beginning with \"RSA_SIGN_\" are usable with ``CryptoKey.purpose`` - ``ASYMMETRIC_SIGN``. + Algorithms beginning with "RSA\_SIGN\_" are usable with + ``CryptoKey.purpose`` ``ASYMMETRIC_SIGN``. - The fields in the name after \"RSA_SIGN_\" correspond to the following + The fields in the name after "RSA\_SIGN\_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest - algorithm. For example, - ``RSA_SIGN_PSS_2048_SHA256`` - will use PSS with a salt length of 256 bits or 32 bytes. + algorithm. For example, ``RSA_SIGN_PSS_2048_SHA256`` will use PSS with a + salt length of 256 bits or 32 bytes. - Algorithms beginning with \"RSA_DECRYPT_\" are usable with - ``CryptoKey.purpose`` - ``ASYMMETRIC_DECRYPT``. + Algorithms beginning with "RSA\_DECRYPT\_" are usable with + ``CryptoKey.purpose`` ``ASYMMETRIC_DECRYPT``. - The fields in the name after \"RSA_DECRYPT_\" correspond to the following - parameters: padding algorithm, modulus bit length, and digest algorithm. + The fields in the name after "RSA\_DECRYPT\_" correspond to the + following parameters: padding algorithm, modulus bit length, and digest + algorithm. - Algorithms beginning with \"EC_SIGN_\" are usable with ``CryptoKey.purpose`` - ``ASYMMETRIC_SIGN``. + Algorithms beginning with "EC\_SIGN\_" are usable with + ``CryptoKey.purpose`` ``ASYMMETRIC_SIGN``. - The fields in the name after \"EC_SIGN_\" correspond to the following + The fields in the name after "EC\_SIGN\_" correspond to the following parameters: elliptic curve, digest algorithm. Attributes: @@ -112,9 +107,9 @@ class CryptoKeyVersionAlgorithm(enum.IntEnum): RSA_SIGN_PSS_2048_SHA256 (int): RSASSA-PSS 2048 bit key with a SHA256 digest. RSA_SIGN_PSS_3072_SHA256 (int): RSASSA-PSS 3072 bit key with a SHA256 digest. RSA_SIGN_PSS_4096_SHA256 (int): RSASSA-PSS 4096 bit key with a SHA256 digest. - RSA_SIGN_PKCS1_2048_SHA256 (int): RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. - RSA_SIGN_PKCS1_3072_SHA256 (int): RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. - RSA_SIGN_PKCS1_4096_SHA256 (int): RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_2048_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 2048 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_3072_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 3072 bit key and a SHA256 digest. + RSA_SIGN_PKCS1_4096_SHA256 (int): RSASSA-PKCS1-v1\_5 with a 4096 bit key and a SHA256 digest. RSA_DECRYPT_OAEP_2048_SHA256 (int): RSAES-OAEP 2048 bit key with a SHA256 digest. RSA_DECRYPT_OAEP_3072_SHA256 (int): RSAES-OAEP 3072 bit key with a SHA256 digest. RSA_DECRYPT_OAEP_4096_SHA256 (int): RSAES-OAEP 4096 bit key with a SHA256 digest. @@ -150,9 +145,8 @@ class CryptoKeyVersionState(enum.IntEnum): DESTROYED (int): This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered. DESTROY_SCHEDULED (int): This version is scheduled for destruction, and will be destroyed soon. - Call - ``RestoreCryptoKeyVersion`` - to put it back into the ``DISABLED`` state. + Call ``RestoreCryptoKeyVersion`` to put it back into the ``DISABLED`` + state. """ CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0 PENDING_GENERATION = 5 @@ -163,14 +157,14 @@ class CryptoKeyVersionState(enum.IntEnum): class CryptoKeyVersionView(enum.IntEnum): """ - A view for ``CryptoKeyVersion``s. Controls the level of detail returned - for ``CryptoKeyVersions`` in + A view for ``CryptoKeyVersion``\ s. Controls the level of detail + returned for ``CryptoKeyVersions`` in ``KeyManagementService.ListCryptoKeyVersions`` and ``KeyManagementService.ListCryptoKeys``. Attributes: - CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED (int): Default view for each ``CryptoKeyVersion``. Does not include - the ``attestation`` field. + CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED (int): Default view for each ``CryptoKeyVersion``. Does not include the + ``attestation`` field. FULL (int): Provides all fields in each ``CryptoKeyVersion``, including the ``attestation``. """ diff --git a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/key_management_service_client.py b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/key_management_service_client.py index 87cc16c819de..809995f39c90 100644 --- a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/key_management_service_client.py +++ b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/key_management_service_client.py @@ -47,15 +47,15 @@ class KeyManagementServiceClient(object): """ Google Cloud Key Management Service - Manages cryptographic keys and operations using those keys. Implements a REST - model with the following objects: + Manages cryptographic keys and operations using those keys. Implements a + REST model with the following objects: - * ``KeyRing`` - * ``CryptoKey`` - * ``CryptoKeyVersion`` + - ``KeyRing`` + - ``CryptoKey`` + - ``CryptoKeyVersion`` - If you are using manual gRPC libraries, see - `Using gRPC with Cloud KMS `_. + If you are using manual gRPC libraries, see `Using gRPC with Cloud + KMS `__. """ SERVICE_ADDRESS = 'cloudkms.googleapis.com:443' @@ -210,9 +210,10 @@ def __init__(self, ) if client_info is None: - client_info = ( - google.api_core.gapic_v1.client_info.DEFAULT_CLIENT_INFO) - client_info.gapic_version = _GAPIC_LIBRARY_VERSION + client_info = google.api_core.gapic_v1.client_info.ClientInfo( + gapic_version=_GAPIC_LIBRARY_VERSION, ) + else: + client_info.gapic_version = _GAPIC_LIBRARY_VERSION self._client_info = client_info # Parse out the default settings for retry and timeout for each RPC @@ -254,7 +255,7 @@ def list_key_rings(self, >>> # Alternatively: >>> >>> # Iterate over results one page at a time - >>> for page in client.list_key_rings(parent, options=CallOptions(page_token=INITIAL_PAGE)): + >>> for page in client.list_key_rings(parent).pages: ... for element in page: ... # process element ... pass @@ -356,7 +357,7 @@ def list_crypto_keys(self, >>> # Alternatively: >>> >>> # Iterate over results one page at a time - >>> for page in client.list_crypto_keys(parent, options=CallOptions(page_token=INITIAL_PAGE)): + >>> for page in client.list_crypto_keys(parent).pages: ... for element in page: ... # process element ... pass @@ -461,7 +462,7 @@ def list_crypto_key_versions( >>> # Alternatively: >>> >>> # Iterate over results one page at a time - >>> for page in client.list_crypto_key_versions(parent, options=CallOptions(page_token=INITIAL_PAGE)): + >>> for page in client.list_crypto_key_versions(parent).pages: ... for element in page: ... # process element ... pass @@ -610,8 +611,8 @@ def get_crypto_key(self, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ - Returns metadata for a given ``CryptoKey``, as well as its - ``primary`` ``CryptoKeyVersion``. + Returns metadata for a given ``CryptoKey``, as well as its ``primary`` + ``CryptoKeyVersion``. Example: >>> from google.cloud import kms_v1 @@ -753,10 +754,10 @@ def create_key_ring(self, >>> >>> parent = client.location_path('[PROJECT]', '[LOCATION]') >>> - >>> # TODO: Initialize ``key_ring_id``: + >>> # TODO: Initialize `key_ring_id`: >>> key_ring_id = '' >>> - >>> # TODO: Initialize ``key_ring``: + >>> # TODO: Initialize `key_ring`: >>> key_ring = {} >>> >>> response = client.create_key_ring(parent, key_ring_id, key_ring) @@ -767,6 +768,7 @@ def create_key_ring(self, key_ring_id (str): Required. It must be unique within a location and match the regular expression ``[a-zA-Z0-9_-]{1,63}`` key_ring (Union[dict, ~google.cloud.kms_v1.types.KeyRing]): A ``KeyRing`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.KeyRing` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -829,9 +831,8 @@ def create_crypto_key(self, """ Create a new ``CryptoKey`` within a ``KeyRing``. - ``CryptoKey.purpose`` and - ``CryptoKey.version_template.algorithm`` - are required. + ``CryptoKey.purpose`` and ``CryptoKey.version_template.algorithm`` are + required. Example: >>> from google.cloud import kms_v1 @@ -856,6 +857,7 @@ def create_crypto_key(self, crypto_key_id (str): Required. It must be unique within a KeyRing and match the regular expression ``[a-zA-Z0-9_-]{1,63}`` crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): A ``CryptoKey`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.CryptoKey` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -919,9 +921,8 @@ def create_crypto_key_version( """ Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. - The server will assign the next sequential id. If unset, - ``state`` will be set to - ``ENABLED``. + The server will assign the next sequential id. If unset, ``state`` will + be set to ``ENABLED``. Example: >>> from google.cloud import kms_v1 @@ -930,15 +931,16 @@ def create_crypto_key_version( >>> >>> parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') >>> - >>> # TODO: Initialize ``crypto_key_version``: + >>> # TODO: Initialize `crypto_key_version`: >>> crypto_key_version = {} >>> >>> response = client.create_crypto_key_version(parent, crypto_key_version) Args: - parent (str): Required. The ``name`` of the ``CryptoKey`` associated with - the ``CryptoKeyVersions``. + parent (str): Required. The ``name`` of the ``CryptoKey`` associated with the + ``CryptoKeyVersions``. crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): A ``CryptoKeyVersion`` with initial field values. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -1005,19 +1007,21 @@ def update_crypto_key(self, >>> >>> client = kms_v1.KeyManagementServiceClient() >>> - >>> # TODO: Initialize ``crypto_key``: + >>> # TODO: Initialize `crypto_key`: >>> crypto_key = {} >>> - >>> # TODO: Initialize ``update_mask``: + >>> # TODO: Initialize `update_mask`: >>> update_mask = {} >>> >>> response = client.update_crypto_key(crypto_key, update_mask) Args: crypto_key (Union[dict, ~google.cloud.kms_v1.types.CryptoKey]): ``CryptoKey`` with updated values. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.CryptoKey` update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.FieldMask` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -1080,30 +1084,30 @@ def update_crypto_key_version( """ Update a ``CryptoKeyVersion``'s metadata. - ``state`` may be changed between - ``ENABLED`` and - ``DISABLED`` using this - method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` to - move between other states. + ``state`` may be changed between ``ENABLED`` and ``DISABLED`` using this + method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` + to move between other states. Example: >>> from google.cloud import kms_v1 >>> >>> client = kms_v1.KeyManagementServiceClient() >>> - >>> # TODO: Initialize ``crypto_key_version``: + >>> # TODO: Initialize `crypto_key_version`: >>> crypto_key_version = {} >>> - >>> # TODO: Initialize ``update_mask``: + >>> # TODO: Initialize `update_mask`: >>> update_mask = {} >>> >>> response = client.update_crypto_key_version(crypto_key_version, update_mask) Args: crypto_key_version (Union[dict, ~google.cloud.kms_v1.types.CryptoKeyVersion]): ``CryptoKeyVersion`` with updated values. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.CryptoKeyVersion` update_mask (Union[dict, ~google.cloud.kms_v1.types.FieldMask]): Required list of fields to be updated in this request. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.FieldMask` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -1165,9 +1169,8 @@ def encrypt(self, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ - Encrypts data, so that it can only be recovered by a call to ``Decrypt``. - The ``CryptoKey.purpose`` must be - ``ENCRYPT_DECRYPT``. + Encrypts data, so that it can only be recovered by a call to + ``Decrypt``. The ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. Example: >>> from google.cloud import kms_v1 @@ -1176,7 +1179,7 @@ def encrypt(self, >>> >>> name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]') >>> - >>> # TODO: Initialize ``plaintext``: + >>> # TODO: Initialize `plaintext`: >>> plaintext = b'' >>> >>> response = client.encrypt(name, plaintext) @@ -1189,21 +1192,17 @@ def encrypt(self, ``primary version``. plaintext (bytes): Required. The data to encrypt. Must be no larger than 64KiB. - The maximum size depends on the key version's - ``protection_level``. For - ``SOFTWARE`` keys, the plaintext must be no larger - than 64KiB. For ``HSM`` keys, the combined length of the - plaintext and additional_authenticated_data fields must be no larger than - 8KiB. - additional_authenticated_data (bytes): Optional data that, if specified, must also be provided during decryption - through ``DecryptRequest.additional_authenticated_data``. - - The maximum size depends on the key version's - ``protection_level``. For - ``SOFTWARE`` keys, the AAD must be no larger than - 64KiB. For ``HSM`` keys, the combined length of the - plaintext and additional_authenticated_data fields must be no larger than - 8KiB. + The maximum size depends on the key version's ``protection_level``. For + ``SOFTWARE`` keys, the plaintext must be no larger than 64KiB. For + ``HSM`` keys, the combined length of the plaintext and + additional\_authenticated\_data fields must be no larger than 8KiB. + additional_authenticated_data (bytes): Optional data that, if specified, must also be provided during + decryption through ``DecryptRequest.additional_authenticated_data``. + + The maximum size depends on the key version's ``protection_level``. For + ``SOFTWARE`` keys, the AAD must be no larger than 64KiB. For ``HSM`` + keys, the combined length of the plaintext and + additional\_authenticated\_data fields must be no larger than 8KiB. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. @@ -1261,8 +1260,8 @@ def decrypt(self, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ - Decrypts data that was protected by ``Encrypt``. The ``CryptoKey.purpose`` - must be ``ENCRYPT_DECRYPT``. + Decrypts data that was protected by ``Encrypt``. The + ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. Example: >>> from google.cloud import kms_v1 @@ -1271,7 +1270,7 @@ def decrypt(self, >>> >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') >>> - >>> # TODO: Initialize ``ciphertext``: + >>> # TODO: Initialize `ciphertext`: >>> ciphertext = b'' >>> >>> response = client.decrypt(name, ciphertext) @@ -1351,7 +1350,7 @@ def update_crypto_key_primary_version( >>> >>> name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') >>> - >>> # TODO: Initialize ``crypto_key_version_id``: + >>> # TODO: Initialize `crypto_key_version_id`: >>> crypto_key_version_id = '' >>> >>> response = client.update_crypto_key_primary_version(name, crypto_key_version_id) @@ -1419,15 +1418,12 @@ def destroy_crypto_key_version( Schedule a ``CryptoKeyVersion`` for destruction. Upon calling this method, ``CryptoKeyVersion.state`` will be set to - ``DESTROY_SCHEDULED`` - and ``destroy_time`` will be set to a time 24 - hours in the future, at which point the ``state`` - will be changed to - ``DESTROYED``, and the key - material will be irrevocably destroyed. + ``DESTROY_SCHEDULED`` and ``destroy_time`` will be set to a time 24 + hours in the future, at which point the ``state`` will be changed to + ``DESTROYED``, and the key material will be irrevocably destroyed. - Before the ``destroy_time`` is reached, - ``RestoreCryptoKeyVersion`` may be called to reverse the process. + Before the ``destroy_time`` is reached, ``RestoreCryptoKeyVersion`` may + be called to reverse the process. Example: >>> from google.cloud import kms_v1 @@ -1494,13 +1490,10 @@ def restore_crypto_key_version( timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ - Restore a ``CryptoKeyVersion`` in the - ``DESTROY_SCHEDULED`` - state. + Restore a ``CryptoKeyVersion`` in the ``DESTROY_SCHEDULED`` state. - Upon restoration of the CryptoKeyVersion, ``state`` - will be set to ``DISABLED``, - and ``destroy_time`` will be cleared. + Upon restoration of the CryptoKeyVersion, ``state`` will be set to + ``DISABLED``, and ``destroy_time`` will be cleared. Example: >>> from google.cloud import kms_v1 @@ -1567,8 +1560,7 @@ def get_public_key(self, metadata=None): """ Returns the public key for the given ``CryptoKeyVersion``. The - ``CryptoKey.purpose`` must be - ``ASYMMETRIC_SIGN`` or + ``CryptoKey.purpose`` must be ``ASYMMETRIC_SIGN`` or ``ASYMMETRIC_DECRYPT``. Example: @@ -1581,8 +1573,7 @@ def get_public_key(self, >>> response = client.get_public_key(name) Args: - name (str): The ``name`` of the ``CryptoKeyVersion`` public key to - get. + name (str): The ``name`` of the ``CryptoKeyVersion`` public key to get. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. @@ -1638,7 +1629,7 @@ def asymmetric_decrypt(self, """ Decrypts data that was encrypted with a public key retrieved from ``GetPublicKey`` corresponding to a ``CryptoKeyVersion`` with - ``CryptoKey.purpose`` ASYMMETRIC_DECRYPT. + ``CryptoKey.purpose`` ASYMMETRIC\_DECRYPT. Example: >>> from google.cloud import kms_v1 @@ -1647,7 +1638,7 @@ def asymmetric_decrypt(self, >>> >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') >>> - >>> # TODO: Initialize ``ciphertext``: + >>> # TODO: Initialize `ciphertext`: >>> ciphertext = b'' >>> >>> response = client.asymmetric_decrypt(name, ciphertext) @@ -1655,8 +1646,8 @@ def asymmetric_decrypt(self, Args: name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for decryption. - ciphertext (bytes): Required. The data encrypted with the named ``CryptoKeyVersion``'s public - key using OAEP. + ciphertext (bytes): Required. The data encrypted with the named ``CryptoKeyVersion``'s + public key using OAEP. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. @@ -1715,8 +1706,8 @@ def asymmetric_sign(self, metadata=None): """ Signs data using a ``CryptoKeyVersion`` with ``CryptoKey.purpose`` - ASYMMETRIC_SIGN, producing a signature that can be verified with the public - key retrieved from ``GetPublicKey``. + ASYMMETRIC\_SIGN, producing a signature that can be verified with the + public key retrieved from ``GetPublicKey``. Example: >>> from google.cloud import kms_v1 @@ -1725,16 +1716,18 @@ def asymmetric_sign(self, >>> >>> name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]') >>> - >>> # TODO: Initialize ``digest``: + >>> # TODO: Initialize `digest`: >>> digest = {} >>> >>> response = client.asymmetric_sign(name, digest) Args: - name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for signing. - digest (Union[dict, ~google.cloud.kms_v1.types.Digest]): Required. The digest of the data to sign. The digest must be produced with - the same digest algorithm as specified by the key version's + name (str): Required. The resource name of the ``CryptoKeyVersion`` to use for + signing. + digest (Union[dict, ~google.cloud.kms_v1.types.Digest]): Required. The digest of the data to sign. The digest must be produced + with the same digest algorithm as specified by the key version's ``algorithm``. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.Digest` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -1803,7 +1796,7 @@ def set_iam_policy(self, >>> >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') >>> - >>> # TODO: Initialize ``policy``: + >>> # TODO: Initialize `policy`: >>> policy = {} >>> >>> response = client.set_iam_policy(resource, policy) @@ -1812,10 +1805,11 @@ def set_iam_policy(self, resource (str): REQUIRED: The resource for which the policy is being specified. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. - policy (Union[dict, ~google.cloud.kms_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The size of - the policy is limited to a few 10s of KB. An empty policy is a + policy (Union[dict, ~google.cloud.kms_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The + size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. + If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.kms_v1.types.Policy` retry (Optional[google.api_core.retry.Retry]): A retry object used @@ -1943,9 +1937,9 @@ def test_iam_permissions(self, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ - Returns permissions that a caller has on the specified resource. - If the resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. + Returns permissions that a caller has on the specified resource. If the + resource does not exist, this will return an empty set of permissions, + not a NOT\_FOUND error. Example: >>> from google.cloud import kms_v1 @@ -1954,7 +1948,7 @@ def test_iam_permissions(self, >>> >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') >>> - >>> # TODO: Initialize ``permissions``: + >>> # TODO: Initialize `permissions`: >>> permissions = [] >>> >>> response = client.test_iam_permissions(resource, permissions) @@ -1965,8 +1959,8 @@ def test_iam_permissions(self, resource is specified as ``projects/{project}``. permissions (list[str]): The set of permissions to check for the ``resource``. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more - information see - `IAM Overview `_. + information see `IAM + Overview `__. retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. diff --git a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py index ecddcf34a32a..1642c072a4fa 100644 --- a/packages/google-cloud-kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py +++ b/packages/google-cloud-kms/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py @@ -151,8 +151,8 @@ def get_key_ring(self): def get_crypto_key(self): """Return the gRPC stub for {$apiMethod.name}. - Returns metadata for a given ``CryptoKey``, as well as its - ``primary`` ``CryptoKeyVersion``. + Returns metadata for a given ``CryptoKey``, as well as its ``primary`` + ``CryptoKeyVersion``. Returns: Callable: A callable which accepts the appropriate @@ -193,9 +193,8 @@ def create_crypto_key(self): Create a new ``CryptoKey`` within a ``KeyRing``. - ``CryptoKey.purpose`` and - ``CryptoKey.version_template.algorithm`` - are required. + ``CryptoKey.purpose`` and ``CryptoKey.version_template.algorithm`` are + required. Returns: Callable: A callable which accepts the appropriate @@ -210,9 +209,8 @@ def create_crypto_key_version(self): Create a new ``CryptoKeyVersion`` in a ``CryptoKey``. - The server will assign the next sequential id. If unset, - ``state`` will be set to - ``ENABLED``. + The server will assign the next sequential id. If unset, ``state`` will + be set to ``ENABLED``. Returns: Callable: A callable which accepts the appropriate @@ -241,11 +239,9 @@ def update_crypto_key_version(self): Update a ``CryptoKeyVersion``'s metadata. - ``state`` may be changed between - ``ENABLED`` and - ``DISABLED`` using this - method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` to - move between other states. + ``state`` may be changed between ``ENABLED`` and ``DISABLED`` using this + method. See ``DestroyCryptoKeyVersion`` and ``RestoreCryptoKeyVersion`` + to move between other states. Returns: Callable: A callable which accepts the appropriate @@ -259,9 +255,8 @@ def update_crypto_key_version(self): def encrypt(self): """Return the gRPC stub for {$apiMethod.name}. - Encrypts data, so that it can only be recovered by a call to ``Decrypt``. - The ``CryptoKey.purpose`` must be - ``ENCRYPT_DECRYPT``. + Encrypts data, so that it can only be recovered by a call to + ``Decrypt``. The ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. Returns: Callable: A callable which accepts the appropriate @@ -274,8 +269,8 @@ def encrypt(self): def decrypt(self): """Return the gRPC stub for {$apiMethod.name}. - Decrypts data that was protected by ``Encrypt``. The ``CryptoKey.purpose`` - must be ``ENCRYPT_DECRYPT``. + Decrypts data that was protected by ``Encrypt``. The + ``CryptoKey.purpose`` must be ``ENCRYPT_DECRYPT``. Returns: Callable: A callable which accepts the appropriate @@ -307,15 +302,12 @@ def destroy_crypto_key_version(self): Schedule a ``CryptoKeyVersion`` for destruction. Upon calling this method, ``CryptoKeyVersion.state`` will be set to - ``DESTROY_SCHEDULED`` - and ``destroy_time`` will be set to a time 24 - hours in the future, at which point the ``state`` - will be changed to - ``DESTROYED``, and the key - material will be irrevocably destroyed. + ``DESTROY_SCHEDULED`` and ``destroy_time`` will be set to a time 24 + hours in the future, at which point the ``state`` will be changed to + ``DESTROYED``, and the key material will be irrevocably destroyed. - Before the ``destroy_time`` is reached, - ``RestoreCryptoKeyVersion`` may be called to reverse the process. + Before the ``destroy_time`` is reached, ``RestoreCryptoKeyVersion`` may + be called to reverse the process. Returns: Callable: A callable which accepts the appropriate @@ -329,13 +321,10 @@ def destroy_crypto_key_version(self): def restore_crypto_key_version(self): """Return the gRPC stub for {$apiMethod.name}. - Restore a ``CryptoKeyVersion`` in the - ``DESTROY_SCHEDULED`` - state. + Restore a ``CryptoKeyVersion`` in the ``DESTROY_SCHEDULED`` state. - Upon restoration of the CryptoKeyVersion, ``state`` - will be set to ``DISABLED``, - and ``destroy_time`` will be cleared. + Upon restoration of the CryptoKeyVersion, ``state`` will be set to + ``DISABLED``, and ``destroy_time`` will be cleared. Returns: Callable: A callable which accepts the appropriate @@ -350,8 +339,7 @@ def get_public_key(self): """Return the gRPC stub for {$apiMethod.name}. Returns the public key for the given ``CryptoKeyVersion``. The - ``CryptoKey.purpose`` must be - ``ASYMMETRIC_SIGN`` or + ``CryptoKey.purpose`` must be ``ASYMMETRIC_SIGN`` or ``ASYMMETRIC_DECRYPT``. Returns: @@ -367,7 +355,7 @@ def asymmetric_decrypt(self): Decrypts data that was encrypted with a public key retrieved from ``GetPublicKey`` corresponding to a ``CryptoKeyVersion`` with - ``CryptoKey.purpose`` ASYMMETRIC_DECRYPT. + ``CryptoKey.purpose`` ASYMMETRIC\_DECRYPT. Returns: Callable: A callable which accepts the appropriate @@ -381,8 +369,8 @@ def asymmetric_sign(self): """Return the gRPC stub for {$apiMethod.name}. Signs data using a ``CryptoKeyVersion`` with ``CryptoKey.purpose`` - ASYMMETRIC_SIGN, producing a signature that can be verified with the public - key retrieved from ``GetPublicKey``. + ASYMMETRIC\_SIGN, producing a signature that can be verified with the + public key retrieved from ``GetPublicKey``. Returns: Callable: A callable which accepts the appropriate @@ -424,9 +412,9 @@ def get_iam_policy(self): def test_iam_permissions(self): """Return the gRPC stub for {$apiMethod.name}. - Returns permissions that a caller has on the specified resource. - If the resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. + Returns permissions that a caller has on the specified resource. If the + resource does not exist, this will return an empty set of permissions, + not a NOT\_FOUND error. Returns: Callable: A callable which accepts the appropriate