From f78bcf029331dfa88f8f6cd63c69f7613b50fb13 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Mon, 6 Mar 2023 13:53:16 -0800 Subject: [PATCH] feat: [Kms] add support for Coordinated External Keys (#5929) feat: add support for Coordinated External Keys PiperOrigin-RevId: 514450927 Source-Link: https://github.com/googleapis/googleapis/commit/de50ec65ee9961d6ed10becf21f5f1e83d3913c6 Source-Link: https://github.com/googleapis/googleapis-gen/commit/8a0f354d4773e369028c8109a0533fc30386844b Copy-Tag: eyJwIjoiS21zLy5Pd2xCb3QueWFtbCIsImgiOiI4YTBmMzU0ZDQ3NzNlMzY5MDI4YzgxMDlhMDUzM2ZjMzAzODY4NDRiIn0= --- Kms/metadata/V1/EkmService.php | Bin 3919 -> 4895 bytes Kms/metadata/V1/Resources.php | Bin 6745 -> 6925 bytes .../V1/EkmServiceClient/get_ekm_config.php | 68 +++++++++ .../V1/EkmServiceClient/update_ekm_config.php | 59 ++++++++ Kms/src/V1/CryptoKeyVersion.php | 88 ++++++++++++ .../CryptoKeyVersionState.php | 29 ++++ Kms/src/V1/EkmConfig.php | 123 ++++++++++++++++ Kms/src/V1/EkmConnection.php | 92 ++++++++++++ .../V1/EkmConnection/KeyManagementMode.php | 90 ++++++++++++ .../V1/EkmConnection_KeyManagementMode.php | 16 +++ Kms/src/V1/EkmServiceGrpcClient.php | 32 +++++ Kms/src/V1/Gapic/EkmServiceGapicClient.php | 117 +++++++++++++++ Kms/src/V1/GetEkmConfigRequest.php | 72 ++++++++++ Kms/src/V1/UpdateEkmConfigRequest.php | 122 ++++++++++++++++ Kms/src/V1/gapic_metadata.json | 10 ++ .../resources/ekm_service_client_config.json | 10 ++ .../ekm_service_rest_client_config.php | 27 ++++ Kms/tests/Unit/V1/EkmServiceClientTest.php | 135 ++++++++++++++++++ .../V1/KeyManagementServiceClientTest.php | 24 ++++ 19 files changed, 1114 insertions(+) create mode 100644 Kms/samples/V1/EkmServiceClient/get_ekm_config.php create mode 100644 Kms/samples/V1/EkmServiceClient/update_ekm_config.php create mode 100644 Kms/src/V1/EkmConfig.php create mode 100644 Kms/src/V1/EkmConnection/KeyManagementMode.php create mode 100644 Kms/src/V1/EkmConnection_KeyManagementMode.php create mode 100644 Kms/src/V1/GetEkmConfigRequest.php create mode 100644 Kms/src/V1/UpdateEkmConfigRequest.php diff --git a/Kms/metadata/V1/EkmService.php b/Kms/metadata/V1/EkmService.php index b1e15233844974db0872324b8d228ce8bece65b7..d63ee730f08b11793eb977f97927bb1ca1694c7c 100644 GIT binary patch delta 707 zcmX>vH(zao4l~md`OSLF`YG>pU3oS@VEJ=ln zA(oa5cU_B~Hu_92te=xCE1nDho>TUW@eJy1%Ue3wgn Z@;q*KS&&s$ND1YZqZmTz<`Ul9i~z96=D+{| delta 61 zcmV-D0K)&DCeI$QECT}77qcz{z5}zy2SNb?kOY$o3A&R!3gQPkbLv5G3MG?Z3?7r1 T3s3_xu?Mra3_Js~P!Z1of3Orl diff --git a/Kms/metadata/V1/Resources.php b/Kms/metadata/V1/Resources.php index ed8e09b715532cfef96eb11f972ff5af712b39b0..84c257882f215cb7d02455fcafcb638aa2db21ab 100644 GIT binary patch delta 217 zcmca<(rdQi8xzZEeJ%*-h* zN{uf{O)SpOlMq&5)Zlbte&EO~WWc4IT2Yc(l$V$jpORW!QdF9ZO^3*4KHjg)OtYCL zvkD%J5)$PSba(Z04RQ?e^!JN*bM*9abrIkYQs9yaaP@QX^mC7QjRJ^3UlGBxdJ>Ze DZy68K diff --git a/Kms/samples/V1/EkmServiceClient/get_ekm_config.php b/Kms/samples/V1/EkmServiceClient/get_ekm_config.php new file mode 100644 index 000000000000..543b1fa87784 --- /dev/null +++ b/Kms/samples/V1/EkmServiceClient/get_ekm_config.php @@ -0,0 +1,68 @@ +getEkmConfig($formattedName); + printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString()); + } catch (ApiException $ex) { + printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage()); + } +} + +/** + * Helper to execute the sample. + * + * This sample has been automatically generated and should be regarded as a code + * template only. It will require modifications to work: + * - It may require correct/in-range values for request initialization. + * - It may require specifying regional endpoints when creating the service client, + * please see the apiEndpoint client configuration option for more details. + */ +function callSample(): void +{ + $formattedName = EkmServiceClient::ekmConfigName('[PROJECT]', '[LOCATION]'); + + get_ekm_config_sample($formattedName); +} +// [END cloudkms_v1_generated_EkmService_GetEkmConfig_sync] diff --git a/Kms/samples/V1/EkmServiceClient/update_ekm_config.php b/Kms/samples/V1/EkmServiceClient/update_ekm_config.php new file mode 100644 index 000000000000..d1cddaa8e8a1 --- /dev/null +++ b/Kms/samples/V1/EkmServiceClient/update_ekm_config.php @@ -0,0 +1,59 @@ +updateEkmConfig($ekmConfig, $updateMask); + printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString()); + } catch (ApiException $ex) { + printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage()); + } +} +// [END cloudkms_v1_generated_EkmService_UpdateEkmConfig_sync] diff --git a/Kms/src/V1/CryptoKeyVersion.php b/Kms/src/V1/CryptoKeyVersion.php index e5b6c1317398..b481e6a3996c 100644 --- a/Kms/src/V1/CryptoKeyVersion.php +++ b/Kms/src/V1/CryptoKeyVersion.php @@ -124,6 +124,23 @@ class CryptoKeyVersion extends \Google\Protobuf\Internal\Message * Generated from protobuf field string import_failure_reason = 16 [(.google.api.field_behavior) = OUTPUT_ONLY]; */ private $import_failure_reason = ''; + /** + * Output only. The root cause of the most recent generation failure. Only + * present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED]. + * + * Generated from protobuf field string generation_failure_reason = 19 [(.google.api.field_behavior) = OUTPUT_ONLY]; + */ + private $generation_failure_reason = ''; + /** + * Output only. The root cause of the most recent external destruction + * failure. Only present if + * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED]. + * + * Generated from protobuf field string external_destruction_failure_reason = 20 [(.google.api.field_behavior) = OUTPUT_ONLY]; + */ + private $external_destruction_failure_reason = ''; /** * ExternalProtectionLevelOptions stores a group of additional fields for * configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that @@ -203,6 +220,15 @@ class CryptoKeyVersion extends \Google\Protobuf\Internal\Message * Output only. The root cause of the most recent import failure. Only present * if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. + * @type string $generation_failure_reason + * Output only. The root cause of the most recent generation failure. Only + * present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED]. + * @type string $external_destruction_failure_reason + * Output only. The root cause of the most recent external destruction + * failure. Only present if + * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED]. * @type \Google\Cloud\Kms\V1\ExternalProtectionLevelOptions $external_protection_level_options * ExternalProtectionLevelOptions stores a group of additional fields for * configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that @@ -651,6 +677,68 @@ public function setImportFailureReason($var) return $this; } + /** + * Output only. The root cause of the most recent generation failure. Only + * present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED]. + * + * Generated from protobuf field string generation_failure_reason = 19 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @return string + */ + public function getGenerationFailureReason() + { + return $this->generation_failure_reason; + } + + /** + * Output only. The root cause of the most recent generation failure. Only + * present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [GENERATION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.GENERATION_FAILED]. + * + * Generated from protobuf field string generation_failure_reason = 19 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @param string $var + * @return $this + */ + public function setGenerationFailureReason($var) + { + GPBUtil::checkString($var, True); + $this->generation_failure_reason = $var; + + return $this; + } + + /** + * Output only. The root cause of the most recent external destruction + * failure. Only present if + * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED]. + * + * Generated from protobuf field string external_destruction_failure_reason = 20 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @return string + */ + public function getExternalDestructionFailureReason() + { + return $this->external_destruction_failure_reason; + } + + /** + * Output only. The root cause of the most recent external destruction + * failure. Only present if + * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is + * [EXTERNAL_DESTRUCTION_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.EXTERNAL_DESTRUCTION_FAILED]. + * + * Generated from protobuf field string external_destruction_failure_reason = 20 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @param string $var + * @return $this + */ + public function setExternalDestructionFailureReason($var) + { + GPBUtil::checkString($var, True); + $this->external_destruction_failure_reason = $var; + + return $this; + } + /** * ExternalProtectionLevelOptions stores a group of additional fields for * configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that diff --git a/Kms/src/V1/CryptoKeyVersion/CryptoKeyVersionState.php b/Kms/src/V1/CryptoKeyVersion/CryptoKeyVersionState.php index a7baabed0346..b4de21be0a7e 100644 --- a/Kms/src/V1/CryptoKeyVersion/CryptoKeyVersionState.php +++ b/Kms/src/V1/CryptoKeyVersion/CryptoKeyVersionState.php @@ -87,6 +87,32 @@ class CryptoKeyVersionState * Generated from protobuf enum IMPORT_FAILED = 7; */ const IMPORT_FAILED = 7; + /** + * This version was not generated successfully. It may not be used, enabled, + * disabled, or destroyed. Additional details can be found in + * [CryptoKeyVersion.generation_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason]. + * + * Generated from protobuf enum GENERATION_FAILED = 8; + */ + const GENERATION_FAILED = 8; + /** + * This version was destroyed, and it may not be used or enabled again. + * Cloud KMS is waiting for the corresponding key material residing in an + * external key manager to be destroyed. + * + * Generated from protobuf enum PENDING_EXTERNAL_DESTRUCTION = 9; + */ + const PENDING_EXTERNAL_DESTRUCTION = 9; + /** + * This version was destroyed, and it may not be used or enabled again. + * However, Cloud KMS could not confirm that the corresponding key material + * residing in an external key manager was destroyed. Additional details can + * be found in + * [CryptoKeyVersion.external_destruction_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason]. + * + * Generated from protobuf enum EXTERNAL_DESTRUCTION_FAILED = 10; + */ + const EXTERNAL_DESTRUCTION_FAILED = 10; private static $valueToName = [ self::CRYPTO_KEY_VERSION_STATE_UNSPECIFIED => 'CRYPTO_KEY_VERSION_STATE_UNSPECIFIED', @@ -97,6 +123,9 @@ class CryptoKeyVersionState self::DESTROY_SCHEDULED => 'DESTROY_SCHEDULED', self::PENDING_IMPORT => 'PENDING_IMPORT', self::IMPORT_FAILED => 'IMPORT_FAILED', + self::GENERATION_FAILED => 'GENERATION_FAILED', + self::PENDING_EXTERNAL_DESTRUCTION => 'PENDING_EXTERNAL_DESTRUCTION', + self::EXTERNAL_DESTRUCTION_FAILED => 'EXTERNAL_DESTRUCTION_FAILED', ]; public static function name($value) diff --git a/Kms/src/V1/EkmConfig.php b/Kms/src/V1/EkmConfig.php new file mode 100644 index 000000000000..05c82800c487 --- /dev/null +++ b/Kms/src/V1/EkmConfig.php @@ -0,0 +1,123 @@ +google.cloud.kms.v1.EkmConfig + */ +class EkmConfig extends \Google\Protobuf\Internal\Message +{ + /** + * Output only. The resource name for the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format + * `projects/*/locations/*/ekmConfig`. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY]; + */ + private $name = ''; + /** + * Optional. Resource name of the default + * [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to + * the empty string removes the default. + * + * Generated from protobuf field string default_ekm_connection = 2 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { + */ + private $default_ekm_connection = ''; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type string $name + * Output only. The resource name for the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format + * `projects/*/locations/*/ekmConfig`. + * @type string $default_ekm_connection + * Optional. Resource name of the default + * [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to + * the empty string removes the default. + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Google\Cloud\Kms\V1\EkmService::initOnce(); + parent::__construct($data); + } + + /** + * Output only. The resource name for the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format + * `projects/*/locations/*/ekmConfig`. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @return string + */ + public function getName() + { + return $this->name; + } + + /** + * Output only. The resource name for the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format + * `projects/*/locations/*/ekmConfig`. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY]; + * @param string $var + * @return $this + */ + public function setName($var) + { + GPBUtil::checkString($var, True); + $this->name = $var; + + return $this; + } + + /** + * Optional. Resource name of the default + * [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to + * the empty string removes the default. + * + * Generated from protobuf field string default_ekm_connection = 2 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { + * @return string + */ + public function getDefaultEkmConnection() + { + return $this->default_ekm_connection; + } + + /** + * Optional. Resource name of the default + * [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to + * the empty string removes the default. + * + * Generated from protobuf field string default_ekm_connection = 2 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { + * @param string $var + * @return $this + */ + public function setDefaultEkmConnection($var) + { + GPBUtil::checkString($var, True); + $this->default_ekm_connection = $var; + + return $this; + } + +} + diff --git a/Kms/src/V1/EkmConnection.php b/Kms/src/V1/EkmConnection.php index 5b7cb5f77bc6..de3111f25dab 100644 --- a/Kms/src/V1/EkmConnection.php +++ b/Kms/src/V1/EkmConnection.php @@ -55,6 +55,24 @@ class EkmConnection extends \Google\Protobuf\Internal\Message * Generated from protobuf field string etag = 5 [(.google.api.field_behavior) = OPTIONAL]; */ private $etag = ''; + /** + * Optional. Describes who can perform control plane operations on the EKM. If + * unset, this defaults to + * [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL]. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConnection.KeyManagementMode key_management_mode = 6 [(.google.api.field_behavior) = OPTIONAL]; + */ + private $key_management_mode = 0; + /** + * Optional. Identifies the EKM Crypto Space that this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This + * field is required if + * [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is + * [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS]. + * + * Generated from protobuf field string crypto_space_path = 7 [(.google.api.field_behavior) = OPTIONAL]; + */ + private $crypto_space_path = ''; /** * Constructor. @@ -79,6 +97,16 @@ class EkmConnection extends \Google\Protobuf\Internal\Message * @type string $etag * Optional. Etag of the currently stored * [EkmConnection][google.cloud.kms.v1.EkmConnection]. + * @type int $key_management_mode + * Optional. Describes who can perform control plane operations on the EKM. If + * unset, this defaults to + * [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL]. + * @type string $crypto_space_path + * Optional. Identifies the EKM Crypto Space that this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This + * field is required if + * [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is + * [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS]. * } */ public function __construct($data = NULL) { @@ -218,5 +246,69 @@ public function setEtag($var) return $this; } + /** + * Optional. Describes who can perform control plane operations on the EKM. If + * unset, this defaults to + * [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL]. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConnection.KeyManagementMode key_management_mode = 6 [(.google.api.field_behavior) = OPTIONAL]; + * @return int + */ + public function getKeyManagementMode() + { + return $this->key_management_mode; + } + + /** + * Optional. Describes who can perform control plane operations on the EKM. If + * unset, this defaults to + * [MANUAL][google.cloud.kms.v1.EkmConnection.KeyManagementMode.MANUAL]. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConnection.KeyManagementMode key_management_mode = 6 [(.google.api.field_behavior) = OPTIONAL]; + * @param int $var + * @return $this + */ + public function setKeyManagementMode($var) + { + GPBUtil::checkEnum($var, \Google\Cloud\Kms\V1\EkmConnection\KeyManagementMode::class); + $this->key_management_mode = $var; + + return $this; + } + + /** + * Optional. Identifies the EKM Crypto Space that this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This + * field is required if + * [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is + * [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS]. + * + * Generated from protobuf field string crypto_space_path = 7 [(.google.api.field_behavior) = OPTIONAL]; + * @return string + */ + public function getCryptoSpacePath() + { + return $this->crypto_space_path; + } + + /** + * Optional. Identifies the EKM Crypto Space that this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] maps to. Note: This + * field is required if + * [KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] is + * [CLOUD_KMS][google.cloud.kms.v1.EkmConnection.KeyManagementMode.CLOUD_KMS]. + * + * Generated from protobuf field string crypto_space_path = 7 [(.google.api.field_behavior) = OPTIONAL]; + * @param string $var + * @return $this + */ + public function setCryptoSpacePath($var) + { + GPBUtil::checkString($var, True); + $this->crypto_space_path = $var; + + return $this; + } + } diff --git a/Kms/src/V1/EkmConnection/KeyManagementMode.php b/Kms/src/V1/EkmConnection/KeyManagementMode.php new file mode 100644 index 000000000000..03dd23462c6c --- /dev/null +++ b/Kms/src/V1/EkmConnection/KeyManagementMode.php @@ -0,0 +1,90 @@ +google.cloud.kms.v1.EkmConnection.KeyManagementMode + */ +class KeyManagementMode +{ + /** + * Not specified. + * + * Generated from protobuf enum KEY_MANAGEMENT_MODE_UNSPECIFIED = 0; + */ + const KEY_MANAGEMENT_MODE_UNSPECIFIED = 0; + /** + * EKM-side key management operations on + * [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from + * the EKM directly and cannot be performed from Cloud KMS. This means that: + * * When creating a + * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with + * this + * [EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must + * supply the key path of pre-existing external key material that will be + * linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. + * * Destruction of external key material cannot be requested via the + * Cloud KMS API and must be performed directly in the EKM. + * * Automatic rotation of key material is not supported. + * + * Generated from protobuf enum MANUAL = 1; + */ + const MANUAL = 1; + /** + * All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key + * management operations initiated from Cloud KMS. This means that: + * * When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] + * associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection] + * is + * created, the EKM automatically generates new key material and a new + * key path. The caller cannot supply the key path of pre-existing + * external key material. + * * Destruction of external key material associated with this + * [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by + * calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. + * * Automatic rotation of key material is supported. + * + * Generated from protobuf enum CLOUD_KMS = 2; + */ + const CLOUD_KMS = 2; + + private static $valueToName = [ + self::KEY_MANAGEMENT_MODE_UNSPECIFIED => 'KEY_MANAGEMENT_MODE_UNSPECIFIED', + self::MANUAL => 'MANUAL', + self::CLOUD_KMS => 'CLOUD_KMS', + ]; + + public static function name($value) + { + if (!isset(self::$valueToName[$value])) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no name defined for value %s', __CLASS__, $value)); + } + return self::$valueToName[$value]; + } + + + public static function value($name) + { + $const = __CLASS__ . '::' . strtoupper($name); + if (!defined($const)) { + throw new UnexpectedValueException(sprintf( + 'Enum %s has no value defined for name %s', __CLASS__, $name)); + } + return constant($const); + } +} + +// Adding a class alias for backwards compatibility with the previous class name. +class_alias(KeyManagementMode::class, \Google\Cloud\Kms\V1\EkmConnection_KeyManagementMode::class); + diff --git a/Kms/src/V1/EkmConnection_KeyManagementMode.php b/Kms/src/V1/EkmConnection_KeyManagementMode.php new file mode 100644 index 000000000000..5d0016ed978e --- /dev/null +++ b/Kms/src/V1/EkmConnection_KeyManagementMode.php @@ -0,0 +1,16 @@ +_simpleRequest('/google.cloud.kms.v1.EkmService/GetEkmConfig', + $argument, + ['\Google\Cloud\Kms\V1\EkmConfig', 'decode'], + $metadata, $options); + } + + /** + * Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource + * for a given project and location. + * @param \Google\Cloud\Kms\V1\UpdateEkmConfigRequest $argument input argument + * @param array $metadata metadata + * @param array $options call options + * @return \Grpc\UnaryCall + */ + public function UpdateEkmConfig(\Google\Cloud\Kms\V1\UpdateEkmConfigRequest $argument, + $metadata = [], $options = []) { + return $this->_simpleRequest('/google.cloud.kms.v1.EkmService/UpdateEkmConfig', + $argument, + ['\Google\Cloud\Kms\V1\EkmConfig', 'decode'], + $metadata, $options); + } + } diff --git a/Kms/src/V1/Gapic/EkmServiceGapicClient.php b/Kms/src/V1/Gapic/EkmServiceGapicClient.php index 5c1fee34a2e0..2be692220986 100644 --- a/Kms/src/V1/Gapic/EkmServiceGapicClient.php +++ b/Kms/src/V1/Gapic/EkmServiceGapicClient.php @@ -41,10 +41,13 @@ use Google\Cloud\Iam\V1\TestIamPermissionsRequest; use Google\Cloud\Iam\V1\TestIamPermissionsResponse; use Google\Cloud\Kms\V1\CreateEkmConnectionRequest; +use Google\Cloud\Kms\V1\EkmConfig; use Google\Cloud\Kms\V1\EkmConnection; +use Google\Cloud\Kms\V1\GetEkmConfigRequest; use Google\Cloud\Kms\V1\GetEkmConnectionRequest; use Google\Cloud\Kms\V1\ListEkmConnectionsRequest; use Google\Cloud\Kms\V1\ListEkmConnectionsResponse; +use Google\Cloud\Kms\V1\UpdateEkmConfigRequest; use Google\Cloud\Kms\V1\UpdateEkmConnectionRequest; use Google\Cloud\Location\GetLocationRequest; use Google\Cloud\Location\ListLocationsRequest; @@ -101,6 +104,8 @@ class EkmServiceGapicClient 'https://www.googleapis.com/auth/cloudkms', ]; + private static $ekmConfigNameTemplate; + private static $ekmConnectionNameTemplate; private static $locationNameTemplate; @@ -126,6 +131,15 @@ private static function getClientDefaults() ]; } + private static function getEkmConfigNameTemplate() + { + if (self::$ekmConfigNameTemplate == null) { + self::$ekmConfigNameTemplate = new PathTemplate('projects/{project}/locations/{location}/ekmConfig'); + } + + return self::$ekmConfigNameTemplate; + } + private static function getEkmConnectionNameTemplate() { if (self::$ekmConnectionNameTemplate == null) { @@ -148,6 +162,7 @@ private static function getPathTemplateMap() { if (self::$pathTemplateMap == null) { self::$pathTemplateMap = [ + 'ekmConfig' => self::getEkmConfigNameTemplate(), 'ekmConnection' => self::getEkmConnectionNameTemplate(), 'location' => self::getLocationNameTemplate(), ]; @@ -156,6 +171,23 @@ private static function getPathTemplateMap() return self::$pathTemplateMap; } + /** + * Formats a string containing the fully-qualified path to represent a ekm_config + * resource. + * + * @param string $project + * @param string $location + * + * @return string The formatted ekm_config resource. + */ + public static function ekmConfigName($project, $location) + { + return self::getEkmConfigNameTemplate()->render([ + 'project' => $project, + 'location' => $location, + ]); + } + /** * Formats a string containing the fully-qualified path to represent a * ekm_connection resource. @@ -196,6 +228,7 @@ public static function locationName($project, $location) * Parses a formatted name string and returns an associative array of the components in the name. * The following name formats are supported: * Template: Pattern + * - ekmConfig: projects/{project}/locations/{location}/ekmConfig * - ekmConnection: projects/{project}/locations/{location}/ekmConnections/{ekm_connection} * - location: projects/{project}/locations/{location} * @@ -344,6 +377,47 @@ public function createEkmConnection($parent, $ekmConnectionId, $ekmConnection, a return $this->startCall('CreateEkmConnection', EkmConnection::class, $optionalArgs, $request)->wait(); } + /** + * Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource + * for a given project and location. + * + * Sample code: + * ``` + * $ekmServiceClient = new EkmServiceClient(); + * try { + * $formattedName = $ekmServiceClient->ekmConfigName('[PROJECT]', '[LOCATION]'); + * $response = $ekmServiceClient->getEkmConfig($formattedName); + * } finally { + * $ekmServiceClient->close(); + * } + * ``` + * + * @param string $name Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. + * @param array $optionalArgs { + * Optional. + * + * @type RetrySettings|array $retrySettings + * Retry settings to use for this call. Can be a {@see RetrySettings} object, or an + * associative array of retry settings parameters. See the documentation on + * {@see RetrySettings} for example usage. + * } + * + * @return \Google\Cloud\Kms\V1\EkmConfig + * + * @throws ApiException if the remote call fails + */ + public function getEkmConfig($name, array $optionalArgs = []) + { + $request = new GetEkmConfigRequest(); + $requestParamHeaders = []; + $request->setName($name); + $requestParamHeaders['name'] = $name; + $requestParams = new RequestParamsHeaderDescriptor($requestParamHeaders); + $optionalArgs['headers'] = isset($optionalArgs['headers']) ? array_merge($requestParams->getHeader(), $optionalArgs['headers']) : $requestParams->getHeader(); + return $this->startCall('GetEkmConfig', EkmConfig::class, $optionalArgs, $request)->wait(); + } + /** * Returns metadata for a given * [EkmConnection][google.cloud.kms.v1.EkmConnection]. @@ -473,6 +547,49 @@ public function listEkmConnections($parent, array $optionalArgs = []) return $this->getPagedListResponse('ListEkmConnections', $optionalArgs, ListEkmConnectionsResponse::class, $request); } + /** + * Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource + * for a given project and location. + * + * Sample code: + * ``` + * $ekmServiceClient = new EkmServiceClient(); + * try { + * $ekmConfig = new EkmConfig(); + * $updateMask = new FieldMask(); + * $response = $ekmServiceClient->updateEkmConfig($ekmConfig, $updateMask); + * } finally { + * $ekmServiceClient->close(); + * } + * ``` + * + * @param EkmConfig $ekmConfig Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values. + * @param FieldMask $updateMask Required. List of fields to be updated in this request. + * @param array $optionalArgs { + * Optional. + * + * @type RetrySettings|array $retrySettings + * Retry settings to use for this call. Can be a {@see RetrySettings} object, or an + * associative array of retry settings parameters. See the documentation on + * {@see RetrySettings} for example usage. + * } + * + * @return \Google\Cloud\Kms\V1\EkmConfig + * + * @throws ApiException if the remote call fails + */ + public function updateEkmConfig($ekmConfig, $updateMask, array $optionalArgs = []) + { + $request = new UpdateEkmConfigRequest(); + $requestParamHeaders = []; + $request->setEkmConfig($ekmConfig); + $request->setUpdateMask($updateMask); + $requestParamHeaders['ekm_config.name'] = $ekmConfig->getName(); + $requestParams = new RequestParamsHeaderDescriptor($requestParamHeaders); + $optionalArgs['headers'] = isset($optionalArgs['headers']) ? array_merge($requestParams->getHeader(), $optionalArgs['headers']) : $requestParams->getHeader(); + return $this->startCall('UpdateEkmConfig', EkmConfig::class, $optionalArgs, $request)->wait(); + } + /** * Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata. * diff --git a/Kms/src/V1/GetEkmConfigRequest.php b/Kms/src/V1/GetEkmConfigRequest.php new file mode 100644 index 000000000000..e458fb5c1bcb --- /dev/null +++ b/Kms/src/V1/GetEkmConfigRequest.php @@ -0,0 +1,72 @@ +google.cloud.kms.v1.GetEkmConfigRequest + */ +class GetEkmConfigRequest extends \Google\Protobuf\Internal\Message +{ + /** + * Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { + */ + private $name = ''; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type string $name + * Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Google\Cloud\Kms\V1\EkmService::initOnce(); + parent::__construct($data); + } + + /** + * Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { + * @return string + */ + public function getName() + { + return $this->name; + } + + /** + * Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the + * [EkmConfig][google.cloud.kms.v1.EkmConfig] to get. + * + * Generated from protobuf field string name = 1 [(.google.api.field_behavior) = REQUIRED, (.google.api.resource_reference) = { + * @param string $var + * @return $this + */ + public function setName($var) + { + GPBUtil::checkString($var, True); + $this->name = $var; + + return $this; + } + +} + diff --git a/Kms/src/V1/UpdateEkmConfigRequest.php b/Kms/src/V1/UpdateEkmConfigRequest.php new file mode 100644 index 000000000000..73ef99afbd75 --- /dev/null +++ b/Kms/src/V1/UpdateEkmConfigRequest.php @@ -0,0 +1,122 @@ +google.cloud.kms.v1.UpdateEkmConfigRequest + */ +class UpdateEkmConfigRequest extends \Google\Protobuf\Internal\Message +{ + /** + * Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConfig ekm_config = 1 [(.google.api.field_behavior) = REQUIRED]; + */ + private $ekm_config = null; + /** + * Required. List of fields to be updated in this request. + * + * Generated from protobuf field .google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED]; + */ + private $update_mask = null; + + /** + * Constructor. + * + * @param array $data { + * Optional. Data for populating the Message object. + * + * @type \Google\Cloud\Kms\V1\EkmConfig $ekm_config + * Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values. + * @type \Google\Protobuf\FieldMask $update_mask + * Required. List of fields to be updated in this request. + * } + */ + public function __construct($data = NULL) { + \GPBMetadata\Google\Cloud\Kms\V1\EkmService::initOnce(); + parent::__construct($data); + } + + /** + * Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConfig ekm_config = 1 [(.google.api.field_behavior) = REQUIRED]; + * @return \Google\Cloud\Kms\V1\EkmConfig|null + */ + public function getEkmConfig() + { + return $this->ekm_config; + } + + public function hasEkmConfig() + { + return isset($this->ekm_config); + } + + public function clearEkmConfig() + { + unset($this->ekm_config); + } + + /** + * Required. [EkmConfig][google.cloud.kms.v1.EkmConfig] with updated values. + * + * Generated from protobuf field .google.cloud.kms.v1.EkmConfig ekm_config = 1 [(.google.api.field_behavior) = REQUIRED]; + * @param \Google\Cloud\Kms\V1\EkmConfig $var + * @return $this + */ + public function setEkmConfig($var) + { + GPBUtil::checkMessage($var, \Google\Cloud\Kms\V1\EkmConfig::class); + $this->ekm_config = $var; + + return $this; + } + + /** + * Required. List of fields to be updated in this request. + * + * Generated from protobuf field .google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED]; + * @return \Google\Protobuf\FieldMask|null + */ + public function getUpdateMask() + { + return $this->update_mask; + } + + public function hasUpdateMask() + { + return isset($this->update_mask); + } + + public function clearUpdateMask() + { + unset($this->update_mask); + } + + /** + * Required. List of fields to be updated in this request. + * + * Generated from protobuf field .google.protobuf.FieldMask update_mask = 2 [(.google.api.field_behavior) = REQUIRED]; + * @param \Google\Protobuf\FieldMask $var + * @return $this + */ + public function setUpdateMask($var) + { + GPBUtil::checkMessage($var, \Google\Protobuf\FieldMask::class); + $this->update_mask = $var; + + return $this; + } + +} + diff --git a/Kms/src/V1/gapic_metadata.json b/Kms/src/V1/gapic_metadata.json index 5cc8fb9c5e52..56653829e751 100644 --- a/Kms/src/V1/gapic_metadata.json +++ b/Kms/src/V1/gapic_metadata.json @@ -15,6 +15,11 @@ "createEkmConnection" ] }, + "GetEkmConfig": { + "methods": [ + "getEkmConfig" + ] + }, "GetEkmConnection": { "methods": [ "getEkmConnection" @@ -25,6 +30,11 @@ "listEkmConnections" ] }, + "UpdateEkmConfig": { + "methods": [ + "updateEkmConfig" + ] + }, "UpdateEkmConnection": { "methods": [ "updateEkmConnection" diff --git a/Kms/src/V1/resources/ekm_service_client_config.json b/Kms/src/V1/resources/ekm_service_client_config.json index 6d933fbdf8fc..fba16aa6e90c 100644 --- a/Kms/src/V1/resources/ekm_service_client_config.json +++ b/Kms/src/V1/resources/ekm_service_client_config.json @@ -25,6 +25,11 @@ "retry_codes_name": "non_idempotent", "retry_params_name": "default" }, + "GetEkmConfig": { + "timeout_millis": 60000, + "retry_codes_name": "idempotent", + "retry_params_name": "default" + }, "GetEkmConnection": { "timeout_millis": 60000, "retry_codes_name": "idempotent", @@ -35,6 +40,11 @@ "retry_codes_name": "idempotent", "retry_params_name": "default" }, + "UpdateEkmConfig": { + "timeout_millis": 60000, + "retry_codes_name": "non_idempotent", + "retry_params_name": "default" + }, "UpdateEkmConnection": { "timeout_millis": 60000, "retry_codes_name": "non_idempotent", diff --git a/Kms/src/V1/resources/ekm_service_rest_client_config.php b/Kms/src/V1/resources/ekm_service_rest_client_config.php index 55ca57743070..2b0d3d6deb32 100644 --- a/Kms/src/V1/resources/ekm_service_rest_client_config.php +++ b/Kms/src/V1/resources/ekm_service_rest_client_config.php @@ -18,6 +18,17 @@ 'ekm_connection_id', ], ], + 'GetEkmConfig' => [ + 'method' => 'get', + 'uriTemplate' => '/v1/{name=projects/*/locations/*/ekmConfig}', + 'placeholders' => [ + 'name' => [ + 'getters' => [ + 'getName', + ], + ], + ], + ], 'GetEkmConnection' => [ 'method' => 'get', 'uriTemplate' => '/v1/{name=projects/*/locations/*/ekmConnections/*}', @@ -40,6 +51,22 @@ ], ], ], + 'UpdateEkmConfig' => [ + 'method' => 'patch', + 'uriTemplate' => '/v1/{ekm_config.name=projects/*/locations/*/ekmConfig}', + 'body' => 'ekm_config', + 'placeholders' => [ + 'ekm_config.name' => [ + 'getters' => [ + 'getEkmConfig', + 'getName', + ], + ], + ], + 'queryParams' => [ + 'update_mask', + ], + ], 'UpdateEkmConnection' => [ 'method' => 'patch', 'uriTemplate' => '/v1/{ekm_connection.name=projects/*/locations/*/ekmConnections/*}', diff --git a/Kms/tests/Unit/V1/EkmServiceClientTest.php b/Kms/tests/Unit/V1/EkmServiceClientTest.php index ccce29e83831..98a0b80b557a 100644 --- a/Kms/tests/Unit/V1/EkmServiceClientTest.php +++ b/Kms/tests/Unit/V1/EkmServiceClientTest.php @@ -28,6 +28,7 @@ use Google\ApiCore\Testing\MockTransport; use Google\Cloud\Iam\V1\Policy; use Google\Cloud\Iam\V1\TestIamPermissionsResponse; +use Google\Cloud\Kms\V1\EkmConfig; use Google\Cloud\Kms\V1\EkmConnection; use Google\Cloud\Kms\V1\EkmServiceClient; use Google\Cloud\Kms\V1\ListEkmConnectionsResponse; @@ -76,9 +77,11 @@ public function createEkmConnectionTest() // Mock response $name = 'name3373707'; $etag = 'etag3123477'; + $cryptoSpacePath = 'cryptoSpacePath-1229393412'; $expectedResponse = new EkmConnection(); $expectedResponse->setName($name); $expectedResponse->setEtag($etag); + $expectedResponse->setCryptoSpacePath($cryptoSpacePath); $transport->addResponse($expectedResponse); // Mock request $formattedParent = $gapicClient->locationName('[PROJECT]', '[LOCATION]'); @@ -135,6 +138,68 @@ public function createEkmConnectionExceptionTest() $this->assertTrue($transport->isExhausted()); } + /** @test */ + public function getEkmConfigTest() + { + $transport = $this->createTransport(); + $gapicClient = $this->createClient([ + 'transport' => $transport, + ]); + $this->assertTrue($transport->isExhausted()); + // Mock response + $name2 = 'name2-1052831874'; + $defaultEkmConnection = 'defaultEkmConnection1342549844'; + $expectedResponse = new EkmConfig(); + $expectedResponse->setName($name2); + $expectedResponse->setDefaultEkmConnection($defaultEkmConnection); + $transport->addResponse($expectedResponse); + // Mock request + $formattedName = $gapicClient->ekmConfigName('[PROJECT]', '[LOCATION]'); + $response = $gapicClient->getEkmConfig($formattedName); + $this->assertEquals($expectedResponse, $response); + $actualRequests = $transport->popReceivedCalls(); + $this->assertSame(1, count($actualRequests)); + $actualFuncCall = $actualRequests[0]->getFuncCall(); + $actualRequestObject = $actualRequests[0]->getRequestObject(); + $this->assertSame('/google.cloud.kms.v1.EkmService/GetEkmConfig', $actualFuncCall); + $actualValue = $actualRequestObject->getName(); + $this->assertProtobufEquals($formattedName, $actualValue); + $this->assertTrue($transport->isExhausted()); + } + + /** @test */ + public function getEkmConfigExceptionTest() + { + $transport = $this->createTransport(); + $gapicClient = $this->createClient([ + 'transport' => $transport, + ]); + $this->assertTrue($transport->isExhausted()); + $status = new stdClass(); + $status->code = Code::DATA_LOSS; + $status->details = 'internal error'; + $expectedExceptionMessage = json_encode([ + 'message' => 'internal error', + 'code' => Code::DATA_LOSS, + 'status' => 'DATA_LOSS', + 'details' => [], + ], JSON_PRETTY_PRINT); + $transport->addResponse(null, $status); + // Mock request + $formattedName = $gapicClient->ekmConfigName('[PROJECT]', '[LOCATION]'); + try { + $gapicClient->getEkmConfig($formattedName); + // If the $gapicClient method call did not throw, fail the test + $this->fail('Expected an ApiException, but no exception was thrown.'); + } catch (ApiException $ex) { + $this->assertEquals($status->code, $ex->getCode()); + $this->assertEquals($expectedExceptionMessage, $ex->getMessage()); + } + // Call popReceivedCalls to ensure the stub is exhausted + $transport->popReceivedCalls(); + $this->assertTrue($transport->isExhausted()); + } + /** @test */ public function getEkmConnectionTest() { @@ -146,9 +211,11 @@ public function getEkmConnectionTest() // Mock response $name2 = 'name2-1052831874'; $etag = 'etag3123477'; + $cryptoSpacePath = 'cryptoSpacePath-1229393412'; $expectedResponse = new EkmConnection(); $expectedResponse->setName($name2); $expectedResponse->setEtag($etag); + $expectedResponse->setCryptoSpacePath($cryptoSpacePath); $transport->addResponse($expectedResponse); // Mock request $formattedName = $gapicClient->ekmConnectionName('[PROJECT]', '[LOCATION]', '[EKM_CONNECTION]'); @@ -267,6 +334,72 @@ public function listEkmConnectionsExceptionTest() $this->assertTrue($transport->isExhausted()); } + /** @test */ + public function updateEkmConfigTest() + { + $transport = $this->createTransport(); + $gapicClient = $this->createClient([ + 'transport' => $transport, + ]); + $this->assertTrue($transport->isExhausted()); + // Mock response + $name = 'name3373707'; + $defaultEkmConnection = 'defaultEkmConnection1342549844'; + $expectedResponse = new EkmConfig(); + $expectedResponse->setName($name); + $expectedResponse->setDefaultEkmConnection($defaultEkmConnection); + $transport->addResponse($expectedResponse); + // Mock request + $ekmConfig = new EkmConfig(); + $updateMask = new FieldMask(); + $response = $gapicClient->updateEkmConfig($ekmConfig, $updateMask); + $this->assertEquals($expectedResponse, $response); + $actualRequests = $transport->popReceivedCalls(); + $this->assertSame(1, count($actualRequests)); + $actualFuncCall = $actualRequests[0]->getFuncCall(); + $actualRequestObject = $actualRequests[0]->getRequestObject(); + $this->assertSame('/google.cloud.kms.v1.EkmService/UpdateEkmConfig', $actualFuncCall); + $actualValue = $actualRequestObject->getEkmConfig(); + $this->assertProtobufEquals($ekmConfig, $actualValue); + $actualValue = $actualRequestObject->getUpdateMask(); + $this->assertProtobufEquals($updateMask, $actualValue); + $this->assertTrue($transport->isExhausted()); + } + + /** @test */ + public function updateEkmConfigExceptionTest() + { + $transport = $this->createTransport(); + $gapicClient = $this->createClient([ + 'transport' => $transport, + ]); + $this->assertTrue($transport->isExhausted()); + $status = new stdClass(); + $status->code = Code::DATA_LOSS; + $status->details = 'internal error'; + $expectedExceptionMessage = json_encode([ + 'message' => 'internal error', + 'code' => Code::DATA_LOSS, + 'status' => 'DATA_LOSS', + 'details' => [], + ], JSON_PRETTY_PRINT); + $transport->addResponse(null, $status); + // Mock request + $ekmConfig = new EkmConfig(); + $updateMask = new FieldMask(); + try { + $gapicClient->updateEkmConfig($ekmConfig, $updateMask); + // If the $gapicClient method call did not throw, fail the test + $this->fail('Expected an ApiException, but no exception was thrown.'); + } catch (ApiException $ex) { + $this->assertEquals($status->code, $ex->getCode()); + $this->assertEquals($expectedExceptionMessage, $ex->getMessage()); + } + // Call popReceivedCalls to ensure the stub is exhausted + $transport->popReceivedCalls(); + $this->assertTrue($transport->isExhausted()); + } + /** @test */ public function updateEkmConnectionTest() { @@ -278,9 +411,11 @@ public function updateEkmConnectionTest() // Mock response $name = 'name3373707'; $etag = 'etag3123477'; + $cryptoSpacePath = 'cryptoSpacePath-1229393412'; $expectedResponse = new EkmConnection(); $expectedResponse->setName($name); $expectedResponse->setEtag($etag); + $expectedResponse->setCryptoSpacePath($cryptoSpacePath); $transport->addResponse($expectedResponse); // Mock request $ekmConnection = new EkmConnection(); diff --git a/Kms/tests/Unit/V1/KeyManagementServiceClientTest.php b/Kms/tests/Unit/V1/KeyManagementServiceClientTest.php index b23dc7c66e88..69fcf94e9aa0 100644 --- a/Kms/tests/Unit/V1/KeyManagementServiceClientTest.php +++ b/Kms/tests/Unit/V1/KeyManagementServiceClientTest.php @@ -303,11 +303,15 @@ public function createCryptoKeyVersionTest() $name = 'name3373707'; $importJob = 'importJob2125587491'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name); $expectedResponse->setImportJob($importJob); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request @@ -583,11 +587,15 @@ public function destroyCryptoKeyVersionTest() $name2 = 'name2-1052831874'; $importJob = 'importJob2125587491'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name2); $expectedResponse->setImportJob($importJob); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request @@ -837,11 +845,15 @@ public function getCryptoKeyVersionTest() $name2 = 'name2-1052831874'; $importJob = 'importJob2125587491'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name2); $expectedResponse->setImportJob($importJob); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request @@ -1085,11 +1097,15 @@ public function importCryptoKeyVersionTest() $name = 'name3373707'; $importJob2 = 'importJob2-1714851050'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name); $expectedResponse->setImportJob($importJob2); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request @@ -1583,11 +1599,15 @@ public function restoreCryptoKeyVersionTest() $name2 = 'name2-1052831874'; $importJob = 'importJob2125587491'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name2); $expectedResponse->setImportJob($importJob); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request @@ -1785,11 +1805,15 @@ public function updateCryptoKeyVersionTest() $name = 'name3373707'; $importJob = 'importJob2125587491'; $importFailureReason = 'importFailureReason-494073229'; + $generationFailureReason = 'generationFailureReason1749803168'; + $externalDestructionFailureReason = 'externalDestructionFailureReason-2122384710'; $reimportEligible = true; $expectedResponse = new CryptoKeyVersion(); $expectedResponse->setName($name); $expectedResponse->setImportJob($importJob); $expectedResponse->setImportFailureReason($importFailureReason); + $expectedResponse->setGenerationFailureReason($generationFailureReason); + $expectedResponse->setExternalDestructionFailureReason($externalDestructionFailureReason); $expectedResponse->setReimportEligible($reimportEligible); $transport->addResponse($expectedResponse); // Mock request