From ab186534e750e6208eb70f904bbc2b00387f2d08 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 16 Sep 2017 09:59:19 -0500 Subject: [PATCH 01/30] Instantiate the cloudkms client --- google/config.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/google/config.go b/google/config.go index ccdf4d22b9d..87006e8268a 100644 --- a/google/config.go +++ b/google/config.go @@ -18,6 +18,7 @@ import ( "golang.org/x/oauth2/jwt" "google.golang.org/api/bigquery/v2" "google.golang.org/api/cloudbilling/v1" + "google.golang.org/api/cloudkms/v1" "google.golang.org/api/cloudresourcemanager/v1" resourceManagerV2Beta1 "google.golang.org/api/cloudresourcemanager/v2beta1" computeBeta "google.golang.org/api/compute/v0.beta" @@ -47,6 +48,7 @@ type Config struct { clientComputeBeta *computeBeta.Service clientContainer *container.Service clientDns *dns.Service + clientKms *cloudkms.Service clientLogging *cloudlogging.Service clientPubsub *pubsub.Service clientResourceManager *cloudresourcemanager.Service @@ -155,6 +157,13 @@ func (c *Config) loadAndValidate() error { } c.clientDns.UserAgent = userAgent + log.Printf("[INFO] Instantiating Google Cloud KMS Client...") + c.clientKms, err = cloudkms.New(client) + if err != nil { + return err + } + c.clientKms.UserAgent = userAgent + log.Printf("[INFO] Instantiating Google Stackdriver Logging client...") c.clientLogging, err = cloudlogging.New(client) if err != nil { From d18db251990a9a673aaa1d722c8c711a1efbd5a2 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 16 Sep 2017 10:00:16 -0500 Subject: [PATCH 02/30] Implement Create and Read for the kms key ring resource --- google/resource_kms_key_ring.go | 81 +++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 google/resource_kms_key_ring.go diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go new file mode 100644 index 00000000000..541dbc39c87 --- /dev/null +++ b/google/resource_kms_key_ring.go @@ -0,0 +1,81 @@ +package google + +import ( + "fmt" + "github.com/hashicorp/terraform/helper/schema" + "google.golang.org/api/cloudkms/v1" + "log" +) + +func resourceKmsKeyRing() *schema.Resource { + return &schema.Resource{ + Create: resourceKmsKeyRingCreate, + Read: resourceKmsKeyRingRead, + Delete: resourceKmsKeyRingDelete, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "location": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + } +} + +func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + project, err := getProject(d, config) + if err != nil { + return err + } + + name := d.Get("name").(string) + location := d.Get("location").(string) + + parent := fmt.Sprintf("projects/%s/locations/%s", project, location) + + _, err = config.clientKms.Projects.Locations.KeyRings. + Create(parent, &cloudkms.KeyRing{}). + KeyRingId(name). + Do() + + if err != nil { + return fmt.Errorf("Error creating KeyRing: %s", err) + } + + d.SetId(name) + d.Set("location", location) + + return resourceKmsKeyRingRead(d, meta) +} + +func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + name := d.Id() + + log.Printf("[DEBUG] Executing read for KMS KeyRing %s", name) + + keyRing, err := config.clientKms.Projects.Locations.KeyRings. + Get(name). + Do() + + if err != nil { + return fmt.Errorf("Error reading KeyRing: %s", err) + } + + d.SetId(keyRing.Name) + + return nil +} + +func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { + return nil +} From 946eef1881cc719c21d873dae2b06d7c9d0d664f Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 16 Sep 2017 10:00:31 -0500 Subject: [PATCH 03/30] Expose the kms key ring resource --- google/provider.go | 1 + 1 file changed, 1 insertion(+) diff --git a/google/provider.go b/google/provider.go index 8be46ef0669..d8383e4986b 100644 --- a/google/provider.go +++ b/google/provider.go @@ -109,6 +109,7 @@ func Provider() terraform.ResourceProvider { "google_folder_iam_policy": resourceGoogleFolderIamPolicy(), "google_logging_billing_account_sink": resourceLoggingBillingAccountSink(), "google_logging_project_sink": resourceLoggingProjectSink(), + "google_kms_key_ring": resourceKmsKeyRing(), "google_sourcerepo_repository": resourceSourceRepoRepository(), "google_spanner_instance": resourceSpannerInstance(), "google_spanner_database": resourceSpannerDatabase(), From 7afead94206d333cc56c3686d92beecca299fb85 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Fri, 29 Sep 2017 17:59:21 -0500 Subject: [PATCH 04/30] Create acceptance test for creating a KeyRing, fix read to use KeyRing ID --- google/resource_kms_key_ring.go | 21 +++++--- google/resource_kms_key_ring_test.go | 78 ++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 google/resource_kms_key_ring_test.go diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 541dbc39c87..b60dee1564c 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -28,6 +28,14 @@ func resourceKmsKeyRing() *schema.Resource { } } +func createKmsResourceParentString(project, location string) string { + return fmt.Sprintf("projects/%s/locations/%s", project, location) +} + +func createKmsResourceKeyRingName(project, location, keyRingName string) string { + return fmt.Sprintf("%s/keyRings/%s", createKmsResourceParentString(project, location), keyRingName) +} + func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) @@ -39,7 +47,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { name := d.Get("name").(string) location := d.Get("location").(string) - parent := fmt.Sprintf("projects/%s/locations/%s", project, location) + parent := createKmsResourceParentString(project, location) _, err = config.clientKms.Projects.Locations.KeyRings. Create(parent, &cloudkms.KeyRing{}). @@ -50,8 +58,9 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error creating KeyRing: %s", err) } - d.SetId(name) - d.Set("location", location) + keyRingName := createKmsResourceKeyRingName(project, location, name) + + d.SetId(keyRingName) return resourceKmsKeyRingRead(d, meta) } @@ -59,12 +68,12 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - name := d.Id() + keyRingName := d.Id() - log.Printf("[DEBUG] Executing read for KMS KeyRing %s", name) + log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) keyRing, err := config.clientKms.Projects.Locations.KeyRings. - Get(name). + Get(keyRingName). Do() if err != nil { diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go new file mode 100644 index 00000000000..a54c8e6570b --- /dev/null +++ b/google/resource_kms_key_ring_test.go @@ -0,0 +1,78 @@ +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" + "log" +) + +func TestAccGoogleKmsKeyRing_basic(t *testing.T) { + name := acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testGoogleKmsKeyRing_recreate(name), + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testGoogleKmsKeyRing_basic(name), + Check: resource.ComposeTestCheckFunc( + testAccCheckGoogleKmsKeyRingExists("google_kms_key_ring.key_ring"), + ), + }, + }, + }) +} + +func testGoogleKmsKeyRing_basic(name string) string { + return fmt.Sprintf(` + resource "google_kms_key_ring" "key_ring" { + name = "%s" + location = "us-central1" + } + `, name) +} + +func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + config := testAccProvider.Meta().(*Config) + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceName) + } + + name := rs.Primary.Attributes["name"] + location := rs.Primary.Attributes["location"] + + parent := createKmsResourceParentString(config.Project, location) + keyRingName := createKmsResourceKeyRingName(config.Project, location, name) + + listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(parent).Do() + if err != nil { + return fmt.Errorf("Error listing KeyRings: %s", err) + } + + for _, keyRing := range listKeyRingsResponse.KeyRings { + log.Printf("[DEBUG] Found KeyRing: %s", keyRing.Name) + + if keyRing.Name == keyRingName { + return nil + } + } + + return fmt.Errorf("KeyRing not found: %s", keyRingName) + } +} + +// TODO +// KMS KeyRings cannot be deleted. This will test if the resource can be added back to state after being removed +func testGoogleKmsKeyRing_recreate(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + return nil + } +} From b491ad0ab6a4d0a22259b435553d9b75ac1cf40c Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Tue, 3 Oct 2017 11:37:29 -0500 Subject: [PATCH 05/30] Add cloudkms library to vendor --- .../api/cloudkms/v1/cloudkms-api.json | 1353 +++++ .../api/cloudkms/v1/cloudkms-gen.go | 4853 +++++++++++++++++ vendor/vendor.json | 6 + 3 files changed, 6212 insertions(+) create mode 100644 vendor/google.golang.org/api/cloudkms/v1/cloudkms-api.json create mode 100644 vendor/google.golang.org/api/cloudkms/v1/cloudkms-gen.go diff --git a/vendor/google.golang.org/api/cloudkms/v1/cloudkms-api.json b/vendor/google.golang.org/api/cloudkms/v1/cloudkms-api.json new file mode 100644 index 00000000000..73371c8b879 --- /dev/null +++ b/vendor/google.golang.org/api/cloudkms/v1/cloudkms-api.json @@ -0,0 +1,1353 @@ +{ + "ownerDomain": "google.com", + "name": "cloudkms", + "batchPath": "batch", + "title": "Google Cloud Key Management Service (KMS) API", + "ownerName": "Google", + "resources": { + "projects": { + "resources": { + "locations": { + "methods": { + "get": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}", + "id": "cloudkms.projects.locations.get", + "path": "v1/{+name}", + "description": "Get information about a location.", + "response": { + "$ref": "Location" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "GET", + "parameters": { + "name": { + "description": "Resource name for the location.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "list": { + "description": "Lists information about the supported locations for this service.", + "response": { + "$ref": "ListLocationsResponse" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "GET", + "parameters": { + "pageSize": { + "location": "query", + "format": "int32", + "description": "The standard list page size.", + "type": "integer" + }, + "filter": { + "description": "The standard list filter.", + "type": "string", + "location": "query" + }, + "pageToken": { + "description": "The standard list page token.", + "type": "string", + "location": "query" + }, + "name": { + "description": "The resource that owns the locations collection, if applicable.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations", + "id": "cloudkms.projects.locations.list", + "path": "v1/{+name}/locations" + } + }, + "resources": { + "keyRings": { + "methods": { + "list": { + "description": "Lists KeyRings.", + "response": { + "$ref": "ListKeyRingsResponse" + }, + "parameterOrder": [ + "parent" + ], + "httpMethod": "GET", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "pageToken": { + "description": "Optional pagination token, returned earlier via\nListKeyRingsResponse.next_page_token.", + "type": "string", + "location": "query" + }, + "pageSize": { + "format": "int32", + "description": "Optional limit on the number of KeyRings to include in the\nresponse. Further KeyRings can subsequently be obtained by\nincluding the ListKeyRingsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.", + "type": "integer", + "location": "query" + }, + "parent": { + "location": "path", + "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+$" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings", + "id": "cloudkms.projects.locations.keyRings.list", + "path": "v1/{+parent}/keyRings" + }, + "setIamPolicy": { + "httpMethod": "POST", + "parameterOrder": [ + "resource" + ], + "response": { + "$ref": "Policy" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + "location": "path" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:setIamPolicy", + "path": "v1/{+resource}:setIamPolicy", + "id": "cloudkms.projects.locations.keyRings.setIamPolicy", + "request": { + "$ref": "SetIamPolicyRequest" + }, + "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy." + }, + "create": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings", + "path": "v1/{+parent}/keyRings", + "id": "cloudkms.projects.locations.keyRings.create", + "request": { + "$ref": "KeyRing" + }, + "description": "Create a new KeyRing in a given Project and Location.", + "httpMethod": "POST", + "parameterOrder": [ + "parent" + ], + "response": { + "$ref": "KeyRing" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "keyRingId": { + "description": "Required. It must be unique within a location and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`", + "type": "string", + "location": "query" + }, + "parent": { + "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+$", + "location": "path" + } + } + }, + "getIamPolicy": { + "response": { + "$ref": "Policy" + }, + "parameterOrder": [ + "resource" + ], + "httpMethod": "GET", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + "location": "path" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:getIamPolicy", + "id": "cloudkms.projects.locations.keyRings.getIamPolicy", + "path": "v1/{+resource}:getIamPolicy", + "description": "Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset." + }, + "get": { + "description": "Returns metadata for a given KeyRing.", + "response": { + "$ref": "KeyRing" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "GET", + "parameters": { + "name": { + "description": "The name of the KeyRing to get.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}", + "id": "cloudkms.projects.locations.keyRings.get", + "path": "v1/{+name}" + }, + "testIamPermissions": { + "request": { + "$ref": "TestIamPermissionsRequest" + }, + "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.", + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "parameterOrder": [ + "resource" + ], + "httpMethod": "POST", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "resource": { + "location": "path", + "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:testIamPermissions", + "id": "cloudkms.projects.locations.keyRings.testIamPermissions", + "path": "v1/{+resource}:testIamPermissions" + } + }, + "resources": { + "cryptoKeys": { + "methods": { + "testIamPermissions": { + "response": { + "$ref": "TestIamPermissionsResponse" + }, + "parameterOrder": [ + "resource" + ], + "httpMethod": "POST", + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:testIamPermissions", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions", + "path": "v1/{+resource}:testIamPermissions", + "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.", + "request": { + "$ref": "TestIamPermissionsRequest" + } + }, + "decrypt": { + "response": { + "$ref": "DecryptResponse" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "POST", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "name": { + "description": "Required. The resource name of the CryptoKey to use for decryption.\nThe server will choose the appropriate version.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:decrypt", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.decrypt", + "path": "v1/{+name}:decrypt", + "request": { + "$ref": "DecryptRequest" + }, + "description": "Decrypts data that was protected by Encrypt." + }, + "list": { + "description": "Lists CryptoKeys.", + "response": { + "$ref": "ListCryptoKeysResponse" + }, + "parameterOrder": [ + "parent" + ], + "httpMethod": "GET", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "pageToken": { + "location": "query", + "description": "Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.", + "type": "string" + }, + "pageSize": { + "format": "int32", + "description": "Optional limit on the number of CryptoKeys to include in the\nresponse. Further CryptoKeys can subsequently be obtained by\nincluding the ListCryptoKeysResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.", + "type": "integer", + "location": "query" + }, + "parent": { + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + "location": "path", + "description": "Required. The resource name of the KeyRing to list, in the format\n`projects/*/locations/*/keyRings/*`.", + "type": "string", + "required": true + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.list", + "path": "v1/{+parent}/cryptoKeys" + }, + "encrypt": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:encrypt", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.encrypt", + "path": "v1/{+name}:encrypt", + "request": { + "$ref": "EncryptRequest" + }, + "description": "Encrypts data, so that it can only be recovered by a call to Decrypt.", + "response": { + "$ref": "EncryptResponse" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "POST", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "name": { + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/.+$", + "location": "path", + "description": "Required. The resource name of the CryptoKey or CryptoKeyVersion\nto use for encryption.\n\nIf a CryptoKey is specified, the server will use its\nprimary version.", + "type": "string", + "required": true + } + } + }, + "create": { + "httpMethod": "POST", + "parameterOrder": [ + "parent" + ], + "response": { + "$ref": "CryptoKey" + }, + "parameters": { + "parent": { + "location": "path", + "description": "Required. The name of the KeyRing associated with the\nCryptoKeys.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$" + }, + "cryptoKeyId": { + "description": "Required. It must be unique within a KeyRing and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`", + "type": "string", + "location": "query" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys", + "path": "v1/{+parent}/cryptoKeys", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.create", + "description": "Create a new CryptoKey within a KeyRing.\n\nCryptoKey.purpose is required.", + "request": { + "$ref": "CryptoKey" + } + }, + "setIamPolicy": { + "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.", + "request": { + "$ref": "SetIamPolicyRequest" + }, + "response": { + "$ref": "Policy" + }, + "parameterOrder": [ + "resource" + ], + "httpMethod": "POST", + "parameters": { + "resource": { + "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:setIamPolicy", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy", + "path": "v1/{+resource}:setIamPolicy" + }, + "updatePrimaryVersion": { + "description": "Update the version of a CryptoKey that will be used in Encrypt", + "request": { + "$ref": "UpdateCryptoKeyPrimaryVersionRequest" + }, + "response": { + "$ref": "CryptoKey" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "POST", + "parameters": { + "name": { + "description": "The resource name of the CryptoKey to update.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:updatePrimaryVersion", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion", + "path": "v1/{+name}:updatePrimaryVersion" + }, + "getIamPolicy": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:getIamPolicy", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy", + "path": "v1/{+resource}:getIamPolicy", + "description": "Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset.", + "response": { + "$ref": "Policy" + }, + "parameterOrder": [ + "resource" + ], + "httpMethod": "GET", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "resource": { + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path", + "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", + "type": "string", + "required": true + } + } + }, + "get": { + "description": "Returns metadata for a given CryptoKey, as well as its\nprimary CryptoKeyVersion.", + "response": { + "$ref": "CryptoKey" + }, + "httpMethod": "GET", + "parameterOrder": [ + "name" + ], + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "name": { + "location": "path", + "description": "The name of the CryptoKey to get.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.get", + "path": "v1/{+name}" + }, + "patch": { + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.patch", + "path": "v1/{+name}", + "request": { + "$ref": "CryptoKey" + }, + "description": "Update a CryptoKey.", + "response": { + "$ref": "CryptoKey" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "PATCH", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "updateMask": { + "format": "google-fieldmask", + "description": "Required list of fields to be updated in this request.", + "type": "string", + "location": "query" + }, + "name": { + "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + "location": "path" + } + }, + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}" + } + }, + "resources": { + "cryptoKeyVersions": { + "methods": { + "list": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list", + "path": "v1/{+parent}/cryptoKeyVersions", + "description": "Lists CryptoKeyVersions.", + "response": { + "$ref": "ListCryptoKeyVersionsResponse" + }, + "parameterOrder": [ + "parent" + ], + "httpMethod": "GET", + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "parameters": { + "pageToken": { + "location": "query", + "description": "Optional pagination token, returned earlier via\nListCryptoKeyVersionsResponse.next_page_token.", + "type": "string" + }, + "pageSize": { + "format": "int32", + "description": "Optional limit on the number of CryptoKeyVersions to\ninclude in the response. Further CryptoKeyVersions can\nsubsequently be obtained by including the\nListCryptoKeyVersionsResponse.next_page_token in a subsequent request.\nIf unspecified, the server will pick an appropriate default.", + "type": "integer", + "location": "query" + }, + "parent": { + "location": "path", + "description": "Required. The resource name of the CryptoKey to list, in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$" + } + } + }, + "destroy": { + "response": { + "$ref": "CryptoKeyVersion" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "POST", + "parameters": { + "name": { + "location": "path", + "description": "The resource name of the CryptoKeyVersion to destroy.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:destroy", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy", + "path": "v1/{+name}:destroy", + "description": "Schedule a CryptoKeyVersion for destruction.\n\nUpon calling this method, CryptoKeyVersion.state will be set to\nDESTROY_SCHEDULED\nand destroy_time will be set to a time 24\nhours in the future, at which point the state\nwill be changed to\nDESTROYED, and the key\nmaterial will be irrevocably destroyed.\n\nBefore the destroy_time is reached,\nRestoreCryptoKeyVersion may be called to reverse the process.", + "request": { + "$ref": "DestroyCryptoKeyVersionRequest" + } + }, + "create": { + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create", + "path": "v1/{+parent}/cryptoKeyVersions", + "description": "Create a new CryptoKeyVersion in a CryptoKey.\n\nThe server will assign the next sequential id. If unset,\nstate will be set to\nENABLED.", + "request": { + "$ref": "CryptoKeyVersion" + }, + "response": { + "$ref": "CryptoKeyVersion" + }, + "parameterOrder": [ + "parent" + ], + "httpMethod": "POST", + "parameters": { + "parent": { + "location": "path", + "description": "Required. The name of the CryptoKey associated with\nthe CryptoKeyVersions.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions" + }, + "restore": { + "description": "Restore a CryptoKeyVersion in the\nDESTROY_SCHEDULED,\nstate.\n\nUpon restoration of the CryptoKeyVersion, state\nwill be set to DISABLED,\nand destroy_time will be cleared.", + "request": { + "$ref": "RestoreCryptoKeyVersionRequest" + }, + "httpMethod": "POST", + "parameterOrder": [ + "name" + ], + "response": { + "$ref": "CryptoKeyVersion" + }, + "parameters": { + "name": { + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + "location": "path", + "description": "The resource name of the CryptoKeyVersion to restore.", + "type": "string", + "required": true + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:restore", + "path": "v1/{+name}:restore", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore" + }, + "patch": { + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}", + "path": "v1/{+name}", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch", + "description": "Update a CryptoKeyVersion's metadata.\n\nstate may be changed between\nENABLED and\nDISABLED using this\nmethod. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to\nmove between other states.", + "request": { + "$ref": "CryptoKeyVersion" + }, + "httpMethod": "PATCH", + "parameterOrder": [ + "name" + ], + "response": { + "$ref": "CryptoKeyVersion" + }, + "parameters": { + "updateMask": { + "format": "google-fieldmask", + "description": "Required list of fields to be updated in this request.", + "type": "string", + "location": "query" + }, + "name": { + "description": "Output only. The resource name for this CryptoKeyVersion in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, + "get": { + "response": { + "$ref": "CryptoKeyVersion" + }, + "parameterOrder": [ + "name" + ], + "httpMethod": "GET", + "parameters": { + "name": { + "description": "The name of the CryptoKeyVersion to get.", + "type": "string", + "required": true, + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + "location": "path" + } + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}", + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get", + "path": "v1/{+name}", + "description": "Returns metadata for a given CryptoKeyVersion." + } + } + } + } + } + } + } + } + } + } + } + }, + "parameters": { + "upload_protocol": { + "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", + "type": "string", + "location": "query" + }, + "prettyPrint": { + "location": "query", + "description": "Returns response with indentations and line breaks.", + "default": "true", + "type": "boolean" + }, + "uploadType": { + "location": "query", + "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", + "type": "string" + }, + "fields": { + "location": "query", + "description": "Selector specifying which fields to include in a partial response.", + "type": "string" + }, + "callback": { + "description": "JSONP", + "type": "string", + "location": "query" + }, + "$.xgafv": { + "description": "V1 error format.", + "type": "string", + "enumDescriptions": [ + "v1 error format", + "v2 error format" + ], + "location": "query", + "enum": [ + "1", + "2" + ] + }, + "alt": { + "enumDescriptions": [ + "Responses with Content-Type of application/json", + "Media download with context-dependent Content-Type", + "Responses with Content-Type of application/x-protobuf" + ], + "location": "query", + "description": "Data format for response.", + "default": "json", + "enum": [ + "json", + "media", + "proto" + ], + "type": "string" + }, + "key": { + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", + "type": "string", + "location": "query" + }, + "access_token": { + "description": "OAuth access token.", + "type": "string", + "location": "query" + }, + "quotaUser": { + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", + "type": "string", + "location": "query" + }, + "pp": { + "description": "Pretty-print response.", + "default": "true", + "type": "boolean", + "location": "query" + }, + "oauth_token": { + "description": "OAuth 2.0 token for the current user.", + "type": "string", + "location": "query" + }, + "bearer_token": { + "description": "OAuth bearer token.", + "type": "string", + "location": "query" + } + }, + "version": "v1", + "baseUrl": "https://cloudkms.googleapis.com/", + "kind": "discovery#restDescription", + "description": "Manages encryption for your cloud services the same way you do on-premises. You can generate, use, rotate, and destroy AES256 encryption keys.", + "servicePath": "", + "basePath": "", + "revision": "20170904", + "documentationLink": "https://cloud.google.com/kms/", + "id": "cloudkms:v1", + "discoveryVersion": "v1", + "version_module": true, + "schemas": { + "CryptoKeyVersion": { + "description": "A CryptoKeyVersion represents an individual cryptographic key, and the\nassociated key material.\n\nIt can be used for cryptographic operations either directly, or via its\nparent CryptoKey, in which case the server will choose the appropriate\nversion for the operation.\n\nFor security reasons, the raw cryptographic key material represented by a\nCryptoKeyVersion can never be viewed or exported. It can only be used to\nencrypt or decrypt data when an authorized user or application invokes Cloud\nKMS.", + "type": "object", + "properties": { + "state": { + "description": "The current state of the CryptoKeyVersion.", + "type": "string", + "enumDescriptions": [ + "Not specified.", + "This version may be used in Encrypt and\nDecrypt requests.", + "This version may not be used, but the key material is still available,\nand the version can be placed back into the ENABLED state.", + "This version is destroyed, and the key material is no longer stored.\nA version may not leave this state once entered.", + "This version is scheduled for destruction, and will be destroyed soon.\nCall\nRestoreCryptoKeyVersion\nto put it back into the DISABLED state." + ], + "enum": [ + "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED", + "ENABLED", + "DISABLED", + "DESTROYED", + "DESTROY_SCHEDULED" + ] + }, + "name": { + "description": "Output only. The resource name for this CryptoKeyVersion in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.", + "type": "string" + }, + "destroyEventTime": { + "format": "google-datetime", + "description": "Output only. The time this CryptoKeyVersion's key material was\ndestroyed. Only present if state is\nDESTROYED.", + "type": "string" + }, + "destroyTime": { + "format": "google-datetime", + "description": "Output only. The time this CryptoKeyVersion's key material is scheduled\nfor destruction. Only present if state is\nDESTROY_SCHEDULED.", + "type": "string" + }, + "createTime": { + "format": "google-datetime", + "description": "Output only. The time at which this CryptoKeyVersion was created.", + "type": "string" + } + }, + "id": "CryptoKeyVersion" + }, + "SetIamPolicyRequest": { + "description": "Request message for `SetIamPolicy` method.", + "type": "object", + "properties": { + "updateMask": { + "format": "google-fieldmask", + "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.", + "type": "string" + }, + "policy": { + "$ref": "Policy", + "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them." + } + }, + "id": "SetIamPolicyRequest" + }, + "DecryptRequest": { + "description": "Request message for KeyManagementService.Decrypt.", + "type": "object", + "properties": { + "additionalAuthenticatedData": { + "format": "byte", + "description": "Optional data that must match the data originally supplied in\nEncryptRequest.additional_authenticated_data.", + "type": "string" + }, + "ciphertext": { + "format": "byte", + "description": "Required. The encrypted data originally returned in\nEncryptResponse.ciphertext.", + "type": "string" + } + }, + "id": "DecryptRequest" + }, + "Binding": { + "properties": { + "condition": { + "$ref": "Expr", + "description": "The condition that is associated with this binding.\nNOTE: an unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently.\nThis field is GOOGLE_INTERNAL." + }, + "members": { + "description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` or `joe@example.com`.\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: A Google Apps domain name that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.\nRequired", + "type": "string" + } + }, + "id": "Binding", + "description": "Associates `members` with a `role`.", + "type": "object" + }, + "Expr": { + "description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) \u003e 0\"", + "type": "object", + "properties": { + "location": { + "description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.", + "type": "string" + }, + "title": { + "description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.", + "type": "string" + }, + "description": { + "description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.", + "type": "string" + }, + "expression": { + "description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.", + "type": "string" + } + }, + "id": "Expr" + }, + "EncryptRequest": { + "description": "Request message for KeyManagementService.Encrypt.", + "type": "object", + "properties": { + "plaintext": { + "format": "byte", + "description": "Required. The data to encrypt. Must be no larger than 64KiB.", + "type": "string" + }, + "additionalAuthenticatedData": { + "format": "byte", + "description": "Optional data that, if specified, must also be provided during decryption\nthrough DecryptRequest.additional_authenticated_data. Must be no\nlarger than 64KiB.", + "type": "string" + } + }, + "id": "EncryptRequest" + }, + "ListCryptoKeyVersionsResponse": { + "description": "Response message for KeyManagementService.ListCryptoKeyVersions.", + "type": "object", + "properties": { + "cryptoKeyVersions": { + "description": "The list of CryptoKeyVersions.", + "items": { + "$ref": "CryptoKeyVersion" + }, + "type": "array" + }, + "nextPageToken": { + "description": "A token to retrieve next page of results. Pass this value in\nListCryptoKeyVersionsRequest.page_token to retrieve the next page of\nresults.", + "type": "string" + }, + "totalSize": { + "format": "int32", + "description": "The total number of CryptoKeyVersions that matched the\nquery.", + "type": "integer" + } + }, + "id": "ListCryptoKeyVersionsResponse" + }, + "Location": { + "description": "A resource that represents Google Cloud Platform location.", + "type": "object", + "properties": { + "locationId": { + "description": "The canonical id for this location. For example: `\"us-east1\"`.", + "type": "string" + }, + "metadata": { + "additionalProperties": { + "description": "Properties of the object. Contains field @type with type URL.", + "type": "any" + }, + "description": "Service-specific metadata. For example the available capacity at the given\nlocation.", + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Cross-service attributes for the location. For example\n\n {\"cloud.googleapis.com/region\": \"us-east1\"}", + "type": "object" + }, + "name": { + "description": "Resource name for the location, which may vary between implementations.\nFor example: `\"projects/example-project/locations/us-east1\"`", + "type": "string" + } + }, + "id": "Location" + }, + "ListCryptoKeysResponse": { + "description": "Response message for KeyManagementService.ListCryptoKeys.", + "type": "object", + "properties": { + "nextPageToken": { + "description": "A token to retrieve next page of results. Pass this value in\nListCryptoKeysRequest.page_token to retrieve the next page of results.", + "type": "string" + }, + "totalSize": { + "format": "int32", + "description": "The total number of CryptoKeys that matched the query.", + "type": "integer" + }, + "cryptoKeys": { + "description": "The list of CryptoKeys.", + "items": { + "$ref": "CryptoKey" + }, + "type": "array" + } + }, + "id": "ListCryptoKeysResponse" + }, + "TestIamPermissionsResponse": { + "description": "Response message for `TestIamPermissions` method.", + "type": "object", + "properties": { + "permissions": { + "description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "id": "TestIamPermissionsResponse" + }, + "DestroyCryptoKeyVersionRequest": { + "description": "Request message for KeyManagementService.DestroyCryptoKeyVersion.", + "type": "object", + "properties": {}, + "id": "DestroyCryptoKeyVersionRequest" + }, + "AuditLogConfig": { + "description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.", + "type": "object", + "properties": { + "exemptedMembers": { + "description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logType": { + "enumDescriptions": [ + "Default case. Should never be this.", + "Admin reads. Example: CloudIAM getIamPolicy", + "Data writes. Example: CloudSQL Users create", + "Data reads. Example: CloudSQL Users list" + ], + "enum": [ + "LOG_TYPE_UNSPECIFIED", + "ADMIN_READ", + "DATA_WRITE", + "DATA_READ" + ], + "description": "The log type that this config enables.", + "type": "string" + } + }, + "id": "AuditLogConfig" + }, + "CryptoKey": { + "description": "A CryptoKey represents a logical key that can be used for cryptographic\noperations.\n\nA CryptoKey is made up of one or more versions, which\nrepresent the actual key material used in cryptographic operations.", + "type": "object", + "properties": { + "purpose": { + "enumDescriptions": [ + "Not specified.", + "CryptoKeys with this purpose may be used with\nEncrypt and\nDecrypt." + ], + "enum": [ + "CRYPTO_KEY_PURPOSE_UNSPECIFIED", + "ENCRYPT_DECRYPT" + ], + "description": "The immutable purpose of this CryptoKey. Currently, the only acceptable\npurpose is ENCRYPT_DECRYPT.", + "type": "string" + }, + "nextRotationTime": { + "format": "google-datetime", + "description": "At next_rotation_time, the Key Management Service will automatically:\n\n1. Create a new version of this CryptoKey.\n2. Mark the new version as primary.\n\nKey rotations performed manually via\nCreateCryptoKeyVersion and\nUpdateCryptoKeyPrimaryVersion\ndo not affect next_rotation_time.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels with user defined metadata.", + "type": "object" + }, + "createTime": { + "format": "google-datetime", + "description": "Output only. The time at which this CryptoKey was created.", + "type": "string" + }, + "rotationPeriod": { + "format": "google-duration", + "description": "next_rotation_time will be advanced by this period when the service\nautomatically rotates a key. Must be at least one day.\n\nIf rotation_period is set, next_rotation_time must also be set.", + "type": "string" + }, + "primary": { + "description": "Output only. A copy of the \"primary\" CryptoKeyVersion that will be used\nby Encrypt when this CryptoKey is given\nin EncryptRequest.name.\n\nThe CryptoKey's primary version can be updated via\nUpdateCryptoKeyPrimaryVersion.", + "$ref": "CryptoKeyVersion" + }, + "name": { + "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.", + "type": "string" + } + }, + "id": "CryptoKey" + }, + "DecryptResponse": { + "description": "Response message for KeyManagementService.Decrypt.", + "type": "object", + "properties": { + "plaintext": { + "format": "byte", + "description": "The decrypted data originally supplied in EncryptRequest.plaintext.", + "type": "string" + } + }, + "id": "DecryptResponse" + }, + "TestIamPermissionsRequest": { + "description": "Request message for `TestIamPermissions` method.", + "type": "object", + "properties": { + "permissions": { + "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "id": "TestIamPermissionsRequest" + }, + "EncryptResponse": { + "description": "Response message for KeyManagementService.Encrypt.", + "type": "object", + "properties": { + "name": { + "description": "The resource name of the CryptoKeyVersion used in encryption.", + "type": "string" + }, + "ciphertext": { + "format": "byte", + "description": "The encrypted data.", + "type": "string" + } + }, + "id": "EncryptResponse" + }, + "KeyRing": { + "description": "A KeyRing is a toplevel logical grouping of CryptoKeys.", + "type": "object", + "properties": { + "createTime": { + "format": "google-datetime", + "description": "Output only. The time at which this KeyRing was created.", + "type": "string" + }, + "name": { + "description": "Output only. The resource name for the KeyRing in the format\n`projects/*/locations/*/keyRings/*`.", + "type": "string" + } + }, + "id": "KeyRing" + }, + "ListLocationsResponse": { + "description": "The response message for Locations.ListLocations.", + "type": "object", + "properties": { + "nextPageToken": { + "description": "The standard List next-page token.", + "type": "string" + }, + "locations": { + "description": "A list of locations that matches the specified filter in the request.", + "items": { + "$ref": "Location" + }, + "type": "array" + } + }, + "id": "ListLocationsResponse" + }, + "Policy": { + "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam).", + "type": "object", + "properties": { + "auditConfigs": { + "description": "Specifies cloud audit logging configuration for this policy.", + "items": { + "$ref": "AuditConfig" + }, + "type": "array" + }, + "bindings": { + "description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.", + "items": { + "$ref": "Binding" + }, + "type": "array" + }, + "iamOwned": { + "type": "boolean" + }, + "etag": { + "format": "byte", + "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.", + "type": "string" + }, + "version": { + "format": "int32", + "description": "Version of the `Policy`. The default version is 0.", + "type": "integer" + } + }, + "id": "Policy" + }, + "UpdateCryptoKeyPrimaryVersionRequest": { + "properties": { + "cryptoKeyVersionId": { + "description": "The id of the child CryptoKeyVersion to use as primary.", + "type": "string" + } + }, + "id": "UpdateCryptoKeyPrimaryVersionRequest", + "description": "Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.", + "type": "object" + }, + "RestoreCryptoKeyVersionRequest": { + "description": "Request message for KeyManagementService.RestoreCryptoKeyVersion.", + "type": "object", + "properties": {}, + "id": "RestoreCryptoKeyVersionRequest" + }, + "ListKeyRingsResponse": { + "description": "Response message for KeyManagementService.ListKeyRings.", + "type": "object", + "properties": { + "nextPageToken": { + "description": "A token to retrieve next page of results. Pass this value in\nListKeyRingsRequest.page_token to retrieve the next page of results.", + "type": "string" + }, + "totalSize": { + "format": "int32", + "description": "The total number of KeyRings that matched the query.", + "type": "integer" + }, + "keyRings": { + "description": "The list of KeyRings.", + "items": { + "$ref": "KeyRing" + }, + "type": "array" + } + }, + "id": "ListKeyRingsResponse" + }, + "AuditConfig": { + "description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.", + "type": "object", + "properties": { + "auditLogConfigs": { + "description": "The configuration for logging of each type of permission.\nNext ID: 4", + "items": { + "$ref": "AuditLogConfig" + }, + "type": "array" + }, + "exemptedMembers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "service": { + "description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.", + "type": "string" + } + }, + "id": "AuditConfig" + } + }, + "icons": { + "x16": "http://www.google.com/images/icons/product/search-16.gif", + "x32": "http://www.google.com/images/icons/product/search-32.gif" + }, + "protocol": "rest", + "canonicalName": "Cloud KMS", + "auth": { + "oauth2": { + "scopes": { + "https://www.googleapis.com/auth/cloud-platform": { + "description": "View and manage your data across Google Cloud Platform services" + } + } + } + }, + "rootUrl": "https://cloudkms.googleapis.com/" +} diff --git a/vendor/google.golang.org/api/cloudkms/v1/cloudkms-gen.go b/vendor/google.golang.org/api/cloudkms/v1/cloudkms-gen.go new file mode 100644 index 00000000000..38cf58f723e --- /dev/null +++ b/vendor/google.golang.org/api/cloudkms/v1/cloudkms-gen.go @@ -0,0 +1,4853 @@ +// Package cloudkms provides access to the Google Cloud Key Management Service (KMS) API. +// +// See https://cloud.google.com/kms/ +// +// Usage example: +// +// import "google.golang.org/api/cloudkms/v1" +// ... +// cloudkmsService, err := cloudkms.New(oauthHttpClient) +package cloudkms // import "google.golang.org/api/cloudkms/v1" + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + context "golang.org/x/net/context" + ctxhttp "golang.org/x/net/context/ctxhttp" + gensupport "google.golang.org/api/gensupport" + googleapi "google.golang.org/api/googleapi" + "io" + "net/http" + "net/url" + "strconv" + "strings" +) + +// Always reference these packages, just in case the auto-generated code +// below doesn't. +var _ = bytes.NewBuffer +var _ = strconv.Itoa +var _ = fmt.Sprintf +var _ = json.NewDecoder +var _ = io.Copy +var _ = url.Parse +var _ = gensupport.MarshalJSON +var _ = googleapi.Version +var _ = errors.New +var _ = strings.Replace +var _ = context.Canceled +var _ = ctxhttp.Do + +const apiId = "cloudkms:v1" +const apiName = "cloudkms" +const apiVersion = "v1" +const basePath = "https://cloudkms.googleapis.com/" + +// OAuth2 scopes used by this API. +const ( + // View and manage your data across Google Cloud Platform services + CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" +) + +func New(client *http.Client) (*Service, error) { + if client == nil { + return nil, errors.New("client is nil") + } + s := &Service{client: client, BasePath: basePath} + s.Projects = NewProjectsService(s) + return s, nil +} + +type Service struct { + client *http.Client + BasePath string // API endpoint base URL + UserAgent string // optional additional User-Agent fragment + + Projects *ProjectsService +} + +func (s *Service) userAgent() string { + if s.UserAgent == "" { + return googleapi.UserAgent + } + return googleapi.UserAgent + " " + s.UserAgent +} + +func NewProjectsService(s *Service) *ProjectsService { + rs := &ProjectsService{s: s} + rs.Locations = NewProjectsLocationsService(s) + return rs +} + +type ProjectsService struct { + s *Service + + Locations *ProjectsLocationsService +} + +func NewProjectsLocationsService(s *Service) *ProjectsLocationsService { + rs := &ProjectsLocationsService{s: s} + rs.KeyRings = NewProjectsLocationsKeyRingsService(s) + return rs +} + +type ProjectsLocationsService struct { + s *Service + + KeyRings *ProjectsLocationsKeyRingsService +} + +func NewProjectsLocationsKeyRingsService(s *Service) *ProjectsLocationsKeyRingsService { + rs := &ProjectsLocationsKeyRingsService{s: s} + rs.CryptoKeys = NewProjectsLocationsKeyRingsCryptoKeysService(s) + return rs +} + +type ProjectsLocationsKeyRingsService struct { + s *Service + + CryptoKeys *ProjectsLocationsKeyRingsCryptoKeysService +} + +func NewProjectsLocationsKeyRingsCryptoKeysService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysService { + rs := &ProjectsLocationsKeyRingsCryptoKeysService{s: s} + rs.CryptoKeyVersions = NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s) + return rs +} + +type ProjectsLocationsKeyRingsCryptoKeysService struct { + s *Service + + CryptoKeyVersions *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService +} + +func NewProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService(s *Service) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService { + rs := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService{s: s} + return rs +} + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService struct { + s *Service +} + +// AuditConfig: Specifies the audit configuration for a service. +// The configuration determines which permission types are logged, and +// what +// identities, if any, are exempted from logging. +// An AuditConfig must have one or more AuditLogConfigs. +// +// If there are AuditConfigs for both `allServices` and a specific +// service, +// the union of the two AuditConfigs is used for that service: the +// log_types +// specified in each AuditConfig are enabled, and the exempted_members +// in each +// AuditConfig are exempted. +// +// Example Policy with multiple AuditConfigs: +// +// { +// "audit_configs": [ +// { +// "service": "allServices" +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:foo@gmail.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE", +// }, +// { +// "log_type": "ADMIN_READ", +// } +// ] +// }, +// { +// "service": "fooservice.googleapis.com" +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// }, +// { +// "log_type": "DATA_WRITE", +// "exempted_members": [ +// "user:bar@gmail.com" +// ] +// } +// ] +// } +// ] +// } +// +// For fooservice, this policy enables DATA_READ, DATA_WRITE and +// ADMIN_READ +// logging. It also exempts foo@gmail.com from DATA_READ logging, +// and +// bar@gmail.com from DATA_WRITE logging. +type AuditConfig struct { + // AuditLogConfigs: The configuration for logging of each type of + // permission. + // Next ID: 4 + AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` + + ExemptedMembers []string `json:"exemptedMembers,omitempty"` + + // Service: Specifies a service that will be enabled for audit + // logging. + // For example, `storage.googleapis.com`, + // `cloudsql.googleapis.com`. + // `allServices` is a special value that covers all services. + Service string `json:"service,omitempty"` + + // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AuditLogConfigs") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *AuditConfig) MarshalJSON() ([]byte, error) { + type noMethod AuditConfig + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// AuditLogConfig: Provides the configuration for logging a type of +// permissions. +// Example: +// +// { +// "audit_log_configs": [ +// { +// "log_type": "DATA_READ", +// "exempted_members": [ +// "user:foo@gmail.com" +// ] +// }, +// { +// "log_type": "DATA_WRITE", +// } +// ] +// } +// +// This enables 'DATA_READ' and 'DATA_WRITE' logging, while +// exempting +// foo@gmail.com from DATA_READ logging. +type AuditLogConfig struct { + // ExemptedMembers: Specifies the identities that do not cause logging + // for this type of + // permission. + // Follows the same format of Binding.members. + ExemptedMembers []string `json:"exemptedMembers,omitempty"` + + // LogType: The log type that this config enables. + // + // Possible values: + // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. + // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy + // "DATA_WRITE" - Data writes. Example: CloudSQL Users create + // "DATA_READ" - Data reads. Example: CloudSQL Users list + LogType string `json:"logType,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ExemptedMembers") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { + type noMethod AuditLogConfig + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Binding: Associates `members` with a `role`. +type Binding struct { + // Condition: The condition that is associated with this binding. + // NOTE: an unsatisfied condition will not allow user access via + // current + // binding. Different bindings, including their conditions, are + // examined + // independently. + // This field is GOOGLE_INTERNAL. + Condition *Expr `json:"condition,omitempty"` + + // Members: Specifies the identities requesting access for a Cloud + // Platform resource. + // `members` can have the following values: + // + // * `allUsers`: A special identifier that represents anyone who is + // on the internet; with or without a Google account. + // + // * `allAuthenticatedUsers`: A special identifier that represents + // anyone + // who is authenticated with a Google account or a service + // account. + // + // * `user:{emailid}`: An email address that represents a specific + // Google + // account. For example, `alice@gmail.com` or `joe@example.com`. + // + // + // * `serviceAccount:{emailid}`: An email address that represents a + // service + // account. For example, + // `my-other-app@appspot.gserviceaccount.com`. + // + // * `group:{emailid}`: An email address that represents a Google + // group. + // For example, `admins@example.com`. + // + // + // * `domain:{domain}`: A Google Apps domain name that represents all + // the + // users of that domain. For example, `google.com` or + // `example.com`. + // + // + Members []string `json:"members,omitempty"` + + // Role: Role that is assigned to `members`. + // For example, `roles/viewer`, `roles/editor`, or + // `roles/owner`. + // Required + Role string `json:"role,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Condition") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Condition") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Binding) MarshalJSON() ([]byte, error) { + type noMethod Binding + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// CryptoKey: A CryptoKey represents a logical key that can be used for +// cryptographic +// operations. +// +// A CryptoKey is made up of one or more versions, which +// represent the actual key material used in cryptographic operations. +type CryptoKey struct { + // CreateTime: Output only. The time at which this CryptoKey was + // created. + CreateTime string `json:"createTime,omitempty"` + + // Labels: Labels with user defined metadata. + Labels map[string]string `json:"labels,omitempty"` + + // Name: Output only. The resource name for this CryptoKey in the + // format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. + Name string `json:"name,omitempty"` + + // NextRotationTime: At next_rotation_time, the Key Management Service + // will automatically: + // + // 1. Create a new version of this CryptoKey. + // 2. Mark the new version as primary. + // + // Key rotations performed manually via + // CreateCryptoKeyVersion and + // UpdateCryptoKeyPrimaryVersion + // do not affect next_rotation_time. + NextRotationTime string `json:"nextRotationTime,omitempty"` + + // Primary: Output only. A copy of the "primary" CryptoKeyVersion that + // will be used + // by Encrypt when this CryptoKey is given + // in EncryptRequest.name. + // + // The CryptoKey's primary version can be updated + // via + // UpdateCryptoKeyPrimaryVersion. + Primary *CryptoKeyVersion `json:"primary,omitempty"` + + // Purpose: The immutable purpose of this CryptoKey. Currently, the only + // acceptable + // purpose is ENCRYPT_DECRYPT. + // + // Possible values: + // "CRYPTO_KEY_PURPOSE_UNSPECIFIED" - Not specified. + // "ENCRYPT_DECRYPT" - CryptoKeys with this purpose may be used + // with + // Encrypt and + // Decrypt. + Purpose string `json:"purpose,omitempty"` + + // RotationPeriod: next_rotation_time will be advanced by this period + // when the service + // automatically rotates a key. Must be at least one day. + // + // If rotation_period is set, next_rotation_time must also be set. + RotationPeriod string `json:"rotationPeriod,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *CryptoKey) MarshalJSON() ([]byte, error) { + type noMethod CryptoKey + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// CryptoKeyVersion: A CryptoKeyVersion represents an individual +// cryptographic key, and the +// associated key material. +// +// It can be used for cryptographic operations either directly, or via +// its +// parent CryptoKey, in which case the server will choose the +// appropriate +// version for the operation. +// +// For security reasons, the raw cryptographic key material represented +// by a +// CryptoKeyVersion can never be viewed or exported. It can only be used +// to +// encrypt or decrypt data when an authorized user or application +// invokes Cloud +// KMS. +type CryptoKeyVersion struct { + // CreateTime: Output only. The time at which this CryptoKeyVersion was + // created. + CreateTime string `json:"createTime,omitempty"` + + // DestroyEventTime: Output only. The time this CryptoKeyVersion's key + // material was + // destroyed. Only present if state is + // DESTROYED. + DestroyEventTime string `json:"destroyEventTime,omitempty"` + + // DestroyTime: Output only. The time this CryptoKeyVersion's key + // material is scheduled + // for destruction. Only present if state is + // DESTROY_SCHEDULED. + DestroyTime string `json:"destroyTime,omitempty"` + + // Name: Output only. The resource name for this CryptoKeyVersion in the + // format + // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersio + // ns/*`. + Name string `json:"name,omitempty"` + + // State: The current state of the CryptoKeyVersion. + // + // Possible values: + // "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" - Not specified. + // "ENABLED" - This version may be used in Encrypt and + // Decrypt requests. + // "DISABLED" - This version may not be used, but the key material is + // still available, + // and the version can be placed back into the ENABLED state. + // "DESTROYED" - This version is destroyed, and the key material is no + // longer stored. + // A version may not leave this state once entered. + // "DESTROY_SCHEDULED" - This version is scheduled for destruction, + // and will be destroyed soon. + // Call + // RestoreCryptoKeyVersion + // to put it back into the DISABLED state. + State string `json:"state,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *CryptoKeyVersion) MarshalJSON() ([]byte, error) { + type noMethod CryptoKeyVersion + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DecryptRequest: Request message for KeyManagementService.Decrypt. +type DecryptRequest struct { + // AdditionalAuthenticatedData: Optional data that must match the data + // originally supplied in + // EncryptRequest.additional_authenticated_data. + AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"` + + // Ciphertext: Required. The encrypted data originally returned + // in + // EncryptResponse.ciphertext. + Ciphertext string `json:"ciphertext,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AdditionalAuthenticatedData") to unconditionally include in API + // requests. By default, fields with empty values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. + // "AdditionalAuthenticatedData") to include in API requests with the + // JSON null value. By default, fields with empty values are omitted + // from API requests. However, any field with an empty value appearing + // in NullFields will be sent to the server as null. It is an error if a + // field in this list has a non-empty value. This may be used to include + // null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DecryptRequest) MarshalJSON() ([]byte, error) { + type noMethod DecryptRequest + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DecryptResponse: Response message for KeyManagementService.Decrypt. +type DecryptResponse struct { + // Plaintext: The decrypted data originally supplied in + // EncryptRequest.plaintext. + Plaintext string `json:"plaintext,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Plaintext") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Plaintext") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DecryptResponse) MarshalJSON() ([]byte, error) { + type noMethod DecryptResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DestroyCryptoKeyVersionRequest: Request message for +// KeyManagementService.DestroyCryptoKeyVersion. +type DestroyCryptoKeyVersionRequest struct { +} + +// EncryptRequest: Request message for KeyManagementService.Encrypt. +type EncryptRequest struct { + // AdditionalAuthenticatedData: Optional data that, if specified, must + // also be provided during decryption + // through DecryptRequest.additional_authenticated_data. Must be + // no + // larger than 64KiB. + AdditionalAuthenticatedData string `json:"additionalAuthenticatedData,omitempty"` + + // Plaintext: Required. The data to encrypt. Must be no larger than + // 64KiB. + Plaintext string `json:"plaintext,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "AdditionalAuthenticatedData") to unconditionally include in API + // requests. By default, fields with empty values are omitted from API + // requests. However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. + // "AdditionalAuthenticatedData") to include in API requests with the + // JSON null value. By default, fields with empty values are omitted + // from API requests. However, any field with an empty value appearing + // in NullFields will be sent to the server as null. It is an error if a + // field in this list has a non-empty value. This may be used to include + // null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *EncryptRequest) MarshalJSON() ([]byte, error) { + type noMethod EncryptRequest + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// EncryptResponse: Response message for KeyManagementService.Encrypt. +type EncryptResponse struct { + // Ciphertext: The encrypted data. + Ciphertext string `json:"ciphertext,omitempty"` + + // Name: The resource name of the CryptoKeyVersion used in encryption. + Name string `json:"name,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Ciphertext") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Ciphertext") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *EncryptResponse) MarshalJSON() ([]byte, error) { + type noMethod EncryptResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Expr: Represents an expression text. Example: +// +// title: "User account presence" +// description: "Determines whether the request has a user account" +// expression: "size(request.user) > 0" +type Expr struct { + // Description: An optional description of the expression. This is a + // longer text which + // describes the expression, e.g. when hovered over it in a UI. + Description string `json:"description,omitempty"` + + // Expression: Textual representation of an expression in + // Common Expression Language syntax. + // + // The application context of the containing message determines + // which + // well-known feature set of CEL is supported. + Expression string `json:"expression,omitempty"` + + // Location: An optional string indicating the location of the + // expression for error + // reporting, e.g. a file name and a position in the file. + Location string `json:"location,omitempty"` + + // Title: An optional title for the expression, i.e. a short string + // describing + // its purpose. This can be used e.g. in UIs which allow to enter + // the + // expression. + Title string `json:"title,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Description") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Description") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Expr) MarshalJSON() ([]byte, error) { + type noMethod Expr + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// KeyRing: A KeyRing is a toplevel logical grouping of CryptoKeys. +type KeyRing struct { + // CreateTime: Output only. The time at which this KeyRing was created. + CreateTime string `json:"createTime,omitempty"` + + // Name: Output only. The resource name for the KeyRing in the + // format + // `projects/*/locations/*/keyRings/*`. + Name string `json:"name,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *KeyRing) MarshalJSON() ([]byte, error) { + type noMethod KeyRing + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// ListCryptoKeyVersionsResponse: Response message for +// KeyManagementService.ListCryptoKeyVersions. +type ListCryptoKeyVersionsResponse struct { + // CryptoKeyVersions: The list of CryptoKeyVersions. + CryptoKeyVersions []*CryptoKeyVersion `json:"cryptoKeyVersions,omitempty"` + + // NextPageToken: A token to retrieve next page of results. Pass this + // value in + // ListCryptoKeyVersionsRequest.page_token to retrieve the next page + // of + // results. + NextPageToken string `json:"nextPageToken,omitempty"` + + // TotalSize: The total number of CryptoKeyVersions that matched + // the + // query. + TotalSize int64 `json:"totalSize,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CryptoKeyVersions") + // to unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CryptoKeyVersions") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *ListCryptoKeyVersionsResponse) MarshalJSON() ([]byte, error) { + type noMethod ListCryptoKeyVersionsResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// ListCryptoKeysResponse: Response message for +// KeyManagementService.ListCryptoKeys. +type ListCryptoKeysResponse struct { + // CryptoKeys: The list of CryptoKeys. + CryptoKeys []*CryptoKey `json:"cryptoKeys,omitempty"` + + // NextPageToken: A token to retrieve next page of results. Pass this + // value in + // ListCryptoKeysRequest.page_token to retrieve the next page of + // results. + NextPageToken string `json:"nextPageToken,omitempty"` + + // TotalSize: The total number of CryptoKeys that matched the query. + TotalSize int64 `json:"totalSize,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "CryptoKeys") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CryptoKeys") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListCryptoKeysResponse) MarshalJSON() ([]byte, error) { + type noMethod ListCryptoKeysResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// ListKeyRingsResponse: Response message for +// KeyManagementService.ListKeyRings. +type ListKeyRingsResponse struct { + // KeyRings: The list of KeyRings. + KeyRings []*KeyRing `json:"keyRings,omitempty"` + + // NextPageToken: A token to retrieve next page of results. Pass this + // value in + // ListKeyRingsRequest.page_token to retrieve the next page of results. + NextPageToken string `json:"nextPageToken,omitempty"` + + // TotalSize: The total number of KeyRings that matched the query. + TotalSize int64 `json:"totalSize,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "KeyRings") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "KeyRings") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListKeyRingsResponse) MarshalJSON() ([]byte, error) { + type noMethod ListKeyRingsResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// ListLocationsResponse: The response message for +// Locations.ListLocations. +type ListLocationsResponse struct { + // Locations: A list of locations that matches the specified filter in + // the request. + Locations []*Location `json:"locations,omitempty"` + + // NextPageToken: The standard List next-page token. + NextPageToken string `json:"nextPageToken,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Locations") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Locations") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ListLocationsResponse) MarshalJSON() ([]byte, error) { + type noMethod ListLocationsResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Location: A resource that represents Google Cloud Platform location. +type Location struct { + // Labels: Cross-service attributes for the location. For example + // + // {"cloud.googleapis.com/region": "us-east1"} + Labels map[string]string `json:"labels,omitempty"` + + // LocationId: The canonical id for this location. For example: + // "us-east1". + LocationId string `json:"locationId,omitempty"` + + // Metadata: Service-specific metadata. For example the available + // capacity at the given + // location. + Metadata googleapi.RawMessage `json:"metadata,omitempty"` + + // Name: Resource name for the location, which may vary between + // implementations. + // For example: "projects/example-project/locations/us-east1" + Name string `json:"name,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Labels") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Labels") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Location) MarshalJSON() ([]byte, error) { + type noMethod Location + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Policy: Defines an Identity and Access Management (IAM) policy. It is +// used to +// specify access control policies for Cloud Platform resources. +// +// +// A `Policy` consists of a list of `bindings`. A `Binding` binds a list +// of +// `members` to a `role`, where the members can be user accounts, Google +// groups, +// Google domains, and service accounts. A `role` is a named list of +// permissions +// defined by IAM. +// +// **Example** +// +// { +// "bindings": [ +// { +// "role": "roles/owner", +// "members": [ +// "user:mike@example.com", +// "group:admins@example.com", +// "domain:google.com", +// +// "serviceAccount:my-other-app@appspot.gserviceaccount.com", +// ] +// }, +// { +// "role": "roles/viewer", +// "members": ["user:sean@example.com"] +// } +// ] +// } +// +// For a description of IAM and its features, see the +// [IAM developer's guide](https://cloud.google.com/iam). +type Policy struct { + // AuditConfigs: Specifies cloud audit logging configuration for this + // policy. + AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` + + // Bindings: Associates a list of `members` to a `role`. + // `bindings` with no members will result in an error. + Bindings []*Binding `json:"bindings,omitempty"` + + // Etag: `etag` is used for optimistic concurrency control as a way to + // help + // prevent simultaneous updates of a policy from overwriting each + // other. + // It is strongly suggested that systems make use of the `etag` in + // the + // read-modify-write cycle to perform policy updates in order to avoid + // race + // conditions: An `etag` is returned in the response to `getIamPolicy`, + // and + // systems are expected to put that etag in the request to + // `setIamPolicy` to + // ensure that their change will be applied to the same version of the + // policy. + // + // If no `etag` is provided in the call to `setIamPolicy`, then the + // existing + // policy is overwritten blindly. + Etag string `json:"etag,omitempty"` + + IamOwned bool `json:"iamOwned,omitempty"` + + // Version: Version of the `Policy`. The default version is 0. + Version int64 `json:"version,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "AuditConfigs") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "AuditConfigs") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Policy) MarshalJSON() ([]byte, error) { + type noMethod Policy + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// RestoreCryptoKeyVersionRequest: Request message for +// KeyManagementService.RestoreCryptoKeyVersion. +type RestoreCryptoKeyVersionRequest struct { +} + +// SetIamPolicyRequest: Request message for `SetIamPolicy` method. +type SetIamPolicyRequest struct { + // Policy: REQUIRED: The complete policy to be applied to the + // `resource`. The size of + // the policy is limited to a few 10s of KB. An empty policy is a + // valid policy but certain Cloud Platform services (such as + // Projects) + // might reject them. + Policy *Policy `json:"policy,omitempty"` + + // UpdateMask: OPTIONAL: A FieldMask specifying which fields of the + // policy to modify. Only + // the fields in the mask will be modified. If no mask is provided, + // the + // following default mask is used: + // paths: "bindings, etag" + // This field is only used by Cloud IAM. + UpdateMask string `json:"updateMask,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Policy") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Policy") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { + type noMethod SetIamPolicyRequest + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// TestIamPermissionsRequest: Request message for `TestIamPermissions` +// method. +type TestIamPermissionsRequest struct { + // Permissions: The set of permissions to check for the `resource`. + // Permissions with + // wildcards (such as '*' or 'storage.*') are not allowed. For + // more + // information see + // [IAM + // Overview](https://cloud.google.com/iam/docs/overview#permissions). + Permissions []string `json:"permissions,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Permissions") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Permissions") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { + type noMethod TestIamPermissionsRequest + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// TestIamPermissionsResponse: Response message for `TestIamPermissions` +// method. +type TestIamPermissionsResponse struct { + // Permissions: A subset of `TestPermissionsRequest.permissions` that + // the caller is + // allowed. + Permissions []string `json:"permissions,omitempty"` + + // ServerResponse contains the HTTP response code and headers from the + // server. + googleapi.ServerResponse `json:"-"` + + // ForceSendFields is a list of field names (e.g. "Permissions") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Permissions") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { + type noMethod TestIamPermissionsResponse + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// UpdateCryptoKeyPrimaryVersionRequest: Request message for +// KeyManagementService.UpdateCryptoKeyPrimaryVersion. +type UpdateCryptoKeyPrimaryVersionRequest struct { + // CryptoKeyVersionId: The id of the child CryptoKeyVersion to use as + // primary. + CryptoKeyVersionId string `json:"cryptoKeyVersionId,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CryptoKeyVersionId") + // to unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CryptoKeyVersionId") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *UpdateCryptoKeyPrimaryVersionRequest) MarshalJSON() ([]byte, error) { + type noMethod UpdateCryptoKeyPrimaryVersionRequest + raw := noMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// method id "cloudkms.projects.locations.get": + +type ProjectsLocationsGetCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// Get: Get information about a location. +func (r *ProjectsLocationsService) Get(name string) *ProjectsLocationsGetCall { + c := &ProjectsLocationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsGetCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsGetCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsGetCall) Context(ctx context.Context) *ProjectsLocationsGetCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsGetCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsGetCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.get" call. +// Exactly one of *Location or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *Location.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsGetCall) Do(opts ...googleapi.CallOption) (*Location, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Location{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Get information about a location.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.get", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Resource name for the location.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "Location" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.list": + +type ProjectsLocationsListCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// List: Lists information about the supported locations for this +// service. +func (r *ProjectsLocationsService) List(name string) *ProjectsLocationsListCall { + c := &ProjectsLocationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Filter sets the optional parameter "filter": The standard list +// filter. +func (c *ProjectsLocationsListCall) Filter(filter string) *ProjectsLocationsListCall { + c.urlParams_.Set("filter", filter) + return c +} + +// PageSize sets the optional parameter "pageSize": The standard list +// page size. +func (c *ProjectsLocationsListCall) PageSize(pageSize int64) *ProjectsLocationsListCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": The standard list +// page token. +func (c *ProjectsLocationsListCall) PageToken(pageToken string) *ProjectsLocationsListCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsListCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsListCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsListCall) Context(ctx context.Context) *ProjectsLocationsListCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsListCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsListCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/locations") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.list" call. +// Exactly one of *ListLocationsResponse or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *ListLocationsResponse.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocationsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &ListLocationsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists information about the supported locations for this service.", + // "flatPath": "v1/projects/{projectsId}/locations", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.list", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "filter": { + // "description": "The standard list filter.", + // "location": "query", + // "type": "string" + // }, + // "name": { + // "description": "The resource that owns the locations collection, if applicable.", + // "location": "path", + // "pattern": "^projects/[^/]+$", + // "required": true, + // "type": "string" + // }, + // "pageSize": { + // "description": "The standard list page size.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "The standard list page token.", + // "location": "query", + // "type": "string" + // } + // }, + // "path": "v1/{+name}/locations", + // "response": { + // "$ref": "ListLocationsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsListCall) Pages(ctx context.Context, f func(*ListLocationsResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "cloudkms.projects.locations.keyRings.create": + +type ProjectsLocationsKeyRingsCreateCall struct { + s *Service + parent string + keyring *KeyRing + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Create: Create a new KeyRing in a given Project and Location. +func (r *ProjectsLocationsKeyRingsService) Create(parent string, keyring *KeyRing) *ProjectsLocationsKeyRingsCreateCall { + c := &ProjectsLocationsKeyRingsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + c.keyring = keyring + return c +} + +// KeyRingId sets the optional parameter "keyRingId": Required. It must +// be unique within a location and match the regular +// expression `[a-zA-Z0-9_-]{1,63}` +func (c *ProjectsLocationsKeyRingsCreateCall) KeyRingId(keyRingId string) *ProjectsLocationsKeyRingsCreateCall { + c.urlParams_.Set("keyRingId", keyRingId) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCreateCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCreateCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCreateCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCreateCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.keyring) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.create" call. +// Exactly one of *KeyRing or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *KeyRing.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsCreateCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &KeyRing{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Create a new KeyRing in a given Project and Location.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.create", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "keyRingId": { + // "description": "Required. It must be unique within a location and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/keyRings", + // "request": { + // "$ref": "KeyRing" + // }, + // "response": { + // "$ref": "KeyRing" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.get": + +type ProjectsLocationsKeyRingsGetCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// Get: Returns metadata for a given KeyRing. +func (r *ProjectsLocationsKeyRingsService) Get(name string) *ProjectsLocationsKeyRingsGetCall { + c := &ProjectsLocationsKeyRingsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsGetCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsGetCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.get" call. +// Exactly one of *KeyRing or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *KeyRing.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsGetCall) Do(opts ...googleapi.CallOption) (*KeyRing, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &KeyRing{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Returns metadata for a given KeyRing.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.get", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The name of the KeyRing to get.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "KeyRing" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.getIamPolicy": + +type ProjectsLocationsKeyRingsGetIamPolicyCall struct { + s *Service + resource string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// GetIamPolicy: Gets the access control policy for a resource. +// Returns an empty policy if the resource exists and does not have a +// policy +// set. +func (r *ProjectsLocationsKeyRingsService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsGetIamPolicyCall { + c := &ProjectsLocationsKeyRingsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsGetIamPolicyCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsGetIamPolicyCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsGetIamPolicyCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.getIamPolicy" call. +// Exactly one of *Policy or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *Policy.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Policy{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:getIamPolicy", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.getIamPolicy", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:getIamPolicy", + // "response": { + // "$ref": "Policy" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.list": + +type ProjectsLocationsKeyRingsListCall struct { + s *Service + parent string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// List: Lists KeyRings. +func (r *ProjectsLocationsKeyRingsService) List(parent string) *ProjectsLocationsKeyRingsListCall { + c := &ProjectsLocationsKeyRingsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + return c +} + +// PageSize sets the optional parameter "pageSize": Optional limit on +// the number of KeyRings to include in the +// response. Further KeyRings can subsequently be obtained by +// including the ListKeyRingsResponse.next_page_token in a +// subsequent +// request. If unspecified, the server will pick an appropriate +// default. +func (c *ProjectsLocationsKeyRingsListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsListCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Optional +// pagination token, returned earlier +// via +// ListKeyRingsResponse.next_page_token. +func (c *ProjectsLocationsKeyRingsListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsListCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsListCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsListCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsListCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsListCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsListCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/keyRings") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.list" call. +// Exactly one of *ListKeyRingsResponse or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *ListKeyRingsResponse.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsListCall) Do(opts ...googleapi.CallOption) (*ListKeyRingsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &ListKeyRingsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists KeyRings.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.list", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "pageSize": { + // "description": "Optional limit on the number of KeyRings to include in the\nresponse. Further KeyRings can subsequently be obtained by\nincluding the ListKeyRingsResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional pagination token, returned earlier via\nListKeyRingsResponse.next_page_token.", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/keyRings", + // "response": { + // "$ref": "ListKeyRingsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsKeyRingsListCall) Pages(ctx context.Context, f func(*ListKeyRingsResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "cloudkms.projects.locations.keyRings.setIamPolicy": + +type ProjectsLocationsKeyRingsSetIamPolicyCall struct { + s *Service + resource string + setiampolicyrequest *SetIamPolicyRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// SetIamPolicy: Sets the access control policy on the specified +// resource. Replaces any +// existing policy. +func (r *ProjectsLocationsKeyRingsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsKeyRingsSetIamPolicyCall { + c := &ProjectsLocationsKeyRingsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + c.setiampolicyrequest = setiampolicyrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsSetIamPolicyCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsSetIamPolicyCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.setIamPolicy" call. +// Exactly one of *Policy or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *Policy.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Policy{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:setIamPolicy", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.setIamPolicy", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:setIamPolicy", + // "request": { + // "$ref": "SetIamPolicyRequest" + // }, + // "response": { + // "$ref": "Policy" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.testIamPermissions": + +type ProjectsLocationsKeyRingsTestIamPermissionsCall struct { + s *Service + resource string + testiampermissionsrequest *TestIamPermissionsRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// TestIamPermissions: Returns permissions that a caller has on the +// specified resource. +// If the resource does not exist, this will return an empty set +// of +// permissions, not a NOT_FOUND error. +// +// Note: This operation is designed to be used for building +// permission-aware +// UIs and command-line tools, not for authorization checking. This +// operation +// may "fail open" without warning. +func (r *ProjectsLocationsKeyRingsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsKeyRingsTestIamPermissionsCall { + c := &ProjectsLocationsKeyRingsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + c.testiampermissionsrequest = testiampermissionsrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsTestIamPermissionsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsTestIamPermissionsCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.testIamPermissions" call. +// Exactly one of *TestIamPermissionsResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *TestIamPermissionsResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &TestIamPermissionsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:testIamPermissions", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.testIamPermissions", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:testIamPermissions", + // "request": { + // "$ref": "TestIamPermissionsRequest" + // }, + // "response": { + // "$ref": "TestIamPermissionsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.create": + +type ProjectsLocationsKeyRingsCryptoKeysCreateCall struct { + s *Service + parent string + cryptokey *CryptoKey + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Create: Create a new CryptoKey within a KeyRing. +// +// CryptoKey.purpose is required. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) Create(parent string, cryptokey *CryptoKey) *ProjectsLocationsKeyRingsCryptoKeysCreateCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + c.cryptokey = cryptokey + return c +} + +// CryptoKeyId sets the optional parameter "cryptoKeyId": Required. It +// must be unique within a KeyRing and match the regular +// expression `[a-zA-Z0-9_-]{1,63}` +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) CryptoKeyId(cryptoKeyId string) *ProjectsLocationsKeyRingsCryptoKeysCreateCall { + c.urlParams_.Set("cryptoKeyId", cryptoKeyId) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCreateCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCreateCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokey) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeys") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.create" call. +// Exactly one of *CryptoKey or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *CryptoKey.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCreateCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKey{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Create a new CryptoKey within a KeyRing.\n\nCryptoKey.purpose is required.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.create", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "cryptoKeyId": { + // "description": "Required. It must be unique within a KeyRing and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The name of the KeyRing associated with the\nCryptoKeys.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/cryptoKeys", + // "request": { + // "$ref": "CryptoKey" + // }, + // "response": { + // "$ref": "CryptoKey" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.decrypt": + +type ProjectsLocationsKeyRingsCryptoKeysDecryptCall struct { + s *Service + name string + decryptrequest *DecryptRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Decrypt: Decrypts data that was protected by Encrypt. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) Decrypt(name string, decryptrequest *DecryptRequest) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall { + c := &ProjectsLocationsKeyRingsCryptoKeysDecryptCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.decryptrequest = decryptrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysDecryptCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.decryptrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:decrypt") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.decrypt" call. +// Exactly one of *DecryptResponse or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *DecryptResponse.ServerResponse.Header or (if a response was returned +// at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysDecryptCall) Do(opts ...googleapi.CallOption) (*DecryptResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &DecryptResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Decrypts data that was protected by Encrypt.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:decrypt", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.decrypt", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Required. The resource name of the CryptoKey to use for decryption.\nThe server will choose the appropriate version.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:decrypt", + // "request": { + // "$ref": "DecryptRequest" + // }, + // "response": { + // "$ref": "DecryptResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.encrypt": + +type ProjectsLocationsKeyRingsCryptoKeysEncryptCall struct { + s *Service + name string + encryptrequest *EncryptRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Encrypt: Encrypts data, so that it can only be recovered by a call to +// Decrypt. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) Encrypt(name string, encryptrequest *EncryptRequest) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall { + c := &ProjectsLocationsKeyRingsCryptoKeysEncryptCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.encryptrequest = encryptrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysEncryptCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.encryptrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:encrypt") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.encrypt" call. +// Exactly one of *EncryptResponse or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *EncryptResponse.ServerResponse.Header or (if a response was returned +// at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysEncryptCall) Do(opts ...googleapi.CallOption) (*EncryptResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &EncryptResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Encrypts data, so that it can only be recovered by a call to Decrypt.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:encrypt", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.encrypt", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Required. The resource name of the CryptoKey or CryptoKeyVersion\nto use for encryption.\n\nIf a CryptoKey is specified, the server will use its\nprimary version.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/.+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:encrypt", + // "request": { + // "$ref": "EncryptRequest" + // }, + // "response": { + // "$ref": "EncryptResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.get": + +type ProjectsLocationsKeyRingsCryptoKeysGetCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// Get: Returns metadata for a given CryptoKey, as well as its +// primary CryptoKeyVersion. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) Get(name string) *ProjectsLocationsKeyRingsCryptoKeysGetCall { + c := &ProjectsLocationsKeyRingsCryptoKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysGetCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysGetCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysGetCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.get" call. +// Exactly one of *CryptoKey or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *CryptoKey.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKey{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Returns metadata for a given CryptoKey, as well as its\nprimary CryptoKeyVersion.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.get", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The name of the CryptoKey to get.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "CryptoKey" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy": + +type ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall struct { + s *Service + resource string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// GetIamPolicy: Gets the access control policy for a resource. +// Returns an empty policy if the resource exists and does not have a +// policy +// set. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) GetIamPolicy(resource string) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall { + c := &ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy" call. +// Exactly one of *Policy or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *Policy.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Policy{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:getIamPolicy", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.getIamPolicy", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:getIamPolicy", + // "response": { + // "$ref": "Policy" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.list": + +type ProjectsLocationsKeyRingsCryptoKeysListCall struct { + s *Service + parent string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// List: Lists CryptoKeys. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) List(parent string) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c := &ProjectsLocationsKeyRingsCryptoKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + return c +} + +// PageSize sets the optional parameter "pageSize": Optional limit on +// the number of CryptoKeys to include in the +// response. Further CryptoKeys can subsequently be obtained +// by +// including the ListCryptoKeysResponse.next_page_token in a +// subsequent +// request. If unspecified, the server will pick an appropriate +// default. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Optional +// pagination token, returned earlier +// via +// ListCryptoKeysResponse.next_page_token. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysListCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeys") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.list" call. +// Exactly one of *ListCryptoKeysResponse or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *ListCryptoKeysResponse.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Do(opts ...googleapi.CallOption) (*ListCryptoKeysResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &ListCryptoKeysResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists CryptoKeys.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.list", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "pageSize": { + // "description": "Optional limit on the number of CryptoKeys to include in the\nresponse. Further CryptoKeys can subsequently be obtained by\nincluding the ListCryptoKeysResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The resource name of the KeyRing to list, in the format\n`projects/*/locations/*/keyRings/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/cryptoKeys", + // "response": { + // "$ref": "ListCryptoKeysResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsKeyRingsCryptoKeysListCall) Pages(ctx context.Context, f func(*ListCryptoKeysResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.patch": + +type ProjectsLocationsKeyRingsCryptoKeysPatchCall struct { + s *Service + name string + cryptokey *CryptoKey + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Patch: Update a CryptoKey. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) Patch(name string, cryptokey *CryptoKey) *ProjectsLocationsKeyRingsCryptoKeysPatchCall { + c := &ProjectsLocationsKeyRingsCryptoKeysPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.cryptokey = cryptokey + return c +} + +// UpdateMask sets the optional parameter "updateMask": Required list of +// fields to be updated in this request. +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) UpdateMask(updateMask string) *ProjectsLocationsKeyRingsCryptoKeysPatchCall { + c.urlParams_.Set("updateMask", updateMask) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysPatchCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysPatchCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokey) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("PATCH", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.patch" call. +// Exactly one of *CryptoKey or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *CryptoKey.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysPatchCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKey{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Update a CryptoKey.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}", + // "httpMethod": "PATCH", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.patch", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // }, + // "updateMask": { + // "description": "Required list of fields to be updated in this request.", + // "format": "google-fieldmask", + // "location": "query", + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "request": { + // "$ref": "CryptoKey" + // }, + // "response": { + // "$ref": "CryptoKey" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy": + +type ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall struct { + s *Service + resource string + setiampolicyrequest *SetIamPolicyRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// SetIamPolicy: Sets the access control policy on the specified +// resource. Replaces any +// existing policy. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall { + c := &ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + c.setiampolicyrequest = setiampolicyrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy" call. +// Exactly one of *Policy or error will be non-nil. Any non-2xx status +// code is an error. Response headers are in either +// *Policy.ServerResponse.Header or (if a response was returned at all) +// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to +// check whether the returned error was because http.StatusNotModified +// was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &Policy{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:setIamPolicy", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:setIamPolicy", + // "request": { + // "$ref": "SetIamPolicyRequest" + // }, + // "response": { + // "$ref": "Policy" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions": + +type ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall struct { + s *Service + resource string + testiampermissionsrequest *TestIamPermissionsRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// TestIamPermissions: Returns permissions that a caller has on the +// specified resource. +// If the resource does not exist, this will return an empty set +// of +// permissions, not a NOT_FOUND error. +// +// Note: This operation is designed to be used for building +// permission-aware +// UIs and command-line tools, not for authorization checking. This +// operation +// may "fail open" without warning. +func (r *ProjectsLocationsKeyRingsCryptoKeysService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall { + c := &ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.resource = resource + c.testiampermissionsrequest = testiampermissionsrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "resource": c.resource, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions" call. +// Exactly one of *TestIamPermissionsResponse or error will be non-nil. +// Any non-2xx status code is an error. Response headers are in either +// *TestIamPermissionsResponse.ServerResponse.Header or (if a response +// was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &TestIamPermissionsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:testIamPermissions", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions", + // "parameterOrder": [ + // "resource" + // ], + // "parameters": { + // "resource": { + // "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+resource}:testIamPermissions", + // "request": { + // "$ref": "TestIamPermissionsRequest" + // }, + // "response": { + // "$ref": "TestIamPermissionsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion": + +type ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall struct { + s *Service + name string + updatecryptokeyprimaryversionrequest *UpdateCryptoKeyPrimaryVersionRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// UpdatePrimaryVersion: Update the version of a CryptoKey that will be +// used in Encrypt +func (r *ProjectsLocationsKeyRingsCryptoKeysService) UpdatePrimaryVersion(name string, updatecryptokeyprimaryversionrequest *UpdateCryptoKeyPrimaryVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall { + c := &ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.updatecryptokeyprimaryversionrequest = updatecryptokeyprimaryversionrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.updatecryptokeyprimaryversionrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:updatePrimaryVersion") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion" call. +// Exactly one of *CryptoKey or error will be non-nil. Any non-2xx +// status code is an error. Response headers are in either +// *CryptoKey.ServerResponse.Header or (if a response was returned at +// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified +// to check whether the returned error was because +// http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionCall) Do(opts ...googleapi.CallOption) (*CryptoKey, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKey{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Update the version of a CryptoKey that will be used in Encrypt", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:updatePrimaryVersion", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.updatePrimaryVersion", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The resource name of the CryptoKey to update.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:updatePrimaryVersion", + // "request": { + // "$ref": "UpdateCryptoKeyPrimaryVersionRequest" + // }, + // "response": { + // "$ref": "CryptoKey" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall struct { + s *Service + parent string + cryptokeyversion *CryptoKeyVersion + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Create: Create a new CryptoKeyVersion in a CryptoKey. +// +// The server will assign the next sequential id. If unset, +// state will be set to +// ENABLED. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Create(parent string, cryptokeyversion *CryptoKeyVersion) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + c.cryptokeyversion = cryptokeyversion + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokeyversion) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeyVersions") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create" call. +// Exactly one of *CryptoKeyVersion or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *CryptoKeyVersion.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKeyVersion{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Create a new CryptoKeyVersion in a CryptoKey.\n\nThe server will assign the next sequential id. If unset,\nstate will be set to\nENABLED.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "parent": { + // "description": "Required. The name of the CryptoKey associated with\nthe CryptoKeyVersions.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/cryptoKeyVersions", + // "request": { + // "$ref": "CryptoKeyVersion" + // }, + // "response": { + // "$ref": "CryptoKeyVersion" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall struct { + s *Service + name string + destroycryptokeyversionrequest *DestroyCryptoKeyVersionRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Destroy: Schedule a CryptoKeyVersion for destruction. +// +// Upon calling this method, CryptoKeyVersion.state will be set +// to +// DESTROY_SCHEDULED +// and destroy_time will be set to a time 24 +// hours in the future, at which point the state +// will be changed to +// DESTROYED, and the key +// material will be irrevocably destroyed. +// +// Before the destroy_time is reached, +// RestoreCryptoKeyVersion may be called to reverse the process. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Destroy(name string, destroycryptokeyversionrequest *DestroyCryptoKeyVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.destroycryptokeyversionrequest = destroycryptokeyversionrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.destroycryptokeyversionrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:destroy") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy" call. +// Exactly one of *CryptoKeyVersion or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *CryptoKeyVersion.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsDestroyCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKeyVersion{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Schedule a CryptoKeyVersion for destruction.\n\nUpon calling this method, CryptoKeyVersion.state will be set to\nDESTROY_SCHEDULED\nand destroy_time will be set to a time 24\nhours in the future, at which point the state\nwill be changed to\nDESTROYED, and the key\nmaterial will be irrevocably destroyed.\n\nBefore the destroy_time is reached,\nRestoreCryptoKeyVersion may be called to reverse the process.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:destroy", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The resource name of the CryptoKeyVersion to destroy.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:destroy", + // "request": { + // "$ref": "DestroyCryptoKeyVersionRequest" + // }, + // "response": { + // "$ref": "CryptoKeyVersion" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall struct { + s *Service + name string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// Get: Returns metadata for a given CryptoKeyVersion. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Get(name string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get" call. +// Exactly one of *CryptoKeyVersion or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *CryptoKeyVersion.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsGetCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKeyVersion{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Returns metadata for a given CryptoKeyVersion.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.get", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The name of the CryptoKeyVersion to get.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "response": { + // "$ref": "CryptoKeyVersion" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall struct { + s *Service + parent string + urlParams_ gensupport.URLParams + ifNoneMatch_ string + ctx_ context.Context + header_ http.Header +} + +// List: Lists CryptoKeyVersions. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) List(parent string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.parent = parent + return c +} + +// PageSize sets the optional parameter "pageSize": Optional limit on +// the number of CryptoKeyVersions to +// include in the response. Further CryptoKeyVersions can +// subsequently be obtained by including +// the +// ListCryptoKeyVersionsResponse.next_page_token in a subsequent +// request. +// If unspecified, the server will pick an appropriate default. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) PageSize(pageSize int64) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) + return c +} + +// PageToken sets the optional parameter "pageToken": Optional +// pagination token, returned earlier +// via +// ListCryptoKeyVersionsResponse.next_page_token. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) PageToken(pageToken string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c.urlParams_.Set("pageToken", pageToken) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// IfNoneMatch sets the optional parameter which makes the operation +// fail if the object's ETag matches the given value. This is useful for +// getting updates only after the object has changed since the last +// request. Use googleapi.IsNotModified to check whether the response +// error from Do is the result of In-None-Match. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c.ifNoneMatch_ = entityTag + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + if c.ifNoneMatch_ != "" { + reqHeaders.Set("If-None-Match", c.ifNoneMatch_) + } + var body io.Reader = nil + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/cryptoKeyVersions") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("GET", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "parent": c.parent, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list" call. +// Exactly one of *ListCryptoKeyVersionsResponse or error will be +// non-nil. Any non-2xx status code is an error. Response headers are in +// either *ListCryptoKeyVersionsResponse.ServerResponse.Header or (if a +// response was returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Do(opts ...googleapi.CallOption) (*ListCryptoKeyVersionsResponse, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &ListCryptoKeyVersionsResponse{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Lists CryptoKeyVersions.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions", + // "httpMethod": "GET", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.list", + // "parameterOrder": [ + // "parent" + // ], + // "parameters": { + // "pageSize": { + // "description": "Optional limit on the number of CryptoKeyVersions to\ninclude in the response. Further CryptoKeyVersions can\nsubsequently be obtained by including the\nListCryptoKeyVersionsResponse.next_page_token in a subsequent request.\nIf unspecified, the server will pick an appropriate default.", + // "format": "int32", + // "location": "query", + // "type": "integer" + // }, + // "pageToken": { + // "description": "Optional pagination token, returned earlier via\nListCryptoKeyVersionsResponse.next_page_token.", + // "location": "query", + // "type": "string" + // }, + // "parent": { + // "description": "Required. The resource name of the CryptoKey to list, in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+parent}/cryptoKeyVersions", + // "response": { + // "$ref": "ListCryptoKeyVersionsResponse" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// Pages invokes f for each page of results. +// A non-nil error returned from f will halt the iteration. +// The provided context supersedes any context provided to the Context method. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListCall) Pages(ctx context.Context, f func(*ListCryptoKeyVersionsResponse) error) error { + c.ctx_ = ctx + defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point + for { + x, err := c.Do() + if err != nil { + return err + } + if err := f(x); err != nil { + return err + } + if x.NextPageToken == "" { + return nil + } + c.PageToken(x.NextPageToken) + } +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall struct { + s *Service + name string + cryptokeyversion *CryptoKeyVersion + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Patch: Update a CryptoKeyVersion's metadata. +// +// state may be changed between +// ENABLED and +// DISABLED using this +// method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion +// to +// move between other states. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Patch(name string, cryptokeyversion *CryptoKeyVersion) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.cryptokeyversion = cryptokeyversion + return c +} + +// UpdateMask sets the optional parameter "updateMask": Required list of +// fields to be updated in this request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall { + c.urlParams_.Set("updateMask", updateMask) + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.cryptokeyversion) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("PATCH", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch" call. +// Exactly one of *CryptoKeyVersion or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *CryptoKeyVersion.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsPatchCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKeyVersion{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Update a CryptoKeyVersion's metadata.\n\nstate may be changed between\nENABLED and\nDISABLED using this\nmethod. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to\nmove between other states.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}", + // "httpMethod": "PATCH", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.patch", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "Output only. The resource name for this CryptoKeyVersion in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + // "required": true, + // "type": "string" + // }, + // "updateMask": { + // "description": "Required list of fields to be updated in this request.", + // "format": "google-fieldmask", + // "location": "query", + // "type": "string" + // } + // }, + // "path": "v1/{+name}", + // "request": { + // "$ref": "CryptoKeyVersion" + // }, + // "response": { + // "$ref": "CryptoKeyVersion" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} + +// method id "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore": + +type ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall struct { + s *Service + name string + restorecryptokeyversionrequest *RestoreCryptoKeyVersionRequest + urlParams_ gensupport.URLParams + ctx_ context.Context + header_ http.Header +} + +// Restore: Restore a CryptoKeyVersion in +// the +// DESTROY_SCHEDULED, +// state. +// +// Upon restoration of the CryptoKeyVersion, state +// will be set to DISABLED, +// and destroy_time will be cleared. +func (r *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsService) Restore(name string, restorecryptokeyversionrequest *RestoreCryptoKeyVersionRequest) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall { + c := &ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall{s: r.s, urlParams_: make(gensupport.URLParams)} + c.name = name + c.restorecryptokeyversionrequest = restorecryptokeyversionrequest + return c +} + +// Fields allows partial responses to be retrieved. See +// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse +// for more information. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Fields(s ...googleapi.Field) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall { + c.urlParams_.Set("fields", googleapi.CombineFields(s)) + return c +} + +// Context sets the context to be used in this call's Do method. Any +// pending HTTP request will be aborted if the provided context is +// canceled. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Context(ctx context.Context) *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall { + c.ctx_ = ctx + return c +} + +// Header returns an http.Header that can be modified by the caller to +// add HTTP headers to the request. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Header() http.Header { + if c.header_ == nil { + c.header_ = make(http.Header) + } + return c.header_ +} + +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) doRequest(alt string) (*http.Response, error) { + reqHeaders := make(http.Header) + for k, v := range c.header_ { + reqHeaders[k] = v + } + reqHeaders.Set("User-Agent", c.s.userAgent()) + var body io.Reader = nil + body, err := googleapi.WithoutDataWrapper.JSONReader(c.restorecryptokeyversionrequest) + if err != nil { + return nil, err + } + reqHeaders.Set("Content-Type", "application/json") + c.urlParams_.Set("alt", alt) + urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:restore") + urls += "?" + c.urlParams_.Encode() + req, _ := http.NewRequest("POST", urls, body) + req.Header = reqHeaders + googleapi.Expand(req.URL, map[string]string{ + "name": c.name, + }) + return gensupport.SendRequest(c.ctx_, c.s.client, req) +} + +// Do executes the "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore" call. +// Exactly one of *CryptoKeyVersion or error will be non-nil. Any +// non-2xx status code is an error. Response headers are in either +// *CryptoKeyVersion.ServerResponse.Header or (if a response was +// returned at all) in error.(*googleapi.Error).Header. Use +// googleapi.IsNotModified to check whether the returned error was +// because http.StatusNotModified was returned. +func (c *ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsRestoreCall) Do(opts ...googleapi.CallOption) (*CryptoKeyVersion, error) { + gensupport.SetOptions(c.urlParams_, opts...) + res, err := c.doRequest("json") + if res != nil && res.StatusCode == http.StatusNotModified { + if res.Body != nil { + res.Body.Close() + } + return nil, &googleapi.Error{ + Code: res.StatusCode, + Header: res.Header, + } + } + if err != nil { + return nil, err + } + defer googleapi.CloseBody(res) + if err := googleapi.CheckResponse(res); err != nil { + return nil, err + } + ret := &CryptoKeyVersion{ + ServerResponse: googleapi.ServerResponse{ + Header: res.Header, + HTTPStatusCode: res.StatusCode, + }, + } + target := &ret + if err := json.NewDecoder(res.Body).Decode(target); err != nil { + return nil, err + } + return ret, nil + // { + // "description": "Restore a CryptoKeyVersion in the\nDESTROY_SCHEDULED,\nstate.\n\nUpon restoration of the CryptoKeyVersion, state\nwill be set to DISABLED,\nand destroy_time will be cleared.", + // "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}/cryptoKeyVersions/{cryptoKeyVersionsId}:restore", + // "httpMethod": "POST", + // "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.restore", + // "parameterOrder": [ + // "name" + // ], + // "parameters": { + // "name": { + // "description": "The resource name of the CryptoKeyVersion to restore.", + // "location": "path", + // "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$", + // "required": true, + // "type": "string" + // } + // }, + // "path": "v1/{+name}:restore", + // "request": { + // "$ref": "RestoreCryptoKeyVersionRequest" + // }, + // "response": { + // "$ref": "CryptoKeyVersion" + // }, + // "scopes": [ + // "https://www.googleapis.com/auth/cloud-platform" + // ] + // } + +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 51c059b5297..346c4e3575c 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -863,6 +863,12 @@ "revision": "c8d75a8ec737f9b8b1ed2676c28feedbe21f543f", "revisionTime": "2016-11-21T18:05:46Z" }, + { + "checksumSHA1": "/cYz9AiKwLEO61OdoLnKi2uiOeQ=", + "path": "google.golang.org/api/cloudkms/v1", + "revision": "654f863362977d69086620b5f72f13e911da2410", + "revisionTime": "2017-09-14T00:03:44Z" + }, { "checksumSHA1": "SIsWfZXQERRErpy9TD1ETop72uU=", "path": "google.golang.org/api/cloudresourcemanager/v1", From 34e5b64bffe28783bb4b9e3bff95a99575ef0b90 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 14 Oct 2017 20:18:21 -0500 Subject: [PATCH 06/30] Address style comments --- google/resource_kms_key_ring.go | 10 +++++----- google/resource_kms_key_ring_test.go | 22 +++++++++++----------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index b60dee1564c..8e959afadeb 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -28,12 +28,12 @@ func resourceKmsKeyRing() *schema.Resource { } } -func createKmsResourceParentString(project, location string) string { +func kmsResourceParentString(project, location string) string { return fmt.Sprintf("projects/%s/locations/%s", project, location) } -func createKmsResourceKeyRingName(project, location, keyRingName string) string { - return fmt.Sprintf("%s/keyRings/%s", createKmsResourceParentString(project, location), keyRingName) +func kmsResourceParentKeyRingName(project, location, keyRingName string) string { + return fmt.Sprintf("%s/keyRings/%s", kmsResourceParentString(project, location), keyRingName) } func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { @@ -47,7 +47,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { name := d.Get("name").(string) location := d.Get("location").(string) - parent := createKmsResourceParentString(project, location) + parent := kmsResourceParentString(project, location) _, err = config.clientKms.Projects.Locations.KeyRings. Create(parent, &cloudkms.KeyRing{}). @@ -58,7 +58,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error creating KeyRing: %s", err) } - keyRingName := createKmsResourceKeyRingName(project, location, name) + keyRingName := kmsResourceParentKeyRingName(project, location, name) d.SetId(keyRingName) diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index a54c8e6570b..7a6c297a740 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -28,15 +28,6 @@ func TestAccGoogleKmsKeyRing_basic(t *testing.T) { }) } -func testGoogleKmsKeyRing_basic(name string) string { - return fmt.Sprintf(` - resource "google_kms_key_ring" "key_ring" { - name = "%s" - location = "us-central1" - } - `, name) -} - func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { config := testAccProvider.Meta().(*Config) @@ -49,8 +40,8 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF name := rs.Primary.Attributes["name"] location := rs.Primary.Attributes["location"] - parent := createKmsResourceParentString(config.Project, location) - keyRingName := createKmsResourceKeyRingName(config.Project, location, name) + parent := kmsResourceParentString(config.Project, location) + keyRingName := kmsResourceParentKeyRingName(config.Project, location, name) listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(parent).Do() if err != nil { @@ -76,3 +67,12 @@ func testGoogleKmsKeyRing_recreate(name string) resource.TestCheckFunc { return nil } } + +func testGoogleKmsKeyRing_basic(name string) string { + return fmt.Sprintf(` +resource "google_kms_key_ring" "key_ring" { + name = "%s" + location = "us-central1" +} + `, name) +} From 7536f926f1781c185ebcb75920990b5fac2d13ce Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 14 Oct 2017 20:37:32 -0500 Subject: [PATCH 07/30] Use fully-qualified keyring name in read operation --- google/resource_kms_key_ring.go | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 8e959afadeb..99de7c67391 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -32,8 +32,8 @@ func kmsResourceParentString(project, location string) string { return fmt.Sprintf("projects/%s/locations/%s", project, location) } -func kmsResourceParentKeyRingName(project, location, keyRingName string) string { - return fmt.Sprintf("%s/keyRings/%s", kmsResourceParentString(project, location), keyRingName) +func kmsResourceParentKeyRingName(project, location, name string) string { + return fmt.Sprintf("%s/keyRings/%s", kmsResourceParentString(project, location), name) } func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { @@ -58,9 +58,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error creating KeyRing: %s", err) } - keyRingName := kmsResourceParentKeyRingName(project, location, name) - - d.SetId(keyRingName) + d.SetId(name) return resourceKmsKeyRingRead(d, meta) } @@ -68,9 +66,17 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - keyRingName := d.Id() + name := d.Id() + location := d.Get("location").(string) + + project, err := getProject(d, config) + if err != nil { + return err + } + + keyRingName := kmsResourceParentKeyRingName(project, location, name) - log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) + log.Printf("[DEBUG] Executing read for KMS KeyRing %s", name) keyRing, err := config.clientKms.Projects.Locations.KeyRings. Get(keyRingName). From 5b815d744f168125b4705dc0dee3237ce6029ff7 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 14 Oct 2017 20:43:11 -0500 Subject: [PATCH 08/30] Remove call to SetId during read operation --- google/resource_kms_key_ring.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 99de7c67391..120a21ae0a8 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -78,7 +78,7 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Executing read for KMS KeyRing %s", name) - keyRing, err := config.clientKms.Projects.Locations.KeyRings. + _, err = config.clientKms.Projects.Locations.KeyRings. Get(keyRingName). Do() @@ -86,8 +86,6 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error reading KeyRing: %s", err) } - d.SetId(keyRing.Name) - return nil } From bc9527f5861632b43c10884e223ba156dddb96ef Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 14 Oct 2017 20:59:24 -0500 Subject: [PATCH 09/30] Set ID as entire resource string --- google/resource_kms_key_ring.go | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 120a21ae0a8..2c02a801858 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -49,7 +49,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { parent := kmsResourceParentString(project, location) - _, err = config.clientKms.Projects.Locations.KeyRings. + keyRing, err := config.clientKms.Projects.Locations.KeyRings. Create(parent, &cloudkms.KeyRing{}). KeyRingId(name). Do() @@ -58,7 +58,9 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("Error creating KeyRing: %s", err) } - d.SetId(name) + log.Printf("[DEBUG] Created KeyRing %s", keyRing.Name) + + d.SetId(keyRing.Name) return resourceKmsKeyRingRead(d, meta) } @@ -66,19 +68,11 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - name := d.Id() - location := d.Get("location").(string) - - project, err := getProject(d, config) - if err != nil { - return err - } - - keyRingName := kmsResourceParentKeyRingName(project, location, name) + keyRingName := d.Id() - log.Printf("[DEBUG] Executing read for KMS KeyRing %s", name) + log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) - _, err = config.clientKms.Projects.Locations.KeyRings. + _, err := config.clientKms.Projects.Locations.KeyRings. Get(keyRingName). Do() From 1248ab8b6d7dfb15c16524e6a28ae983306e388b Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sun, 15 Oct 2017 11:09:56 -0500 Subject: [PATCH 10/30] Spin up a new project for acceptance test --- google/resource_kms_key_ring.go | 5 +++ google/resource_kms_key_ring_test.go | 46 +++++++++++++++++++++++----- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 2c02a801858..47eee9486be 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -24,6 +24,11 @@ func resourceKmsKeyRing() *schema.Resource { Required: true, ForceNew: true, }, + "project": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, }, } } diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 7a6c297a740..e0c206c45c7 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -11,15 +11,29 @@ import ( ) func TestAccGoogleKmsKeyRing_basic(t *testing.T) { - name := acctest.RandString(10) + skipIfEnvNotSet(t, + []string{ + "GOOGLE_ORG", + "GOOGLE_BILLING_ACCOUNT", + }..., + ) + + projectId := "terraform-" + acctest.RandString(10) + projectOrg := multiEnvSearch([]string{ + "GOOGLE_ORG", + }) + projectBillingAccount := multiEnvSearch([]string{ + "GOOGLE_BILLING_ACCOUNT", + }) + keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10)) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testGoogleKmsKeyRing_recreate(name), + CheckDestroy: testGoogleKmsKeyRing_recreate(keyRingName), Steps: []resource.TestStep{ resource.TestStep{ - Config: testGoogleKmsKeyRing_basic(name), + Config: testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName), Check: resource.ComposeTestCheckFunc( testAccCheckGoogleKmsKeyRingExists("google_kms_key_ring.key_ring"), ), @@ -39,9 +53,10 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF name := rs.Primary.Attributes["name"] location := rs.Primary.Attributes["location"] + project := rs.Primary.Attributes["project"] - parent := kmsResourceParentString(config.Project, location) - keyRingName := kmsResourceParentKeyRingName(config.Project, location, name) + parent := kmsResourceParentString(project, location) + keyRingName := kmsResourceParentKeyRingName(project, location, name) listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(parent).Do() if err != nil { @@ -68,11 +83,26 @@ func testGoogleKmsKeyRing_recreate(name string) resource.TestCheckFunc { } } -func testGoogleKmsKeyRing_basic(name string) string { +func testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName string) string { return fmt.Sprintf(` +resource "google_project" "acceptance" { + name = "%s" + project_id = "%s" + org_id = "%s" + billing_account = "%s" +} + +resource "google_project_services" "acceptance" { + project = "${google_project.acceptance.project_id}" + services = [ + "cloudkms.googleapis.com" + ] +} + resource "google_kms_key_ring" "key_ring" { - name = "%s" + project = "${google_project_services.acceptance.project}" + name = "%s" location = "us-central1" } - `, name) + `, projectId, projectId, projectOrg, projectBillingAccount, keyRingName) } From d6cb880e0adf6dadceba0083eae94c9d52f2bc8a Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sun, 15 Oct 2017 22:37:22 -0500 Subject: [PATCH 11/30] Use Getenv for billing and org environment variables --- google/resource_kms_key_ring_test.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index e0c206c45c7..f22a4b479ba 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" "log" + "os" ) func TestAccGoogleKmsKeyRing_basic(t *testing.T) { @@ -19,12 +20,8 @@ func TestAccGoogleKmsKeyRing_basic(t *testing.T) { ) projectId := "terraform-" + acctest.RandString(10) - projectOrg := multiEnvSearch([]string{ - "GOOGLE_ORG", - }) - projectBillingAccount := multiEnvSearch([]string{ - "GOOGLE_BILLING_ACCOUNT", - }) + projectOrg := os.Getenv("GOOGLE_ORG") + projectBillingAccount := os.Getenv("GOOGLE_BILLING_ACCOUNT") keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10)) resource.Test(t, resource.TestCase{ From c5240510fca57d42d637a886eecc491abd8e4f70 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sat, 21 Oct 2017 22:38:34 -0500 Subject: [PATCH 12/30] And test and logs around removal from state --- google/resource_kms_key_ring.go | 6 +++++ google/resource_kms_key_ring_test.go | 40 +++++++++++++++++++++++++--- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 47eee9486be..e8db8002e0f 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -89,5 +89,11 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { } func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { + keyRingName := d.Id() + + log.Printf("[INFO] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingName) + + d.SetId("") + return nil } diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index f22a4b479ba..985688d7973 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -27,7 +27,7 @@ func TestAccGoogleKmsKeyRing_basic(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, - CheckDestroy: testGoogleKmsKeyRing_recreate(keyRingName), + CheckDestroy: testAccCheckGoogleKmsKeyRingWasRemovedFromState("google_kms_key_ring.key_ring"), Steps: []resource.TestStep{ resource.TestStep{ Config: testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName), @@ -35,6 +35,12 @@ func TestAccGoogleKmsKeyRing_basic(t *testing.T) { testAccCheckGoogleKmsKeyRingExists("google_kms_key_ring.key_ring"), ), }, + resource.TestStep{ + Config: testGoogleKmsKeyRing_removed(projectId, projectOrg, projectBillingAccount), + Check: resource.ComposeTestCheckFunc( + testAccCheckGoogleKmsKeyRingWasRemovedFromState("google_kms_key_ring.key_ring"), + ), + }, }, }) } @@ -72,10 +78,18 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF } } -// TODO -// KMS KeyRings cannot be deleted. This will test if the resource can be added back to state after being removed -func testGoogleKmsKeyRing_recreate(name string) resource.TestCheckFunc { +/* + KMS KeyRings cannot be deleted. This ensures that the KeyRing resource was removed from state, + even though the server-side resource was not removed. +*/ +func testAccCheckGoogleKmsKeyRingWasRemovedFromState(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { + _, ok := s.RootModule().Resources[resourceName] + + if ok { + return fmt.Errorf("Resource was not removed from state: %s", resourceName) + } + return nil } } @@ -103,3 +117,21 @@ resource "google_kms_key_ring" "key_ring" { } `, projectId, projectId, projectOrg, projectBillingAccount, keyRingName) } + +func testGoogleKmsKeyRing_removed(projectId, projectOrg, projectBillingAccount string) string { + return fmt.Sprintf(` +resource "google_project" "acceptance" { + name = "%s" + project_id = "%s" + org_id = "%s" + billing_account = "%s" +} + +resource "google_project_services" "acceptance" { + project = "${google_project.acceptance.project_id}" + services = [ + "cloudkms.googleapis.com" + ] +} + `, projectId, projectId, projectOrg, projectBillingAccount) +} From 5a7b690df9465435cc532ffcba7dc865ae6248bc Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Sun, 22 Oct 2017 08:07:59 -0500 Subject: [PATCH 13/30] Add comments --- google/resource_kms_key_ring.go | 5 +++++ google/resource_kms_key_ring_test.go | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index e8db8002e0f..5c4ab0bcedd 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -88,6 +88,11 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { return nil } +/* + Because KMS KeyRing resources cannot be deleted on GCP, we are only going to remove it from state. + Re-creation of this resource through Terraform will produce an error. + */ + func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { keyRingName := d.Id() diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 985688d7973..6ae7aaeec99 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -94,6 +94,10 @@ func testAccCheckGoogleKmsKeyRingWasRemovedFromState(resourceName string) resour } } +/* + This test runs in its own project, otherwise the test project would start to get filled + with undeletable resources + */ func testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName string) string { return fmt.Sprintf(` resource "google_project" "acceptance" { From 33b74c02edae62abeb36cc381da8ca660e4d9ac9 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Mon, 23 Oct 2017 17:31:19 -0500 Subject: [PATCH 14/30] Fixes formatting --- google/resource_kms_key_ring.go | 2 +- google/resource_kms_key_ring_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 5c4ab0bcedd..30ab8562286 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -91,7 +91,7 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { /* Because KMS KeyRing resources cannot be deleted on GCP, we are only going to remove it from state. Re-creation of this resource through Terraform will produce an error. - */ +*/ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { keyRingName := d.Id() diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 6ae7aaeec99..1ad2c0977b1 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -97,7 +97,7 @@ func testAccCheckGoogleKmsKeyRingWasRemovedFromState(resourceName string) resour /* This test runs in its own project, otherwise the test project would start to get filled with undeletable resources - */ +*/ func testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName string) string { return fmt.Sprintf(` resource "google_project" "acceptance" { From 5c49d082881e423505c8cf3a270d852e1b30fe60 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Mon, 23 Oct 2017 17:31:52 -0500 Subject: [PATCH 15/30] Log warning instead of info --- google/resource_kms_key_ring.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 30ab8562286..1f1ab83d371 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -96,7 +96,7 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { keyRingName := d.Id() - log.Printf("[INFO] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingName) + log.Printf("[WARNING] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingName) d.SetId("") From 775d43f7ffe379a713cf5964f7bf4d339a187482 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Mon, 23 Oct 2017 17:37:02 -0500 Subject: [PATCH 16/30] Use a single line for cloudkms client actions --- google/resource_kms_key_ring.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 1f1ab83d371..95897432c16 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -54,10 +54,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { parent := kmsResourceParentString(project, location) - keyRing, err := config.clientKms.Projects.Locations.KeyRings. - Create(parent, &cloudkms.KeyRing{}). - KeyRingId(name). - Do() + keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(parent, &cloudkms.KeyRing{}).KeyRingId(name).Do() if err != nil { return fmt.Errorf("Error creating KeyRing: %s", err) @@ -77,9 +74,7 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) - _, err := config.clientKms.Projects.Locations.KeyRings. - Get(keyRingName). - Do() + _, err := config.clientKms.Projects.Locations.KeyRings.Get(keyRingName).Do() if err != nil { return fmt.Errorf("Error reading KeyRing: %s", err) From 23500d0ce42438a0a49f7d10d042810a54ebd90b Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Mon, 23 Oct 2017 19:50:19 -0500 Subject: [PATCH 17/30] Add resource import test --- google/import_kms_key_ring_test.go | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 google/import_kms_key_ring_test.go diff --git a/google/import_kms_key_ring_test.go b/google/import_kms_key_ring_test.go new file mode 100644 index 00000000000..069fd9d6c64 --- /dev/null +++ b/google/import_kms_key_ring_test.go @@ -0,0 +1,41 @@ +package google + +import ( + "testing" + + "fmt" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccGoogleKmsKeyRing_importBasic(t *testing.T) { + t.Parallel() + + resourceName := "google_kms_key_ring.key_ring" + name := acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testGoogleKmsKeyRing_import(name), + }, + + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testGoogleKmsKeyRing_import(keyRingName string) string { + return fmt.Sprintf(` +resource "google_kms_key_ring" "key_ring" { + name = "%s" + location = "us-central1" +} + `, keyRingName) +} From b8d0dbe0735c830ab13d5f15049d2d7f252f6a31 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Mon, 23 Oct 2017 19:50:45 -0500 Subject: [PATCH 18/30] Add ability to import resource, update helper functions to use keyRingId struct --- google/resource_kms_key_ring.go | 61 ++++++++++++++++++++++++---- google/resource_kms_key_ring_test.go | 17 ++++---- 2 files changed, 60 insertions(+), 18 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 95897432c16..fd182b224c6 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -5,6 +5,8 @@ import ( "github.com/hashicorp/terraform/helper/schema" "google.golang.org/api/cloudkms/v1" "log" + "regexp" + "strings" ) func resourceKmsKeyRing() *schema.Resource { @@ -12,6 +14,9 @@ func resourceKmsKeyRing() *schema.Resource { Create: resourceKmsKeyRingCreate, Read: resourceKmsKeyRingRead, Delete: resourceKmsKeyRingDelete, + Importer: &schema.ResourceImporter{ + State: resourceKmsKeyRingImportState, + }, Schema: map[string]*schema.Schema{ "name": &schema.Schema{ @@ -33,12 +38,18 @@ func resourceKmsKeyRing() *schema.Resource { } } -func kmsResourceParentString(project, location string) string { - return fmt.Sprintf("projects/%s/locations/%s", project, location) +type kmsKeyRingId struct { + Project string + Location string + Name string +} + +func (s *kmsKeyRingId) keyRingId() string { + return fmt.Sprintf("projects/%s/locations/%s/keyRings/%s", s.Project, s.Location, s.Name) } -func kmsResourceParentKeyRingName(project, location, name string) string { - return fmt.Sprintf("%s/keyRings/%s", kmsResourceParentString(project, location), name) +func (s *kmsKeyRingId) parentString() string { + return fmt.Sprintf("projects/%s/locations/%s", s.Project, s.Location) } func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { @@ -49,12 +60,13 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { return err } - name := d.Get("name").(string) - location := d.Get("location").(string) - - parent := kmsResourceParentString(project, location) + keyRingId := &kmsKeyRingId{ + Project: project, + Location: d.Get("location").(string), + Name: d.Get("name").(string), + } - keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(parent, &cloudkms.KeyRing{}).KeyRingId(name).Do() + keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(keyRingId.parentString(), &cloudkms.KeyRing{}).KeyRingId(keyRingId.Name).Do() if err != nil { return fmt.Errorf("Error creating KeyRing: %s", err) @@ -97,3 +109,34 @@ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { return nil } + +func parseKmsKeyRingId(id string) (*kmsKeyRingId, error) { + keyRingIdRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/keyRings/(.+)$") + + if !keyRingIdRegex.MatchString(id) { + return nil, fmt.Errorf("Invalid KeyRing id format, expecting projects/{projectId}/locations/{locationId}/keyRings/{keyRingName}") + } + + parts := strings.Split(id, "/") + + return &kmsKeyRingId{ + Project: parts[1], + Location: parts[3], + Name: parts[5], + }, nil +} + +func resourceKmsKeyRingImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + id, err := parseKmsKeyRingId(d.Id()) + + if err != nil { + return nil, err + } + + d.Set("name", id.Name) + d.Set("location", id.Location) + + d.SetId(id.keyRingId()) + + return []*schema.ResourceData{d}, nil +} diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 1ad2c0977b1..3e2e1f78d08 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -54,14 +54,13 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF return fmt.Errorf("Resource not found: %s", resourceName) } - name := rs.Primary.Attributes["name"] - location := rs.Primary.Attributes["location"] - project := rs.Primary.Attributes["project"] - - parent := kmsResourceParentString(project, location) - keyRingName := kmsResourceParentKeyRingName(project, location, name) + keyRingId := &kmsKeyRingId{ + Project: rs.Primary.Attributes["project"], + Location: rs.Primary.Attributes["location"], + Name: rs.Primary.Attributes["name"], + } - listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(parent).Do() + listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(keyRingId.parentString()).Do() if err != nil { return fmt.Errorf("Error listing KeyRings: %s", err) } @@ -69,12 +68,12 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF for _, keyRing := range listKeyRingsResponse.KeyRings { log.Printf("[DEBUG] Found KeyRing: %s", keyRing.Name) - if keyRing.Name == keyRingName { + if keyRing.Name == keyRingId.keyRingId() { return nil } } - return fmt.Errorf("KeyRing not found: %s", keyRingName) + return fmt.Errorf("KeyRing not found: %s", keyRingId.keyRingId()) } } From c4317aba3cdd57abae8c92604b3629a0c2e13a1a Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 19:07:56 -0500 Subject: [PATCH 19/30] Use shorter terraform ID for easier import --- google/resource_kms_key_ring.go | 45 +++++++++++++++++----------- google/resource_kms_key_ring_test.go | 2 +- 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index fd182b224c6..c93cd28cdf5 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -48,10 +48,14 @@ func (s *kmsKeyRingId) keyRingId() string { return fmt.Sprintf("projects/%s/locations/%s/keyRings/%s", s.Project, s.Location, s.Name) } -func (s *kmsKeyRingId) parentString() string { +func (s *kmsKeyRingId) parentId() string { return fmt.Sprintf("projects/%s/locations/%s", s.Project, s.Location) } +func (s *kmsKeyRingId) terraformId() string { + return fmt.Sprintf("%s/%s/%s", s.Project, s.Location, s.Name) +} + func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) @@ -66,7 +70,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { Name: d.Get("name").(string), } - keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(keyRingId.parentString(), &cloudkms.KeyRing{}).KeyRingId(keyRingId.Name).Do() + keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(keyRingId.parentId(), &cloudkms.KeyRing{}).KeyRingId(keyRingId.Name).Do() if err != nil { return fmt.Errorf("Error creating KeyRing: %s", err) @@ -74,7 +78,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { log.Printf("[DEBUG] Created KeyRing %s", keyRing.Name) - d.SetId(keyRing.Name) + d.SetId(keyRingId.terraformId()) return resourceKmsKeyRingRead(d, meta) } @@ -82,11 +86,14 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - keyRingName := d.Id() + keyRingId, err := parseKmsKeyRingId(d.Id()) + if err != nil { + return err + } - log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) + log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingId.keyRingId()) - _, err := config.clientKms.Projects.Locations.KeyRings.Get(keyRingName).Do() + _, err = config.clientKms.Projects.Locations.KeyRings.Get(keyRingId.keyRingId()).Do() if err != nil { return fmt.Errorf("Error reading KeyRing: %s", err) @@ -101,9 +108,12 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { */ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { - keyRingName := d.Id() + keyRingId, err := parseKmsKeyRingId(d.Id()) + if err != nil { + return err + } - log.Printf("[WARNING] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingName) + log.Printf("[WARNING] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingId.keyRingId()) d.SetId("") @@ -111,32 +121,31 @@ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { } func parseKmsKeyRingId(id string) (*kmsKeyRingId, error) { - keyRingIdRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/keyRings/(.+)$") + keyRingIdRegex := regexp.MustCompile("^[a-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$") if !keyRingIdRegex.MatchString(id) { - return nil, fmt.Errorf("Invalid KeyRing id format, expecting projects/{projectId}/locations/{locationId}/keyRings/{keyRingName}") + return nil, fmt.Errorf("Invalid KeyRing id format, expecting {projectId}/{locationId}/{keyRingName}") } parts := strings.Split(id, "/") return &kmsKeyRingId{ - Project: parts[1], - Location: parts[3], - Name: parts[5], + Project: parts[0], + Location: parts[1], + Name: parts[2], }, nil } func resourceKmsKeyRingImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - id, err := parseKmsKeyRingId(d.Id()) - + keyRingId, err := parseKmsKeyRingId(d.Id()) if err != nil { return nil, err } - d.Set("name", id.Name) - d.Set("location", id.Location) + d.Set("name", keyRingId.Name) + d.Set("location", keyRingId.Location) - d.SetId(id.keyRingId()) + d.SetId(keyRingId.terraformId()) return []*schema.ResourceData{d}, nil } diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 3e2e1f78d08..562a98d8344 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -60,7 +60,7 @@ func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckF Name: rs.Primary.Attributes["name"], } - listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(keyRingId.parentString()).Do() + listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(keyRingId.parentId()).Do() if err != nil { return fmt.Errorf("Error listing KeyRings: %s", err) } From c2106a9b63d6b6e429663e521c3f0d3643778263 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 19:13:14 -0500 Subject: [PATCH 20/30] Update import test to use the same config as the basic test --- google/import_kms_key_ring_test.go | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/google/import_kms_key_ring_test.go b/google/import_kms_key_ring_test.go index 069fd9d6c64..c846a152f0a 100644 --- a/google/import_kms_key_ring_test.go +++ b/google/import_kms_key_ring_test.go @@ -6,20 +6,30 @@ import ( "fmt" "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" + "os" ) func TestAccGoogleKmsKeyRing_importBasic(t *testing.T) { - t.Parallel() + skipIfEnvNotSet(t, + []string{ + "GOOGLE_ORG", + "GOOGLE_BILLING_ACCOUNT", + }..., + ) resourceName := "google_kms_key_ring.key_ring" - name := acctest.RandString(10) + + projectId := "terraform-" + acctest.RandString(10) + projectOrg := os.Getenv("GOOGLE_ORG") + projectBillingAccount := os.Getenv("GOOGLE_BILLING_ACCOUNT") + keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10)) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ resource.TestStep{ - Config: testGoogleKmsKeyRing_import(name), + Config: testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName), }, resource.TestStep{ @@ -30,12 +40,3 @@ func TestAccGoogleKmsKeyRing_importBasic(t *testing.T) { }, }) } - -func testGoogleKmsKeyRing_import(keyRingName string) string { - return fmt.Sprintf(` -resource "google_kms_key_ring" "key_ring" { - name = "%s" - location = "us-central1" -} - `, keyRingName) -} From 27fc744b97fe10ad63d61855aab8c78015a1415a Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 19:58:32 -0500 Subject: [PATCH 21/30] Update KeyRing name regex to be consistent with API docs --- google/resource_kms_key_ring.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index c93cd28cdf5..1b9b9071dfa 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -121,7 +121,7 @@ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { } func parseKmsKeyRingId(id string) (*kmsKeyRingId, error) { - keyRingIdRegex := regexp.MustCompile("^[a-z0-9-]+/[a-z0-9-]+/[a-z0-9-]+$") + keyRingIdRegex := regexp.MustCompile("^[a-z0-9-]+/[a-z0-9-]+/[a-zA-Z0-9_-]{1,63}$") if !keyRingIdRegex.MatchString(id) { return nil, fmt.Errorf("Invalid KeyRing id format, expecting {projectId}/{locationId}/{keyRingName}") From a2c3363f4d9231f33325fb2204eadfcbd5273fbd Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 20:00:10 -0500 Subject: [PATCH 22/30] Add documentation page for resource --- .../docs/r/google_kms_key_ring.html.markdown | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 website/docs/r/google_kms_key_ring.html.markdown diff --git a/website/docs/r/google_kms_key_ring.html.markdown b/website/docs/r/google_kms_key_ring.html.markdown new file mode 100644 index 00000000000..7363cabfb20 --- /dev/null +++ b/website/docs/r/google_kms_key_ring.html.markdown @@ -0,0 +1,59 @@ +--- +layout: "google" +page_title: "Google: google_kms_key_ring" +sidebar_current: "docs-google-kms-key-ring-x" +description: |- + Allows creation of a Google Cloud Platform KMS KeyRing. +--- + +# google\_kms\_key\_ring + +Allows creation of a Google Cloud Platform KMS KeyRing. For more information see +[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#keyring) +and +[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings). + +A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project +and resides in a specific location. + +~> Note: KeyRings cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed KeyRing will remove it +from state but **will not delete the resource on the server**. + +## Example Usage + +```hcl +resource "google_kms_key_ring" "my_key_ring" { + name = "my-key-ring" + location = "us-central1" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The KeyRing's name. + A KeyRing’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}` + +* `location` - (Required) The Google Cloud Platform location for the KeyRing. + A full list of valid locations can be found by running `gcloud kms locations list`. + +- - - + +* `project` - (Optional) The project in which the resource belongs. If it + is not provided, the provider project is used. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `id` - The ID of the created KeyRing. Its format is `{projectId}/{location}/{keyRingName}`. + +## Import + +KeyRings can be imported using the KeyRing autogenerated `id`, e.g. + +``` +$ terraform import google_kms_key_ring.my_key_ring my-gcp-project/us-central1/my-key-ring +``` From 82f4785d558af160945d966068cf185482b5044c Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 20:03:42 -0500 Subject: [PATCH 23/30] Add KeyRing documentation to sidebar --- website/google.erb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/google.erb b/website/google.erb index 160d6c92f27..b3527229cab 100644 --- a/website/google.erb +++ b/website/google.erb @@ -77,6 +77,9 @@ > google_folder_iam_policy + > + google_kms_key_ring + > google_organization_policy From 6e2a6c0752e7e27dcc3c0331c12107764b416813 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 20:31:05 -0500 Subject: [PATCH 24/30] Adds unit tests around parsing the KeyRing import id --- google/resource_kms_key_ring_test.go | 44 ++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 562a98d8344..e57dde3229c 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -11,6 +11,50 @@ import ( "os" ) +func TestKeyRingIdParsing(t *testing.T) { + cases := map[string]struct { + ImportId string + ExpectedError bool + ExpectedTerraformId string + ExpectedKeyRingId string + Config *Config + }{ + "id is in project/location/keyRingName format": { + ImportId: "test-project/us-central1/test-key-ring", + ExpectedError: false, + ExpectedTerraformId: "test-project/us-central1/test-key-ring", + ExpectedKeyRingId: "projects/test-project/locations/us-central1/keyRings/test-key-ring", + }, + "id contains name that is longer than 63 characters": { + ImportId: "test-project/us-central1/can-you-believe-that-this-key-ring-name-is-exactly-64-characters", + ExpectedError: true, + }, + } + + for testName, testCase := range cases { + keyRingId, err := parseKmsKeyRingId(testCase.ImportId) + + if testCase.ExpectedError && err == nil { + t.Fatalf("bad: %s, expected an error", testName) + } + + if err != nil { + if testCase.ExpectedError { + continue + } + t.Fatalf("bad: %s, err: %#v", testName, err) + } + + if keyRingId.terraformId() != testCase.ExpectedTerraformId { + t.Fatalf("bad: %s, expected Terraform ID to be `%s` but is `%s`", testName, testCase.ExpectedTerraformId, keyRingId.terraformId()) + } + + if keyRingId.keyRingId() != testCase.ExpectedKeyRingId { + t.Fatalf("bad: %s, expected KeyRing ID to be `%s` but is `%s`", testName, testCase.ExpectedKeyRingId, keyRingId.keyRingId()) + } + } +} + func TestAccGoogleKmsKeyRing_basic(t *testing.T) { skipIfEnvNotSet(t, []string{ From 2120b4785c90ba29cb5fd586ee9c0ac08c4f811f Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 21:55:30 -0500 Subject: [PATCH 25/30] Allow for project in id to be autopopulated from config --- google/resource_kms_key_ring.go | 39 ++++++++++++------- google/resource_kms_key_ring_test.go | 9 ++++- .../docs/r/google_kms_key_ring.html.markdown | 2 + 3 files changed, 36 insertions(+), 14 deletions(-) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 1b9b9071dfa..14678aac52f 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -86,7 +86,7 @@ func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*Config) - keyRingId, err := parseKmsKeyRingId(d.Id()) + keyRingId, err := parseKmsKeyRingId(d.Id(), config) if err != nil { return err } @@ -108,7 +108,9 @@ func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { */ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { - keyRingId, err := parseKmsKeyRingId(d.Id()) + config := meta.(*Config) + + keyRingId, err := parseKmsKeyRingId(d.Id(), config) if err != nil { return err } @@ -120,24 +122,35 @@ func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { return nil } -func parseKmsKeyRingId(id string) (*kmsKeyRingId, error) { - keyRingIdRegex := regexp.MustCompile("^[a-z0-9-]+/[a-z0-9-]+/[a-zA-Z0-9_-]{1,63}$") +func parseKmsKeyRingId(id string, config *Config) (*kmsKeyRingId, error) { + parts := strings.Split(id, "/") + + keyRingIdRegex := regexp.MustCompile("^([a-z0-9-]+)/([a-z0-9-])+/([a-zA-Z0-9_-]{1,63})$") + keyRingIdWithoutProjectRegex := regexp.MustCompile("^([a-z0-9-])+/([a-zA-Z0-9_-]{1,63})$") - if !keyRingIdRegex.MatchString(id) { - return nil, fmt.Errorf("Invalid KeyRing id format, expecting {projectId}/{locationId}/{keyRingName}") + if keyRingIdRegex.MatchString(id) { + return &kmsKeyRingId{ + Project: parts[0], + Location: parts[1], + Name: parts[2], + }, nil } - parts := strings.Split(id, "/") + if keyRingIdWithoutProjectRegex.MatchString(id) { + return &kmsKeyRingId{ + Project: config.Project, + Location: parts[0], + Name: parts[1], + }, nil + } - return &kmsKeyRingId{ - Project: parts[0], - Location: parts[1], - Name: parts[2], - }, nil + return nil, fmt.Errorf("Invalid KeyRing id format, expecting `{projectId}/{locationId}/{keyRingName}` or `{locationId}/{keyRingName}.`") } func resourceKmsKeyRingImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { - keyRingId, err := parseKmsKeyRingId(d.Id()) + config := meta.(*Config) + + keyRingId, err := parseKmsKeyRingId(d.Id(), config) if err != nil { return nil, err } diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index e57dde3229c..f1da3e82fdd 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -29,10 +29,17 @@ func TestKeyRingIdParsing(t *testing.T) { ImportId: "test-project/us-central1/can-you-believe-that-this-key-ring-name-is-exactly-64-characters", ExpectedError: true, }, + "id is in location/keyRingName format": { + ImportId: "us-central1/test-key-ring", + ExpectedError: false, + ExpectedTerraformId: "test-project/us-central1/test-key-ring", + ExpectedKeyRingId: "projects/test-project/locations/us-central1/keyRings/test-key-ring", + Config: &Config{Project: "test-project"}, + }, } for testName, testCase := range cases { - keyRingId, err := parseKmsKeyRingId(testCase.ImportId) + keyRingId, err := parseKmsKeyRingId(testCase.ImportId, testCase.Config) if testCase.ExpectedError && err == nil { t.Fatalf("bad: %s, expected an error", testName) diff --git a/website/docs/r/google_kms_key_ring.html.markdown b/website/docs/r/google_kms_key_ring.html.markdown index 7363cabfb20..323c689a354 100644 --- a/website/docs/r/google_kms_key_ring.html.markdown +++ b/website/docs/r/google_kms_key_ring.html.markdown @@ -56,4 +56,6 @@ KeyRings can be imported using the KeyRing autogenerated `id`, e.g. ``` $ terraform import google_kms_key_ring.my_key_ring my-gcp-project/us-central1/my-key-ring + +$ terraform import google_kms_key_ring.my_key_ring us-central1/my-key-ring ``` From 65cbadc8aaf954ca56b41a689c0a2c248d140498 Mon Sep 17 00:00:00 2001 From: Mrparkers Date: Wed, 25 Oct 2017 22:00:07 -0500 Subject: [PATCH 26/30] Throw error in import if project provider is not provided for location/name format --- google/resource_kms_key_ring.go | 4 ++++ google/resource_kms_key_ring_test.go | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 14678aac52f..14f5a2aed1c 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -137,6 +137,10 @@ func parseKmsKeyRingId(id string, config *Config) (*kmsKeyRingId, error) { } if keyRingIdWithoutProjectRegex.MatchString(id) { + if config.Project == "" { + return nil, fmt.Errorf("The default project for the provider must be set when using the `{location}/{keyRingName}` id format.") + } + return &kmsKeyRingId{ Project: config.Project, Location: parts[0], diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index f1da3e82fdd..108aa311ffb 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -36,6 +36,11 @@ func TestKeyRingIdParsing(t *testing.T) { ExpectedKeyRingId: "projects/test-project/locations/us-central1/keyRings/test-key-ring", Config: &Config{Project: "test-project"}, }, + "id is in location/keyRingName format without project in config": { + ImportId: "us-central1/test-key-ring", + ExpectedError: true, + Config: &Config{Project: ""}, + }, } for testName, testCase := range cases { From 2791c745b92f7fc8ec69560bc8ec3fcb24a076e7 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Wed, 25 Oct 2017 22:21:46 -0500 Subject: [PATCH 27/30] Consistent variable names --- google/resource_kms_key_ring_test.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index 108aa311ffb..c78ea336278 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -43,26 +43,26 @@ func TestKeyRingIdParsing(t *testing.T) { }, } - for testName, testCase := range cases { - keyRingId, err := parseKmsKeyRingId(testCase.ImportId, testCase.Config) + for tn, tc := range cases { + keyRingId, err := parseKmsKeyRingId(tc.ImportId, tc.Config) - if testCase.ExpectedError && err == nil { - t.Fatalf("bad: %s, expected an error", testName) + if tc.ExpectedError && err == nil { + t.Fatalf("bad: %s, expected an error", tn) } if err != nil { - if testCase.ExpectedError { + if tc.ExpectedError { continue } - t.Fatalf("bad: %s, err: %#v", testName, err) + t.Fatalf("bad: %s, err: %#v", tn, err) } - if keyRingId.terraformId() != testCase.ExpectedTerraformId { - t.Fatalf("bad: %s, expected Terraform ID to be `%s` but is `%s`", testName, testCase.ExpectedTerraformId, keyRingId.terraformId()) + if keyRingId.terraformId() != tc.ExpectedTerraformId { + t.Fatalf("bad: %s, expected Terraform ID to be `%s` but is `%s`", tn, tc.ExpectedTerraformId, keyRingId.terraformId()) } - if keyRingId.keyRingId() != testCase.ExpectedKeyRingId { - t.Fatalf("bad: %s, expected KeyRing ID to be `%s` but is `%s`", testName, testCase.ExpectedKeyRingId, keyRingId.keyRingId()) + if keyRingId.keyRingId() != tc.ExpectedKeyRingId { + t.Fatalf("bad: %s, expected KeyRing ID to be `%s` but is `%s`", tn, tc.ExpectedKeyRingId, keyRingId.keyRingId()) } } } From 248d5183c05dc2a1d8d3ef9c79ed45f835bea96f Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Thu, 26 Oct 2017 15:42:32 -0500 Subject: [PATCH 28/30] Use tabs in resource config instead of spaces --- google/resource_kms_key_ring_test.go | 32 ++++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/google/resource_kms_key_ring_test.go b/google/resource_kms_key_ring_test.go index c78ea336278..9a2275b71e7 100644 --- a/google/resource_kms_key_ring_test.go +++ b/google/resource_kms_key_ring_test.go @@ -156,17 +156,17 @@ func testAccCheckGoogleKmsKeyRingWasRemovedFromState(resourceName string) resour func testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName string) string { return fmt.Sprintf(` resource "google_project" "acceptance" { - name = "%s" - project_id = "%s" - org_id = "%s" - billing_account = "%s" + name = "%s" + project_id = "%s" + org_id = "%s" + billing_account = "%s" } resource "google_project_services" "acceptance" { - project = "${google_project.acceptance.project_id}" - services = [ - "cloudkms.googleapis.com" - ] + project = "${google_project.acceptance.project_id}" + services = [ + "cloudkms.googleapis.com" + ] } resource "google_kms_key_ring" "key_ring" { @@ -180,17 +180,17 @@ resource "google_kms_key_ring" "key_ring" { func testGoogleKmsKeyRing_removed(projectId, projectOrg, projectBillingAccount string) string { return fmt.Sprintf(` resource "google_project" "acceptance" { - name = "%s" - project_id = "%s" - org_id = "%s" - billing_account = "%s" + name = "%s" + project_id = "%s" + org_id = "%s" + billing_account = "%s" } resource "google_project_services" "acceptance" { - project = "${google_project.acceptance.project_id}" - services = [ - "cloudkms.googleapis.com" - ] + project = "${google_project.acceptance.project_id}" + services = [ + "cloudkms.googleapis.com" + ] } `, projectId, projectId, projectOrg, projectBillingAccount) } From 3fbf0bb89306012079202248ad2984c4a43f6e71 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Thu, 26 Oct 2017 15:48:01 -0500 Subject: [PATCH 29/30] Remove "-x" suffix for docs --- website/docs/r/google_kms_key_ring.html.markdown | 2 +- website/google.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/google_kms_key_ring.html.markdown b/website/docs/r/google_kms_key_ring.html.markdown index 323c689a354..4e9700e67f4 100644 --- a/website/docs/r/google_kms_key_ring.html.markdown +++ b/website/docs/r/google_kms_key_ring.html.markdown @@ -1,7 +1,7 @@ --- layout: "google" page_title: "Google: google_kms_key_ring" -sidebar_current: "docs-google-kms-key-ring-x" +sidebar_current: "docs-google-kms-key-ring" description: |- Allows creation of a Google Cloud Platform KMS KeyRing. --- diff --git a/website/google.erb b/website/google.erb index 0f1cb985a49..a854e1ec7ef 100644 --- a/website/google.erb +++ b/website/google.erb @@ -77,7 +77,7 @@ > google_folder_iam_policy - > + > google_kms_key_ring > From 6dc9035c01a81ed79114dc9aa39dfa56d9fc8464 Mon Sep 17 00:00:00 2001 From: Michael Parker Date: Thu, 26 Oct 2017 16:30:22 -0500 Subject: [PATCH 30/30] Set project attribute on import if different from the project config --- google/resource_kms_key_ring.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/google/resource_kms_key_ring.go b/google/resource_kms_key_ring.go index 14f5a2aed1c..8f5d20d4085 100644 --- a/google/resource_kms_key_ring.go +++ b/google/resource_kms_key_ring.go @@ -162,6 +162,10 @@ func resourceKmsKeyRingImportState(d *schema.ResourceData, meta interface{}) ([] d.Set("name", keyRingId.Name) d.Set("location", keyRingId.Location) + if config.Project != keyRingId.Project { + d.Set("project", keyRingId.Project) + } + d.SetId(keyRingId.terraformId()) return []*schema.ResourceData{d}, nil