davidkotnik/novafarma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add new gcloud commands, API clients, and third-party libraries across various services.

Browse Source
This commit is contained in:
David Kotnik
2026-01-01 20:26:35 +01:00
parent 5e23cbece0
commit a19e592eb7
25221 changed files with 8324611 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/__init__.py Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""The command group for ekm connections."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.kms import flags
from googlecloudsdk.core import resources
@base.ReleaseTracks(base.ReleaseTrack.ALPHA, base.ReleaseTrack.BETA,
base.ReleaseTrack.GA)
class EkmConnections(base.Group):
"""Create and manage ekm connections.
Ekm Connections are used to control the connection settings for an
EXTERNAL_VPC CryptoKey.
"""
category = base.IDENTITY_AND_SECURITY_CATEGORY
@staticmethod
def Args(parser):
parser.display_info.AddUriFunc(
cloudkms_base.MakeGetUriFunc(flags.EKM_CONNECTION_COLLECTION))

34
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/add_iam_policy_binding.yaml Normal file
View File

@@ -0,0 +1,34 @@
release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Add IAM policy binding for a kms ekm connection.
description: |
Adds a policy binding to the IAM policy of a kms ekm connection. A binding consists of at least
one member, a role, and an optional condition.
examples: |
To add an IAM policy binding for the role of 'roles/editor' for the user 'test-user@gmail.com'
on the ekm connection laplace with location global, run:
$ {command} laplace --location='global' --member='user:test-user@gmail.com' --role='roles/editor'
To add an IAM policy binding which expires at the end of the year 2022 for the role of
'roles/editor' and the user 'test-user@gmail.com' on the laplace fellowship and
location global, run:
$ {command} laplace --location='global' --member='user:test-user@gmail.com' --role='roles/editor' --condition='expression=request.time < timestamp("2023-01-01T00:00:00Z"),title=expires_end_of_2022,description=Expires at midnight on 2022-12-31'
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
request:
collection: cloudkms.projects.locations.ekmConnections
arguments:
resource:
help_text: The ekm connection to add the IAM policy binding.
spec: !REF googlecloudsdk.command_lib.kms.resources:ekm_connection
iam:
enable_condition: true
policy_version: 3
get_iam_policy_version_path: options_requestedPolicyVersion

114
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/create.py Normal file
View File

@@ -0,0 +1,114 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Create a new ekm connection."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.kms import certs
from googlecloudsdk.command_lib.kms import flags
from googlecloudsdk.command_lib.kms import maps
from googlecloudsdk.command_lib.kms import resource_args
class Create(base.CreateCommand):
r"""Create a new ekm connection.
Creates a new connection within the given location.
## EXAMPLES
The following command creates an ekm connection named `laplace` within the
location `us-central1`:
$ {command} laplace \
--location=us-central1 \
--service-directory-service="foo" \
--endpoint-filter="foo > bar" \
--hostname="hostname.foo" \
--server-certificates-files=foo.pem,bar.pem
The following command creates an ekm connection named `laplace` within the
location `us-central1` in `cloud-kms` key management mode with the required
crypto-space-path :
$ {command} laplace \
--location=us-central1 \
--service-directory-service="foo" \
--endpoint-filter="foo > bar" \
--hostname="hostname.foo" \
--key-management-mode=cloud-kms
--crypto-space-path="foo"
--server-certificates-files=foo.pem,bar.pem
"""
@staticmethod
def Args(parser):
resource_args.AddKmsEkmConnectionResourceArgForKMS(parser, True,
'ekm_connection')
flags.AddServiceDirectoryServiceFlag(parser, True)
flags.AddEndpointFilterFlag(parser)
flags.AddHostnameFlag(parser, True)
flags.AddServerCertificatesFilesFlag(parser, True)
flags.AddKeyManagementModeFlags(parser)
parser.display_info.AddCacheUpdater(flags.EkmConnectionCompleter)
def _CreateRequest(self, args):
messages = cloudkms_base.GetMessagesModule()
ekm_connection_ref = args.CONCEPTS.ekm_connection.Parse()
parent_ref = ekm_connection_ref.Parent()
if args.key_management_mode == 'cloud-kms':
if not args.crypto_space_path:
raise exceptions.RequiredArgumentException(
'--crypto-space-path',
'Must be supplied when --key-management-mode is cloud-kms.')
certificate_list = []
for cert_file in args.server_certificates_files:
try:
certificate_list.append(
messages.Certificate(rawDer=certs.GetDerCertificate(cert_file)))
except Exception as e:
raise exceptions.BadArgumentException(
'--server-certificates-files',
'Error while attempting to read file {} : {}'.format(cert_file, e))
req = messages.CloudkmsProjectsLocationsEkmConnectionsCreateRequest(
parent=parent_ref.RelativeName(),
ekmConnectionId=ekm_connection_ref.Name(),
ekmConnection=messages.EkmConnection(
keyManagementMode=maps.KEY_MANAGEMENT_MODE_MAPPER.GetEnumForChoice(
args.key_management_mode),
cryptoSpacePath=args.crypto_space_path,
serviceResolvers=[
messages.ServiceResolver(
serviceDirectoryService=args.service_directory_service,
endpointFilter=args.endpoint_filter,
hostname=args.hostname,
serverCertificates=certificate_list)
]))
return req
def Run(self, args):
client = cloudkms_base.GetClientInstance()
return client.projects_locations_ekmConnections.Create(
self._CreateRequest(args))

54
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/describe.py Normal file
View File

@@ -0,0 +1,54 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Describe an ekmconnection."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.kms import resource_args
class Describe(base.DescribeCommand):
"""Get metadata for an ekmconnection.
Returns metadata for the given ekmconnection.
## EXAMPLES
The following command returns the metadata for the ekmconnection `laplace`
in the location `us-east1`:
$ {command} laplace --location=us-east1
"""
@staticmethod
def Args(parser):
resource_args.AddKmsEkmConnectionResourceArgForKMS(parser, True,
'ekm_connection')
def Run(self, args):
client = cloudkms_base.GetClientInstance()
messages = cloudkms_base.GetMessagesModule()
ekm_connection_ref = args.CONCEPTS.ekm_connection.Parse()
if not ekm_connection_ref.Name():
raise exceptions.InvalidArgumentException(
'ekmconnection', 'ekmconnection id must be non-empty.')
return client.projects_locations_ekmConnections.Get(
messages.CloudkmsProjectsLocationsEkmConnectionsGetRequest(
name=ekm_connection_ref.RelativeName()))

27
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/get_iam_policy.yaml Normal file
View File

@@ -0,0 +1,27 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Get the IAM policy for an ekm connection.
description: |
Displays the IAM policy associated with an ekm connection.
If formatted as JSON, the output can be edited and used as
a policy file for *set-iam-policy*. The output includes an "etag"
field identifying the version emitted and allowing detection of
concurrent policy updates;
see $ {parent_command} set-iam-policy for additional details.
examples: |
To print the IAM policy for a given ekm connection, run:
$ {command} --location=my-location my-ekmconnection
request:
collection: cloudkms.projects.locations.ekmConnections
arguments:
resource:
help_text: The ekm connection for which to get the IAM policy binding.
spec: !REF googlecloudsdk.command_lib.kms.resources:ekm_connection
iam:
policy_version: 3
get_iam_policy_version_path: options_requestedPolicyVersion

65
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/list.py Normal file
View File

@@ -0,0 +1,65 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""List ekmconnections within a location."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from apitools.base.py import list_pager
from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
from googlecloudsdk.calliope import base
from googlecloudsdk.command_lib.kms import resource_args
class List(base.ListCommand):
"""List ekmconnections within a location.
Lists all ekmconnections within the given location.
## EXAMPLES
The following command lists a maximum of five ekmconnections in the location
`global`:
$ {command} --location=global --limit=5
"""
@staticmethod
def Args(parser):
resource_args.AddKmsLocationResourceArgForKMS(parser, True, '--location')
# Service resolvers is currently restricted to only have one.
parser.display_info.AddFormat("""
table(
name,
service_resolvers[0].serviceDirectoryService,
service_resolvers[0].hostname)
""")
def Run(self, args):
client = cloudkms_base.GetClientInstance()
messages = cloudkms_base.GetMessagesModule()
location_ref = args.CONCEPTS.location.Parse()
request = messages.CloudkmsProjectsLocationsEkmConnectionsListRequest(
parent=location_ref.RelativeName())
return list_pager.YieldFromList(
client.projects_locations_ekmConnections,
request,
field='ekmConnections',
limit=args.limit,
batch_size_attribute='pageSize')

41
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/remove_iam_policy_binding.yaml Normal file
View File

@@ -0,0 +1,41 @@
release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Remove IAM policy binding for a kms ekm connection.
description: |
Removes a policy binding from the IAM policy of a kms ekm connection. A binding consists of at
least one member, a role, and an optional condition.
examples: |
To remove an IAM policy binding for the role of 'roles/editor' for the user
'test-user@gmail.com' on the ekm connection laplace with location global, run:
$ {command} laplace --location='global' --member='user:test-user@gmail.com' --role='roles/editor'
To remove an IAM policy binding with a condition of
expression='request.time < timestamp("2023-01-01T00:00:00Z")', title='expires_end_of_2022',
and description='Expires at midnight on 2022-12-31' for the role of 'roles/editor'
for the user 'test-user@gmail.com' on the ekm connection laplace with location global, run:
$ {command} laplace --location='global' --member='user:test-user@gmail.com' --role='roles/editor' --condition='expression=request.time < timestamp("2023-01-01T00:00:00Z"),title=expires_end_of_2022,description=Expires at midnight on 2022-12-31'
To remove all IAM policy bindings regardless of the condition for the role of
'roles/editor' and for the user 'test-user@gmail.com' on the ekm connection laplace with
location global, run:
$ {command} laplace --location='global' --member='user:test-user@gmail.com' --role='roles/editor' --all
See https://cloud.google.com/iam/docs/managing-policies for details of
policy role and member types.
request:
collection: cloudkms.projects.locations.ekmConnections
arguments:
resource:
help_text: The ekm connection to remove the IAM policy binding.
spec: !REF googlecloudsdk.command_lib.kms.resources:ekm_connection
iam:
enable_condition: true
policy_version: 3
get_iam_policy_version_path: options_requestedPolicyVersion

30
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/set_iam_policy.yaml Normal file
View File

@@ -0,0 +1,30 @@
- release_tracks: [ALPHA, BETA, GA]
help_text:
brief: Set the IAM policy binding for a KMS ekm connection.
description: |
Sets the IAM policy for the given ekm connection as defined in a JSON or YAML file.
See https://cloud.google.com/iam/docs/managing-policies for details of
the policy file format and contents.
examples: |
The following command will read an IAM policy defined in a JSON file
'policy.json' and set it for the ekm connection 'laplace' with the location 'global':
$ {command} laplace policy.json --location=global
See https://cloud.google.com/iam/docs/managing-policies for details of the
policy file format and contents.
request:
collection: cloudkms.projects.locations.ekmConnections
modify_request_hooks:
- googlecloudsdk.command_lib.iam.hooks:UseMaxRequestedPolicyVersion:api_field=setIamPolicyRequest.policy.version
- googlecloudsdk.command_lib.iam.hooks:AddVersionToUpdateMaskIfNotPresent:update_mask_path=setIamPolicyRequest.updateMask
arguments:
resource:
help_text: The ekm connection for which to set the IAM policy binding.
spec: !REF googlecloudsdk.command_lib.kms.resources:ekm_connection
iam:
policy_version: 3

146
gcloud auth application-default login/google-cloud-sdk/lib/surface/kms/ekm_connections/update.py Normal file
View File

@@ -0,0 +1,146 @@
# -*- coding: utf-8 -*- #
# Copyright 2022 Google LLC. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Update an ekmconnection."""
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from googlecloudsdk.api_lib.cloudkms import base as cloudkms_base
from googlecloudsdk.calliope import base
from googlecloudsdk.calliope import exceptions
from googlecloudsdk.command_lib.kms import certs
from googlecloudsdk.command_lib.kms import exceptions as kms_exceptions
from googlecloudsdk.command_lib.kms import flags
from googlecloudsdk.command_lib.kms import maps
from googlecloudsdk.command_lib.kms import resource_args
class Update(base.UpdateCommand):
r"""Update an ekmconnection.
{command} can be used to update the ekmconnection. Updates can be made to the
ekmconnection's service resolver's fields.
## EXAMPLES
The following command updates an ekm-connection named `laplace` service
resolver's hostname within location `us-east1`:
$ {command} laplace --location=us-east1 \
--hostname=newhostname.foo
The following command updates an ekm-connection named `laplace` service
resolver's service_directory_service, endpoint_filter, hostname, and
server_certificates within location `us-east1`:
$ {command} laplace --location=us-east1 \
--service-directory-service="foo" \
--endpoint-filter="foo > bar" \
--hostname="newhostname.foo" \
--server-certificates-files=foo.pem,bar.pem
The following command updates an ekm-connection named `laplace`
key_management_mode within location `us-east1`:
$ {command} laplace --location=us-east1 \
--key-management-mode=manual
"""
@staticmethod
def Args(parser):
resource_args.AddKmsEkmConnectionResourceArgForKMS(parser, True,
'ekm_connection')
flags.AddServiceDirectoryServiceFlag(parser)
flags.AddEndpointFilterFlag(parser)
flags.AddHostnameFlag(parser)
flags.AddKeyManagementModeFlags(parser)
flags.AddServerCertificatesFilesFlag(parser)
def CreateUpdateMask(self, args):
update_mask = []
if (args.service_directory_service or args.endpoint_filter or
args.hostname or args.server_certificates_files):
update_mask.append('serviceResolvers')
if args.key_management_mode:
update_mask.append('keyManagementMode')
if args.crypto_space_path:
update_mask.append('cryptoSpacePath')
return ','.join(update_mask)
def CreateRequest(self, args, messages, ekm_connection_to_update):
ec_ref = flags.ParseEkmConnectionName(args)
service_resolver_to_update = ekm_connection_to_update.serviceResolvers[0]
if args.service_directory_service:
service_resolver_to_update.serviceDirectoryService = args.service_directory_service
if args.endpoint_filter:
service_resolver_to_update.endpointFilter = args.endpoint_filter
if args.hostname:
service_resolver_to_update.hostname = args.hostname
if args.key_management_mode:
ekm_connection_to_update.keyManagementMode = (
maps.KEY_MANAGEMENT_MODE_MAPPER.GetEnumForChoice(
args.key_management_mode))
if args.crypto_space_path:
ekm_connection_to_update.cryptoSpacePath = args.crypto_space_path
certificate_list = []
if args.server_certificates_files:
for cert_file in args.server_certificates_files:
try:
certificate_list.append(
messages.Certificate(rawDer=certs.GetDerCertificate(cert_file)))
except Exception as e:
raise exceptions.BadArgumentException(
'--server-certificates-files',
'Error while attempting to read file {} : {}'.format(
cert_file, e))
service_resolver_to_update.serverCertificates = certificate_list
req = messages.CloudkmsProjectsLocationsEkmConnectionsPatchRequest(
name=ec_ref.RelativeName(), ekmConnection=ekm_connection_to_update)
req.updateMask = self.CreateUpdateMask(args)
return req
def Run(self, args):
if not (args.service_directory_service or args.endpoint_filter or
args.hostname or args.server_certificates_files or
args.key_management_mode or args.crypto_space_path):
raise kms_exceptions.UpdateError(
'An error occured: At least one of --service-directory-service or '
'--endpoint-filter or --hostname or --server-certificates-files or '
'--key-management-mode or --crypto-space-path must be specified.')
client = cloudkms_base.GetClientInstance()
messages = cloudkms_base.GetMessagesModule()
ec_ref = flags.ParseEkmConnectionName(args)
# Try to get the ekmConnection and raise an exception if it doesn't exist.
ekm_connection = client.projects_locations_ekmConnections.Get(
messages.CloudkmsProjectsLocationsEkmConnectionsGetRequest(
name=ec_ref.RelativeName()))
# Make update request
update_req = self.CreateRequest(args, messages, ekm_connection)
return client.projects_locations_ekmConnections.Patch(update_req)