423 lines
14 KiB
Python
423 lines
14 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2024 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Shared resource flags for kms resources."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from typing import cast
|
|
|
|
from googlecloudsdk.calliope.concepts import concepts
|
|
from googlecloudsdk.calliope.concepts import deps
|
|
from googlecloudsdk.command_lib.util.concepts import concept_parsers
|
|
from googlecloudsdk.command_lib.util.concepts import presentation_specs
|
|
from googlecloudsdk.core import properties
|
|
|
|
|
|
def KeyVersionAttributeConfig(kms_prefix=True):
|
|
name = 'kms-key-version' if kms_prefix else 'key-version'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name, help_text='The KMS key version of the {resource}.'
|
|
)
|
|
|
|
|
|
def KeyAttributeConfig(kms_prefix=True):
|
|
name = 'kms-key' if kms_prefix else 'key'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name, help_text='The KMS key of the {resource}.'
|
|
)
|
|
|
|
|
|
def KeyringAttributeConfig(kms_prefix=True):
|
|
name = 'kms-keyring' if kms_prefix else 'keyring'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name, help_text='The KMS keyring of the {resource}.'
|
|
)
|
|
|
|
|
|
def KeyHandleAttributeConfig(kms_prefix=True):
|
|
name = 'kms-key-handle' if kms_prefix else 'key-handle'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name, help_text='The KMS key-handle of the {resource}.'
|
|
)
|
|
|
|
|
|
def EkmConnectionAttributeConfig(kms_prefix=True):
|
|
name = 'kms-ekmconnection' if kms_prefix else 'ekmconnection'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name, help_text='The KMS ekm connection of the {resource}.'
|
|
)
|
|
|
|
|
|
def SingleTenantHsmInstanceAttributeConfig(kms_prefix=True):
|
|
name = (
|
|
'kms-single_tenant_hsm_instance'
|
|
if kms_prefix
|
|
else 'single_tenant_hsm_instance'
|
|
)
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name,
|
|
help_text='The KMS single tenant HSM instance of the {resource}.',
|
|
)
|
|
|
|
|
|
def SingleTenantHsmInstanceProposalAttributeConfig(kms_prefix=True):
|
|
name = 'kms-proposal' if kms_prefix else 'proposal'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name,
|
|
help_text=(
|
|
'The KMS single tenant HSM instance proposal of the {resource}.'
|
|
),
|
|
)
|
|
|
|
|
|
def OperationAttributeConfig(kms_prefix=True):
|
|
name = 'kms-operation' if kms_prefix else 'operation'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name,
|
|
help_text='The KMS operation of the {resource}.',
|
|
)
|
|
|
|
|
|
def LocationAttributeConfig(kms_prefix=True, region_fallthrough=False):
|
|
name = 'kms-location' if kms_prefix else 'location'
|
|
fallthroughs = []
|
|
if region_fallthrough:
|
|
fallthroughs.append(deps.ArgFallthrough('--region'))
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name,
|
|
help_text='The Google Cloud location for the {resource}.',
|
|
fallthroughs=fallthroughs,
|
|
)
|
|
|
|
|
|
def ProjectAttributeConfig(kms_prefix=True):
|
|
name = 'kms-project' if kms_prefix else 'project'
|
|
return concepts.ResourceParameterAttributeConfig(
|
|
name=name,
|
|
help_text='The Google Cloud project for the {resource}.',
|
|
fallthroughs=[deps.PropertyFallthrough(properties.VALUES.core.project)],
|
|
)
|
|
|
|
|
|
def GetKmsKeyVersionResourceSpec(kms_prefix=True):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions',
|
|
resource_name='key version',
|
|
cryptoKeyVersionsId=KeyVersionAttributeConfig(kms_prefix),
|
|
cryptoKeysId=KeyAttributeConfig(kms_prefix),
|
|
keyRingsId=KeyringAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(kms_prefix=kms_prefix),
|
|
projectsId=ProjectAttributeConfig(kms_prefix=kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsKeyResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.keyRings.cryptoKeys',
|
|
resource_name='key',
|
|
cryptoKeysId=KeyAttributeConfig(kms_prefix),
|
|
keyRingsId=KeyringAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsKeyRingResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.keyRings',
|
|
resource_name='keyring',
|
|
keyRingsId=KeyringAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsKeyHandleResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.keyHandles',
|
|
resource_name='key-handle',
|
|
keyHandlesId=KeyHandleAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsEkmConnectionResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.ekmConnections',
|
|
resource_name='ekmconnection',
|
|
ekmConnectionsId=EkmConnectionAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsSingleTenantHsmInstanceResourceSpec(
|
|
kms_prefix=True, region_fallthrough=False
|
|
):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.singleTenantHsmInstances',
|
|
resource_name='singleTenantHsmInstance',
|
|
singleTenantHsmInstancesId=SingleTenantHsmInstanceAttributeConfig(
|
|
kms_prefix
|
|
),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsSingleTenantHsmInstanceProposalResourceSpec(
|
|
kms_prefix=True, region_fallthrough=False
|
|
):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.singleTenantHsmInstances.proposals',
|
|
resource_name='singleTenantHsmInstanceProposal',
|
|
proposalsId=SingleTenantHsmInstanceProposalAttributeConfig(kms_prefix),
|
|
singleTenantHsmInstancesId=SingleTenantHsmInstanceAttributeConfig(
|
|
kms_prefix
|
|
),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsOperationResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations.operations',
|
|
resource_name='operation',
|
|
operationsId=OperationAttributeConfig(kms_prefix),
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsLocationResourceSpec(kms_prefix=True, region_fallthrough=False):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects.locations',
|
|
resource_name='location',
|
|
locationsId=LocationAttributeConfig(
|
|
kms_prefix=kms_prefix, region_fallthrough=region_fallthrough
|
|
),
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsProjectResourceSpec(kms_prefix=True):
|
|
return concepts.ResourceSpec(
|
|
'cloudkms.projects',
|
|
resource_name='project',
|
|
projectsId=ProjectAttributeConfig(kms_prefix),
|
|
disable_auto_completers=False,
|
|
)
|
|
|
|
|
|
def GetKmsKeyPresentationSpec(
|
|
resource,
|
|
region_fallthrough=False,
|
|
flag_overrides=None,
|
|
permission_info=None,
|
|
):
|
|
"""Return a Presentation Spec for kms key resource argument.
|
|
|
|
Args:
|
|
resource: str, the name of the resource that the cryptokey will be used to
|
|
protect.
|
|
region_fallthrough: bool, True if the command has a region flag that should
|
|
be used as a fallthrough for the kms location.
|
|
flag_overrides: dict, The default flag names are 'kms-key', 'kms-keyring',
|
|
'kms-location' and 'kms-project'. You can pass a dict of overrides where
|
|
the keys of the dict are the default flag names, and the values are the
|
|
override names.
|
|
permission_info: str, optional permission info that overrides default
|
|
permission info group help.
|
|
|
|
Returns:
|
|
Presentation spec suitable for adding to concept parser.
|
|
"""
|
|
|
|
if not permission_info:
|
|
permission_info = '{} must hold permission {}'.format(
|
|
"The 'Compute Engine Service Agent' service account",
|
|
"'Cloud KMS CryptoKey Encrypter/Decrypter'",
|
|
)
|
|
|
|
group_help = (
|
|
'The Cloud KMS (Key Management Service) cryptokey that will be'
|
|
' used to protect the {}. {}.'.format(resource, permission_info)
|
|
)
|
|
|
|
presentation_spec = presentation_specs.ResourcePresentationSpec(
|
|
'--kms-key',
|
|
GetKmsKeyResourceSpec(region_fallthrough=region_fallthrough),
|
|
group_help,
|
|
flag_name_overrides=flag_overrides or {},
|
|
)
|
|
return presentation_spec
|
|
|
|
|
|
def AddKmsKeyResourceArg(
|
|
parser,
|
|
resource,
|
|
region_fallthrough=False,
|
|
flag_overrides=None,
|
|
permission_info=None,
|
|
required=False,
|
|
name='--kms-key',
|
|
hidden=False,
|
|
):
|
|
"""Add a resource argument for a KMS key to protect other resources.
|
|
|
|
Args:
|
|
parser: the parser for the command.
|
|
resource: str, the name of the resource that the cryptokey will be used to
|
|
protect.
|
|
region_fallthrough: bool, True if the command has a region flag that should
|
|
be used as a fallthrough for the kms location.
|
|
flag_overrides: dict, The default flag names are 'kms-key', 'kms-keyring',
|
|
'kms-location' and 'kms-project'. You can pass a dict of overrides where
|
|
the keys of the dict are the default flag names, and the values are the
|
|
override names.
|
|
permission_info: str, optional permission info that overrides default
|
|
permission info group help.
|
|
required: bool, optional. True if the flag must be parsable by the parser.
|
|
The default value is False.
|
|
name: str, optional name of the arg for the KMS resource. Defaults to
|
|
'--kms-key'.
|
|
hidden: bool, optional to hide the field. True if the flag must be parsable
|
|
by the parser. The default value is False.
|
|
"""
|
|
if not permission_info:
|
|
permission_info = '{} must hold permission {}'.format(
|
|
"The 'Compute Engine Service Agent' service account",
|
|
"'Cloud KMS CryptoKey Encrypter/Decrypter'",
|
|
)
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsKeyResourceSpec(region_fallthrough=region_fallthrough),
|
|
'The Cloud KMS (Key Management Service) cryptokey that will be used to '
|
|
'protect the {}. {}.'.format(resource, permission_info),
|
|
flag_name_overrides=flag_overrides,
|
|
required=required,
|
|
hidden=hidden,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsKeyResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsKeyResourceSpec(kms_prefix=False),
|
|
'The KMS key resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsKeyringResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsKeyRingResourceSpec(kms_prefix=False),
|
|
'The KMS keyring resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsKeyHandleResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsKeyHandleResourceSpec(kms_prefix=False),
|
|
'The KMS key-handle resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsEkmConnectionResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsEkmConnectionResourceSpec(kms_prefix=False),
|
|
'The KMS ekm connection resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsSingleTenantHsmInstanceResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsSingleTenantHsmInstanceResourceSpec(kms_prefix=False),
|
|
'The KMS single tenant HSM instance resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsSingleTenantHsmInstanceProposalResourceArgForKMS(
|
|
parser, required, name
|
|
):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsSingleTenantHsmInstanceProposalResourceSpec(kms_prefix=False),
|
|
'The KMS single tenant HSM instance proposal resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsOperationResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsOperationResourceSpec(kms_prefix=False),
|
|
'The KMS operation resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsLocationResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsLocationResourceSpec(kms_prefix=False),
|
|
'The KMS location resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|
|
|
|
|
|
def AddKmsProjectResourceArgForKMS(parser, required, name):
|
|
concept_parsers.ConceptParser.ForResource(
|
|
name,
|
|
GetKmsProjectResourceSpec(kms_prefix=False),
|
|
'The KMS project resource.',
|
|
required=required,
|
|
).AddToParser(parser)
|