SrSSKJr SSKJr SSKJr SSKJr SSKJ r SSKJ r Sr /S Qr S r S rS rS rSSjrSSjrg)zUtility functions for Cloud KMS integration with GCE. Collection of methods to handle Cloud KMS (Key Management Service) resources with Google Compute Engine (GCE). )absolute_import)division)unicode_literals) exceptions) properties) resourceszGhttps://cloud.google.com/compute/docs/disks/customer-managed-encryption) kms-key kms-keyring kms-location kms-projectzboot-disk-kms-keyzboot-disk-kms-keyringzboot-disk-kms-locationzboot-disk-kms-projectzinstance-kms-keyzinstance-kms-keyringzinstance-kms-locationzinstance-kms-projectcU(dg[5n[H:n[XRSS5S5(dM&UR SU-5 M< U$)3Returns the first KMS related argument as a string.N-_z--)set _KMS_ARGSgetattrreplaceaddargs specifiedkeywords /lib/googlecloudsdk/api_lib/compute/kms_utils.py_GetSpecifiedKmsArgsr'sI e)gt__S#.55mmD7N# ctU(dg[5n[HnX ;dM URU5 M U$)rN)rrrrs r_GetSpecifiedKmsDictr2s2 e)gmmG rc U(dgSn[RRU"US5"5SU;aUSO-[RR R RU"US5U"US5U"US5S.SS 9$) zTT;aTTOSnU(aU$[R"SSRT55e)Nz --create-diskzKKMS cryptokey resource was not fully specified. Key [{}] must be specified.)calliope_exceptionsInvalidArgumentExceptionformat)valrkeys r GetValueFunc5_DictToKmsKey..GetValue..GetValueFuncDs@DI$c   8 8   &+ ''r)rr&r's`` rGetValue_DictToKmsKey..GetValueBs' rr r r r ) projectsId locationsId keyRingsId cryptoKeysIdz/cloudkms.projects.locations.keyRings.cryptoKeys)params collection)rREGISTRYParserVALUEScoreproject GetOrFail)rr*s r _DictToKmsKeyr8=s      ! !tY!&3d%:d=!$$,,66t^,t]+tY' C " D Drcb[U5nU(dgURUR5S9$)zFReturns the Cloud KMS crypto key name based on the values in the dict.N kmsKeyName)r8CustomerEncryptionKey RelativeName)rmessagesr&s r_DictToMessager?_s/d#   ' '33C3C3E ' FFrcU(aURRnSnO8U(aURRnSnOURRnSnUR 5nU[ U5;aU(d[ R"US5eU(aDU(a [ R"S/[ U5Q76eURUR5S9$U$)aGets the Cloud KMS CryptoKey reference from command arguments. Args: args: Namespaced command line arguments. messages: Compute API messages module. current_value: Current CustomerEncryptionKey value. boot_disk_prefix: If the key flags have the 'boot-disk' prefix. instance_prefix: If the key flags have the 'instance' prefix. Returns: CustomerEncryptionKey message with the KMS key populated if args has a key. Raises: ConflictingArgumentsException if an encryption key is already populated. z--boot-disk-kms-keyz--instance-kms-keyz --kms-keyz/KMS cryptokey resource was not fully specified.--csek-key-filer:) CONCEPTSboot_disk_kms_keyinstance_kms_keykms_keyr3rr"r#ConflictingArgumentsExceptionr<r=)rr> current_valueboot_disk_prefixinstance_prefixkey_argflagr&s rMaybeGetKmsKeyrLgs&mm--G Dmm,,G Dmm##G D # !$ ''  6 6 ? AA  = =  :248 ::  ) )S5E5E5G ) HH rc[[U55(a2U(a [R"U/[ U5Q76e[ X5$U$)aGets the Cloud KMS CryptoKey reference for a boot disk's initialize params. Args: args: A dictionary of a boot disk's initialize params. messages: Compute API messages module. current_value: Current CustomerEncryptionKey value. conflicting_arg: name of conflicting argument Returns: CustomerEncryptionKey message with the KMS key populated if args has a key. Raises: ConflictingArgumentsException if an encryption key is already populated. )boolrr"rFrr?)rr>rGconflicting_args rMaybeGetKmsKeyFromDictrPsL" t $%%  = =  806 88 $ )) rN)FF)rA)__doc__ __future__rrrgooglecloudsdk.callioperr"googlecloudsdk.corerr KMS_HELP_URLrrrr8r?rLrPr)rrrVs[ ''E*).   DDG%*#( &X,=r