3zSrSSKJr SSKJr SSKJr SSKJr SSKJ r SSK J r SSK Jr SSK Jr SSK Jr SS K Jr SS KJr \ R&\ R("\ R*R,\ R*R.\ R*R05"S S \ R2555rg )z Update a key.)absolute_import)division)unicode_literals) exceptions)base)flags)maps) resource_args) labels_utilcF\rSrSrSr\S5rSrSrSr Sr Sr S r g ) UpdateaUpdate a key. 1. Update the rotation schedule for the given key. Updates the rotation schedule for the given key. The schedule automatically creates a new primary version for the key according to `next-rotation-time` and `rotation-period` flags. Flag `next-rotation-time` must be in ISO 8601 or RFC3339 format, and `rotation-period` must be in the form INTEGER[UNIT], where units can be one of seconds (s), minutes (m), hours (h) or days (d). Key rotations performed manually via `update-primary-version` and the version `create` do not affect the stored `next-rotation-time`. 2. Remove the rotation schedule for the given key with `remove-rotation-schedule` flag. 3. Update/Remove the labels for the given key with `update-labels` and/or `remove-labels` flags. 4. Update the primary version for the given key with `primary-version` flag. 5. Update the Key Access Justifications policy for the given key with `allowed-access-reasons` flag to allow specified reasons. The key must be enrolled in Key Access Justifications to use this flag. 6. Remove the Key Access Justifications policy for the given key with `remove-key-access-justifications-policy` flag. The key must be enrolled in Key Access Justifications to use this flag. 7. Update the Key Access Justifications policy for the given key with `allowed_access_reasons` flag to allow zero access reasons. This effectively disables the key, because a policy is configured to reject all access reasons. The key must be enrolled in Key Access Justifications to use this flag. ## EXAMPLES The following command sets a 30 day rotation period for the key named `frodo` within the keyring `fellowship` and location `global` starting at the specified time: $ {command} frodo \ --location=global \ --keyring=fellowship \ --rotation-period=30d \ --next-rotation-time=2017-10-12T12:34:56.1234Z The following command removes the rotation schedule for the key named `frodo` within the keyring `fellowship` and location `global`: $ {command} frodo \ --location=global \ --keyring=fellowship \ --remove-rotation-schedule The following command updates the labels value for the key named `frodo` within the keyring `fellowship` and location `global`. If the label key does not exist at the time, it will be added: $ {command} frodo \ --location=global \ --keyring=fellowship \ --update-labels=k1=v1 The following command removes labels k1 and k2 from the key named `frodo` within the keyring `fellowship` and location `global`: $ {command} frodo \ --location=global \ --keyring=fellowship \ --remove-labels=k1,k2 The following command updates the primary version for the key named `frodo` within the keyring `fellowship` and location `global`: $ {command} frodo \ --location=global \ --keyring=fellowship \ --primary-version=1 The following command updates the default algorithm for the key named `frodo` within the keyring `fellowship` and location `global`, assuming the key originally has purpose 'asymmetric-encryption' and algorithm 'rsa-decrypt-oaep-2048-sha256': $ {command} frodo \ --location=global \ --keyring=fellowship \ --default-algorithm=rsa-decrypt-oaep-4096-sha256 The following command updates the Key Access Justifications policy for the key named `frodo` within the keyring ``fellowship'' and location ``global'' to allow only ``customer-initiated-access'' and ``google-initiated-system-operation'': $ {command} frodo \ --location=global \ --keyring=fellowship \ --allowed-access-reasons=customer-initiated-access,google-initiated-system-operation The following command removes the Key Access Justifications policy for the key named `frodo` within the keyring ``fellowship'' and location ``global'', which results in all access reasons being allowed: $ {command} frodo \ --location=global \ --keyring=fellowship \ --remove-key-access-justifications-policy The following command updates the Key Access Justifications policy for the key named `frodo` within the keyring ``fellowship'' and location ``global'' to allow only zero access reasons, effectively disabling the key: $ {command} frodo \ --location=global \ --keyring=fellowship \ --allowed-access-reasons= c[R"USS5 [R"U5 [R"U5 [R "U5 [R "US5 [R"U5 [R"U5 [R"U5 [R"U5 g)NTkeyzto make primary) r AddKmsKeyResourceArgForKMSrAddRotationPeriodFlagAddNextRotationTimeFlagAddRemoveRotationScheduleFlagAddCryptoKeyPrimaryVersionFlagr AddUpdateLabelsFlagsAddDefaultAlgorithmFlagAddAllowedAccessReasonsFlag*AddRemoveKeyAccessJustificationsPolicyFlag)parsers lib/surface/kms/keys/update.pyArgs Update.Argss,,VT5A ' !!&) ''/ ((1BC$$V, !!&) %%f- 44V<cX/n[RRU5nUR5(aUR S5 UR (aZUR (dUR(a[R"S5eUR S5 UR S5 UR (aUR S5 UR(aUR S5 UR(aUR S5 URb'UR(a[R"S5eURcUR(aUR S5 UR(dU(d[R"S5eU$) Nlabelsz=You cannot set and remove rotation schedule at the same time.rotationPeriodnextRotationTimezversionTemplate.algorithmzNYou cannot set and remove a Key Access Justifications policy at the same time.keyAccessJustificationsPolicyaAt least one of --primary-version or --update-labels or --remove-labels or --clear-labels or --rotation-period or --next-rotation-time or --remove-rotation-schedule or --default-algorithm or --allowed-access-reasons or --remove-key-access-justifications-policy must be specified.)r DiffFromUpdateArgsMayHaveUpdatesappendremove_rotation_schedulerotation_periodnext_rotation_timekms_exceptions ArgumentErrordefault_algorithmallowed_access_reasons'remove_key_access_justifications_policyprimary_version UpdateError)selfargsfields_to_update labels_diffs r ProcessFlagsUpdate.ProcessFlagssU""11$7K!!##h' $$  !8!8** KM M./01 ./ 01 9: ##/  8 8  ( (   ##/  7 7=>   (8  & & I  rcx[R"5n[R"5nURRR 5nUR UR5URURS9S9nURRU5nU$![Ra gf=f)N)cryptoKeyVersionId)name$updateCryptoKeyPrimaryVersionRequest) cloudkms_baseGetClientInstanceGetMessagesModuleCONCEPTSrParseFCloudkmsProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionRequest RelativeName$UpdateCryptoKeyPrimaryVersionRequestr0&projects_locations_keyRings_cryptoKeysUpdatePrimaryVersionapitools_exceptions HttpError)r2r3clientmessagescrypto_key_refreqresponses rrEUpdate.UpdatePrimaryVersions  , , .F..0H]]&&,,.N  Y Y  ( ( *  9 9#'#7#7 : 9 Z ;C >>SS h O  ( ( sB""B98B9c [R"5n[R"5nURRR 5n[ RRU5RURRUR5nUR(a URnO URnURUR5URUS9S9n SR!U5U l[$R&"XR(5 [$R*"XR(5 UR,(a[.R0UR2n UR,U ;aH[4R6"SR9UR,UR2SR!U 5S95eUR;[.R<R?UR,5S9U R(l URB(d [$RD"XR(5 URFRIU 5n U $![JRLa gf=f)N)r )r: cryptoKey,zzUpdate failed: Algorithm {algorithm} is not valid. Here are the valid algorithm(s) for purpose {purpose}: {all_algorithms}z, ) algorithmpurposeall_algorithms)rQ)'r<r=r>r?rr@r r$r%Apply CryptoKey LabelsValuer needs_update7CloudkmsProjectsLocationsKeyRingsCryptoKeysPatchRequestrBjoin updateMaskrSetNextRotationTimerOSetRotationPeriodr-r VALID_ALGORITHMS_MAPrRr+r1formatCryptoKeyVersionTemplateALGORITHM_MAPPERGetEnumForChoiceversionTemplater/ SetKeyAccessJustificationsPolicyrDPatchrFrG) r2r3 crypto_keyr4rHrIrJ labels_update new_labelsrKvalid_algorithmsrLs r UpdateOthersUpdate.UpdateOtherss   , , .F..0H]]&&,,.N$$33D9??&& (9(9;M!! ''j$$j  J J  ( ( *$$% K CXX./CN dMM2 D--0 22:3E3EF  '7 7(( IIO00"**#yy)9:JPJ<= = '/&G&G))::$$&'H''cmm#  7 7 ,,T==A>>DDSIh O  ( ( sI!!I87I8c"SnU(dUS- nOUR(aUS- nU(d$USRSRU55- nO*U(a#USRSRU55- n[R"U5e)aHandles various errors that may occur during any update stage. Never returns without an exception. Args: args: Input arguments. set_primary_version_succeeds: True if the primary verion is updated successfully. other_updates_succeed: True if all other updates (besides primary verions) is updated successfully. fields_to_update: A list of fields to be updated. Raises: ToolException: An exception raised when there is error during any update stage. zAn Error occurred:z) Failed to update field 'primaryVersion'.z$ Field 'primaryVersion' was updated.z Failed to update field(s) '{}'.z', 'z Field(s) '{}' were updated.)r0r^rYr+r1)r2r3set_primary_version_succeedsother_updates_succeedr4errs r HandleErrorsUpdate.HandleErrorss$ C ' 88c   33c  / 6 6 ++& '))c  + 2 2 ++& '))c  $ $S ))rc URU5n[R"5n[R"5nURR R 5nURRURUR5S95nSnUR(aURU5nU(aUnOSnSn U(aURXU5nU(aUnOSn U(aU (dURXX5 gU$)zr?rr@rDGet5CloudkmsProjectsLocationsKeyRingsCryptoKeysGetRequestrBr0rEriro) r2r3r4rHrIrJrerlrLrms rRun Update.Run/s((. , , .F..0H]]&&,,.N>>BBFF,,. G 01J $(  **40h  ',$!""45EFh  % '/D -ArN) __name__ __module__ __qualname____firstlineno____doc__ staticmethodrr6rErirort__static_attributes__rvrrr r s8 vp = =*X$(T*>$rr N)r{ __future__rrrapitools.base.pyrrFgooglecloudsdk.api_lib.cloudkmsrr<googlecloudsdk.calliopegooglecloudsdk.command_lib.kmsr+rr r $googlecloudsdk.command_lib.util.argsr UniverseCompatible ReleaseTracks ReleaseTrackALPHABETAGA UpdateCommandr rvrrrs&'>A(G0/8<T..33T5F5F5I5IpT  ppr