4tSrSSKJr SSKJr SSKJr SSKJr SSKrSSKrSSKrSSK J r SSK J r SS KJr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJ r SSKJ!r! SSKJ"r" SSKJ#r# \ RHr%\RL"5(aSr'OSr'"SS\(5r)g)z>JSON gsutil Cloud API implementation for Google Cloud Storage.)absolute_import)print_function)division)unicode_literalsN) exceptions)config)AccessDeniedException)BadRequestException)NotFoundException)PreconditionException)ServiceException)SetUpJsonCredentialsAndCache)NoOpCredentials)cloudkms_v1_client)cloudkms_v1_messages) system_util) GetCertsFile)GetMaxRetryDelay) GetNewHttp) GetNumRetrieszVInsufficient OAuth2 scope to perform this operation. Please re-run `gcloud auth login`zRInsufficient OAuth2 scope to perform this operation. Please re-run `gsutil config`cl^\rSrSrSrS U4SjjrSrSrSSjrSr SSjr S r S r SS jr S rU=r$)KmsApi7z7Wraps calls to the Cloud KMS v1 interface via apitools.c$>[[U] 5 Xl[ 5Ul[ 5UlSUl[R"SSS5Ul [R"SSS5nU(aSU-OSUl URUR-UR-Ul [XUS 9 US :nUS :n[R "URURUUUR"S 9Ul['5UlUR(UR$l[+5UlUR,UR$l[/UR"[05(aUR$R3S S 5 gg)zPerforms necessary setup for interacting with Google Cloud KMS. Args: logger: logging.logger for outputting log messages. credentials: Credentials to be used for interacting with Cloud KMS debug: Debug level for the API implementation (0..3). zhttps:// Credentials gs_kms_hostzcloudkms.googleapis.com gs_kms_portN:) credentials)urlhttp log_request log_responser key'AIzaSyDnacJHrKma0048b13sh8cgxNUwulubmJM)superr__init__loggerr certs_filerr# http_baserget host_base host_porturl_baserapitools_client CloudkmsV1r api_clientr num_retriesrmax_retry_wait isinstancerAddGlobalParam)selfr*r debugrr$r% __class__s platform/gsutil/gslib/kms_api.pyr)KmsApi.__init__:s> &$ "K"nDO DIDNZZ } 9;DN**]M4@K,7cK'RDN^^dnn4t~~EDM ;GA:KQJL%00T]]6:ii=H>J=A=M=M ODO %D"&"2"2DOO*,D%)%8%8DOO"$""O44 oo$$ ;=5c[R"US9nURRR U5$![ anUR X1S9 SnAgSnAff=f)N)resourcekey_name)apitools_messages>CloudkmsProjectsLocationsKeyRingsCryptoKeysGetIamPolicyRequestr3&projects_locations_keyRings_cryptoKeys GetIamPolicy TRANSLATABLE_APITOOLS_EXCEPTIONS_TranslateExceptionAndRaise)r8rArequestes r;GetKeyIamPolicyKmsApi.GetKeyIamPolicyes] MMN$&G=ooDDl7#% += &&q&<=s$; AAAc[R"US9n[R"XS9nURRR U5$![ anURXQS9 SnAgSnAff=f)N)policy)r?setIamPolicyRequestr@)rBSetIamPolicyRequest>CloudkmsProjectsLocationsKeyRingsCryptoKeysSetIamPolicyRequestr3rD SetIamPolicyrFrG)r8rArMpolicy_requestrHrIs r;SetKeyIamPolicyKmsApi.SetKeyIamPolicyosn&::&IN MMN$JG=ooDDl7#% += &&q&<=s$A A2A--A2c6[R"SU<SU<SU<3S9n[R"UUSU<SU<3S9nURRR U5 SU<SU<SU<3$![ anURS:waeSnAN.SnAff=f)aAttempts to create the specified keyRing. Args: project: (str) The project id in which to create the keyRing and key. keyring_name: (str) The name of the keyRing, e.g. my-keyring. Note that this must be unique within the location. location: (str) The location in which to create the keyRing. Defaults to 'global'. Returns: (str) The fully-qualified name of the keyRing, e.g.: projects/my-project/locations/global/keyRings/my-keyring Raises: Translated CloudApi exception if we were unable to create the keyRing. Note that in the event of a 409 status code (resource already exists) when attempting creation, we continue and treat this as a success. z projects/z /locations/z /keyRings/)name)keyRing keyRingIdparentN)rBKeyRing.CloudkmsProjectsLocationsKeyRingsCreateRequestr3projects_locations_keyRingsCreaterF status_code)r8project keyring_namelocation keyring_msgkeyring_create_requestrIs r; CreateKeyRingKmsApi.CreateKeyRingzs&$++ (L*+K HH"18(C E  oo11889OP6=h5A CC , #   s%A33 B=BBcd[R"[RRRS9n[R"X2US9nUR R RU5 URS5<SU<3$![anURS:waeSnAN8SnAff=f)aAttempts to create the specified cryptoKey. Args: keyring_fqn: (str) The fully-qualified name of the keyRing, e.g. projects/my-project/locations/global/keyRings/my-keyring. key_name: (str) The name of the desired key, e.g. my-key. Note that this must be unique within the keyRing. Returns: (str) The fully-qualified name of the cryptoKey, e.g.: projects/my-project/locations/global/keyRings/my-keyring/cryptoKeys/my-key Raises: Translated CloudApi exception if we were unable to create the cryptoKey. Note that in the event of a 409 status code (resource already exists) when attempting creation, we continue and treat this as a success. )purpose) cryptoKey cryptoKeyIdrYrZN/z /cryptoKeys/) rB CryptoKeyPurposeValueValuesEnumENCRYPT_DECRYPT8CloudkmsProjectsLocationsKeyRingsCryptoKeysCreateRequestr3rDr^rFr_rstrip)r8 keyring_fqnrA cryptokey_msgcryptokey_create_requestrIs r;CreateCryptoKeyKmsApi.CreateCryptoKeys$&//##::JJMM @@ A#+ O oo<<CC "$ "-!3!3C!8( CC , #   s %B B/B**B/cURR[R5(a/URR S[ R "55 URUUS9nU(aUee)a Translates an HTTP exception and raises the translated or original value. Args: e: Any Exception. key_name: Optional key name in request that caused the exception. Raises: Translated CloudApi exception, or the original exception if it was not translatable. zTranslateExceptionAndRaise: %sr@)r* isEnabledForloggingDEBUGr9 traceback format_exc_TranslateApitoolsException)r8rIrAtranslated_exceptions r;rG"KmsApi._TranslateExceptionAndRaisesf {{ .. kk8!,,.0;;AEM<O   r=c[U[R5(aM[USS5(a:[R "UR 5nSU;aSUS;aUSS$gggg![a gf=f)Ncontenterrormessage)r6apitools_exceptions HttpErrorgetattrjsonloadsr Exception)r8 http_errorjson_objs r;_GetMessageFromHttpErrorKmsApi._GetMessageFromHttpErrors*1;;<< Y - - ZZ 2 23(  Y(72C%CG$Y/ /&D  .=    s6A.. A;:A;cURSnURS5nUS:aX#SRS5SnSU-$g![a gf=f)Nzwww-authenticatezscope="r"zAcceptable scopes: %s)responsefindsplitr)r8rwww_authenticate scope_idxscopess r;!_GetAcceptableScopesFromHttpError(KmsApi._GetAcceptableScopesFromHttpErrorsp #,,-?@#'' 2i a!*-33C8;&//     sAA AAc [U[R5(GadURU5nURS:Xa[ U=(d SURS9$URS:XaeS[ U5;a[U=(d SURS9$S[ U5;a([[URURU5S9$GOURS :XGaS [ U5;a[U=(d S URS9$S [ U5;a[U=(d S URS9$S[ U5;a[SURS9$S[ U5;a[SURS9$S[ U5;a([[URURU5S9$[U=(d UR=(d UURS9$URS:Xa'[U=(d URURS9$URS:XaU(a[SU-URS9$URS:Xa[X1RS9$[X1RS9$g)aTranslates apitools exceptions into their gsutil equivalents. Args: e: Any exception in TRANSLATABLE_APITOOLS_EXCEPTIONS. key_name: Optional key name in request that caused the exception. Returns: CloudStorageApiServiceException for translatable exceptions, None otherwise. iz Bad Request)statusizLogin RequiredzAccess denied: login required.insufficient_scope)rbodyiz7The account for the specified project has been disabledzAccount disabled.z,Daily Limit for Unauthenticated Use Exceededz8Access denied: quota exceeded. Is your project ID valid?zUser Rate Limit Exceededz5Rate limit exceeded. Please retry this request later.zAccess Not ConfiguredzAccess Not Configured. Please go to the Google Cloud Platform Console (https://cloud.google.com/console#/project) for your project, select APIs & services, and enable the Google Cloud KMS API.irZzThe key %s already exists.iN)r6rrrr_r strr "_INSUFFICIENT_OAUTH2_SCOPE_MESSAGErrr r r )r8rIrArs r;r|"KmsApi._TranslateApitoolsExceptionsQ!(2233--a0g # #7#;m*+--9 9 ==C  s1v %&w(H'G./mm= ="SV +'0]]99!<> >, ==C  DA N&w'E2E./mm= = ;s1v E&w(C(C./mm= =(3q6 1&]]$ $%A .&]] $ $ "SV +'0]]99!<> > 'w'G!))'Gx./mm= = ==C  !5AIIammLL ==C H rsE&%' >1/-1,C3PT#.2,/$7$A$A !!##*% &% A=VA=r=