dZddlmZddlmZddlmZddlmZddlm Z ddlm Z dZ gd Z d Z d Zd Zd Z ddZ ddZy)zUtility functions for Cloud KMS integration with GCE. Collection of methods to handle Cloud KMS (Key Management Service) resources with Google Compute Engine (GCE). )absolute_import)division)unicode_literals) exceptions) properties) resourceszGhttps://cloud.google.com/compute/docs/disks/customer-managed-encryption) kms-key kms-keyring kms-location kms-projectzboot-disk-kms-keyzboot-disk-kms-keyringzboot-disk-kms-locationzboot-disk-kms-projectzinstance-kms-keyzinstance-kms-keyringzinstance-kms-locationzinstance-kms-projectc|syt}tD]4}t||jddds!|j d|z6|S)3Returns the first KMS related argument as a string.N-_z--)set _KMS_ARGSgetattrreplaceaddargs specifiedkeywords /lib/googlecloudsdk/api_lib/compute/kms_utils.py_GetSpecifiedKmsArgsr'sH e)gtW__S#.5mmD7N# cb|syt}tD]}||vs|j||S)rN)rrrrs r_GetSpecifiedKmsDictr2s4 e)g$mmG rc |syd}tjj||dd|vr|dn-tjj j j||d||d||ddd S) z.GetValue..GetValueFuncDs@DI$c   8 8   &+ ''r)rr&r's`` rGetValuez_DictToKmsKey..GetValueBs' rr r r r ) projectsId locationsId keyRingsId cryptoKeysIdz/cloudkms.projects.locations.keyRings.cryptoKeys)params collection)rREGISTRYParserVALUEScoreproject GetOrFail)rr)s r _DictToKmsKeyr6=s      ! !htY!&3d%:d=!$$,,66t^,t]+tY' C " D Drc^t|}|sy|j|jS)zFReturns the Cloud KMS crypto key name based on the values in the dict.N kmsKeyName)r6CustomerEncryptionKey RelativeName)rmessagesr&s r_DictToMessager=_s/d#   ' '33C3C3E ' FFrc|r|jj}d}n3|r|jj}d}n|jj}d}|j }|t |vr|st j|d|rA|rt jdgt ||j|jS|S)aGets the Cloud KMS CryptoKey reference from command arguments. Args: args: Namespaced command line arguments. messages: Compute API messages module. current_value: Current CustomerEncryptionKey value. boot_disk_prefix: If the key flags have the 'boot-disk' prefix. instance_prefix: If the key flags have the 'instance' prefix. Returns: CustomerEncryptionKey message with the KMS key populated if args has a key. Raises: ConflictingArgumentsException if an encryption key is already populated. z--boot-disk-kms-keyz--instance-kms-keyz --kms-keyz/KMS cryptokey resource was not fully specified.--csek-key-filer8) CONCEPTSboot_disk_kms_keyinstance_kms_keykms_keyr1rr"r#ConflictingArgumentsExceptionr:r;)rr< current_valueboot_disk_prefixinstance_prefixkey_argflagr&s rMaybeGetKmsKeyrJgs&mm--G Dmm,,G Dmm##G D # !$ ''  6 6 ? AA  = =  :248 ::  ) )S5E5E5G ) HH rctt|r-|rtj|gt |t ||S|S)aGets the Cloud KMS CryptoKey reference for a boot disk's initialize params. Args: args: A dictionary of a boot disk's initialize params. messages: Compute API messages module. current_value: Current CustomerEncryptionKey value. conflicting_arg: name of conflicting argument Returns: CustomerEncryptionKey message with the KMS key populated if args has a key. Raises: ConflictingArgumentsException if an encryption key is already populated. )boolrr"rDrr=)rr<rEconflicting_args rMaybeGetKmsKeyFromDictrNsK" t $%  = =  806 88 $ )) rN)FF)r?)__doc__ __future__rrrgooglecloudsdk.callioperr"googlecloudsdk.corerr KMS_HELP_URLrrrr6r=rJrNr(rrrTs[ ''E*).   DDG%*#( &X,=r