8dZddlmZddlmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZejej j"ej j$ej j&Gd d ej(Zy ) zCreate a new version.)absolute_import)division)unicode_literals)base) exceptions)flags)logceZdZdZej j jjZdZ e dZ dZ dZ y)CreateaCreate a new version. Creates a new version within the given key. ## EXAMPLES The following command creates a new version within the `frodo` key, `fellowship` keyring, and `global` location and sets it as the primary version: $ {command} --location=global \ --keyring=fellowship \ --key=frodo --primary The following command creates a new version within the `legolas` key, `fellowship` keyring, `us-central1` location, `https://example.kms/v0/some/key/path` as the address for its external key, and sets it as the key's primary version: $ {command} --location=us-central1 \ --keyring=fellowship \ --key=legolas \ --external-key-uri=https://example.kms/v0/some/key/path \ --primary The following command creates a new version within the `bilbo` key, `fellowship` keyring, `us-central1` location, `v0/some/key/path` as the ekm connection key path for its external key, and sets it as the key's primary version: $ {command} --location=us-central1 \ --keyring=fellowship \ --key=bilbo \ --ekm-connection-key-path=v0/some/key/path \ --primary aFSuccessfully created key version [{version}] and set it as the primary version. Future encryption requests will use [{version}] until the next key rotation. Data that was encrypted with an older key version can still be decrypted, and Cloud KMS will automatically choose the correct key for decryption based on the ciphertext.ctj|tj|tj||j dddy)Nz --primary store_truezpIf specified, immediately makes the new version primary. This should only be used with the `encryption` purpose.)actionhelp)rAddKeyResourceFlagsAddExternalKeyUriFlagAddEkmConnectionKeyPathFlag add_argument)parsers 'lib/surface/kms/keys/versions/create.pyArgsz Create.ArgsOsK f% ' %%f-  F c tj}tj|}|jr!|j rt jd|js |j rV|j|j|j|j|j|j S|j|jS)NzFCan not specify both --external-key-uri and --ekm-connection-key-path.)externalKeyUriekmConnectionKeyPath)externalProtectionLevelOptions)parentcryptoKeyVersion)r) cloudkms_baseGetMessagesModulerParseCryptoKeyNameexternal_key_uriekm_connection_key_pathkms_exceptions ArgumentErrorICloudkmsProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsCreateRequest RelativeNameCryptoKeyVersionExternalProtectionLevelOptions)selfargsmessagescrypto_key_refs r_CreateCreateCKVRequestzCreate._CreateCreateCKVRequest]s..0H--d3N !=!=  ( ( ' ((  < <  _ _,,.#44-5--!%!6!6'+'C'C.E5F`GG  ] ]**, ^ ..rchtj}|j}|j|j |}|j r|j jdd}tj|}tj}|j|j|j|}|jj||j |j"k(r9t$j&j)|j*j-||S)N/)cryptoKeyVersionId)name$updateCryptoKeyPrimaryVersionRequest)version)rGetClientInstance8projects_locations_keyRings_cryptoKeys_cryptoKeyVersionsr r-primaryr2splitrr rFCloudkmsProjectsLocationsKeyRingsCryptoKeysUpdatePrimaryVersionRequestr&$UpdateCryptoKeyPrimaryVersionRequest&projects_locations_keyRings_cryptoKeysUpdatePrimaryVersion algorithmGOOGLE_SYMMETRIC_ENCRYPTIONr errPrintSYMMETRIC_NEW_PRIMARY_MESSAGEformat) r)r*clientckvnew_ckv version_idr,r+reqs rRunz Create.Runss  , , .F  I ICjj55d;> >   . . 5 5j 5 I K NrN)__name__ __module__ __qualname____doc__rrr'AlgorithmValueValuesEnumr>rA staticmethodrr-rHrrr r sW#L&m%%'88QQmm 4   .,rr N)rL __future__rrrgooglecloudsdk.api_lib.cloudkmsrrgooglecloudsdk.calliopegooglecloudsdk.command_lib.kmsrr#rgooglecloudsdk.corer ReleaseTracks ReleaseTrackALPHABETAGA CreateCommandr rOrrr[s~&'A(G0#D%%++T->->-C-C%%((*kT  k*kr