xref: /aosp_15_r20/external/google-cloud-java/java-kms/owlbot.py (revision 55e87721aa1bc457b326496a7ca40f3ea1a63287) 
1# Copyright 2021 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#     https://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import synthtool as s
16from synthtool.languages import java
17
18IMPLEMENTS_RESOURCE_NAME = "implements ResourceName"
19EXTENDS_KEY_NAME = "extends KeyName"
20
21ENCRYPT_INSERTION_POINT = r'(\s+public final EncryptResponse encrypt\(ResourceName.*\) {\n.*\n.*\n.*\n.*\n.*\n.*return encrypt\(request\);\n\s+})'
22SET_IAM_INSERTION_POINT = r'(\s+public final Policy setIamPolicy\(SetIamPolicyRequest request\) {\n\s+return.*\n\s+})'
23GET_IAM_INSERTION_POINT = r'(\s+public final Policy getIamPolicy\(GetIamPolicyRequest request\) {\n\s+return.*\n\s+})'
24TEST_IAM_INSERTION_POINT = r'(\s+public final TestIamPermissionsResponse testIamPermissions\(TestIamPermissionsRequest request\) {\n\s+return.*\n\s+})'
25
26ENCRYPT_METHOD = """
27  // ADDED BY SYNTH
28  /**
29   * Encrypts data, so that it can only be recovered by a call to
30   * [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
31   * [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
32   * [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
33   *
34   * <p>Sample code:
35   *
36   * <pre><code>
37   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
38   *   CryptoKeyPathName name = CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
39   *   ByteString plaintext = ByteString.copyFromUtf8("");
40   *   EncryptResponse response = keyManagementServiceClient.encrypt(name, plaintext);
41   * }
42   * </code></pre>
43   *
44   * @param name Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or
45   *     [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption.
46   *     <p>If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its
47   *     [primary version][google.cloud.kms.v1.CryptoKey.primary].
48   * @param plaintext Required. The data to encrypt. Must be no larger than 64KiB.
49   *     <p>The maximum size depends on the key version's
50   *     [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For
51   *     [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no
52   *     larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined
53   *     length of the plaintext and additional_authenticated_data fields must be no larger than
54   *     8KiB.
55   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
56   */
57  public final EncryptResponse encrypt(CryptoKeyPathName name, ByteString plaintext) {
58    EncryptRequest request =
59        EncryptRequest.newBuilder()
60            .setName(name == null ? null : name.toString())
61            .setPlaintext(plaintext)
62            .build();
63    return encrypt(request);
64  }
65"""
66
67
68SET_IAM_METHODS = """
69  // ADDED BY SYNTH
70  /**
71   * Sets the access control policy on the specified resource. Replaces any existing policy.
72   *
73   * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
74   *
75   * <p>Sample code:
76   *
77   * <pre><code>
78   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
79   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
80   *   Policy policy = Policy.newBuilder().build();
81   *   Policy response = keyManagementServiceClient.setIamPolicy(resource, policy);
82   * }
83   * </code></pre>
84   *
85   * @param resource REQUIRED: The resource for which the policy is being specified. See the
86   *     operation documentation for the appropriate value for this field.
87   * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the
88   *     policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud
89   *     Platform services (such as Projects) might reject them.
90   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
91   */
92  public final Policy setIamPolicy(KeyName resource, Policy policy) {
93    SetIamPolicyRequest request =
94        SetIamPolicyRequest.newBuilder()
95            .setResource(resource == null ? null : resource.toString())
96            .setPolicy(policy)
97            .build();
98    return setIamPolicy(request);
99  }
100
101  // ADDED BY SYNTH
102  /**
103   * Sets the access control policy on the specified resource. Replaces any existing policy.
104   *
105   * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED
106   *
107   * <p>Sample code:
108   *
109   * <pre><code>
110   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
111   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
112   *   Policy policy = Policy.newBuilder().build();
113   *   Policy response = keyManagementServiceClient.setIamPolicy(resource.toString(), policy);
114   * }
115   * </code></pre>
116   *
117   * @param resource REQUIRED: The resource for which the policy is being specified. See the
118   *     operation documentation for the appropriate value for this field.
119   * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the
120   *     policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud
121   *     Platform services (such as Projects) might reject them.
122   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
123   */
124  public final Policy setIamPolicy(String resource, Policy policy) {
125    SetIamPolicyRequest request =
126        SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build();
127    return setIamPolicy(request);
128  }
129"""
130
131GET_IAM_METHODS = """
132  // ADDED BY SYNTH
133  /**
134   * Gets the access control policy for a resource. Returns an empty policy if the resource exists
135   * and does not have a policy set.
136   *
137   * <p>Sample code:
138   *
139   * <pre><code>
140   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
141   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
142   *   Policy response = keyManagementServiceClient.getIamPolicy(resource);
143   * }
144   * </code></pre>
145   *
146   * @param resource REQUIRED: The resource for which the policy is being requested. See the
147   *     operation documentation for the appropriate value for this field.
148   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
149   */
150  public final Policy getIamPolicy(KeyName resource) {
151    GetIamPolicyRequest request =
152        GetIamPolicyRequest.newBuilder()
153            .setResource(resource == null ? null : resource.toString())
154            .build();
155    return getIamPolicy(request);
156  }
157
158  // ADDED BY SYNTH
159  /**
160   * Gets the access control policy for a resource. Returns an empty policy if the resource exists
161   * and does not have a policy set.
162   *
163   * <p>Sample code:
164   *
165   * <pre><code>
166   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
167   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
168   *   Policy response = keyManagementServiceClient.getIamPolicy(resource.toString());
169   * }
170   * </code></pre>
171   *
172   * @param resource REQUIRED: The resource for which the policy is being requested. See the
173   *     operation documentation for the appropriate value for this field.
174   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
175   */
176  public final Policy getIamPolicy(String resource) {
177    GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build();
178    return getIamPolicy(request);
179  }
180"""
181
182TEST_IAM_METHODS = """
183  // ADDED BY SYNTH
184  /**
185   * Returns permissions that a caller has on the specified resource. If the resource does not
186   * exist, this will return an empty set of permissions, not a NOT_FOUND error.
187   *
188   * <p>Note: This operation is designed to be used for building permission-aware UIs and
189   * command-line tools, not for authorization checking. This operation may "fail open" without
190   * warning.
191   *
192   * <p>Sample code:
193   *
194   * <pre><code>
195   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
196   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
197   *   List&lt;String&gt; permissions = new ArrayList&lt;&gt;();
198   *   TestIamPermissionsResponse response = keyManagementServiceClient.testIamPermissions(resource, permissions);
199   * }
200   * </code></pre>
201   *
202   * @param resource REQUIRED: The resource for which the policy detail is being requested. See the
203   *     operation documentation for the appropriate value for this field.
204   * @param permissions The set of permissions to check for the `resource`. Permissions with
205   *     wildcards (such as '&#42;' or 'storage.&#42;') are not allowed. For more information see
206   *     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
207   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
208   */
209  public final TestIamPermissionsResponse testIamPermissions(
210      KeyName resource, List<String> permissions) {
211    TestIamPermissionsRequest request =
212        TestIamPermissionsRequest.newBuilder()
213            .setResource(resource == null ? null : resource.toString())
214            .addAllPermissions(permissions)
215            .build();
216    return testIamPermissions(request);
217  }
218
219  // ADDED BY SYNTH
220  /**
221   * Returns permissions that a caller has on the specified resource. If the resource does not
222   * exist, this will return an empty set of permissions, not a NOT_FOUND error.
223   *
224   * <p>Note: This operation is designed to be used for building permission-aware UIs and
225   * command-line tools, not for authorization checking. This operation may "fail open" without
226   * warning.
227   *
228   * <p>Sample code:
229   *
230   * <pre><code>
231   * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) {
232   *   KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
233   *   List&lt;String&gt; permissions = new ArrayList&lt;&gt;();
234   *   TestIamPermissionsResponse response = keyManagementServiceClient.testIamPermissions(resource.toString(), permissions);
235   * }
236   * </code></pre>
237   *
238   * @param resource REQUIRED: The resource for which the policy detail is being requested. See the
239   *     operation documentation for the appropriate value for this field.
240   * @param permissions The set of permissions to check for the `resource`. Permissions with
241   *     wildcards (such as '&#42;' or 'storage.&#42;') are not allowed. For more information see
242   *     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
243   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
244   */
245  public final TestIamPermissionsResponse testIamPermissions(
246      String resource, List<String> permissions) {
247    TestIamPermissionsRequest request =
248        TestIamPermissionsRequest.newBuilder()
249            .setResource(resource)
250            .addAllPermissions(permissions)
251            .build();
252    return testIamPermissions(request);
253  }
254"""
255
256for library in s.get_staging_dirs():
257    # put any special-case replacements here
258    s.replace(
259        "**/KeyManagementServiceClient.java",
260        ENCRYPT_INSERTION_POINT,
261        "\g<1>\n\n" + ENCRYPT_METHOD
262    )
263
264    s.replace(
265        "**/KeyManagementServiceClient.java",
266        GET_IAM_INSERTION_POINT,
267        "\g<1>\n\n" + GET_IAM_METHODS
268    )
269
270    s.replace(
271        "**/KeyManagementServiceClient.java",
272        SET_IAM_INSERTION_POINT,
273        "\g<1>\n\n" + SET_IAM_METHODS
274    )
275
276    s.replace(
277        "**/KeyManagementServiceClient.java",
278        TEST_IAM_INSERTION_POINT,
279        "\g<1>\n\n" + TEST_IAM_METHODS
280    )
281
282    s.replace(
283        "**/KeyRingName.java",
284        IMPLEMENTS_RESOURCE_NAME,
285        EXTENDS_KEY_NAME
286    )
287
288    s.replace(
289        "**/CryptoKeyName.java",
290        IMPLEMENTS_RESOURCE_NAME,
291        EXTENDS_KEY_NAME)
292
293    s.move(library)
294
295s.remove_staging_dirs()
296java.common_templates(monorepo=True, excludes=[
297    ".github/*",
298    ".kokoro/*",
299    "samples/*",
300    "CODE_OF_CONDUCT.md",
301    "CONTRIBUTING.md",
302    "LICENSE",
303    "SECURITY.md",
304    "java.header",
305    "license-checks.xml",
306    "renovate.json",
307    ".gitignore"
308])
309