1*55e87721SMatt Gilbride# Copyright 2021 Google LLC 2*55e87721SMatt Gilbride# 3*55e87721SMatt Gilbride# Licensed under the Apache License, Version 2.0 (the "License"); 4*55e87721SMatt Gilbride# you may not use this file except in compliance with the License. 5*55e87721SMatt Gilbride# You may obtain a copy of the License at 6*55e87721SMatt Gilbride# 7*55e87721SMatt Gilbride# https://www.apache.org/licenses/LICENSE-2.0 8*55e87721SMatt Gilbride# 9*55e87721SMatt Gilbride# Unless required by applicable law or agreed to in writing, software 10*55e87721SMatt Gilbride# distributed under the License is distributed on an "AS IS" BASIS, 11*55e87721SMatt Gilbride# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*55e87721SMatt Gilbride# See the License for the specific language governing permissions and 13*55e87721SMatt Gilbride# limitations under the License. 14*55e87721SMatt Gilbride 15*55e87721SMatt Gilbrideimport synthtool as s 16*55e87721SMatt Gilbridefrom synthtool.languages import java 17*55e87721SMatt Gilbride 18*55e87721SMatt GilbrideIMPLEMENTS_RESOURCE_NAME = "implements ResourceName" 19*55e87721SMatt GilbrideEXTENDS_KEY_NAME = "extends KeyName" 20*55e87721SMatt Gilbride 21*55e87721SMatt GilbrideENCRYPT_INSERTION_POINT = r'(\s+public final EncryptResponse encrypt\(ResourceName.*\) {\n.*\n.*\n.*\n.*\n.*\n.*return encrypt\(request\);\n\s+})' 22*55e87721SMatt GilbrideSET_IAM_INSERTION_POINT = r'(\s+public final Policy setIamPolicy\(SetIamPolicyRequest request\) {\n\s+return.*\n\s+})' 23*55e87721SMatt GilbrideGET_IAM_INSERTION_POINT = r'(\s+public final Policy getIamPolicy\(GetIamPolicyRequest request\) {\n\s+return.*\n\s+})' 24*55e87721SMatt GilbrideTEST_IAM_INSERTION_POINT = r'(\s+public final TestIamPermissionsResponse testIamPermissions\(TestIamPermissionsRequest request\) {\n\s+return.*\n\s+})' 25*55e87721SMatt Gilbride 26*55e87721SMatt GilbrideENCRYPT_METHOD = """ 27*55e87721SMatt Gilbride // ADDED BY SYNTH 28*55e87721SMatt Gilbride /** 29*55e87721SMatt Gilbride * Encrypts data, so that it can only be recovered by a call to 30*55e87721SMatt Gilbride * [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The 31*55e87721SMatt Gilbride * [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be 32*55e87721SMatt Gilbride * [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. 33*55e87721SMatt Gilbride * 34*55e87721SMatt Gilbride * <p>Sample code: 35*55e87721SMatt Gilbride * 36*55e87721SMatt Gilbride * <pre><code> 37*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 38*55e87721SMatt Gilbride * CryptoKeyPathName name = CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]"); 39*55e87721SMatt Gilbride * ByteString plaintext = ByteString.copyFromUtf8(""); 40*55e87721SMatt Gilbride * EncryptResponse response = keyManagementServiceClient.encrypt(name, plaintext); 41*55e87721SMatt Gilbride * } 42*55e87721SMatt Gilbride * </code></pre> 43*55e87721SMatt Gilbride * 44*55e87721SMatt Gilbride * @param name Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or 45*55e87721SMatt Gilbride * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption. 46*55e87721SMatt Gilbride * <p>If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its 47*55e87721SMatt Gilbride * [primary version][google.cloud.kms.v1.CryptoKey.primary]. 48*55e87721SMatt Gilbride * @param plaintext Required. The data to encrypt. Must be no larger than 64KiB. 49*55e87721SMatt Gilbride * <p>The maximum size depends on the key version's 50*55e87721SMatt Gilbride * [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For 51*55e87721SMatt Gilbride * [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no 52*55e87721SMatt Gilbride * larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined 53*55e87721SMatt Gilbride * length of the plaintext and additional_authenticated_data fields must be no larger than 54*55e87721SMatt Gilbride * 8KiB. 55*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 56*55e87721SMatt Gilbride */ 57*55e87721SMatt Gilbride public final EncryptResponse encrypt(CryptoKeyPathName name, ByteString plaintext) { 58*55e87721SMatt Gilbride EncryptRequest request = 59*55e87721SMatt Gilbride EncryptRequest.newBuilder() 60*55e87721SMatt Gilbride .setName(name == null ? null : name.toString()) 61*55e87721SMatt Gilbride .setPlaintext(plaintext) 62*55e87721SMatt Gilbride .build(); 63*55e87721SMatt Gilbride return encrypt(request); 64*55e87721SMatt Gilbride } 65*55e87721SMatt Gilbride""" 66*55e87721SMatt Gilbride 67*55e87721SMatt Gilbride 68*55e87721SMatt GilbrideSET_IAM_METHODS = """ 69*55e87721SMatt Gilbride // ADDED BY SYNTH 70*55e87721SMatt Gilbride /** 71*55e87721SMatt Gilbride * Sets the access control policy on the specified resource. Replaces any existing policy. 72*55e87721SMatt Gilbride * 73*55e87721SMatt Gilbride * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED 74*55e87721SMatt Gilbride * 75*55e87721SMatt Gilbride * <p>Sample code: 76*55e87721SMatt Gilbride * 77*55e87721SMatt Gilbride * <pre><code> 78*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 79*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 80*55e87721SMatt Gilbride * Policy policy = Policy.newBuilder().build(); 81*55e87721SMatt Gilbride * Policy response = keyManagementServiceClient.setIamPolicy(resource, policy); 82*55e87721SMatt Gilbride * } 83*55e87721SMatt Gilbride * </code></pre> 84*55e87721SMatt Gilbride * 85*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy is being specified. See the 86*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 87*55e87721SMatt Gilbride * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the 88*55e87721SMatt Gilbride * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud 89*55e87721SMatt Gilbride * Platform services (such as Projects) might reject them. 90*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 91*55e87721SMatt Gilbride */ 92*55e87721SMatt Gilbride public final Policy setIamPolicy(KeyName resource, Policy policy) { 93*55e87721SMatt Gilbride SetIamPolicyRequest request = 94*55e87721SMatt Gilbride SetIamPolicyRequest.newBuilder() 95*55e87721SMatt Gilbride .setResource(resource == null ? null : resource.toString()) 96*55e87721SMatt Gilbride .setPolicy(policy) 97*55e87721SMatt Gilbride .build(); 98*55e87721SMatt Gilbride return setIamPolicy(request); 99*55e87721SMatt Gilbride } 100*55e87721SMatt Gilbride 101*55e87721SMatt Gilbride // ADDED BY SYNTH 102*55e87721SMatt Gilbride /** 103*55e87721SMatt Gilbride * Sets the access control policy on the specified resource. Replaces any existing policy. 104*55e87721SMatt Gilbride * 105*55e87721SMatt Gilbride * <p>Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED 106*55e87721SMatt Gilbride * 107*55e87721SMatt Gilbride * <p>Sample code: 108*55e87721SMatt Gilbride * 109*55e87721SMatt Gilbride * <pre><code> 110*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 111*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 112*55e87721SMatt Gilbride * Policy policy = Policy.newBuilder().build(); 113*55e87721SMatt Gilbride * Policy response = keyManagementServiceClient.setIamPolicy(resource.toString(), policy); 114*55e87721SMatt Gilbride * } 115*55e87721SMatt Gilbride * </code></pre> 116*55e87721SMatt Gilbride * 117*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy is being specified. See the 118*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 119*55e87721SMatt Gilbride * @param policy REQUIRED: The complete policy to be applied to the `resource`. The size of the 120*55e87721SMatt Gilbride * policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud 121*55e87721SMatt Gilbride * Platform services (such as Projects) might reject them. 122*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 123*55e87721SMatt Gilbride */ 124*55e87721SMatt Gilbride public final Policy setIamPolicy(String resource, Policy policy) { 125*55e87721SMatt Gilbride SetIamPolicyRequest request = 126*55e87721SMatt Gilbride SetIamPolicyRequest.newBuilder().setResource(resource).setPolicy(policy).build(); 127*55e87721SMatt Gilbride return setIamPolicy(request); 128*55e87721SMatt Gilbride } 129*55e87721SMatt Gilbride""" 130*55e87721SMatt Gilbride 131*55e87721SMatt GilbrideGET_IAM_METHODS = """ 132*55e87721SMatt Gilbride // ADDED BY SYNTH 133*55e87721SMatt Gilbride /** 134*55e87721SMatt Gilbride * Gets the access control policy for a resource. Returns an empty policy if the resource exists 135*55e87721SMatt Gilbride * and does not have a policy set. 136*55e87721SMatt Gilbride * 137*55e87721SMatt Gilbride * <p>Sample code: 138*55e87721SMatt Gilbride * 139*55e87721SMatt Gilbride * <pre><code> 140*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 141*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 142*55e87721SMatt Gilbride * Policy response = keyManagementServiceClient.getIamPolicy(resource); 143*55e87721SMatt Gilbride * } 144*55e87721SMatt Gilbride * </code></pre> 145*55e87721SMatt Gilbride * 146*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy is being requested. See the 147*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 148*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 149*55e87721SMatt Gilbride */ 150*55e87721SMatt Gilbride public final Policy getIamPolicy(KeyName resource) { 151*55e87721SMatt Gilbride GetIamPolicyRequest request = 152*55e87721SMatt Gilbride GetIamPolicyRequest.newBuilder() 153*55e87721SMatt Gilbride .setResource(resource == null ? null : resource.toString()) 154*55e87721SMatt Gilbride .build(); 155*55e87721SMatt Gilbride return getIamPolicy(request); 156*55e87721SMatt Gilbride } 157*55e87721SMatt Gilbride 158*55e87721SMatt Gilbride // ADDED BY SYNTH 159*55e87721SMatt Gilbride /** 160*55e87721SMatt Gilbride * Gets the access control policy for a resource. Returns an empty policy if the resource exists 161*55e87721SMatt Gilbride * and does not have a policy set. 162*55e87721SMatt Gilbride * 163*55e87721SMatt Gilbride * <p>Sample code: 164*55e87721SMatt Gilbride * 165*55e87721SMatt Gilbride * <pre><code> 166*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 167*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 168*55e87721SMatt Gilbride * Policy response = keyManagementServiceClient.getIamPolicy(resource.toString()); 169*55e87721SMatt Gilbride * } 170*55e87721SMatt Gilbride * </code></pre> 171*55e87721SMatt Gilbride * 172*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy is being requested. See the 173*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 174*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 175*55e87721SMatt Gilbride */ 176*55e87721SMatt Gilbride public final Policy getIamPolicy(String resource) { 177*55e87721SMatt Gilbride GetIamPolicyRequest request = GetIamPolicyRequest.newBuilder().setResource(resource).build(); 178*55e87721SMatt Gilbride return getIamPolicy(request); 179*55e87721SMatt Gilbride } 180*55e87721SMatt Gilbride""" 181*55e87721SMatt Gilbride 182*55e87721SMatt GilbrideTEST_IAM_METHODS = """ 183*55e87721SMatt Gilbride // ADDED BY SYNTH 184*55e87721SMatt Gilbride /** 185*55e87721SMatt Gilbride * Returns permissions that a caller has on the specified resource. If the resource does not 186*55e87721SMatt Gilbride * exist, this will return an empty set of permissions, not a NOT_FOUND error. 187*55e87721SMatt Gilbride * 188*55e87721SMatt Gilbride * <p>Note: This operation is designed to be used for building permission-aware UIs and 189*55e87721SMatt Gilbride * command-line tools, not for authorization checking. This operation may "fail open" without 190*55e87721SMatt Gilbride * warning. 191*55e87721SMatt Gilbride * 192*55e87721SMatt Gilbride * <p>Sample code: 193*55e87721SMatt Gilbride * 194*55e87721SMatt Gilbride * <pre><code> 195*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 196*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 197*55e87721SMatt Gilbride * List<String> permissions = new ArrayList<>(); 198*55e87721SMatt Gilbride * TestIamPermissionsResponse response = keyManagementServiceClient.testIamPermissions(resource, permissions); 199*55e87721SMatt Gilbride * } 200*55e87721SMatt Gilbride * </code></pre> 201*55e87721SMatt Gilbride * 202*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy detail is being requested. See the 203*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 204*55e87721SMatt Gilbride * @param permissions The set of permissions to check for the `resource`. Permissions with 205*55e87721SMatt Gilbride * wildcards (such as '*' or 'storage.*') are not allowed. For more information see 206*55e87721SMatt Gilbride * [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 207*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 208*55e87721SMatt Gilbride */ 209*55e87721SMatt Gilbride public final TestIamPermissionsResponse testIamPermissions( 210*55e87721SMatt Gilbride KeyName resource, List<String> permissions) { 211*55e87721SMatt Gilbride TestIamPermissionsRequest request = 212*55e87721SMatt Gilbride TestIamPermissionsRequest.newBuilder() 213*55e87721SMatt Gilbride .setResource(resource == null ? null : resource.toString()) 214*55e87721SMatt Gilbride .addAllPermissions(permissions) 215*55e87721SMatt Gilbride .build(); 216*55e87721SMatt Gilbride return testIamPermissions(request); 217*55e87721SMatt Gilbride } 218*55e87721SMatt Gilbride 219*55e87721SMatt Gilbride // ADDED BY SYNTH 220*55e87721SMatt Gilbride /** 221*55e87721SMatt Gilbride * Returns permissions that a caller has on the specified resource. If the resource does not 222*55e87721SMatt Gilbride * exist, this will return an empty set of permissions, not a NOT_FOUND error. 223*55e87721SMatt Gilbride * 224*55e87721SMatt Gilbride * <p>Note: This operation is designed to be used for building permission-aware UIs and 225*55e87721SMatt Gilbride * command-line tools, not for authorization checking. This operation may "fail open" without 226*55e87721SMatt Gilbride * warning. 227*55e87721SMatt Gilbride * 228*55e87721SMatt Gilbride * <p>Sample code: 229*55e87721SMatt Gilbride * 230*55e87721SMatt Gilbride * <pre><code> 231*55e87721SMatt Gilbride * try (KeyManagementServiceClient keyManagementServiceClient = KeyManagementServiceClient.create()) { 232*55e87721SMatt Gilbride * KeyName resource = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]"); 233*55e87721SMatt Gilbride * List<String> permissions = new ArrayList<>(); 234*55e87721SMatt Gilbride * TestIamPermissionsResponse response = keyManagementServiceClient.testIamPermissions(resource.toString(), permissions); 235*55e87721SMatt Gilbride * } 236*55e87721SMatt Gilbride * </code></pre> 237*55e87721SMatt Gilbride * 238*55e87721SMatt Gilbride * @param resource REQUIRED: The resource for which the policy detail is being requested. See the 239*55e87721SMatt Gilbride * operation documentation for the appropriate value for this field. 240*55e87721SMatt Gilbride * @param permissions The set of permissions to check for the `resource`. Permissions with 241*55e87721SMatt Gilbride * wildcards (such as '*' or 'storage.*') are not allowed. For more information see 242*55e87721SMatt Gilbride * [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 243*55e87721SMatt Gilbride * @throws com.google.api.gax.rpc.ApiException if the remote call fails 244*55e87721SMatt Gilbride */ 245*55e87721SMatt Gilbride public final TestIamPermissionsResponse testIamPermissions( 246*55e87721SMatt Gilbride String resource, List<String> permissions) { 247*55e87721SMatt Gilbride TestIamPermissionsRequest request = 248*55e87721SMatt Gilbride TestIamPermissionsRequest.newBuilder() 249*55e87721SMatt Gilbride .setResource(resource) 250*55e87721SMatt Gilbride .addAllPermissions(permissions) 251*55e87721SMatt Gilbride .build(); 252*55e87721SMatt Gilbride return testIamPermissions(request); 253*55e87721SMatt Gilbride } 254*55e87721SMatt Gilbride""" 255*55e87721SMatt Gilbride 256*55e87721SMatt Gilbridefor library in s.get_staging_dirs(): 257*55e87721SMatt Gilbride # put any special-case replacements here 258*55e87721SMatt Gilbride s.replace( 259*55e87721SMatt Gilbride "**/KeyManagementServiceClient.java", 260*55e87721SMatt Gilbride ENCRYPT_INSERTION_POINT, 261*55e87721SMatt Gilbride "\g<1>\n\n" + ENCRYPT_METHOD 262*55e87721SMatt Gilbride ) 263*55e87721SMatt Gilbride 264*55e87721SMatt Gilbride s.replace( 265*55e87721SMatt Gilbride "**/KeyManagementServiceClient.java", 266*55e87721SMatt Gilbride GET_IAM_INSERTION_POINT, 267*55e87721SMatt Gilbride "\g<1>\n\n" + GET_IAM_METHODS 268*55e87721SMatt Gilbride ) 269*55e87721SMatt Gilbride 270*55e87721SMatt Gilbride s.replace( 271*55e87721SMatt Gilbride "**/KeyManagementServiceClient.java", 272*55e87721SMatt Gilbride SET_IAM_INSERTION_POINT, 273*55e87721SMatt Gilbride "\g<1>\n\n" + SET_IAM_METHODS 274*55e87721SMatt Gilbride ) 275*55e87721SMatt Gilbride 276*55e87721SMatt Gilbride s.replace( 277*55e87721SMatt Gilbride "**/KeyManagementServiceClient.java", 278*55e87721SMatt Gilbride TEST_IAM_INSERTION_POINT, 279*55e87721SMatt Gilbride "\g<1>\n\n" + TEST_IAM_METHODS 280*55e87721SMatt Gilbride ) 281*55e87721SMatt Gilbride 282*55e87721SMatt Gilbride s.replace( 283*55e87721SMatt Gilbride "**/KeyRingName.java", 284*55e87721SMatt Gilbride IMPLEMENTS_RESOURCE_NAME, 285*55e87721SMatt Gilbride EXTENDS_KEY_NAME 286*55e87721SMatt Gilbride ) 287*55e87721SMatt Gilbride 288*55e87721SMatt Gilbride s.replace( 289*55e87721SMatt Gilbride "**/CryptoKeyName.java", 290*55e87721SMatt Gilbride IMPLEMENTS_RESOURCE_NAME, 291*55e87721SMatt Gilbride EXTENDS_KEY_NAME) 292*55e87721SMatt Gilbride 293*55e87721SMatt Gilbride s.move(library) 294*55e87721SMatt Gilbride 295*55e87721SMatt Gilbrides.remove_staging_dirs() 296*55e87721SMatt Gilbridejava.common_templates(monorepo=True, excludes=[ 297*55e87721SMatt Gilbride ".github/*", 298*55e87721SMatt Gilbride ".kokoro/*", 299*55e87721SMatt Gilbride "samples/*", 300*55e87721SMatt Gilbride "CODE_OF_CONDUCT.md", 301*55e87721SMatt Gilbride "CONTRIBUTING.md", 302*55e87721SMatt Gilbride "LICENSE", 303*55e87721SMatt Gilbride "SECURITY.md", 304*55e87721SMatt Gilbride "java.header", 305*55e87721SMatt Gilbride "license-checks.xml", 306*55e87721SMatt Gilbride "renovate.json", 307*55e87721SMatt Gilbride ".gitignore" 308*55e87721SMatt Gilbride]) 309