Provides interfaces for using Cloud KMS Autokey to provision new [CryptoKeys][google.cloud.kms.v1.CryptoKey], ready for Customer Managed Encryption Key (CMEK) use, on-demand.
To support certain client tooling, this feature is modeled around a KeyHandle resource: creating a KeyHandle in a resource project and given location triggers Cloud KMS Autokey to provision a [CryptoKey][google.cloud.kms.v1.CryptoKey] in the configured key project and the same location.
Prior to use in a given resource project, [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig] should have been called on an ancestor folder, setting the key project where Cloud KMS Autokey should create new [CryptoKeys][google.cloud.kms.v1.CryptoKey]. See documentation for additional prerequisites. To check what key project, if any, is currently configured on a resource project's ancestor folder, see [ShowEffectiveAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig].
Equality
Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection>
objects compare equal. Objects that compare equal share the same underlying resources.
Performance
Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.
Thread Safety
Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.
Constructors
AutokeyClient(AutokeyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
AutokeyClient const &
|
AutokeyClient(AutokeyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
AutokeyClient &&
|
AutokeyClient(std::shared_ptr< AutokeyConnection >, Options)
Parameters | |
---|---|
Name | Description |
connection |
std::shared_ptr< AutokeyConnection >
|
opts |
Options
|
Operators
operator=(AutokeyClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
AutokeyClient const &
|
Returns | |
---|---|
Type | Description |
AutokeyClient & |
operator=(AutokeyClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
AutokeyClient &&
|
Returns | |
---|---|
Type | Description |
AutokeyClient & |
Functions
CreateKeyHandle(std::string const &, google::cloud::kms::v1::KeyHandle const &, std::string const &, Options)
Creates a new KeyHandle, triggering the provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK use with the given resource type in the configured key project and the same location.
GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and [CryptoKey][google.cloud.kms.v1.CryptoKey].
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. Name of the resource project and location to create the KeyHandle in, e.g. |
key_handle |
google::cloud::kms::v1::KeyHandle const &
Required. KeyHandle to create. |
key_handle_id |
std::string const &
Optional. Id of the KeyHandle. Must be unique to the resource project and location. If not provided by the caller, a new UUID is used. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
future< StatusOr< google::cloud::kms::v1::KeyHandle > > |
A |
CreateKeyHandle(NoAwaitTag, std::string const &, google::cloud::kms::v1::KeyHandle const &, std::string const &, Options)
Creates a new KeyHandle, triggering the provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK use with the given resource type in the configured key project and the same location.
Specifying the NoAwaitTag
immediately returns the [google::longrunning::Operation
] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.
Parameters | |
---|---|
Name | Description |
|
NoAwaitTag
|
parent |
std::string const &
|
key_handle |
google::cloud::kms::v1::KeyHandle const &
|
key_handle_id |
std::string const &
|
opts |
Options
|
Returns | |
---|---|
Type | Description |
StatusOr< google::longrunning::Operation > |
CreateKeyHandle(google::cloud::kms::v1::CreateKeyHandleRequest const &, Options)
Creates a new KeyHandle, triggering the provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK use with the given resource type in the configured key project and the same location.
GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and [CryptoKey][google.cloud.kms.v1.CryptoKey].
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::CreateKeyHandleRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
future< StatusOr< google::cloud::kms::v1::KeyHandle > > |
A |
CreateKeyHandle(NoAwaitTag, google::cloud::kms::v1::CreateKeyHandleRequest const &, Options)
Creates a new KeyHandle, triggering the provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK use with the given resource type in the configured key project and the same location.
Specifying the NoAwaitTag
immediately returns the [google::longrunning::Operation
] that corresponds to the Long Running Operation that has been started. No polling for operation status occurs.
Parameters | |
---|---|
Name | Description |
|
NoAwaitTag
|
request |
google::cloud::kms::v1::CreateKeyHandleRequest const &
|
opts |
Options
|
Returns | |
---|---|
Type | Description |
StatusOr< google::longrunning::Operation > |
CreateKeyHandle(google::longrunning::Operation const &, Options)
Creates a new KeyHandle, triggering the provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK use with the given resource type in the configured key project and the same location.
This method accepts a google::longrunning::Operation
that corresponds to a previously started Long Running Operation (LRO) and polls the status of the LRO in the background.
Parameters | |
---|---|
Name | Description |
operation |
google::longrunning::Operation const &
|
opts |
Options
|
Returns | |
---|---|
Type | Description |
future< StatusOr< google::cloud::kms::v1::KeyHandle > > |
GetKeyHandle(std::string const &, Options)
Returns the KeyHandle.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. Name of the KeyHandle resource, e.g. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyHandle > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyHandle) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetKeyHandle(google::cloud::kms::v1::GetKeyHandleRequest const &, Options)
Returns the KeyHandle.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetKeyHandleRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyHandle > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyHandle) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
ListKeyHandles(std::string const &, Options)
Lists KeyHandles.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. Name of the resource project and location from which to list KeyHandles, e.g. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::KeyHandle > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListKeyHandles(google::cloud::kms::v1::ListKeyHandlesRequest, Options)
Lists KeyHandles.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ListKeyHandlesRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::KeyHandle > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListLocations(google::cloud::location::ListLocationsRequest, Options)
Lists information about the supported locations for this service.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::location::ListLocationsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::location::Location > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
GetLocation(google::cloud::location::GetLocationRequest const &, Options)
Gets information about a location.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::location::GetLocationRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::location::Location > |
the result of the RPC. The response message type (google.cloud.location.Location) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
SetIamPolicy(google::iam::v1::SetIamPolicyRequest const &, Options)
Sets the access control policy on the specified resource.
Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
Parameters | |
---|---|
Name | Description |
request |
google::iam::v1::SetIamPolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::iam::v1::Policy > |
the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetIamPolicy(google::iam::v1::GetIamPolicyRequest const &, Options)
Gets the access control policy for a resource.
Returns an empty policy if the resource exists and does not have a policy set.
Parameters | |
---|---|
Name | Description |
request |
google::iam::v1::GetIamPolicyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::iam::v1::Policy > |
the result of the RPC. The response message type (google.iam.v1.Policy) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
TestIamPermissions(google::iam::v1::TestIamPermissionsRequest const &, Options)
Returns permissions that a caller has on the specified resource.
If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
Parameters | |
---|---|
Name | Description |
request |
google::iam::v1::TestIamPermissionsRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::iam::v1::TestIamPermissionsResponse > |
the result of the RPC. The response message type (google.iam.v1.TestIamPermissionsResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetOperation(std::string const &, Options)
Gets the latest state of a long-running operation.
Clients can use this method to poll the operation result at intervals as recommended by the API service.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
The name of the operation resource. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::longrunning::Operation > |
the result of the RPC. The response message type (google.longrunning.Operation) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetOperation(google::longrunning::GetOperationRequest const &, Options)
Gets the latest state of a long-running operation.
Clients can use this method to poll the operation result at intervals as recommended by the API service.
Parameters | |
---|---|
Name | Description |
request |
google::longrunning::GetOperationRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::longrunning::Operation > |
the result of the RPC. The response message type (google.longrunning.Operation) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |