feat(kms): Support for the autokey service (#25877)

google-cloud-kms/AUTHENTICATION.md

@@ -56,7 +56,7 @@ To configure a credentials file for an individual client initialization:
 ```ruby
 require "google/cloud/kms"
 
-client = Google::Cloud::Kms.ekm_service do |config|
+client = Google::Cloud::Kms.autokey do |config|
   config.credentials = "path/to/credentialfile.json"
 end
 ```
@@ -70,7 +70,7 @@ Google::Cloud::Kms.configure do |config|
   config.credentials = "path/to/credentialfile.json"
 end
 
-client = Google::Cloud::Kms.ekm_service
+client = Google::Cloud::Kms.autokey
 ```
 
 ### Environment Variables
@@ -100,7 +100,7 @@ require "google/cloud/kms"
 
 ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
 
-client = Google::Cloud::Kms.ekm_service
+client = Google::Cloud::Kms.autokey
 ```
 
 ### Local ADC file

google-cloud-kms/Rakefile

@@ -57,8 +57,8 @@ task :acceptance, :project, :keyfile do |t, args|
   if project.nil? || keyfile.nil?
     fail "You must provide a project and keyfile. e.g. rake acceptance[test123, /path/to/keyfile.json] or KMS_TEST_PROJECT=test123 KMS_TEST_KEYFILE=/path/to/keyfile.json rake acceptance"
   end
-  require "google/cloud/kms/v1/ekm_service/credentials"
-  ::Google::Cloud::Kms::V1::EkmService::Credentials.env_vars.each do |path|
+  require "google/cloud/kms/v1/autokey/credentials"
+  ::Google::Cloud::Kms::V1::Autokey::Credentials.env_vars.each do |path|
     ENV[path] = nil
   end
   ENV["KMS_PROJECT"] = project

google-cloud-kms/google-cloud-kms.gemspec

@@ -23,5 +23,5 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = ">= 2.7"
 
   gem.add_dependency "google-cloud-core", "~> 1.6"
-  gem.add_dependency "google-cloud-kms-v1", ">= 0.24", "< 2.a"
+  gem.add_dependency "google-cloud-kms-v1", ">= 0.26", "< 2.a"
 end

google-cloud-kms/lib/google/cloud/kms.rb

@@ -45,6 +45,96 @@
 module Google
   module Cloud
     module Kms
+      ##
+      # Create a new client object for Autokey.
+      #
+      # By default, this returns an instance of
+      # [Google::Cloud::Kms::V1::Autokey::Client](https://cloud.google.com/ruby/docs/reference/google-cloud-kms-v1/latest/Google-Cloud-Kms-V1-Autokey-Client)
+      # for a gRPC client for version V1 of the API.
+      # However, you can specify a different API version by passing it in the
+      # `version` parameter. If the Autokey service is
+      # supported by that API version, and the corresponding gem is available, the
+      # appropriate versioned client will be returned.
+      # You can also specify a different transport by passing `:rest` or `:grpc` in
+      # the `transport` parameter.
+      #
+      # ## About Autokey
+      #
+      # Provides interfaces for using Cloud KMS Autokey to provision new
+      # CryptoKeys, ready for Customer Managed
+      # Encryption Key (CMEK) use, on-demand. To support certain client tooling, this
+      # feature is modeled around a KeyHandle
+      # resource: creating a KeyHandle in a resource
+      # project and given location triggers Cloud KMS Autokey to provision a
+      # CryptoKey in the configured key project and
+      # the same location.
+      #
+      # Prior to use in a given resource project,
+      # UpdateAutokeyConfig
+      # should have been called on an ancestor folder, setting the key project where
+      # Cloud KMS Autokey should create new
+      # CryptoKeys. See documentation for additional
+      # prerequisites. To check what key project, if any, is currently configured on
+      # a resource project's ancestor folder, see
+      # ShowEffectiveAutokeyConfig.
+      #
+      # @param version [::String, ::Symbol] The API version to connect to. Optional.
+      #   Defaults to `:v1`.
+      # @param transport [:grpc, :rest] The transport to use. Defaults to `:grpc`.
+      # @return [::Object] A client object for the specified version.
+      #
+      def self.autokey version: :v1, transport: :grpc, &block
+        require "google/cloud/kms/#{version.to_s.downcase}"
+
+        package_name = Google::Cloud::Kms
+                       .constants
+                       .select { |sym| sym.to_s.downcase == version.to_s.downcase.tr("_", "") }
+                       .first
+        service_module = Google::Cloud::Kms.const_get(package_name).const_get(:Autokey)
+        service_module = service_module.const_get(:Rest) if transport == :rest
+        service_module.const_get(:Client).new(&block)
+      end
+
+      ##
+      # Create a new client object for AutokeyAdmin.
+      #
+      # By default, this returns an instance of
+      # [Google::Cloud::Kms::V1::AutokeyAdmin::Client](https://cloud.google.com/ruby/docs/reference/google-cloud-kms-v1/latest/Google-Cloud-Kms-V1-AutokeyAdmin-Client)
+      # for a gRPC client for version V1 of the API.
+      # However, you can specify a different API version by passing it in the
+      # `version` parameter. If the AutokeyAdmin service is
+      # supported by that API version, and the corresponding gem is available, the
+      # appropriate versioned client will be returned.
+      # You can also specify a different transport by passing `:rest` or `:grpc` in
+      # the `transport` parameter.
+      #
+      # ## About AutokeyAdmin
+      #
+      # Provides interfaces for managing Cloud KMS Autokey folder-level
+      # configurations. A configuration is inherited by all descendent projects. A
+      # configuration at one folder overrides any other configurations in its
+      # ancestry. Setting a configuration on a folder is a prerequisite for Cloud KMS
+      # Autokey, so that users working in a descendant project can request
+      # provisioned CryptoKeys, ready for Customer
+      # Managed Encryption Key (CMEK) use, on-demand.
+      #
+      # @param version [::String, ::Symbol] The API version to connect to. Optional.
+      #   Defaults to `:v1`.
+      # @param transport [:grpc, :rest] The transport to use. Defaults to `:grpc`.
+      # @return [::Object] A client object for the specified version.
+      #
+      def self.autokey_admin version: :v1, transport: :grpc, &block
+        require "google/cloud/kms/#{version.to_s.downcase}"
+
+        package_name = Google::Cloud::Kms
+                       .constants
+                       .select { |sym| sym.to_s.downcase == version.to_s.downcase.tr("_", "") }
+                       .first
+        service_module = Google::Cloud::Kms.const_get(package_name).const_get(:AutokeyAdmin)
+        service_module = service_module.const_get(:Rest) if transport == :rest
+        service_module.const_get(:Client).new(&block)
+      end
+
       ##
       # Create a new client object for EkmService.
       #

google-cloud-kms/test/google/cloud/kms/client_test.rb

@@ -33,6 +33,44 @@ def universe_domain
     end
   end
 
+  def test_autokey_grpc
+    Gapic::ServiceStub.stub :new, DummyStub.new do
+      grpc_channel = GRPC::Core::Channel.new "localhost:8888", nil, :this_channel_is_insecure
+      client = Google::Cloud::Kms.autokey transport: :grpc do |config|
+        config.credentials = grpc_channel
+      end
+      assert_kind_of Google::Cloud::Kms::V1::Autokey::Client, client
+    end
+  end
+
+  def test_autokey_rest
+    Gapic::Rest::ClientStub.stub :new, DummyStub.new do
+      client = Google::Cloud::Kms.autokey transport: :rest do |config|
+        config.credentials = :dummy_credentials
+      end
+      assert_kind_of Google::Cloud::Kms::V1::Autokey::Rest::Client, client
+    end
+  end
+
+  def test_autokey_admin_grpc
+    Gapic::ServiceStub.stub :new, DummyStub.new do
+      grpc_channel = GRPC::Core::Channel.new "localhost:8888", nil, :this_channel_is_insecure
+      client = Google::Cloud::Kms.autokey_admin transport: :grpc do |config|
+        config.credentials = grpc_channel
+      end
+      assert_kind_of Google::Cloud::Kms::V1::AutokeyAdmin::Client, client
+    end
+  end
+
+  def test_autokey_admin_rest
+    Gapic::Rest::ClientStub.stub :new, DummyStub.new do
+      client = Google::Cloud::Kms.autokey_admin transport: :rest do |config|
+        config.credentials = :dummy_credentials
+      end
+      assert_kind_of Google::Cloud::Kms::V1::AutokeyAdmin::Rest::Client, client
+    end
+  end
+
   def test_ekm_service_grpc
     Gapic::ServiceStub.stub :new, DummyStub.new do
       grpc_channel = GRPC::Core::Channel.new "localhost:8888", nil, :this_channel_is_insecure