| Server IP : 103.119.228.120 / Your IP : 3.139.67.228 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/lib/mysqlsh/lib/python3.9/site-packages/oci/key_management/ |
Upload File : |
# coding: utf-8
# Copyright (c) 2016, 2024, Oracle and/or its affiliates. All rights reserved.
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
# NOTE: This class is auto generated by OracleSDKGenerator. DO NOT EDIT. API Version: release
from __future__ import absolute_import
from oci._vendor import requests # noqa: F401
from oci._vendor import six
from oci import retry, circuit_breaker # noqa: F401
from oci.base_client import BaseClient
from oci.config import get_config_value_or_default, validate_config
from oci.signer import Signer
from oci.util import Sentinel, get_signer_from_authentication_type, AUTHENTICATION_TYPE_FIELD_NAME
from oci.util import back_up_body_calculate_stream_content_length, is_content_length_calculable_by_req_util
from oci.exceptions import InvalidAlloyConfig
from oci.alloy import OCI_SDK_ENABLED_SERVICES_SET
from .models import key_management_type_mapping
missing = Sentinel("Missing")
class KmsManagementClient(object):
"""
Use the Key Management API to manage vaults and keys. For more information, see [Managing Vaults](/Content/KeyManagement/Tasks/managingvaults.htm) and [Managing Keys](/Content/KeyManagement/Tasks/managingkeys.htm).
"""
def __init__(self, config, service_endpoint, **kwargs):
"""
Creates a new service client
:param dict config:
Configuration keys and values as per `SDK and Tool Configuration <https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm>`__.
The :py:meth:`~oci.config.from_file` method can be used to load configuration from a file. Alternatively, a ``dict`` can be passed. You can validate_config
the dict using :py:meth:`~oci.config.validate_config`
:param str service_endpoint:
The endpoint of the service to call using this client. For example ``https://iaas.us-ashburn-1.oraclecloud.com``.
:param timeout: (optional)
The connection and read timeouts for the client. The default values are connection timeout 10 seconds and read timeout 60 seconds. This keyword argument can be provided
as a single float, in which case the value provided is used for both the read and connection timeouts, or as a tuple of two floats. If
a tuple is provided then the first value is used as the connection timeout and the second value as the read timeout.
:type timeout: float or tuple(float, float)
:param signer: (optional)
The signer to use when signing requests made by the service client. The default is to use a :py:class:`~oci.signer.Signer` based on the values
provided in the config parameter.
One use case for this parameter is for `Instance Principals authentication <https://docs.cloud.oracle.com/Content/Identity/Tasks/callingservicesfrominstances.htm>`__
by passing an instance of :py:class:`~oci.auth.signers.InstancePrincipalsSecurityTokenSigner` as the value for this keyword argument
:type signer: :py:class:`~oci.signer.AbstractBaseSigner`
:param obj retry_strategy: (optional)
A retry strategy to apply to all calls made by this service client (i.e. at the client level). There is no retry strategy applied by default.
Retry strategies can also be applied at the operation level by passing a ``retry_strategy`` keyword argument as part of calling the operation.
Any value provided at the operation level will override whatever is specified at the client level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. A convenience :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY`
is also available. The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
:param obj circuit_breaker_strategy: (optional)
A circuit breaker strategy to apply to all calls made by this service client (i.e. at the client level).
This client uses :py:data:`~oci.circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY` as default if no circuit breaker strategy is provided.
The specifics of circuit breaker strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/circuit_breakers.html>`__.
:param function circuit_breaker_callback: (optional)
Callback function to receive any exceptions triggerred by the circuit breaker.
:param bool client_level_realm_specific_endpoint_template_enabled: (optional)
A boolean flag to indicate whether or not this client should be created with realm specific endpoint template enabled or disable. By default, this will be set as None.
:param allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this client should allow control characters in the response object. By default, the client will not
allow control characters to be in the response object.
"""
if not OCI_SDK_ENABLED_SERVICES_SET.is_service_enabled("key_management"):
raise InvalidAlloyConfig("The Alloy configuration has disabled this service, this behavior is controlled by OCI_SDK_ENABLED_SERVICES_SET variable. Please check if your local alloy-config file configured the service you're targeting or contact the cloud provider on the availability of this service")
validate_config(config, signer=kwargs.get('signer'))
if 'signer' in kwargs:
signer = kwargs['signer']
elif AUTHENTICATION_TYPE_FIELD_NAME in config:
signer = get_signer_from_authentication_type(config)
else:
signer = Signer(
tenancy=config["tenancy"],
user=config["user"],
fingerprint=config["fingerprint"],
private_key_file_location=config.get("key_file"),
pass_phrase=get_config_value_or_default(config, "pass_phrase"),
private_key_content=config.get("key_content")
)
base_client_init_kwargs = {
'regional_client': False,
'service_endpoint': service_endpoint,
'base_path': '/',
'service_endpoint_template': 'https://kms.{region}.{secondLevelDomain}',
'service_endpoint_template_per_realm': { }, # noqa: E201 E202
'skip_deserialization': kwargs.get('skip_deserialization', False),
'circuit_breaker_strategy': kwargs.get('circuit_breaker_strategy', circuit_breaker.GLOBAL_CIRCUIT_BREAKER_STRATEGY),
'client_level_realm_specific_endpoint_template_enabled': kwargs.get('client_level_realm_specific_endpoint_template_enabled')
}
if 'timeout' in kwargs:
base_client_init_kwargs['timeout'] = kwargs.get('timeout')
if base_client_init_kwargs.get('circuit_breaker_strategy') is None:
base_client_init_kwargs['circuit_breaker_strategy'] = circuit_breaker.DEFAULT_CIRCUIT_BREAKER_STRATEGY
if 'allow_control_chars' in kwargs:
base_client_init_kwargs['allow_control_chars'] = kwargs.get('allow_control_chars')
self.base_client = BaseClient("kms_management", config, signer, key_management_type_mapping, **base_client_init_kwargs)
self.retry_strategy = kwargs.get('retry_strategy')
self.circuit_breaker_callback = kwargs.get('circuit_breaker_callback')
def backup_key(self, key_id, **kwargs):
"""
Backs up an encrypted file that contains all key versions and metadata of the specified key so that you can restore
the key later. The file also contains the metadata of the vault that the key belonged to.
:param str key_id: (required)
The OCID of the key.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param oci.key_management.models.BackupKeyDetails backup_key_details: (optional)
BackupKeyDetails
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/backup_key.py.html>`__ to see an example of how to use backup_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/backup"
method = "POST"
operation_name = "backup_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/BackupKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token",
"backup_key_details"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"backup_key got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=kwargs.get('backup_key_details'),
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=kwargs.get('backup_key_details'),
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def cancel_key_deletion(self, key_id, **kwargs):
"""
Cancels the scheduled deletion of the specified key. Canceling
a scheduled deletion restores the key's lifecycle state to what
it was before its scheduled deletion.
As a provisioning operation, this call is subject to a Key Management limit that applies to
the total number of requests across all provisioning write operations. Key Management might
throttle this call to reject an otherwise valid request when the total rate of provisioning
write operations exceeds 10 requests per second for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/cancel_key_deletion.py.html>`__ to see an example of how to use cancel_key_deletion API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/cancelDeletion"
method = "POST"
operation_name = "cancel_key_deletion"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/CancelKeyDeletion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"cancel_key_deletion got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def cancel_key_version_deletion(self, key_id, key_version_id, **kwargs):
"""
Cancels the scheduled deletion of the specified key version. Canceling
a scheduled deletion restores the key version to its lifecycle state from
before its scheduled deletion.
As a provisioning operation, this call is subject to a Key Management limit that applies to
the total number of requests across all provisioning write operations. Key Management might
throttle this call to reject an otherwise valid request when the total rate of provisioning
write operations exceeds 10 requests per second for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str key_version_id: (required)
The OCID of the key version.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.KeyVersion`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/cancel_key_version_deletion.py.html>`__ to see an example of how to use cancel_key_version_deletion API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId', 'keyVersionId']
resource_path = "/20180608/keys/{keyId}/keyVersions/{keyVersionId}/actions/cancelDeletion"
method = "POST"
operation_name = "cancel_key_version_deletion"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/CancelKeyVersionDeletion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"cancel_key_version_deletion got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id,
"keyVersionId": key_version_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def change_key_compartment(self, key_id, change_key_compartment_details, **kwargs):
"""
Moves a key into a different compartment within the same tenancy. For information about
moving resources between compartments, see `Moving Resources to a Different Compartment`__.
When provided, if-match is checked against the ETag values of the key.
As a provisioning operation, this call is subject to a Key Management limit that applies to
the total number of requests across all provisioning write operations. Key Management might
throttle this call to reject an otherwise valid request when the total rate of provisioning
write operations exceeds 10 requests per second for a given tenancy.
__ https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#moveRes
:param str key_id: (required)
The OCID of the key.
:param oci.key_management.models.ChangeKeyCompartmentDetails change_key_compartment_details: (required)
Details of change key compartment.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type None
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/change_key_compartment.py.html>`__ to see an example of how to use change_key_compartment API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/changeCompartment"
method = "POST"
operation_name = "change_key_compartment"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/ChangeKeyCompartment"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"change_key_compartment got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=change_key_compartment_details,
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=change_key_compartment_details,
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def create_key(self, create_key_details, **kwargs):
"""
Creates a new master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total
number of requests across all management write operations. Key Management might throttle this call
to reject an otherwise valid request when the total rate of management write operations exceeds 10
requests per second for a given tenancy.
:param oci.key_management.models.CreateKeyDetails create_key_details: (required)
CreateKeyDetails
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/create_key.py.html>`__ to see an example of how to use create_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = []
resource_path = "/20180608/keys"
method = "POST"
operation_name = "create_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/CreateKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"create_key got unknown kwargs: {extra_kwargs!r}")
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
header_params=header_params,
body=create_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
header_params=header_params,
body=create_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def create_key_version(self, key_id, **kwargs):
"""
Generates a new `KeyVersion`__ resource that provides new cryptographic
material for a master encryption key. The key must be in an `ENABLED` state to be rotated.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management write operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management write operations exceeds 10 requests per second
for a given tenancy.
__ https://docs.cloud.oracle.com/api/#/en/key/latest/KeyVersion/
:param str key_id: (required)
The OCID of the key.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param oci.key_management.models.ExternalKeyVersionReference create_key_metadata_details: (optional)
CreateKeyMetadataDetails
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.KeyVersion`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/create_key_version.py.html>`__ to see an example of how to use create_key_version API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/keyVersions"
method = "POST"
operation_name = "create_key_version"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/CreateKeyVersion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id",
"opc_retry_token",
"create_key_metadata_details"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"create_key_version got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=kwargs.get('create_key_metadata_details'),
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=kwargs.get('create_key_metadata_details'),
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def disable_key(self, key_id, **kwargs):
"""
Disables a master encryption key so it can no longer be used for encryption, decryption, or
generating new data encryption keys.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management write operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management write operations exceeds 10 requests per second
for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/disable_key.py.html>`__ to see an example of how to use disable_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/disable"
method = "POST"
operation_name = "disable_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/DisableKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"disable_key got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def enable_key(self, key_id, **kwargs):
"""
Enables a master encryption key so it can be used for encryption, decryption, or
generating new data encryption keys.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management write operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management write operations exceeds 10 requests per second
for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/enable_key.py.html>`__ to see an example of how to use enable_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/enable"
method = "POST"
operation_name = "enable_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/EnableKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"enable_key got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def get_key(self, key_id, **kwargs):
"""
Gets information about the specified master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management read operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management read operations exceeds 10 requests per second for
a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/get_key.py.html>`__ to see an example of how to use get_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}"
method = "GET"
operation_name = "get_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/GetKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"get_key got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def get_key_version(self, key_id, key_version_id, **kwargs):
"""
Gets information about the specified key version.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management read operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management read operations exceeds 10 requests per second
for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str key_version_id: (required)
The OCID of the key version.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.KeyVersion`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/get_key_version.py.html>`__ to see an example of how to use get_key_version API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId', 'keyVersionId']
resource_path = "/20180608/keys/{keyId}/keyVersions/{keyVersionId}"
method = "GET"
operation_name = "get_key_version"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/GetKeyVersion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"get_key_version got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id,
"keyVersionId": key_version_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def get_replication_status(self, replication_id, **kwargs):
"""
When a vault has a replica, each operation on the vault or its resources, such as
keys, is replicated and has an associated replicationId. Replication status provides
details about whether the operation associated with the given replicationId has been
successfully applied across replicas.
:param str replication_id: (required)
replicationId associated with an operation on a resource
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.ReplicationStatusDetails`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/get_replication_status.py.html>`__ to see an example of how to use get_replication_status API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['replicationId']
resource_path = "/20180608/replicaOperations/{replicationId}/status"
method = "GET"
operation_name = "get_replication_status"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/ReplicationStatusDetails/GetReplicationStatus"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"get_replication_status got unknown kwargs: {extra_kwargs!r}")
path_params = {
"replicationId": replication_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="ReplicationStatusDetails",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
response_type="ReplicationStatusDetails",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def get_wrapping_key(self, **kwargs):
"""
Gets details about the public RSA wrapping key associated with the vault in the endpoint. Each vault has an RSA key-pair that wraps and
unwraps AES key material for import into Key Management.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.WrappingKey`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/get_wrapping_key.py.html>`__ to see an example of how to use get_wrapping_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = []
resource_path = "/20180608/wrappingKeys"
method = "GET"
operation_name = "get_wrapping_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/WrappingKey/GetWrappingKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"get_wrapping_key got unknown kwargs: {extra_kwargs!r}")
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
header_params=header_params,
response_type="WrappingKey",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
header_params=header_params,
response_type="WrappingKey",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def import_key(self, import_key_details, **kwargs):
"""
Imports AES and RSA keys to create a new key. The key material must be base64-encoded
and wrapped by the vault's public RSA wrapping key before you can import it.
Key Management supports both RSA and AES keys. The AES keys are symmetric keys
of length 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes), and the RSA keys are asymmetric keys of length 2048 bits (256 bytes), 3072 bits (384 bytes), and 4096 bits (512 bytes).
Furthermore, the key length must match what you specify at the time of import. When importing an asymmetric key,
only private key must be wrapped in PKCS8 format while the corresponding public key is generated internally by KMS.
:param oci.key_management.models.ImportKeyDetails import_key_details: (required)
ImportKeyDetails
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/import_key.py.html>`__ to see an example of how to use import_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = []
resource_path = "/20180608/keys/import"
method = "POST"
operation_name = "import_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/ImportKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"import_key got unknown kwargs: {extra_kwargs!r}")
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
header_params=header_params,
body=import_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
header_params=header_params,
body=import_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def import_key_version(self, key_id, import_key_version_details, **kwargs):
"""
Imports AES key material to create a new key version and then rotate the key to begin using the new
key version. The key material must be base64-encoded and wrapped by the vault's public RSA wrapping key
before you can import it. Key Management supports AES symmetric keys that are exactly 16, 24, or 32 bytes.
Furthermore, the key length must match the length of the specified key and what you specify as the length
at the time of import. When importing an asymmetric key, only the private key must be wrapped in PKCS8 format
while the corresponding public key is generated internally by KMS.
:param str key_id: (required)
The OCID of the key.
:param oci.key_management.models.ImportKeyVersionDetails import_key_version_details: (required)
ImportKeyVersionDetails
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.KeyVersion`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/import_key_version.py.html>`__ to see an example of how to use import_key_version API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/keyVersions/import"
method = "POST"
operation_name = "import_key_version"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/ImportKeyVersion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"import_key_version got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=import_key_version_details,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=import_key_version_details,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def list_key_versions(self, key_id, **kwargs):
"""
Lists all `KeyVersion`__ resources for the specified
master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management read operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management read operations exceeds 10 requests per second
for a given tenancy.
__ https://docs.cloud.oracle.com/api/#/en/key/latest/KeyVersion/
:param str key_id: (required)
The OCID of the key.
:param int limit: (optional)
The maximum number of items to return in a paginated \"List\" call.
:param str page: (optional)
The value of the `opc-next-page` response header
from the previous \"List\" call.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str sort_by: (optional)
The field to sort by. You can specify only one sort order. The default
order for `TIMECREATED` is descending. The default order for `DISPLAYNAME`
is ascending.
Allowed values are: "TIMECREATED", "DISPLAYNAME"
:param str sort_order: (optional)
The sort order to use, either ascending (`ASC`) or descending (`DESC`).
Allowed values are: "ASC", "DESC"
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type list of :class:`~oci.key_management.models.KeyVersionSummary`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/list_key_versions.py.html>`__ to see an example of how to use list_key_versions API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/keyVersions"
method = "GET"
operation_name = "list_key_versions"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersionSummary/ListKeyVersions"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"limit",
"page",
"opc_request_id",
"sort_by",
"sort_order"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"list_key_versions got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
if 'sort_by' in kwargs:
sort_by_allowed_values = ["TIMECREATED", "DISPLAYNAME"]
if kwargs['sort_by'] not in sort_by_allowed_values:
raise ValueError(
f"Invalid value for `sort_by`, must be one of { sort_by_allowed_values }"
)
if 'sort_order' in kwargs:
sort_order_allowed_values = ["ASC", "DESC"]
if kwargs['sort_order'] not in sort_order_allowed_values:
raise ValueError(
f"Invalid value for `sort_order`, must be one of { sort_order_allowed_values }"
)
query_params = {
"limit": kwargs.get("limit", missing),
"page": kwargs.get("page", missing),
"sortBy": kwargs.get("sort_by", missing),
"sortOrder": kwargs.get("sort_order", missing)
}
query_params = {k: v for (k, v) in six.iteritems(query_params) if v is not missing and v is not None}
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
query_params=query_params,
header_params=header_params,
response_type="list[KeyVersionSummary]",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
query_params=query_params,
header_params=header_params,
response_type="list[KeyVersionSummary]",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def list_keys(self, compartment_id, **kwargs):
"""
Lists the master encryption keys in the specified vault and compartment.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management read operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management read operations exceeds 10 requests per second
for a given tenancy.
:param str compartment_id: (required)
The OCID of the compartment.
:param int limit: (optional)
The maximum number of items to return in a paginated \"List\" call.
:param str page: (optional)
The value of the `opc-next-page` response header
from the previous \"List\" call.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str sort_by: (optional)
The field to sort by. You can specify only one sort order. The default
order for `TIMECREATED` is descending. The default order for `DISPLAYNAME`
is ascending.
Allowed values are: "TIMECREATED", "DISPLAYNAME"
:param str sort_order: (optional)
The sort order to use, either ascending (`ASC`) or descending (`DESC`).
Allowed values are: "ASC", "DESC"
:param str protection_mode: (optional)
A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A
protection mode of `HSM` means that the key persists on a hardware security module (HSM) and all cryptographic operations are
performed inside the HSM. A protection mode of `SOFTWARE` means that the key persists on the server, protected by the vault's
RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of
`SOFTWARE` are performed on the server.
A protection mode of `EXTERNAL` mean that the key persists on the customer's external key manager which is hosted externally outside of oracle.
Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of `EXTERNAL` are performed by external key manager.
Allowed values are: "HSM", "SOFTWARE", "EXTERNAL"
:param str algorithm: (optional)
The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
Allowed values are: "AES", "RSA", "ECDSA"
:param int length: (optional)
The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
:param str curve_id: (optional)
The curve ID of the keys. (This pertains only to ECDSA keys.)
Allowed values are: "NIST_P256", "NIST_P384", "NIST_P521"
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type list of :class:`~oci.key_management.models.KeySummary`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/list_keys.py.html>`__ to see an example of how to use list_keys API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['compartmentId']
resource_path = "/20180608/keys"
method = "GET"
operation_name = "list_keys"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeySummary/ListKeys"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"limit",
"page",
"opc_request_id",
"sort_by",
"sort_order",
"protection_mode",
"algorithm",
"length",
"curve_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"list_keys got unknown kwargs: {extra_kwargs!r}")
if 'sort_by' in kwargs:
sort_by_allowed_values = ["TIMECREATED", "DISPLAYNAME"]
if kwargs['sort_by'] not in sort_by_allowed_values:
raise ValueError(
f"Invalid value for `sort_by`, must be one of { sort_by_allowed_values }"
)
if 'sort_order' in kwargs:
sort_order_allowed_values = ["ASC", "DESC"]
if kwargs['sort_order'] not in sort_order_allowed_values:
raise ValueError(
f"Invalid value for `sort_order`, must be one of { sort_order_allowed_values }"
)
if 'protection_mode' in kwargs:
protection_mode_allowed_values = ["HSM", "SOFTWARE", "EXTERNAL"]
if kwargs['protection_mode'] not in protection_mode_allowed_values:
raise ValueError(
f"Invalid value for `protection_mode`, must be one of { protection_mode_allowed_values }"
)
if 'algorithm' in kwargs:
algorithm_allowed_values = ["AES", "RSA", "ECDSA"]
if kwargs['algorithm'] not in algorithm_allowed_values:
raise ValueError(
f"Invalid value for `algorithm`, must be one of { algorithm_allowed_values }"
)
if 'curve_id' in kwargs:
curve_id_allowed_values = ["NIST_P256", "NIST_P384", "NIST_P521"]
if kwargs['curve_id'] not in curve_id_allowed_values:
raise ValueError(
f"Invalid value for `curve_id`, must be one of { curve_id_allowed_values }"
)
query_params = {
"compartmentId": compartment_id,
"limit": kwargs.get("limit", missing),
"page": kwargs.get("page", missing),
"sortBy": kwargs.get("sort_by", missing),
"sortOrder": kwargs.get("sort_order", missing),
"protectionMode": kwargs.get("protection_mode", missing),
"algorithm": kwargs.get("algorithm", missing),
"length": kwargs.get("length", missing),
"curveId": kwargs.get("curve_id", missing)
}
query_params = {k: v for (k, v) in six.iteritems(query_params) if v is not missing and v is not None}
header_params = {
"accept": "application/json",
"content-type": "application/json",
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
query_params=query_params,
header_params=header_params,
response_type="list[KeySummary]",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
query_params=query_params,
header_params=header_params,
response_type="list[KeySummary]",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def restore_key_from_file(self, restore_key_from_file_details, **kwargs):
"""
Restores the specified key to the specified vault, based on information in the backup file provided.
If the vault doesn't exist, the operation returns a response with a 404 HTTP status error code. You
need to first restore the vault associated with the key.
:param stream restore_key_from_file_details: (required)
The encrypted backup file to upload to restore the key.
:param int content_length: (optional)
The content length of the body.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str content_md5: (optional)
The base64-encoded MD5 hash value of the body, as described in `RFC 2616`__, section 14.15.
If the Content-MD5 header is present, Key Management performs an integrity check on the body of the HTTP request by computing the MD5
hash for the body and comparing it to the MD5 hash supplied in the header. If the two hashes don't match, the object is rejected and
a response with 400 Unmatched Content MD5 error is returned, along with the message: \"The computed MD5 of the request body (ACTUAL_MD5)
does not match the Content-MD5 header (HEADER_MD5).\"
__ https://tools.ietf.org/rfc/rfc2616
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:param int buffer_limit: (optional)
A buffer limit for the stream to be buffered. buffer_limit is used to set the buffer size capacity. Streams will be read until the size of the buffer reaches the buffer_limit.
If the stream size is greater than the buffer_limit, a BufferError exception will be thrown.
The buffer_limit parameter is used when the stream object does not have a `seek`, `tell`, or `fileno` property for the Python Request library to calculate out the content length.
If buffer_limit is not passed, then the buffer_limit will be defaulted to 100MB.
Large streams can cause the process to freeze, consider passing in content-length for large streams instead.
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/restore_key_from_file.py.html>`__ to see an example of how to use restore_key_from_file API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = []
resource_path = "/20180608/keys/actions/restoreFromFile"
method = "POST"
operation_name = "restore_key_from_file"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/RestoreKeyFromFile"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"buffer_limit",
"content_length",
"if_match",
"content_md5",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"restore_key_from_file got unknown kwargs: {extra_kwargs!r}")
header_params = {
"accept": "application/json",
"content-length": kwargs.get("content_length", missing),
"if-match": kwargs.get("if_match", missing),
"content-md5": kwargs.get("content_md5", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
# If the body parameter is optional we need to assign it to a variable so additional type checking can be performed.
try:
restore_key_from_file_details
except NameError:
restore_key_from_file_details = kwargs.get("restore_key_from_file_details", missing)
if restore_key_from_file_details is not missing and restore_key_from_file_details is not None:
if (not isinstance(restore_key_from_file_details, (six.binary_type, six.string_types)) and
not hasattr(restore_key_from_file_details, "read")):
raise TypeError('The body must be a string, bytes, or provide a read() method.')
if hasattr(restore_key_from_file_details, 'fileno') and hasattr(restore_key_from_file_details, 'name') and restore_key_from_file_details.name != '<stdin>':
if requests.utils.super_len(restore_key_from_file_details) == 0:
header_params['Content-Length'] = '0'
# If content length is not given and stream object have no 'fileno' and is not a string or bytes, try to calculate content length
elif 'Content-Length' not in header_params and not is_content_length_calculable_by_req_util(restore_key_from_file_details):
calculated_obj = back_up_body_calculate_stream_content_length(restore_key_from_file_details, kwargs.get("buffer_limit"))
header_params['Content-Length'] = calculated_obj["content_length"]
restore_key_from_file_details = calculated_obj["byte_content"]
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
header_params=header_params,
body=restore_key_from_file_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
header_params=header_params,
body=restore_key_from_file_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def restore_key_from_object_store(self, **kwargs):
"""
Restores the specified key to the specified vault from an Oracle Cloud Infrastructure
Object Storage location. If the vault doesn't exist, the operation returns a response with a
404 HTTP status error code. You need to first restore the vault associated with the key.
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param oci.key_management.models.RestoreKeyFromObjectStoreDetails restore_key_from_object_store_details: (optional)
Location to restore the backup from
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/restore_key_from_object_store.py.html>`__ to see an example of how to use restore_key_from_object_store API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = []
resource_path = "/20180608/keys/actions/restoreFromObjectStore"
method = "POST"
operation_name = "restore_key_from_object_store"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/RestoreKeyFromObjectStore"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token",
"restore_key_from_object_store_details"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"restore_key_from_object_store got unknown kwargs: {extra_kwargs!r}")
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
header_params=header_params,
body=kwargs.get('restore_key_from_object_store_details'),
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
header_params=header_params,
body=kwargs.get('restore_key_from_object_store_details'),
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def schedule_key_deletion(self, key_id, schedule_key_deletion_details, **kwargs):
"""
Schedules the deletion of the specified key. This sets the lifecycle state of the key
to `PENDING_DELETION` and then deletes it after the specified retention period ends.
As a provisioning operation, this call is subject to a Key Management limit that applies to
the total number of requests across all provisioning write operations. Key Management might
throttle this call to reject an otherwise valid request when the total rate of provisioning
write operations exceeds 10 requests per second for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param oci.key_management.models.ScheduleKeyDeletionDetails schedule_key_deletion_details: (required)
ScheduleKeyDeletionDetails
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/schedule_key_deletion.py.html>`__ to see an example of how to use schedule_key_deletion API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}/actions/scheduleDeletion"
method = "POST"
operation_name = "schedule_key_deletion"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/ScheduleKeyDeletion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"schedule_key_deletion got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=schedule_key_deletion_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=schedule_key_deletion_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def schedule_key_version_deletion(self, key_id, key_version_id, schedule_key_version_deletion_details, **kwargs):
"""
Schedules the deletion of the specified key version. This sets the lifecycle state of the key version
to `PENDING_DELETION` and then deletes it after the specified retention period ends.
As a provisioning operation, this call is subject to a Key Management limit that applies to
the total number of requests across all provisioning write operations. Key Management might
throttle this call to reject an otherwise valid request when the total rate of provisioning
write operations exceeds 10 requests per second for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param str key_version_id: (required)
The OCID of the key version.
:param oci.key_management.models.ScheduleKeyVersionDeletionDetails schedule_key_version_deletion_details: (required)
ScheduleKeyVersionDeletionDetails
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param str opc_retry_token: (optional)
A token that uniquely identifies a request so it can be retried in case
of a timeout or server error without risk of executing that same action
again. Retry tokens expire after 24 hours, but can be invalidated
before then due to conflicting operations (e.g., if a resource has been
deleted and purged from the system, then a retry of the original
creation request may be rejected).
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.KeyVersion`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/schedule_key_version_deletion.py.html>`__ to see an example of how to use schedule_key_version_deletion API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId', 'keyVersionId']
resource_path = "/20180608/keys/{keyId}/keyVersions/{keyVersionId}/actions/scheduleDeletion"
method = "POST"
operation_name = "schedule_key_version_deletion"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/KeyVersion/ScheduleKeyVersionDeletion"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id",
"opc_retry_token"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"schedule_key_version_deletion got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id,
"keyVersionId": key_version_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing),
"opc-retry-token": kwargs.get("opc_retry_token", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_retry_token_if_needed(header_params)
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=schedule_key_version_deletion_details,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=schedule_key_version_deletion_details,
response_type="KeyVersion",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
def update_key(self, key_id, update_key_details, **kwargs):
"""
Updates the properties of a master encryption key. Specifically, you can update the
`displayName`, `freeformTags`, and `definedTags` properties. Furthermore,
the key must be in an `ENABLED` or `CREATING` state to be updated.
As a management operation, this call is subject to a Key Management limit that applies to the total number
of requests across all management write operations. Key Management might throttle this call to reject an
otherwise valid request when the total rate of management write operations exceeds 10 requests per second
for a given tenancy.
:param str key_id: (required)
The OCID of the key.
:param oci.key_management.models.UpdateKeyDetails update_key_details: (required)
UpdateKeyDetails
:param str if_match: (optional)
For optimistic concurrency control. In the PUT or DELETE call for a
resource, set the `if-match` parameter to the value of the etag from a
previous GET or POST response for that resource. The resource will be
updated or deleted only if the etag you provide matches the resource's
current etag value.
:param str opc_request_id: (optional)
Unique identifier for the request. If provided, the returned request ID
will include this value. Otherwise, a random request ID will be
generated by the service.
:param obj retry_strategy: (optional)
A retry strategy to apply to this specific operation/call. This will override any retry strategy set at the client-level.
This should be one of the strategies available in the :py:mod:`~oci.retry` module. This operation will not retry by default, users can also use the convenient :py:data:`~oci.retry.DEFAULT_RETRY_STRATEGY` provided by the SDK to enable retries for it.
The specifics of the default retry strategy are described `here <https://docs.oracle.com/en-us/iaas/tools/python/latest/sdk_behaviors/retries.html>`__.
To have this operation explicitly not perform any retries, pass an instance of :py:class:`~oci.retry.NoneRetryStrategy`.
:param bool allow_control_chars: (optional)
allow_control_chars is a boolean to indicate whether or not this request should allow control characters in the response object.
By default, the response will not allow control characters in strings
:return: A :class:`~oci.response.Response` object with data of type :class:`~oci.key_management.models.Key`
:rtype: :class:`~oci.response.Response`
:example:
Click `here <https://docs.cloud.oracle.com/en-us/iaas/tools/python-sdk-examples/2.133.0/keymanagement/update_key.py.html>`__ to see an example of how to use update_key API.
"""
# Required path and query arguments. These are in camelCase to replace values in service endpoints.
required_arguments = ['keyId']
resource_path = "/20180608/keys/{keyId}"
method = "PUT"
operation_name = "update_key"
api_reference_link = "https://docs.oracle.com/iaas/api/#/en/key/release/Key/UpdateKey"
# Don't accept unknown kwargs
expected_kwargs = [
"allow_control_chars",
"retry_strategy",
"if_match",
"opc_request_id"
]
extra_kwargs = [_key for _key in six.iterkeys(kwargs) if _key not in expected_kwargs]
if extra_kwargs:
raise ValueError(
f"update_key got unknown kwargs: {extra_kwargs!r}")
path_params = {
"keyId": key_id
}
path_params = {k: v for (k, v) in six.iteritems(path_params) if v is not missing}
for (k, v) in six.iteritems(path_params):
if v is None or (isinstance(v, six.string_types) and len(v.strip()) == 0):
raise ValueError(f'Parameter {k} cannot be None, whitespace or empty string')
header_params = {
"accept": "application/json",
"content-type": "application/json",
"if-match": kwargs.get("if_match", missing),
"opc-request-id": kwargs.get("opc_request_id", missing)
}
header_params = {k: v for (k, v) in six.iteritems(header_params) if v is not missing and v is not None}
retry_strategy = self.base_client.get_preferred_retry_strategy(
operation_retry_strategy=kwargs.get('retry_strategy'),
client_retry_strategy=self.retry_strategy
)
if retry_strategy:
if not isinstance(retry_strategy, retry.NoneRetryStrategy):
self.base_client.add_opc_client_retries_header(header_params)
retry_strategy.add_circuit_breaker_callback(self.circuit_breaker_callback)
return retry_strategy.make_retrying_call(
self.base_client.call_api,
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=update_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)
else:
return self.base_client.call_api(
resource_path=resource_path,
method=method,
path_params=path_params,
header_params=header_params,
body=update_key_details,
response_type="Key",
allow_control_chars=kwargs.get('allow_control_chars'),
operation_name=operation_name,
api_reference_link=api_reference_link,
required_arguments=required_arguments)