feat(kms): add KMS Inventory API (#10945)

CHANGELOG.md

@@ -126,6 +126,10 @@ the APIs in these libraries are stable, and are ready for production use.
 - [Advisory Notifications](/google/cloud/advisorynotifications/README.md)
 - [API Keys](/google/cloud/apikeys/README.md)
 
+### [KMS](/google/cloud/kms/README.md)
+
+The library has been expanded to include the KMS Inventory API.
+
 ### [TPU](/google/cloud/tpu/README.md)
 
 The library has been expanded to include the TPU v2 API.

ci/etc/expected_install_directories

@@ -296,6 +296,10 @@
 ./include/google/cloud/iot/v1/internal
 ./include/google/cloud/iot/v1/mocks
 ./include/google/cloud/kms
+./include/google/cloud/kms/inventory
+./include/google/cloud/kms/inventory/v1
+./include/google/cloud/kms/inventory/v1/internal
+./include/google/cloud/kms/inventory/v1/mocks
 ./include/google/cloud/kms/mocks
 ./include/google/cloud/kms/v1
 ./include/google/cloud/kms/v1/internal

cmake/CompileProtos.cmake

@@ -270,6 +270,7 @@ function (google_cloud_cpp_load_protodeps var file)
 
     # Omit a target from deps.
     set(targets_to_omit
+        "google-cloud-cpp::cloud_kms_v1_kms_protos"
         "google-cloud-cpp::cloud_orgpolicy_v1_orgpolicy_protos"
         "google-cloud-cpp::cloud_oslogin_common_common_protos"
         "google-cloud-cpp::cloud_recommender_v1_recommender_protos"

external/googleapis/protodeps/kms.deps

@@ -4,3 +4,4 @@
 @com_google_googleapis//google/api:http_proto
 @com_google_googleapis//google/api:launch_stage_proto
 @com_google_googleapis//google/api:resource_proto
+@com_google_googleapis//google/cloud/kms/v1:kms_proto

external/googleapis/protolists/kms.list

@@ -1,3 +1,5 @@
+@com_google_googleapis//google/cloud/kms/inventory/v1:key_dashboard_service.proto
+@com_google_googleapis//google/cloud/kms/inventory/v1:key_tracking_service.proto
 @com_google_googleapis//google/cloud/kms/v1:ekm_service.proto
 @com_google_googleapis//google/cloud/kms/v1:resources.proto
 @com_google_googleapis//google/cloud/kms/v1:service.proto

external/googleapis/update_libraries.sh

@@ -133,7 +133,11 @@ declare -A -r LIBRARIES=(
   ["iap"]="@com_google_googleapis//google/cloud/iap/v1:iap_cc_grpc"
   ["ids"]="@com_google_googleapis//google/cloud/ids/v1:ids_cc_grpc"
   ["iot"]="@com_google_googleapis//google/cloud/iot/v1:iot_cc_grpc"
-  ["kms"]="@com_google_googleapis//google/cloud/kms/v1:kms_cc_grpc"
+  ["kms"]="$(
+    printf ",%s" \
+      "@com_google_googleapis//google/cloud/kms/v1:kms_cc_grpc" \
+      "@com_google_googleapis//google/cloud/kms/inventory/v1:inventory_cc_grpc"
+  )"
   ["language"]="@com_google_googleapis//google/cloud/language/v1:language_cc_grpc"
   ["logging_type"]="@com_google_googleapis//google/logging/type:type_cc_grpc"
   ["logging"]="@com_google_googleapis//google/logging/v2:logging_cc_grpc"

generator/generator_config.textproto

@@ -1086,6 +1086,20 @@ service {
   retryable_status_codes: ["kUnavailable"]
 }
 
+service {
+  service_proto_path: "google/cloud/kms/inventory/v1/key_dashboard_service.proto"
+  product_path: "google/cloud/kms/inventory/v1"
+  initial_copyright_year: "2023"
+  retryable_status_codes: ["kUnavailable"]
+}
+
+service {
+  service_proto_path: "google/cloud/kms/inventory/v1/key_tracking_service.proto"
+  product_path: "google/cloud/kms/inventory/v1"
+  initial_copyright_year: "2023"
+  retryable_status_codes: ["kUnavailable"]
+}
+
 # Language
 service {
   service_proto_path: "google/cloud/language/v1/language_service.proto"

google/cloud/kms/BUILD.bazel

@@ -18,6 +18,7 @@ licenses(["notice"])  # Apache 2.0
 
 service_dirs = [
     "",
+    "inventory/v1/",
     "v1/",
 ]
 
@@ -46,6 +47,7 @@ cc_library(
     deps = [
         "//:common",
         "//:grpc_utils",
+        "@com_google_googleapis//google/cloud/kms/inventory/v1:inventory_cc_grpc",
         "@com_google_googleapis//google/cloud/kms/v1:kms_cc_grpc",
     ],
 )

google/cloud/kms/CMakeLists.txt

@@ -24,7 +24,7 @@ set(DOXYGEN_EXAMPLE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/quickstart")
 
 unset(mocks_globs)
 unset(source_globs)
-set(service_dirs "" "v1/")
+set(service_dirs "" "inventory/v1/" "v1/")
 foreach (dir IN LISTS service_dirs)
     string(REPLACE "/" "_" ns "${dir}")
     list(APPEND source_globs "${dir}*.h" "${dir}*.cc" "${dir}internal/*")

google/cloud/kms/doc/main.dox

@@ -49,10 +49,18 @@ which should give you a taste of the KMS C++ client library API.
   `EndpointOption` (which defaults to "cloudkms.googleapis.com")
   used by `MakeEkmServiceConnection()`.
 
+- `GOOGLE_CLOUD_CPP_KEY_DASHBOARD_SERVICE_ENDPOINT=...` overrides the
+  `EndpointOption` (which defaults to "kmsinventory.googleapis.com")
+  used by `MakeKeyDashboardServiceConnection()`.
+
 - `GOOGLE_CLOUD_CPP_KEY_MANAGEMENT_SERVICE_ENDPOINT=...` overrides the
   `EndpointOption` (which defaults to "cloudkms.googleapis.com")
   used by `MakeKeyManagementServiceConnection()`.
 
+- `GOOGLE_CLOUD_CPP_KEY_TRACKING_SERVICE_ENDPOINT=...` overrides the
+  `EndpointOption` (which defaults to "kmsinventory.googleapis.com")
+  used by `MakeKeyTrackingServiceConnection()`.
+
 <!-- inject-endpoint-env-vars-end -->
 
 - `GOOGLE_CLOUD_CPP_ENABLE_TRACING=rpc` turns on tracing for most gRPC
@@ -100,11 +108,13 @@ library. Use the `google::cloud::EndpointOption` when initializing the client
 library to change this default.
 
 <!-- inject-endpoint-snippet-start -->
-For example, this will override the default endpoint for `kms_v1::EkmServiceClient`:
+For example, this will override the default endpoint for `kms_inventory_v1::KeyDashboardServiceClient`:
 
-@snippet ekm_client_samples.cc set-client-endpoint
+@snippet key_dashboard_client_samples.cc set-client-endpoint
 
 Follow these links to find examples for other \c *Client classes:
+ [kms_inventory_v1::KeyDashboardServiceClient](@ref kms_inventory_v1::KeyDashboardServiceClient-endpoint-snippet)
+ [kms_inventory_v1::KeyTrackingServiceClient](@ref kms_inventory_v1::KeyTrackingServiceClient-endpoint-snippet)
  [kms_v1::EkmServiceClient](@ref kms_v1::EkmServiceClient-endpoint-snippet)
  [kms_v1::KeyManagementServiceClient](@ref kms_v1::KeyManagementServiceClient-endpoint-snippet)
 
@@ -118,9 +128,11 @@ Some applications cannot use the default authentication mechanism (known as
 to explicitly load a service account key file.
 
 <!-- inject-service-account-snippet-start -->
-@snippet ekm_client_samples.cc with-service-account
+@snippet key_dashboard_client_samples.cc with-service-account
 
 Follow these links to find examples for other \c *Client classes:
+ [kms_inventory_v1::KeyDashboardServiceClient](@ref kms_inventory_v1::KeyDashboardServiceClient-service-account-snippet)
+ [kms_inventory_v1::KeyTrackingServiceClient](@ref kms_inventory_v1::KeyTrackingServiceClient-service-account-snippet)
  [kms_v1::EkmServiceClient](@ref kms_v1::EkmServiceClient-service-account-snippet)
  [kms_v1::KeyManagementServiceClient](@ref kms_v1::KeyManagementServiceClient-service-account-snippet)
 
@@ -152,6 +164,30 @@ can override the default policies.
 
 // <!-- inject-endpoint-pages-start -->
 
+/*! @page kms_inventory_v1::KeyDashboardServiceClient-endpoint-snippet Override kms_inventory_v1::KeyDashboardServiceClient Endpoint Configuration
+
+@snippet google/cloud/kms/inventory/v1/samples/key_dashboard_client_samples.cc set-client-endpoint
+
+*/
+
+/*! @page kms_inventory_v1::KeyDashboardServiceClient-service-account-snippet Override kms_inventory_v1::KeyDashboardServiceClient Authentication Defaults
+
+@snippet google/cloud/kms/inventory/v1/samples/key_dashboard_client_samples.cc with-service-account
+
+*/
+
+/*! @page kms_inventory_v1::KeyTrackingServiceClient-endpoint-snippet Override kms_inventory_v1::KeyTrackingServiceClient Endpoint Configuration
+
+@snippet google/cloud/kms/inventory/v1/samples/key_tracking_client_samples.cc set-client-endpoint
+
+*/
+
+/*! @page kms_inventory_v1::KeyTrackingServiceClient-service-account-snippet Override kms_inventory_v1::KeyTrackingServiceClient Authentication Defaults
+
+@snippet google/cloud/kms/inventory/v1/samples/key_tracking_client_samples.cc with-service-account
+
+*/
+
 /*! @page kms_v1::EkmServiceClient-endpoint-snippet Override kms_v1::EkmServiceClient Endpoint Configuration
 
 @snippet google/cloud/kms/v1/samples/ekm_client_samples.cc set-client-endpoint

google/cloud/kms/inventory/v1/internal/key_dashboard_auth_decorator.cc

@@ -0,0 +1,45 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Generated by the Codegen C++ plugin.
+// If you make any local changes, they will be lost.
+// source: google/cloud/kms/inventory/v1/key_dashboard_service.proto
+
+#include "google/cloud/kms/inventory/v1/internal/key_dashboard_auth_decorator.h"
+#include <google/cloud/kms/inventory/v1/key_dashboard_service.grpc.pb.h>
+#include <memory>
+
+namespace google {
+namespace cloud {
+namespace kms_inventory_v1_internal {
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN
+
+KeyDashboardServiceAuth::KeyDashboardServiceAuth(
+    std::shared_ptr<google::cloud::internal::GrpcAuthenticationStrategy> auth,
+    std::shared_ptr<KeyDashboardServiceStub> child)
+    : auth_(std::move(auth)), child_(std::move(child)) {}
+
+StatusOr<google::cloud::kms::inventory::v1::ListCryptoKeysResponse>
+KeyDashboardServiceAuth::ListCryptoKeys(
+    grpc::ClientContext& context,
+    google::cloud::kms::inventory::v1::ListCryptoKeysRequest const& request) {
+  auto status = auth_->ConfigureContext(context);
+  if (!status.ok()) return status;
+  return child_->ListCryptoKeys(context, request);
+}
+
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END
+}  // namespace kms_inventory_v1_internal
+}  // namespace cloud
+}  // namespace google

google/cloud/kms/inventory/v1/internal/key_dashboard_auth_decorator.h

@@ -0,0 +1,56 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Generated by the Codegen C++ plugin.
+// If you make any local changes, they will be lost.
+// source: google/cloud/kms/inventory/v1/key_dashboard_service.proto
+
+#ifndef GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_KMS_INVENTORY_V1_INTERNAL_KEY_DASHBOARD_AUTH_DECORATOR_H
+#define GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_KMS_INVENTORY_V1_INTERNAL_KEY_DASHBOARD_AUTH_DECORATOR_H
+
+#include "google/cloud/kms/inventory/v1/internal/key_dashboard_stub.h"
+#include "google/cloud/internal/unified_grpc_credentials.h"
+#include "google/cloud/version.h"
+#include <memory>
+#include <set>
+#include <string>
+
+namespace google {
+namespace cloud {
+namespace kms_inventory_v1_internal {
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN
+
+class KeyDashboardServiceAuth : public KeyDashboardServiceStub {
+ public:
+  ~KeyDashboardServiceAuth() override = default;
+  KeyDashboardServiceAuth(
+      std::shared_ptr<google::cloud::internal::GrpcAuthenticationStrategy> auth,
+      std::shared_ptr<KeyDashboardServiceStub> child);
+
+  StatusOr<google::cloud::kms::inventory::v1::ListCryptoKeysResponse>
+  ListCryptoKeys(grpc::ClientContext& context,
+                 google::cloud::kms::inventory::v1::ListCryptoKeysRequest const&
+                     request) override;
+
+ private:
+  std::shared_ptr<google::cloud::internal::GrpcAuthenticationStrategy> auth_;
+  std::shared_ptr<KeyDashboardServiceStub> child_;
+};
+
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END
+}  // namespace kms_inventory_v1_internal
+}  // namespace cloud
+}  // namespace google
+
+#endif  // GOOGLE_CLOUD_CPP_GOOGLE_CLOUD_KMS_INVENTORY_V1_INTERNAL_KEY_DASHBOARD_AUTH_DECORATOR_H

google/cloud/kms/inventory/v1/internal/key_dashboard_connection_impl.cc

@@ -0,0 +1,78 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Generated by the Codegen C++ plugin.
+// If you make any local changes, they will be lost.
+// source: google/cloud/kms/inventory/v1/key_dashboard_service.proto
+
+#include "google/cloud/kms/inventory/v1/internal/key_dashboard_connection_impl.h"
+#include "google/cloud/kms/inventory/v1/internal/key_dashboard_option_defaults.h"
+#include "google/cloud/background_threads.h"
+#include "google/cloud/common_options.h"
+#include "google/cloud/grpc_options.h"
+#include "google/cloud/internal/pagination_range.h"
+#include "google/cloud/internal/retry_loop.h"
+#include <memory>
+
+namespace google {
+namespace cloud {
+namespace kms_inventory_v1_internal {
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_BEGIN
+
+KeyDashboardServiceConnectionImpl::KeyDashboardServiceConnectionImpl(
+    std::unique_ptr<google::cloud::BackgroundThreads> background,
+    std::shared_ptr<kms_inventory_v1_internal::KeyDashboardServiceStub> stub,
+    Options options)
+    : background_(std::move(background)),
+      stub_(std::move(stub)),
+      options_(internal::MergeOptions(
+          std::move(options), KeyDashboardServiceConnection::options())) {}
+
+StreamRange<google::cloud::kms::v1::CryptoKey>
+KeyDashboardServiceConnectionImpl::ListCryptoKeys(
+    google::cloud::kms::inventory::v1::ListCryptoKeysRequest request) {
+  request.clear_page_token();
+  auto& stub = stub_;
+  auto retry =
+      std::shared_ptr<kms_inventory_v1::KeyDashboardServiceRetryPolicy const>(
+          retry_policy());
+  auto backoff = std::shared_ptr<BackoffPolicy const>(backoff_policy());
+  auto idempotency = idempotency_policy()->ListCryptoKeys(request);
+  char const* function_name = __func__;
+  return google::cloud::internal::MakePaginationRange<
+      StreamRange<google::cloud::kms::v1::CryptoKey>>(
+      std::move(request),
+      [stub, retry, backoff, idempotency, function_name](
+          google::cloud::kms::inventory::v1::ListCryptoKeysRequest const& r) {
+        return google::cloud::internal::RetryLoop(
+            retry->clone(), backoff->clone(), idempotency,
+            [stub](
+                grpc::ClientContext& context,
+                google::cloud::kms::inventory::v1::ListCryptoKeysRequest const&
+                    request) { return stub->ListCryptoKeys(context, request); },
+            r, function_name);
+      },
+      [](google::cloud::kms::inventory::v1::ListCryptoKeysResponse r) {
+        std::vector<google::cloud::kms::v1::CryptoKey> result(
+            r.crypto_keys().size());
+        auto& messages = *r.mutable_crypto_keys();
+        std::move(messages.begin(), messages.end(), result.begin());
+        return result;
+      });
+}
+
+GOOGLE_CLOUD_CPP_INLINE_NAMESPACE_END
+}  // namespace kms_inventory_v1_internal
+}  // namespace cloud
+}  // namespace google