feat: add support for external key manager (via synth) (#8)

This PR was generated using Autosynth. 🌈


<details><summary>Log from Synthtool</summary>

```
2020-04-09 05:17:46,671 synthtool > Executing /tmpfs/src/git/autosynth/working_repo/synth.py.
On branch autosynth
nothing to commit, working tree clean
2020-04-09 05:17:46,744 synthtool > Ensuring dependencies.
2020-04-09 05:17:46,749 synthtool > Pulling artman image.
latest: Pulling from googleapis/artman
fe703b657a32: Pulling fs layer
f9df1fafd224: Pulling fs layer
a645a4b887f9: Pulling fs layer
57db7fe0b522: Pulling fs layer
21813e587ee0: Pulling fs layer
c1a422e3936c: Pulling fs layer
7896fdb9a0c9: Pulling fs layer
0de4b0ae0d3f: Pulling fs layer
01bd40777c31: Pulling fs layer
56b5bb33902f: Pulling fs layer
1614ad0d8336: Pulling fs layer
1966fa070a3e: Pulling fs layer
bdec75005236: Pulling fs layer
926959728054: Pulling fs layer
6336bbde4243: Pulling fs layer
528525f78682: Pulling fs layer
e563a20cd63b: Pulling fs layer
5c8b90802b46: Pulling fs layer
1779990e45c7: Pulling fs layer
b5fe0cb05c88: Pulling fs layer
09523ca76318: Pulling fs layer
a097eb4cee97: Pulling fs layer
45a97578bd37: Pulling fs layer
1abced54aff8: Pulling fs layer
32448d22ea50: Pulling fs layer
cca4a4de1600: Pulling fs layer
bd1b621d3208: Pulling fs layer
690f3c005fd3: Pulling fs layer
7896fdb9a0c9: Waiting
0de4b0ae0d3f: Waiting
01bd40777c31: Waiting
56b5bb33902f: Waiting
1614ad0d8336: Waiting
1966fa070a3e: Waiting
bdec75005236: Waiting
926959728054: Waiting
57db7fe0b522: Waiting
21813e587ee0: Waiting
c1a422e3936c: Waiting
6336bbde4243: Waiting
528525f78682: Waiting
e563a20cd63b: Waiting
5c8b90802b46: Waiting
1779990e45c7: Waiting
b5fe0cb05c88: Waiting
09523ca76318: Waiting
a097eb4cee97: Waiting
45a97578bd37: Waiting
1abced54aff8: Waiting
32448d22ea50: Waiting
cca4a4de1600: Waiting
bd1b621d3208: Waiting
690f3c005fd3: Waiting
a645a4b887f9: Download complete
f9df1fafd224: Verifying Checksum
f9df1fafd224: Download complete
57db7fe0b522: Verifying Checksum
57db7fe0b522: Download complete
fe703b657a32: Verifying Checksum
fe703b657a32: Download complete
21813e587ee0: Verifying Checksum
21813e587ee0: Download complete
7896fdb9a0c9: Verifying Checksum
7896fdb9a0c9: Download complete
0de4b0ae0d3f: Verifying Checksum
0de4b0ae0d3f: Download complete
56b5bb33902f: Verifying Checksum
56b5bb33902f: Download complete
01bd40777c31: Verifying Checksum
01bd40777c31: Download complete
1966fa070a3e: Verifying Checksum
1966fa070a3e: Download complete
1614ad0d8336: Verifying Checksum
1614ad0d8336: Download complete
926959728054: Verifying Checksum
926959728054: Download complete
c1a422e3936c: Verifying Checksum
c1a422e3936c: Download complete
6336bbde4243: Verifying Checksum
6336bbde4243: Download complete
fe703b657a32: Pull complete
528525f78682: Verifying Checksum
528525f78682: Download complete
e563a20cd63b: Verifying Checksum
e563a20cd63b: Download complete
f9df1fafd224: Pull complete
a645a4b887f9: Pull complete
bdec75005236: Verifying Checksum
bdec75005236: Download complete
57db7fe0b522: Pull complete
5c8b90802b46: Verifying Checksum
5c8b90802b46: Download complete
1779990e45c7: Verifying Checksum
1779990e45c7: Download complete
09523ca76318: Verifying Checksum
09523ca76318: Download complete
45a97578bd37: Verifying Checksum
45a97578bd37: Download complete
1abced54aff8: Verifying Checksum
1abced54aff8: Download complete
32448d22ea50: Verifying Checksum
32448d22ea50: Download complete
21813e587ee0: Pull complete
b5fe0cb05c88: Verifying Checksum
b5fe0cb05c88: Download complete
cca4a4de1600: Download complete
bd1b621d3208: Download complete
690f3c005fd3: Verifying Checksum
690f3c005fd3: Download complete
c1a422e3936c: Pull complete
7896fdb9a0c9: Pull complete
0de4b0ae0d3f: Pull complete
01bd40777c31: Pull complete
56b5bb33902f: Pull complete
a097eb4cee97: Verifying Checksum
a097eb4cee97: Download complete
1614ad0d8336: Pull complete
1966fa070a3e: Pull complete
bdec75005236: Pull complete
926959728054: Pull complete
6336bbde4243: Pull complete
528525f78682: Pull complete
e563a20cd63b: Pull complete
5c8b90802b46: Pull complete
1779990e45c7: Pull complete
b5fe0cb05c88: Pull complete
09523ca76318: Pull complete
a097eb4cee97: Pull complete
45a97578bd37: Pull complete
1abced54aff8: Pull complete
32448d22ea50: Pull complete
cca4a4de1600: Pull complete
bd1b621d3208: Pull complete
690f3c005fd3: Pull complete
Digest: sha256:ef1a5b367dbe1e37cea1c7c814c801a638473e8dd66f87f4a2b8c2a146013673
Status: Downloaded newer image for googleapis/artman:latest
2020-04-09 05:18:30,711 synthtool > Cloning googleapis.
2020-04-09 05:18:31,217 synthtool > Running generator for google/cloud/kms/artman_cloudkms.yaml.
2020-04-09 05:18:57,649 synthtool > Generated code into /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1.
2020-04-09 05:18:57,650 synthtool > Copy: /home/kbuilder/.cache/synthtool/googleapis/google/cloud/kms/v1/service.proto to /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto/service.proto
2020-04-09 05:18:57,650 synthtool > Copy: /home/kbuilder/.cache/synthtool/googleapis/google/cloud/kms/v1/resources.proto to /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto/resources.proto
2020-04-09 05:18:57,650 synthtool > Placed proto files into /home/kbuilder/.cache/synthtool/googleapis/artman-genfiles/python/kms-v1/google/cloud/kms_v1/proto.
2020-04-09 05:18:57,679 synthtool > Replaced 'from google.iam.v1 import iam_policy_pb2' in google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py.
.coveragerc
.flake8
.github/CONTRIBUTING.md
.github/ISSUE_TEMPLATE/bug_report.md
.github/ISSUE_TEMPLATE/feature_request.md
.github/ISSUE_TEMPLATE/support_request.md
.github/PULL_REQUEST_TEMPLATE.md
.github/release-please.yml
.gitignore
.kokoro/build.sh
.kokoro/continuous/common.cfg
.kokoro/continuous/continuous.cfg
.kokoro/docs/common.cfg
.kokoro/docs/docs.cfg
.kokoro/presubmit/common.cfg
.kokoro/presubmit/presubmit.cfg
.kokoro/publish-docs.sh
.kokoro/release.sh
.kokoro/release/common.cfg
.kokoro/release/release.cfg
.kokoro/trampoline.sh
CODE_OF_CONDUCT.md
CONTRIBUTING.rst
LICENSE
MANIFEST.in
docs/_static/custom.css
docs/_templates/layout.html
docs/conf.py.j2
noxfile.py.j2
renovate.json
setup.cfg
Running session blacken
Creating virtual environment (virtualenv) using python3.6 in .nox/blacken
pip install black==19.3b0
black docs google tests noxfile.py setup.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/__init__.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/enums.py
reformatted /tmpfs/src/git/autosynth/working_repo/docs/conf.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/key_management_service_client_config.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/resources_pb2_grpc.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/transports/key_management_service_grpc_transport.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/service_pb2_grpc.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/types.py
reformatted /tmpfs/src/git/autosynth/working_repo/noxfile.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/gapic/key_management_service_client.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/resources_pb2.py
reformatted /tmpfs/src/git/autosynth/working_repo/tests/unit/gapic/v1/test_key_management_service_client_v1.py
reformatted /tmpfs/src/git/autosynth/working_repo/google/cloud/kms_v1/proto/service_pb2.py
All done! ✨ 🍰 ✨
16 files reformatted, 5 files left unchanged.
Session blacken was successful.
2020-04-09 05:19:04,531 synthtool > Wrote metadata to synth.metadata.

```
</details>

Author: yoshi-automation

.coveragerc

@@ -1,3 +1,19 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # Generated by synthtool. DO NOT EDIT!
 [run]
 branch = True

.flake8

@@ -1,3 +1,19 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # Generated by synthtool. DO NOT EDIT!
 [flake8]
 ignore = E203, E266, E501, W503

.github/ISSUE_TEMPLATE/bug_report.md

@@ -11,8 +11,7 @@ Thanks for stopping by to let us know something could be better!
 Please run down the following list and make sure you've tried the usual "quick fixes":
 
   - Search the issues already opened: https://github.com/googleapis/python-kms/issues
-  - Search the issues on our "catch-all" repository: https://github.com/googleapis/google-cloud-python
-  - Search StackOverflow: http://stackoverflow.com/questions/tagged/google-cloud-platform+python
+  - Search StackOverflow: https://stackoverflow.com/questions/tagged/google-cloud-platform+python
 
 If you are still having issues, please be sure to include as much information as possible:
 

CONTRIBUTING.rst

@@ -22,7 +22,7 @@ In order to add a feature:
   documentation.
 
 - The feature must work fully on the following CPython versions:  2.7,
-  3.5, 3.6, and 3.7 on both UNIX and Windows.
+  3.5, 3.6, 3.7 and 3.8 on both UNIX and Windows.
 
 - The feature must not add unnecessary dependencies (where
   "unnecessary" is of course subjective, but new dependencies should
@@ -214,26 +214,18 @@ We support:
 -  `Python 3.5`_
 -  `Python 3.6`_
 -  `Python 3.7`_
+-  `Python 3.8`_
 
 .. _Python 3.5: https://docs.python.org/3.5/
 .. _Python 3.6: https://docs.python.org/3.6/
 .. _Python 3.7: https://docs.python.org/3.7/
+.. _Python 3.8: https://docs.python.org/3.8/
 
 
 Supported versions can be found in our ``noxfile.py`` `config`_.
 
 .. _config: https://github.com/googleapis/python-kms/blob/master/noxfile.py
 
-We explicitly decided not to support `Python 2.5`_ due to `decreased usage`_
-and lack of continuous integration `support`_.
-
-.. _Python 2.5: https://docs.python.org/2.5/
-.. _decreased usage: https://caremad.io/2013/10/a-look-at-pypi-downloads/
-.. _support: https://blog.travis-ci.com/2013-11-18-upcoming-build-environment-updates/
-
-We have `dropped 2.6`_ as a supported version as well since Python 2.6 is no
-longer supported by the core development team.
-
 Python 2.7 support is deprecated. All code changes should maintain Python 2.7 compatibility until January 1, 2020.
 
 We also explicitly decided to support Python 3 beginning with version
@@ -247,7 +239,6 @@ We also explicitly decided to support Python 3 beginning with version
 .. _prominent: https://docs.djangoproject.com/en/1.9/faq/install/#what-python-version-can-i-use-with-django
 .. _projects: http://flask.pocoo.org/docs/0.10/python3/
 .. _Unicode literal support: https://www.python.org/dev/peps/pep-0414/
-.. _dropped 2.6: https://github.com/googleapis/google-cloud-python/issues/995
 
 **********
 Versioning

MANIFEST.in

@@ -1,3 +1,19 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # Generated by synthtool. DO NOT EDIT!
 include README.rst LICENSE
 recursive-include google *.json *.proto

google/cloud/kms_v1/gapic/enums.py

@@ -114,6 +114,7 @@ class CryptoKeyVersionAlgorithm(enum.IntEnum):
           RSA_DECRYPT_OAEP_4096_SHA512 (int): RSAES-OAEP 4096 bit key with a SHA512 digest.
           EC_SIGN_P256_SHA256 (int): ECDSA on the NIST P-256 curve with a SHA256 digest.
           EC_SIGN_P384_SHA384 (int): ECDSA on the NIST P-384 curve with a SHA384 digest.
+          EXTERNAL_SYMMETRIC_ENCRYPTION (int): Algorithm representing symmetric encryption by an external key manager.
         """
 
         CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0
@@ -132,6 +133,7 @@ class CryptoKeyVersionAlgorithm(enum.IntEnum):
         RSA_DECRYPT_OAEP_4096_SHA512 = 17
         EC_SIGN_P256_SHA256 = 12
         EC_SIGN_P384_SHA384 = 13
+        EXTERNAL_SYMMETRIC_ENCRYPTION = 18
 
     class CryptoKeyVersionState(enum.IntEnum):
         """

google/cloud/kms_v1/gapic/key_management_service_client.py

@@ -117,6 +117,7 @@ def crypto_key_path_path(cls, project, location, key_ring, crypto_key_path):
     def crypto_key_version_path(
         cls, project, location, key_ring, crypto_key, crypto_key_version
     ):
+
         """Return a fully-qualified crypto_key_version string."""
         return google.api_core.path_template.expand(
             "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}",
@@ -1676,7 +1677,8 @@ def encrypt(
             >>>
             >>> client = kms_v1.KeyManagementServiceClient()
             >>>
-            >>> name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]')
+            >>> # TODO: Initialize `name`:
+            >>> name = ''
             >>>
             >>> # TODO: Initialize `plaintext`:
             >>> plaintext = b''
@@ -2320,7 +2322,8 @@ def set_iam_policy(
             >>>
             >>> client = kms_v1.KeyManagementServiceClient()
             >>>
-            >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
+            >>> # TODO: Initialize `resource`:
+            >>> resource = ''
             >>>
             >>> # TODO: Initialize `policy`:
             >>> policy = {}
@@ -2402,7 +2405,8 @@ def get_iam_policy(
             >>>
             >>> client = kms_v1.KeyManagementServiceClient()
             >>>
-            >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
+            >>> # TODO: Initialize `resource`:
+            >>> resource = ''
             >>>
             >>> response = client.get_iam_policy(resource)
 
@@ -2486,7 +2490,8 @@ def test_iam_permissions(
             >>>
             >>> client = kms_v1.KeyManagementServiceClient()
             >>>
-            >>> resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
+            >>> # TODO: Initialize `resource`:
+            >>> resource = ''
             >>>
             >>> # TODO: Initialize `permissions`:
             >>> permissions = []

google/cloud/kms_v1/proto/resources.proto

@@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC.
+// Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,11 +16,11 @@ syntax = "proto3";
 
 package google.cloud.kms.v1;
 
-import "google/api/annotations.proto";
 import "google/api/field_behavior.proto";
 import "google/api/resource.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
 
 option cc_enable_arenas = true;
 option csharp_namespace = "Google.Cloud.Kms.V1";
@@ -142,11 +142,6 @@ message CryptoKey {
   map<string, string> labels = 10;
 }
 
-option (google.api.resource_definition) = {
-    type: "cloudkms.googleapis.com/CryptoKey"
-    pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key_path=**}"
-};
-
 // A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating
 // a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with
 // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
@@ -289,6 +284,9 @@ message CryptoKeyVersion {
 
     // ECDSA on the NIST P-384 curve with a SHA384 digest.
     EC_SIGN_P384_SHA384 = 13;
+
+    // Algorithm representing symmetric encryption by an external key manager.
+    EXTERNAL_SYMMETRIC_ENCRYPTION = 18;
   }
 
   // The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.
@@ -395,11 +393,21 @@ message CryptoKeyVersion {
   // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
   // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
   string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // ExternalProtectionLevelOptions stores a group of additional fields for
+  // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
+  // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
+  ExternalProtectionLevelOptions external_protection_level_options = 17;
 }
 
 // The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via
 // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
 message PublicKey {
+  option (google.api.resource) = {
+    type: "cloudkms.googleapis.com/PublicKey"
+    pattern: "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}/publicKey"
+  };
+
   // The public key, encoded in PEM format. For more information, see the
   // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
   // [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
@@ -565,3 +573,11 @@ enum ProtectionLevel {
   // Crypto operations are performed by an external key manager.
   EXTERNAL = 3;
 }
+
+// ExternalProtectionLevelOptions stores a group of additional fields for
+// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
+// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
+message ExternalProtectionLevelOptions {
+  // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
+  string external_key_uri = 1;
+}