Mercurial > repos > shellac > guppy_basecaller
diff env/lib/python3.7/site-packages/boto/kms/layer1.py @ 5:9b1c78e6ba9c draft default tip
"planemo upload commit 6c0a8142489327ece472c84e558c47da711a9142"
| author | shellac |
|---|---|
| date | Mon, 01 Jun 2020 08:59:25 -0400 |
| parents | 79f47841a781 |
| children |
line wrap: on
line diff
--- a/env/lib/python3.7/site-packages/boto/kms/layer1.py Thu May 14 16:47:39 2020 -0400 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,821 +0,0 @@ -# Copyright (c) 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved -# -# Permission is hereby granted, free of charge, to any person obtaining a -# copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, dis- -# tribute, sublicense, and/or sell copies of the Software, and to permit -# persons to whom the Software is furnished to do so, subject to the fol- -# lowing conditions: -# -# The above copyright notice and this permission notice shall be included -# in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- -# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, -# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. -# - -import boto -from boto.compat import json -from boto.connection import AWSQueryConnection -from boto.regioninfo import RegionInfo -from boto.exception import JSONResponseError -from boto.kms import exceptions -from boto.compat import six -import base64 - - -class KMSConnection(AWSQueryConnection): - """ - AWS Key Management Service - AWS Key Management Service (KMS) is an encryption and key - management web service. This guide describes the KMS actions that - you can call programmatically. For general information about KMS, - see (need an address here). For the KMS developer guide, see (need - address here). - - AWS provides SDKs that consist of libraries and sample code for - various programming languages and platforms (Java, Ruby, .Net, - iOS, Android, etc.). The SDKs provide a convenient way to create - programmatic access to KMS and AWS. For example, the SDKs take - care of tasks such as signing requests (see below), managing - errors, and retrying requests automatically. For more information - about the AWS SDKs, including how to download and install them, - see `Tools for Amazon Web Services`_. - - We recommend that you use the AWS SDKs to make programmatic API - calls to KMS. However, you can also use the KMS Query API to make - to make direct calls to the KMS web service. - - **Signing Requests** - - Requests must be signed by using an access key ID and a secret - access key. We strongly recommend that you do not use your AWS - account access key ID and secret key for everyday work with KMS. - Instead, use the access key ID and secret access key for an IAM - user, or you can use the AWS Security Token Service to generate - temporary security credentials that you can use to sign requests. - - All KMS operations require `Signature Version 4`_. - - **Recording API Requests** - - KMS supports AWS CloudTrail, a service that records AWS API calls - and related events for your AWS account and delivers them to an - Amazon S3 bucket that you specify. By using the information - collected by CloudTrail, you can determine what requests were made - to KMS, who made the request, when it was made, and so on. To - learn more about CloudTrail, including how to turn it on and find - your log files, see the `AWS CloudTrail User Guide`_ - - **Additional Resources** - - For more information about credentials and request signing, see - the following: - - - + `AWS Security Credentials`_. This topic provides general - information about the types of credentials used for accessing AWS. - + `AWS Security Token Service`_. This guide describes how to - create and use temporary security credentials. - + `Signing AWS API Requests`_. This set of topics walks you - through the process of signing a request using an access key ID - and a secret access key. - """ - APIVersion = "2014-11-01" - DefaultRegionName = "us-east-1" - DefaultRegionEndpoint = "kms.us-east-1.amazonaws.com" - ServiceName = "KMS" - TargetPrefix = "TrentService" - ResponseError = JSONResponseError - - _faults = { - "InvalidGrantTokenException": exceptions.InvalidGrantTokenException, - "DisabledException": exceptions.DisabledException, - "LimitExceededException": exceptions.LimitExceededException, - "DependencyTimeoutException": exceptions.DependencyTimeoutException, - "InvalidMarkerException": exceptions.InvalidMarkerException, - "AlreadyExistsException": exceptions.AlreadyExistsException, - "InvalidCiphertextException": exceptions.InvalidCiphertextException, - "KeyUnavailableException": exceptions.KeyUnavailableException, - "InvalidAliasNameException": exceptions.InvalidAliasNameException, - "UnsupportedOperationException": exceptions.UnsupportedOperationException, - "InvalidArnException": exceptions.InvalidArnException, - "KMSInternalException": exceptions.KMSInternalException, - "InvalidKeyUsageException": exceptions.InvalidKeyUsageException, - "MalformedPolicyDocumentException": exceptions.MalformedPolicyDocumentException, - "NotFoundException": exceptions.NotFoundException, - } - - - def __init__(self, **kwargs): - region = kwargs.pop('region', None) - if not region: - region = RegionInfo(self, self.DefaultRegionName, - self.DefaultRegionEndpoint) - - if 'host' not in kwargs or kwargs['host'] is None: - kwargs['host'] = region.endpoint - - super(KMSConnection, self).__init__(**kwargs) - self.region = region - - def _required_auth_capability(self): - return ['hmac-v4'] - - def create_alias(self, alias_name, target_key_id): - """ - Creates a display name for a customer master key. An alias can - be used to identify a key and should be unique. The console - enforces a one-to-one mapping between the alias and a key. An - alias name can contain only alphanumeric characters, forward - slashes (/), underscores (_), and dashes (-). An alias must - start with the word "alias" followed by a forward slash - (alias/). An alias that begins with "aws" after the forward - slash (alias/aws...) is reserved by Amazon Web Services (AWS). - - :type alias_name: string - :param alias_name: String that contains the display name. Aliases that - begin with AWS are reserved. - - :type target_key_id: string - :param target_key_id: An identifier of the key for which you are - creating the alias. This value cannot be another alias. - - """ - params = { - 'AliasName': alias_name, - 'TargetKeyId': target_key_id, - } - return self.make_request(action='CreateAlias', - body=json.dumps(params)) - - def create_grant(self, key_id, grantee_principal, - retiring_principal=None, operations=None, - constraints=None, grant_tokens=None): - """ - Adds a grant to a key to specify who can access the key and - under what conditions. Grants are alternate permission - mechanisms to key policies. If absent, access to the key is - evaluated based on IAM policies attached to the user. By - default, grants do not expire. Grants can be listed, retired, - or revoked as indicated by the following APIs. Typically, when - you are finished using a grant, you retire it. When you want - to end a grant immediately, revoke it. For more information - about grants, see `Grants`_. - - #. ListGrants - #. RetireGrant - #. RevokeGrant - - :type key_id: string - :param key_id: A unique key identifier for a customer master key. This - value can be a globally unique identifier, an ARN, or an alias. - - :type grantee_principal: string - :param grantee_principal: Principal given permission by the grant to - use the key identified by the `keyId` parameter. - - :type retiring_principal: string - :param retiring_principal: Principal given permission to retire the - grant. For more information, see RetireGrant. - - :type operations: list - :param operations: List of operations permitted by the grant. This can - be any combination of one or more of the following values: - - #. Decrypt - #. Encrypt - #. GenerateDataKey - #. GenerateDataKeyWithoutPlaintext - #. ReEncryptFrom - #. ReEncryptTo - #. CreateGrant - - :type constraints: dict - :param constraints: Specifies the conditions under which the actions - specified by the `Operations` parameter are allowed. - - :type grant_tokens: list - :param grant_tokens: List of grant tokens. - - """ - params = { - 'KeyId': key_id, - 'GranteePrincipal': grantee_principal, - } - if retiring_principal is not None: - params['RetiringPrincipal'] = retiring_principal - if operations is not None: - params['Operations'] = operations - if constraints is not None: - params['Constraints'] = constraints - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - return self.make_request(action='CreateGrant', - body=json.dumps(params)) - - def create_key(self, policy=None, description=None, key_usage=None): - """ - Creates a customer master key. Customer master keys can be - used to encrypt small amounts of data (less than 4K) directly, - but they are most commonly used to encrypt or envelope data - keys that are then used to encrypt customer data. For more - information about data keys, see GenerateDataKey and - GenerateDataKeyWithoutPlaintext. - - :type policy: string - :param policy: Policy to be attached to the key. This is required and - delegates back to the account. The key is the root of trust. - - :type description: string - :param description: Description of the key. We recommend that you - choose a description that helps your customer decide whether the - key is appropriate for a task. - - :type key_usage: string - :param key_usage: Specifies the intended use of the key. Currently this - defaults to ENCRYPT/DECRYPT, and only symmetric encryption and - decryption are supported. - - """ - params = {} - if policy is not None: - params['Policy'] = policy - if description is not None: - params['Description'] = description - if key_usage is not None: - params['KeyUsage'] = key_usage - return self.make_request(action='CreateKey', - body=json.dumps(params)) - - def decrypt(self, ciphertext_blob, encryption_context=None, - grant_tokens=None): - """ - Decrypts ciphertext. Ciphertext is plaintext that has been - previously encrypted by using the Encrypt function. - - :type ciphertext_blob: blob - :param ciphertext_blob: Ciphertext including metadata. - - :type encryption_context: map - :param encryption_context: The encryption context. If this was - specified in the Encrypt function, it must be specified here or the - decryption operation will fail. For more information, see - `Encryption Context`_. - - :type grant_tokens: list - :param grant_tokens: A list of grant tokens that represent grants which - can be used to provide long term permissions to perform decryption. - - """ - if not isinstance(ciphertext_blob, six.binary_type): - raise TypeError( - "Value of argument ``ciphertext_blob`` " - "must be of type %s." % six.binary_type) - ciphertext_blob = base64.b64encode(ciphertext_blob) - params = {'CiphertextBlob': ciphertext_blob.decode('utf-8'), } - if encryption_context is not None: - params['EncryptionContext'] = encryption_context - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - response = self.make_request(action='Decrypt', - body=json.dumps(params)) - if response.get('Plaintext') is not None: - response['Plaintext'] = base64.b64decode( - response['Plaintext'].encode('utf-8')) - return response - - def delete_alias(self, alias_name): - """ - Deletes the specified alias. - - :type alias_name: string - :param alias_name: The alias to be deleted. - - """ - params = {'AliasName': alias_name, } - return self.make_request(action='DeleteAlias', - body=json.dumps(params)) - - def describe_key(self, key_id): - """ - Provides detailed information about the specified customer - master key. - - :type key_id: string - :param key_id: Unique identifier of the customer master key to be - described. This can be an ARN, an alias, or a globally unique - identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='DescribeKey', - body=json.dumps(params)) - - def disable_key(self, key_id): - """ - Marks a key as disabled, thereby preventing its use. - - :type key_id: string - :param key_id: Unique identifier of the customer master key to be - disabled. This can be an ARN, an alias, or a globally unique - identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='DisableKey', - body=json.dumps(params)) - - def disable_key_rotation(self, key_id): - """ - Disables rotation of the specified key. - - :type key_id: string - :param key_id: Unique identifier of the customer master key for which - rotation is to be disabled. This can be an ARN, an alias, or a - globally unique identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='DisableKeyRotation', - body=json.dumps(params)) - - def enable_key(self, key_id): - """ - Marks a key as enabled, thereby permitting its use. You can - have up to 25 enabled keys at one time. - - :type key_id: string - :param key_id: Unique identifier of the customer master key to be - enabled. This can be an ARN, an alias, or a globally unique - identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='EnableKey', - body=json.dumps(params)) - - def enable_key_rotation(self, key_id): - """ - Enables rotation of the specified customer master key. - - :type key_id: string - :param key_id: Unique identifier of the customer master key for which - rotation is to be enabled. This can be an ARN, an alias, or a - globally unique identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='EnableKeyRotation', - body=json.dumps(params)) - - def encrypt(self, key_id, plaintext, encryption_context=None, - grant_tokens=None): - """ - Encrypts plaintext into ciphertext by using a customer master - key. - - :type key_id: string - :param key_id: Unique identifier of the customer master. This can be an - ARN, an alias, or the Key ID. - - :type plaintext: blob - :param plaintext: Data to be encrypted. - - :type encryption_context: map - :param encryption_context: Name:value pair that specifies the - encryption context to be used for authenticated encryption. For - more information, see `Authenticated Encryption`_. - - :type grant_tokens: list - :param grant_tokens: A list of grant tokens that represent grants which - can be used to provide long term permissions to perform encryption. - - """ - if not isinstance(plaintext, six.binary_type): - raise TypeError( - "Value of argument ``plaintext`` " - "must be of type %s." % six.binary_type) - plaintext = base64.b64encode(plaintext) - params = {'KeyId': key_id, 'Plaintext': plaintext.decode('utf-8'), } - if encryption_context is not None: - params['EncryptionContext'] = encryption_context - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - response = self.make_request(action='Encrypt', - body=json.dumps(params)) - if response.get('CiphertextBlob') is not None: - response['CiphertextBlob'] = base64.b64decode( - response['CiphertextBlob'].encode('utf-8')) - return response - - def generate_data_key(self, key_id, encryption_context=None, - number_of_bytes=None, key_spec=None, - grant_tokens=None): - """ - Generates a secure data key. Data keys are used to encrypt and - decrypt data. They are wrapped by customer master keys. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type encryption_context: map - :param encryption_context: Name/value pair that contains additional - data to be authenticated during the encryption and decryption - processes that use the key. This value is logged by AWS CloudTrail - to provide context around the data encrypted by the key. - - :type number_of_bytes: integer - :param number_of_bytes: Integer that contains the number of bytes to - generate. Common values are 128, 256, 512, 1024 and so on. 1024 is - the current limit. - - :type key_spec: string - :param key_spec: Value that identifies the encryption algorithm and key - size to generate a data key for. Currently this can be AES_128 or - AES_256. - - :type grant_tokens: list - :param grant_tokens: A list of grant tokens that represent grants which - can be used to provide long term permissions to generate a key. - - """ - params = {'KeyId': key_id, } - if encryption_context is not None: - params['EncryptionContext'] = encryption_context - if number_of_bytes is not None: - params['NumberOfBytes'] = number_of_bytes - if key_spec is not None: - params['KeySpec'] = key_spec - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - response = self.make_request(action='GenerateDataKey', - body=json.dumps(params)) - if response.get('CiphertextBlob') is not None: - response['CiphertextBlob'] = base64.b64decode( - response['CiphertextBlob'].encode('utf-8')) - if response.get('Plaintext') is not None: - response['Plaintext'] = base64.b64decode( - response['Plaintext'].encode('utf-8')) - return response - - def generate_data_key_without_plaintext(self, key_id, - encryption_context=None, - key_spec=None, - number_of_bytes=None, - grant_tokens=None): - """ - Returns a key wrapped by a customer master key without the - plaintext copy of that key. To retrieve the plaintext, see - GenerateDataKey. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type encryption_context: map - :param encryption_context: Name:value pair that contains additional - data to be authenticated during the encryption and decryption - processes. - - :type key_spec: string - :param key_spec: Value that identifies the encryption algorithm and key - size. Currently this can be AES_128 or AES_256. - - :type number_of_bytes: integer - :param number_of_bytes: Integer that contains the number of bytes to - generate. Common values are 128, 256, 512, 1024 and so on. - - :type grant_tokens: list - :param grant_tokens: A list of grant tokens that represent grants which - can be used to provide long term permissions to generate a key. - - """ - params = {'KeyId': key_id, } - if encryption_context is not None: - params['EncryptionContext'] = encryption_context - if key_spec is not None: - params['KeySpec'] = key_spec - if number_of_bytes is not None: - params['NumberOfBytes'] = number_of_bytes - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - response = self.make_request(action='GenerateDataKeyWithoutPlaintext', - body=json.dumps(params)) - if response.get('CiphertextBlob') is not None: - response['CiphertextBlob'] = base64.b64decode( - response['CiphertextBlob'].encode('utf-8')) - return response - - def generate_random(self, number_of_bytes=None): - """ - Generates an unpredictable byte string. - - :type number_of_bytes: integer - :param number_of_bytes: Integer that contains the number of bytes to - generate. Common values are 128, 256, 512, 1024 and so on. The - current limit is 1024 bytes. - - """ - params = {} - if number_of_bytes is not None: - params['NumberOfBytes'] = number_of_bytes - response = self.make_request(action='GenerateRandom', - body=json.dumps(params)) - if response.get('Plaintext') is not None: - response['Plaintext'] = base64.b64decode( - response['Plaintext'].encode('utf-8')) - return response - - def get_key_policy(self, key_id, policy_name): - """ - Retrieves a policy attached to the specified key. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type policy_name: string - :param policy_name: String that contains the name of the policy. - Currently, this must be "default". Policy names can be discovered - by calling ListKeyPolicies. - - """ - params = {'KeyId': key_id, 'PolicyName': policy_name, } - return self.make_request(action='GetKeyPolicy', - body=json.dumps(params)) - - def get_key_rotation_status(self, key_id): - """ - Retrieves a Boolean value that indicates whether key rotation - is enabled for the specified key. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - """ - params = {'KeyId': key_id, } - return self.make_request(action='GetKeyRotationStatus', - body=json.dumps(params)) - - def list_aliases(self, limit=None, marker=None): - """ - Lists all of the key aliases in the account. - - :type limit: integer - :param limit: Specify this parameter when paginating results to - indicate the maximum number of aliases you want in each response. - If there are additional aliases beyond the maximum you specify, the - `Truncated` response element will be set to `true.` - - :type marker: string - :param marker: Use this parameter when paginating results, and only in - a subsequent request after you've received a response where the - results are truncated. Set it to the value of the `NextMarker` - element in the response you just received. - - """ - params = {} - if limit is not None: - params['Limit'] = limit - if marker is not None: - params['Marker'] = marker - return self.make_request(action='ListAliases', - body=json.dumps(params)) - - def list_grants(self, key_id, limit=None, marker=None): - """ - List the grants for a specified key. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type limit: integer - :param limit: Specify this parameter only when paginating results to - indicate the maximum number of grants you want listed in the - response. If there are additional grants beyond the maximum you - specify, the `Truncated` response element will be set to `true.` - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response where - the results are truncated. Set it to the value of the `NextMarker` - in the response you just received. - - """ - params = {'KeyId': key_id, } - if limit is not None: - params['Limit'] = limit - if marker is not None: - params['Marker'] = marker - return self.make_request(action='ListGrants', - body=json.dumps(params)) - - def list_key_policies(self, key_id, limit=None, marker=None): - """ - Retrieves a list of policies attached to a key. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type limit: integer - :param limit: Specify this parameter only when paginating results to - indicate the maximum number of policies you want listed in the - response. If there are additional policies beyond the maximum you - specify, the `Truncated` response element will be set to `true.` - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response where - the results are truncated. Set it to the value of the `NextMarker` - in the response you just received. - - """ - params = {'KeyId': key_id, } - if limit is not None: - params['Limit'] = limit - if marker is not None: - params['Marker'] = marker - return self.make_request(action='ListKeyPolicies', - body=json.dumps(params)) - - def list_keys(self, limit=None, marker=None): - """ - Lists the customer master keys. - - :type limit: integer - :param limit: Specify this parameter only when paginating results to - indicate the maximum number of keys you want listed in the - response. If there are additional keys beyond the maximum you - specify, the `Truncated` response element will be set to `true.` - - :type marker: string - :param marker: Use this parameter only when paginating results, and - only in a subsequent request after you've received a response where - the results are truncated. Set it to the value of the `NextMarker` - in the response you just received. - - """ - params = {} - if limit is not None: - params['Limit'] = limit - if marker is not None: - params['Marker'] = marker - return self.make_request(action='ListKeys', - body=json.dumps(params)) - - def put_key_policy(self, key_id, policy_name, policy): - """ - Attaches a policy to the specified key. - - :type key_id: string - :param key_id: Unique identifier of the key. This can be an ARN, an - alias, or a globally unique identifier. - - :type policy_name: string - :param policy_name: Name of the policy to be attached. Currently, the - only supported name is "default". - - :type policy: string - :param policy: The policy, in JSON format, to be attached to the key. - - """ - params = { - 'KeyId': key_id, - 'PolicyName': policy_name, - 'Policy': policy, - } - return self.make_request(action='PutKeyPolicy', - body=json.dumps(params)) - - def re_encrypt(self, ciphertext_blob, destination_key_id, - source_encryption_context=None, - destination_encryption_context=None, grant_tokens=None): - """ - Encrypts data on the server side with a new customer master - key without exposing the plaintext of the data on the client - side. The data is first decrypted and then encrypted. This - operation can also be used to change the encryption context of - a ciphertext. - - :type ciphertext_blob: blob - :param ciphertext_blob: Ciphertext of the data to re-encrypt. - - :type source_encryption_context: map - :param source_encryption_context: Encryption context used to encrypt - and decrypt the data specified in the `CiphertextBlob` parameter. - - :type destination_key_id: string - :param destination_key_id: Key identifier of the key used to re-encrypt - the data. - - :type destination_encryption_context: map - :param destination_encryption_context: Encryption context to be used - when the data is re-encrypted. - - :type grant_tokens: list - :param grant_tokens: Grant tokens that identify the grants that have - permissions for the encryption and decryption process. - - """ - if not isinstance(ciphertext_blob, six.binary_type): - raise TypeError( - "Value of argument ``ciphertext_blob`` " - "must be of type %s." % six.binary_type) - ciphertext_blob = base64.b64encode(ciphertext_blob) - params = { - 'CiphertextBlob': ciphertext_blob, - 'DestinationKeyId': destination_key_id, - } - if source_encryption_context is not None: - params['SourceEncryptionContext'] = source_encryption_context - if destination_encryption_context is not None: - params['DestinationEncryptionContext'] = destination_encryption_context - if grant_tokens is not None: - params['GrantTokens'] = grant_tokens - response = self.make_request(action='ReEncrypt', - body=json.dumps(params)) - if response.get('CiphertextBlob') is not None: - response['CiphertextBlob'] = base64.b64decode( - response['CiphertextBlob'].encode('utf-8')) - return response - - def retire_grant(self, grant_token): - """ - Retires a grant. You can retire a grant when you're done using - it to clean up. You should revoke a grant when you intend to - actively deny operations that depend on it. - - :type grant_token: string - :param grant_token: Token that identifies the grant to be retired. - - """ - params = {'GrantToken': grant_token, } - return self.make_request(action='RetireGrant', - body=json.dumps(params)) - - def revoke_grant(self, key_id, grant_id): - """ - Revokes a grant. You can revoke a grant to actively deny - operations that depend on it. - - :type key_id: string - :param key_id: Unique identifier of the key associated with the grant. - - :type grant_id: string - :param grant_id: Identifier of the grant to be revoked. - - """ - params = {'KeyId': key_id, 'GrantId': grant_id, } - return self.make_request(action='RevokeGrant', - body=json.dumps(params)) - - def update_key_description(self, key_id, description): - """ - - - :type key_id: string - :param key_id: - - :type description: string - :param description: - - """ - params = {'KeyId': key_id, 'Description': description, } - return self.make_request(action='UpdateKeyDescription', - body=json.dumps(params)) - - def make_request(self, action, body): - headers = { - 'X-Amz-Target': '%s.%s' % (self.TargetPrefix, action), - 'Host': self.region.endpoint, - 'Content-Type': 'application/x-amz-json-1.1', - 'Content-Length': str(len(body)), - } - http_request = self.build_base_http_request( - method='POST', path='/', auth_path='/', params={}, - headers=headers, data=body) - response = self._mexe(http_request, sender=None, - override_num_retries=10) - response_body = response.read().decode('utf-8') - boto.log.debug(response_body) - if response.status == 200: - if response_body: - return json.loads(response_body) - else: - json_body = json.loads(response_body) - fault_name = json_body.get('__type', None) - exception_class = self._faults.get(fault_name, self.ResponseError) - raise exception_class(response.status, response.reason, - body=json_body) -