KMS (kms)
Primary Models
Primary models are models that you can act on directly. They are the models that represent resources in the AWS service, and are acted on by the managers.
- pydantic model botocraft.services.kms.KMSKey[source]
Bases:
PrimaryBoto3ModelContains metadata about a KMS key.
This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.
Show JSON schema
{ "title": "KMSKey", "description": "Contains metadata about a KMS key.\n\nThis data type is used as a response element for the CreateKey, DescribeKey, and\nReplicateKey operations.", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Enabled": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": true, "title": "Enabled" }, "KeyUsage": { "anyOf": [ { "enum": [ "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT" ], "type": "string" }, { "type": "null" } ], "default": "ENCRYPT_DECRYPT", "title": "Keyusage" }, "KeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2", "ML_DSA_44", "ML_DSA_65", "ML_DSA_87", "ECC_NIST_EDWARDS25519" ], "type": "string" }, { "type": "null" } ], "default": "SYMMETRIC_DEFAULT", "title": "Keyspec" }, "AWSAccountId": { "default": null, "title": "Awsaccountid", "type": "string" }, "KeyId": { "title": "Keyid", "type": "string" }, "Arn": { "default": null, "title": "Arn", "type": "string" }, "CreationDate": { "default": null, "format": "date-time", "title": "Creationdate", "type": "string" }, "Description": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Description" }, "KeyState": { "default": null, "enum": [ "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating" ], "title": "Keystate", "type": "string" }, "DeletionDate": { "default": null, "format": "date-time", "title": "Deletiondate", "type": "string" }, "ValidTo": { "default": null, "format": "date-time", "title": "Validto", "type": "string" }, "Origin": { "anyOf": [ { "enum": [ "AWS_KMS", "EXTERNAL", "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Origin" }, "CustomKeyStoreId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Customkeystoreid" }, "CloudHsmClusterId": { "default": null, "title": "Cloudhsmclusterid", "type": "string" }, "ExpirationModel": { "default": null, "enum": [ "KEY_MATERIAL_EXPIRES", "KEY_MATERIAL_DOES_NOT_EXPIRE" ], "title": "Expirationmodel", "type": "string" }, "KeyManager": { "default": null, "enum": [ "AWS", "CUSTOMER" ], "title": "Keymanager", "type": "string" }, "CustomerMasterKeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Customermasterkeyspec" }, "EncryptionAlgorithms": { "items": { "enum": [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ], "type": "string" }, "title": "Encryptionalgorithms", "type": "array" }, "SigningAlgorithms": { "items": { "enum": [ "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA", "ML_DSA_SHAKE_256", "ED25519_SHA_512", "ED25519_PH_SHA_512" ], "type": "string" }, "title": "Signingalgorithms", "type": "array" }, "KeyAgreementAlgorithms": { "items": { "const": "ECDH", "type": "string" }, "title": "Keyagreementalgorithms", "type": "array" }, "MultiRegion": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": null, "title": "Multiregion" }, "MultiRegionConfiguration": { "$ref": "#/$defs/KMSMultiRegionConfiguration", "default": null }, "PendingDeletionWindowInDays": { "default": null, "title": "Pendingdeletionwindowindays", "type": "integer" }, "MacAlgorithms": { "items": { "enum": [ "HMAC_SHA_224", "HMAC_SHA_256", "HMAC_SHA_384", "HMAC_SHA_512" ], "type": "string" }, "title": "Macalgorithms", "type": "array" }, "XksKeyConfiguration": { "$ref": "#/$defs/XksKeyConfigurationType", "default": null }, "CurrentKeyMaterialId": { "default": null, "title": "Currentkeymaterialid", "type": "string" } }, "$defs": { "KMSMultiRegionConfiguration": { "description": "Describes the configuration of this multi-Region key. This field appears only when\nthe KMS key is a primary or replica of a multi-Region key.\n\nFor more information about any listed KMS key, use the DescribeKey operation.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "MultiRegionKeyType": { "anyOf": [ { "enum": [ "PRIMARY", "REPLICA" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Multiregionkeytype" }, "PrimaryKey": { "anyOf": [ { "$ref": "#/$defs/MultiRegionKey" }, { "type": "null" } ], "default": null }, "ReplicaKeys": { "anyOf": [ { "items": { "$ref": "#/$defs/MultiRegionKey" }, "type": "array" }, { "type": "null" } ], "title": "Replicakeys" } }, "title": "KMSMultiRegionConfiguration", "type": "object" }, "MultiRegionKey": { "description": "Describes the primary or replica key in a multi-Region key.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Arn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Arn" }, "Region": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Region" } }, "title": "MultiRegionKey", "type": "object" }, "XksKeyConfigurationType": { "description": "Information about the `external key <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-\nexternal.html#concept-external-key>`_ that is associated with a KMS key in an external key store.\n\nThis element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.\n\nThe *external key* is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web\nServices. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is\nperformed in the external key manager using the specified external key. For more information, see `External\nkey <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key>`_ in the *Key\nManagement Service Developer Guide*.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Id": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Id" } }, "title": "XksKeyConfigurationType", "type": "object" } }, "required": [ "KeyId" ] }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
ExpirationModel (Literal['KEY_MATERIAL_EXPIRES', 'KEY_MATERIAL_DOES_NOT_EXPIRE'])KeyUsage (Literal['SIGN_VERIFY', 'ENCRYPT_DECRYPT', 'GENERATE_VERIFY_MAC', 'KEY_AGREEMENT'] | None)MacAlgorithms (list[typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']])MultiRegionConfiguration (botocraft.services.kms.KMSMultiRegionConfiguration)Origin (Literal['AWS_KMS', 'EXTERNAL', 'AWS_CLOUDHSM', 'EXTERNAL_KEY_STORE'] | None)XksKeyConfiguration (botocraft.services.kms.XksKeyConfigurationType)
- field AWSAccountId: str = None
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
- field Arn: str = None
The Amazon Resource Name (ARN) of the KMS key.
For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.
- field CloudHsmClusterId: str = None
The cluster ID of the CloudHSM cluster that contains the key material for the KMS key.
When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
- field CurrentKeyMaterialId: str = None
Identifies the current key material.
This value is present for symmetric encryption keys with
AWS_KMSorEXTERNALorigin. These KMS keys support automatic or on-demand key rotation and can have multiple key materials associated with them. KMS uses the current key material for both encryption and decryption, and the non-current key material for decryption operations only.
- field CustomKeyStoreId: str | None = None
A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
- field CustomerMasterKeySpec: Literal['RSA_2048', 'RSA_3072', 'RSA_4096', 'ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'SYMMETRIC_DEFAULT', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'SM2'] | None = None
Instead, use the
KeySpecfield.
- field DeletionDate: datetime = None
The date and time after which KMS deletes this KMS key.
This value is present only when the KMS key is scheduled for deletion, that is, when its
KeyStateisPendingDeletion.
- field Enabled: bool | None = True
Specifies whether the KMS key is enabled.
When
KeyStateisEnabledthis value is true, otherwise it is false.
- field EncryptionAlgorithms: builtins.list[Literal['SYMMETRIC_DEFAULT', 'RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE']] [Optional]
The encryption algorithms that the KMS key supports.
You cannot use the KMS key with other encryption algorithms within KMS.
- field ExpirationModel: Literal['KEY_MATERIAL_EXPIRES', 'KEY_MATERIAL_DOES_NOT_EXPIRE'] = None
Specifies whether the KMS key’s key material expires.
This value is present only when
OriginisEXTERNAL, otherwise this value is omitted.
- field KeyAgreementAlgorithms: builtins.list[Literal['ECDH']] [Optional]
The key agreement algorithm used to derive a shared secret.
- field KeyManager: Literal['AWS', 'CUSTOMER'] = None
The manager of the KMS key.
KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
- field KeySpec: Literal['RSA_2048', 'RSA_3072', 'RSA_4096', 'ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'SYMMETRIC_DEFAULT', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'SM2', 'ML_DSA_44', 'ML_DSA_65', 'ML_DSA_87', 'ECC_NIST_EDWARDS25519'] | None = 'SYMMETRIC_DEFAULT'
Describes the type of key material in the KMS key.
- field KeyState: Literal['Creating', 'Enabled', 'Disabled', 'PendingDeletion', 'PendingImport', 'PendingReplicaDeletion', 'Unavailable', 'Updating'] = None
The current status of the KMS key.
- field KeyUsage: Literal['SIGN_VERIFY', 'ENCRYPT_DECRYPT', 'GENERATE_VERIFY_MAC', 'KEY_AGREEMENT'] | None = 'ENCRYPT_DECRYPT'
The cryptographic operations for which you can use the KMS key.
- field MacAlgorithms: builtins.list[Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']] [Optional]
The message authentication code (MAC) algorithm that the HMAC KMS key supports.
- field MultiRegion: bool | None = None
Indicates whether the KMS key is a multi-Region (
True) or regional (False) key.This value is
Truefor multi-Region primary and replica keys andFalsefor regional KMS keys.
- field MultiRegionConfiguration: KMSMultiRegionConfiguration = None
Lists the primary and replica keys in same multi-Region key.
This field is present only when the value of the
MultiRegionfield isTrue.
- field Origin: Literal['AWS_KMS', 'EXTERNAL', 'AWS_CLOUDHSM', 'EXTERNAL_KEY_STORE'] | None = None
The source of the key material for the KMS key.
When this value is
AWS_KMS, KMS created the key material. When this value isEXTERNAL, the key material was imported or the KMS key doesn’t have any key material. When this value isAWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.
- field PendingDeletionWindowInDays: int = None
The waiting period before the primary key in a multi-Region key is deleted.
This waiting period begins when the last of its replica keys is deleted. This value is present only when the
KeyStateof the KMS key isPendingReplicaDeletion. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.
- field SigningAlgorithms: builtins.list[Literal['RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'SM2DSA', 'ML_DSA_SHAKE_256', 'ED25519_SHA_512', 'ED25519_PH_SHA_512']] [Optional]
The signing algorithms that the KMS key supports.
You cannot use the KMS key with other signing algorithms within KMS.
- field ValidTo: datetime = None
The earliest time at which any imported key material permanently associated with this KMS key expires.
When a key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose
OriginisEXTERNALand theExpirationModelisKEY_MATERIAL_EXPIRES, otherwise this value is omitted.
- field XksKeyConfiguration: XksKeyConfigurationType = None
Information about the external key that is associated with a KMS key in an external key store.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- manager_class
alias of
KMSKeyManager
- delete()
Delete the model.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- save(**kwargs)
Save the model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- property arn: str | None
Return the ARN of the model. This is the value of the
Arnattribute.- Returns:
The ARN of the model instance.
- property name: str | None
Get the name of the model instance.
- Returns:
The name of the model instance.
- Raises:
ValueError – If the model has no name identity field.
- objects: ClassVar[classproperty]
Get the manager for this model, and set it as a class property
Managers
Managers work with the primary models to provide a high-level interface to the AWS service. They are responsible for creating, updating, and deleting the resources in the service, as well as any additional operations that are available for those models.
- class botocraft.services.kms.KMSKeyManager[source]
Bases:
Boto3ModelManager- cancel_deletion(KeyId: str) str[source]
Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is
Disabled. To enable the KMS key, use EnableKey.- Parameters:
KeyId – Identifies the KMS key whose deletion is being canceled.
- create(model: KMSKey, Policy: str | None = None, BypassPolicyLockoutSafetyCheck: bool | None = None, Tags: list[botocraft.services.common.Tag] | None = None, XksKeyId: str | None = None) KMSKey[source]
Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources.
- Parameters:
model – The
KeyMetadatato create.- Keyword Arguments:
Policy – The key policy to attach to the KMS key.
BypassPolicyLockoutSafetyCheck – Skips (“bypasses”) the key policy lockout safety check. The default value is false.
Tags – Assigns one or more tags to the KMS key. Use this parameter to tag the KMS key when it is created. To tag an existing KMS key, use the TagResource operation.
XksKeyId – Identifies the external key that serves as key material for the KMS key in an external key store. Specify the ID that the external key store proxy uses to refer to the external key. For help, see the documentation for your external key store proxy.
- create_alias(AliasName: str, TargetKeyId: str) None[source]
Creates a friendly name for a KMS key.
- Parameters:
AliasName – Specifies the alias name. This value must begin with
alias/followed by a name, such asalias/ExampleAlias.TargetKeyId – Associates the alias with the specified customer managed key. The KMS key must be in the same Amazon Web Services Region.
- delete(KeyId: str, *, PendingWindowInDays: int = 7) ScheduleKeyDeletionResponse[source]
Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to
PendingDeletionand the key can’t be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.- Parameters:
KeyId – The unique identifier of the KMS key to delete.
- Keyword Arguments:
PendingWindowInDays – The waiting period, specified in number of days. After the waiting period ends, KMS deletes the KMS key.
- disable(KeyId: str) None[source]
Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS key for cryptographic operations.
- Parameters:
KeyId – Identifies the KMS key to disable.
- enable(KeyId: str) None[source]
Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
- Parameters:
KeyId – Identifies the KMS key to enable.
- get(KeyId: str, *, GrantTokens: list[str] | None = None) KMSKey | None[source]
Provides detailed information about a KMS key. You can run
DescribeKeyon a customer managed key or an Amazon Web Services managed key.- Parameters:
KeyId – Describes the specified KMS key.
- Keyword Arguments:
GrantTokens – A list of grant tokens.
- list(*, Limit: int | None = None) PrimaryBoto3ModelQuerySet[source]
Gets a list of all KMS keys in the caller’s Amazon Web Services account and Region.
- Keyword Arguments:
Limit – Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.
- update_alias(AliasName: str, TargetKeyId: str) None[source]
Associates an existing KMS alias with a different KMS key. Each alias is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the KMS key must be in the same Amazon Web Services account and Region.
- Parameters:
AliasName – Identifies the alias that is changing its KMS key. This value must begin with
alias/followed by the alias name, such asalias/ExampleAlias. You cannot useUpdateAliasto change the alias name.TargetKeyId –
Identifies the customer managed key to associate with the alias. You don’t have permission to associate an alias with an Amazon Web Services managed key.
Secondary Models
Secondary models are models that are used by the primary models to organize their data. They are not acted on directly, but are used to describe the structure of the fields in the primary models or other secondary models.
- pydantic model botocraft.services.kms.KMSMultiRegionConfiguration[source]
Bases:
Boto3ModelDescribes the configuration of this multi-Region key. This field appears only when the KMS key is a primary or replica of a multi-Region key.
For more information about any listed KMS key, use the DescribeKey operation.
Show JSON schema
{ "title": "KMSMultiRegionConfiguration", "description": "Describes the configuration of this multi-Region key. This field appears only when\nthe KMS key is a primary or replica of a multi-Region key.\n\nFor more information about any listed KMS key, use the DescribeKey operation.", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "MultiRegionKeyType": { "anyOf": [ { "enum": [ "PRIMARY", "REPLICA" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Multiregionkeytype" }, "PrimaryKey": { "anyOf": [ { "$ref": "#/$defs/MultiRegionKey" }, { "type": "null" } ], "default": null }, "ReplicaKeys": { "anyOf": [ { "items": { "$ref": "#/$defs/MultiRegionKey" }, "type": "array" }, { "type": "null" } ], "title": "Replicakeys" } }, "$defs": { "MultiRegionKey": { "description": "Describes the primary or replica key in a multi-Region key.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Arn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Arn" }, "Region": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Region" } }, "title": "MultiRegionKey", "type": "object" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field MultiRegionKeyType: Literal['PRIMARY', 'REPLICA'] | None = None
Indicates whether the KMS key is a
PRIMARYorREPLICAkey.
- field PrimaryKey: MultiRegionKey | None = None
Displays the key ARN and Region of the primary key.
This field includes the current KMS key if it is the primary key.
- field ReplicaKeys: builtins.list[MultiRegionKey] | None [Optional]
Displays the key ARNs and Regions of all replica keys.
This field includes the current KMS key if it is a replica key.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.MultiRegionKey[source]
Bases:
Boto3ModelDescribes the primary or replica key in a multi-Region key.
Show JSON schema
{ "title": "MultiRegionKey", "description": "Describes the primary or replica key in a multi-Region key.", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Arn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Arn" }, "Region": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Region" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field Arn: str | None = None
Displays the key ARN of a primary or replica key of a multi-Region key.
- field Region: str | None = None
Displays the Amazon Web Services Region of a primary or replica key in a multi- Region key.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.XksKeyConfigurationType[source]
Bases:
Boto3ModelInformation about the external key that is associated with a KMS key in an external key store.
This element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.
The external key is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web Services. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is performed in the external key manager using the specified external key. For more information, see External key in the Key Management Service Developer Guide.
Show JSON schema
{ "title": "XksKeyConfigurationType", "description": "Information about the `external key <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-\nexternal.html#concept-external-key>`_ that is associated with a KMS key in an external key store.\n\nThis element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.\n\nThe *external key* is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web\nServices. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is\nperformed in the external key manager using the specified external key. For more information, see `External\nkey <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key>`_ in the *Key\nManagement Service Developer Guide*.", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Id": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Id" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field Id: str | None = None
The ID of the external key in its external key manager.
This is the ID that the external key store proxy uses to identify the external key.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
Request/Response Models
Request/response models are models that are used to describe the structure of the data that is sent to and received from the AWS service. They are used by the managers to send requests to the service and to parse the responses that are received.
You will not often use them directly – typically they are used by the managers internally to send requests and parse responses – but they are included here for completeness, and because occasionally we return them directly to you because they have some useful additional information.
- pydantic model botocraft.services.kms.CancelKeyDeletionResponse[source]
Bases:
Boto3ModelShow JSON schema
{ "title": "CancelKeyDeletionResponse", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyid" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field KeyId: str | None = None
The Amazon Resource Name (key ARN) of the KMS key whose deletion is canceled.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.CreateKeyResponse[source]
Bases:
Boto3ModelShow JSON schema
{ "title": "CreateKeyResponse", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyMetadata": { "anyOf": [ { "$ref": "#/$defs/KMSKey" }, { "type": "null" } ], "default": null } }, "$defs": { "KMSKey": { "description": "Contains metadata about a KMS key.\n\nThis data type is used as a response element for the CreateKey, DescribeKey, and\nReplicateKey operations.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Enabled": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": true, "title": "Enabled" }, "KeyUsage": { "anyOf": [ { "enum": [ "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT" ], "type": "string" }, { "type": "null" } ], "default": "ENCRYPT_DECRYPT", "title": "Keyusage" }, "KeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2", "ML_DSA_44", "ML_DSA_65", "ML_DSA_87", "ECC_NIST_EDWARDS25519" ], "type": "string" }, { "type": "null" } ], "default": "SYMMETRIC_DEFAULT", "title": "Keyspec" }, "AWSAccountId": { "default": null, "title": "Awsaccountid", "type": "string" }, "KeyId": { "title": "Keyid", "type": "string" }, "Arn": { "default": null, "title": "Arn", "type": "string" }, "CreationDate": { "default": null, "format": "date-time", "title": "Creationdate", "type": "string" }, "Description": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Description" }, "KeyState": { "default": null, "enum": [ "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating" ], "title": "Keystate", "type": "string" }, "DeletionDate": { "default": null, "format": "date-time", "title": "Deletiondate", "type": "string" }, "ValidTo": { "default": null, "format": "date-time", "title": "Validto", "type": "string" }, "Origin": { "anyOf": [ { "enum": [ "AWS_KMS", "EXTERNAL", "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Origin" }, "CustomKeyStoreId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Customkeystoreid" }, "CloudHsmClusterId": { "default": null, "title": "Cloudhsmclusterid", "type": "string" }, "ExpirationModel": { "default": null, "enum": [ "KEY_MATERIAL_EXPIRES", "KEY_MATERIAL_DOES_NOT_EXPIRE" ], "title": "Expirationmodel", "type": "string" }, "KeyManager": { "default": null, "enum": [ "AWS", "CUSTOMER" ], "title": "Keymanager", "type": "string" }, "CustomerMasterKeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Customermasterkeyspec" }, "EncryptionAlgorithms": { "items": { "enum": [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ], "type": "string" }, "title": "Encryptionalgorithms", "type": "array" }, "SigningAlgorithms": { "items": { "enum": [ "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA", "ML_DSA_SHAKE_256", "ED25519_SHA_512", "ED25519_PH_SHA_512" ], "type": "string" }, "title": "Signingalgorithms", "type": "array" }, "KeyAgreementAlgorithms": { "items": { "const": "ECDH", "type": "string" }, "title": "Keyagreementalgorithms", "type": "array" }, "MultiRegion": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": null, "title": "Multiregion" }, "MultiRegionConfiguration": { "$ref": "#/$defs/KMSMultiRegionConfiguration", "default": null }, "PendingDeletionWindowInDays": { "default": null, "title": "Pendingdeletionwindowindays", "type": "integer" }, "MacAlgorithms": { "items": { "enum": [ "HMAC_SHA_224", "HMAC_SHA_256", "HMAC_SHA_384", "HMAC_SHA_512" ], "type": "string" }, "title": "Macalgorithms", "type": "array" }, "XksKeyConfiguration": { "$ref": "#/$defs/XksKeyConfigurationType", "default": null }, "CurrentKeyMaterialId": { "default": null, "title": "Currentkeymaterialid", "type": "string" } }, "required": [ "KeyId" ], "title": "KMSKey", "type": "object" }, "KMSMultiRegionConfiguration": { "description": "Describes the configuration of this multi-Region key. This field appears only when\nthe KMS key is a primary or replica of a multi-Region key.\n\nFor more information about any listed KMS key, use the DescribeKey operation.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "MultiRegionKeyType": { "anyOf": [ { "enum": [ "PRIMARY", "REPLICA" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Multiregionkeytype" }, "PrimaryKey": { "anyOf": [ { "$ref": "#/$defs/MultiRegionKey" }, { "type": "null" } ], "default": null }, "ReplicaKeys": { "anyOf": [ { "items": { "$ref": "#/$defs/MultiRegionKey" }, "type": "array" }, { "type": "null" } ], "title": "Replicakeys" } }, "title": "KMSMultiRegionConfiguration", "type": "object" }, "MultiRegionKey": { "description": "Describes the primary or replica key in a multi-Region key.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Arn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Arn" }, "Region": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Region" } }, "title": "MultiRegionKey", "type": "object" }, "XksKeyConfigurationType": { "description": "Information about the `external key <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-\nexternal.html#concept-external-key>`_ that is associated with a KMS key in an external key store.\n\nThis element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.\n\nThe *external key* is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web\nServices. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is\nperformed in the external key manager using the specified external key. For more information, see `External\nkey <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key>`_ in the *Key\nManagement Service Developer Guide*.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Id": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Id" } }, "title": "XksKeyConfigurationType", "type": "object" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.DescribeKeyResponse[source]
Bases:
Boto3ModelShow JSON schema
{ "title": "DescribeKeyResponse", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyMetadata": { "anyOf": [ { "$ref": "#/$defs/KMSKey" }, { "type": "null" } ], "default": null } }, "$defs": { "KMSKey": { "description": "Contains metadata about a KMS key.\n\nThis data type is used as a response element for the CreateKey, DescribeKey, and\nReplicateKey operations.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Enabled": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": true, "title": "Enabled" }, "KeyUsage": { "anyOf": [ { "enum": [ "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT" ], "type": "string" }, { "type": "null" } ], "default": "ENCRYPT_DECRYPT", "title": "Keyusage" }, "KeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2", "ML_DSA_44", "ML_DSA_65", "ML_DSA_87", "ECC_NIST_EDWARDS25519" ], "type": "string" }, { "type": "null" } ], "default": "SYMMETRIC_DEFAULT", "title": "Keyspec" }, "AWSAccountId": { "default": null, "title": "Awsaccountid", "type": "string" }, "KeyId": { "title": "Keyid", "type": "string" }, "Arn": { "default": null, "title": "Arn", "type": "string" }, "CreationDate": { "default": null, "format": "date-time", "title": "Creationdate", "type": "string" }, "Description": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Description" }, "KeyState": { "default": null, "enum": [ "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating" ], "title": "Keystate", "type": "string" }, "DeletionDate": { "default": null, "format": "date-time", "title": "Deletiondate", "type": "string" }, "ValidTo": { "default": null, "format": "date-time", "title": "Validto", "type": "string" }, "Origin": { "anyOf": [ { "enum": [ "AWS_KMS", "EXTERNAL", "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Origin" }, "CustomKeyStoreId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Customkeystoreid" }, "CloudHsmClusterId": { "default": null, "title": "Cloudhsmclusterid", "type": "string" }, "ExpirationModel": { "default": null, "enum": [ "KEY_MATERIAL_EXPIRES", "KEY_MATERIAL_DOES_NOT_EXPIRE" ], "title": "Expirationmodel", "type": "string" }, "KeyManager": { "default": null, "enum": [ "AWS", "CUSTOMER" ], "title": "Keymanager", "type": "string" }, "CustomerMasterKeySpec": { "anyOf": [ { "enum": [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Customermasterkeyspec" }, "EncryptionAlgorithms": { "items": { "enum": [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ], "type": "string" }, "title": "Encryptionalgorithms", "type": "array" }, "SigningAlgorithms": { "items": { "enum": [ "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA", "ML_DSA_SHAKE_256", "ED25519_SHA_512", "ED25519_PH_SHA_512" ], "type": "string" }, "title": "Signingalgorithms", "type": "array" }, "KeyAgreementAlgorithms": { "items": { "const": "ECDH", "type": "string" }, "title": "Keyagreementalgorithms", "type": "array" }, "MultiRegion": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": null, "title": "Multiregion" }, "MultiRegionConfiguration": { "$ref": "#/$defs/KMSMultiRegionConfiguration", "default": null }, "PendingDeletionWindowInDays": { "default": null, "title": "Pendingdeletionwindowindays", "type": "integer" }, "MacAlgorithms": { "items": { "enum": [ "HMAC_SHA_224", "HMAC_SHA_256", "HMAC_SHA_384", "HMAC_SHA_512" ], "type": "string" }, "title": "Macalgorithms", "type": "array" }, "XksKeyConfiguration": { "$ref": "#/$defs/XksKeyConfigurationType", "default": null }, "CurrentKeyMaterialId": { "default": null, "title": "Currentkeymaterialid", "type": "string" } }, "required": [ "KeyId" ], "title": "KMSKey", "type": "object" }, "KMSMultiRegionConfiguration": { "description": "Describes the configuration of this multi-Region key. This field appears only when\nthe KMS key is a primary or replica of a multi-Region key.\n\nFor more information about any listed KMS key, use the DescribeKey operation.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "MultiRegionKeyType": { "anyOf": [ { "enum": [ "PRIMARY", "REPLICA" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Multiregionkeytype" }, "PrimaryKey": { "anyOf": [ { "$ref": "#/$defs/MultiRegionKey" }, { "type": "null" } ], "default": null }, "ReplicaKeys": { "anyOf": [ { "items": { "$ref": "#/$defs/MultiRegionKey" }, "type": "array" }, { "type": "null" } ], "title": "Replicakeys" } }, "title": "KMSMultiRegionConfiguration", "type": "object" }, "MultiRegionKey": { "description": "Describes the primary or replica key in a multi-Region key.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Arn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Arn" }, "Region": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Region" } }, "title": "MultiRegionKey", "type": "object" }, "XksKeyConfigurationType": { "description": "Information about the `external key <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-\nexternal.html#concept-external-key>`_ that is associated with a KMS key in an external key store.\n\nThis element appears in a CreateKey or DescribeKey response only for a KMS key in an external key store.\n\nThe *external key* is a symmetric encryption key that is hosted by an external key manager outside of Amazon Web\nServices. When you use the KMS key in an external key store in a cryptographic operation, the cryptographic operation is\nperformed in the external key manager using the specified external key. For more information, see `External\nkey <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key>`_ in the *Key\nManagement Service Developer Guide*.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Id": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Id" } }, "title": "XksKeyConfigurationType", "type": "object" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.KeyListEntry[source]
Bases:
Boto3ModelContains information about each entry in the key list.
Show JSON schema
{ "title": "KeyListEntry", "description": "Contains information about each entry in the key list.", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyid" }, "KeyArn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyarn" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.ListKeysResponse[source]
Bases:
Boto3ModelShow JSON schema
{ "title": "ListKeysResponse", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "Keys": { "anyOf": [ { "items": { "$ref": "#/$defs/KeyListEntry" }, "type": "array" }, { "type": "null" } ], "title": "Keys" }, "NextMarker": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Nextmarker" }, "Truncated": { "anyOf": [ { "type": "boolean" }, { "type": "null" } ], "default": null, "title": "Truncated" } }, "$defs": { "KeyListEntry": { "description": "Contains information about each entry in the key list.", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyid" }, "KeyArn": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyarn" } }, "title": "KeyListEntry", "type": "object" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field Keys: builtins.list[KeyListEntry] | None [Optional]
A list of KMS keys.
- field NextMarker: str | None = None
When
Truncatedis true, this element is present and contains the value to use for theMarkerparameter in a subsequent request.
- field Truncated: bool | None = None
A flag that indicates whether there are more items in the list.
When this value is true, the list in this response is truncated. To get more items, pass the value of the
NextMarkerelement in this response to theMarkerparameter in a subsequent request.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.
- pydantic model botocraft.services.kms.ScheduleKeyDeletionResponse[source]
Bases:
Boto3ModelShow JSON schema
{ "title": "ScheduleKeyDeletionResponse", "type": "object", "properties": { "session": { "anyOf": [ {}, { "type": "null" } ], "default": null, "title": "Session" }, "KeyId": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Keyid" }, "DeletionDate": { "anyOf": [ { "format": "date-time", "type": "string" }, { "type": "null" } ], "default": null, "title": "Deletiondate" }, "KeyState": { "anyOf": [ { "enum": [ "Creating", "Enabled", "Disabled", "PendingDeletion", "PendingImport", "PendingReplicaDeletion", "Unavailable", "Updating" ], "type": "string" }, { "type": "null" } ], "default": null, "title": "Keystate" }, "PendingWindowInDays": { "anyOf": [ { "type": "integer" }, { "type": "null" } ], "default": null, "title": "Pendingwindowindays" } } }
- Config:
validate_assignment: bool = True
arbitrary_types_allowed: bool = True
- Fields:
- field KeyId: str | None = None
The Amazon Resource Name (key ARN) of the KMS key whose deletion is scheduled.
- field KeyState: Literal['Creating', 'Enabled', 'Disabled', 'PendingDeletion', 'PendingImport', 'PendingReplicaDeletion', 'Unavailable', 'Updating'] | None = None
The current status of the KMS key.
- field session: Any | None = None
The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use
Anyhere because we pydantic complains vociferously if we useboto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.
- classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) Self
Creates a new instance of the Model class with validated data.
Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.
- !!! note
model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.
- Parameters:
_fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.
values – Trusted or pre-validated data dictionary.
- Returns:
A new instance of the Model class with validated data.
- classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) Self
Validate the given object with string data against the Pydantic model.
- Parameters:
obj – The object containing string data to validate.
strict – Whether to enforce types strictly.
context – Extra variables to pass to the validator.
by_alias – Whether to use the field’s alias when validating against the provided input data.
by_name – Whether to use the field’s name when validating against the provided input data.
- Returns:
The validated Pydantic model.
- set_session(session: Session) None
Set the boto3 session for this model.
- Parameters:
session – The boto3 session to use.
- Returns:
The model instance.
- transform(attribute: str, transformer: str | None) Any
Transform an attribute using a regular expression into something else before it is returned.
Important
This only makes sense for attributes that are strings.
transformeris a regular expression that will be used to transform the value of the attribute.If the attribute is
None, it will be returned verbatim.If
transformerisNone, the attribute will be returned verbatim.If
transformerhas no named groups, the attribute will be replaced with the value of the first group.If
transformerhas named groups, the attribute will be replaced with a dictionary of the named groups.
- Raises:
ValueError – If the attribute does not exist on the model.
RuntimeError – If the transformer fails to match the attribute value.
- Parameters:
attribute – The attribute to transform.
transformer – The regular expression to use to transform the attribute.
- Returns:
The transformed attribute.