我正在尝试确定是否存在版本超过一年的密钥,并将密钥的轮换期从现在开始设置为24小时。不幸的是,每个列表密钥环调用都被视为一个密钥。read的配额非常小(〜300 / min),除了增加配额之外,还有其他方法可以解决这些配额吗?我试图在云函数中定期运行此代码,因此存在运行时限制,使我不能仅等待配额重置。
def list_keys(project):
client = kms_v1.KeyManagementServiceClient()
#this location list is based on a running of `gcloud kms locations list` and represents a where a key could be created
location_list = ['asia','asia-east1','asia-east2','asia-northeast1','asia-northeast2',
'asia-south1','asia-southeast1','australia-southeast1','eur4','europe',
'europe-north1','europe-west1','europe-west2','europe-west3','europe-west4',
'europe-west6','global','nam4','northamerica-northeast1','southamerica-east1',
'us','us-central1','us-east1','us-east4','us-west1','us-west2']
for location in location_list:
key_ring_parent = client.location_path(project,location)
key_ring_list = client.list_key_rings(key_ring_parent)
for key_ring in key_ring_list:
parent = client.key_ring_path(project,location,format_keyring_name(key_ring.name))
for key in client.list_crypto_keys(parent):
start_time = key.primary.create_time # need to use primary to get latest version of the key
now = time.time()
now_seconds = int(now)
elapsed = now_seconds - start_time.seconds
next_rotate_age =(key.next_rotation_time.seconds - now_seconds) + elapsed
days_elapsed = elapsed/3600/24
print(key.name," is this many days old: ", days_elapsed)
print(key.name," will be this many days old when it is scheduled to rotate: ", next_rotate_age/3600/24)
#if the key is a year old set it to rotate tomorrow
if days_elapsed > 364:
#client.
update_mask = kms_v1.types.UpdateCryptoKeyRequest.update_mask
#print(update_mask)
new_rotation_time = now_seconds + (3600*24) # 1 day from now because can't set less than 24 hrs notice on certain keys
key.next_rotation_time.seconds = new_rotation_time
update_mask = {'paths':{'next_rotation_time': new_rotation_time}}
print(client.update_crypto_key(key, update_mask))
调查您的请求后,除了增加配额外,似乎无法解决配额问题。
我建议您查看以下有关以下文档:
这些文件应为您提供所需的配额信息。