Skip to content

Commit

Permalink
Kms tests (#499)
Browse files Browse the repository at this point in the history
* Add KMS test.

* Add tests for kms samples.
  • Loading branch information
jerjou authored and dpebot committed Feb 3, 2017
1 parent f8a5663 commit 4ea0be3
Show file tree
Hide file tree
Showing 7 changed files with 408 additions and 109 deletions.
11 changes: 11 additions & 0 deletions kms/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,17 @@
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-cloudkms</artifactId>
<version>v1beta1-rev51-1.18.0-rc</version>
<exclusions>
<exclusion> <!-- exclude an old version of Guava -->
<groupId>com.google.guava</groupId>
<artifactId>guava-jdk5</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>20.0</version>
</dependency>
<dependency>
<groupId>com.google.api-client</groupId>
Expand Down
18 changes: 17 additions & 1 deletion kms/src/main/java/com/example/CryptFile.java
Original file line number Diff line number Diff line change
Expand Up @@ -60,15 +60,31 @@ public static CloudKMS createAuthorizedClient() throws IOException {
}

/**
* Encrypts the given bytes, using the specified crypto key.
* Encrypts the given bytes, using the primary version of the specified crypto key.
*
* The primary version can be updated via the <a
* href="https://g.co/cloud/kms/docs/reference/rest/v1beta1/projects.locations.keyRings.cryptoKeys/updatePrimaryVersion">updatePrimaryVersion</a>
* method.
*/
public static byte[] encrypt(String projectId, String ringId, String keyId, byte[] plaintext)
throws IOException {
return encrypt(projectId, ringId, keyId, null, plaintext);
}

/**
* Encrypts the given bytes, using the specified crypto key version.
*/
public static byte[] encrypt(
String projectId, String ringId, String keyId, String version, byte[] plaintext)
throws IOException {
String location = "global";
// The resource name of the cryptoKey
String cryptoKeyName = String.format(
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
projectId, location, ringId, keyId);
if (null != version) {
cryptoKeyName += "/cryptoKeyVersions/" + version;
}
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();

Expand Down
85 changes: 0 additions & 85 deletions kms/src/main/java/com/example/Quickstart.java

This file was deleted.

14 changes: 14 additions & 0 deletions kms/src/main/java/com/example/SnippetCommands.java
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,18 @@ public void run() throws IOException {
}
}

public static class CreateCryptoKeyVersionCommand extends KeyArgs implements Command {
public void run() throws IOException {
Snippets.createCryptoKeyVersion(projectId, ringId, keyId);
}
}

public static class ListKeyRingsCommand extends ProjectIdArgs implements Command {
public void run() throws IOException {
Snippets.listKeyRings(projectId);
}
}

public static class ListCryptoKeysCommand extends KeyRingArgs implements Command {
public void run() throws IOException {
Snippets.listCryptoKeys(projectId, ringId);
Expand Down Expand Up @@ -173,6 +185,8 @@ public void run() throws IOException {
@SubCommands({
@SubCommand(name = "createKeyRing", impl = CreateKeyRingCommand.class),
@SubCommand(name = "createCryptoKey", impl = CreateCryptoKeyCommand.class),
@SubCommand(name = "createCryptoKeyVersion", impl = CreateCryptoKeyVersionCommand.class),
@SubCommand(name = "listKeyRings", impl = ListKeyRingsCommand.class),
@SubCommand(name = "listCryptoKeys", impl = ListCryptoKeysCommand.class),
@SubCommand(name = "listCryptoKeyVersions", impl = ListCryptoKeyVersionsCommand.class),
@SubCommand(name = "disableCryptoKeyVersion", impl = DisableCryptoKeyVersionCommand.class),
Expand Down
88 changes: 75 additions & 13 deletions kms/src/main/java/com/example/Snippets.java
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import com.google.api.services.cloudkms.v1beta1.model.KeyRing;
import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeyVersionsResponse;
import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeysResponse;
import com.google.api.services.cloudkms.v1beta1.model.ListKeyRingsResponse;
import com.google.api.services.cloudkms.v1beta1.model.Policy;
import com.google.api.services.cloudkms.v1beta1.model.SetIamPolicyRequest;

Expand Down Expand Up @@ -114,6 +115,30 @@ public static CryptoKey createCryptoKey(String projectId, String ringId, String
return createdKey;
}

/**
* Creates a new crypto key version for the given id.
*/
public static void createCryptoKeyVersion(
String projectId, String ringId, String keyId) throws IOException {
String location = "global";
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();

// The resource name of the cryptoKey
String cryptoKeys = String.format(
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
projectId, location, ringId, keyId);

CryptoKeyVersion version = new CryptoKeyVersion();

CryptoKeyVersion newVersion = kms.projects().locations().keyRings().cryptoKeys()
.cryptoKeyVersions()
.create(cryptoKeys, version)
.execute();

System.out.println(newVersion);
}

/**
* Disables the given version of the crypto key.
*/
Expand Down Expand Up @@ -263,11 +288,12 @@ public static Policy addMemberToCryptoKeyPolicy(
iamPolicy.setBindings(bindings);

// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
Policy newIamPolicy = kms.projects().locations().keyRings()
.cryptoKeys()
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
.execute();

System.out.println(newIamPolicy);
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}

Expand Down Expand Up @@ -320,11 +346,12 @@ public static Policy addMemberToKeyRingPolicy(
iamPolicy.setBindings(bindings);

// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings()
Policy newIamPolicy = kms.projects().locations()
.keyRings()
.setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy))
.execute();

System.out.println(newIamPolicy);
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}

Expand All @@ -346,21 +373,26 @@ public static Policy removeMemberFromCryptoKeyPolicy(
// Get the current IAM policy and add the new account to it.
Policy iamPolicy = getCryptoKeyPolicy(projectId, ringId, keyId);

List<Binding> bindings = iamPolicy.getBindings();
if (null == iamPolicy.getBindings()) {
// Nothing to remove
return null;
}

// Filter out the given member
for (Binding b : bindings) {
for (Binding b : iamPolicy.getBindings()) {
if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
b.getMembers().remove(member);
b.getMembers().removeAll(Collections.singletonList(member));
break;
}
}

// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
Policy newIamPolicy = kms.projects().locations().keyRings()
.cryptoKeys()
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
.execute();

System.out.println(newIamPolicy);
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}

Expand All @@ -382,24 +414,54 @@ public static Policy removeMemberFromKeyRingPolicy(
// Get the current IAM policy and add the new account to it.
Policy iamPolicy = getKeyRingPolicy(projectId, ringId);

List<Binding> bindings = iamPolicy.getBindings();
// Filter out the given member
for (Binding b : bindings) {
for (Binding b : iamPolicy.getBindings()) {
if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
b.getMembers().remove(member);
break;
}
}

// Set the new IAM Policy.
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
Policy newIamPolicy = kms.projects().locations()
.keyRings()
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
.execute();

System.out.println(newIamPolicy);
System.out.println("Response: " + newIamPolicy);
return newIamPolicy;
}

/**
* Prints all the keyrings in the given project.
*/
public static void listKeyRings(String projectId) throws IOException {
String location = "global";
// Create the Cloud KMS client.
CloudKMS kms = createAuthorizedClient();

// The resource name of the cryptoKey
String keyRingPath = String.format(
"projects/%s/locations/%s",
projectId, location);

// Make the RPC call
ListKeyRingsResponse response = kms.projects().locations()
.keyRings()
.list(keyRingPath)
.execute();

// Print the returned key rings
if (null != response.getKeyRings()) {
System.out.println("Key Rings: ");
for (KeyRing keyRing : response.getKeyRings()) {
System.out.println(keyRing.getName());
}
} else {
System.out.println("No keyrings defined.");
}
}

/**
* Prints all the keys in the given key ring.
*/
Expand Down
Loading

0 comments on commit 4ea0be3

Please sign in to comment.