Python KMS Apiary P1 samples #779
Conversation
…n-docs-samples into python-kms-samples
kms/api/functions.py
Outdated
|
|
||
|
|
||
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): |
There was a problem hiding this comment.
docstrings throughout, please.
e.g.:
"""Creates a keyring in the given location."""I might be useful to list the locations that are available.
kms/api/functions.py
Outdated
| import argparse | ||
| import base64 | ||
|
|
||
| # Imports the Google APIs client library |
There was a problem hiding this comment.
This comment isn't necessary.
kms/api/functions.py
Outdated
| # Creates an API client for the KMS API. | ||
| kms_client = discovery.build('cloudkms', 'v1beta1') | ||
|
|
||
| # The resource name of the location associated with the KeyRing. |
There was a problem hiding this comment.
nit: Does KeyRing need to be cased as such?
There was a problem hiding this comment.
The cloud.google.com documentation refers to them as "CryptoKey" "KeyRing" etc. (https://cloud-dot-devsite.googleplex.com/kms/docs/creating-keys) and so does the Python API library documentation (https://developers.google.com/resources/api-libraries/documentation/cloudkms/v1beta1/python/latest/cloudkms_v1beta1.projects.locations.keyRings.cryptoKeys.html#getIamPolicy).
The canonical sample also uses this casing in comments.
kms/api/functions.py
Outdated
|
|
||
| # Create KeyRing | ||
| request = kms_client.projects().locations().keyRings().create( | ||
| parent=parent, body={}, keyRingId=keyring) |
There was a problem hiding this comment.
We need body for the request, where one can include optional specification fields (https://developers.google.com/resources/api-libraries/documentation/cloudkms/v1beta1/python/latest/cloudkms_v1beta1.projects.locations.keyRings.cryptoKeys.html#create). The canonical sample doesn't include any of the optional fields.
kms/api/functions.py
Outdated
| parent=parent, body={}, keyRingId=keyring) | ||
| response = request.execute() | ||
|
|
||
| print 'Created KeyRing {}.'.format(response["name"]) |
There was a problem hiding this comment.
You need to use print-as-a-function for this to work on Python 3.
(In general, you should be developing with Python 3.6, let me know if you need help setting that up)
kms/api/functions.py
Outdated
| response = request.execute() | ||
|
|
||
| # Write the encrypted text to a file. | ||
| o = open(outfile, 'w') |
There was a problem hiding this comment.
use a context manager here as well.
Also, is the ciphertext base64 encoded? If not, you should open the file as binary rb.
kms/api/functions.py
Outdated
|
|
||
|
|
||
| # [START kms_decrypt] | ||
| def decrypt(project_id, location, keyring, cryptokey, infile, outfile): |
There was a problem hiding this comment.
Apply my same comments from encrypt to this function.
kms/api/functions.py
Outdated
| project_id, location, keyring, cryptokey) | ||
|
|
||
| # Get the current IAM policy and add the new member to it. | ||
| policy_request = kms_client.projects().locations().keyRings().cryptoKeys().getIamPolicy(resource=parent) |
There was a problem hiding this comment.
Holy cow. How is this done in other languages?
There was a problem hiding this comment.
talked with Brent and it looks like the API handles duplicates and everything, so I changed this so now I just append the new role / member pair to the end of the bindings.
kms/api/functions_test.py
Outdated
|
|
||
|
|
||
| # Your Google Cloud Platform project ID | ||
| PROJECT_ID = 'YOUR_PROJECT_ID' |
There was a problem hiding this comment.
This is available from the cloud_config fixture.
kms/api/functions_test.py
Outdated
| # Your Google Cloud Platform CryptoKey name | ||
| CRYPTOKEY = 'sample-key-4' | ||
|
|
||
| # An infile for text to be encrypted |
There was a problem hiding this comment.
Use pytest's tmpfile fixture for files, please.
kms/api-client/functions.py
Outdated
|
|
||
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): | ||
| """Creates a KeyRing in the given location. Potential locations include: |
There was a problem hiding this comment.
Summary should be one sentence.
kms/api-client/functions.py
Outdated
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): | ||
| """Creates a KeyRing in the given location. Potential locations include: | ||
| global, asia-east1, europe-west1, us-central1, and us-east1.""" |
There was a problem hiding this comment.
Since these can change, better to just link to the documentation.
There was a problem hiding this comment.
can't seem to find any documentation that lists out all locations. gonna just say "(e.g. global)."
kms/api-client/functions.py
Outdated
|
|
||
| # Create a CryptoKey for the given KeyRing. | ||
| request = kms_client.projects().locations().keyRings().cryptoKeys().create( | ||
| parent=parent, body={"purpose": 'ENCRYPT_DECRYPT'}, |
There was a problem hiding this comment.
single quotes everywhere (except for docstrings), please.
kms/api-client/functions.py
Outdated
| # Read text from the input file. | ||
| with io.open(plaintext_file_name, 'rb') as plaintext_file: | ||
| plaintext = plaintext_file.read() | ||
| encoded_text = base64.b64encode(plaintext) |
There was a problem hiding this comment.
You can de-dent everything after the call to read(). You no longer need the file open after getting its contents.
kms/api-client/functions.py
Outdated
| kms_client = discovery.build('cloudkms', 'v1beta1') | ||
|
|
||
| # Construct the resource name of the CryptoKeyVersion. | ||
| name = 'projects/{}/locations/{}/'.format(project_id, location) |
There was a problem hiding this comment.
do this to break the string up over multiple lines:
name = (
'projects/..........'
'/....'
'.....')Python will automatically concatenate them.
kms/api-client/functions.py
Outdated
| @@ -0,0 +1,292 @@ | |||
| #!/usr/bin/env python | |||
There was a problem hiding this comment.
name this file snippets.py.
kms/api-client/functions_test.py
Outdated
| import functions | ||
|
|
||
|
|
||
| # Your Google Cloud Platform Key Location |
There was a problem hiding this comment.
The audience for these comments is us, the maintainers. So maybe it makes sense to either remove or revise them?
There was a problem hiding this comment.
Revised them. Kept a few comments for my own reference in the future.
kms/api-client/functions_test.py
Outdated
| functions.create_cryptokey( | ||
| cloud_config.project, LOCATION, KEYRING, CRYPTOKEY) | ||
| out, _ = capsys.readouterr() | ||
| expected = 'Created CryptoKey projects/{}/'.format(cloud_config.project) |
There was a problem hiding this comment.
see my previous comment about breaking up long strings.
kms/api-client/functions_test.py
Outdated
| encrypted_file_name, decrypted_file_name) | ||
|
|
||
| # Make sure the decrypted text matches the original text. | ||
| decrypted_text = open(decrypted_file_name).read() |
There was a problem hiding this comment.
if you hadn't already cast to a str, you could do decrypted_file.read().
There was a problem hiding this comment.
changed (now setting up variables like 'plaintext_file', and then calling encrypt / decrypt with str(plaintext_file) )
kms/api-client/functions_test.py
Outdated
| assert 'Saved decrypted text to {}.'.format(decrypted_file_name) in out | ||
|
|
||
|
|
||
| def test_encrypt_decrypt_cli(capsys, cloud_config, tmpdir): |
There was a problem hiding this comment.
This test isn't necessary - we don't typically test the argparse section.
| resource=parent, body={'policy': policy_response}) | ||
| request.execute() | ||
|
|
||
| print_msg = ( |
There was a problem hiding this comment.
Don't do this, you can put this all within the print statement.
|
The README should be updated to include |
Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399
…ython-docs-samples into python-kms-samples
Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1
Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1
Done. |
|
@ryanmats You still need to add the remaining commands for the rest of the samples in snippets. Currently there's just |
|
@ryanmats can you run the nox readmegen session for this sample? After that, feel free to merge. |
…n-docs-samples into python-kms-samples
|
@dpebot will you merge when travis passes? |
|
Okay! I'll merge when all statuses are green and all reviewers approve. |
…-samples#779) * Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
…-samples#779) * Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
) * feat: Add BigQuery Metastore Partition Service API version v1alpha PiperOrigin-RevId: 662212485 Source-Link: googleapis/googleapis@456a812 Source-Link: https://github.com/googleapis/googleapis-gen/commit/2ec266e6da03208a76b0fd6001ba7df93dae44e6 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMmVjMjY2ZTZkYTAzMjA4YTc2YjBmZDYwMDFiYTdkZjkzZGFlNDRlNiJ9 chore: Update gapic-generator-python to v1.18.5 PiperOrigin-RevId: 661268868 Source-Link: googleapis/googleapis@f7d214c Source-Link: https://github.com/googleapis/googleapis-gen/commit/79a8411bbdb25a983fa3aae8c0e14327df129f94 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNzlhODQxMWJiZGIyNWE5ODNmYTNhYWU4YzBlMTQzMjdkZjEyOWY5NCJ9 chore: Update gapic-generator-python to v1.18.4 PiperOrigin-RevId: 657207628 Source-Link: googleapis/googleapis@33fe71e Source-Link: https://github.com/googleapis/googleapis-gen/commit/e02739d122ed15bd5ef5771c57f12a83d47a1dda Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZTAyNzM5ZDEyMmVkMTViZDVlZjU3NzFjNTdmMTJhODNkNDdhMWRkYSJ9 chore: Update gapic-generator-python to v1.18.3 PiperOrigin-RevId: 656040068 Source-Link: googleapis/googleapis@3f4e29a Source-Link: https://github.com/googleapis/googleapis-gen/commit/b8feb2109dde7b0938c22c993d002251ac6714dc Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYjhmZWIyMTA5ZGRlN2IwOTM4YzIyYzk5M2QwMDIyNTFhYzY3MTRkYyJ9 chore: Update gapic-generator-python to v1.18.3 PiperOrigin-RevId: 655567917 Source-Link: googleapis/googleapis@43aa65e Source-Link: https://github.com/googleapis/googleapis-gen/commit/0e38378753074c0f66ff63348d6864929e104d5c Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMGUzODM3ODc1MzA3NGMwZjY2ZmY2MzM0OGQ2ODY0OTI5ZTEwNGQ1YyJ9 feat(spanner): Add support for Cloud Spanner Scheduled Backups PiperOrigin-RevId: 649277844 Source-Link: googleapis/googleapis@fd7efa2 Source-Link: https://github.com/googleapis/googleapis-gen/commit/50be251329d8db5b555626ebd4886721f547d3cc Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNTBiZTI1MTMyOWQ4ZGI1YjU1NTYyNmViZDQ4ODY3MjFmNTQ3ZDNjYyJ9 chore: Update gapic-generator-python to v1.18.2 PiperOrigin-RevId: 649219344 Source-Link: googleapis/googleapis@7fe35b0 Source-Link: https://github.com/googleapis/googleapis-gen/commit/7a6ae6441d1cb0610cf8e9832b9383a4fd52423f Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiN2E2YWU2NDQxZDFjYjA2MTBjZjhlOTgzMmI5MzgzYTRmZDUyNDIzZiJ9 chore: Update gapic-generator-python to v1.18.0 PiperOrigin-RevId: 638650618 Source-Link: googleapis/googleapis@6330f03 Source-Link: https://github.com/googleapis/googleapis-gen/commit/44fa4f1979dc45c1778fd7caf13f8e61c6d1cae8 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDRmYTRmMTk3OWRjNDVjMTc3OGZkN2NhZjEzZjhlNjFjNmQxY2FlOCJ9 chore: Update gapic-generator-python to v1.17.1 PiperOrigin-RevId: 629071173 Source-Link: googleapis/googleapis@4afa392 Source-Link: https://github.com/googleapis/googleapis-gen/commit/16dbbb4d0457db5e61ac9f99b0d52a46154455ac Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiMTZkYmJiNGQwNDU3ZGI1ZTYxYWM5Zjk5YjBkNTJhNDYxNTQ0NTVhYyJ9 * update replacements in owlbot.py * remove v1alpha * update owlbot config * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * fix failing unit test by mocking the correct class's method --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Anthonios Partheniou <partheniou@google.com> Co-authored-by: Lingqing Gan <lingqing.gan@gmail.com>
Drafts of KMS Apiary Python P1 Samples
Had a few linting issues with really long lines - not sure how to fix those. Other than those, I addressed all the linting issues.