Skip to content

Commit 4ea0be3

Browse files
jerjoudpebot
jerjou
authored and
dpebot
committed
* Add KMS test. * Add tests for kms samples.
1 parent f8a5663 commit 4ea0be3

File tree

7 files changed

+408
-109
lines changed

7 files changed

+408
-109
lines changed

kms/pom.xml

+11
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,17 @@
1717
<groupId>com.google.apis</groupId>
1818
<artifactId>google-api-services-cloudkms</artifactId>
1919
<version>v1beta1-rev51-1.18.0-rc</version>
20+
<exclusions>
21+
<exclusion> <!-- exclude an old version of Guava -->
22+
<groupId>com.google.guava</groupId>
23+
<artifactId>guava-jdk5</artifactId>
24+
</exclusion>
25+
</exclusions>
26+
</dependency>
27+
<dependency>
28+
<groupId>com.google.guava</groupId>
29+
<artifactId>guava</artifactId>
30+
<version>20.0</version>
2031
</dependency>
2132
<dependency>
2233
<groupId>com.google.api-client</groupId>

kms/src/main/java/com/example/CryptFile.java

+17-1
Original file line numberDiff line numberDiff line change
@@ -60,15 +60,31 @@ public static CloudKMS createAuthorizedClient() throws IOException {
6060
}
6161

6262
/**
63-
* Encrypts the given bytes, using the specified crypto key.
63+
* Encrypts the given bytes, using the primary version of the specified crypto key.
64+
*
65+
* The primary version can be updated via the <a
66+
* href="https://g.co/cloud/kms/docs/reference/rest/v1beta1/projects.locations.keyRings.cryptoKeys/updatePrimaryVersion">updatePrimaryVersion</a>
67+
* method.
6468
*/
6569
public static byte[] encrypt(String projectId, String ringId, String keyId, byte[] plaintext)
6670
throws IOException {
71+
return encrypt(projectId, ringId, keyId, null, plaintext);
72+
}
73+
74+
/**
75+
* Encrypts the given bytes, using the specified crypto key version.
76+
*/
77+
public static byte[] encrypt(
78+
String projectId, String ringId, String keyId, String version, byte[] plaintext)
79+
throws IOException {
6780
String location = "global";
6881
// The resource name of the cryptoKey
6982
String cryptoKeyName = String.format(
7083
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
7184
projectId, location, ringId, keyId);
85+
if (null != version) {
86+
cryptoKeyName += "/cryptoKeyVersions/" + version;
87+
}
7288
// Create the Cloud KMS client.
7389
CloudKMS kms = createAuthorizedClient();
7490

kms/src/main/java/com/example/Quickstart.java

-85
This file was deleted.

kms/src/main/java/com/example/SnippetCommands.java

+14
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,18 @@ public void run() throws IOException {
6868
}
6969
}
7070

71+
public static class CreateCryptoKeyVersionCommand extends KeyArgs implements Command {
72+
public void run() throws IOException {
73+
Snippets.createCryptoKeyVersion(projectId, ringId, keyId);
74+
}
75+
}
76+
77+
public static class ListKeyRingsCommand extends ProjectIdArgs implements Command {
78+
public void run() throws IOException {
79+
Snippets.listKeyRings(projectId);
80+
}
81+
}
82+
7183
public static class ListCryptoKeysCommand extends KeyRingArgs implements Command {
7284
public void run() throws IOException {
7385
Snippets.listCryptoKeys(projectId, ringId);
@@ -173,6 +185,8 @@ public void run() throws IOException {
173185
@SubCommands({
174186
@SubCommand(name = "createKeyRing", impl = CreateKeyRingCommand.class),
175187
@SubCommand(name = "createCryptoKey", impl = CreateCryptoKeyCommand.class),
188+
@SubCommand(name = "createCryptoKeyVersion", impl = CreateCryptoKeyVersionCommand.class),
189+
@SubCommand(name = "listKeyRings", impl = ListKeyRingsCommand.class),
176190
@SubCommand(name = "listCryptoKeys", impl = ListCryptoKeysCommand.class),
177191
@SubCommand(name = "listCryptoKeyVersions", impl = ListCryptoKeyVersionsCommand.class),
178192
@SubCommand(name = "disableCryptoKeyVersion", impl = DisableCryptoKeyVersionCommand.class),

kms/src/main/java/com/example/Snippets.java

+75-13
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import com.google.api.services.cloudkms.v1beta1.model.KeyRing;
2929
import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeyVersionsResponse;
3030
import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeysResponse;
31+
import com.google.api.services.cloudkms.v1beta1.model.ListKeyRingsResponse;
3132
import com.google.api.services.cloudkms.v1beta1.model.Policy;
3233
import com.google.api.services.cloudkms.v1beta1.model.SetIamPolicyRequest;
3334

@@ -114,6 +115,30 @@ public static CryptoKey createCryptoKey(String projectId, String ringId, String
114115
return createdKey;
115116
}
116117

118+
/**
119+
* Creates a new crypto key version for the given id.
120+
*/
121+
public static void createCryptoKeyVersion(
122+
String projectId, String ringId, String keyId) throws IOException {
123+
String location = "global";
124+
// Create the Cloud KMS client.
125+
CloudKMS kms = createAuthorizedClient();
126+
127+
// The resource name of the cryptoKey
128+
String cryptoKeys = String.format(
129+
"projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
130+
projectId, location, ringId, keyId);
131+
132+
CryptoKeyVersion version = new CryptoKeyVersion();
133+
134+
CryptoKeyVersion newVersion = kms.projects().locations().keyRings().cryptoKeys()
135+
.cryptoKeyVersions()
136+
.create(cryptoKeys, version)
137+
.execute();
138+
139+
System.out.println(newVersion);
140+
}
141+
117142
/**
118143
* Disables the given version of the crypto key.
119144
*/
@@ -263,11 +288,12 @@ public static Policy addMemberToCryptoKeyPolicy(
263288
iamPolicy.setBindings(bindings);
264289

265290
// Set the new IAM Policy.
266-
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
291+
Policy newIamPolicy = kms.projects().locations().keyRings()
292+
.cryptoKeys()
267293
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
268294
.execute();
269295

270-
System.out.println(newIamPolicy);
296+
System.out.println("Response: " + newIamPolicy);
271297
return newIamPolicy;
272298
}
273299

@@ -320,11 +346,12 @@ public static Policy addMemberToKeyRingPolicy(
320346
iamPolicy.setBindings(bindings);
321347

322348
// Set the new IAM Policy.
323-
Policy newIamPolicy = kms.projects().locations().keyRings()
349+
Policy newIamPolicy = kms.projects().locations()
350+
.keyRings()
324351
.setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy))
325352
.execute();
326353

327-
System.out.println(newIamPolicy);
354+
System.out.println("Response: " + newIamPolicy);
328355
return newIamPolicy;
329356
}
330357

@@ -346,21 +373,26 @@ public static Policy removeMemberFromCryptoKeyPolicy(
346373
// Get the current IAM policy and add the new account to it.
347374
Policy iamPolicy = getCryptoKeyPolicy(projectId, ringId, keyId);
348375

349-
List<Binding> bindings = iamPolicy.getBindings();
376+
if (null == iamPolicy.getBindings()) {
377+
// Nothing to remove
378+
return null;
379+
}
380+
350381
// Filter out the given member
351-
for (Binding b : bindings) {
382+
for (Binding b : iamPolicy.getBindings()) {
352383
if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
353-
b.getMembers().remove(member);
384+
b.getMembers().removeAll(Collections.singletonList(member));
354385
break;
355386
}
356387
}
357388

358389
// Set the new IAM Policy.
359-
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
390+
Policy newIamPolicy = kms.projects().locations().keyRings()
391+
.cryptoKeys()
360392
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
361393
.execute();
362394

363-
System.out.println(newIamPolicy);
395+
System.out.println("Response: " + newIamPolicy);
364396
return newIamPolicy;
365397
}
366398

@@ -382,24 +414,54 @@ public static Policy removeMemberFromKeyRingPolicy(
382414
// Get the current IAM policy and add the new account to it.
383415
Policy iamPolicy = getKeyRingPolicy(projectId, ringId);
384416

385-
List<Binding> bindings = iamPolicy.getBindings();
386417
// Filter out the given member
387-
for (Binding b : bindings) {
418+
for (Binding b : iamPolicy.getBindings()) {
388419
if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
389420
b.getMembers().remove(member);
390421
break;
391422
}
392423
}
393424

394425
// Set the new IAM Policy.
395-
Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
426+
Policy newIamPolicy = kms.projects().locations()
427+
.keyRings()
396428
.setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
397429
.execute();
398430

399-
System.out.println(newIamPolicy);
431+
System.out.println("Response: " + newIamPolicy);
400432
return newIamPolicy;
401433
}
402434

435+
/**
436+
* Prints all the keyrings in the given project.
437+
*/
438+
public static void listKeyRings(String projectId) throws IOException {
439+
String location = "global";
440+
// Create the Cloud KMS client.
441+
CloudKMS kms = createAuthorizedClient();
442+
443+
// The resource name of the cryptoKey
444+
String keyRingPath = String.format(
445+
"projects/%s/locations/%s",
446+
projectId, location);
447+
448+
// Make the RPC call
449+
ListKeyRingsResponse response = kms.projects().locations()
450+
.keyRings()
451+
.list(keyRingPath)
452+
.execute();
453+
454+
// Print the returned key rings
455+
if (null != response.getKeyRings()) {
456+
System.out.println("Key Rings: ");
457+
for (KeyRing keyRing : response.getKeyRings()) {
458+
System.out.println(keyRing.getName());
459+
}
460+
} else {
461+
System.out.println("No keyrings defined.");
462+
}
463+
}
464+
403465
/**
404466
* Prints all the keys in the given key ring.
405467
*/

0 commit comments

Comments
 (0)