From 8a026d6c27466ee15f395457cadbf7c819d6bceb Mon Sep 17 00:00:00 2001 From: Jerjou Cheng Date: Thu, 2 Feb 2017 15:13:41 -0800 Subject: [PATCH] Add tests for kms samples. --- kms/pom.xml | 11 + kms/src/main/java/com/example/CryptFile.java | 18 +- kms/src/main/java/com/example/Quickstart.java | 85 ------ .../java/com/example/SnippetCommands.java | 14 + kms/src/main/java/com/example/Snippets.java | 88 +++++- .../test/java/com/example/QuickstartIT.java | 57 ---- kms/src/test/java/com/example/SnippetsIT.java | 278 ++++++++++++++++++ pom.xml | 23 +- 8 files changed, 408 insertions(+), 166 deletions(-) delete mode 100644 kms/src/main/java/com/example/Quickstart.java delete mode 100644 kms/src/test/java/com/example/QuickstartIT.java create mode 100644 kms/src/test/java/com/example/SnippetsIT.java diff --git a/kms/pom.xml b/kms/pom.xml index 059eb14d0a8..5d9c2453854 100644 --- a/kms/pom.xml +++ b/kms/pom.xml @@ -17,6 +17,17 @@ com.google.apis google-api-services-cloudkms v1beta1-rev51-1.18.0-rc + + + com.google.guava + guava-jdk5 + + + + + com.google.guava + guava + 20.0 com.google.api-client diff --git a/kms/src/main/java/com/example/CryptFile.java b/kms/src/main/java/com/example/CryptFile.java index 08c2d0914af..094aec04a55 100644 --- a/kms/src/main/java/com/example/CryptFile.java +++ b/kms/src/main/java/com/example/CryptFile.java @@ -60,15 +60,31 @@ public static CloudKMS createAuthorizedClient() throws IOException { } /** - * Encrypts the given bytes, using the specified crypto key. + * Encrypts the given bytes, using the primary version of the specified crypto key. + * + * The primary version can be updated via the updatePrimaryVersion + * method. */ public static byte[] encrypt(String projectId, String ringId, String keyId, byte[] plaintext) throws IOException { + return encrypt(projectId, ringId, keyId, null, plaintext); + } + + /** + * Encrypts the given bytes, using the specified crypto key version. + */ + public static byte[] encrypt( + String projectId, String ringId, String keyId, String version, byte[] plaintext) + throws IOException { String location = "global"; // The resource name of the cryptoKey String cryptoKeyName = String.format( "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", projectId, location, ringId, keyId); + if (null != version) { + cryptoKeyName += "/cryptoKeyVersions/" + version; + } // Create the Cloud KMS client. CloudKMS kms = createAuthorizedClient(); diff --git a/kms/src/main/java/com/example/Quickstart.java b/kms/src/main/java/com/example/Quickstart.java deleted file mode 100644 index 69abd5b0597..00000000000 --- a/kms/src/main/java/com/example/Quickstart.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2017 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ - -package com.example; - -import com.google.api.client.googleapis.auth.oauth2.GoogleCredential; -import com.google.api.client.http.HttpTransport; -import com.google.api.client.http.javanet.NetHttpTransport; -import com.google.api.client.json.JsonFactory; -import com.google.api.client.json.jackson2.JacksonFactory; -import com.google.api.services.cloudkms.v1beta1.CloudKMS; -import com.google.api.services.cloudkms.v1beta1.CloudKMSScopes; -import com.google.api.services.cloudkms.v1beta1.model.KeyRing; -import com.google.api.services.cloudkms.v1beta1.model.ListKeyRingsResponse; - -import java.io.IOException; - -// [START kms_quickstart] -public class Quickstart { - /** - * Creates an authorized CloudKMS client service using Application Default Credentials. - * - * @return an authorized CloudKMS client - * @throws IOException if there's an error getting the default credentials. - */ - public static CloudKMS createAuthorizedClient() throws IOException { - // Create the credential - HttpTransport transport = new NetHttpTransport(); - JsonFactory jsonFactory = new JacksonFactory(); - // Authorize the client using Application Default Credentials - // @see https://g.co/dv/identity/protocols/application-default-credentials - GoogleCredential credential = GoogleCredential.getApplicationDefault(transport, jsonFactory); - - // Depending on the environment that provides the default credentials (e.g. Compute Engine, App - // Engine), the credentials may require us to specify the scopes we need explicitly. - // Check for this case, and inject the scope if required. - if (credential.createScopedRequired()) { - credential = credential.createScoped(CloudKMSScopes.all()); - } - - return new CloudKMS.Builder(transport, jsonFactory, credential) - .setApplicationName("CloudKMS quickstart") - .build(); - } - - public static void main(String... args) throws IOException { - if (args.length != 1) { - System.err.println("Usage: Quickstart "); - System.exit(1); - } - - // Your Google Cloud Platform project ID - String projectId = args[0]; - - // Lists keys in the "global" location. - String location = "global"; - // The resource name of the location associated with the KeyRings - String parent = String.format("projects/%s/locations/%s", projectId, location); - // Instantiate the client - CloudKMS kms = createAuthorizedClient(); - // list all key rings for your project - ListKeyRingsResponse response = kms.projects().locations().keyRings().list(parent).execute(); - // Print the key rings - System.out.println("Key Rings: "); - if (null != response.getKeyRings()) { - for (KeyRing keyRing : response.getKeyRings()) { - System.out.println(keyRing.getName()); - } - } else { - System.out.println("No keyrings defined."); - } - } -} -// [END kms_quickstart] diff --git a/kms/src/main/java/com/example/SnippetCommands.java b/kms/src/main/java/com/example/SnippetCommands.java index e872b79b8e6..4ae9fe506b9 100644 --- a/kms/src/main/java/com/example/SnippetCommands.java +++ b/kms/src/main/java/com/example/SnippetCommands.java @@ -68,6 +68,18 @@ public void run() throws IOException { } } + public static class CreateCryptoKeyVersionCommand extends KeyArgs implements Command { + public void run() throws IOException { + Snippets.createCryptoKeyVersion(projectId, ringId, keyId); + } + } + + public static class ListKeyRingsCommand extends ProjectIdArgs implements Command { + public void run() throws IOException { + Snippets.listKeyRings(projectId); + } + } + public static class ListCryptoKeysCommand extends KeyRingArgs implements Command { public void run() throws IOException { Snippets.listCryptoKeys(projectId, ringId); @@ -173,6 +185,8 @@ public void run() throws IOException { @SubCommands({ @SubCommand(name = "createKeyRing", impl = CreateKeyRingCommand.class), @SubCommand(name = "createCryptoKey", impl = CreateCryptoKeyCommand.class), + @SubCommand(name = "createCryptoKeyVersion", impl = CreateCryptoKeyVersionCommand.class), + @SubCommand(name = "listKeyRings", impl = ListKeyRingsCommand.class), @SubCommand(name = "listCryptoKeys", impl = ListCryptoKeysCommand.class), @SubCommand(name = "listCryptoKeyVersions", impl = ListCryptoKeyVersionsCommand.class), @SubCommand(name = "disableCryptoKeyVersion", impl = DisableCryptoKeyVersionCommand.class), diff --git a/kms/src/main/java/com/example/Snippets.java b/kms/src/main/java/com/example/Snippets.java index 2b6f486ec73..42dd7329cd7 100644 --- a/kms/src/main/java/com/example/Snippets.java +++ b/kms/src/main/java/com/example/Snippets.java @@ -28,6 +28,7 @@ import com.google.api.services.cloudkms.v1beta1.model.KeyRing; import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeyVersionsResponse; import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeysResponse; +import com.google.api.services.cloudkms.v1beta1.model.ListKeyRingsResponse; import com.google.api.services.cloudkms.v1beta1.model.Policy; import com.google.api.services.cloudkms.v1beta1.model.SetIamPolicyRequest; @@ -114,6 +115,30 @@ public static CryptoKey createCryptoKey(String projectId, String ringId, String return createdKey; } + /** + * Creates a new crypto key version for the given id. + */ + public static void createCryptoKeyVersion( + String projectId, String ringId, String keyId) throws IOException { + String location = "global"; + // Create the Cloud KMS client. + CloudKMS kms = createAuthorizedClient(); + + // The resource name of the cryptoKey + String cryptoKeys = String.format( + "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", + projectId, location, ringId, keyId); + + CryptoKeyVersion version = new CryptoKeyVersion(); + + CryptoKeyVersion newVersion = kms.projects().locations().keyRings().cryptoKeys() + .cryptoKeyVersions() + .create(cryptoKeys, version) + .execute(); + + System.out.println(newVersion); + } + /** * Disables the given version of the crypto key. */ @@ -263,11 +288,12 @@ public static Policy addMemberToCryptoKeyPolicy( iamPolicy.setBindings(bindings); // Set the new IAM Policy. - Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys() + Policy newIamPolicy = kms.projects().locations().keyRings() + .cryptoKeys() .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)) .execute(); - System.out.println(newIamPolicy); + System.out.println("Response: " + newIamPolicy); return newIamPolicy; } @@ -320,11 +346,12 @@ public static Policy addMemberToKeyRingPolicy( iamPolicy.setBindings(bindings); // Set the new IAM Policy. - Policy newIamPolicy = kms.projects().locations().keyRings() + Policy newIamPolicy = kms.projects().locations() + .keyRings() .setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy)) .execute(); - System.out.println(newIamPolicy); + System.out.println("Response: " + newIamPolicy); return newIamPolicy; } @@ -346,21 +373,26 @@ public static Policy removeMemberFromCryptoKeyPolicy( // Get the current IAM policy and add the new account to it. Policy iamPolicy = getCryptoKeyPolicy(projectId, ringId, keyId); - List bindings = iamPolicy.getBindings(); + if (null == iamPolicy.getBindings()) { + // Nothing to remove + return null; + } + // Filter out the given member - for (Binding b : bindings) { + for (Binding b : iamPolicy.getBindings()) { if (role.equals(b.getRole()) && b.getMembers().contains(member)) { - b.getMembers().remove(member); + b.getMembers().removeAll(Collections.singletonList(member)); break; } } // Set the new IAM Policy. - Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys() + Policy newIamPolicy = kms.projects().locations().keyRings() + .cryptoKeys() .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)) .execute(); - System.out.println(newIamPolicy); + System.out.println("Response: " + newIamPolicy); return newIamPolicy; } @@ -382,9 +414,8 @@ public static Policy removeMemberFromKeyRingPolicy( // Get the current IAM policy and add the new account to it. Policy iamPolicy = getKeyRingPolicy(projectId, ringId); - List bindings = iamPolicy.getBindings(); // Filter out the given member - for (Binding b : bindings) { + for (Binding b : iamPolicy.getBindings()) { if (role.equals(b.getRole()) && b.getMembers().contains(member)) { b.getMembers().remove(member); break; @@ -392,14 +423,45 @@ public static Policy removeMemberFromKeyRingPolicy( } // Set the new IAM Policy. - Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys() + Policy newIamPolicy = kms.projects().locations() + .keyRings() .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy)) .execute(); - System.out.println(newIamPolicy); + System.out.println("Response: " + newIamPolicy); return newIamPolicy; } + /** + * Prints all the keyrings in the given project. + */ + public static void listKeyRings(String projectId) throws IOException { + String location = "global"; + // Create the Cloud KMS client. + CloudKMS kms = createAuthorizedClient(); + + // The resource name of the cryptoKey + String keyRingPath = String.format( + "projects/%s/locations/%s", + projectId, location); + + // Make the RPC call + ListKeyRingsResponse response = kms.projects().locations() + .keyRings() + .list(keyRingPath) + .execute(); + + // Print the returned key rings + if (null != response.getKeyRings()) { + System.out.println("Key Rings: "); + for (KeyRing keyRing : response.getKeyRings()) { + System.out.println(keyRing.getName()); + } + } else { + System.out.println("No keyrings defined."); + } + } + /** * Prints all the keys in the given key ring. */ diff --git a/kms/src/test/java/com/example/QuickstartIT.java b/kms/src/test/java/com/example/QuickstartIT.java deleted file mode 100644 index 6f2d9829599..00000000000 --- a/kms/src/test/java/com/example/QuickstartIT.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright (c) 2017 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software distributed under the License - * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express - * or implied. See the License for the specific language governing permissions and limitations under - * the License. - */ - -package com.example; - -import static com.google.common.truth.Truth.assertThat; - -import org.junit.After; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; - -/** - * Integration (system) tests for {@link Quickstart}. - */ -@RunWith(JUnit4.class) -@SuppressWarnings("checkstyle:abbreviationaswordinname") -public class QuickstartIT { - - private ByteArrayOutputStream bout; - private PrintStream out; - - @Before - public void setUp() throws Exception { - bout = new ByteArrayOutputStream(); - out = new PrintStream(bout); - System.setOut(out); - } - - @After - public void tearDown() { - System.setOut(null); - } - - @Test - public void main_printsKeyrings() throws Exception { - Quickstart.main("foo"); - String stdout = bout.toString(); - - assertThat(stdout).contains("jerjou"); - } -} diff --git a/kms/src/test/java/com/example/SnippetsIT.java b/kms/src/test/java/com/example/SnippetsIT.java new file mode 100644 index 00000000000..c7a5142949b --- /dev/null +++ b/kms/src/test/java/com/example/SnippetsIT.java @@ -0,0 +1,278 @@ +/* + * Copyright (c) 2017 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package com.example; + +import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertTrue; + +import com.google.api.client.googleapis.json.GoogleJsonError; +import com.google.api.client.googleapis.json.GoogleJsonResponseException; + +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * Integration (system) tests for {@link Snippets}. + */ +@RunWith(JUnit4.class) +@SuppressWarnings("checkstyle:abbreviationaswordinname") +public class SnippetsIT { + + static final String PROJECT_ID = "java-docs-samples-tests"; + static final String KEY_RING_ID = "test-snippets-key-ring"; + static final String CRYPTO_KEY_ID = "test-snippets-crypto-key"; + static final String TEST_USER = "serviceAccount:" + + "131304031188-compute@developer.gserviceaccount.com"; + static final String TEST_ROLE = "roles/viewer"; + static final String ENCRYPT_STRING = "Everyone shall sit under their own vine and fig tree"; + + private static PrintStream realOut; + + private ByteArrayOutputStream bout; + private PrintStream out; + + @BeforeClass + public static void setUpClass() throws Exception { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + PrintStream out = new PrintStream(bout); + realOut = System.out; + System.setOut(out); + + // Since you can't delete keyrings & cryptokeys atm, these tests assume they already exist. + // Use the snippets functions to create them. + try { + Snippets.createKeyRing(PROJECT_ID, KEY_RING_ID); + + // Since there's no way to delete keyrings atm, have two branches - one for the first time the + // test is run, one for after the key already exists + assertThat(bout.toString()).contains("keyRings/" + KEY_RING_ID); + + } catch (GoogleJsonResponseException e) { + GoogleJsonError error = e.getDetails(); + assertThat(error.getCode()).isEqualTo(409); + assertThat(error.getMessage()).contains("keyRings/" + KEY_RING_ID); + } + + try { + Snippets.createCryptoKey(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + // Since there's no way to delete keyrings atm, have two branches - one for the first time the + // test is run, one for after the key already exists + assertThat(bout.toString()).contains(String.format( + "keyRings/%s/cryptoKeys/%s", KEY_RING_ID, CRYPTO_KEY_ID)); + + } catch (GoogleJsonResponseException e) { + GoogleJsonError error = e.getDetails(); + assertThat(error.getCode()).isEqualTo(409); + assertThat(error.getMessage()).contains(String.format( + "keyRings/%s/cryptoKeys/%s", KEY_RING_ID, CRYPTO_KEY_ID)); + } + } + + /** + * Destroys all the keys created during this test run. + */ + @AfterClass + public static void tearDownClass() throws Exception { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + PrintStream out = new PrintStream(bout); + System.setOut(out); + + String stdout; + try { + Snippets.listCryptoKeyVersions(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + stdout = bout.toString(); + } finally { + System.setOut(realOut); + } + + String[] lines = stdout.split("\n"); + Pattern keyVersion = Pattern.compile( + ".*cryptoKeyVersions/(\\d+)\",\"state\":\"(EN|DIS)ABLED\".*", + Pattern.DOTALL | Pattern.MULTILINE); + + for (String line : lines) { + Matcher matcher = keyVersion.matcher(line); + if (!matcher.matches()) { + continue; + } + + String version = matcher.group(1); + Snippets.destroyCryptoKeyVersion(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); + } + } + + @Before + public void setUp() throws Exception { + bout = new ByteArrayOutputStream(); + out = new PrintStream(bout); + System.setOut(out); + + Snippets.createCryptoKeyVersion(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + } + + @After + public void tearDown() { + System.setOut(realOut); + } + + @Test + public void listKeyRings_printsKeyRing() throws Exception { + Snippets.listKeyRings(PROJECT_ID); + + assertThat(bout.toString()).contains(String.format("keyRings/%s", KEY_RING_ID)); + } + + @Test + public void listCryptoKeys_printsCryptoKeys() throws Exception { + Snippets.listCryptoKeys(PROJECT_ID, KEY_RING_ID); + + assertThat(bout.toString()).contains( + String.format("keyRings/%s/cryptoKeys/%s", KEY_RING_ID, CRYPTO_KEY_ID)); + } + + @Test + public void listCryptoKeyVersions_printsVersions() throws Exception { + Snippets.listCryptoKeyVersions(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + assertThat(bout.toString()).containsMatch(String.format( + "keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/\\d+\",\"state\":\"ENABLED\"", + KEY_RING_ID, CRYPTO_KEY_ID)); + } + + @Test + public void disableCryptoKeyVersion_disables() throws Exception { + Snippets.listCryptoKeyVersions(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"ENABLED\".*", + Pattern.DOTALL | Pattern.MULTILINE).matcher(bout.toString().trim()); + assertTrue(matcher.matches()); + String version = matcher.group(1); + + Snippets.disableCryptoKeyVersion(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); + assertThat(bout.toString()).containsMatch(String.format( + "keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s\",\"state\":\"DISABLED\"", + KEY_RING_ID, CRYPTO_KEY_ID, version)); + } + + @Test + public void destroyCryptoKeyVersion_destroys() throws Exception { + Snippets.listCryptoKeyVersions(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"ENABLED\".*", + Pattern.DOTALL | Pattern.MULTILINE).matcher(bout.toString().trim()); + assertTrue(matcher.matches()); + + String version = matcher.group(1); + + Snippets.destroyCryptoKeyVersion(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); + + assertThat(bout.toString()).containsMatch(String.format( + "keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s\",\"state\":\"DESTROY_SCHEDULED\"", + KEY_RING_ID, CRYPTO_KEY_ID, version)); + } + + @Test + public void addAndRemoveMemberToCryptoKeyPolicy_addsDisplaysAndRemoves() throws Exception { + // Make sure the policy doesn't already have our test user + Snippets.getCryptoKeyPolicy(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + assertThat(bout.toString()).doesNotContainMatch(TEST_USER); + + try { + // Add the test user, and make sure the policy has it + Snippets.addMemberToCryptoKeyPolicy( + PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, TEST_USER, TEST_ROLE); + + Snippets.getCryptoKeyPolicy(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + assertThat(bout.toString()).containsMatch(TEST_USER); + + // Now remove the test user, and make sure the policy no longer has it + bout.reset(); + } finally { + Snippets.removeMemberFromCryptoKeyPolicy( + PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, TEST_USER, TEST_ROLE); + } + + assertThat(bout.toString()).doesNotContainMatch("Response:.*" + TEST_USER); + + bout.reset(); + Snippets.getCryptoKeyPolicy(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + assertThat(bout.toString()).doesNotContainMatch(TEST_USER); + } + + @Test + public void addAndRemoveMemberToKeyRingPolicy_addsDisplaysAndRemoves() throws Exception { + // Make sure the policy doesn't already have our test user + Snippets.getKeyRingPolicy(PROJECT_ID, KEY_RING_ID); + + assertThat(bout.toString()).doesNotContainMatch(TEST_USER); + + try { + // Add the test user, and make sure the policy has it + Snippets.addMemberToKeyRingPolicy( + PROJECT_ID, KEY_RING_ID, TEST_USER, TEST_ROLE); + + Snippets.getKeyRingPolicy(PROJECT_ID, KEY_RING_ID); + + assertThat(bout.toString()).containsMatch(TEST_USER); + + // Now remove the test user, and make sure the policy no longer has it + bout.reset(); + } finally { + Snippets.removeMemberFromKeyRingPolicy( + PROJECT_ID, KEY_RING_ID, TEST_USER, TEST_ROLE); + } + + assertThat(bout.toString()).doesNotContainMatch("Response:.*" + TEST_USER); + + bout.reset(); + Snippets.getKeyRingPolicy(PROJECT_ID, KEY_RING_ID); + + assertThat(bout.toString()).doesNotContainMatch(TEST_USER); + } + + @Test + public void encryptDecrypt_encryptsAndDecrypts() throws Exception { + // Get an enabled crypto key version, since the primary version is likely disabled + Snippets.listCryptoKeyVersions(PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID); + Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"ENABLED\".*", + Pattern.DOTALL | Pattern.MULTILINE).matcher(bout.toString().trim()); + assertTrue(matcher.matches()); + String version = matcher.group(1); + + byte[] encrypted = CryptFile.encrypt( + PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, version, ENCRYPT_STRING.getBytes()); + + assertThat(new String(encrypted)).isNotEqualTo(ENCRYPT_STRING); + + byte[] decrypted = CryptFile.decrypt( + PROJECT_ID, KEY_RING_ID, CRYPTO_KEY_ID, encrypted); + + assertThat(new String(decrypted)).isEqualTo(ENCRYPT_STRING); + } +} diff --git a/pom.xml b/pom.xml index 26cc5708d72..ef8d9412ee3 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,7 @@ + appengine/analytics appengine/appidentity appengine/channel @@ -76,16 +77,7 @@ appengine/urlfetch appengine/users - - bigquery - bigquery/cloud-client - bigquery/rest - compute/cmdline - compute/error-reporting - compute/mailjet - compute/sendgrid - datastore - datastore/cloud-client + flexible/analytics flexible/async-rest flexible/cloudsql @@ -102,6 +94,17 @@ flexible/sparkjava flexible/static-files flexible/twilio + + bigquery + bigquery/cloud-client + bigquery/rest + compute/cmdline + compute/error-reporting + compute/mailjet + compute/sendgrid + datastore + datastore/cloud-client + kms language/analysis language/cloud-client logging