def test_update_crypto_key_primary_version(self):
# Setup Expected Response
name_2 = "name2-1052831874"
expected_response = {"name": name_2}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
patch = mock.patch("google.api_core.grpc_helpers.create_channel")
with patch as create_channel:
create_channel.return_value = channel
client = kms_v1.KeyManagementServiceClient()
# Setup Request
name = client.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]",
"[CRYPTO_KEY]")
crypto_key_version_id = "cryptoKeyVersionId729489152"
response = client.update_crypto_key_primary_version(
name, crypto_key_version_id)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest(
name=name, crypto_key_version_id=crypto_key_version_id)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def test_create_crypto_key(self):
# Setup Expected Response
name = 'name3373707'
expected_response = {'name': name}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
client = kms_v1.KeyManagementServiceClient(channel=channel)
# Setup Request
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
crypto_key_id = 'my-app-key'
purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
seconds = 2147483647
next_rotation_time = {'seconds': seconds}
seconds_2 = 604800
rotation_period = {'seconds': seconds_2}
crypto_key = {
'purpose': purpose,
'next_rotation_time': next_rotation_time,
'rotation_period': rotation_period
}
response = client.create_crypto_key(parent, crypto_key_id, crypto_key)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.CreateCryptoKeyRequest(
parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def test_update_crypto_key(self):
# Setup Expected Response
name = "name3373707"
expected_response = {"name": name}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
patch = mock.patch("google.api_core.grpc_helpers.create_channel")
with patch as create_channel:
create_channel.return_value = channel
client = kms_v1.KeyManagementServiceClient()
# Setup Request
crypto_key = {}
update_mask = {}
response = client.update_crypto_key(crypto_key, update_mask)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.UpdateCryptoKeyRequest(
crypto_key=crypto_key, update_mask=update_mask)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def test_create_crypto_key(self):
# Setup Expected Response
name = "name3373707"
expected_response = {"name": name}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
patch = mock.patch("google.api_core.grpc_helpers.create_channel")
with patch as create_channel:
create_channel.return_value = channel
client = kms_v1.KeyManagementServiceClient()
# Setup Request
parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")
crypto_key_id = "my-app-key"
purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
seconds = 2147483647
next_rotation_time = {"seconds": seconds}
seconds_2 = 604800
rotation_period = {"seconds": seconds_2}
crypto_key = {
"purpose": purpose,
"next_rotation_time": next_rotation_time,
"rotation_period": rotation_period,
}
response = client.create_crypto_key(parent, crypto_key_id, crypto_key)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.CreateCryptoKeyRequest(
parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def update_key_add_rotation(project_id, location_id, key_ring_id, key_id):
"""
Add a rotation schedule to an existing key.
Args:
project_id (string): Google Cloud project ID (e.g. 'my-project').
location_id (string): Cloud KMS location (e.g. 'us-east1').
key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
key_id (string): ID of the key to use (e.g. 'my-key').
Returns:
CryptoKey: Updated Cloud KMS key.
"""
# Import the client library.
from google.cloud import kms
# Import time for getting the current time.
import time
# Create the client.
client = kms.KeyManagementServiceClient()
# Build the key name.
key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)
# Build the key. We need to build a full proto instead of a dict due to
# https://github.com/googleapis/gapic-generator-python/issues/364.
from google.cloud.kms_v1.proto import resources_pb2
key = resources_pb2.CryptoKey()
key.name = key_name
# Rotate the key every 30 days.
key.rotation_period.seconds = 60*60*24*30
# Start the first rotation in 24 hours.
key.next_rotation_time.seconds = int(time.time()) + 60*60*24
# Build the update mask.
update_mask = {'paths': ['rotation_period', 'next_rotation_time']}
# Call the API.
updated_key = client.update_crypto_key(key, update_mask)
print('Updated key: {}'.format(updated_key.name))
return updated_key
def key_ring_id(client, project_id, location_id):
location_name = client.location_path(project_id, location_id)
key_ring_id = '{}'.format(uuid.uuid4())
key_ring = client.create_key_ring(location_name, key_ring_id, {})
yield key_ring_id
for key in client.list_crypto_keys(key_ring.name):
if key.rotation_period.seconds > 0 or key.next_rotation_time.seconds > 0:
# https://github.com/googleapis/gapic-generator-python/issues/364
updated_key = resources_pb2.CryptoKey()
updated_key.name = key.name
update_mask = {'paths': ['rotation_period', 'next_rotation_time']}
client.update_crypto_key(updated_key, update_mask)
f = 'state != DESTROYED AND state != DESTROY_SCHEDULED'
for version in client.list_crypto_key_versions(key.name, filter_=f):
client.destroy_crypto_key_version(version.name)
def test_get_crypto_key(self):
# Setup Expected Response
name_2 = 'name2-1052831874'
expected_response = {'name': name_2}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
client = kms_v1.KeyManagementServiceClient(channel=channel)
# Setup Request
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]',
'[CRYPTO_KEY]')
response = client.get_crypto_key(name)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.GetCryptoKeyRequest(name=name)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def test_update_crypto_key(self):
# Setup Expected Response
name = 'name3373707'
expected_response = {'name': name}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
client = kms_v1.KeyManagementServiceClient(channel=channel)
# Setup Request
crypto_key = {}
update_mask = {}
response = client.update_crypto_key(crypto_key, update_mask)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.UpdateCryptoKeyRequest(
crypto_key=crypto_key, update_mask=update_mask)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def update_key_remove_labels(project_id, location_id, key_ring_id, key_id):
"""
Remove labels from an existing key.
Args:
project_id (string): Google Cloud project ID (e.g. 'my-project').
location_id (string): Cloud KMS location (e.g. 'us-east1').
key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
key_id (string): ID of the key to use (e.g. 'my-key').
Returns:
CryptoKey: Updated Cloud KMS key.
"""
# Import the client library.
from google.cloud import kms
# Create the client.
client = kms.KeyManagementServiceClient()
# Build the key name.
key_name = client.crypto_key_path(project_id, location_id, key_ring_id,
key_id)
# Build the key. We need to build a full proto instead of a dict due to
# https://github.com/googleapis/gapic-generator-python/issues/364.
from google.cloud.kms_v1.proto import resources_pb2
key = resources_pb2.CryptoKey()
key.name = key_name
key.labels.clear()
# Build the update mask.
update_mask = {'paths': ['labels']}
# Call the API.
updated_key = client.update_crypto_key(key, update_mask)
print('Updated key: {}'.format(updated_key.name))
return updated_key
def test_update_crypto_key_primary_version(self):
# Setup Expected Response
name_2 = 'name2-1052831874'
expected_response = {'name': name_2}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
client = kms_v1.KeyManagementServiceClient(channel=channel)
# Setup Request
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]',
'[CRYPTO_KEY]')
crypto_key_version_id = 'cryptoKeyVersionId729489152'
response = client.update_crypto_key_primary_version(
name, crypto_key_version_id)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest(
name=name, crypto_key_version_id=crypto_key_version_id)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
def test_get_crypto_key(self):
# Setup Expected Response
name_2 = 'name2-1052831874'
expected_response = {'name': name_2}
expected_response = resources_pb2.CryptoKey(**expected_response)
# Mock the API response
channel = ChannelStub(responses=[expected_response])
patch = mock.patch('google.api_core.grpc_helpers.create_channel')
with patch as create_channel:
create_channel.return_value = channel
client = kms_v1.KeyManagementServiceClient()
# Setup Request
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]',
'[CRYPTO_KEY]')
response = client.get_crypto_key(name)
assert expected_response == response
assert len(channel.requests) == 1
expected_request = service_pb2.GetCryptoKeyRequest(name=name)
actual_request = channel.requests[0][1]
assert expected_request == actual_request
