Python CloudKMSHook.CloudKMSHook Examples

Example #1

File: test_kms_system.py Project: ysktir/airflow-1

    def test_decrypt(self):
        with TemporaryDirectory() as tmp_dir:
            with open(f"{tmp_dir}/mysecret.txt", "w") as secret_file:
                secret_file.write("TEST-SECRET")
            self.execute_cmd([
                "gcloud",
                "kms",
                "encrypt",
                "--location",
                "global",
                "--keyring",
                GCP_KMS_KEYRING_NAME,
                "--key",
                GCP_KMS_KEY_NAME,
                "--plaintext-file",
                f"{tmp_dir}/mysecret.txt",
                "--ciphertext-file",
                f"{tmp_dir}/mysecret.txt.encrypted",
            ])
            with open(f"{tmp_dir}/mysecret.txt.encrypted",
                      "rb") as encrypted_file:
                encrypted_secret = base64.b64encode(
                    encrypted_file.read()).decode()

            kms_hook = CloudKMSHook()
            content = kms_hook.decrypt(
                key_name=(
                    f"projects/{kms_hook.project_id}/locations/global/keyRings/"
                    f"{GCP_KMS_KEYRING_NAME}/cryptoKeys/{GCP_KMS_KEY_NAME}"),
                ciphertext=encrypted_secret,
            )
            assert content == b"TEST-SECRET"

Example #2

 def setUp(self):
     with mock.patch(
             "airflow.providers.google.cloud.hooks.base.CloudBaseHook.__init__",
             new=mock_init,
     ):
         self.kms_hook = CloudKMSHook(gcp_conn_id="test")