def test_update_crypto_key_primary_version(self): # Setup Expected Response name_2 = "name2-1052831874" expected_response = {"name": name_2} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = kms_v1.KeyManagementServiceClient() # Setup Request name = client.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]") crypto_key_version_id = "cryptoKeyVersionId729489152" response = client.update_crypto_key_primary_version( name, crypto_key_version_id) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( name=name, crypto_key_version_id=crypto_key_version_id) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_create_crypto_key(self): # Setup Expected Response name = 'name3373707' expected_response = {'name': name} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = kms_v1.KeyManagementServiceClient(channel=channel) # Setup Request parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') crypto_key_id = 'my-app-key' purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT seconds = 2147483647 next_rotation_time = {'seconds': seconds} seconds_2 = 604800 rotation_period = {'seconds': seconds_2} crypto_key = { 'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period } response = client.create_crypto_key(parent, crypto_key_id, crypto_key) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.CreateCryptoKeyRequest( parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_update_crypto_key(self): # Setup Expected Response name = "name3373707" expected_response = {"name": name} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = kms_v1.KeyManagementServiceClient() # Setup Request crypto_key = {} update_mask = {} response = client.update_crypto_key(crypto_key, update_mask) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.UpdateCryptoKeyRequest( crypto_key=crypto_key, update_mask=update_mask) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_create_crypto_key(self): # Setup Expected Response name = "name3373707" expected_response = {"name": name} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch("google.api_core.grpc_helpers.create_channel") with patch as create_channel: create_channel.return_value = channel client = kms_v1.KeyManagementServiceClient() # Setup Request parent = client.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]") crypto_key_id = "my-app-key" purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT seconds = 2147483647 next_rotation_time = {"seconds": seconds} seconds_2 = 604800 rotation_period = {"seconds": seconds_2} crypto_key = { "purpose": purpose, "next_rotation_time": next_rotation_time, "rotation_period": rotation_period, } response = client.create_crypto_key(parent, crypto_key_id, crypto_key) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.CreateCryptoKeyRequest( parent=parent, crypto_key_id=crypto_key_id, crypto_key=crypto_key) actual_request = channel.requests[0][1] assert expected_request == actual_request
def update_key_add_rotation(project_id, location_id, key_ring_id, key_id): """ Add a rotation schedule to an existing key. Args: project_id (string): Google Cloud project ID (e.g. 'my-project'). location_id (string): Cloud KMS location (e.g. 'us-east1'). key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring'). key_id (string): ID of the key to use (e.g. 'my-key'). Returns: CryptoKey: Updated Cloud KMS key. """ # Import the client library. from google.cloud import kms # Import time for getting the current time. import time # Create the client. client = kms.KeyManagementServiceClient() # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Build the key. We need to build a full proto instead of a dict due to # https://github.com/googleapis/gapic-generator-python/issues/364. from google.cloud.kms_v1.proto import resources_pb2 key = resources_pb2.CryptoKey() key.name = key_name # Rotate the key every 30 days. key.rotation_period.seconds = 60*60*24*30 # Start the first rotation in 24 hours. key.next_rotation_time.seconds = int(time.time()) + 60*60*24 # Build the update mask. update_mask = {'paths': ['rotation_period', 'next_rotation_time']} # Call the API. updated_key = client.update_crypto_key(key, update_mask) print('Updated key: {}'.format(updated_key.name)) return updated_key
def key_ring_id(client, project_id, location_id): location_name = client.location_path(project_id, location_id) key_ring_id = '{}'.format(uuid.uuid4()) key_ring = client.create_key_ring(location_name, key_ring_id, {}) yield key_ring_id for key in client.list_crypto_keys(key_ring.name): if key.rotation_period.seconds > 0 or key.next_rotation_time.seconds > 0: # https://github.com/googleapis/gapic-generator-python/issues/364 updated_key = resources_pb2.CryptoKey() updated_key.name = key.name update_mask = {'paths': ['rotation_period', 'next_rotation_time']} client.update_crypto_key(updated_key, update_mask) f = 'state != DESTROYED AND state != DESTROY_SCHEDULED' for version in client.list_crypto_key_versions(key.name, filter_=f): client.destroy_crypto_key_version(version.name)
def test_get_crypto_key(self): # Setup Expected Response name_2 = 'name2-1052831874' expected_response = {'name': name_2} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = kms_v1.KeyManagementServiceClient(channel=channel) # Setup Request name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') response = client.get_crypto_key(name) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.GetCryptoKeyRequest(name=name) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_update_crypto_key(self): # Setup Expected Response name = 'name3373707' expected_response = {'name': name} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = kms_v1.KeyManagementServiceClient(channel=channel) # Setup Request crypto_key = {} update_mask = {} response = client.update_crypto_key(crypto_key, update_mask) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.UpdateCryptoKeyRequest( crypto_key=crypto_key, update_mask=update_mask) actual_request = channel.requests[0][1] assert expected_request == actual_request
def update_key_remove_labels(project_id, location_id, key_ring_id, key_id): """ Remove labels from an existing key. Args: project_id (string): Google Cloud project ID (e.g. 'my-project'). location_id (string): Cloud KMS location (e.g. 'us-east1'). key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring'). key_id (string): ID of the key to use (e.g. 'my-key'). Returns: CryptoKey: Updated Cloud KMS key. """ # Import the client library. from google.cloud import kms # Create the client. client = kms.KeyManagementServiceClient() # Build the key name. key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id) # Build the key. We need to build a full proto instead of a dict due to # https://github.com/googleapis/gapic-generator-python/issues/364. from google.cloud.kms_v1.proto import resources_pb2 key = resources_pb2.CryptoKey() key.name = key_name key.labels.clear() # Build the update mask. update_mask = {'paths': ['labels']} # Call the API. updated_key = client.update_crypto_key(key, update_mask) print('Updated key: {}'.format(updated_key.name)) return updated_key
def test_update_crypto_key_primary_version(self): # Setup Expected Response name_2 = 'name2-1052831874' expected_response = {'name': name_2} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) client = kms_v1.KeyManagementServiceClient(channel=channel) # Setup Request name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') crypto_key_version_id = 'cryptoKeyVersionId729489152' response = client.update_crypto_key_primary_version( name, crypto_key_version_id) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.UpdateCryptoKeyPrimaryVersionRequest( name=name, crypto_key_version_id=crypto_key_version_id) actual_request = channel.requests[0][1] assert expected_request == actual_request
def test_get_crypto_key(self): # Setup Expected Response name_2 = 'name2-1052831874' expected_response = {'name': name_2} expected_response = resources_pb2.CryptoKey(**expected_response) # Mock the API response channel = ChannelStub(responses=[expected_response]) patch = mock.patch('google.api_core.grpc_helpers.create_channel') with patch as create_channel: create_channel.return_value = channel client = kms_v1.KeyManagementServiceClient() # Setup Request name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]') response = client.get_crypto_key(name) assert expected_response == response assert len(channel.requests) == 1 expected_request = service_pb2.GetCryptoKeyRequest(name=name) actual_request = channel.requests[0][1] assert expected_request == actual_request