---

Frank Natividad · Frank Natividad · commit 066c4917545e · 2018-05-06T23:06:21.000-07:00
yaml --- r: 9435 b: refs/heads/kms-integration c: 86830e5 h: refs/heads/master i: 9433: ea02e04 9431: 3165243
diff --git a/[refs] b/[refs]
@@ -91,7 +91,7 @@ refs/tags/v0.42.1: 3d9c15dd66bbe736cfd83b695f805833d7a32299
 refs/tags/v0.43.0: af4bfcbcc7c86354b26642d65400ee4accb632a9
 refs/heads/add-pubsub-publish-error-handler: 54ac3bf7a1396a71a4ffc350cd409de4dad2d63a
 refs/heads/java-release-src-1: 23b4842b1c560f3f1d382de1e0797261307490b4
-refs/heads/kms-integration: 47701ed4c644a4c19b99ebe8aaef1e896b533f0d
+refs/heads/kms-integration: 86830e59f66d58dcd6a9552510509561a006cf62
 refs/tags/v0.44.0: 1c7d06813aa4d2ac948b1ddda591406a2448371f
 refs/tags/v0.45.0: 4b4eb52d0823f5335cb8acf54a88bae199e013ae
 refs/tags/v0.46.0: 40dfc83a11b2cf2c21bf0f5a7b1e47087cbf0259
diff --git a/branches/kms-integration/google-cloud-storage/pom.xml b/branches/kms-integration/google-cloud-storage/pom.xml
@@ -29,6 +29,7 @@
     <dependency>
       <groupId>com.google.apis</groupId>
       <artifactId>google-api-services-storage</artifactId>
+      <version>v1-rev125-1.23.0</version>
       <scope>compile</scope>
       <exclusions>
         <exclusion>
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/BlobInfo.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/BlobInfo.java
@@ -832,9 +832,8 @@ public ObjectAccessControl apply(Acl acl) {
     if (customerEncryption != null) {
       storageObject.setCustomerEncryption(customerEncryption.toPb());
     }
-    if (kmsKeyName != null) {
-      storageObject.setKmsKeyName(kmsKeyName);
-    }
+
+    storageObject.setKmsKeyName(kmsKeyName);
     storageObject.setMetadata(pbMetadata);
     storageObject.setCacheControl(cacheControl);
     storageObject.setContentEncoding(contentEncoding);
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/Bucket.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/Bucket.java
@@ -190,6 +190,9 @@ private Tuple<BlobInfo, Storage.BlobTargetOption> toTargetOption(BlobInfo blobIn
         case USER_PROJECT:
           return Tuple.of(blobInfo,
               Storage.BlobTargetOption.userProject((String) getValue()));
+        case KMS_KEY_NAME:
+          return Tuple.of(blobInfo,
+              Storage.BlobTargetOption.kmsKeyName((String) getValue()));
         default:
           throw new AssertionError("Unexpected enum value");
       }
@@ -274,6 +277,13 @@ public static BlobTargetOption userProject(String userProject) {
       return new BlobTargetOption(StorageRpc.Option.USER_PROJECT, userProject);
     }
 
+    /**
+     * Returns an option for blob's kms key name.
+     */
+    public static BlobTargetOption kmsKeyName(String kmsKeyName) {
+      return new BlobTargetOption(StorageRpc.Option.KMS_KEY_NAME, kmsKeyName);
+    }
+
     static Tuple<BlobInfo, Storage.BlobTargetOption[]> toTargetOptions(
         BlobInfo info, BlobTargetOption... options) {
       Set<StorageRpc.Option> optionSet =
@@ -345,6 +355,8 @@ private Tuple<BlobInfo, Storage.BlobWriteOption> toWriteOption(BlobInfo blobInfo
               Storage.BlobWriteOption.encryptionKey((String) value));
         case USER_PROJECT:
           return Tuple.of(blobInfo, Storage.BlobWriteOption.userProject((String) value));
+        case KMS_KEY_NAME:
+          return Tuple.of(blobInfo, Storage.BlobWriteOption.kmsKeyName((String) value));
         default:
           throw new AssertionError("Unexpected enum value");
       }
@@ -470,6 +482,13 @@ public static BlobWriteOption userProject(String userProject) {
       return new BlobWriteOption(Storage.BlobWriteOption.Option.USER_PROJECT, userProject);
     }
 
+    /**
+     * Returns an option for blob's kms key name.
+     */
+    public static BlobWriteOption kmsKeyName(String kmsKeyName) {
+      return new BlobWriteOption(Storage.BlobWriteOption.Option.KMS_KEY_NAME, kmsKeyName);
+    }
+
     static Tuple<BlobInfo, Storage.BlobWriteOption[]> toWriteOptions(
         BlobInfo info, BlobWriteOption... options) {
       Set<Storage.BlobWriteOption.Option> optionSet =
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/BucketInfo.java
@@ -595,7 +595,8 @@ public Builder setLabels(Map<String, String> labels) {
 
     @Override
     public Builder setDefaultKmsKeyName(String defaultKmsKeyName) {
-      this.defaultKmsKeyName = defaultKmsKeyName;
+      this.defaultKmsKeyName = defaultKmsKeyName != null
+              ? new String(defaultKmsKeyName) : Data.<String>nullOf(String.class);
       return this;
     }
 
@@ -880,9 +881,9 @@ public Rule apply(DeleteRule deleteRule) {
     if (labels != null) {
       bucketPb.setLabels(labels);
     }
-    // default kms key name can be null.
-    bucketPb.setEncryption(new Encryption().setDefaultKmsKeyName(defaultKmsKeyName));
-
+    if (defaultKmsKeyName != null) {
+      bucketPb.setEncryption(new Encryption().setDefaultKmsKeyName(defaultKmsKeyName));
+    }
     return bucketPb;
   }
 
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
@@ -19,6 +19,7 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
+import com.google.api.client.util.Data;
 import com.google.api.core.BetaApi;
 import com.google.api.gax.paging.Page;
 import com.google.auth.ServiceAccountSigner;
@@ -94,7 +95,7 @@ enum BucketField implements FieldSelector {
     CORS("cors"),
     STORAGE_CLASS("storageClass"),
     ETAG("etag"),
-    DEFAULT_KMS_KEY_NAME("defaultKmsKeyName"),
+    ENCRYPTION("encryption"),
     BILLING("billing");
 
     static final List<? extends FieldSelector> REQUIRED_FIELDS = ImmutableList.of(NAME);
@@ -207,6 +208,15 @@ public static BucketTargetOption metagenerationNotMatch() {
     public static BucketTargetOption userProject(String userProject) {
       return new BucketTargetOption(StorageRpc.Option.USER_PROJECT, userProject);
     }
+
+//    /**
+//     * Returns an option to define the defaultKmsKeyName.
+//     */
+//    public static BucketTargetOption defaultKmsKeyName(String defaultKmsKeyName) {
+//      defaultKmsKeyName = defaultKmsKeyName != null
+//              ? new String(defaultKmsKeyName) : Data.<String>nullOf(String.class);
+//      return new BucketTargetOption(StorageRpc.Option.KMS_KEY_NAME, defaultKmsKeyName);
+//    }
   }
 
   /**
@@ -384,6 +394,15 @@ public static BlobTargetOption encryptionKey(String key) {
       return new BlobTargetOption(StorageRpc.Option.CUSTOMER_SUPPLIED_KEY, key);
     }
 
+    /**
+     * Returns an option to set a KMS key resource name of the blob.
+     *
+     * @param kmsKeyName the KMS crypto key resource name
+     */
+      public static BlobTargetOption kmsKeyName(String kmsKeyName) {
+          return new BlobTargetOption(StorageRpc.Option.KMS_KEY_NAME, kmsKeyName);
+      }
+
     static Tuple<BlobInfo, BlobTargetOption[]> convert(BlobInfo info, BlobWriteOption... options) {
       BlobInfo.Builder infoBuilder = info.toBuilder().setCrc32c(null).setMd5(null);
       List<BlobTargetOption> targetOptions = Lists.newArrayListWithCapacity(options.length);
@@ -417,7 +436,7 @@ class BlobWriteOption implements Serializable {
 
     enum Option {
       PREDEFINED_ACL, IF_GENERATION_MATCH, IF_GENERATION_NOT_MATCH, IF_METAGENERATION_MATCH,
-      IF_METAGENERATION_NOT_MATCH, IF_MD5_MATCH, IF_CRC32C_MATCH, CUSTOMER_SUPPLIED_KEY, USER_PROJECT;
+      IF_METAGENERATION_NOT_MATCH, IF_MD5_MATCH, IF_CRC32C_MATCH, CUSTOMER_SUPPLIED_KEY, USER_PROJECT, KMS_KEY_NAME;
 
       StorageRpc.Option toRpcOption() {
         return StorageRpc.Option.valueOf(this.name());
@@ -542,6 +561,10 @@ public static BlobWriteOption encryptionKey(String key) {
     public static BlobWriteOption userProject(String userProject) {
       return new BlobWriteOption(Option.USER_PROJECT, userProject);
     }
+
+    public static BlobWriteOption kmsKeyName(String kmsKeyName) {
+      return new BlobWriteOption(Option.KMS_KEY_NAME, kmsKeyName);
+    }
   }
 
   /**
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/StorageImpl.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/StorageImpl.java
@@ -437,9 +437,11 @@ public CopyWriter copy(final CopyRequest copyRequest) {
       RewriteResponse rewriteResponse = runWithRetries(new Callable<RewriteResponse>() {
         @Override
         public RewriteResponse call() {
+
           return storageRpc.openRewrite(new StorageRpc.RewriteRequest(source, sourceOptions,
               copyRequest.overrideInfo(), targetObject, targetOptions,
               copyRequest.getMegabytesCopiedPerChunk()));
+
         }
       }, getOptions().getRetrySettings(), EXCEPTION_HANDLER, getOptions().getClock());
       return new CopyWriter(getOptions(), rewriteResponse);
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java
@@ -426,6 +426,7 @@ public StorageObject get(StorageObject object, Map<Option, ?> options) {
   public Bucket patch(Bucket bucket, Map<Option, ?> options) {
     Span span = startSpan(HttpStorageRpcSpans.SPAN_NAME_PATCH_BUCKET);
     Scope scope = tracer.withSpan(span);
+
     try {
       return storage.buckets()
           .patch(bucket.getName(), bucket)
@@ -790,6 +791,11 @@ private RewriteResponse rewrite(RewriteRequest req, String token) {
         userProject = Option.USER_PROJECT.getString(req.targetOptions);
       }
 
+      String kmsKeyName = Option.KMS_KEY_NAME.getString(req.targetOptions);
+      if (kmsKeyName == null) {
+        kmsKeyName = req.target.getKmsKeyName();
+      }
+
       Long maxBytesRewrittenPerCall = req.megabytesRewrittenPerCall != null
           ? req.megabytesRewrittenPerCall * MEGABYTE : null;
       Storage.Objects.Rewrite rewrite = storage.objects()
@@ -808,7 +814,9 @@ private RewriteResponse rewrite(RewriteRequest req, String token) {
           .setIfMetagenerationNotMatch(Option.IF_METAGENERATION_NOT_MATCH.getLong(req.targetOptions))
           .setIfGenerationMatch(Option.IF_GENERATION_MATCH.getLong(req.targetOptions))
           .setIfGenerationNotMatch(Option.IF_GENERATION_NOT_MATCH.getLong(req.targetOptions))
-          .setUserProject(userProject);
+          .setUserProject(userProject)
+          .setDestinationKmsKeyName(kmsKeyName);
+
       HttpHeaders requestHeaders = rewrite.getRequestHeaders();
       setEncryptionHeaders(requestHeaders, SOURCE_ENCRYPTION_KEY_PREFIX, req.sourceOptions);
       setEncryptionHeaders(requestHeaders, ENCRYPTION_KEY_PREFIX, req.targetOptions);
diff --git a/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java b/branches/kms-integration/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/StorageRpc.java
@@ -55,7 +55,8 @@ enum Option {
     VERSIONS("versions"),
     FIELDS("fields"),
     CUSTOMER_SUPPLIED_KEY("customerSuppliedKey"),
-    USER_PROJECT("userProject");
+    USER_PROJECT("userProject"),
+    KMS_KEY_NAME("kmsKeyName");
 
     private final String value;
 
diff --git a/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobInfoTest.java b/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobInfoTest.java
@@ -69,8 +69,6 @@ public class BlobInfoTest {
   private static final String KMS_KEY_NAME = "projects/p/locations/kr-loc/keyRings/kr/cryptoKeys/key";
   private static final StorageClass STORAGE_CLASS = StorageClass.COLDLINE;
 
-  // Unit tests include Customer Supplied encryption which may be confusing with the KMS KEY NAME
-  // as both can't be set at the same time. At least not right now.
   private static final BlobInfo BLOB_INFO = BlobInfo.newBuilder("b", "n", GENERATION)
       .setAcl(ACL)
       .setComponentCount(COMPONENT_COUNT)
diff --git a/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobTest.java b/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobTest.java
@@ -91,6 +91,7 @@ public class BlobTest {
   private static final String KEY_SHA256 = "keySha";
   private static final BlobInfo.CustomerEncryption CUSTOMER_ENCRYPTION =
       new BlobInfo.CustomerEncryption(ENCRYPTION_ALGORITHM, KEY_SHA256);
+  // TODO: Figure out CMEK + CSEK world
   private static final BlobInfo FULL_BLOB_INFO = BlobInfo.newBuilder("b", "n", GENERATION)
       .setAcl(ACLS)
       .setComponentCount(COMPONENT_COUNT)
diff --git a/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketTest.java b/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/BucketTest.java
@@ -41,6 +41,7 @@
 import com.google.common.collect.Lists;
 import com.google.common.io.BaseEncoding;
 
+import com.sun.net.ssl.KeyManagerFactorySpi;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
@@ -97,10 +98,10 @@ public class BucketTest {
       .setNotFoundPage(NOT_FOUND_PAGE)
       .setLocation(LOCATION)
       .setStorageClass(STORAGE_CLASS)
-      .setDefaultKmsKeyName(DEFAULT_KMS_KEY_NAME)
       .setVersioningEnabled(VERSIONING_ENABLED)
       .setLabels(BUCKET_LABELS)
       .setRequesterPays(REQUESTER_PAYS)
+      .setDefaultKmsKeyName(DEFAULT_KMS_KEY_NAME)
       .build();
   private static final BucketInfo BUCKET_INFO =
       BucketInfo.newBuilder("b").setMetageneration(42L).build();
@@ -134,12 +135,12 @@ private void initializeExpectedBucket(int optionsCalls) {
     replay(serviceMockReturnsOptions);
     expectedBucket = new Bucket(serviceMockReturnsOptions, new BucketInfo.BuilderImpl(BUCKET_INFO));
     blobResults = ImmutableList.of(
-        new Blob(serviceMockReturnsOptions,
-            new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n1").build())),
-        new Blob(serviceMockReturnsOptions,
-            new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n2").build())),
-        new Blob(serviceMockReturnsOptions,
-            new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n3").build())));
+            new Blob(serviceMockReturnsOptions,
+                    new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n1").build())),
+            new Blob(serviceMockReturnsOptions,
+                    new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n2").build())),
+            new Blob(serviceMockReturnsOptions,
+                    new BlobInfo.BuilderImpl(BlobInfo.newBuilder("b", "n3").build())));
   }
 
   private void initializeBucket() {
@@ -677,6 +678,7 @@ public void testBuilder() {
         .setVersioningEnabled(VERSIONING_ENABLED)
         .setLabels(BUCKET_LABELS)
         .setRequesterPays(REQUESTER_PAYS)
+        .setDefaultKmsKeyName(DEFAULT_KMS_KEY_NAME)
         .build();
     assertEquals("b", bucket.getName());
     assertEquals(ACLS, bucket.getAcl());
@@ -696,6 +698,7 @@ public void testBuilder() {
     assertEquals(VERSIONING_ENABLED, bucket.versioningEnabled());
     assertEquals(BUCKET_LABELS, bucket.getLabels());
     assertEquals(REQUESTER_PAYS, bucket.requesterPays());
+    assertEquals(DEFAULT_KMS_KEY_NAME, bucket.getDefaultKmsKeyName());
     assertEquals(storage.getOptions(), bucket.getStorage().getOptions());
   }
 }
diff --git a/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java b/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java
@@ -561,6 +561,8 @@ public void testCreateBlobWithEncryptionKey() throws IOException {
     assertEquals(-1, byteStream.read(streamBytes));
   }
 
+  // TODO: Add tests for KMS Key name
+
   @Test
   public void testCreateBlobFromStream() throws IOException {
     Capture<ByteArrayInputStream> capturedStream = Capture.newInstance();
diff --git a/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/branches/kms-integration/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java

Original file line number	Diff line number	Diff line change
`@@ -595,7 +595,8 @@ public Builder setLabels(Map<String, String> labels) {`
`595`	`595`
`596`	`596`	`@Override`
`597`	`597`	`public Builder setDefaultKmsKeyName(String defaultKmsKeyName) {`
`598`		`- this.defaultKmsKeyName = defaultKmsKeyName;`
	`598`	`+ this.defaultKmsKeyName = defaultKmsKeyName != null`
	`599`	`+ ? new String(defaultKmsKeyName) : Data.<String>nullOf(String.class);`
`599`	`600`	`return this;`
`600`	`601`	`}`
`601`	`602`
`@@ -880,9 +881,9 @@ public Rule apply(DeleteRule deleteRule) {`
`880`	`881`	`if (labels != null) {`
`881`	`882`	`bucketPb.setLabels(labels);`
`882`	`883`	`}`
`883`		`- // default kms key name can be null.`
`884`		`- bucketPb.setEncryption(new Encryption().setDefaultKmsKeyName(defaultKmsKeyName));`
`885`		`-`
	`884`	`+ if (defaultKmsKeyName != null) {`
	`885`	`+ bucketPb.setEncryption(new Encryption().setDefaultKmsKeyName(defaultKmsKeyName));`
	`886`	`+ }`
`886`	`887`	`return bucketPb;`
`887`	`888`	`}`
`888`	`889`