GCS w/ KMS Samples (#3323)

kurtisvg · web-flow · commit 15d98613fdf5 · 2018-06-04T15:08:27.000-07:00
* Add samples for 'storage_upload_with_kms_key' and 'storage_set_bucket_default_kms_key'.

* Remove accidental newline.

* Remove use of deprecated infoStream create.

* Address feedback.

* Fix test method name.

* Additional feedback.

* Fix testBlobAcl test.

* AssertEquals instead of assertTrue.

* Update formating.
diff --git a/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java b/google-cloud-examples/src/main/java/com/google/cloud/examples/storage/snippets/StorageSnippets.java
@@ -168,17 +168,41 @@ public Blob createBlobFromInputStream(String bucketName, String blobName) {
   // [VARIABLE "my_encryption_key"]
   public Blob createEncryptedBlob(String bucketName, String blobName, String encryptionKey) {
     // [START storageUploadEncryptedFile]
-    InputStream content = new ByteArrayInputStream("Hello, World!".getBytes(UTF_8));
+    byte[] data = "Hello, World!".getBytes(UTF_8);
 
     BlobId blobId = BlobId.of(bucketName, blobName);
     BlobInfo blobInfo = BlobInfo.newBuilder(blobId)
         .setContentType("text/plain")
         .build();
-    Blob blob = storage.create(blobInfo, content, BlobWriteOption.encryptionKey(encryptionKey));
+    Blob blob = storage.create(blobInfo, data, BlobTargetOption.encryptionKey(encryptionKey));
     // [END storageUploadEncryptedFile]
     return blob;
   }
 
+  /**
+   * Example of uploading a blob encrypted service side with a Cloud KMS key.
+   */
+  public Blob createKmsEncrpytedBlob(String bucketName, String blobName, String kmsKeyName) {
+    // [START storage_upload_with_kms_key]
+    byte[] data = "Hello, World!".getBytes(UTF_8);
+
+    // The name of the existing bucket to set a default KMS key for, e.g. "my-bucket"
+    // String bucketName = "my-bucket"
+
+    // The name of the KMS-key to use as a default
+    // Key names are provided in the following format:
+    // 'projects/<PROJECT>/locations/<LOCATION>/keyRings/<RING_NAME>/cryptoKeys/<KEY_NAME>'
+    // String kmsKeyName = ""
+
+    BlobId blobId = BlobId.of(bucketName, blobName);
+    BlobInfo blobInfo = BlobInfo.newBuilder(blobId)
+        .setContentType("text/plain")
+        .build();
+    Blob blob = storage.create(blobInfo, data, BlobTargetOption.kmsKeyName(kmsKeyName));
+    // [END storage_upload_with_kms_key]
+    return blob;
+  }
+
   /**
    * Example of getting information on a bucket, only if its metageneration matches a value,
    * otherwise a {@link StorageException} is thrown.
@@ -1137,4 +1161,31 @@ public void downloadFileUsingRequesterPays(String projectId, String bucketName,
     blob.downloadTo(destFilePath, Blob.BlobSourceOption.userProject(projectId));
     // [END storage_download_file_requester_pays]
   }
+
+  /**
+   * Example of setting a default KMS key on a bucket.
+   */
+  public Bucket setDefaultKmsKey(String bucketName, String kmsKeyName) throws StorageException {
+    // [START storage_set_bucket_default_kms_key]
+    // Instantiate a Google Cloud Storage client
+    Storage storage = StorageOptions.getDefaultInstance().getService();
+
+    // The name of the existing bucket to set a default KMS key for, e.g. "my-bucket"
+    // String bucketName = "my-bucket"
+
+    // The name of the KMS-key to use as a default
+    // Key names are provided in the following format:
+    // 'projects/<PROJECT>/locations/<LOCATION>/keyRings/<RING_NAME>/cryptoKeys/<KEY_NAME>'
+    // String kmsKeyName = ""
+
+    BucketInfo bucketInfo = BucketInfo.newBuilder(bucketName)
+        .setDefaultKmsKeyName(kmsKeyName)
+        .build();
+
+    Bucket bucket = storage.update(bucketInfo);
+
+    System.out.println("Default KMS Key Name: " + bucket.getDefaultKmsKeyName());
+    // [END storage_set_bucket_default_kms_key]
+    return bucket;
+  }
 }
diff --git a/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java b/google-cloud-examples/src/test/java/com/google/cloud/examples/storage/snippets/ITStorageSnippets.java
@@ -72,6 +72,9 @@ public class ITStorageSnippets {
   private static final String USER_EMAIL = "google-cloud-java-tests@"
       + "java-docs-samples-tests.iam.gserviceaccount.com";
 
+  private static final String KMS_KEY_NAME = "projects/gcloud-devel/locations/us/"
+      + "keyRings/gcs_kms_key_ring_us/cryptoKeys/key";
+
   private static Storage storage;
   private static StorageSnippets storageSnippets;
   private static List<String> bucketsToCleanUp;
@@ -178,6 +181,13 @@ public void testCreateUpdateEncryptedBlob() throws InterruptedException {
     assertEquals("text/plain", blob.getContentType());
   }
 
+  @Test
+  public void testCreateKMSEncryptedBlob() {
+    String blobName = "kms-encrypted-blob";
+    Blob blob = storageSnippets.createKmsEncrpytedBlob(BUCKET, blobName, KMS_KEY_NAME);
+    assertNotNull(blob);
+  }
+
   @Test
   public void testCreateCopyAndGetBlob() {
     String blobName = "test-create-copy-get-blob";
@@ -383,22 +393,22 @@ public void testBlobAcl() {
     assertNull(storageSnippets.getBlobAcl(BUCKET, blobName, createdBlob.getGeneration()));
     // test non-existing blob
     String nonExistingBlob = "test-blob-acl";
-    assertNull(storageSnippets.getBlobAcl(BUCKET, nonExistingBlob, -1L));
-    assertFalse(storageSnippets.deleteBlobAcl(BUCKET, nonExistingBlob, -1L));
+    assertNull(storageSnippets.getBlobAcl(BUCKET, nonExistingBlob, 1L));
+    assertFalse(storageSnippets.deleteBlobAcl(BUCKET, nonExistingBlob, 1L));
     try {
-      storageSnippets.createBlobAcl(BUCKET, nonExistingBlob, -1L);
+      storageSnippets.createBlobAcl(BUCKET, nonExistingBlob, 1L);
       fail("Expected StorageException");
     } catch (StorageException ex) {
       // expected
     }
     try {
-      storageSnippets.updateBlobAcl(BUCKET, nonExistingBlob, -1L);
+      storageSnippets.updateBlobAcl(BUCKET, nonExistingBlob, 1L);
       fail("Expected StorageException");
     } catch (StorageException ex) {
       // expected
     }
     try {
-      storageSnippets.listBlobAcls(BUCKET, nonExistingBlob, -1L);
+      storageSnippets.listBlobAcls(BUCKET, nonExistingBlob, 1L);
       fail("Expected StorageException");
     } catch (StorageException ex) {
       // expected
@@ -429,4 +439,12 @@ public void testRequesterPays() throws Exception {
     bucket = storageSnippets.disableRequesterPays(BUCKET);
     assertFalse(bucket.requesterPays());
   }
+
+  @Test
+  public void testDefaultKMSKey(){
+    Bucket bucket = storageSnippets.setDefaultKmsKey(BUCKET, KMS_KEY_NAME);
+    assertEquals(KMS_KEY_NAME, bucket.getDefaultKmsKeyName());
+    // Remove default key
+    storageSnippets.setDefaultKmsKey(BUCKET,null);
+  }
 }
