Use BlobTargetOption and BlobWriteOption

Frank Natividad · Frank Natividad · commit fa6b526dea64 · 2018-05-08T08:08:22.000-07:00
diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/BlobInfo.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/BlobInfo.java
@@ -273,7 +273,7 @@ public abstract static class Builder {
      * Sets the blob's kmsKeyName.
      */
     @GcpLaunchStage.Beta
-    public abstract Builder setKmsKeyName(String kmsKeyName);
+    abstract Builder setKmsKeyName(String kmsKeyName);
 
     /**
      * Creates a {@code BlobInfo} object.
diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Bucket.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Bucket.java
@@ -187,6 +187,9 @@ private Tuple<BlobInfo, Storage.BlobTargetOption> toTargetOption(BlobInfo blobIn
         case CUSTOMER_SUPPLIED_KEY:
           return Tuple.of(blobInfo,
               Storage.BlobTargetOption.encryptionKey((String) getValue()));
+        case KMS_KEY_NAME:
+          return Tuple.of(blobInfo,
+                  Storage.BlobTargetOption.kmsKeyName((String) getValue()));
         case USER_PROJECT:
           return Tuple.of(blobInfo,
               Storage.BlobTargetOption.userProject((String) getValue()));
@@ -266,6 +269,16 @@ public static BlobTargetOption encryptionKey(String key) {
       return new BlobTargetOption(StorageRpc.Option.CUSTOMER_SUPPLIED_KEY, key);
     }
 
+    /**
+     * Returns an option to set a customer-managed KMS key for server-side encryption of the
+     * blob.
+     *
+     * @param kmsKeyName the KMS key resource id
+     */
+    public static BlobTargetOption kmsKeyName(String kmsKeyName) {
+      return new BlobTargetOption(StorageRpc.Option.KMS_KEY_NAME, kmsKeyName);
+    }
+
     /**
      * Returns an option for blob's billing user project. This option is only used by the buckets with
      * 'requester_pays' flag.
@@ -343,6 +356,9 @@ private Tuple<BlobInfo, Storage.BlobWriteOption> toWriteOption(BlobInfo blobInfo
         case CUSTOMER_SUPPLIED_KEY:
           return Tuple.of(blobInfo,
               Storage.BlobWriteOption.encryptionKey((String) value));
+        case KMS_KEY_NAME:
+          return Tuple.of(blobInfo,
+                  Storage.BlobWriteOption.kmsKeyName((String) value));
         case USER_PROJECT:
           return Tuple.of(blobInfo, Storage.BlobWriteOption.userProject((String) value));
         default:
diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/Storage.java
@@ -19,19 +19,11 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import com.google.api.client.util.Data;
-import com.google.api.core.BetaApi;
 import com.google.api.gax.paging.Page;
 import com.google.auth.ServiceAccountSigner;
 import com.google.auth.ServiceAccountSigner.SigningException;
-import com.google.cloud.FieldSelector;
+import com.google.cloud.*;
 import com.google.cloud.FieldSelector.Helper;
-import com.google.cloud.GcpLaunchStage;
-import com.google.cloud.Policy;
-import com.google.cloud.ReadChannel;
-import com.google.cloud.Service;
-import com.google.cloud.Tuple;
-import com.google.cloud.WriteChannel;
 import com.google.cloud.storage.Acl.Entity;
 import com.google.cloud.storage.spi.v1.StorageRpc;
 import com.google.common.collect.ImmutableList;
@@ -385,6 +377,14 @@ public static BlobTargetOption encryptionKey(String key) {
       return new BlobTargetOption(StorageRpc.Option.CUSTOMER_SUPPLIED_KEY, key);
     }
 
+    /**
+     * Returns an option to set a customer-managed key for server-side encryption of the blob.
+     */
+    @GcpLaunchStage.Beta
+    public static BlobTargetOption kmsKeyName(String kmsKeyName) {
+      return new BlobTargetOption(StorageRpc.Option.KMS_KEY_NAME, kmsKeyName);
+    }
+
     static Tuple<BlobInfo, BlobTargetOption[]> convert(BlobInfo info, BlobWriteOption... options) {
       BlobInfo.Builder infoBuilder = info.toBuilder().setCrc32c(null).setMd5(null);
       List<BlobTargetOption> targetOptions = Lists.newArrayListWithCapacity(options.length);
@@ -418,7 +418,7 @@ class BlobWriteOption implements Serializable {
 
     enum Option {
       PREDEFINED_ACL, IF_GENERATION_MATCH, IF_GENERATION_NOT_MATCH, IF_METAGENERATION_MATCH,
-      IF_METAGENERATION_NOT_MATCH, IF_MD5_MATCH, IF_CRC32C_MATCH, CUSTOMER_SUPPLIED_KEY, USER_PROJECT;
+      IF_METAGENERATION_NOT_MATCH, IF_MD5_MATCH, IF_CRC32C_MATCH, CUSTOMER_SUPPLIED_KEY, KMS_KEY_NAME, USER_PROJECT;
 
       StorageRpc.Option toRpcOption() {
         return StorageRpc.Option.valueOf(this.name());
@@ -536,6 +536,17 @@ public static BlobWriteOption encryptionKey(String key) {
       return new BlobWriteOption(Option.CUSTOMER_SUPPLIED_KEY, key);
     }
 
+    /**
+     * Returns an option to set a customer-managed KMS key for server-side encryption of the
+     * blob.
+     *
+     * @param kmsKeyName the KMS key resource id
+     */
+    @GcpLaunchStage.Beta
+    public static BlobWriteOption kmsKeyName(String kmsKeyName) {
+      return new BlobWriteOption(Option.KMS_KEY_NAME, kmsKeyName);
+    }
+
     /**
      * Returns an option for blob's billing user project. This option is only used by the buckets with
      * 'requester_pays' flag.
diff --git a/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java b/google-cloud-storage/src/main/java/com/google/cloud/storage/spi/v1/HttpStorageRpc.java
@@ -286,6 +286,7 @@ public StorageObject create(StorageObject storageObject, final InputStream conte
           .setIfGenerationMatch(Option.IF_GENERATION_MATCH.getLong(options))
           .setIfGenerationNotMatch(Option.IF_GENERATION_NOT_MATCH.getLong(options))
           .setUserProject(Option.USER_PROJECT.getString(options))
+          .setKmsKeyName(Option.KMS_KEY_NAME.getString(options))
           .execute();
     } catch (IOException ex) {
       span.setStatus(Status.UNKNOWN.withDescription(ex.getMessage()));
@@ -790,7 +791,7 @@ private RewriteResponse rewrite(RewriteRequest req, String token) {
       if (userProject == null) {
         userProject = Option.USER_PROJECT.getString(req.targetOptions);
       }
-      String kmsKeyName = req.target.getKmsKeyName();
+      String kmsKeyName = Option.KMS_KEY_NAME.getString(req.targetOptions);
 
       Long maxBytesRewrittenPerCall = req.megabytesRewrittenPerCall != null
           ? req.megabytesRewrittenPerCall * MEGABYTE : null;
diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/BlobTest.java
@@ -91,6 +91,7 @@ public class BlobTest {
   private static final String KEY_SHA256 = "keySha";
   private static final BlobInfo.CustomerEncryption CUSTOMER_ENCRYPTION =
       new BlobInfo.CustomerEncryption(ENCRYPTION_ALGORITHM, KEY_SHA256);
+  private static final String KMS_KEY_NAME = "projects/p/locations/kr-loc/keyRings/kr/cryptoKeys/key";
   private static final BlobInfo FULL_BLOB_INFO = BlobInfo.newBuilder("b", "n", GENERATION)
       .setAcl(ACLS)
       .setComponentCount(COMPONENT_COUNT)
@@ -113,6 +114,7 @@ public class BlobTest {
       .setUpdateTime(UPDATE_TIME)
       .setCreateTime(CREATE_TIME)
       .setCustomerEncryption(CUSTOMER_ENCRYPTION)
+      .setKmsKeyName(KMS_KEY_NAME)
       .build();
   private static final BlobInfo BLOB_INFO = BlobInfo.newBuilder("b", "n")
       .setMetageneration(42L)
@@ -457,6 +459,7 @@ public void testBuilder() {
         .setCrc32c(CRC32)
         .setCreateTime(CREATE_TIME)
         .setCustomerEncryption(CUSTOMER_ENCRYPTION)
+        .setKmsKeyName(KMS_KEY_NAME)
         .setDeleteTime(DELETE_TIME)
         .setEtag(ETAG)
         .setGeneratedId(GENERATED_ID)
@@ -511,6 +514,7 @@ public void testBuilder() {
     assertNull(blob.getCrc32c());
     assertNull(blob.getCreateTime());
     assertNull(blob.getCustomerEncryption());
+    assertNull(blob.getKmsKeyName());
     assertNull(blob.getDeleteTime());
     assertNull(blob.getEtag());
     assertNull(blob.getGeneratedId());
diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/StorageImplTest.java
@@ -102,6 +102,8 @@ public class StorageImplTest {
   private static final String BASE64_KEY = "JVzfVl8NLD9FjedFuStegjRfES5ll5zc59CIXw572OA=";
   private static final Key KEY =
       new SecretKeySpec(BaseEncoding.base64().decode(BASE64_KEY), "AES256");
+  private static final String KMS_KEY_NAME =
+      "projects/gcloud-devel/locations/us/keyRings/gcs_kms_key_ring_us/cryptoKeys/key";
 
   // BucketInfo objects
   private static final BucketInfo BUCKET_INFO1 =
@@ -245,6 +247,9 @@ public class StorageImplTest {
   private static final Map<StorageRpc.Option, ?> ENCRYPTION_KEY_OPTIONS =
       ImmutableMap.of(StorageRpc.Option.CUSTOMER_SUPPLIED_KEY, BASE64_KEY);
 
+  // Customer managed encryption key options
+  private static final Map<StorageRpc.Option, ?> KMS_KEY_NAME_OPTIONS =
+      ImmutableMap.of(StorageRpc.Option.KMS_KEY_NAME, KMS_KEY_NAME);
   // IAM policies
   private static final String POLICY_ETAG1 = "CAE=";
   private static final String POLICY_ETAG2 = "CAI=";
diff --git a/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java b/google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java
@@ -239,12 +239,13 @@ public void testCreateBlobWithEncryptionKey() {
   @Test
   public void testCreateBlobWithKmsKeyName() {
     String blobName = "test-create-with-kms-key-name-blob";
-    BlobInfo blob = BlobInfo.newBuilder(BUCKET, blobName).setKmsKeyName(KMS_KEY_NAME_1).build();
-    Blob remoteBlob = storage.create(blob, BLOB_BYTE_CONTENT);
+    BlobInfo blob = BlobInfo.newBuilder(BUCKET, blobName).build();
+    Blob remoteBlob = storage.create(blob, BLOB_BYTE_CONTENT, Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1));
     assertNotNull(remoteBlob);
     assertEquals(blob.getBucket(), remoteBlob.getBucket());
     assertEquals(blob.getName(), remoteBlob.getName());
-    assertTrue(remoteBlob.getKmsKeyName().startsWith(blob.getKmsKeyName()));
+    assertNotNull(remoteBlob.getKmsKeyName());
+    assertTrue(remoteBlob.getKmsKeyName().startsWith(KMS_KEY_NAME_1));
     byte[] readBytes = storage.readAllBytes(BUCKET, blobName);
     assertArrayEquals(BLOB_BYTE_CONTENT, readBytes);
   }
@@ -253,8 +254,9 @@ public void testCreateBlobWithKmsKeyName() {
   public void testCreateBlobWithKmsKeyNameAndCustomerSuppliedKey() {
     try {
       String blobName = "test-create-with-kms-key-name-blob";
-      BlobInfo blob = BlobInfo.newBuilder(BUCKET, blobName).setKmsKeyName(KMS_KEY_NAME_1).build();
-      storage.create(blob, BLOB_BYTE_CONTENT, Storage.BlobTargetOption.encryptionKey(KEY));
+      BlobInfo blob = BlobInfo.newBuilder(BUCKET, blobName).build();
+      storage.create(blob, BLOB_BYTE_CONTENT, Storage.BlobTargetOption.encryptionKey(KEY),
+              Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1));
       fail("StorageException was expected"); // can't supply both.
     } catch (StorageException ex) {
       // expected
@@ -367,6 +369,20 @@ public void testGetBlobSelectedFields() {
     assertNull(remoteBlob.getContentType());
   }
 
+  @Test
+  public void testGetBlobKmsKeyNameField() {
+    String blobName = "test-get-selected-kms-key-name-field-blob";
+    BlobInfo blob = BlobInfo.newBuilder(BUCKET, blobName)
+            .setContentType(CONTENT_TYPE)
+            .build();
+    assertNotNull(storage.create(blob, Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1)));
+    Blob remoteBlob = storage.get(blob.getBlobId(), Storage.BlobGetOption.fields(
+            BlobField.KMS_KEY_NAME));
+    assertEquals(blob.getBlobId(), remoteBlob.getBlobId());
+    assertTrue(remoteBlob.getKmsKeyName().startsWith(KMS_KEY_NAME_1));
+    assertNull(remoteBlob.getContentType());
+  }
+
   @Test
   public void testGetBlobAllSelectedFields() {
     String blobName = "test-get-all-selected-fields-blob";
@@ -459,14 +475,12 @@ public void testListBlobsKmsKeySelectedFields() throws InterruptedException {
             "test-list-blobs-selected-field-kms-key-name-blob2"};
     BlobInfo blob1 = BlobInfo.newBuilder(BUCKET, blobNames[0])
             .setContentType(CONTENT_TYPE)
-            .setKmsKeyName(KMS_KEY_NAME_1)
             .build();
     BlobInfo blob2 = BlobInfo.newBuilder(BUCKET, blobNames[1])
             .setContentType(CONTENT_TYPE)
-            .setKmsKeyName(KMS_KEY_NAME_1)
             .build();
-    Blob remoteBlob1 = storage.create(blob1);
-    Blob remoteBlob2 = storage.create(blob2);
+    Blob remoteBlob1 = storage.create(blob1, Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1));
+    Blob remoteBlob2 = storage.create(blob2, Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1));
     assertNotNull(remoteBlob1);
     assertNotNull(remoteBlob2);
     Page<Blob> page = storage.list(BUCKET,
@@ -936,12 +950,11 @@ public void testRotateFromCustomerEncryptionToKmsKey() {
     BlobInfo target = BlobInfo.newBuilder(BUCKET, targetBlobName)
             .setContentType(CONTENT_TYPE)
             .setMetadata(metadata)
-            .setKmsKeyName(KMS_KEY_NAME_1)
             .build();
     Storage.CopyRequest req = Storage.CopyRequest.newBuilder()
             .setSource(source)
             .setSourceOptions(Storage.BlobSourceOption.decryptionKey(BASE64_KEY))
-            .setTarget(target)
+            .setTarget(target, Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1))
             .build();
     CopyWriter copyWriter = storage.copy(req);
     assertEquals(BUCKET, copyWriter.getResult().getBucket());
@@ -967,13 +980,13 @@ public void testRotateFromCustomerEncryptionToKmsKeyWithCustomerEncrytion() {
     BlobInfo target = BlobInfo.newBuilder(BUCKET, targetBlobName)
             .setContentType(CONTENT_TYPE)
             .setMetadata(metadata)
-            .setKmsKeyName(KMS_KEY_NAME_1)
             .build();
     try {
       Storage.CopyRequest req = Storage.CopyRequest.newBuilder()
               .setSource(source)
               .setSourceOptions(Storage.BlobSourceOption.decryptionKey(BASE64_KEY))
-              .setTarget(target, Storage.BlobTargetOption.encryptionKey(KEY))
+              .setTarget(target, Storage.BlobTargetOption.encryptionKey(KEY),
+                      Storage.BlobTargetOption.kmsKeyName(KMS_KEY_NAME_1))
               .build();
       storage.copy(req);
       fail("StorageException was expected");
@@ -982,7 +995,6 @@ public void testRotateFromCustomerEncryptionToKmsKeyWithCustomerEncrytion() {
     }
   }
 
-
   @Test
   public void testCopyBlobUpdateMetadata() {
     String sourceBlobName = "test-copy-blob-update-metadata-source";
@@ -1847,6 +1859,29 @@ public void testListBucketRequesterPaysFails() throws InterruptedException {
     }
   }
 
+  @Test
+  public void testListBucketDefaultKmsKeyName() throws InterruptedException {
+    Bucket remoteBucket = storage.get(BUCKET, Storage.BucketGetOption.fields(BucketField.ENCRYPTION));
+    assertNull(remoteBucket.getDefaultKmsKeyName());
+    remoteBucket = remoteBucket.toBuilder().setDefaultKmsKeyName(KMS_KEY_NAME_1).build().update();
+    assertTrue(remoteBucket.getDefaultKmsKeyName().startsWith(KMS_KEY_NAME_1));
+    Iterator<Bucket> bucketIterator = storage.list(Storage.BucketListOption.prefix(BUCKET),
+            Storage.BucketListOption.fields(BucketField.ENCRYPTION)).iterateAll().iterator();
+    while (!bucketIterator.hasNext()) {
+      Thread.sleep(500);
+      bucketIterator = storage.list(Storage.BucketListOption.prefix(BUCKET),
+              Storage.BucketListOption.fields(BucketField.ENCRYPTION)).iterateAll().iterator();
+    }
+    while (bucketIterator.hasNext()) {
+      Bucket bucket = bucketIterator.next();
+      assertTrue(bucket.getName().startsWith(BUCKET));
+      assertNotNull(bucket.getDefaultKmsKeyName());
+      assertTrue(bucket.getDefaultKmsKeyName().startsWith(KMS_KEY_NAME_1));
+      assertNull(bucket.getCreateTime());
+      assertNull(bucket.getSelfLink());
+    }
+  }
+
   @Test
   public void testGetServiceAccount() throws InterruptedException {
     String projectId = remoteStorageHelper.getOptions().getProjectId();
