Skip to content

Commit

Permalink
Merge pull request #2638 from yuwenma/mockkms
Browse files Browse the repository at this point in the history 
chore: improve fidelity of MockKMS
  • Loading branch information
@google-oss-prow
google-oss-prow[bot] authored Sep 10, 2024
2 parents f1b4df5 + 7218b08 commit 1a6cc70
Show file tree
Hide file tree
Showing 8 changed files with 238 additions and 33 deletions.
37 changes: 31 additions & 6 deletions mockgcp/mockkms/cryptokey.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,17 +71,42 @@ func (r *kmsServer) CreateCryptoKey(ctx context.Context, req *pb.CreateCryptoKey

r.populateDefaultsForCryptoKey(name, obj)

if err := r.storage.Create(ctx, fqn, obj); err != nil {
return nil, err
}

if !req.SkipInitialVersionCreation {
var primary *pb.CryptoKeyVersion

if obj.VersionTemplate != nil {
primary = &pb.CryptoKeyVersion{
Algorithm: obj.VersionTemplate.Algorithm,
ProtectionLevel: obj.VersionTemplate.ProtectionLevel,
}
} else if req.GetCryptoKey().Purpose == pb.CryptoKey_ENCRYPT_DECRYPT {
// Set default
primary = &pb.CryptoKeyVersion{
Algorithm: pb.CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION,
ProtectionLevel: pb.ProtectionLevel_SOFTWARE,
}
} else {
primary = &pb.CryptoKeyVersion{
// Algorithm is required
Algorithm: obj.VersionTemplate.Algorithm,
}
}
createVersionReq := &pb.CreateCryptoKeyVersionRequest{
Parent: fqn,
Parent: fqn,
CryptoKeyVersion: primary,
}
if _, err := r.CreateCryptoKeyVersion(ctx, createVersionReq); err != nil {
createdVersion, err := r.CreateCryptoKeyVersion(ctx, createVersionReq)
if err != nil {
return nil, err
}
obj.Primary = createdVersion
obj.VersionTemplate = &pb.CryptoKeyVersionTemplate{
Algorithm: createdVersion.Algorithm,
ProtectionLevel: createdVersion.ProtectionLevel,
}
}
if err := r.storage.Create(ctx, fqn, obj); err != nil {
return nil, err
}

return obj, nil
Expand Down
10 changes: 3 additions & 7 deletions mockgcp/mockkms/cryptokeyversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,17 +123,13 @@ func (r *kmsServer) CreateCryptoKeyVersion(ctx context.Context, req *pb.CreateCr
now := time.Now()

var obj *pb.CryptoKeyVersion
if req.GetCryptoKeyVersion() == nil {
obj = &pb.CryptoKeyVersion{}
} else {
obj = proto.Clone(req.GetCryptoKeyVersion()).(*pb.CryptoKeyVersion)
}
obj = proto.Clone(req.GetCryptoKeyVersion()).(*pb.CryptoKeyVersion)
obj.Name = fqn
obj.CreateTime = timestamppb.New(now)
obj.GenerateTime = timestamppb.New(now)
obj.ProtectionLevel = pb.ProtectionLevel_SOFTWARE
obj.State = pb.CryptoKeyVersion_ENABLED
obj.Algorithm = pb.CryptoKeyVersion_EC_SIGN_P384_SHA384
obj.Algorithm = req.CryptoKeyVersion.GetAlgorithm()
obj.ProtectionLevel = req.CryptoKeyVersion.GetProtectionLevel()

if err := r.storage.Create(ctx, fqn, obj); err != nil {
return nil, err
Expand Down
46 changes: 41 additions & 5 deletions ...esourcefixture/testdata/basic/alloydb/v1beta1/alloydbcluster/fullalloydbcluster/_http.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,7 +275,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -304,7 +316,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -820,7 +844,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand All @@ -842,7 +878,7 @@ X-Xss-Protection: 0
{
"cryptoKeyVersions": [
{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
Expand Down Expand Up @@ -873,7 +909,7 @@ X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"destroyTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
Expand Down
24 changes: 24 additions & 0 deletions pkg/test/resourcefixture/testdata/basic/container/v1beta1/containercluster/_http.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,14 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"primary": {
"algorithm": "EC_SIGN_P384_SHA384",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ASYMMETRIC_SIGN",
"versionTemplate": {
"algorithm": "EC_SIGN_P384_SHA384",
Expand Down Expand Up @@ -524,6 +532,14 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"primary": {
"algorithm": "EC_SIGN_P384_SHA384",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ASYMMETRIC_SIGN",
"versionTemplate": {
"algorithm": "EC_SIGN_P384_SHA384",
Expand Down Expand Up @@ -1301,6 +1317,14 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"primary": {
"algorithm": "EC_SIGN_P384_SHA384",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ASYMMETRIC_SIGN",
"versionTemplate": {
"algorithm": "EC_SIGN_P384_SHA384",
Expand Down
16 changes: 16 additions & 0 deletions pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_http.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,14 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"primary": {
"algorithm": "EC_SIGN_P384_SHA384",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ASYMMETRIC_SIGN",
"versionTemplate": {
"algorithm": "EC_SIGN_P384_SHA384",
Expand Down Expand Up @@ -162,6 +170,14 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"primary": {
"algorithm": "EC_SIGN_P384_SHA384",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ASYMMETRIC_SIGN",
"versionTemplate": {
"algorithm": "EC_SIGN_P384_SHA384",
Expand Down
46 changes: 41 additions & 5 deletions ...esourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstance-encryptionkey/_http.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -443,7 +455,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -1982,7 +2006,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand All @@ -2004,7 +2040,7 @@ X-Xss-Protection: 0
{
"cryptoKeyVersions": [
{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
Expand Down Expand Up @@ -2035,7 +2071,7 @@ X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"destroyTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
Expand Down
46 changes: 41 additions & 5 deletions ...re/testdata/basic/vertexai/v1beta1/vertexaidataset/vertexaidatasetencryptionkey/_http.log
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,7 +415,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -443,7 +455,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand Down Expand Up @@ -757,7 +781,19 @@ X-Xss-Protection: 0
"managed-by-cnrm": "true"
},
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}",
"purpose": "ENCRYPT_DECRYPT"
"primary": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
"protectionLevel": "SOFTWARE",
"state": "ENABLED"
},
"purpose": "ENCRYPT_DECRYPT",
"versionTemplate": {
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"protectionLevel": "SOFTWARE"
}
}

---
Expand All @@ -779,7 +815,7 @@ X-Xss-Protection: 0
{
"cryptoKeyVersions": [
{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
"name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1",
Expand Down Expand Up @@ -810,7 +846,7 @@ X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 0

{
"algorithm": "EC_SIGN_P384_SHA384",
"algorithm": "GOOGLE_SYMMETRIC_ENCRYPTION",
"createTime": "2024-04-01T12:34:56.123456Z",
"destroyTime": "2024-04-01T12:34:56.123456Z",
"generateTime": "2024-04-01T12:34:56.123456Z",
Expand Down
Loading

0 comments on commit 1a6cc70

Please sign in to comment.