From dd9b216c19b82ea3d8e1dac53cab2059879d8054 Mon Sep 17 00:00:00 2001 From: justinsb Date: Sun, 21 Apr 2024 12:53:15 -0400 Subject: [PATCH] mockgcp: Initial support for KMSKeyRing --- go.work.sum | 17 --- mockgcp/mockkms/cryptokey.go | 33 ++-- mockgcp/mockkms/cryptokeyversion.go | 142 ++++++++++++------ mockgcp/mockkms/keyring.go | 14 +- mockgcp/mockkms/utils.go | 22 +++ .../fullalloydbcluster/_http.log | 44 ++++++ .../v1beta1/containercluster/_http.log | 44 ++++++ ..._generated_object_kmscryptokey.golden.yaml | 1 + .../basic/kms/v1beta1/kmscryptokey/_http.log | 43 ++++++ .../sqlinstanceencryptionkey/_http.log | 44 ++++++ .../vertexaidatasetencryptionkey/_http.log | 44 ++++++ .../vertexaiendpointencryptionkey/_http.log | 44 ++++++ tests/e2e/unified_test.go | 1 + 13 files changed, 409 insertions(+), 84 deletions(-) create mode 100644 mockgcp/mockkms/utils.go diff --git a/go.work.sum b/go.work.sum index 36640bba93..081b4443e3 100644 --- a/go.work.sum +++ b/go.work.sum @@ -23,10 +23,8 @@ cloud.google.com/go/asset v1.19.3/go.mod h1:1j8NNcHsbSE/KeHMZrizPIS6c8nm0WjEAPoF cloud.google.com/go/asset v1.19.5/go.mod h1:sqyLOYaLLfc4ACcn3YxqHno+J7lRt9NJTdO50zCUcY0= cloud.google.com/go/assuredworkloads v1.11.9/go.mod h1:uZ6+WHiT4iGn1iM1wk5njKnKJWiM3v/aYhDoCoHxs1w= cloud.google.com/go/assuredworkloads v1.11.11/go.mod h1:vaYs6+MHqJvLKYgZBOsuuOhBgNNIguhRU0Kt7JTGcnI= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw= cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/automl v1.13.9/go.mod h1:KECCWW2AFsRuEVxUJEIXxcm3yPLf1rxS+qsBamyacMc= cloud.google.com/go/automl v1.13.11/go.mod h1:oMJdXRDOVC+Eq3PnGhhxSut5Hm9TSyVx1aLEOgerOw8= @@ -55,7 +53,6 @@ cloud.google.com/go/cloudtasks v1.12.12/go.mod h1:8UmM+duMrQpzzRREo0i3x3TrFjsgI/ cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= cloud.google.com/go/contactcenterinsights v1.13.4/go.mod h1:6OWSyQxeaQRxhkyMhtE+RFOOlsMcKOTukv8nnjxbNCQ= cloud.google.com/go/contactcenterinsights v1.13.6/go.mod h1:mL+DbN3pMQGaAbDC4wZhryLciwSwHf5Tfk4Itr72Zyk= @@ -116,7 +113,6 @@ cloud.google.com/go/gkemulticloud v1.2.4/go.mod h1:PjTtoKLQpIRztrL+eKQw8030/S4c7 cloud.google.com/go/grafeas v0.3.6/go.mod h1:to6ECAPgRO2xeqD8ISXHc70nObJuaKZThreQOjeOH3o= cloud.google.com/go/gsuiteaddons v1.6.9/go.mod h1:qITZZoLzQhMQ6Re+izKEvz4C+M1AP13S+XuEpS26824= cloud.google.com/go/gsuiteaddons v1.6.11/go.mod h1:U7mk5PLBzDpHhgHv5aJkuvLp9RQzZFpa8hgWAB+xVIk= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= cloud.google.com/go/iap v1.9.8/go.mod h1:jQzSbtpYRbBoMdOINr/OqUxBY9rhyqLx04utTCmJ6oo= cloud.google.com/go/iap v1.9.10/go.mod h1:pO0FEirrhMOT1H0WVwpD5dD9r3oBhvsunyBQtNXzzc0= cloud.google.com/go/ids v1.4.9/go.mod h1:1pL+mhlvtUNphwBSK91yO8NoTVQYwOpqim1anIVBwbM= @@ -198,7 +194,6 @@ cloud.google.com/go/spanner v1.65.0/go.mod h1:dQGB+w5a67gtyE3qSKPPxzniedrnAmV6te cloud.google.com/go/speech v1.23.3/go.mod h1:u7tK/jxhzRZwZ5Nujhau7iLI3+VfJKYhpoZTjU7hRsE= cloud.google.com/go/speech v1.24.0/go.mod h1:HcVyIh5jRXM5zDMcbFCW+DF2uK/MSGN6Rastt6bj1ic= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= -cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80= cloud.google.com/go/storagetransfer v1.10.8/go.mod h1:fEGWYffkV9OYOKms8nxyJWIZA7iEWPl2Mybk6bpQnEk= cloud.google.com/go/storagetransfer v1.10.10/go.mod h1:8+nX+WgQ2ZJJnK8e+RbK/zCXk8T7HdwyQAJeY7cEcm0= cloud.google.com/go/talent v1.6.10/go.mod h1:q2/qIb2Eb2svmeBfkCGIia/NGmkcScdyYSyNNOgFRLI= @@ -250,7 +245,6 @@ github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmf github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd/v22 v22.4.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbpBpLoyyu8B6e44T7hJy6potg= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/daviddengcn/go-colortext v1.0.0/go.mod h1:zDqEI5NVUop5QPpVJUxE9UO10hRnmkD5G4Pmri9+m4c= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -265,11 +259,9 @@ github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXE github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= @@ -288,9 +280,7 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/googleapis/cloud-bigtable-clients-test v0.0.0-20230505150253-16eeee810d3a/go.mod h1:2n/InOx7Q1jaqXZJ0poJmsZxb6K+OfHEbhA/+LPJrII= github.com/googleapis/cloud-bigtable-clients-test v0.0.2/go.mod h1:mk3CrkrouRgtnhID6UZQDK3DrFFa7cYCAJcEmNsHYrY= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= @@ -413,7 +403,6 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= @@ -422,9 +411,7 @@ golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4 golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -443,7 +430,6 @@ golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= @@ -480,7 +466,6 @@ google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go. google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= google.golang.org/genproto/googleapis/bytestream v0.0.0-20240722135656-d784300faade/go.mod h1:5/MT647Cn/GGhwTpXC7QqcaR5Cnee4v4MKCU1/nwnIQ= google.golang.org/genproto/googleapis/bytestream v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:5/MT647Cn/GGhwTpXC7QqcaR5Cnee4v4MKCU1/nwnIQ= @@ -505,7 +490,6 @@ google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0/go.mod h1:DNq5QpG7LJqD2AamLZ7zvKE0DEpVl2BSEVjFycAAjRY= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= @@ -524,7 +508,6 @@ k8s.io/code-generator v0.27.9/go.mod h1:NEx95JBRos8MSki+CuSoiEyKk6yv1rC4z/eY8DCZ k8s.io/component-base v0.23.0/go.mod h1:DHH5uiFvLC1edCpvcTDV++NKULdYYU6pR9Tt3HIKMKI= k8s.io/component-base v0.27.2/go.mod h1:5UPk7EjfgrfgRIuDBFtsEFAe4DAvP3U+M8RTzoSJkpo= k8s.io/component-helpers v0.26.3/go.mod h1:feC+CaxJXULs5TSD3lG8K5ecftOkF8eY0pHQgd7koEI= -k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= diff --git a/mockgcp/mockkms/cryptokey.go b/mockgcp/mockkms/cryptokey.go index 8c1580216d..3dbe6f8ce3 100644 --- a/mockgcp/mockkms/cryptokey.go +++ b/mockgcp/mockkms/cryptokey.go @@ -29,9 +29,9 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/timestamppb" - "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/common/projects" pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1" ) @@ -75,22 +75,31 @@ func (r *kmsServer) CreateCryptoKey(ctx context.Context, req *pb.CreateCryptoKey return nil, err } + if !req.SkipInitialVersionCreation { + createVersionReq := &pb.CreateCryptoKeyVersionRequest{ + Parent: fqn, + } + if _, err := r.CreateCryptoKeyVersion(ctx, createVersionReq); err != nil { + return nil, err + } + } + return obj, nil } func (r *kmsServer) populateDefaultsForCryptoKey(name *CryptoKeyName, obj *pb.CryptoKey) { - + if obj.DestroyScheduledDuration == nil { + obj.DestroyScheduledDuration = durationpb.New(time.Hour * 24 * 30) + } } type CryptoKeyName struct { - Project *projects.ProjectData - Location string - KeyRing string - Name string + KeyRingName + CryptoKeyID string } func (n *CryptoKeyName) String() string { - return "projects/" + n.Project.ID + "/locations/" + n.Location + "/keyRings/" + n.KeyRing + "/cryptoKeys/" + n.Name + return n.KeyRingName.String() + "/cryptoKeys/" + n.CryptoKeyID } // parseCryptoKeyName parses a string into an CryptoKeyName. @@ -98,17 +107,15 @@ func (n *CryptoKeyName) String() string { func (r *kmsServer) parseCryptoKeyName(name string) (*CryptoKeyName, error) { tokens := strings.Split(name, "/") - if len(tokens) == 8 && tokens[0] == "projects" && tokens[2] == "locations" && tokens[4] == "keyRings" && tokens[6] == "cryptoKeys" { - project, err := r.Projects.GetProjectByID(tokens[1]) + if len(tokens) == 8 && tokens[6] == "cryptoKeys" { + keyRingName, err := r.parseKeyRingName(strings.Join(tokens[0:6], "/")) if err != nil { return nil, err } name := &CryptoKeyName{ - Project: project, - Location: tokens[3], - KeyRing: tokens[5], - Name: tokens[7], + KeyRingName: *keyRingName, + CryptoKeyID: tokens[7], } return name, nil diff --git a/mockgcp/mockkms/cryptokeyversion.go b/mockgcp/mockkms/cryptokeyversion.go index 91ef9d6d33..598a9c6c83 100644 --- a/mockgcp/mockkms/cryptokeyversion.go +++ b/mockgcp/mockkms/cryptokeyversion.go @@ -30,6 +30,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/timestamppb" pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1" "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/pkg/storage" @@ -60,51 +61,79 @@ func (r *kmsServer) ListCryptoKeyVersions(ctx context.Context, req *pb.ListCrypt return nil, err } - findPrefix := parentName.String() + parentFQN := parentName.String() - var matchingObjects []*pb.CryptoKeyVersion - endpointKind := (&pb.CryptoKeyVersion{}).ProtoReflect().Descriptor() - if err := r.storage.List(ctx, endpointKind, storage.ListOptions{}, func(obj proto.Message) error { + response, err := r.listCryptoKeyVersions(ctx, parentFQN) + if err != nil { + return nil, err + } + + return response, nil +} + +func (r *kmsServer) listCryptoKeyVersions(ctx context.Context, parentFQN string) (*pb.ListCryptoKeyVersionsResponse, error) { + namePrefix := parentFQN + "/cryptoKeyVersions/" + + response := &pb.ListCryptoKeyVersionsResponse{} + + // Network must not have any subnets depending on it + cryptoKeyVersionKind := (&pb.CryptoKeyVersion{}).ProtoReflect().Descriptor() + if err := r.storage.List(ctx, cryptoKeyVersionKind, storage.ListOptions{}, func(obj proto.Message) error { cryptoKeyVersion := obj.(*pb.CryptoKeyVersion) - if strings.HasPrefix(cryptoKeyVersion.Name, findPrefix) { - matchingObjects = append(matchingObjects, cryptoKeyVersion) + if strings.HasPrefix(cryptoKeyVersion.GetName(), namePrefix) { + response.CryptoKeyVersions = append(response.CryptoKeyVersions, cryptoKeyVersion) } - return nil }); err != nil { return nil, err } + response.TotalSize = int32(len(response.CryptoKeyVersions)) - return &pb.ListCryptoKeyVersionsResponse{ - CryptoKeyVersions: matchingObjects, - NextPageToken: "", - }, nil + return response, nil } func (r *kmsServer) CreateCryptoKeyVersion(ctx context.Context, req *pb.CreateCryptoKeyVersionRequest) (*pb.CryptoKeyVersion, error) { - parentName, err := r.parseCryptoKeyName(req.GetParent()) + + versions, err := r.listCryptoKeyVersions(ctx, req.GetParent()) if err != nil { return nil, err } - id := strconv.FormatInt(time.Now().UnixNano(), 10) + var maxVersion int64 + for _, version := range versions.CryptoKeyVersions { + last := lastComponent(version.GetName()) + n, err := strconv.ParseInt(last, 10, 64) + if err != nil { + return nil, fmt.Errorf("invalid key version name %q", version.GetName()) + } + if maxVersion < n { + maxVersion = n + } + } - // The server-generated crypto key version name is the concatenation of the parent crypto key's - // resource name and '/cryptoKeyVersions/' followed by a unique, server-assigned identifier. - // For example, if the parent crypto key's resource name is - // 'projects/1/locations/us-central1/keyRings/my-key-ring/cryptoKeys/my-crypto-key', - // then the server-generated crypto key version name might be - // 'projects/1/locations/us-central1/keyRings/my-key-ring/cryptoKeys/my-crypto-key/cryptoKeyVersions/123' - name := &CryptoKeyVersionName{ - CryptoKeyName: parentName, - Name: id, + nextVersion := maxVersion + 1 + + reqName := fmt.Sprintf("%s/cryptoKeyVersions/%d", req.GetParent(), nextVersion) + name, err := r.parseCryptoKeyVersionName(reqName) + if err != nil { + return nil, err } fqn := name.String() - obj := proto.Clone(req.GetCryptoKeyVersion()).(*pb.CryptoKeyVersion) - obj.Name = fqn + now := time.Now() - r.populateDefaultsForCryptoKeyVersion(name, obj) + var obj *pb.CryptoKeyVersion + if req.GetCryptoKeyVersion() == nil { + obj = &pb.CryptoKeyVersion{} + } else { + obj = proto.Clone(req.GetCryptoKeyVersion()).(*pb.CryptoKeyVersion) + } + obj.Name = fqn + obj.CreateTime = timestamppb.New(now) + obj.GenerateTime = timestamppb.New(now) + obj.ProtectionLevel = pb.ProtectionLevel_SOFTWARE + obj.State = pb.CryptoKeyVersion_ENABLED + obj.Algorithm = pb.CryptoKeyVersion_EC_SIGN_P384_SHA384 if err := r.storage.Create(ctx, fqn, obj); err != nil { return nil, err @@ -136,14 +165,35 @@ func (r *kmsServer) DestroyCryptoKeyVersion(ctx context.Context, req *pb.Destroy return nil, err } fqn := name.String() + + now := time.Now() + obj := &pb.CryptoKeyVersion{} if err := r.storage.Get(ctx, fqn, obj); err != nil { return nil, err } - // TODO: set appropriate state and fields + + var parent *pb.CryptoKey + { + get := &pb.GetCryptoKeyRequest{ + Name: name.CryptoKeyName.String(), + } + cryptoKey, err := r.GetCryptoKey(ctx, get) + if err != nil { + return nil, err + } + parent = cryptoKey + } + + destroyScheuledDuration := parent.GetDestroyScheduledDuration().AsDuration() + + obj.State = pb.CryptoKeyVersion_DESTROY_SCHEDULED + obj.DestroyTime = timestamppb.New(now.Add(destroyScheuledDuration)) + if err := r.storage.Update(ctx, fqn, obj); err != nil { return nil, err } + return obj, nil } @@ -164,37 +214,35 @@ func (r *kmsServer) RestoreCryptoKeyVersion(ctx context.Context, req *pb.Restore return obj, nil } -func (r *kmsServer) populateDefaultsForCryptoKeyVersion(name *CryptoKeyVersionName, obj *pb.CryptoKeyVersion) { - -} - type CryptoKeyVersionName struct { - *CryptoKeyName - Name string + CryptoKeyName + CryptoKeyVersionID string } func (n *CryptoKeyVersionName) String() string { - return fmt.Sprintf("%s/cryptoKeyVersions/%d", n.CryptoKeyName.String(), n.Name) + return n.CryptoKeyName.String() + "/cryptoKeyVersions/" + n.CryptoKeyVersionID } // parseCryptoKeyVersionName parses a string into a CryptoKeyVersionName. // The expected form is `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. func (r *kmsServer) parseCryptoKeyVersionName(name string) (*CryptoKeyVersionName, error) { - parts := strings.Split(name, "/") - if len(parts) != 8 { - return nil, status.Errorf(codes.InvalidArgument, "CryptoKeyVersion name must be in the form of projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*, got %v", name) - } + tokens := strings.Split(name, "/") - cryptoKeyName, err := r.parseCryptoKeyName(strings.Join(parts[0:6], "/")) - if err != nil { - return nil, err - } + if len(tokens) == 10 && tokens[8] == "cryptoKeyVersions" { + cryptoKeyName, err := r.parseCryptoKeyName(strings.Join(tokens[0:8], "/")) + if err != nil { + return nil, err + } - id := parts[7] - // TODO: validate id is numeric + // TODO: validate id is numeric + id := tokens[9] + name := &CryptoKeyVersionName{ + CryptoKeyName: *cryptoKeyName, + CryptoKeyVersionID: id, + } + + return name, nil + } - return &CryptoKeyVersionName{ - CryptoKeyName: cryptoKeyName, - Name: id, - }, nil + return nil, status.Errorf(codes.InvalidArgument, "name %q is not valid", name) } diff --git a/mockgcp/mockkms/keyring.go b/mockgcp/mockkms/keyring.go index 2ad06ab3e1..d373883e61 100644 --- a/mockgcp/mockkms/keyring.go +++ b/mockgcp/mockkms/keyring.go @@ -88,13 +88,13 @@ func (r *kmsServer) populateDefaultsForKeyRing(name *KeyRingName, obj *pb.KeyRin } type KeyRingName struct { - Project *projects.ProjectData - Location string - Name string + Project *projects.ProjectData + Location string + KeyRingID string } func (n *KeyRingName) String() string { - return "projects/" + n.Project.ID + "/locations/" + n.Location + "/keyRings/" + n.Name + return "projects/" + n.Project.ID + "/locations/" + n.Location + "/keyRings/" + n.KeyRingID } // parseKeyRingName parses a string into an KeyRingName. @@ -109,9 +109,9 @@ func (r *kmsServer) parseKeyRingName(name string) (*KeyRingName, error) { } name := &KeyRingName{ - Project: project, - Location: tokens[3], - Name: tokens[5], + Project: project, + Location: tokens[3], + KeyRingID: tokens[5], } return name, nil diff --git a/mockgcp/mockkms/utils.go b/mockgcp/mockkms/utils.go new file mode 100644 index 0000000000..f116d2c3c0 --- /dev/null +++ b/mockgcp/mockkms/utils.go @@ -0,0 +1,22 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package mockkms + +import "strings" + +func lastComponent(s string) string { + i := strings.LastIndex(s, "/") + return s[i+1:] +} diff --git a/pkg/test/resourcefixture/testdata/basic/alloydb/v1beta1/alloydbcluster/fullalloydbcluster/_http.log b/pkg/test/resourcefixture/testdata/basic/alloydb/v1beta1/alloydbcluster/fullalloydbcluster/_http.log index a6eb8ef8b9..faaa0cd388 100644 --- a/pkg/test/resourcefixture/testdata/basic/alloydb/v1beta1/alloydbcluster/fullalloydbcluster/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/alloydb/v1beta1/alloydbcluster/fullalloydbcluster/_http.log @@ -268,6 +268,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -296,6 +297,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -855,6 +857,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -880,8 +883,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}?alt=json diff --git a/pkg/test/resourcefixture/testdata/basic/container/v1beta1/containercluster/_http.log b/pkg/test/resourcefixture/testdata/basic/container/v1beta1/containercluster/_http.log index f41afd5cba..a146723210 100644 --- a/pkg/test/resourcefixture/testdata/basic/container/v1beta1/containercluster/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/container/v1beta1/containercluster/_http.log @@ -536,6 +536,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -568,6 +569,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -1344,6 +1346,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -1373,8 +1376,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}?alt=json diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_generated_object_kmscryptokey.golden.yaml b/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_generated_object_kmscryptokey.golden.yaml index 474b19ae65..92188d7891 100644 --- a/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_generated_object_kmscryptokey.golden.yaml +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_generated_object_kmscryptokey.golden.yaml @@ -15,6 +15,7 @@ metadata: name: kmscryptokey-${uniqueId} namespace: ${uniqueId} spec: + destroyScheduledDuration: 2592000s importOnly: false keyRingRef: name: kmscryptokey-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_http.log b/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_http.log index 1763f0c54d..b6dcc0b39b 100644 --- a/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/kms/v1beta1/kmscryptokey/_http.log @@ -122,6 +122,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -154,6 +155,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "key-one": "value-one", @@ -183,8 +185,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmscryptokey-${uniqueId}?alt=json diff --git a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstanceencryptionkey/_http.log b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstanceencryptionkey/_http.log index ce982b9b55..181b535fff 100644 --- a/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstanceencryptionkey/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/sql/v1beta1/sqlinstance/sqlinstanceencryptionkey/_http.log @@ -409,6 +409,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -436,6 +437,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -1988,6 +1990,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -2012,8 +2015,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}?alt=json diff --git a/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaidataset/vertexaidatasetencryptionkey/_http.log b/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaidataset/vertexaidatasetencryptionkey/_http.log index b455205329..f77af49747 100644 --- a/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaidataset/vertexaidatasetencryptionkey/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaidataset/vertexaidatasetencryptionkey/_http.log @@ -409,6 +409,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -436,6 +437,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -749,6 +751,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -773,8 +776,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}?alt=json diff --git a/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaiendpoint/vertexaiendpointencryptionkey/_http.log b/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaiendpoint/vertexaiendpointencryptionkey/_http.log index 46f7ef7d0f..50b9e89c01 100644 --- a/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaiendpoint/vertexaiendpointencryptionkey/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/vertexai/v1beta1/vertexaiendpoint/vertexaiendpointencryptionkey/_http.log @@ -409,6 +409,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -436,6 +437,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -723,6 +725,7 @@ X-Xss-Protection: 0 { "createTime": "2024-04-01T12:34:56.123456Z", + "destroyScheduledDuration": "2592000s", "labels": { "cnrm-test": "true", "managed-by-cnrm": "true" @@ -747,8 +750,49 @@ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Xss-Protection: 0 +{ + "cryptoKeyVersions": [ + { + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "ENABLED" + } + ], + "totalSize": 1 +} + +--- + +POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1:destroy?alt=json&prettyPrint=false +Content-Type: application/json +User-Agent: google-api-go-client/0.5 Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager + {} +200 OK +Cache-Control: private +Content-Type: application/json; charset=UTF-8 +Server: ESF +Vary: Origin +Vary: X-Origin +Vary: Referer +X-Content-Type-Options: nosniff +X-Frame-Options: SAMEORIGIN +X-Xss-Protection: 0 + +{ + "algorithm": "EC_SIGN_P384_SHA384", + "createTime": "2024-04-01T12:34:56.123456Z", + "destroyTime": "2024-04-01T12:34:56.123456Z", + "generateTime": "2024-04-01T12:34:56.123456Z", + "name": "projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}/cryptoKeys/kmscryptokey-${uniqueId}/cryptoKeyVersions/1", + "protectionLevel": "SOFTWARE", + "state": "DESTROY_SCHEDULED" +} + --- GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/kmskeyring-${uniqueId}?alt=json diff --git a/tests/e2e/unified_test.go b/tests/e2e/unified_test.go index febac6e36c..a178bc0c05 100644 --- a/tests/e2e/unified_test.go +++ b/tests/e2e/unified_test.go @@ -678,6 +678,7 @@ func runScenario(ctx context.Context, t *testing.T, testPause bool, fixture reso }) // Specific to KMS + addReplacement("policy.etag", "abcdef0123A=") addSetStringReplacement(".cryptoKeyVersions[].createTime", "2024-04-01T12:34:56.123456Z") addSetStringReplacement(".cryptoKeyVersions[].generateTime", "2024-04-01T12:34:56.123456Z") addReplacement("destroyTime", "2024-04-01T12:34:56.123456Z")