feat: hmac service account (#751)

.kokoro/pre-system-test.sh

@@ -15,3 +15,8 @@
 # limitations under the License.
 
 . .kokoro/setup-vars.sh
+
+# Lease a second service account for testing listing with multiple service accounts
+export HMAC_KEY_TEST_SECOND_SERVICE_ACCOUNT=$(./gimmeproj -project=$HMAC_PROJECT lease 15m)
+# Add to the list of leased service account for clean up after tests
+export LEASED_SERVICE_ACCOUNTS="$LEASED_SERVICE_ACCOUNTS $HMAC_KEY_TEST_SECOND_SERVICE_ACCOUNT"

.kokoro/setup-vars.sh

@@ -22,3 +22,21 @@ export GCN_STORAGE_2ND_PROJECT_KEY=${KOKORO_GFILE_DIR}/no-whitelist-key.json
 
 export GOOGLE_CLOUD_KMS_KEY_ASIA="projects/long-door-651/locations/asia/keyRings/test-key-asia/cryptoKeys/test-key-asia"
 export GOOGLE_CLOUD_KMS_KEY_US="projects/long-door-651/locations/us/keyRings/test-key-us/cryptoKeys/test-key-us"
+
+# For testing SA HMAC
+export HMAC_PROJECT=gimme-acc
+curl https://storage.googleapis.com/gimme-proj/linux_amd64/gimmeproj > gimmeproj
+chmod +x gimmeproj
+./gimmeproj version
+
+export HMAC_KEY_TEST_SERVICE_ACCOUNT=$(./gimmeproj -project=$HMAC_PROJECT lease 15m)
+echo Leased service account: $HMAC_KEY_TEST_SERVICE_ACCOUNT
+export LEASED_SERVICE_ACCOUNTS=$HMAC_KEY_TEST_SERVICE_ACCOUNT
+
+cleanup_service_accounts () {
+    for i in $LEASED_SERVICE_ACCOUNTS; do
+        ./gimmeproj -project=$HMAC_PROJECT "done" $i
+    done
+}
+
+trap cleanup_service_accounts EXIT

README.md

@@ -97,6 +97,12 @@ has instructions for running the samples.
 | Buckets | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/buckets.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/buckets.js,samples/README.md) |
 | Encryption | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/encryption.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/encryption.js,samples/README.md) |
 | Files | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/files.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/files.js,samples/README.md) |
+| Activate HMAC SA Key. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyActivate.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyActivate.js,samples/README.md) |
+| Create HMAC SA Key. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyCreate.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyCreate.js,samples/README.md) |
+| Deactivate HMAC SA Key. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyDeactivate.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyDeactivate.js,samples/README.md) |
+| Delete HMAC SA Key. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyDelete.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyDelete.js,samples/README.md) |
+| Get HMAC SA Key Metadata. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyGet.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyGet.js,samples/README.md) |
+| List HMAC SA Keys Metadata. | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeysList.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeysList.js,samples/README.md) |
 | Iam | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/iam.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/iam.js,samples/README.md) |
 | Notifications | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/notifications.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/notifications.js,samples/README.md) |
 | Quickstart | [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/quickstart.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/quickstart.js,samples/README.md) |

samples/README.md

@@ -24,6 +24,12 @@ objects to users via direct download.
   * [Buckets](#buckets)
   * [Encryption](#encryption)
   * [Files](#files)
+  * [Activate HMAC SA Key.](#activate-hmac-sa-key.)
+  * [Create HMAC SA Key.](#create-hmac-sa-key.)
+  * [Deactivate HMAC SA Key.](#deactivate-hmac-sa-key.)
+  * [Delete HMAC SA Key.](#delete-hmac-sa-key.)
+  * [Get HMAC SA Key Metadata.](#get-hmac-sa-key-metadata.)
+  * [List HMAC SA Keys Metadata.](#list-hmac-sa-keys-metadata.)
   * [Iam](#iam)
   * [Notifications](#notifications)
   * [Quickstart](#quickstart)
@@ -142,6 +148,120 @@ __Usage:__
 
 
 
+### Activate HMAC SA Key.
+
+Activate HMAC SA Key.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyActivate.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyActivate.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyActivate.js <hmacKeyAccessId> [projectId]`
+
+
+-----
+
+
+
+
+### Create HMAC SA Key.
+
+Create HMAC SA Key.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyCreate.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyCreate.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyCreate.js <serviceAccountEmail> [projectId]`
+
+
+-----
+
+
+
+
+### Deactivate HMAC SA Key.
+
+Deactivate HMAC SA Key.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyDeactivate.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyDeactivate.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyDeactivate.js <hmacKeyAccessId> [projectId]`
+
+
+-----
+
+
+
+
+### Delete HMAC SA Key.
+
+Delete HMAC SA Key.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyDelete.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyDelete.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyDelete.js <hmacKeyAccessId> [projectId]`
+
+
+-----
+
+
+
+
+### Get HMAC SA Key Metadata.
+
+Get HMAC SA Key Metadata.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeyGet.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeyGet.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyGet.js <hmacKeyAccessId> [projectId]`
+
+
+-----
+
+
+
+
+### List HMAC SA Keys Metadata.
+
+List HMAC SA Keys Metadata.
+
+View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/hmacKeysList.js).
+
+[![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/nodejs-storage&page=editor&open_in_editor=samples/hmacKeysList.js,samples/README.md)
+
+__Usage:__
+
+
+`node hmacKeyList.js [projectId]`
+
+
+-----
+
+
+
+
 ### Iam
 
 View the [source code](https://github.com/googleapis/nodejs-storage/blob/master/samples/iam.js).

samples/hmacKeyActivate.js

@@ -0,0 +1,56 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+// sample-metadata:
+//   title: Activate HMAC SA Key.
+//   description: Activate HMAC SA Key.
+//   usage: node hmacKeyActivate.js <hmacKeyAccessId> [projectId]
+
+function main(
+  hmacKeyAccessId = 'GOOG0234230X00',
+  projectId = 'serviceAccountProjectId'
+) {
+  // [START storage_activate_hmac_key]
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  // Activate HMAC SA Key
+  async function activateHmacKey() {
+    /**
+     * TODO(developer): Uncomment the following line before running the sample.
+     */
+    // const hmacKeyAccessId = 'HMAC Access Key Id to update, e.g. GOOG0234230X00';
+    // const projectId = 'The project Id this service account belongs to, e.g. serviceAccountProjectId';
+
+    const hmacKey = storage.hmacKey(hmacKeyAccessId, {projectId});
+    const [hmacKeyMetadata] = await hmacKey.setMetadata({state: 'ACTIVE'});
+
+    console.log(`The HMAC key is now active.`);
+    console.log(`The HMAC key metadata is:`);
+    for (const [key, value] of Object.entries(hmacKeyMetadata)) {
+      console.log(`${key}: ${value}`);
+    }
+  }
+  // [END storage_activate_hmac_key]
+  activateHmacKey();
+}
+
+main(...process.argv.slice(2));

samples/hmacKeyCreate.js

@@ -0,0 +1,58 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+// sample-metadata:
+//   title: Create HMAC SA Key.
+//   description: Create HMAC SA Key.
+//   usage: node hmacKeyCreate.js <serviceAccountEmail> [projectId]
+
+function main(
+  serviceAccountEmail = '[email protected]',
+  projectId = 'serviceAccountProjectId'
+) {
+  // [START storage_create_hmac_key]
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  // Create HMAC SA Key
+  async function createHmacKey() {
+    /**
+     * TODO(developer): Uncomment the following line before running the sample.
+     */
+    // const serviceAccountEmail = 'Service Account Email to associate HMAC Key';
+    // const projectId = 'The project Id this service account to be created in, e.g. serviceAccountProjectId';
+
+    const [hmacKey, secret] = await storage.createHmacKey(serviceAccountEmail, {
+      projectId,
+    });
+
+    console.log(`The base64 encoded secret is: ${secret}`);
+    console.log(`Do not miss that secret, there is no API to recover it.`);
+    console.log(`The HMAC key metadata is:`);
+    for (const [key, value] of Object.entries(hmacKey.metadata)) {
+      console.log(`${key}: ${value}`);
+    }
+  }
+  // [END storage_create_hmac_key]
+  createHmacKey();
+}
+
+main(...process.argv.slice(2));

samples/hmacKeyDeactivate.js

@@ -0,0 +1,56 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+'use strict';
+
+// sample-metadata:
+//   title: Deactivate HMAC SA Key.
+//   description: Deactivate HMAC SA Key.
+//   usage: node hmacKeyDeactivate.js <hmacKeyAccessId> [projectId]
+
+function main(
+  hmacKeyAccessId = 'GOOG0234230X00',
+  projectId = 'serviceAccountProjectId'
+) {
+  // [START storage_deactivate_hmac_key]
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  // Deactivate HMAC SA Key
+  async function deactivateHmacKey() {
+    /**
+     * TODO(developer): Uncomment the following line before running the sample.
+     */
+    // const hmacKeyAccessId = 'HMAC Access Key Id to update, e.g. GOOG0234230X00';
+    // const projectId = 'The project Id this service account belongs to, e.g. serviceAccountProjectId';
+
+    const hmacKey = storage.hmacKey(hmacKeyAccessId, {projectId});
+    const [hmacKeyMetadata] = await hmacKey.setMetadata({state: 'INACTIVE'});
+
+    console.log(`The HMAC key is now inactive.`);
+    console.log(`The HMAC key metadata is:`);
+    for (const [key, value] of Object.entries(hmacKeyMetadata)) {
+      console.log(`${key}: ${value}`);
+    }
+  }
+  // [END storage_deactivate_hmac_key]
+  deactivateHmacKey();
+}
+
+main(...process.argv.slice(2));