From aa9a21d69a46d4aaf162920b747c32ea60d87b4a Mon Sep 17 00:00:00 2001 From: Walter Poupore Date: Wed, 25 Oct 2017 16:02:10 -0700 Subject: [PATCH 1/5] Updates READ with minor corrections --- kms/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kms/README.md b/kms/README.md index c970900f5f4..a0ba5dda9e2 100644 --- a/kms/README.md +++ b/kms/README.md @@ -3,7 +3,7 @@ Google [Cloud Key Management Service](https://cloud.google.com/kms/) is a cloud-hosted key management service that lets you manage encryption for your cloud services the same way you do on-premise. You can generate, use, rotate and -destroy AES256 encryption keys. These sample Java applications demonstrate +destroy AES-256 encryption keys. These sample Java applications demonstrate how to access the KMS API using the Google Java API Client Libraries. ## Quickstart @@ -17,7 +17,7 @@ Build your project with: You can run the quickstart with: java -cp target/kms-samples-1.0.0-jar-with-dependencies.jar \ - com.example.Quickstart [your-project-id] + com.example.Quickstart [your-project-id] [your-location] and can see the available snippet commands with: @@ -27,4 +27,4 @@ and can see the available snippet commands with: For example: java -cp target/kms-samples-1.0.0-jar-with-dependencies.jar \ - com.example.Snippets createKeyRing -p myFirstKeyRing + com.example.Snippets createKeyRing -p myFirstKeyRing From 373de60afad0799ef8aa3c7b5740402ada2fdb5e Mon Sep 17 00:00:00 2001 From: Walter Poupore Date: Wed, 25 Oct 2017 16:04:57 -0700 Subject: [PATCH 2/5] Updates READ with minor corrections --- kms/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kms/README.md b/kms/README.md index a0ba5dda9e2..4da327d8930 100644 --- a/kms/README.md +++ b/kms/README.md @@ -27,4 +27,4 @@ and can see the available snippet commands with: For example: java -cp target/kms-samples-1.0.0-jar-with-dependencies.jar \ - com.example.Snippets createKeyRing -p myFirstKeyRing + com.example.Snippets createKeyRing -p [your-project-id] [your-location] myFirstKeyRing From d53b2d024bc3e6bcb66835e40bdd8ba3e2d5bd59 Mon Sep 17 00:00:00 2001 From: Walter Poupore Date: Wed, 25 Oct 2017 16:35:41 -0700 Subject: [PATCH 3/5] Adds snippet for restoring a key version --- .../java/com/example/SnippetCommands.java | 7 +++++ kms/src/main/java/com/example/Snippets.java | 29 +++++++++++++++++++ kms/src/test/java/com/example/SnippetsIT.java | 18 ++++++++++++ 3 files changed, 54 insertions(+) diff --git a/kms/src/main/java/com/example/SnippetCommands.java b/kms/src/main/java/com/example/SnippetCommands.java index 8d8b85b1022..a69b769c8f9 100644 --- a/kms/src/main/java/com/example/SnippetCommands.java +++ b/kms/src/main/java/com/example/SnippetCommands.java @@ -109,6 +109,12 @@ public void run() throws IOException { } } + public static class RestoreCryptoKeyVersionCommand extends KeyVersionArgs implements Command { + public void run() throws IOException { + Snippets.restoreCryptoKeyVersion(projectId, locationId, keyRingId, cryptoKeyId, version); + } + } + public static class SetPrimaryVersionCommand extends KeyVersionArgs implements Command { public void run() throws IOException { @@ -206,6 +212,7 @@ public void run() throws IOException { @SubCommand(name = "listCryptoKeyVersions", impl = ListCryptoKeyVersionsCommand.class), @SubCommand(name = "disableCryptoKeyVersion", impl = DisableCryptoKeyVersionCommand.class), @SubCommand(name = "destroyCryptoKeyVersion", impl = DestroyCryptoKeyVersionCommand.class), + @SubCommand(name = "restoreCryptoKeyVersion", impl = RestoreCryptoKeyVersionCommand.class), @SubCommand(name = "getKeyRingPolicy", impl = GetKeyRingPolicyCommand.class), @SubCommand(name = "getCryptoKeyPolicy", impl = GetCryptoKeyPolicyCommand.class), @SubCommand(name = "setPrimaryVersion", impl = SetPrimaryVersionCommand.class), diff --git a/kms/src/main/java/com/example/Snippets.java b/kms/src/main/java/com/example/Snippets.java index cacda5dc343..b46920ab816 100644 --- a/kms/src/main/java/com/example/Snippets.java +++ b/kms/src/main/java/com/example/Snippets.java @@ -26,6 +26,7 @@ import com.google.api.services.cloudkms.v1.model.CryptoKey; import com.google.api.services.cloudkms.v1.model.CryptoKeyVersion; import com.google.api.services.cloudkms.v1.model.DestroyCryptoKeyVersionRequest; +import com.google.api.services.cloudkms.v1.model.RestoreCryptoKeyVersionRequest; import com.google.api.services.cloudkms.v1.model.KeyRing; import com.google.api.services.cloudkms.v1.model.ListCryptoKeyVersionsResponse; import com.google.api.services.cloudkms.v1.model.ListCryptoKeysResponse; @@ -206,6 +207,34 @@ public static CryptoKeyVersion destroyCryptoKeyVersion( } // [END kms_destroy_cryptokey_version] + // [START kms_restore_cryptokey_version] + + /** + * Restores the given version of a crypto key that is currently scheduled for destruction. + */ + public static CryptoKeyVersion restoreCryptoKeyVersion( + String projectId, String locationId, String keyRingId, String cryptoKeyId, String version) + throws IOException { + // Create the Cloud KMS client. + CloudKMS kms = createAuthorizedClient(); + + // The resource name of the cryptoKey version + String cryptoKeyVersion = String.format( + "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s", + projectId, locationId, keyRingId, cryptoKeyId, version); + + RestoreCryptoKeyVersionRequest restoreRequest = new RestoreCryptoKeyVersionRequest(); + + CryptoKeyVersion restored = kms.projects().locations().keyRings().cryptoKeys() + .cryptoKeyVersions() + .restore(cryptoKeyVersion, restoreRequest) + .execute(); + + System.out.println(restored); + return restored; + } + // [END kms_destroy_cryptokey_version] + // [START kms_get_cryptokey_policy] /** diff --git a/kms/src/test/java/com/example/SnippetsIT.java b/kms/src/test/java/com/example/SnippetsIT.java index 301a55cde40..46a40ecb5fb 100644 --- a/kms/src/test/java/com/example/SnippetsIT.java +++ b/kms/src/test/java/com/example/SnippetsIT.java @@ -204,6 +204,24 @@ public void destroyCryptoKeyVersion_destroys() throws Exception { KEY_RING_ID, CRYPTO_KEY_ID, version)); } + + @Test + public void restoreCryptoKeyVersion_restores() throws Exception { + Snippets.createCryptoKeyVersion(PROJECT_ID, LOCATION_ID, KEY_RING_ID, CRYPTO_KEY_ID); + + Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"DESTROY_SCHEDULED\".*", + Pattern.DOTALL | Pattern.MULTILINE).matcher(bout.toString().trim()); + assertTrue(matcher.matches()); + + String version = matcher.group(1); + + Snippets.restoreCryptoKeyVersion(PROJECT_ID, LOCATION_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); + + assertThat(bout.toString()).containsMatch(String.format( + "keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s\",\"state\":\"DISABLED\"", + KEY_RING_ID, CRYPTO_KEY_ID, version)); + } + @Test public void setPrimaryVersion_createKeyAndSetPrimaryVersion() throws Exception { // We can't test that setPrimaryVersion actually took effect via a list call because of From a9e8519e9556510140d3ccd9de34962dc3369e74 Mon Sep 17 00:00:00 2001 From: Walter Poupore Date: Wed, 25 Oct 2017 16:39:13 -0700 Subject: [PATCH 4/5] Fixes region tag in comment. --- kms/src/main/java/com/example/Snippets.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kms/src/main/java/com/example/Snippets.java b/kms/src/main/java/com/example/Snippets.java index b46920ab816..f90595d49f1 100644 --- a/kms/src/main/java/com/example/Snippets.java +++ b/kms/src/main/java/com/example/Snippets.java @@ -233,7 +233,7 @@ public static CryptoKeyVersion restoreCryptoKeyVersion( System.out.println(restored); return restored; } - // [END kms_destroy_cryptokey_version] + // [END kms_restore_cryptokey_version] // [START kms_get_cryptokey_policy] From 3ba2bcad42de270c782634e37eeb5390d8da43e3 Mon Sep 17 00:00:00 2001 From: Walter Poupore Date: Wed, 25 Oct 2017 18:36:10 -0700 Subject: [PATCH 5/5] Updated test to schedule key version destruction prior to restore attempt --- kms/src/test/java/com/example/SnippetsIT.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/kms/src/test/java/com/example/SnippetsIT.java b/kms/src/test/java/com/example/SnippetsIT.java index 46a40ecb5fb..b0577a8817a 100644 --- a/kms/src/test/java/com/example/SnippetsIT.java +++ b/kms/src/test/java/com/example/SnippetsIT.java @@ -209,12 +209,21 @@ public void destroyCryptoKeyVersion_destroys() throws Exception { public void restoreCryptoKeyVersion_restores() throws Exception { Snippets.createCryptoKeyVersion(PROJECT_ID, LOCATION_ID, KEY_RING_ID, CRYPTO_KEY_ID); - Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"DESTROY_SCHEDULED\".*", + Matcher matcher = Pattern.compile(".*cryptoKeyVersions/(\\d+)\",\"state\":\"ENABLED\".*", Pattern.DOTALL | Pattern.MULTILINE).matcher(bout.toString().trim()); assertTrue(matcher.matches()); String version = matcher.group(1); + // Only key versions schedule for destruction are restorable, so schedule this key + // version for destruction. + Snippets.destroyCryptoKeyVersion(PROJECT_ID, LOCATION_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); + + assertThat(bout.toString()).containsMatch(String.format( + "keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s\",\"state\":\"DESTROY_SCHEDULED\"", + KEY_RING_ID, CRYPTO_KEY_ID, version)); + + // Now restore the key version. Snippets.restoreCryptoKeyVersion(PROJECT_ID, LOCATION_ID, KEY_RING_ID, CRYPTO_KEY_ID, version); assertThat(bout.toString()).containsMatch(String.format(