Skip to content

Commit fbfaf5f

Browse files
hwin16hwin16
authored
samples: allow multiple KMS keys to create CMEK database/backup (#1474)
1 parent f921a10 commit fbfaf5f

File tree

4 files changed

+388
-63
lines changed

4 files changed

+388
-63
lines changed

.toys/kokoro-ci.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@ def setup_env
110110

111111
# Single project for spanner
112112
ENV["GOOGLE_CLOUD_SPANNER_TEST_INSTANCE"] = "ruby-test-instance"
113+
ENV["GOOGLE_CLOUD_SPANNER_MR_TEST_INSTANCE"] = "ruby-mr-test-instance"
113114
ENV["GOOGLE_CLOUD_SPANNER_PROJECT"] = "cloud-samples-ruby-test-0"
114115

115116
# Used by E2E tests

spanner/spanner_samples.rb

Lines changed: 217 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,11 @@
1212
# See the License for the specific language governing permissions and
1313
# limitations under the License.
1414

15-
def create_instance project_id:, instance_id:
15+
def create_instance project_id:, instance_id:, instance_config_id: "regional-us-central1"
1616
# [START spanner_create_instance]
1717
# project_id = "Your Google Cloud project ID"
1818
# instance_id = "Your Spanner instance ID"
19+
# instance_config_id = "Your Spanner InstanceConfig ID"
1920

2021
require "google/cloud/spanner"
2122
require "google/cloud/spanner/admin/instance"
@@ -24,7 +25,7 @@ def create_instance project_id:, instance_id:
2425

2526
project_path = instance_admin_client.project_path project: project_id
2627
instance_path = instance_admin_client.instance_path project: project_id, instance: instance_id
27-
instance_config_path = instance_admin_client.instance_config_path project: project_id, instance_config: "regional-us-central1"
28+
instance_config_path = instance_admin_client.instance_config_path project: project_id, instance_config: instance_config_id
2829

2930
job = instance_admin_client.create_instance parent: project_path,
3031
instance_id: instance_id,
@@ -222,6 +223,70 @@ def create_database_with_encryption_key project_id:, instance_id:, database_id:,
222223
# [END spanner_create_database_with_encryption_key]
223224
end
224225

226+
def create_database_with_multiple_kms_keys(
227+
project_id:, instance_id:, database_id:, kms_key_names:
228+
)
229+
# [START spanner_create_database_with_MR_CMEK]
230+
# project_id = "Your Google Cloud project ID"
231+
# instance_id = "Your Spanner instance ID"
232+
# database_id = "Your Spanner database ID"
233+
# kms_key_names = ["key1", "key2", "key3"]
234+
235+
require "google/cloud/spanner"
236+
require "google/cloud/spanner/admin/database"
237+
238+
database_admin_client = Google::Cloud::Spanner::Admin::Database.database_admin
239+
240+
instance_path = database_admin_client.instance_path(
241+
project: project_id, instance: instance_id
242+
)
243+
244+
encryption_config = {
245+
kms_key_names: kms_key_names
246+
}
247+
248+
db_path = database_admin_client.database_path(
249+
project: project_id,
250+
instance: instance_id,
251+
database: database_id
252+
)
253+
254+
job = database_admin_client.create_database(
255+
parent: instance_path,
256+
create_statement: "CREATE DATABASE `#{database_id}`",
257+
extra_statements: [
258+
<<~STATEMENT,
259+
CREATE TABLE Singers (
260+
SingerId INT64 NOT NULL,
261+
FirstName STRING(1024),
262+
LastName STRING(1024),
263+
SingerInfo BYTES(MAX)
264+
) PRIMARY KEY (SingerId)
265+
STATEMENT
266+
<<~STATEMENT
267+
CREATE TABLE Albums (
268+
SingerId INT64 NOT NULL,
269+
AlbumId INT64 NOT NULL,
270+
AlbumTitle STRING(MAX)
271+
) PRIMARY KEY (SingerId, AlbumId),
272+
INTERLEAVE IN PARENT Singers
273+
ON DELETE CASCADE
274+
STATEMENT
275+
],
276+
encryption_config: encryption_config
277+
)
278+
279+
puts "Waiting for create database operation to complete"
280+
281+
job.wait_until_done!
282+
database = database_admin_client.get_database name: db_path
283+
284+
puts "Database #{database_id} created with encryption key " \
285+
"#{database.encryption_config.kms_key_names}"
286+
287+
# [END spanner_create_database_with_MR_CMEK]
288+
end
289+
225290
def create_dml_database project_id:, instance_id:, database_id:
226291
require "google/cloud/spanner"
227292
require "google/cloud/spanner/admin/database"
@@ -2005,6 +2070,55 @@ def create_backup_with_encryption_key project_id:, instance_id:, database_id:, b
20052070
# [END spanner_create_backup_with_encryption_key]
20062071
end
20072072

2073+
def create_backup_with_multiple_kms_keys(
2074+
project_id:, instance_id:, database_id:, backup_id:, kms_key_names:
2075+
)
2076+
# [START spanner_create_backup_with_MR_CMEK]
2077+
# project_id = "Your Google Cloud project ID"
2078+
# instance_id = "Your Spanner instance ID"
2079+
# database_id = "Your Spanner database ID"
2080+
# backup_id = "Your Spanner backup ID"
2081+
# kms_key_names = ["key1", "key2", "key3"]
2082+
2083+
require "google/cloud/spanner"
2084+
require "google/cloud/spanner/admin/database"
2085+
2086+
database_admin_client = Google::Cloud::Spanner::Admin::Database.database_admin
2087+
2088+
instance_path = database_admin_client.instance_path(
2089+
project: project_id, instance: instance_id
2090+
)
2091+
db_path = database_admin_client.database_path project: project_id,
2092+
instance: instance_id,
2093+
database: database_id
2094+
backup_path = database_admin_client.backup_path project: project_id,
2095+
instance: instance_id,
2096+
backup: backup_id
2097+
expire_time = Time.now + (14 * 24 * 3600) # 14 days from now
2098+
encryption_config = {
2099+
encryption_type: :CUSTOMER_MANAGED_ENCRYPTION,
2100+
kms_key_names: kms_key_names
2101+
}
2102+
2103+
job = database_admin_client.create_backup parent: instance_path,
2104+
backup_id: backup_id,
2105+
backup: {
2106+
database: db_path,
2107+
expire_time: expire_time
2108+
},
2109+
encryption_config: encryption_config
2110+
2111+
puts "Backup operation in progress"
2112+
2113+
job.wait_until_done!
2114+
2115+
backup = database_admin_client.get_backup name: backup_path
2116+
puts "Backup #{backup_id} of size #{backup.size_bytes} bytes was created " \
2117+
"at #{backup.create_time} using encryption key #{kms_key_names}"
2118+
2119+
# [END spanner_create_backup_with_MR_CMEK]
2120+
end
2121+
20082122
def restore_backup project_id:, instance_id:, database_id:, backup_id:
20092123
# [START spanner_restore_backup]
20102124
# project_id = "Your Google Cloud project ID"
@@ -2083,6 +2197,56 @@ def restore_database_with_encryption_key project_id:, instance_id:, database_id:
20832197
# [END spanner_restore_backup_with_encryption_key]
20842198
end
20852199

2200+
def restore_database_with_multiple_kms_keys(
2201+
project_id:, instance_id:, database_id:, backup_id:, kms_key_names:
2202+
)
2203+
# [START spanner_restore_backup_with_MR_CMEK]
2204+
# project_id = "Your Google Cloud project ID"
2205+
# instance_id = "Your Spanner instance ID"
2206+
# database_id = "Your Spanner database ID of where to restore"
2207+
# backup_id = "Your Spanner backup ID"
2208+
# kms_key_names = ["key1", "key2", "key3"]
2209+
2210+
require "google/cloud/spanner"
2211+
require "google/cloud/spanner/admin/database"
2212+
2213+
database_admin_client = Google::Cloud::Spanner::Admin::Database.database_admin
2214+
2215+
instance_path = database_admin_client.instance_path(
2216+
project: project_id, instance: instance_id
2217+
)
2218+
2219+
db_path = database_admin_client.database_path project: project_id,
2220+
instance: instance_id,
2221+
database: database_id
2222+
2223+
backup_path = database_admin_client.backup_path project: project_id,
2224+
instance: instance_id,
2225+
backup: backup_id
2226+
2227+
encryption_config = {
2228+
encryption_type: :CUSTOMER_MANAGED_ENCRYPTION,
2229+
kms_key_names: kms_key_names
2230+
}
2231+
job = database_admin_client.restore_database(
2232+
parent: instance_path,
2233+
database_id: database_id,
2234+
backup: backup_path,
2235+
encryption_config: encryption_config
2236+
)
2237+
2238+
puts "Waiting for restore backup operation to complete"
2239+
2240+
job.wait_until_done!
2241+
database = database_admin_client.get_database name: db_path
2242+
restore_info = database.restore_info
2243+
puts "Database #{restore_info.backup_info.source_database} was restored " \
2244+
"to #{database_id} from backup #{restore_info.backup_info.backup} " \
2245+
"using encryption key #{database.encryption_config.kms_key_names}"
2246+
2247+
# [END spanner_restore_backup_with_MR_CMEK]
2248+
end
2249+
20862250
def create_backup_cancel project_id:, instance_id:, database_id:, backup_id:
20872251
# [START spanner_cancel_backup_create]
20882252
# project_id = "Your Google Cloud project ID"
@@ -2338,6 +2502,53 @@ def copy_backup project_id:, instance_id:, backup_id:, source_backup_id:
23382502
# [END spanner_copy_backup]
23392503
end
23402504

2505+
def copy_backup_with_multiple_kms_keys(project_id:, instance_id:, backup_id:,
2506+
source_backup_id:, kms_key_names:)
2507+
# [START spanner_copy_backup_with_MR_CMEK]
2508+
# project_id = "Your Google Cloud project ID"
2509+
# instance_id = "The ID of the destination instance that will contain the backup copy"
2510+
# backup_id = "The ID of the backup copy"
2511+
# source_backup = "The source backup to be copied"
2512+
# kms_key_names = ["key1", "key2", "key3"]
2513+
2514+
require "google/cloud/spanner"
2515+
require "google/cloud/spanner/admin/database"
2516+
2517+
database_admin_client = Google::Cloud::Spanner::Admin::Database.database_admin
2518+
2519+
instance_path = database_admin_client.instance_path(
2520+
project: project_id, instance: instance_id
2521+
)
2522+
backup_path = database_admin_client.backup_path project: project_id,
2523+
instance: instance_id,
2524+
backup: backup_id
2525+
source_backup = database_admin_client.backup_path project: project_id,
2526+
instance: instance_id,
2527+
backup: source_backup_id
2528+
2529+
expire_time = Time.now + (14 * 24 * 3600) # 14 days from now
2530+
encryption_config = {
2531+
encryption_type: :CUSTOMER_MANAGED_ENCRYPTION,
2532+
kms_key_names: kms_key_names
2533+
}
2534+
2535+
job = database_admin_client.copy_backup parent: instance_path,
2536+
backup_id: backup_id,
2537+
source_backup: source_backup,
2538+
expire_time: expire_time,
2539+
encryption_config: encryption_config
2540+
2541+
puts "Copy backup operation in progress"
2542+
2543+
job.wait_until_done!
2544+
2545+
backup = database_admin_client.get_backup name: backup_path
2546+
puts "Backup #{backup_id} of size #{backup.size_bytes} bytes was copied at " \
2547+
"#{backup.create_time} from #{source_backup} for version " \
2548+
"#{backup.version_time} using encryption keys #{kms_key_names}"
2549+
# [END spanner_copy_backup_with_MR_CMEK]
2550+
end
2551+
23412552
def set_custom_timeout_and_retry project_id:, instance_id:, database_id:
23422553
# [START spanner_set_custom_timeout_and_retry]
23432554
# project_id = "Your Google Cloud project ID"
@@ -2401,6 +2612,7 @@ def usage
24012612
create_instance <instance_id> Create Instance
24022613
create_database <instance_id> <database_id> Create Database
24032614
create_database_with_encryption_key <instance_id> <database_id> Create Database with encryption
2615+
create_database_with_multiple_kms_keys <instance_id> <database_id> Create Database with multiple KMS keys
24042616
create_table_with_timestamp_column <instance_id> <database_id> Create table Performances with commit timestamp column
24052617
insert_data <instance_id> <database_id> Insert Data
24062618
insert_data_with_timestamp_column <instance_id> <database_id> Inserts data into Performances table containing the commit timestamp column
@@ -2463,15 +2675,18 @@ def usage
24632675
write_read_float64_array <instance_id> <database_id> Writes FLOAT64 array and read.
24642676
create_backup <instance_id> <database_id> <backup_id> <version_time> Create a backup.
24652677
create_backup_with_encryption_key <instance_id> <database_id> <backup_id> <kms_key_name> Create a backup using encryption key.
2678+
create_backup_with_multiple_kms_keys <instance_id> <database_id> <backup_id> "<kms_key_name>,<kms_key_name>" Create a backup using multiple KMS keys.
24662679
restore_backup <instance_id> <database_id> <backup_id> Restore a database.
24672680
restore_database_with_encryption_key <instance_id> <database_id> <backup_id> <kms_key_name> Restore a database using encryption key.
2681+
restore_database_with_multiple_kms_keys <instance_id> <database_id> <backup_id> "<kms_key_name>,<kms_key_name>" Restore a database using multiple KMS keys
24682682
create_backup_cancel <instance_id> <database_id> <backup_id> Cancel a backup.
24692683
list_backup_operations <instance_id> List backup operations.
24702684
list_database_operations <instance_id> List database operations.
24712685
list_backups <instance_id> <backup_id> <database_id> List and filter backups.
24722686
delete_backup <instance_id> <backup_id> Delete a backup.
24732687
update_backup <instance_id> <backup_id> Update the backup.
24742688
copy_backup <instance_id> <backup_id> <source_backup> Copies a backup
2689+
copy_backup_with_multiple_kms_keys <instance_id> <backup_id> <source_backup> "<kms_key_name>,<kms_key_name>" Copies a backup with multiple KMS keys
24752690
set_custom_timeout_and_retry <instance_id> <database_id> Set custom timeout and retry settings.
24762691
commit_stats <instance_id> <database_id> Get commit stats.
24772692

0 commit comments

Comments
 (0)