Skip to content

Commit cde99a9

Browse files
damccormdamccorm
committed
reuse key:
1 parent e005dc9 commit cde99a9

File tree

2 files changed

+44
-55
lines changed

2 files changed

+44
-55
lines changed

sdks/java/core/src/test/java/org/apache/beam/sdk/transforms/GroupByEncryptedKeyTest.java

Lines changed: 22 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -104,8 +104,8 @@ public void testGroupByKeyFakeSecret() {
104104
private static final String SECRET_ID = "gbek-test";
105105
private static Secret gcpSecret;
106106
private static Secret gcpHsmGeneratedSecret;
107-
private static String keyRingId;
108-
private static String keyId;
107+
private static final String KEY_RING_ID = "gbek-test-key-ring";
108+
private static final String KEY_ID = "gbek-test-key";
109109

110110
@BeforeClass
111111
public static void setup() throws IOException {
@@ -140,26 +140,34 @@ public static void setup() throws IOException {
140140
com.google.cloud.kms.v1.KeyManagementServiceClient kmsClient =
141141
com.google.cloud.kms.v1.KeyManagementServiceClient.create();
142142
String locationId = "global";
143-
keyRingId = "gbek-test-key-ring-" + System.currentTimeMillis();
144143
com.google.cloud.kms.v1.KeyRingName keyRingName =
145-
com.google.cloud.kms.v1.KeyRingName.of(PROJECT_ID, locationId, keyRingId);
144+
com.google.cloud.kms.v1.KeyRingName.of(PROJECT_ID, locationId, KEY_RING_ID);
146145
com.google.cloud.kms.v1.LocationName locationName =
147146
com.google.cloud.kms.v1.LocationName.of(PROJECT_ID, locationId);
148-
kmsClient.createKeyRing(
149-
locationName, keyRingId, com.google.cloud.kms.v1.KeyRing.newBuilder().build());
147+
try {
148+
kmsClient.getKeyRing(keyRingName);
149+
} catch (Exception e) {
150+
kmsClient.createKeyRing(
151+
locationName, KEY_RING_ID, com.google.cloud.kms.v1.KeyRing.newBuilder().build());
152+
}
150153

151-
keyId = "gbek-test-key-" + System.currentTimeMillis();
152-
com.google.cloud.kms.v1.CryptoKey key =
153-
com.google.cloud.kms.v1.CryptoKey.newBuilder()
154-
.setPurpose(com.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT)
155-
.build();
156-
kmsClient.createCryptoKey(keyRingName, keyId, key);
154+
com.google.cloud.kms.v1.CryptoKeyName keyName =
155+
com.google.cloud.kms.v1.CryptoKeyName.of(PROJECT_ID, locationId, KEY_RING_ID, KEY_ID);
156+
try {
157+
kmsClient.getCryptoKey(keyName);
158+
} catch (Exception e) {
159+
com.google.cloud.kms.v1.CryptoKey key =
160+
com.google.cloud.kms.v1.CryptoKey.newBuilder()
161+
.setPurpose(com.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT)
162+
.build();
163+
kmsClient.createCryptoKey(keyRingName, KEY_ID, key);
164+
}
157165
gcpHsmGeneratedSecret =
158166
new GcpHsmGeneratedSecret(
159167
PROJECT_ID,
160168
locationId,
161-
keyRingId,
162-
keyId,
169+
KEY_RING_ID,
170+
KEY_ID,
163171
String.format("gbek-test-job-%d", new SecureRandom().nextInt(10000)));
164172
} catch (Exception e) {
165173
gcpHsmGeneratedSecret = null;
@@ -171,21 +179,6 @@ public static void tearDown() throws IOException {
171179
SecretManagerServiceClient client = SecretManagerServiceClient.create();
172180
SecretName secretName = SecretName.of(PROJECT_ID, SECRET_ID);
173181
client.deleteSecret(secretName);
174-
if (gcpHsmGeneratedSecret != null) {
175-
com.google.cloud.kms.v1.KeyManagementServiceClient kmsClient =
176-
com.google.cloud.kms.v1.KeyManagementServiceClient.create();
177-
com.google.cloud.kms.v1.CryptoKeyName keyName =
178-
com.google.cloud.kms.v1.CryptoKeyName.of(PROJECT_ID, "global", keyRingId, keyId);
179-
for (com.google.cloud.kms.v1.CryptoKeyVersion version :
180-
kmsClient.listCryptoKeyVersions(keyName).iterateAll()) {
181-
if (version.getState()
182-
== com.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED
183-
|| version.getState()
184-
== com.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED) {
185-
kmsClient.destroyCryptoKeyVersion(version.getName());
186-
}
187-
}
188-
}
189182
}
190183

191184
@Test

sdks/java/core/src/test/java/org/apache/beam/sdk/transforms/GroupByKeyIT.java

Lines changed: 22 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,8 @@
1919

2020
import com.google.cloud.kms.v1.CryptoKey;
2121
import com.google.cloud.kms.v1.CryptoKeyName;
22-
import com.google.cloud.kms.v1.CryptoKeyVersion;
2322
import com.google.cloud.kms.v1.KeyManagementServiceClient;
2423
import com.google.cloud.kms.v1.KeyRingName;
25-
import com.google.cloud.kms.v1.LocationName;
2624
import com.google.cloud.secretmanager.v1.ProjectName;
2725
import com.google.cloud.secretmanager.v1.SecretManagerServiceClient;
2826
import com.google.cloud.secretmanager.v1.SecretName;
@@ -60,8 +58,8 @@ public class GroupByKeyIT {
6058
private static String gcpSecretVersionName;
6159
private static String gcpHsmSecretOption;
6260
private static String secretId;
63-
private static String keyRingId;
64-
private static String keyId;
61+
private static final String KEY_RING_ID = "gbek-it-key-ring";
62+
private static final String KEY_ID = "gbek-it-key";
6563

6664
@BeforeClass
6765
public static void setup() throws IOException {
@@ -102,20 +100,28 @@ public static void setup() throws IOException {
102100
try {
103101
KeyManagementServiceClient kmsClient = KeyManagementServiceClient.create();
104102
String locationId = "global";
105-
keyRingId = "gbekit-key-ring-" + new SecureRandom().nextInt(10000);
106-
KeyRingName keyRingName = KeyRingName.of(PROJECT_ID, locationId, keyRingId);
107-
LocationName locationName = LocationName.of(PROJECT_ID, locationId);
108-
kmsClient.createKeyRing(
109-
locationName, keyRingId, com.google.cloud.kms.v1.KeyRing.newBuilder().build());
110-
111-
keyId = "gbekit-key-" + new SecureRandom().nextInt(10000);
112-
CryptoKey key =
113-
CryptoKey.newBuilder().setPurpose(CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT).build();
114-
kmsClient.createCryptoKey(keyRingName, keyId, key);
103+
KeyRingName keyRingName = KeyRingName.of(PROJECT_ID, locationId, KEY_RING_ID);
104+
com.google.cloud.kms.v1.LocationName locationName =
105+
com.google.cloud.kms.v1.LocationName.of(PROJECT_ID, locationId);
106+
try {
107+
kmsClient.getKeyRing(keyRingName);
108+
} catch (Exception e) {
109+
kmsClient.createKeyRing(
110+
locationName, KEY_RING_ID, com.google.cloud.kms.v1.KeyRing.newBuilder().build());
111+
}
112+
113+
CryptoKeyName keyName = CryptoKeyName.of(PROJECT_ID, locationId, KEY_RING_ID, KEY_ID);
114+
try {
115+
kmsClient.getCryptoKey(keyName);
116+
} catch (Exception e) {
117+
CryptoKey key =
118+
CryptoKey.newBuilder().setPurpose(CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT).build();
119+
kmsClient.createCryptoKey(keyRingName, KEY_ID, key);
120+
}
115121
gcpHsmSecretOption =
116122
String.format(
117123
"type:gcphsmgeneratedsecret;project_id:%s;location_id:%s;key_ring_id:%s;key_id:%s;job_name:%s",
118-
PROJECT_ID, locationId, keyRingId, keyId, secretId);
124+
PROJECT_ID, locationId, KEY_RING_ID, KEY_ID, secretId);
119125
} catch (Exception e) {
120126
gcpHsmSecretOption = null;
121127
}
@@ -128,16 +134,6 @@ public static void tearDown() throws IOException {
128134
SecretName secretName = SecretName.of(PROJECT_ID, secretId);
129135
client.deleteSecret(secretName);
130136
}
131-
if (gcpHsmSecretOption != null) {
132-
KeyManagementServiceClient kmsClient = KeyManagementServiceClient.create();
133-
CryptoKeyName keyName = CryptoKeyName.of(PROJECT_ID, "global", keyRingId, keyId);
134-
for (CryptoKeyVersion version : kmsClient.listCryptoKeyVersions(keyName).iterateAll()) {
135-
if (version.getState() == CryptoKeyVersion.CryptoKeyVersionState.ENABLED
136-
|| version.getState() == CryptoKeyVersion.CryptoKeyVersionState.DISABLED) {
137-
kmsClient.destroyCryptoKeyVersion(version.getName());
138-
}
139-
}
140-
}
141137
}
142138

143139
@Test
@@ -219,7 +215,7 @@ public void testGroupByKeyWithExistingGcpHsmGeneratedSecretOption() throws Excep
219215
return;
220216
}
221217
// Create the secret beforehand
222-
new GcpHsmGeneratedSecret(PROJECT_ID, "global", keyRingId, keyId, secretId).getSecretBytes();
218+
new GcpHsmGeneratedSecret(PROJECT_ID, "global", KEY_RING_ID, KEY_ID, secretId).getSecretBytes();
223219

224220
PipelineOptions options = TestPipeline.testingPipelineOptions();
225221
options.setGbek(gcpHsmSecretOption);

0 commit comments

Comments
 (0)