diff --git a/kms/README.md b/kms/README.md index 500980d05f..c634393cd1 100644 --- a/kms/README.md +++ b/kms/README.md @@ -23,16 +23,16 @@ These samples show how to use the [Google Cloud KMS API] 4. **Install dependencies** via [Composer](http://getcomposer.org/doc/00-intro.md). Run `php composer.phar install` (if composer is installed locally) or `composer install` (if composer is installed globally). -5. Run `php kms.php`. The following commands are available: - +5. Run `php src/SNIPPET_NAME.php`. The usage will print for each if no arguments + are provided: ```sh - encryption Manage encryption for KMS - iam Manage IAM for KMS - key Manage keys for KMS - keyring Manage keyrings for KMS - version Manage key versions for KMS + $ php src/create_dataset.php + Usage: php src/list_keyrings.php PROJECT_ID LOCATION + + $ php src/list_keyrings.php your-project-id us-west1 + Name: projects/your-project-id/locations/us-west1/keyRings/your-test-keyring + Create Time: 2018-12-28 06:27:56 ``` -6. Run `php kms.php COMMAND --help` to print information about the usage of each command. ## Contributing changes diff --git a/kms/composer.json b/kms/composer.json index 8838feda6e..3482c468dd 100644 --- a/kms/composer.json +++ b/kms/composer.json @@ -1,13 +1,6 @@ { "require": { - "google/apiclient": "^2.1", - "symfony/console": " ^3.0", - "symfony/event-dispatcher": "^3.3" - }, - "autoload": { - "files": [ - "src/functions.php" - ] + "google/cloud-kms": "^0.4.3" }, "require-dev": { "phpunit/phpunit": "^5", diff --git a/kms/kms.php b/kms/kms.php deleted file mode 100644 index 93372289d4..0000000000 --- a/kms/kms.php +++ /dev/null @@ -1,326 +0,0 @@ -setDispatcher($dispatcher = new EventDispatcher()); -$dispatcher->addListener(ConsoleEvents::COMMAND, function (ConsoleCommandEvent $event) { - $input = $event->getInput(); - // Try to get the default project ID from gcloud - if ($input->hasOption('project') && !$input->getOption('project')) { - exec( - "gcloud config list --format 'value(core.project)' 2>/dev/null", - $output, - $return_var - ); - - if (0 !== $return_var) { - throw new \Exception('Could not derive a project ID from gcloud. ' . - 'You must supply a project ID using --project'); - } - - $input->setOption('project', array_pop($output)); - } -}); - -$inputDefinition = new InputDefinition([ - new InputOption( - 'project', - 'p', - InputOption::VALUE_REQUIRED, - 'The Google Cloud Platform project name to use for this invocation. ' . - 'If omitted then the current gcloud project is assumed. ' - ), - new InputOption( - 'location', - null, - InputOption::VALUE_REQUIRED, - 'The location of the cryptokey or keyring.', - 'global' - ), -]); - -// Add Encryption Command -$application->add((new Command('encryption')) - ->setDescription('Manage encryption for KMS') - ->setDefinition(clone $inputDefinition) - ->addArgument('keyring', InputArgument::REQUIRED, 'The name of the keyring.') - ->addArgument('cryptokey', InputArgument::REQUIRED, 'The name of the cryptokey.') - ->addArgument('infile', InputArgument::REQUIRED, 'The target file.') - ->addArgument('outfile', InputArgument::REQUIRED, 'The file to store the result.') - ->addOption('decrypt', null, InputOption::VALUE_NONE, 'Performs the decrypt function instead of encrypt. ') - ->setHelp(<<%command.name% command uses the KMS API to encrypt and decrypt text in files. - -Encrypt the text of a file using the specified CryptoKey: - - php %command.full_name% my-keyring my-cryptokey file.txt file.txt.encrypted - -Decrypt the text of a file using the specified CryptoKey: - - php %command.full_name% my-keyring my-cryptokey file.txt.encrypted file.txt.decrypted --decrypt - -EOF - ) - ->setCode(function ($input, $output) { - $projectId = $input->getOption('project'); - $keyRing = $input->getArgument('keyring'); - $cryptoKey = $input->getArgument('cryptokey'); - $infile = $input->getArgument('infile'); - $outfile = $input->getArgument('outfile'); - $location = $input->getOption('location'); - if ($input->getOption('decrypt')) { - decrypt($projectId, $keyRing, $cryptoKey, $infile, $outfile, $location); - } else { - encrypt($projectId, $keyRing, $cryptoKey, $infile, $outfile, $location); - } - }) -); - -// Add IAM Command -$application->add((new Command('iam')) - ->setDescription('Manage IAM for KMS') - ->setDefinition(clone $inputDefinition) - ->addArgument('keyring', InputArgument::REQUIRED, 'The name of the keyring.') - ->addArgument('cryptokey', InputArgument::OPTIONAL, 'The name of the cryptokey.') - ->addOption('service-account-email', null, InputOption::VALUE_REQUIRED, 'The service accunt email to add to the policy.') - ->addOption('user-email', null, InputOption::VALUE_REQUIRED, 'The user email to add to the policy.') - ->addOption('role', null, InputOption::VALUE_REQUIRED, 'The role of the policy.', 'roles/cloudkms.cryptoKeyEncrypterDecrypter') - ->addOption('remove', null, InputOption::VALUE_NONE, 'If supplied, will remove the user or service account from the policy') - ->setHelp(<<%command.name% command manages KMS IAM policies. - -List the IAM roles for a KeyRing: - - php %command.full_name% my-keyring - -List the IAM roles for a CryptoKey: - - php %command.full_name% my-keyring my-cryptokey - -Add a service account to a CryptoKey: - - php %command.full_name% my-keyring my-cryptokey \ - --service-account-email=example@my-project.gserviceaccount.com - -Add a service account to a CryptoKey for a specific role: - - php %command.full_name% my-keyring my-cryptokey \ - --service-account-email=example@my-project.gserviceaccount.com \ - --role=roles/cloudkms.admin - -EOF - ) - ->setCode(function ($input, $output) { - $projectId = $input->getOption('project'); - $keyRing = $input->getArgument('keyring'); - $cryptoKey = $input->getArgument('cryptokey'); - $role = $input->getOption('role'); - $location = $input->getOption('location'); - $userEmail = $input->getOption('user-email'); - $serviceAccountEmail = $input->getOption('service-account-email'); - if ($cryptoKey) { - if (empty($userEmail) && empty($serviceAccountEmail)) { - get_cryptokey_policy($projectId, $keyRing, $cryptoKey, $location); - } else { - if ($userEmail) { - $member = 'user:' . $userEmail; - } else { - $member = 'serviceAccount:' . $serviceAccountEmail; - } - if ($input->getOption('remove')) { - remove_member_from_cryptokey_policy($projectId, $keyRing, $cryptoKey, $member, $role, $location); - } else { - add_member_to_cryptokey_policy($projectId, $keyRing, $cryptoKey, $member, $role, $location); - } - } - } else { - if (empty($userEmail) && empty($serviceAccountEmail)) { - get_keyring_policy($projectId, $keyRing, $location); - } else { - if ($userEmail) { - $member = 'user:' . $userEmail; - } else { - $member = 'serviceAccount:' . $serviceAccountEmail; - } - if ($input->getOption('remove')) { - remove_member_from_keyring_policy($projectId, $keyRing, $member, $role, $location); - } else { - add_member_to_keyring_policy($projectId, $keyRing, $member, $role, $location); - } - } - } - }) -); - -// Add Key Command -$application->add((new Command('key')) - ->setDescription('Manage keys for KMS') - ->setDefinition(clone $inputDefinition) - ->addArgument('keyring', InputArgument::REQUIRED, 'The name of the keyring.') - ->addArgument('cryptokey', InputArgument::OPTIONAL, 'The name of the cryptokey.') - ->addOption('create', null, InputOption::VALUE_NONE, 'If supplied, will create the keyring, cryptokey, or cryptokey version') - ->setHelp(<<%command.name% command manages KMS keys. - -List all CrytoKeys for the supplied KeyRing: - - php %command.full_name% my-keyring - -Display information about a CrytoKey: - - php %command.full_name% my-keyring my-cryptokey - -Create a CrytoKey: - - php %command.full_name% my-keyring new-cryptokey --create - -EOF - ) - ->setCode(function ($input, $output) { - $projectId = $input->getOption('project'); - $keyRing = $input->getArgument('keyring'); - $cryptoKey = $input->getArgument('cryptokey'); - $location = $input->getOption('location'); - - if ($cryptoKey) { - if ($input->getOption('create')) { - create_cryptokey($projectId, $keyRing, $cryptoKey, $location); - } else { - get_cryptokey($projectId, $keyRing, $cryptoKey, $location); - } - } else { - list_cryptokeys($projectId, $keyRing, $location); - } - }) -); - -// Add KeyRing Command -$application->add((new Command('keyring')) - ->setDescription('Manage keyrings for KMS') - ->setDefinition(clone $inputDefinition) - ->addArgument('keyring', InputArgument::OPTIONAL, 'The name of the keyring.') - ->addOption('create', null, InputOption::VALUE_NONE, 'If supplied, will create the keyring, cryptokey, or cryptokey version') - ->setHelp(<<%command.name% command manages KMS keyrings. - -List all KeyRings for a project: - - php %command.full_name% - -Display information about a KeyRing: - - php %command.full_name% my-keyring - -Create a KeyRing: - - php %command.full_name% new-keyring --create - -EOF - ) - ->setCode(function ($input, $output) { - $projectId = $input->getOption('project'); - $ring = $input->getArgument('keyring'); - $location = $input->getOption('location'); - if ($ring) { - if ($input->getOption('create')) { - create_keyring($projectId, $ring, $location); - } else { - get_keyring($projectId, $ring, $location); - } - } else { - list_keyrings($projectId, $location); - } - }) -); - -// Add Version Command -$application->add((new Command('version')) - ->setDescription('Manage key versions for KMS') - ->setDefinition(clone $inputDefinition) - ->addArgument('keyring', InputArgument::REQUIRED, 'The name of the keyring.') - ->addArgument('cryptokey', InputArgument::REQUIRED, 'The name of the cryptokey.') - ->addArgument('version', InputArgument::OPTIONAL, 'The version of the cryptokey.') - ->addOption('create', null, InputOption::VALUE_NONE, 'If supplied, will create the keyring, cryptokey, or cryptokey version') - ->addOption('destroy', null, InputOption::VALUE_NONE, 'If supplied, will destroy the cryptokey version') - ->addOption('disable', null, InputOption::VALUE_NONE, 'If supplied, will disable the cryptokey version') - ->addOption('enable', null, InputOption::VALUE_NONE, 'If supplied, will enable the cryptokey version') - ->addOption('restore', null, InputOption::VALUE_NONE, 'If supplied, will restore the cryptokey version') - ->addOption('set-primary', null, InputOption::VALUE_NONE, 'If supplied, will disable the cryptokey version') - ->setHelp(<<%command.name% command manages KMS key versions. - -List all versions of a CryptoKey: - - php %command.full_name% my-keyring my-cryptokey - -Display information about a specific CryptoKey version: - - php %command.full_name% my-keyring my-cryptokey 1 - -Create a new CryptoKey version: - - php %command.full_name% my-keyring my-cryptokey --create - -EOF - ) - ->setCode(function ($input, $output) { - $projectId = $input->getOption('project'); - $keyRing = $input->getArgument('keyring'); - $cryptoKey = $input->getArgument('cryptokey'); - $cryptoKeyVersion = $input->getArgument('version'); - $location = $input->getOption('location'); - if ($input->getOption('create')) { - create_cryptokey_version($projectId, $keyRing, $cryptoKey, $location); - } elseif ($cryptoKeyVersion) { - if ($input->getOption('destroy')) { - destroy_cryptokey_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } elseif ($input->getOption('disable')) { - disable_cryptokey_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } elseif ($input->getOption('restore')) { - restore_cryptokey_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } elseif ($input->getOption('enable')) { - enable_cryptokey_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } elseif ($input->getOption('set-primary')) { - set_cryptokey_primary_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } else { - get_cryptokey_version($projectId, $keyRing, $cryptoKey, $cryptoKeyVersion, $location); - } - } else { - list_cryptokey_versions($projectId, $keyRing, $cryptoKey, $location); - } - }) -); - -// for testing -if (getenv('PHPUNIT_TESTS') === '1') { - return $application; -} - -$application->run(); diff --git a/kms/quickstart.php b/kms/quickstart.php index 90eae4ae71..2c3534f533 100644 --- a/kms/quickstart.php +++ b/kms/quickstart.php @@ -19,40 +19,27 @@ // Includes the autoloader for libraries installed with composer require __DIR__ . '/vendor/autoload.php'; +// Import the Google Cloud KMS client library. +use Google\Cloud\Kms\V1\KeyManagementServiceClient; + // Your Google Cloud Platform project ID $projectId = 'YOUR_PROJECT_ID'; -// Lists keys in the "global" location. -$location = 'global'; - -// The resource name of the location associated with the KeyRings -$parent = sprintf('projects/%s/locations/%s', $projectId, $location); +// Lists keys in the "global" location. Could also be "us-west1", etc. +$locationId = 'global'; // Instantiate the client -$client = new Google_Client(); - -// Authorize the client using Application Default Credentials -// @see https://developers.google.com/identity/protocols/application-default-credentials -$client->useApplicationDefaultCredentials(); - -// Set the required scopes to access the Key Management Service API -$client->setScopes(array( - 'https://www.googleapis.com/auth/cloud-platform' -)); +$kms = new KeyManagementServiceClient(); -// Instantiate the Key Management Service API -$kms = new Google_Service_CloudKMS($client); +$locationName = $kms->locationName($projectId, $locationId); // list all key rings for your project -$keyRings = $kms->projects_locations_keyRings->listProjectsLocationsKeyRings( - $projectId, - array('parent' => $parent) -); +$keyRings = $kms->listKeyRings($locationName); // Print the key rings echo 'Key Rings: ' . PHP_EOL; foreach ($keyRings as $keyRing) { - echo $keyRing->name . PHP_EOL; + echo $keyRing->getName() . PHP_EOL; } # [END kms_quickstart] return $keyRings; diff --git a/kms/src/add_member_to_cryptokey_policy.php b/kms/src/add_member_to_cryptokey_policy.php new file mode 100644 index 0000000000..802f0e3d61 --- /dev/null +++ b/kms/src/add_member_to_cryptokey_policy.php @@ -0,0 +1,64 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +// Get the current IAM policy and add the new account to it. +$policy = $kms->getIamPolicy($cryptoKeyName); +$bindings = $policy->getBindings(); +$bindings[] = new Binding([ + 'members' => [$member], + 'role' => $role, +]); +$policy->setBindings($bindings); + +// Set the new IAM Policy. +$kms->setIamPolicy($cryptoKeyName, $policy); + +printf('Member %s added to policy for cryptoKey %s in keyRing %s' . PHP_EOL, $member, $cryptoKeyId, $keyRingId); +# [END kms_add_member_to_cryptokey_policy] diff --git a/kms/src/add_member_to_keyring_policy.php b/kms/src/add_member_to_keyring_policy.php new file mode 100644 index 0000000000..20fde378da --- /dev/null +++ b/kms/src/add_member_to_keyring_policy.php @@ -0,0 +1,63 @@ +keyRingName($projectId, $locationId, $keyRingId); + +// Get the current IAM policy and add the new account to it. +$policy = $kms->getIamPolicy($keyRingName); +$bindings = $policy->getBindings(); +$bindings[] = new Binding([ + 'members' => [$member], + 'role' => $role, +]); +$policy->setBindings($bindings); + +// Set the new IAM Policy. +$kms->setIamPolicy($keyRingName, $policy); + +printf('Member %s added to policy for keyRing %s' . PHP_EOL, $member, $keyRingId); +# [END kms_add_member_to_keyring_policy] diff --git a/kms/src/create_cryptokey.php b/kms/src/create_cryptokey.php new file mode 100644 index 0000000000..8347d408b9 --- /dev/null +++ b/kms/src/create_cryptokey.php @@ -0,0 +1,61 @@ +keyRingName($projectId, $locationId, $keyRingId); + +$cryptoKey = new CryptoKey(); +// This will allow the API access to the key for encryption and decryption. +$cryptoKey->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT); + +// Create the CryptoKey for your project. +$newKey = $kms->createCryptoKey( + $keyRingName, + $cryptoKeyId, + $cryptoKey +); + +printf('Created cryptoKey %s in keyRing %s' . PHP_EOL, $cryptoKeyId, $keyRingId); +# [END kms_create_cryptokey] diff --git a/kms/src/create_cryptokey_version.php b/kms/src/create_cryptokey_version.php new file mode 100644 index 0000000000..a1186e9578 --- /dev/null +++ b/kms/src/create_cryptokey_version.php @@ -0,0 +1,57 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +// Create the CryptoKey for your project. +$cryptoKeyVersion = new CryptoKeyVersion(); +$newVersion = $kms->createCryptoKeyVersion( + $cryptoKeyName, + $cryptoKeyVersion +); + +$number = substr($newVersion->getName(), strrpos($newVersion->getName(), '/') + 1); +printf('Created version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $number, $cryptoKeyId, $keyRingId); +# [END kms_create_cryptokey_version] diff --git a/kms/src/create_keyring.php b/kms/src/create_keyring.php new file mode 100644 index 0000000000..358c3d01b7 --- /dev/null +++ b/kms/src/create_keyring.php @@ -0,0 +1,57 @@ +locationName($projectId, $locationId); + +$keyRing = new KeyRing(); + +// Create the CryptoKey for your project. +$newKeyRing = $kms->createKeyRing( + $locationName, + $keyRingId, + $keyRing +); + +printf('Created keyRing %s' . PHP_EOL, $keyRingId); +# [END kms_create_cryptokey] diff --git a/kms/src/decrypt.php b/kms/src/decrypt.php new file mode 100644 index 0000000000..9c8a7766de --- /dev/null +++ b/kms/src/decrypt.php @@ -0,0 +1,57 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +$ciphertext = file_get_contents($ciphertextFileName); +$response = $kms->decrypt($cryptoKeyName, $ciphertext); + +// Write the encrypted text to a file. +file_put_contents($plaintextFileName, $response->getPlaintext()); +printf('Saved decrypted text to %s' . PHP_EOL, $plaintextFileName); +# [END kms_decrypt] diff --git a/kms/src/destroy_cryptokey_version.php b/kms/src/destroy_cryptokey_version.php new file mode 100644 index 0000000000..b363beff85 --- /dev/null +++ b/kms/src/destroy_cryptokey_version.php @@ -0,0 +1,52 @@ +cryptoKeyVersionName($projectId, $locationId, $keyRingId, $cryptoKeyId, $version); + +// Get the CryptoKey. +$cryptoKeyVersion = $kms->destroyCryptoKeyVersion($cryptoKeyVersionName); + +printf('Destroyed version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); +# [END kms_destroy_cryptokey_version] diff --git a/kms/src/disable_cryptokey_version.php b/kms/src/disable_cryptokey_version.php new file mode 100644 index 0000000000..8ccea27392 --- /dev/null +++ b/kms/src/disable_cryptokey_version.php @@ -0,0 +1,60 @@ +cryptoKeyVersionName($projectId, $locationId, $keyRingId, $cryptoKeyId, $version); + +// Get the CryptoKey. +$cryptoKeyVersion = $kms->getCryptoKeyVersion($cryptoKeyVersionName); +// Disable the cryptokey +$cryptoKeyVersion->setState(CryptoKeyVersionState::DISABLED); + +$updateMask = new FieldMask(); +$updateMask->setPaths(['state']); +$kms->updateCryptoKeyVersion($cryptoKeyVersion, $updateMask); + +printf('Disabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); +# [END kms_disable_cryptokey_version] diff --git a/kms/src/enable_cryptokey_version.php b/kms/src/enable_cryptokey_version.php new file mode 100644 index 0000000000..9f30e9a950 --- /dev/null +++ b/kms/src/enable_cryptokey_version.php @@ -0,0 +1,60 @@ +cryptoKeyVersionName($projectId, $locationId, $keyRingId, $cryptoKeyId, $version); + +// Get the CryptoKey. +$cryptoKeyVersion = $kms->getCryptoKeyVersion($cryptoKeyVersionName); +// Enable the cryptokey +$cryptoKeyVersion->setState(CryptoKeyVersionState::ENABLED); + +$updateMask = new FieldMask(); +$updateMask->setPaths(['state']); +$kms->updateCryptoKeyVersion($cryptoKeyVersion, $updateMask); + +printf('Enabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); +# [END kms_enable_cryptokey_version] diff --git a/kms/src/encrypt.php b/kms/src/encrypt.php new file mode 100644 index 0000000000..64e77c7b71 --- /dev/null +++ b/kms/src/encrypt.php @@ -0,0 +1,55 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +$plaintext = file_get_contents($plaintextFileName); +$response = $kms->encrypt($cryptoKeyName, $plaintext); + +// Write the encrypted text to a file. +file_put_contents($ciphertextFileName, $response->getCiphertext()); +printf('Saved encrypted text to %s' . PHP_EOL, $ciphertextFileName); +# [END kms_encrypt] diff --git a/kms/src/functions.php b/kms/src/functions.php deleted file mode 100644 index bbf8971b4f..0000000000 --- a/kms/src/functions.php +++ /dev/null @@ -1,983 +0,0 @@ -useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Get the current IAM policy and add the new account to it. - $policy = $kms->projects_locations_keyRings_cryptoKeys->getIamPolicy($parent); - $bindings = $policy->getBindings(); - $bindings[] = new Google_Service_CloudKMS_Binding([ - 'members' => [$member], - 'role' => $role, - ]); - $policy->setBindings($bindings); - - // Set the new IAM Policy. - $request = new Google_Service_CloudKMS_SetIamPolicyRequest(['policy' => $policy]); - $kms->projects_locations_keyRings_cryptoKeys->setIamPolicy( - $parent, - $request - ); - - printf('Member %s added to policy for cryptoKey %s in keyRing %s' . PHP_EOL, $member, $cryptoKeyId, $keyRingId); -} -# [END kms_add_member_to_cryptokey_policy] - -# [START kms_add_member_to_keyring_policy] -/** - * Add a member to a KeyRing IAM policy. - * - * @param string $projectId - * @param string $keyRingId - * @param string $member Must be in the format "user:$userEmail" or - * "serviceAccount:$serviceAccountEmail" - * @param string $role Must be in the format "roles/$role", - * "organizations/$organizationId/roles/$role", or "projects/$projectId/roles/$role" - * @param string $locationId [optional] - * @return null - */ -function add_member_to_keyring_policy($projectId, $keyRingId, $member, $role, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the KeyRing. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - // Get the current IAM policy and add the new account to it. - $policy = $kms->projects_locations_keyRings->getIamPolicy($parent); - $bindings = $policy->getBindings(); - $bindings[] = new Google_Service_CloudKMS_Binding([ - 'members' => [$member], - 'role' => $role, - ]); - $policy->setBindings($bindings); - - // Set the new IAM Policy. - $request = new Google_Service_CloudKMS_SetIamPolicyRequest(['policy' => $policy]); - $kms->projects_locations_keyRings->setIamPolicy( - $parent, - $request - ); - - printf('Member %s added to policy for keyRing %s' . PHP_EOL, $member, $keyRingId); -} -# [END kms_add_member_to_keyring_policy] - -# [START kms_create_cryptokey] -/** - * Create a CryptoKey. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $locationId [optional] - * @return Google_Service_CloudKMS_CryptoKey - */ -function create_cryptokey($projectId, $keyRingId, $cryptoKeyId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // This will allow the API access to the key for encryption and decryption. - $purpose = 'ENCRYPT_DECRYPT'; - - // The resource name of the KeyRing associated with the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - $cryptoKey = new Google_Service_CloudKMS_CryptoKey(); - $cryptoKey->setPurpose($purpose); - - // Create the CryptoKey for your project. - $newKey = $kms->projects_locations_keyRings_cryptoKeys->create( - $parent, - $cryptoKey, - ['cryptoKeyId' => $cryptoKeyId] - ); - - printf('Created cryptoKey %s in keyRing %s' . PHP_EOL, $cryptoKeyId, $keyRingId); -} -# [END kms_create_cryptokey] - -# [START kms_create_cryptokey_version] -/** - * Create a KeyRing version. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $locationId [optional] - * @return null - */ -function create_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // This will allow the API access to the key for encryption and decryption. - $purpose = 'ENCRYPT_DECRYPT'; - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Create the CryptoKey version for your project. - $cryptoKeyVersion = new Google_Service_CloudKMS_CryptoKeyVersion(); - $newVersion = $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions - ->create($parent, $cryptoKeyVersion); - - $number = substr($newVersion->name, strrpos($newVersion->name, '/') + 1); - printf('Created version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $number, $cryptoKeyId, $keyRingId); -} -# [END kms_create_cryptokey_version] - -# [START kms_create_keyring] -/** - * Create a KeyRing. - * - * @param string $projectId - * @param string $keyRingId - * @param string $locationId [optional] - * @return null - */ -function create_keyring($projectId, $keyRingId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the location associated with the KeyRing. - $parent = sprintf('projects/%s/locations/%s', - $projectId, - $locationId - ); - - // Create the KeyRing for your project. - $keyRing = new Google_Service_CloudKMS_KeyRing(); - $kms->projects_locations_keyRings->create( - $parent, - $keyRing, - ['keyRingId' => $keyRingId] - ); - - printf('Created keyRing %s' . PHP_EOL, $keyRingId); -} -# [END kms_create_keyring] - -# [START kms_get_keyring] -/** - * Get a KeyRing. - * - * @param string $projectId - * @param string $keyRingId - * @param string $locationId [optional] - * @return null - */ -function get_keyring($projectId, $keyRingId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - // Get the KeyRing and print it. - $keyRing = $kms->projects_locations_keyRings->get($parent); - printf("Name: %s\nCreate Time: %s\n", - $keyRing->getName(), - $keyRing->getCreateTime() - ); -} -# [END kms_get_keyring] - -# [START kms_list_keyrings] -/** - * List the KeyRings for a project and location. - * - * @param string $projectId - * @param string $locationId [optional] - * @return null - */ -function list_keyrings($projectId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s', - $projectId, - $locationId - ); - - // Get the CryptoKey versions and print them. - $keyRings = $kms->projects_locations_keyRings - ->listProjectsLocationsKeyRings($parent); - foreach ($keyRings as $keyRing) { - printf("Name: %s\nCreate Time: %s\n", - $keyRing->getName(), - $keyRing->getCreateTime() - ); - } -} -# [END kms_list_keyrings] - -# [START kms_get_cryptokey] -/** - * Get a CryptoKey. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $locationId [optional] - * @return null - */ -function get_cryptokey($projectId, $keyRingId, $cryptoKeyId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Get the CryptoKey and print it. - $cryptoKey = $kms->projects_locations_keyRings_cryptoKeys - ->get($parent); - printf("Name: %s\nCreate Time: %s\nPurpose: %s\nPrimary Version: %s\n", - $cryptoKey->getName(), - $cryptoKey->getCreateTime(), - $cryptoKey->getPurpose(), - $cryptoKey->getPrimary()->getName() - ); -} -# [END kms_get_cryptokey] - -# [START kms_list_cryptokeys] -/** - * List the CryptoKeys for a KeyRing. - * - * @param string $projectId - * @param string $keyRingId - * @param string $locationId [optional] - * @return null - */ -function list_cryptokeys($projectId, $keyRingId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - // Get the CryptoKey versions and print them. - $cryptoKeys = $kms->projects_locations_keyRings_cryptoKeys - ->listProjectsLocationsKeyRingsCryptoKeys($parent); - foreach ($cryptoKeys as $cryptoKey) { - printf("Name: %s\nCreate Time: %s\nPurpose: %s\nPrimary Version: %s\n\n", - $cryptoKey->getName(), - $cryptoKey->getCreateTime(), - $cryptoKey->getPurpose(), - $cryptoKey->getPrimary()->getName() - ); - } -} -# [END kms_list_cryptokey_versions] - -# [START kms_get_cryptokey_version] -/** - * Get the version for a CryptoKey. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param int $version - * @param string $locationId [optional] - * @return null - */ -function get_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the cryptokey version. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId, - $version - ); - - // Get the CryptoKey version and print it. - $cryptoKeyVersion = $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions - ->get($parent); - printf("Name: %s\nCreate Time: %s\nState: %s\n", - $cryptoKeyVersion->getName(), - $cryptoKeyVersion->getCreateTime(), - $cryptoKeyVersion->getState() - ); -} -# [END kms_get_cryptokey_version] - -# [START kms_list_cryptokey_versions] -/** - * List the versions for a CryptoKey. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $locationId [optional] - * @return null - */ -function list_cryptokey_versions($projectId, $keyRingId, $cryptoKeyId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Get the CryptoKey versions and print them. - $versions = $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions - ->listProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersions($parent); - foreach ($versions as $cryptoKeyVersion) { - printf("Name: %s\nCreate Time: %s\nState: %s\n\n", - $cryptoKeyVersion->getName(), - $cryptoKeyVersion->getCreateTime(), - $cryptoKeyVersion->getState() - ); - } -} -# [END kms_list_cryptokey_versions] - -# [START kms_encrypt] -/** - * Encrypt a text file. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $plaintextFileName The path to the file containing plaintext to encrypt. - * @param string $ciphertextFileName The path to write the ciphertext. - * @param string $locationId [optional] - * @return null - */ -function encrypt($projectId, $keyRingId, $cryptoKeyId, $plaintextFileName, $ciphertextFileName, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the cryptokey. - $name = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Use the KMS API to encrypt the text. - $encoded = base64_encode(file_get_contents($plaintextFileName)); - $request = new Google_Service_CloudKMS_EncryptRequest(); - $request->setPlaintext($encoded); - $response = $kms->projects_locations_keyRings_cryptoKeys->encrypt( - $name, - $request - ); - - // Write the encrypted text to a file. - file_put_contents($ciphertextFileName, base64_decode($response['ciphertext'])); - printf('Saved encrypted text to %s' . PHP_EOL, $ciphertextFileName); -} -# [END kms_encrypt] - -# [START kms_decrypt] -/** - * Decrypt a text file. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $ciphertextFileName The path to the ciphertext file to decrypt. - * @param string $plaintextFileName The path to write the decrypted plaintext file. - * @param string $locationId [optional] - * @return null - */ -function decrypt($projectId, $keyRingId, $cryptoKeyId, $ciphertextFileName, $plaintextFileName, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the cryptokey. - $name = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Use the KMS API to decrypt the text. - $ciphertext = base64_encode(file_get_contents($ciphertextFileName)); - $request = new Google_Service_CloudKMS_DecryptRequest(); - $request->setCiphertext($ciphertext); - $response = $kms->projects_locations_keyRings_cryptoKeys->decrypt( - $name, - $request - ); - - // Write the decrypted text to a file. - file_put_contents($plaintextFileName, base64_decode($response['plaintext'])); - printf('Saved decrypted text to %s' . PHP_EOL, $plaintextFileName); -} -# [END kms_decrypt] - -# [START kms_destroy_cryptokey_version] -/** - * Destroy a CryptoKey version. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $version - * @param string $locationId [optional] - * @return Google_Service_CloudKMS_CryptoKeyVersion - */ -function destroy_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey version. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId, - $version - ); - - // Destroy the CryptoKey version. - $request = new Google_Service_CloudKMS_DestroyCryptoKeyVersionRequest(); - $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions->destroy( - $parent, - $request - ); - - printf('Destroyed version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); -} -# [END kms_destroy_cryptokey_version] - -# [START kms_restore_cryptokey_version] -/** - * Restore a CryptoKey version. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $version - * @param string $locationId [optional] - * @return Google_Service_CloudKMS_CryptoKeyVersion - */ -function restore_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey version. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId, - $version - ); - - // Restore the CryptoKey version. - $request = new Google_Service_CloudKMS_RestoreCryptoKeyVersionRequest(); - $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions->restore( - $parent, - $request - ); - - printf('Restored version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); -} -# [END kms_restore_cryptokey_version] - -# [START kms_disable_cryptokey_version] -/** - * Disable a CryptoKey version. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param int $version - * @param string $locationId [optional] - * @return null - */ -function disable_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the KeyRing associated with the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId, - $version - ); - - // Disable the CryptoKey version. - $cryptoKeyVersion = $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions - ->get($parent); - $cryptoKeyVersion->setState('DISABLED'); - - $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions->patch( - $parent, - $cryptoKeyVersion, - ['updateMask' => 'state'] - ); - - printf('Disabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); -} -# [END kms_disable_cryptokey_version] - -# [START kms_enable_cryptokey_version] -/** - * Enable a CryptoKey version. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param int $version - * @param string $locationId [optional] - * @return null - */ -function enable_cryptokey_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the KeyRing associated with the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s/cryptoKeyVersions/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId, - $version - ); - - // Enable the CryptoKey version. - $cryptoKeyVersion = $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions - ->get($parent); - $cryptoKeyVersion->setState('ENABLED'); - - $kms->projects_locations_keyRings_cryptoKeys_cryptoKeyVersions->patch( - $parent, - $cryptoKeyVersion, - ['updateMask' => 'state'] - ); - - printf('Enabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); -} -# [END kms_enable_cryptokey_version] - -# [START kms_get_cryptokey_policy] -/** - * Get the IAM policy for a CryptoKey. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $locationId [optional] - * @return null - */ -function get_cryptokey_policy($projectId, $keyRingId, $cryptoKeyId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Get the current IAM policy and print it. - $policy = $kms->projects_locations_keyRings_cryptoKeys->getIamPolicy($parent); - foreach ($policy->getBindings() as $binding) { - printf("Role: %s\nMembers:\n%s\n", - $binding->getRole(), - implode("\n", $binding->getMembers()) - ); - } -} -# [END kms_get_cryptokey_policy] - -# [START kms_get_keyring_policy] -/** - * Get the IAM policy for a KeyRing. - * - * @param string $projectId - * @param string $keyRingId - * @param string $locationId [optional] - * @return null - */ -function get_keyring_policy($projectId, $keyRingId, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the location associated with the key rings. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - // Get the current IAM policy and print it. - $policy = $kms->projects_locations_keyRings->getIamPolicy($parent); - foreach ($policy->getBindings() as $binding) { - printf("Role: %s\nMembers:\n%s\n", - $binding->getRole(), - implode("\n", $binding->getMembers()) - ); - } -} -# [END kms_get_keyring_policy] - -# [START kms_remove_member_from_cryptokey_policy] -/** - * Remove a member from a CryptoKey IAM policy. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param string $member Must be in the format "user:$userEmail" or - * "serviceAccount:$serviceAccountEmail" - * @param string $role Must be in the format "roles/$role", - * "organizations/$organizationId/roles/$role", or "projects/$projectId/roles/$role" - * @param string $locationId [optional] - * @return null - */ -function remove_member_from_cryptokey_policy($projectId, $keyRingId, $cryptoKeyId, $member, $role, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the KeyRing associated with the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Get the current IAM policy and remove the member from it. - $policy = $kms->projects_locations_keyRings_cryptoKeys->getIamPolicy($parent); - foreach ($policy->getBindings() as $binding) { - if ($binding->getRole() == $role) { - $members = $binding->getMembers(); - if (false !== $i = array_search($member, $members)) { - unset($members[$i]); - $binding->setMembers($members); - break; - } - } - } - - // Set the new IAM Policy. - $request = new Google_Service_CloudKMS_SetIamPolicyRequest(['policy' => $policy]); - $kms->projects_locations_keyRings_cryptoKeys->setIamPolicy( - $parent, - $request - ); - - printf('Member %s removed from policy for cryptoKey %s in keyRing %s' . PHP_EOL, - $member, - $cryptoKeyId, - $keyRingId); -} -# [END kms_remove_member_from_cryptokey_policy] - -# [START kms_remove_member_from_keyring_policy] -/** - * Remove a member from a KeyRing IAM policy. - * - * @param string $projectId - * @param string $keyRingId - * @param string $member Must be in the format "user:$userEmail" or - * "serviceAccount:$serviceAccountEmail" - * @param string $role Must be in the format "roles/$role", - * "organizations/$organizationId/roles/$role", or "projects/$projectId/roles/$role" - * @param string $locationId [optional] - * @return null - */ -function remove_member_from_keyring_policy($projectId, $keyRingId, $member, $role, $locationId = 'global') -{ - // Instantiate the client, authenticate using Application Default Credentials, - // and add the scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the location associated with the KeyRing. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s', - $projectId, - $locationId, - $keyRingId - ); - - // Get the current IAM policy and remove the member from it. - $policy = $kms->projects_locations_keyRings->getIamPolicy($parent); - foreach ($policy->getBindings() as $binding) { - if ($binding->getRole() == $role) { - $members = $binding->getMembers(); - if (false !== $i = array_search($member, $members)) { - unset($members[$i]); - $binding->setMembers($members); - break; - } - } - } - - // Set the new IAM Policy. - $request = new Google_Service_CloudKMS_SetIamPolicyRequest(['policy' => $policy]); - $kms->projects_locations_keyRings->setIamPolicy( - $parent, - $request - ); - - printf('Member %s removed from policy for keyRing %s' . PHP_EOL, - $member, - $keyRingId); -} -# [END kms_remove_member_from_keyring_policy] - -# [START kms_set_cryptokey_primary_version] -/** - * Set a CryptoKey version as primary. - * - * @param string $projectId - * @param string $keyRingId - * @param string $cryptoKeyId - * @param int $version - * @param string $locationId [optional] - * @return null - */ -function set_cryptokey_primary_version($projectId, $keyRingId, $cryptoKeyId, $version, $locationId = 'global') -{ - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - - // Create the Cloud KMS client. - $kms = new Google_Service_CloudKMS($client); - - // The resource name of the KeyRing associated with the CryptoKey. - $parent = sprintf('projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s', - $projectId, - $locationId, - $keyRingId, - $cryptoKeyId - ); - - // Update the CryptoKey primary version. - $request = new Google_Service_CloudKMS_UpdateCryptoKeyPrimaryVersionRequest(); - $request->setCryptoKeyVersionId($version); - $cryptoKey = $kms->projects_locations_keyRings_cryptoKeys->updatePrimaryVersion( - $parent, - $request - ); - - printf('Set %s as primary version for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); -} -# [END kms_set_cryptokey_primary_version] diff --git a/kms/src/get_cryptokey.php b/kms/src/get_cryptokey.php new file mode 100644 index 0000000000..d60980f626 --- /dev/null +++ b/kms/src/get_cryptokey.php @@ -0,0 +1,56 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +// Get the CryptoKey and print it. +$cryptoKey = $kms->getCryptoKey($cryptoKeyName); + +printf("Name: %s\nCreate Time: %s\nPurpose: %s\nPrimary Version: %s\n", + $cryptoKey->getName(), + date('Y-m-d H:i:s', $cryptoKey->getCreateTime()->getSeconds()), + $cryptoKey->getPurpose(), + $cryptoKey->getPrimary()->getName() +); +# [END kms_get_cryptokey] diff --git a/kms/src/get_cryptokey_version.php b/kms/src/get_cryptokey_version.php new file mode 100644 index 0000000000..b18ac61d1a --- /dev/null +++ b/kms/src/get_cryptokey_version.php @@ -0,0 +1,56 @@ +cryptoKeyVersionName($projectId, $locationId, $keyRingId, $cryptoKeyId, $version); + +// Get the CryptoKey and print it. +$cryptoKeyVersion = $kms->getCryptoKeyVersion($cryptoKeyVersionName); + +printf("Name: %s\nCreate Time: %s\nState: %s\n", + $cryptoKeyVersion->getName(), + date('Y-m-d H:i:s', $cryptoKeyVersion->getCreateTime()->getSeconds()), + $cryptoKeyVersion->getState() +); +# [END kms_get_cryptokey_version] diff --git a/kms/src/get_keyring.php b/kms/src/get_keyring.php new file mode 100644 index 0000000000..adf30821dd --- /dev/null +++ b/kms/src/get_keyring.php @@ -0,0 +1,53 @@ +keyRingName($projectId, $locationId, $keyRingId); + +// Get the Key Ring and print it. +$keyRing = $kms->getKeyRing($keyRingName); + +printf("Name: %s\nCreate Time: %s\n", + $keyRing->getName(), + date('Y-m-d H:i:s', $keyRing->getCreateTime()->getSeconds()) +); +# [END kms_get_keyring] diff --git a/kms/src/list_cryptokey_versions.php b/kms/src/list_cryptokey_versions.php new file mode 100644 index 0000000000..c10ae38846 --- /dev/null +++ b/kms/src/list_cryptokey_versions.php @@ -0,0 +1,56 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + + // Get the Key Rings and print them. +$cryptoKeyVersions = $kms->listCryptoKeyVersions($cryptoKeyName); +foreach ($cryptoKeyVersions as $cryptoKeyVersion) { + printf("Name: %s\nCreate Time: %s\nState: %s\n\n", + $cryptoKeyVersion->getName(), + date('Y-m-d H:i:s', $cryptoKeyVersion->getCreateTime()->getSeconds()), + $cryptoKeyVersion->getState() + ); +} +# [END kms_list_cryptokey_versions] diff --git a/kms/src/list_cryptokeys.php b/kms/src/list_cryptokeys.php new file mode 100644 index 0000000000..17c730a4f0 --- /dev/null +++ b/kms/src/list_cryptokeys.php @@ -0,0 +1,56 @@ +keyRingName($projectId, $locationId, $keyRingId); + + // Get the Key Rings and print them. +$cryptoKeys = $kms->listCryptoKeys($keyRingName); +foreach ($cryptoKeys as $cryptoKey) { + printf("Name: %s\nCreate Time: %s\nPurpose: %s\nPrimary Version: %s\n\n", + $cryptoKey->getName(), + date('Y-m-d H:i:s', $cryptoKey->getCreateTime()->getSeconds()), + $cryptoKey->getPurpose(), + $cryptoKey->getPrimary()->getName() + ); +} +# [END kms_list_cryptokeys] diff --git a/kms/src/list_keyrings.php b/kms/src/list_keyrings.php new file mode 100644 index 0000000000..1b45b9bf73 --- /dev/null +++ b/kms/src/list_keyrings.php @@ -0,0 +1,53 @@ +locationName($projectId, $locationId); + + // Get the Key Rings and print them. +$keyRings = $kms->listKeyRings($locationName); +foreach ($keyRings as $keyRing) { + printf("Name: %s\nCreate Time: %s\n", + $keyRing->getName(), + date('Y-m-d H:i:s', $keyRing->getCreateTime()->getSeconds()) + ); +} +# [END kms_list_keyrings] diff --git a/kms/src/remove_member_from_cryptokey_policy.php b/kms/src/remove_member_from_cryptokey_policy.php new file mode 100644 index 0000000000..32ae9f6d77 --- /dev/null +++ b/kms/src/remove_member_from_cryptokey_policy.php @@ -0,0 +1,72 @@ +keyRingName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +// Get the current IAM policy and remove the account to it. +$policy = $kms->getIamPolicy($cryptoKeyName); +foreach ($policy->getBindings() as $binding) { + if ($binding->getRole() == $role) { + $members = $binding->getMembers(); + foreach ($members as $i => $existingMember) { + if ($member == $existingMember) { + unset($members[$i]); + $binding->setMembers($members); + break; + } + } + } +} + +// Set the new IAM Policy. +$kms->setIamPolicy($cryptoKeyName, $policy); + +printf('Member %s removed from policy for cryptoKey %s in keyRing %s' . PHP_EOL, + $member, + $cryptoKeyId, + $keyRingId); +# [END kms_add_member_to_keyring_policy] diff --git a/kms/src/remove_member_from_keyring_policy.php b/kms/src/remove_member_from_keyring_policy.php new file mode 100644 index 0000000000..f14f2772f0 --- /dev/null +++ b/kms/src/remove_member_from_keyring_policy.php @@ -0,0 +1,70 @@ +keyRingName($projectId, $locationId, $keyRingId); + +// Get the current IAM policy and remove the account to it. +$policy = $kms->getIamPolicy($keyRingName); +foreach ($policy->getBindings() as $binding) { + if ($binding->getRole() == $role) { + $members = $binding->getMembers(); + foreach ($members as $i => $existingMember) { + if ($member == $existingMember) { + unset($members[$i]); + $binding->setMembers($members); + break; + } + } + } +} + +// Set the new IAM Policy. +$kms->setIamPolicy($keyRingName, $policy); + +printf('Member %s removed from policy for keyRing %s' . PHP_EOL, + $member, + $keyRingId); +# [END kms_add_member_to_keyring_policy] diff --git a/kms/src/restore_cryptokey_version.php b/kms/src/restore_cryptokey_version.php new file mode 100644 index 0000000000..17386aaf59 --- /dev/null +++ b/kms/src/restore_cryptokey_version.php @@ -0,0 +1,52 @@ +cryptoKeyVersionName($projectId, $locationId, $keyRingId, $cryptoKeyId, $version); + +// Get the CryptoKey. +$cryptoKeyVersion = $kms->restoreCryptoKeyVersion($cryptoKeyVersionName); + +printf('Restored version %s for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); +# [END kms_restore_cryptokey_version] diff --git a/kms/src/set_cryptokey_primary_version.php b/kms/src/set_cryptokey_primary_version.php new file mode 100644 index 0000000000..d3c2afe642 --- /dev/null +++ b/kms/src/set_cryptokey_primary_version.php @@ -0,0 +1,52 @@ +cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId); + +// Update the crypto key primary version. +$kms->updateCryptoKeyPrimaryVersion($cryptoKeyName, $version); + +printf('Set %s as primary version for cryptoKey %s in keyRing %s' . PHP_EOL, $version, $cryptoKeyId, $keyRingId); +# [END kms_set_cryptokey_primary_version] diff --git a/kms/test/kmsTest.php b/kms/test/kmsTest.php index dd48479050..247f67bf82 100644 --- a/kms/test/kmsTest.php +++ b/kms/test/kmsTest.php @@ -17,31 +17,26 @@ namespace Google\Cloud\Samples\Kms; -use Google_Client; -use Google_Service_CloudKMS; -use Google_Service_CloudKMS_DecryptRequest; use Google\Cloud\TestUtils\TestTrait; -use Google\Cloud\TestUtils\ExecuteCommandTrait; class kmsTest extends \PHPUnit_Framework_TestCase { use TestTrait; - use ExecuteCommandTrait; - private static $commandFile = __DIR__ . '/../kms.php'; + private static $locationId = 'global'; private static $encryptedFile; private static $tempRing; private static $tempKey; private static $tempVersion; - private $ring; - private $key; - private $altKey; + private static $ring; + private static $key; + private static $altKey; - public function setUp() + public static function setUpBeforeClass() { - $this->ring = $this->requireEnv('GOOGLE_KMS_KEYRING'); - $this->key = $this->requireEnv('GOOGLE_KMS_CRYPTOKEY'); - $this->altKey = $this->requireEnv('GOOGLE_KMS_CRYPTOKEY_ALTERNATE'); + self::$ring = self::requireEnv('GOOGLE_KMS_KEYRING'); + self::$key = self::requireEnv('GOOGLE_KMS_CRYPTOKEY'); + self::$altKey = self::requireEnv('GOOGLE_KMS_CRYPTOKEY_ALTERNATE'); } public function testEncrypt() @@ -49,41 +44,15 @@ public function testEncrypt() $infile = __DIR__ . '/data/plaintext.txt'; $outfile = sys_get_temp_dir() . '/plaintext.txt.encrypted'; - $output = $this->runCommand('encryption', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - 'infile' => $infile, - 'outfile' => $outfile, - '--project' => self::$projectId, + $output = $this->runSnippet('encrypt', [ + self::$ring, + self::$key, + $infile, + $outfile ]); $this->assertTrue(file_exists($outfile)); - // assert the text matches - $parent = sprintf( - 'projects/%s/locations/global/keyRings/%s/cryptoKeys/%s', - self::$projectId, - $this->ring, - $this->key - ); - // Instantiate the client, authenticate, and add scopes. - $client = new Google_Client(); - $client->useApplicationDefaultCredentials(); - $client->addScope('https://www.googleapis.com/auth/cloud-platform'); - $kms = new Google_Service_CloudKMS($client); - // create the decrypt request - $request = new Google_Service_CloudKMS_DecryptRequest([ - 'ciphertext' => base64_encode(file_get_contents($outfile)) - ]); - $response = $kms->projects_locations_keyRings_cryptoKeys->decrypt( - $parent, - $request - ); - $this->assertEquals( - file_get_contents(__DIR__ . '/data/plaintext.txt'), - base64_decode($response['plaintext']) - ); - $this->assertContains(sprintf('Saved encrypted text to %s' . PHP_EOL, $outfile), $output); self::$encryptedFile = $outfile; @@ -94,13 +63,11 @@ public function testDecrypt() { $outfile = sys_get_temp_dir() . '/plaintext.txt.decrypted'; - $output = $this->runCommand('encryption', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - 'infile' => self::$encryptedFile, - 'outfile' => $outfile, - '--decrypt' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('decrypt', [ + self::$ring, + self::$key, + self::$encryptedFile, + $outfile ]); $this->assertTrue(file_exists($outfile)); @@ -116,16 +83,16 @@ public function testAddUserToKeyRing() { $userEmail = 'betterbrent@google.com'; - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - '--user-email' => $userEmail, - '--project' => self::$projectId, + $output = $this->runSnippet('add_member_to_keyring_policy', [ + self::$ring, + 'user:' . $userEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member user:%s added to policy for keyRing %s' . PHP_EOL, $userEmail, - $this->ring + self::$ring ), $output); } @@ -136,17 +103,16 @@ public function testRemoveUserFromKeyRing() { $userEmail = 'betterbrent@google.com'; - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - '--user-email' => $userEmail, - '--remove' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('remove_member_from_keyring_policy', [ + self::$ring, + 'user:' . $userEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member user:%s removed from policy for keyRing %s' . PHP_EOL, $userEmail, - $this->ring + self::$ring ), $output); } @@ -154,18 +120,18 @@ public function testAddUserToCryptoKey() { $userEmail = 'betterbrent@google.com'; - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - '--user-email' => $userEmail, - '--project' => self::$projectId, + $output = $this->runSnippet('add_member_to_cryptokey_policy', [ + self::$ring, + self::$key, + 'user:' . $userEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member user:%s added to policy for cryptoKey %s in keyRing %s' . PHP_EOL, $userEmail, - $this->key, - $this->ring + self::$key, + self::$ring ), $output); } @@ -176,19 +142,18 @@ public function testRemoveUserFromCryptoKey() { $userEmail = 'betterbrent@google.com'; - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - '--user-email' => $userEmail, - '--remove' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('remove_member_from_cryptokey_policy', [ + self::$ring, + self::$key, + 'user:' . $userEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member user:%s removed from policy for cryptoKey %s in keyRing %s' . PHP_EOL, $userEmail, - $this->key, - $this->ring + self::$key, + self::$ring ), $output); } @@ -196,18 +161,18 @@ public function testAddServiceAccountToCryptoKey() { $serviceAccountEmail = $this->requireEnv('GOOGLE_KMS_SERVICEACCOUNTEMAIL'); - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - '--service-account-email' => $serviceAccountEmail, - '--project' => self::$projectId, + $output = $this->runSnippet('add_member_to_cryptokey_policy', [ + self::$ring, + self::$key, + 'serviceAccount:' . $serviceAccountEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member serviceAccount:%s added to policy for cryptoKey %s in keyRing %s' . PHP_EOL, $serviceAccountEmail, - $this->key, - $this->ring + self::$key, + self::$ring ), $output); } @@ -218,19 +183,18 @@ public function testRemoveServiceAccountFromCryptoKey() { $serviceAccountEmail = $this->requireEnv('GOOGLE_KMS_SERVICEACCOUNTEMAIL'); - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->key, - '--service-account-email' => $serviceAccountEmail, - '--remove' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('remove_member_from_cryptokey_policy', [ + self::$ring, + self::$key, + 'serviceAccount:' . $serviceAccountEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member serviceAccount:%s removed from policy for cryptoKey %s in keyRing %s' . PHP_EOL, $serviceAccountEmail, - $this->key, - $this->ring + self::$key, + self::$ring ), $output); } @@ -238,16 +202,16 @@ public function testAddServiceAccountToKeyRing() { $serviceAccountEmail = $this->requireEnv('GOOGLE_KMS_SERVICEACCOUNTEMAIL'); - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - '--service-account-email' => $serviceAccountEmail, - '--project' => self::$projectId, + $output = $this->runSnippet('add_member_to_keyring_policy', [ + self::$ring, + 'serviceAccount:' . $serviceAccountEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member serviceAccount:%s added to policy for keyRing %s' . PHP_EOL, $serviceAccountEmail, - $this->ring + self::$ring ), $output); } @@ -258,25 +222,23 @@ public function testRemoveServiceAccountFromKeyRing() { $serviceAccountEmail = $this->requireEnv('GOOGLE_KMS_SERVICEACCOUNTEMAIL'); - $output = $this->runCommand('iam', [ - 'keyring' => $this->ring, - '--service-account-email' => $serviceAccountEmail, - '--remove' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('remove_member_from_keyring_policy', [ + self::$ring, + 'serviceAccount:' . $serviceAccountEmail, + 'roles/cloudkms.cryptoKeyEncrypterDecrypter' ]); $this->assertContains(sprintf( 'Member serviceAccount:%s removed from policy for keyRing %s' . PHP_EOL, $serviceAccountEmail, - $this->ring + self::$ring ), $output); } public function testListCryptoKeys() { - $output = $this->runCommand('key', [ - 'keyring' => $this->ring, - '--project' => self::$projectId, + $output = $this->runSnippet('list_cryptokeys', [ + self::$ring ]); $this->assertContains('Name: ', $output); @@ -288,17 +250,15 @@ public function testListCryptoKeys() public function testCreateCryptoKey() { self::$tempKey = 'test-crypto-key-' . time(); - $output = $this->runCommand('key', [ - 'keyring' => $this->ring, - 'cryptokey' => self::$tempKey, - '--create' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('create_cryptokey', [ + self::$ring, + self::$tempKey ]); $this->assertContains(sprintf( 'Created cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempKey, - $this->ring + self::$ring ), $output); } @@ -307,10 +267,9 @@ public function testCreateCryptoKey() */ public function testGetCryptoKey() { - $output = $this->runCommand('key', [ - 'keyring' => $this->ring, - 'cryptokey' => self::$tempKey, - '--project' => self::$projectId, + $output = $this->runSnippet('get_cryptokey', [ + self::$ring, + self::$tempKey ]); $this->assertContains(self::$tempKey, $output); @@ -321,9 +280,7 @@ public function testGetCryptoKey() public function testListKeyRings() { - $output = $this->runCommand('keyring', [ - '--project' => self::$projectId, - ]); + $output = $this->runSnippet('list_keyrings'); $this->assertContains('Name: ', $output); $this->assertContains('Create Time: ', $output); @@ -332,10 +289,8 @@ public function testListKeyRings() public function testCreateKeyRing() { self::$tempRing = 'test-key-ring-' . time(); - $output = $this->runCommand('keyring', [ - 'keyring' => self::$tempRing, - '--create' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('create_keyring', [ + self::$tempRing, ]); $this->assertContains(sprintf('Created keyRing %s' . PHP_EOL, self::$tempRing), $output); @@ -346,9 +301,8 @@ public function testCreateKeyRing() */ public function testGetKeyRing() { - $output = $this->runCommand('keyring', [ - 'keyring' => self::$tempRing, - '--project' => self::$projectId, + $output = $this->runSnippet('get_keyring', [ + self::$tempRing, ]); $this->assertContains(self::$tempRing, $output); @@ -357,10 +311,9 @@ public function testGetKeyRing() public function testListCryptoKeyVersions() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - '--project' => self::$projectId, + $output = $this->runSnippet('list_cryptokey_versions', [ + self::$ring, + self::$altKey ]); $this->assertContains('Name: ', $output); @@ -370,17 +323,15 @@ public function testListCryptoKeyVersions() public function testCreateCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - '--create' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('create_cryptokey_version', [ + self::$ring, + self::$altKey, ]); $regex = sprintf( '/Created version (\d+) for cryptoKey %s in keyRing %s/' . PHP_EOL, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ); $this->assertEquals(1, preg_match($regex, $output, $matches)); self::$tempVersion = $matches[1]; @@ -391,11 +342,10 @@ public function testCreateCryptoKeyVersion() */ public function testGetCryptoKeyVersions() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--project' => self::$projectId, + $output = $this->runSnippet('get_cryptokey_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains('Name: ', $output); @@ -408,19 +358,17 @@ public function testGetCryptoKeyVersions() */ public function testDisableCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--disable' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('disable_cryptokey_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains(sprintf( 'Disabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempVersion, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ), $output); } @@ -429,19 +377,17 @@ public function testDisableCryptoKeyVersion() */ public function testEnableCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--enable' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('enable_cryptokey_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains(sprintf( 'Enabled version %s for cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempVersion, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ), $output); } @@ -450,19 +396,17 @@ public function testEnableCryptoKeyVersion() */ public function testDestroyCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--destroy' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('destroy_cryptokey_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains(sprintf( 'Destroyed version %s for cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempVersion, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ), $output); } @@ -471,19 +415,17 @@ public function testDestroyCryptoKeyVersion() */ public function testRestoreCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--restore' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('restore_cryptokey_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains(sprintf( 'Restored version %s for cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempVersion, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ), $output); } @@ -492,19 +434,25 @@ public function testRestoreCryptoKeyVersion() */ public function testSetPrimaryCryptoKeyVersion() { - $output = $this->runCommand('version', [ - 'keyring' => $this->ring, - 'cryptokey' => $this->altKey, - 'version' => self::$tempVersion, - '--set-primary' => true, - '--project' => self::$projectId, + $output = $this->runSnippet('set_cryptokey_primary_version', [ + self::$ring, + self::$altKey, + self::$tempVersion, ]); $this->assertContains(sprintf( 'Set %s as primary version for cryptoKey %s in keyRing %s' . PHP_EOL, self::$tempVersion, - $this->altKey, - $this->ring + self::$altKey, + self::$ring ), $output); } + + private function runSnippet($sampleName, $params = []) + { + $argv = array_merge([0, self::$projectId, self::$locationId], $params); + ob_start(); + require __DIR__ . "/../src/$sampleName.php"; + return ob_get_clean(); + } } diff --git a/kms/test/quickstartTest.php b/kms/test/quickstartTest.php index 774a66374c..30c958ab09 100644 --- a/kms/test/quickstartTest.php +++ b/kms/test/quickstartTest.php @@ -37,9 +37,8 @@ public function testQuickstart() $output = ob_get_clean(); // Make sure it looks correct - $this->assertInstanceOf('Google_Service_CloudKMS_ListKeyRingsResponse', $keyRings); - $this->assertTrue(count($keyRings) > 0); - $this->assertNotNull($keyRings[0]->name); - $this->assertContains($keyRings[0]->name, $output); + $this->assertInstanceOf('Google\ApiCore\PagedListResponse', $keyRings); + $this->assertNotNull($keyRing = $keyRings->iterateAllElements()->current()); + $this->assertContains($keyRing->getName(), $output); } }