Python KMS Apiary P1 samples #779
Conversation
…n-docs-samples into python-kms-samples
googlebot
added
the
cla: yes
kms/api/functions.py
Outdated
|
|
||
|
|
||
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): |
There was a problem hiding this comment.
docstrings throughout, please.
e.g.:
"""Creates a keyring in the given location."""I might be useful to list the locations that are available.
kms/api/functions.py
Outdated
| import argparse | ||
| import base64 | ||
|
|
||
| # Imports the Google APIs client library |
There was a problem hiding this comment.
This comment isn't necessary.
kms/api/functions.py
Outdated
| # Creates an API client for the KMS API. | ||
| kms_client = discovery.build('cloudkms', 'v1beta1') | ||
|
|
||
| # The resource name of the location associated with the KeyRing. |
There was a problem hiding this comment.
nit: Does KeyRing need to be cased as such?
There was a problem hiding this comment.
The cloud.google.com documentation refers to them as "CryptoKey" "KeyRing" etc. (https://cloud-dot-devsite.googleplex.com/kms/docs/creating-keys) and so does the Python API library documentation (https://developers.google.com/resources/api-libraries/documentation/cloudkms/v1beta1/python/latest/cloudkms_v1beta1.projects.locations.keyRings.cryptoKeys.html#getIamPolicy).
The canonical sample also uses this casing in comments.
kms/api/functions.py
Outdated
|
|
||
| # Create KeyRing | ||
| request = kms_client.projects().locations().keyRings().create( | ||
| parent=parent, body={}, keyRingId=keyring) |
There was a problem hiding this comment.
We need body for the request, where one can include optional specification fields (https://developers.google.com/resources/api-libraries/documentation/cloudkms/v1beta1/python/latest/cloudkms_v1beta1.projects.locations.keyRings.cryptoKeys.html#create). The canonical sample doesn't include any of the optional fields.
kms/api/functions.py
Outdated
| parent=parent, body={}, keyRingId=keyring) | ||
| response = request.execute() | ||
|
|
||
| print 'Created KeyRing {}.'.format(response["name"]) |
There was a problem hiding this comment.
You need to use print-as-a-function for this to work on Python 3.
(In general, you should be developing with Python 3.6, let me know if you need help setting that up)
kms/api/functions.py
Outdated
| response = request.execute() | ||
|
|
||
| # Write the encrypted text to a file. | ||
| o = open(outfile, 'w') |
There was a problem hiding this comment.
use a context manager here as well.
Also, is the ciphertext base64 encoded? If not, you should open the file as binary rb.
kms/api/functions.py
Outdated
|
|
||
|
|
||
| # [START kms_decrypt] | ||
| def decrypt(project_id, location, keyring, cryptokey, infile, outfile): |
There was a problem hiding this comment.
Apply my same comments from encrypt to this function.
kms/api/functions.py
Outdated
| project_id, location, keyring, cryptokey) | ||
|
|
||
| # Get the current IAM policy and add the new member to it. | ||
| policy_request = kms_client.projects().locations().keyRings().cryptoKeys().getIamPolicy(resource=parent) |
There was a problem hiding this comment.
Holy cow. How is this done in other languages?
There was a problem hiding this comment.
talked with Brent and it looks like the API handles duplicates and everything, so I changed this so now I just append the new role / member pair to the end of the bindings.
kms/api/functions_test.py
Outdated
|
|
||
|
|
||
| # Your Google Cloud Platform project ID | ||
| PROJECT_ID = 'YOUR_PROJECT_ID' |
There was a problem hiding this comment.
This is available from the cloud_config fixture.
kms/api/functions_test.py
Outdated
| # Your Google Cloud Platform CryptoKey name | ||
| CRYPTOKEY = 'sample-key-4' | ||
|
|
||
| # An infile for text to be encrypted |
There was a problem hiding this comment.
Use pytest's tmpfile fixture for files, please.
kms/api-client/functions.py
Outdated
|
|
||
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): | ||
| """Creates a KeyRing in the given location. Potential locations include: |
There was a problem hiding this comment.
Summary should be one sentence.
kms/api-client/functions.py
Outdated
| # [START kms_create_keyring] | ||
| def create_keyring(project_id, location, keyring): | ||
| """Creates a KeyRing in the given location. Potential locations include: | ||
| global, asia-east1, europe-west1, us-central1, and us-east1.""" |
There was a problem hiding this comment.
Since these can change, better to just link to the documentation.
There was a problem hiding this comment.
can't seem to find any documentation that lists out all locations. gonna just say "(e.g. global)."
kms/api-client/functions.py
Outdated
|
|
||
| # Create a CryptoKey for the given KeyRing. | ||
| request = kms_client.projects().locations().keyRings().cryptoKeys().create( | ||
| parent=parent, body={"purpose": 'ENCRYPT_DECRYPT'}, |
There was a problem hiding this comment.
single quotes everywhere (except for docstrings), please.
kms/api-client/functions.py
Outdated
| # Read text from the input file. | ||
| with io.open(plaintext_file_name, 'rb') as plaintext_file: | ||
| plaintext = plaintext_file.read() | ||
| encoded_text = base64.b64encode(plaintext) |
There was a problem hiding this comment.
You can de-dent everything after the call to read(). You no longer need the file open after getting its contents.
kms/api-client/functions.py
Outdated
| kms_client = discovery.build('cloudkms', 'v1beta1') | ||
|
|
||
| # Construct the resource name of the CryptoKeyVersion. | ||
| name = 'projects/{}/locations/{}/'.format(project_id, location) |
There was a problem hiding this comment.
do this to break the string up over multiple lines:
name = (
'projects/..........'
'/....'
'.....')Python will automatically concatenate them.
kms/api-client/functions.py
Outdated
| @@ -0,0 +1,292 @@ | |||
| #!/usr/bin/env python | |||
There was a problem hiding this comment.
name this file snippets.py.
kms/api-client/functions_test.py
Outdated
| import functions | ||
|
|
||
|
|
||
| # Your Google Cloud Platform Key Location |
There was a problem hiding this comment.
The audience for these comments is us, the maintainers. So maybe it makes sense to either remove or revise them?
There was a problem hiding this comment.
Revised them. Kept a few comments for my own reference in the future.
kms/api-client/functions_test.py
Outdated
| functions.create_cryptokey( | ||
| cloud_config.project, LOCATION, KEYRING, CRYPTOKEY) | ||
| out, _ = capsys.readouterr() | ||
| expected = 'Created CryptoKey projects/{}/'.format(cloud_config.project) |
There was a problem hiding this comment.
see my previous comment about breaking up long strings.
kms/api-client/functions_test.py
Outdated
| encrypted_file_name, decrypted_file_name) | ||
|
|
||
| # Make sure the decrypted text matches the original text. | ||
| decrypted_text = open(decrypted_file_name).read() |
There was a problem hiding this comment.
if you hadn't already cast to a str, you could do decrypted_file.read().
There was a problem hiding this comment.
changed (now setting up variables like 'plaintext_file', and then calling encrypt / decrypt with str(plaintext_file) )
kms/api-client/functions_test.py
Outdated
| assert 'Saved decrypted text to {}.'.format(decrypted_file_name) in out | ||
|
|
||
|
|
||
| def test_encrypt_decrypt_cli(capsys, cloud_config, tmpdir): |
There was a problem hiding this comment.
This test isn't necessary - we don't typically test the argparse section.
| resource=parent, body={'policy': policy_response}) | ||
| request.execute() | ||
|
|
||
| print_msg = ( |
There was a problem hiding this comment.
Don't do this, you can put this all within the print statement.
|
The README should be updated to include |
Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399
…ython-docs-samples into python-kms-samples
Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1
Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1
Done. |
|
@ryanmats You still need to add the remaining commands for the rest of the samples in snippets. Currently there's just |
|
@ryanmats can you run the nox readmegen session for this sample? After that, feel free to merge. |
…n-docs-samples into python-kms-samples
|
@dpebot will you merge when travis passes? |
|
Okay! I'll merge when all statuses are green and all reviewers approve. |
dpebot
added
the
automerge
…-samples#779) * Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
* Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
…-samples#779) * Draft of first half of KMS samples * reversed wrong change * KMS Apiary Python samples - P1 * Few minor style issues * Adding back in space i accidentally deleted * Addressed all code review comments * Renamed api directory to api-client * Addressed more code review comments * Formatting change * Fix quickstart test Change-Id: Ib79dc1345c9c40547f3fd4e9c3c9a48963a3b399 * Update readme Change-Id: Icf4a66083f56d6f51be76ba1cf3b5dc8daf2c4c1 * Add readme Change-Id: I2fbaa55092ef8787f1423d499aa310cab258c0c1 * Added parsers * Final minor changes to parsers * Added autogenerated README * Changed snippets_test keyring name and cryptokey name
Drafts of KMS Apiary Python P1 Samples
Had a few linting issues with really long lines - not sure how to fix those. Other than those, I addressed all the linting issues.