Fix mockgcp for KMSImportJob

Author: maqiuyujoyce

mockgcp/mock_http_roundtrip.go

@@ -80,10 +80,8 @@ import (
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockgcpregistry"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockgkehub"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockgkemulticloud"
-	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockkms"
 	_ "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockiam"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockkms"
-	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockkms"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mocklogging"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockmanagedkafka"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/mockmonitoring"
@@ -264,6 +262,7 @@ func NewMockRoundTripper(ctx context.Context, k8sClient client.Client, storage s
 	services = append(services, mockdataplex.New(env, storage))
 	services = append(services, mockclouddms.New(env, storage))
 	services = append(services, mockvmwareengine.New(env, storage))
+	services = append(services, mockkms.New(env, storage))
 
 	for _, service := range services {
 		service.Register(server)

mockgcp/mockaiplatform/testdata/schedule/crud/_http.log

@@ -92,13 +92,13 @@ X-Xss-Protection: 0
         },
         "parent": "projects/${projectId}/locations/us-central1"
       },
-      "createTime": "2024-01-01T12:34:56.123456Z",
+      "createTime": "2024-04-01T12:34:56.123456Z",
       "cron": "* * * * *",
       "displayName": "test-${uniqueId}",
       "maxConcurrentRunCount": "1",
       "name": "projects/${projectNumber}/locations/us-central1/schedules/test-${uniqueId}",
       "nextRunTime": "2024-04-01T12:34:56.123456Z",
-      "startTime": "2024-01-03T12:34:56.123456Z",
+      "startTime": "2024-04-01T12:34:56.123456Z",
       "state": "ACTIVE"
     }
   ]
@@ -179,13 +179,13 @@ X-Xss-Protection: 0
         },
         "parent": "projects/${projectId}/locations/us-central1"
       },
-      "createTime": "2024-01-01T12:34:56.123456Z",
+      "createTime": "2024-04-01T12:34:56.123456Z",
       "cron": "* * * * *",
       "displayName": "test-${uniqueId}",
       "maxConcurrentRunCount": "1",
       "name": "projects/${projectNumber}/locations/us-central1/schedules/test-${uniqueId}",
       "nextRunTime": "2024-04-01T12:34:56.123456Z",
-      "startTime": "2024-01-03T12:34:56.123456Z",
+      "startTime": "2024-04-01T12:34:56.123456Z",
       "state": "ACTIVE"
     }
   ]

mockgcp/mockkms/importjob.go

@@ -14,7 +14,7 @@
 
 // +tool:mockgcp-support
 // proto.service: google.cloud.kms.v1.KeyManagementService
-// proto.message: google.cloud.kms.v1.KeyRing
+// proto.message: google.cloud.kms.v1.ImportJob
 
 package mockkms
 
@@ -29,32 +29,52 @@ import (
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
-	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/common/projects"
 	pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/pkg/storage"
 )
 
-func (r *kmsServer) GetKeyRing(ctx context.Context, req *pb.GetKeyRingRequest) (*pb.KeyRing, error) {
-	name, err := r.parseKeyRingName(req.Name)
+func (s *kmsServer) GetImportJob(ctx context.Context, req *pb.GetImportJobRequest) (*pb.ImportJob, error) {
+	name, err := s.parseImportJobName(req.Name)
 	if err != nil {
 		return nil, err
 	}
 
 	fqn := name.String()
 
-	obj := &pb.KeyRing{}
-	if err := r.storage.Get(ctx, fqn, obj); err != nil {
+	obj := &pb.ImportJob{}
+	if err := s.storage.Get(ctx, fqn, obj); err != nil {
 		if status.Code(err) == codes.NotFound {
-			return nil, status.Errorf(codes.NotFound, "KeyRing %s not found.", fqn)
+			return nil, status.Errorf(codes.NotFound, "ImportJob %s not found.", fqn)
 		}
 		return nil, err
 	}
 
 	return obj, nil
 }
 
-func (r *kmsServer) CreateKeyRing(ctx context.Context, req *pb.CreateKeyRingRequest) (*pb.KeyRing, error) {
-	reqName := fmt.Sprintf("%s/keyRings/%s", req.GetParent(), req.GetKeyRingId())
-	name, err := r.parseKeyRingName(reqName)
+func (s *kmsServer) ListImportJobs(ctx context.Context, req *pb.ListImportJobsRequest) (*pb.ListImportJobsResponse, error) {
+	var importJobs []*pb.ImportJob
+
+	importJobKind := (&pb.ImportJob{}).ProtoReflect().Descriptor()
+	if err := s.storage.List(ctx, importJobKind, storage.ListOptions{}, func(obj proto.Message) error {
+		importJob := obj.(*pb.ImportJob)
+		if strings.HasPrefix(importJob.GetName(), req.Parent) {
+			importJobs = append(importJobs, importJob)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return &pb.ListImportJobsResponse{
+		ImportJobs: importJobs,
+		TotalSize:  int32(len(importJobs)),
+	}, nil
+}
+
+func (s *kmsServer) CreateImportJob(ctx context.Context, req *pb.CreateImportJobRequest) (*pb.ImportJob, error) {
+	reqName := fmt.Sprintf("%s/importJobs/%s", req.GetParent(), req.GetImportJobId())
+	name, err := s.parseImportJobName(reqName)
 	if err != nil {
 		return nil, err
 	}
@@ -63,53 +83,71 @@ func (r *kmsServer) CreateKeyRing(ctx context.Context, req *pb.CreateKeyRingRequ
 
 	now := time.Now()
 
-	obj := proto.Clone(req.GetKeyRing()).(*pb.KeyRing)
+	obj := proto.Clone(req.GetImportJob()).(*pb.ImportJob)
 	obj.Name = fqn
 	obj.CreateTime = timestamppb.New(now)
+	obj.ExpireTime = timestamppb.New(now)
+	obj.ImportMethod = pb.ImportJob_RSA_OAEP_3072_SHA1_AES_256
+	obj.State = pb.ImportJob_PENDING_GENERATION
+
+	result := proto.Clone(obj).(*pb.ImportJob)
+
+	obj.GenerateTime = timestamppb.New(now)
+	obj.State = pb.ImportJob_ACTIVE
+	obj.Attestation = &pb.KeyOperationAttestation{
+		CertChains: &pb.KeyOperationAttestation_CertificateChains{
+			CaviumCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 1\n-----END CERTIFICATE-----\n",
+				"-----BEGIN CERTIFICATE-----\ncertificate 2\n-----END CERTIFICATE-----\n",
+			},
+			GoogleCardCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 3\n-----END CERTIFICATE-----\n",
+			},
+			GooglePartitionCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 4\n-----END CERTIFICATE-----\n",
+			},
+		},
+		Content: []byte("content"),
+		Format:  pb.KeyOperationAttestation_CAVIUM_V2_COMPRESSED,
+	}
+	obj.PublicKey = &pb.ImportJob_WrappingPublicKey{
+		Pem: "-----BEGIN PUBLIC KEY-----\npublic key\n-----END PUBLIC KEY-----\n",
+	}
 
-	r.populateDefaultsForKeyRing(name, obj)
-
-	if err := r.storage.Create(ctx, fqn, obj); err != nil {
+	if err := s.storage.Create(ctx, fqn, obj); err != nil {
 		return nil, err
 	}
 
-	return obj, nil
+	return result, nil
 }
 
-func (r *kmsServer) populateDefaultsForKeyRing(name *KeyRingName, obj *pb.KeyRing) {
-
+type importJobName struct {
+	KeyRingName
+	ImportJobID string
 }
 
-type KeyRingName struct {
-	Project   *projects.ProjectData
-	Location  string
-	KeyRingID string
+func (n *importJobName) String() string {
+	return n.KeyRingName.String() + "/importJobs/" + n.ImportJobID
 }
 
-func (n *KeyRingName) String() string {
-	return "projects/" + n.Project.ID + "/locations/" + n.Location + "/keyRings/" + n.KeyRingID
-}
-
-// parseKeyRingName parses a string into an KeyRingName.
-// The expected form is `projects/*/locations/*/keyRings/*`.
-func (r *kmsServer) parseKeyRingName(name string) (*KeyRingName, error) {
+// parseImportJobName parses a string into an ImportJobName.
+// The expected form is `projects/*/locations/*/keyRings/*/importJobs/*`.
+func (s *kmsServer) parseImportJobName(name string) (*importJobName, error) {
 	tokens := strings.Split(name, "/")
 
-	if len(tokens) == 6 && tokens[0] == "projects" && tokens[2] == "locations" && tokens[4] == "keyRings" {
-		project, err := r.Projects.GetProjectByID(tokens[1])
+	if len(tokens) == 8 && tokens[6] == "importJobs" {
+		keyRingName, err := s.parseKeyRingName(strings.Join(tokens[0:6], "/"))
 		if err != nil {
 			return nil, err
 		}
 
-		name := &KeyRingName{
-			Project:   project,
-			Location:  tokens[3],
-			KeyRingID: tokens[5],
+		name := &importJobName{
+			KeyRingName: *keyRingName,
+			ImportJobID: tokens[7],
 		}
 
 		return name, nil
 	}
 
 	return nil, status.Errorf(codes.InvalidArgument, "name %q is not valid", name)
 }
-

mockgcp/makefile_prompt.txt renamed to mockgcp/mockkms/prompt/importjob_makefile_prompt.txt

@@ -1,4 +1,4 @@
- // Copyright 2024 Google LLC
+// Copyright 2024 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,39 +12,29 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package mockcloudkms
-
-// +tool:mockgcp-service
-// http.host: cloudkms.googleapis.com
-// proto.service: google.cloud.kms.v1.KeyManagementService
+package mockkms
 
 import (
 	"context"
 	"net/http"
+	"strings"
 
 	"google.golang.org/grpc"
 
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/common"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/common/httpmux"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/common/operations"
 	pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1"
-
 	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/pkg/storage"
 )
 
 // MockService represents a mocked kms service.
 type MockService struct {
 	*common.MockEnvironment
-	storage storage.Storage
-
-	operations *operations.Operations
-
-	v1 *KMSV1
-}
-
-type KMSV1 struct {
-	*MockService
-	pb.UnimplementedKeyManagementServiceServer
+	storage              storage.Storage
+	operations           *operations.Operations
+	v1AutokeyAdminServer *autokeyAdminServer
+	v1AutokeyServer      *autokeyServer
 }
 
 // New creates a MockService.
@@ -54,7 +44,8 @@ func New(env *common.MockEnvironment, storage storage.Storage) *MockService {
 		storage:         storage,
 		operations:      operations.NewOperationsService(storage),
 	}
-	s.v1 = &KMSV1{MockService: s}
+	s.v1AutokeyAdminServer = &autokeyAdminServer{MockService: s}
+	s.v1AutokeyServer = &autokeyServer{MockService: s}
 	return s
 }
 
@@ -63,19 +54,27 @@ func (s *MockService) ExpectedHosts() []string {
 }
 
 func (s *MockService) Register(grpcServer *grpc.Server) {
-	pb.RegisterKeyManagementServiceServer(grpcServer, s.v1)
+	pb.RegisterKeyManagementServiceServer(grpcServer, &kmsServer{MockService: s})
+	pb.RegisterAutokeyAdminServer(grpcServer, s.v1AutokeyAdminServer)
+	pb.RegisterAutokeyServer(grpcServer, s.v1AutokeyServer)
 }
 
 func (s *MockService) NewHTTPMux(ctx context.Context, conn *grpc.ClientConn) (http.Handler, error) {
 	mux, err := httpmux.NewServeMux(ctx, conn, httpmux.Options{},
 		pb.RegisterKeyManagementServiceHandler,
-		s.operations.RegisterOperationsPath("/v1/{prefix=**}/operations/{name}"))
-
+		pb.RegisterAutokeyAdminHandler,
+		pb.RegisterAutokeyHandler,
+		s.operations.RegisterOperationsPath("/v1/{prefix=**}/operations/{name}"),
+	)
 	if err != nil {
 		return nil, err
 	}
 
+	// Returns slightly non-standard errors
+	mux.RewriteError = func(ctx context.Context, error *httpmux.ErrorResponse) {
+		if error.Code == 404 && (strings.Contains(error.Message, "KeyRing") || strings.Contains(error.Message, "CryptoKey")) {
+			error.Errors = nil
+		}
+	}
 	return mux, nil
 }
-
-