Merge pull request #4039 from maqiuyujoyce/resource-kms-importjob

Support mockgcp for KMSImportJob

Author: google-oss-prow[bot]

mockgcp/Makefile

@@ -172,8 +172,9 @@ gen-proto-no-fixup:
 		./third_party/googleapis/mockgcp/cloud/essentialcontacts/v1/*.proto \
 		./third_party/googleapis/mockgcp/cloud/networkmanagement/v1/*.proto \
 		./third_party/googleapis/mockgcp/cloud/netapp/v1/*.proto \
-		./third_party/googleapis/mockgcp/cloud/dataplex/v1/*.proto
-		./third_party/googleapis/mockgcp/cloud/vmwareengine/v1/*.proto
+		./third_party/googleapis/mockgcp/cloud/dataplex/v1/*.proto \
+		./third_party/googleapis/mockgcp/cloud/vmwareengine/v1/*.proto \
+		./third_party/googleapis/mockgcp/cloud/kms/v1/resources.proto
 
 .PHONY: generate-grpc-for-google-protos
 generate-grpc-for-google-protos:

mockgcp/mock_http_roundtrip.go

@@ -210,7 +210,6 @@ func NewMockRoundTripper(ctx context.Context, k8sClient client.Client, storage s
 	services = append(services, mockedgecontainer.New(env, storage))
 	services = append(services, mockfirestore.New(env, storage))
 	services = append(services, mockgkemulticloud.New(env, storage))
-	services = append(services, mockkms.New(env, storage))
 	services = append(services, mocklogging.New(env, storage))
 	services = append(services, mockmanagedkafka.New(env, storage))
 	services = append(services, mocknetworkmanagement.New(env, storage))
@@ -263,6 +262,7 @@ func NewMockRoundTripper(ctx context.Context, k8sClient client.Client, storage s
 	services = append(services, mockdataplex.New(env, storage))
 	services = append(services, mockclouddms.New(env, storage))
 	services = append(services, mockvmwareengine.New(env, storage))
+	services = append(services, mockkms.New(env, storage))
 
 	for _, service := range services {
 		service.Register(server)

mockgcp/mockaiplatform/testdata/schedule/crud/_http.log

@@ -92,13 +92,13 @@ X-Xss-Protection: 0
         },
         "parent": "projects/${projectId}/locations/us-central1"
       },
-      "createTime": "2024-01-01T12:34:56.123456Z",
+      "createTime": "2024-04-01T12:34:56.123456Z",
       "cron": "* * * * *",
       "displayName": "test-${uniqueId}",
       "maxConcurrentRunCount": "1",
       "name": "projects/${projectNumber}/locations/us-central1/schedules/test-${uniqueId}",
       "nextRunTime": "2024-04-01T12:34:56.123456Z",
-      "startTime": "2024-01-03T12:34:56.123456Z",
+      "startTime": "2024-04-01T12:34:56.123456Z",
       "state": "ACTIVE"
     }
   ]
@@ -179,13 +179,13 @@ X-Xss-Protection: 0
         },
         "parent": "projects/${projectId}/locations/us-central1"
       },
-      "createTime": "2024-01-01T12:34:56.123456Z",
+      "createTime": "2024-04-01T12:34:56.123456Z",
       "cron": "* * * * *",
       "displayName": "test-${uniqueId}",
       "maxConcurrentRunCount": "1",
       "name": "projects/${projectNumber}/locations/us-central1/schedules/test-${uniqueId}",
       "nextRunTime": "2024-04-01T12:34:56.123456Z",
-      "startTime": "2024-01-03T12:34:56.123456Z",
+      "startTime": "2024-04-01T12:34:56.123456Z",
       "state": "ACTIVE"
     }
   ]

mockgcp/mockkms/importjob.go

@@ -0,0 +1,153 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +tool:mockgcp-support
+// proto.service: google.cloud.kms.v1.KeyManagementService
+// proto.message: google.cloud.kms.v1.ImportJob
+
+package mockkms
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	pb "github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/generated/mockgcp/cloud/kms/v1"
+	"github.com/GoogleCloudPlatform/k8s-config-connector/mockgcp/pkg/storage"
+)
+
+func (s *kmsServer) GetImportJob(ctx context.Context, req *pb.GetImportJobRequest) (*pb.ImportJob, error) {
+	name, err := s.parseImportJobName(req.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	fqn := name.String()
+
+	obj := &pb.ImportJob{}
+	if err := s.storage.Get(ctx, fqn, obj); err != nil {
+		if status.Code(err) == codes.NotFound {
+			return nil, status.Errorf(codes.NotFound, "ImportJob %s not found.", fqn)
+		}
+		return nil, err
+	}
+
+	return obj, nil
+}
+
+func (s *kmsServer) ListImportJobs(ctx context.Context, req *pb.ListImportJobsRequest) (*pb.ListImportJobsResponse, error) {
+	var importJobs []*pb.ImportJob
+
+	importJobKind := (&pb.ImportJob{}).ProtoReflect().Descriptor()
+	if err := s.storage.List(ctx, importJobKind, storage.ListOptions{}, func(obj proto.Message) error {
+		importJob := obj.(*pb.ImportJob)
+		if strings.HasPrefix(importJob.GetName(), req.Parent) {
+			importJobs = append(importJobs, importJob)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return &pb.ListImportJobsResponse{
+		ImportJobs: importJobs,
+		TotalSize:  int32(len(importJobs)),
+	}, nil
+}
+
+func (s *kmsServer) CreateImportJob(ctx context.Context, req *pb.CreateImportJobRequest) (*pb.ImportJob, error) {
+	reqName := fmt.Sprintf("%s/importJobs/%s", req.GetParent(), req.GetImportJobId())
+	name, err := s.parseImportJobName(reqName)
+	if err != nil {
+		return nil, err
+	}
+
+	fqn := name.String()
+
+	now := time.Now()
+
+	obj := proto.Clone(req.GetImportJob()).(*pb.ImportJob)
+	obj.Name = fqn
+	obj.CreateTime = timestamppb.New(now)
+	obj.ExpireTime = timestamppb.New(now)
+	obj.ImportMethod = pb.ImportJob_RSA_OAEP_3072_SHA1_AES_256
+	obj.State = pb.ImportJob_PENDING_GENERATION
+
+	result := proto.Clone(obj).(*pb.ImportJob)
+
+	obj.GenerateTime = timestamppb.New(now)
+	obj.State = pb.ImportJob_ACTIVE
+	obj.Attestation = &pb.KeyOperationAttestation{
+		CertChains: &pb.KeyOperationAttestation_CertificateChains{
+			CaviumCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 1\n-----END CERTIFICATE-----\n",
+				"-----BEGIN CERTIFICATE-----\ncertificate 2\n-----END CERTIFICATE-----\n",
+			},
+			GoogleCardCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 3\n-----END CERTIFICATE-----\n",
+			},
+			GooglePartitionCerts: []string{
+				"-----BEGIN CERTIFICATE-----\ncertificate 4\n-----END CERTIFICATE-----\n",
+			},
+		},
+		Content: []byte("content"),
+		Format:  pb.KeyOperationAttestation_CAVIUM_V2_COMPRESSED,
+	}
+	obj.PublicKey = &pb.ImportJob_WrappingPublicKey{
+		Pem: "-----BEGIN PUBLIC KEY-----\npublic key\n-----END PUBLIC KEY-----\n",
+	}
+
+	if err := s.storage.Create(ctx, fqn, obj); err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+type importJobName struct {
+	KeyRingName
+	ImportJobID string
+}
+
+func (n *importJobName) String() string {
+	return n.KeyRingName.String() + "/importJobs/" + n.ImportJobID
+}
+
+// parseImportJobName parses a string into an ImportJobName.
+// The expected form is `projects/*/locations/*/keyRings/*/importJobs/*`.
+func (s *kmsServer) parseImportJobName(name string) (*importJobName, error) {
+	tokens := strings.Split(name, "/")
+
+	if len(tokens) == 8 && tokens[6] == "importJobs" {
+		keyRingName, err := s.parseKeyRingName(strings.Join(tokens[0:6], "/"))
+		if err != nil {
+			return nil, err
+		}
+
+		name := &importJobName{
+			KeyRingName: *keyRingName,
+			ImportJobID: tokens[7],
+		}
+
+		return name, nil
+	}
+
+	return nil, status.Errorf(codes.InvalidArgument, "name %q is not valid", name)
+}

mockgcp/mockkms/prompt/importjob_makefile_prompt.txt

@@ -0,0 +1,15 @@
+Please add the generation for `google/cloud/kms/v1/resources.proto` to the `gen-proto-no-fixup` target in `Makefile`.
+
+Hints:
+
+* Use the ReadFile command to read the contents of the file.
+
+* Use the EditFile command to insert the appropriate third_party directory into the list of paths.
+
+* The gen-proto-no-fixup command contains a long protoc command, split across multiple lines.  There should be a backslash character (\) on all lines but the last.  Make sure there is a space before the backslash.
+
+* The generation path being added  should begin with `./third_party/googleapis/mockgcp/importjob` and should not contain google after mockgcp.
+
+* This is not a correct path: `./third_party/googleapis/mockgcp/google/cloud/metastore/...`
+
+* This is the correct path: `./third_party/googleapis/mockgcp/cloud/metastore/...`

mockgcp/mockkms/prompt/importjob_roundtrip_prompt.txt

@@ -0,0 +1,6 @@
+Please add the services in `mockkms` to `mock_http_roundtrip.go`
+
+* Use the ReadFile command to read the contents of the file.
+* Use the EditFile command to insert mockkms into the list of services.
+* Please keep the list of services in alphabetical order.
+* Don't forget to import the package!

mockgcp/mockkms/testdata/importjob/crud/_http.log

@@ -0,0 +1,126 @@
+POST https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs?alt=json&importJobId=test-${uniqueId}
+Accept: application/json
+Authorization: (removed)
+Connection: keep-alive
+Content-Type: application/json
+
+{
+  "importMethod": "RSA_OAEP_3072_SHA1_AES_256",
+  "protectionLevel": "HSM"
+}
+
+200 OK
+Content-Type: application/json; charset=UTF-8
+Server: ESF
+Vary: Origin
+Vary: X-Origin
+Vary: Referer
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Xss-Protection: 0
+
+{
+  "createTime": "2024-04-01T12:34:56.123456Z",
+  "expireTime": "2024-04-01T12:34:56.123456Z",
+  "importMethod": "RSA_OAEP_3072_SHA1_AES_256",
+  "name": "projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs/test-${uniqueId}",
+  "protectionLevel": "HSM",
+  "state": "PENDING_GENERATION"
+}
+
+---
+
+GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs/test-${uniqueId}?alt=json
+Accept: application/json
+Authorization: (removed)
+Connection: keep-alive
+
+200 OK
+Content-Type: application/json; charset=UTF-8
+Server: ESF
+Vary: Origin
+Vary: X-Origin
+Vary: Referer
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Xss-Protection: 0
+
+{
+  "attestation": {
+    "certChains": {
+      "caviumCerts": [
+        "-----BEGIN CERTIFICATE-----\ncertificate 1\n-----END CERTIFICATE-----\n",
+        "-----BEGIN CERTIFICATE-----\ncertificate 2\n-----END CERTIFICATE-----\n"
+      ],
+      "googleCardCerts": [
+        "-----BEGIN CERTIFICATE-----\ncertificate 3\n-----END CERTIFICATE-----\n"
+      ],
+      "googlePartitionCerts": [
+        "-----BEGIN CERTIFICATE-----\ncertificate 4\n-----END CERTIFICATE-----\n"
+      ]
+    },
+    "content": "Y29udGVudA==",
+    "format": "CAVIUM_V2_COMPRESSED"
+  },
+  "createTime": "2024-04-01T12:34:56.123456Z",
+  "expireTime": "2024-04-01T12:34:56.123456Z",
+  "generateTime": "2024-04-01T12:34:56.123456Z",
+  "importMethod": "RSA_OAEP_3072_SHA1_AES_256",
+  "name": "projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs/test-${uniqueId}",
+  "protectionLevel": "HSM",
+  "publicKey": {
+    "pem": "-----BEGIN PUBLIC KEY-----\npublic key\n-----END PUBLIC KEY-----\n"
+  },
+  "state": "ACTIVE"
+}
+
+---
+
+GET https://cloudkms.googleapis.com/v1/projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs?alt=json&pageSize=100
+Accept: application/json
+Authorization: (removed)
+Connection: keep-alive
+
+200 OK
+Content-Type: application/json; charset=UTF-8
+Server: ESF
+Vary: Origin
+Vary: X-Origin
+Vary: Referer
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Xss-Protection: 0
+
+{
+  "importJobs": [
+    {
+      "attestation": {
+        "certChains": {
+          "caviumCerts": [
+            "-----BEGIN CERTIFICATE-----\ncertificate 1\n-----END CERTIFICATE-----\n",
+            "-----BEGIN CERTIFICATE-----\ncertificate 2\n-----END CERTIFICATE-----\n"
+          ],
+          "googleCardCerts": [
+            "-----BEGIN CERTIFICATE-----\ncertificate 3\n-----END CERTIFICATE-----\n"
+          ],
+          "googlePartitionCerts": [
+            "-----BEGIN CERTIFICATE-----\ncertificate 4\n-----END CERTIFICATE-----\n"
+          ]
+        },
+        "content": "Y29udGVudA==",
+        "format": "CAVIUM_V2_COMPRESSED"
+      },
+      "createTime": "2024-04-01T12:34:56.123456Z",
+      "expireTime": "2024-04-01T12:34:56.123456Z",
+      "generateTime": "2024-04-01T12:34:56.123456Z",
+      "importMethod": "RSA_OAEP_3072_SHA1_AES_256",
+      "name": "projects/${projectId}/locations/us-central1/keyRings/test-keyring-${uniqueId}/importJobs/test-${uniqueId}",
+      "protectionLevel": "HSM",
+      "publicKey": {
+        "pem": "-----BEGIN PUBLIC KEY-----\npublic key\n-----END PUBLIC KEY-----\n"
+      },
+      "state": "ACTIVE"
+    }
+  ],
+  "totalSize": 1
+}

mockgcp/mockkms/testdata/importjob/crud/script.yaml

@@ -0,0 +1,4 @@
+- pre: gcloud kms keyrings create test-keyring-${uniqueId} --location=us-central1
+- exec: gcloud kms import-jobs create test-${uniqueId} --location=us-central1 --keyring=test-keyring-${uniqueId} --import-method=rsa-oaep-3072-sha1-aes-256 --protection-level=hsm
+- exec: gcloud kms import-jobs describe test-${uniqueId} --location=us-central1 --keyring=test-keyring-${uniqueId}
+- exec: gcloud kms import-jobs list --location=us-central1 --keyring=test-keyring-${uniqueId}

tests/e2e/normalize.go

@@ -963,13 +963,21 @@ func normalizeHTTPResponses(t *testing.T, normalizer mockgcpregistry.Normalizer,
 
 	// AI Platform
 	{
-		visitor.ReplacePath(".createTime", "2024-01-01T12:34:56.123456Z")
-		visitor.ReplacePath(".updateTime", "2024-01-02T12:34:56.123456Z")
+		visitor.ReplacePath(".updateTime", "2024-04-01T12:34:56.123456Z")
 		visitor.ReplacePath(".nextRunTime", "2024-04-01T12:34:56.123456Z")
 		visitor.ReplacePath(".expirationTime", "2024-09-01T12:34:56.123456Z")
-		visitor.ReplacePath(".schedules[].createTime", "2024-01-01T12:34:56.123456Z")
+		visitor.ReplacePath(".schedules[].createTime", "2024-04-01T12:34:56.123456Z")
 		visitor.ReplacePath(".schedules[].nextRunTime", "2024-04-01T12:34:56.123456Z")
-		visitor.ReplacePath(".schedules[].startTime", "2024-01-03T12:34:56.123456Z")
+		visitor.ReplacePath(".schedules[].startTime", "2024-04-01T12:34:56.123456Z")
+	}
+
+	// KMS
+	{
+		visitor.ReplacePath(".expireTime", "2024-04-01T12:34:56.123456Z")
+		visitor.ReplacePath(".generateTime", "2024-04-01T12:34:56.123456Z")
+		visitor.ReplacePath(".importJobs[].createTime", "2024-04-01T12:34:56.123456Z")
+		visitor.ReplacePath(".importJobs[].expireTime", "2024-04-01T12:34:56.123456Z")
+		visitor.ReplacePath(".importJobs[].generateTime", "2024-04-01T12:34:56.123456Z")
 	}
 
 	// Network Management