From e9684ab1e8db6a148c72fc277f61dcfb0cd351b7 Mon Sep 17 00:00:00 2001 From: Christopher Wilcox Date: Thu, 29 Apr 2021 10:40:18 -0700 Subject: [PATCH] feat(bigtable): Customer Managed Encryption (CMEK) (#3899) --- CONTRIBUTING.md | 7 ++ bigtable/admin.go | 185 +++++++++++++++++++++++++++++----- bigtable/go.sum | 51 ++++++++++ bigtable/integration_test.go | 189 ++++++++++++++++++++++++++++++++++- 4 files changed, 404 insertions(+), 28 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ced39af67e5..1d7870fa6d5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -182,6 +182,13 @@ $ gcloud kms keys create key2 --keyring $MY_KEYRING --location $MY_LOCATION --pu $ export GCLOUD_TESTS_GOLANG_KEYRING=projects/$GCLOUD_TESTS_GOLANG_PROJECT_ID/locations/$MY_LOCATION/keyRings/$MY_KEYRING # Authorizes Google Cloud Storage to encrypt and decrypt using key1. $ gsutil kms authorize -p $GCLOUD_TESTS_GOLANG_PROJECT_ID -k $GCLOUD_TESTS_GOLANG_KEYRING/cryptoKeys/key1 +# Authorizes Google Cloud Bigtable to encrypt and decrypt using key1 +$ gcloud kms keys add-iam-policy-binding key1 \ + --keyring $MY_KEYRING \ + --location $MY_LOCATION \ + --role roles/cloudkms.cryptoKeyEncrypterDecrypter \ + --member "${GCLOUD_TESTS_GOLANG_PROJECT_ID}@${GCLOUD_TESTS_GOLANG_PROJECT_ID}.iam.gserviceaccount.com" \ + --project $GCLOUD_TESTS_GOLANG_PROJECT_ID ``` It may be useful to add exports to your shell initialization for future use. diff --git a/bigtable/admin.go b/bigtable/admin.go index 96be9c5e677..6de7030bf2b 100644 --- a/bigtable/admin.go +++ b/bigtable/admin.go @@ -39,6 +39,7 @@ import ( "google.golang.org/api/option" gtransport "google.golang.org/api/transport/grpc" btapb "google.golang.org/genproto/googleapis/bigtable/admin/v2" + "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/genproto/protobuf/field_mask" "google.golang.org/grpc/metadata" ) @@ -119,6 +120,72 @@ func (ac *AdminClient) backupPath(cluster, backup string) string { return fmt.Sprintf("projects/%s/instances/%s/clusters/%s/backups/%s", ac.project, ac.instance, cluster, backup) } +// EncryptionInfo represents the encryption info of a table. +type EncryptionInfo struct { + Status *Status + Type EncryptionType + KMSKeyVersion string +} + +func newEncryptionInfo(pbInfo *btapb.EncryptionInfo) *EncryptionInfo { + return &EncryptionInfo{ + Status: pbInfo.EncryptionStatus, + Type: EncryptionType(pbInfo.EncryptionType.Number()), + KMSKeyVersion: pbInfo.KmsKeyVersion, + } +} + +// Status references google.golang.org/grpc/status. +// It represents an RPC status code, message, and details of EncryptionInfo. +// https://pkg.go.dev/google.golang.org/grpc/internal/status +type Status = status.Status + +// EncryptionType is the type of encryption for an instance. +type EncryptionType int32 + +const ( + // EncryptionTypeUnspecified is the type was not specified, though data at rest remains encrypted. + EncryptionTypeUnspecified EncryptionType = iota + // GoogleDefaultEncryption represents that data backing this resource is + // encrypted at rest with a key that is fully managed by Google. No key + // version or status will be populated. This is the default state. + GoogleDefaultEncryption + // CustomerManagedEncryption represents that data backing this resource is + // encrypted at rest with a key that is managed by the customer. + // The in-use version of the key and its status are populated for + // CMEK-protected tables. + // CMEK-protected backups are pinned to the key version that was in use at + // the time the backup was taken. This key version is populated but its + // status is not tracked and is reported as `UNKNOWN`. + CustomerManagedEncryption +) + +// EncryptionInfoByCluster is a map of cluster name to EncryptionInfo +type EncryptionInfoByCluster map[string][]*EncryptionInfo + +// EncryptionInfo gets the current encryption info for the table across all of the clusters. +// The returned map will be keyed by cluster id and contain a status for all of the keys in use. +func (ac *AdminClient) EncryptionInfo(ctx context.Context, table string) (EncryptionInfoByCluster, error) { + ctx = mergeOutgoingMetadata(ctx, ac.md) + + res, err := ac.getTable(ctx, table, btapb.Table_ENCRYPTION_VIEW) + if err != nil { + return nil, err + } + encryptionInfo := EncryptionInfoByCluster{} + for key, cs := range res.ClusterStates { + for _, pbInfo := range cs.EncryptionInfo { + info := EncryptionInfo{} + info.Status = pbInfo.EncryptionStatus + info.Type = EncryptionType(pbInfo.EncryptionType.Number()) + info.KMSKeyVersion = pbInfo.KmsKeyVersion + encryptionInfo[key] = append(encryptionInfo[key], &info) + } + } + + return encryptionInfo, nil +} + // Tables returns a list of the tables in the instance. func (ac *AdminClient) Tables(ctx context.Context) ([]string, error) { ctx = mergeOutgoingMetadata(ctx, ac.md) @@ -247,12 +314,12 @@ type FamilyInfo struct { GCPolicy string } -// TableInfo retrieves information about a table. -func (ac *AdminClient) TableInfo(ctx context.Context, table string) (*TableInfo, error) { +func (ac *AdminClient) getTable(ctx context.Context, table string, view btapb.Table_View) (*btapb.Table, error) { ctx = mergeOutgoingMetadata(ctx, ac.md) prefix := ac.instancePrefix() req := &btapb.GetTableRequest{ Name: prefix + "/tables/" + table, + View: view, } var res *btapb.Table @@ -265,6 +332,17 @@ func (ac *AdminClient) TableInfo(ctx context.Context, table string) (*TableInfo, if err != nil { return nil, err } + return res, nil +} + +// TableInfo retrieves information about a table. +func (ac *AdminClient) TableInfo(ctx context.Context, table string) (*TableInfo, error) { + ctx = mergeOutgoingMetadata(ctx, ac.md) + + res, err := ac.getTable(ctx, table, btapb.Table_SCHEMA_VIEW) + if err != nil { + return nil, err + } ti := &TableInfo{} for name, fam := range res.ColumnFamilies { @@ -957,26 +1035,71 @@ func (iac *InstanceAdminClient) InstanceInfo(ctx context.Context, instanceID str // ClusterConfig contains the information necessary to create a cluster type ClusterConfig struct { - InstanceID, ClusterID, Zone string - NumNodes int32 - StorageType StorageType + // InstanceID specifies the unique name of the instance. Required. + InstanceID string + + // ClusterID specifies the unique name of the cluster. Required. + ClusterID string + + // Zone specifies the location where this cluster's nodes and storage reside. + // For best performance, clients should be located as close as possible to this + // cluster. Required. + Zone string + + // NumNodes specifies the number of nodes allocated to this cluster. More + // nodes enable higher throughput and more consistent performance. Required. + NumNodes int32 + + // StorageType specifies the type of storage used by this cluster to serve + // its parent instance's tables, unless explicitly overridden. Required. + StorageType StorageType + + // KMSKeyName is the name of the KMS customer managed encryption key (CMEK) + // to use for at-rest encryption of data in this cluster. If omitted, + // Google's default encryption will be used. If specified, the requirements + // for this key are: + // 1) The Cloud Bigtable service account associated with the + // project that contains the cluster must be granted the + // ``cloudkms.cryptoKeyEncrypterDecrypter`` role on the + // CMEK. + // 2) Only regional keys can be used and the region of the + // CMEK key must match the region of the cluster. + // 3) All clusters within an instance must use the same CMEK + // key. + // Optional. Immutable. + KMSKeyName string } func (cc *ClusterConfig) proto(project string) *btapb.Cluster { + ec := btapb.Cluster_EncryptionConfig{} + ec.KmsKeyName = cc.KMSKeyName return &btapb.Cluster{ ServeNodes: cc.NumNodes, DefaultStorageType: cc.StorageType.proto(), Location: "projects/" + project + "/locations/" + cc.Zone, + EncryptionConfig: &ec, } } // ClusterInfo represents information about a cluster. type ClusterInfo struct { - Name string // name of the cluster - Zone string // GCP zone of the cluster (e.g. "us-central1-a") - ServeNodes int // number of allocated serve nodes - State string // state of the cluster - StorageType StorageType // the storage type of the cluster + // Name is the name of the cluster. + Name string + + // Zone is the GCP zone of the cluster (e.g. "us-central1-a"). + Zone string + + // ServeNodes is the number of allocated serve nodes. + ServeNodes int + + // State is the state of the cluster. + State string + + // StorageType is the storage type of the cluster. + StorageType StorageType + + // KMSKeyName is the customer managed encryption key for the cluster. + KMSKeyName string } // CreateCluster creates a new cluster in an instance. @@ -1045,6 +1168,7 @@ func (iac *InstanceAdminClient) Clusters(ctx context.Context, instanceID string) ServeNodes: int(c.ServeNodes), State: c.State.String(), StorageType: storageTypeFromProto(c.DefaultStorageType), + KMSKeyName: c.EncryptionConfig.KmsKeyName, }) } if len(res.FailedLocations) > 0 { @@ -1058,7 +1182,9 @@ func (iac *InstanceAdminClient) Clusters(ctx context.Context, instanceID string) // GetCluster fetches a cluster in an instance func (iac *InstanceAdminClient) GetCluster(ctx context.Context, instanceID, clusterID string) (*ClusterInfo, error) { ctx = mergeOutgoingMetadata(ctx, iac.md) - req := &btapb.GetClusterRequest{Name: "projects/" + iac.project + "/instances/" + instanceID + "/clusters/" + clusterID} + req := &btapb.GetClusterRequest{ + Name: fmt.Sprintf("projects/%s/instances/%s/clusters/%s", iac.project, instanceID, clusterID), + } var c *btapb.Cluster err := gax.Invoke(ctx, func(ctx context.Context, _ gax.CallSettings) error { var err error @@ -1077,6 +1203,7 @@ func (iac *InstanceAdminClient) GetCluster(ctx context.Context, instanceID, clus ServeNodes: int(c.ServeNodes), State: c.State.String(), StorageType: storageTypeFromProto(c.DefaultStorageType), + KMSKeyName: c.EncryptionConfig.KmsKeyName, } return cis, nil } @@ -1569,16 +1696,19 @@ func newBackupInfo(backup *btapb.Backup) (*BackupInfo, error) { if err != nil { return nil, fmt.Errorf("invalid expireTime: %v", err) } + encryptionInfo := newEncryptionInfo(backup.EncryptionInfo) + bi := BackupInfo{ + Name: name, + SourceTable: tableID, + SizeBytes: backup.SizeBytes, + StartTime: startTime, + EndTime: endTime, + ExpireTime: expireTime, + State: backup.State.String(), + EncryptionInfo: encryptionInfo, + } - return &BackupInfo{ - Name: name, - SourceTable: tableID, - SizeBytes: backup.SizeBytes, - StartTime: startTime, - EndTime: endTime, - ExpireTime: expireTime, - State: backup.State.String(), - }, nil + return &bi, nil } // BackupIterator is an EntryIterator that iterates over log entries. @@ -1607,13 +1737,14 @@ func (it *BackupIterator) Next() (*BackupInfo, error) { // BackupInfo contains backup metadata. This struct is read-only. type BackupInfo struct { - Name string - SourceTable string - SizeBytes int64 - StartTime time.Time - EndTime time.Time - ExpireTime time.Time - State string + Name string + SourceTable string + SizeBytes int64 + StartTime time.Time + EndTime time.Time + ExpireTime time.Time + State string + EncryptionInfo *EncryptionInfo } // BackupInfo gets backup metadata. diff --git a/bigtable/go.sum b/bigtable/go.sum index 496dfc2bc31..44e245818f7 100644 --- a/bigtable/go.sum +++ b/bigtable/go.sum @@ -24,40 +24,59 @@ cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNF cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0 h1:PQcPefKFdaIzjQFbiyOgAqyx8q5djaE7x9Sqe712DPA= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0 h1:/May9ojXjRkPBNVrq+oWLqmWCkr4OU5uRY29bu0mRyQ= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1 h1:ukjixP1wl0LpnZ6LWtZJ0mX5tBmjp1f8Sqer8Z2OMUU= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9 h1:VpgP7xuJadIUuKccphEpTJnWhS2jkQyMt6Y7pJCD7fY= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802 h1:1BDTz0u9nC3//pOCMdNH+CiXJVYJh5UQNCOBG7jbELc= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/census-instrumentation/opencensus-proto v0.2.1 h1:glEXhBS5PSLLv4IXzLA5yPRVX4bilULVyxxbrfOtDAk= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403 h1:cqQfy1jclcSy/FwLjemeg3SR1yaINm74aQyupQ0Bl8M= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d h1:QyzYnTnPE15SQyUeqU6qLbWxMkwyAyu+vGksa0b7j00= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1 h1:QbL/5oDUmRBzO9/Z7Seo6zf912W/a6Sr4Eu0G/3Jho0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4 h1:WtGNWLvXpe6ZudgnXrq0barxBImvnnJoMEhXAzcbM0I= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -70,6 +89,7 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0 h1:jlYHihg//f7RRwuPfptm04yp4s7O6Kw8EZiVYIGcH0g= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -105,8 +125,10 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0 h1:wCKgOCHuUEVfsaQLpPSJb7VdYCdTVZQAuOdYm1yc/60= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -118,33 +140,48 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5 h1:zIaiqGYDQwa4HVx5wGRTXbx38Pqxjemn4BP98wpzpXo= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/renameio v0.1.0 h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639 h1:mV02weKRL81bEnm8A0HT1/CAelMQDBuQIfLw8n+d6xI= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 h1:gQz4mCbXsO+nc9n1hCxHcGA3Zx3Eo+UHZoInFGUIXNM= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/go-internal v1.3.0 h1:RR9dF3JtopPvtkroDZuVD7qquD0bnHlKSqaQhgwt8yk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1 h1:ruQGxdhGHe7FWOJPT0mKs5+pD2Xs1Bm/kdGlHO04FmM= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= @@ -158,6 +195,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -168,8 +206,10 @@ golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -184,6 +224,7 @@ golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPI golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028 h1:4+4C/Iv2U4fMZBiMCc98MG1In4gJY5YRhtpDNeDeHWs= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= @@ -251,6 +292,7 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -289,6 +331,7 @@ golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750 h1:ZBu6861dZq7xBnG1bn5SRU0vA8nx42at4+kP07FMTog= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -300,6 +343,7 @@ golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -460,9 +504,13 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -470,8 +518,11 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/quote/v3 v3.1.0 h1:9JKUTTIUgS6kzR9mK1YuGKv6Nl+DijDNIc0ghT58FaY= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0 h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/bigtable/integration_test.go b/bigtable/integration_test.go index 9d17a6e3373..77c8b48f335 100644 --- a/bigtable/integration_test.go +++ b/bigtable/integration_test.go @@ -22,6 +22,7 @@ import ( "fmt" "math" "math/rand" + "os" "os/exec" "reflect" "sort" @@ -1113,7 +1114,6 @@ func TestIntegration_Admin(t *testing.T) { } if iAdminClient != nil { defer iAdminClient.Close() - iInfo, err := iAdminClient.InstanceInfo(ctx, adminClient.instance) if err != nil { t.Errorf("InstanceInfo: %v", err) @@ -1196,6 +1196,14 @@ func TestIntegration_Admin(t *testing.T) { t.Errorf("Column family mismatch, got %v, want %v", tblInfo.Families, wantFams) } + encInfo, err := adminClient.EncryptionInfo(ctx, tblConf.TableID) + if err != nil { + t.Errorf("Encryption Info does not expect err: %v", err) + } + if !testutil.Equal(len(encInfo), 0) { + t.Errorf("Encryption Info mismatch, got %v, want %v", len(encInfo), 0) + } + // Populate mytable and drop row ranges if err = adminClient.CreateColumnFamily(ctx, "mytable", "cf"); err != nil { t.Fatalf("Creating column family: %v", err) @@ -1254,6 +1262,15 @@ func TestIntegration_Admin(t *testing.T) { if gotRowCount != 0 { t.Errorf("Invalid row count after truncating table: got %v, want %v", gotRowCount, 0) } + + // Validate Encyrption Info not configured + encryptionInfo, err := adminClient.EncryptionInfo(ctx, "mytable") + if err != nil { + t.Fatalf("EncryptionInfo: %v", err) + } + if got, want := len(encryptionInfo), 0; !cmp.Equal(got, want) { + t.Fatalf("Number of Clusters with Encryption Info: %v, want: %v", got, want) + } } func TestIntegration_TableIam(t *testing.T) { @@ -1397,6 +1414,7 @@ func TestIntegration_AdminCreateInstance(t *testing.T) { if err := iAdminClient.CreateInstance(ctx, conf); err != nil { t.Fatalf("CreateInstance: %v", err) } + defer iAdminClient.DeleteInstance(ctx, instanceToCreate) iInfo, err := iAdminClient.InstanceInfo(ctx, instanceToCreate) @@ -1450,6 +1468,175 @@ func TestIntegration_AdminCreateInstance(t *testing.T) { if cInfo.ServeNodes != 5 { t.Fatalf("NumNodes: %v, want: %v", cInfo.ServeNodes, 5) } + + if cInfo.KMSKeyName != "" { + t.Fatalf("KMSKeyName: %v, want: %v", cInfo.KMSKeyName, "") + } +} + +func TestIntegration_AdminEncryptionInfo(t *testing.T) { + if instanceToCreate == "" { + t.Skip("instanceToCreate not set, skipping instance creation testing") + } + + testEnv, err := NewIntegrationEnv() + if err != nil { + t.Fatalf("IntegrationEnv: %v", err) + } + defer testEnv.Close() + + if !testEnv.Config().UseProd { + t.Skip("emulator doesn't support instance creation") + } + + timeout := 5 * time.Minute + ctx, cancel := context.WithTimeout(context.Background(), timeout) + defer cancel() + + iAdminClient, err := testEnv.NewInstanceAdminClient() + if err != nil { + t.Fatalf("NewInstanceAdminClient: %v", err) + } + defer iAdminClient.Close() + + adminClient, err := testEnv.NewAdminClient() + if err != nil { + t.Fatalf("NewAdminClient: %v", err) + } + defer adminClient.Close() + + table := testEnv.Config().Table + clusterID := testEnv.Config().Cluster + + keyRingName := os.Getenv("GCLOUD_TESTS_GOLANG_KEYRING") + if keyRingName == "" { + t.Fatal("GCLOUD_TESTS_GOLANG_KEYRING must be set. See CONTRIBUTING.md for details") + } + kmsKeyName := keyRingName + "/cryptoKeys/key1" + + conf := &InstanceWithClustersConfig{ + InstanceID: instanceToCreate, + DisplayName: "test instance", + Clusters: []ClusterConfig{ + { + ClusterID: clusterID, + KMSKeyName: kmsKeyName, + Zone: instanceToCreateZone, + NumNodes: 1, + }, + }, + } + if err := iAdminClient.CreateInstanceWithClusters(ctx, conf); err != nil { + t.Fatalf("CreateInstance: %v", err) + } + defer iAdminClient.DeleteInstance(ctx, instanceToCreate) + + // Delete the table at the end of the test. Schedule ahead of time + // in case the client fails + defer deleteTable(ctx, t, adminClient, table) + if err := adminClient.CreateTable(ctx, table); err != nil { + t.Fatalf("Creating table: %v", err) + } + + encryptionKeyVersion := kmsKeyName + "/cryptoKeyVersions/1" + + // The encryption info can take 30-300s (currently about 120-190s) to + // become ready. + for i := 0; i < 30; i++ { + encryptionInfo, err := adminClient.EncryptionInfo(ctx, table) + if err != nil { + t.Fatalf("EncryptionInfo: %v", err) + } + + kmsKeyVersion := encryptionInfo[clusterID][0].KMSKeyVersion + if kmsKeyVersion != "" { + break + } + + time.Sleep(time.Second * 10) + } + + // Validate Encryption Info under getTable + table2, err := adminClient.getTable(ctx, table, btapb.Table_ENCRYPTION_VIEW) + if err != nil { + t.Fatalf("Getting Table: %v", err) + } + if got, want := len(table2.ClusterStates), 1; !cmp.Equal(got, want) { + t.Fatalf("Table Cluster States %v, want: %v", got, want) + } + clusterState := table2.ClusterStates[clusterID] + if got, want := len(clusterState.EncryptionInfo), 1; !cmp.Equal(got, want) { + t.Fatalf("Table Encryption Info Length: %v, want: %v", got, want) + } + tableEncInfo := clusterState.EncryptionInfo[0] + if got, want := int(tableEncInfo.EncryptionStatus.Code), 0; !cmp.Equal(got, want) { + t.Fatalf("EncryptionStatus: %v, want: %v", got, want) + } + // NOTE: this EncryptionType is btapb.EncryptionInfo_EncryptionType + if got, want := tableEncInfo.EncryptionType, btapb.EncryptionInfo_CUSTOMER_MANAGED_ENCRYPTION; !cmp.Equal(got, want) { + t.Fatalf("EncryptionType: %v, want: %v", got, want) + } + if got, want := tableEncInfo.KmsKeyVersion, encryptionKeyVersion; !cmp.Equal(got, want) { + t.Fatalf("KMS Key Version: %v, want: %v", got, want) + } + + // Validate Encyrption Info retrieved via EncryptionInfo + encryptionInfo, err := adminClient.EncryptionInfo(ctx, table) + if err != nil { + t.Fatalf("EncryptionInfo: %v", err) + } + if got, want := len(encryptionInfo), 1; !cmp.Equal(got, want) { + t.Fatalf("Number of Clusters with Encryption Info: %v, want: %v", got, want) + } + encryptionInfos := encryptionInfo[clusterID] + if got, want := len(encryptionInfos), 1; !cmp.Equal(got, want) { + t.Fatalf("Encryption Info Length: %v, want: %v", got, want) + } + if len(encryptionInfos) != 1 { + t.Fatalf("Expected Single EncryptionInfo") + } + v := encryptionInfos[0] + if got, want := int(v.Status.Code), 0; !cmp.Equal(got, want) { + t.Fatalf("EncryptionStatus: %v, want: %v", got, want) + } + // NOTE: this EncryptionType is EncryptionType + if got, want := v.Type, CustomerManagedEncryption; !cmp.Equal(got, want) { + t.Fatalf("EncryptionType: %v, want: %v", got, want) + } + if got, want := v.KMSKeyVersion, encryptionKeyVersion; !cmp.Equal(got, want) { + t.Fatalf("KMS Key Version: %v, want: %v", got, want) + } + + // Validate CMEK on Cluster Info + cInfo, err := iAdminClient.GetCluster(ctx, instanceToCreate, clusterID) + if err != nil { + t.Fatalf("GetCluster: %v", err) + } + + if got, want := cInfo.KMSKeyName, kmsKeyName; !cmp.Equal(got, want) { + t.Fatalf("KMSKeyName: %v, want: %v", got, want) + } + + // Create a backup with CMEK enabled, verify backup encryption info + backupName := "backupCMEK" + defer adminClient.DeleteBackup(ctx, clusterID, backupName) + if err = adminClient.CreateBackup(ctx, table, clusterID, backupName, time.Now().Add(8*time.Hour)); err != nil { + t.Fatalf("Creating backup: %v", err) + } + backup, err := adminClient.BackupInfo(ctx, clusterID, backupName) + if err != nil { + t.Fatalf("BackupInfo: %v", backup) + } + + if got, want := backup.EncryptionInfo.Type, CustomerManagedEncryption; !cmp.Equal(got, want) { + t.Fatalf("Backup Encryption EncryptionType: %v, want: %v", got, want) + } + if got, want := backup.EncryptionInfo.KMSKeyVersion, encryptionKeyVersion; !cmp.Equal(got, want) { + t.Fatalf("Backup Encryption KMSKeyVersion: %v, want: %v", got, want) + } + if got, want := int(backup.EncryptionInfo.Status.Code), 2; !cmp.Equal(got, want) { + t.Fatalf("Backup EncryptionStatus: %v, want: %v", got, want) + } } func TestIntegration_AdminUpdateInstanceLabels(t *testing.T) {