Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
samples: adds samples for CMEK (#989)
* samples: adds samples for CMEK Adds samples to create an encrypted database, to create an encrypted backup and to restore to an encrypted database. * samples: fix checkstyle violations * samples: addresses PR comments. * samples: fixes encryption key tests * samples: prints user provided key in backup sample Prints out the user provided key in the encrypted backup sample, instead of printing out the Backup.encryption_info.kms_key_version. This should align with the key that we are printing on the other samples (instead of printing a key version). * tests: verifies the key returned in create backup Verifies that the key used in the create backup is returned in the response correctly. * samples: addresses PR comments
- Loading branch information
1 parent
22412e0
commit 9132c21
Showing
10 changed files
with
531 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
107 changes: 107 additions & 0 deletions
107
samples/snippets/src/main/java/com/example/spanner/CreateBackupWithEncryptionKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.example.spanner; | ||
|
||
// [START spanner_create_backup_with_encryption_key] | ||
|
||
import com.google.api.gax.longrunning.OperationFuture; | ||
import com.google.cloud.Timestamp; | ||
import com.google.cloud.spanner.Backup; | ||
import com.google.cloud.spanner.BackupId; | ||
import com.google.cloud.spanner.DatabaseAdminClient; | ||
import com.google.cloud.spanner.DatabaseId; | ||
import com.google.cloud.spanner.Spanner; | ||
import com.google.cloud.spanner.SpannerExceptionFactory; | ||
import com.google.cloud.spanner.SpannerOptions; | ||
import com.google.cloud.spanner.encryption.EncryptionConfigs; | ||
import com.google.spanner.admin.database.v1.CreateBackupMetadata; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.concurrent.TimeUnit; | ||
import java.util.concurrent.TimeoutException; | ||
import org.threeten.bp.LocalDateTime; | ||
import org.threeten.bp.OffsetDateTime; | ||
|
||
public class CreateBackupWithEncryptionKey { | ||
|
||
static void createBackupWithEncryptionKey() throws InterruptedException { | ||
// TODO(developer): Replace these variables before running the sample. | ||
String projectId = "my-project"; | ||
String instanceId = "my-instance"; | ||
String databaseId = "my-database"; | ||
String backupId = "my-backup"; | ||
String kmsKeyName = | ||
"projects/" + projectId + "/locations/<location>/keyRings/<keyRing>/cryptoKeys/<keyId>"; | ||
|
||
try (Spanner spanner = | ||
SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) { | ||
DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient(); | ||
createBackupWithEncryptionKey( | ||
adminClient, | ||
projectId, | ||
instanceId, | ||
databaseId, | ||
backupId, | ||
kmsKeyName); | ||
} | ||
} | ||
|
||
static Void createBackupWithEncryptionKey(DatabaseAdminClient adminClient, | ||
String projectId, String instanceId, String databaseId, String backupId, String kmsKeyName) | ||
throws InterruptedException { | ||
// Set expire time to 14 days from now. | ||
final Timestamp expireTime = Timestamp.ofTimeMicroseconds(TimeUnit.MICROSECONDS.convert( | ||
System.currentTimeMillis() + TimeUnit.DAYS.toMillis(14), TimeUnit.MILLISECONDS)); | ||
final Backup backupToCreate = adminClient | ||
.newBackupBuilder(BackupId.of(projectId, instanceId, backupId)) | ||
.setDatabase(DatabaseId.of(projectId, instanceId, databaseId)) | ||
.setExpireTime(expireTime) | ||
.setEncryptionConfig(EncryptionConfigs.customerManagedEncryption(kmsKeyName)) | ||
.build(); | ||
final OperationFuture<Backup, CreateBackupMetadata> operation = adminClient | ||
.createBackup(backupToCreate); | ||
|
||
Backup backup; | ||
try { | ||
System.out.println("Waiting for operation to complete..."); | ||
backup = operation.get(1200, TimeUnit.SECONDS); | ||
} catch (ExecutionException e) { | ||
// If the operation failed during execution, expose the cause. | ||
throw SpannerExceptionFactory.asSpannerException(e.getCause()); | ||
} catch (InterruptedException e) { | ||
// Throw when a thread is waiting, sleeping, or otherwise occupied, | ||
// and the thread is interrupted, either before or during the activity. | ||
throw SpannerExceptionFactory.propagateInterrupt(e); | ||
} catch (TimeoutException e) { | ||
// If the operation timed out propagates the timeout | ||
throw SpannerExceptionFactory.propagateTimeout(e); | ||
} | ||
|
||
System.out.printf( | ||
"Backup %s of size %d bytes was created at %s using encryption key %s%n", | ||
backup.getId().getName(), | ||
backup.getSize(), | ||
LocalDateTime.ofEpochSecond( | ||
backup.getProto().getCreateTime().getSeconds(), | ||
backup.getProto().getCreateTime().getNanos(), | ||
OffsetDateTime.now().getOffset()), | ||
kmsKeyName | ||
); | ||
|
||
return null; | ||
} | ||
} | ||
// [END spanner_create_backup_with_encryption_key] |
101 changes: 101 additions & 0 deletions
101
samples/snippets/src/main/java/com/example/spanner/CreateDatabaseWithEncryptionKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
/* | ||
* Copyright 2021 Google LLC | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package com.example.spanner; | ||
|
||
// [START spanner_create_database_with_encryption_key] | ||
|
||
import com.google.api.gax.longrunning.OperationFuture; | ||
import com.google.cloud.spanner.Database; | ||
import com.google.cloud.spanner.DatabaseAdminClient; | ||
import com.google.cloud.spanner.DatabaseId; | ||
import com.google.cloud.spanner.Spanner; | ||
import com.google.cloud.spanner.SpannerExceptionFactory; | ||
import com.google.cloud.spanner.SpannerOptions; | ||
import com.google.cloud.spanner.encryption.EncryptionConfigs; | ||
import com.google.spanner.admin.database.v1.CreateDatabaseMetadata; | ||
import java.util.Arrays; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.concurrent.TimeUnit; | ||
import java.util.concurrent.TimeoutException; | ||
|
||
public class CreateDatabaseWithEncryptionKey { | ||
|
||
static void createDatabaseWithEncryptionKey() { | ||
// TODO(developer): Replace these variables before running the sample. | ||
String projectId = "my-project"; | ||
String instanceId = "my-instance"; | ||
String databaseId = "my-database"; | ||
String kmsKeyName = | ||
"projects/" + projectId + "/locations/<location>/keyRings/<keyRing>/cryptoKeys/<keyId>"; | ||
|
||
try (Spanner spanner = | ||
SpannerOptions.newBuilder().setProjectId(projectId).build().getService()) { | ||
DatabaseAdminClient adminClient = spanner.getDatabaseAdminClient(); | ||
createDatabaseWithEncryptionKey( | ||
adminClient, | ||
projectId, | ||
instanceId, | ||
databaseId, | ||
kmsKeyName); | ||
} | ||
} | ||
|
||
static Void createDatabaseWithEncryptionKey(DatabaseAdminClient adminClient, | ||
String projectId, String instanceId, String databaseId, String kmsKeyName) { | ||
final Database databaseToCreate = adminClient | ||
.newDatabaseBuilder(DatabaseId.of(projectId, instanceId, databaseId)) | ||
.setEncryptionConfig(EncryptionConfigs.customerManagedEncryption(kmsKeyName)) | ||
.build(); | ||
final OperationFuture<Database, CreateDatabaseMetadata> operation = adminClient | ||
.createDatabase(databaseToCreate, Arrays.asList( | ||
"CREATE TABLE Singers (" | ||
+ " SingerId INT64 NOT NULL," | ||
+ " FirstName STRING(1024)," | ||
+ " LastName STRING(1024)," | ||
+ " SingerInfo BYTES(MAX)" | ||
+ ") PRIMARY KEY (SingerId)", | ||
"CREATE TABLE Albums (" | ||
+ " SingerId INT64 NOT NULL," | ||
+ " AlbumId INT64 NOT NULL," | ||
+ " AlbumTitle STRING(MAX)" | ||
+ ") PRIMARY KEY (SingerId, AlbumId)," | ||
+ " INTERLEAVE IN PARENT Singers ON DELETE CASCADE" | ||
)); | ||
try { | ||
System.out.println("Waiting for operation to complete..."); | ||
Database createdDatabase = operation.get(120, TimeUnit.SECONDS); | ||
|
||
System.out.printf( | ||
"Database %s created with encryption key %s%n", | ||
createdDatabase.getId(), | ||
createdDatabase.getEncryptionConfig().getKmsKeyName() | ||
); | ||
} catch (ExecutionException e) { | ||
// If the operation failed during execution, expose the cause. | ||
throw SpannerExceptionFactory.asSpannerException(e.getCause()); | ||
} catch (InterruptedException e) { | ||
// Throw when a thread is waiting, sleeping, or otherwise occupied, | ||
// and the thread is interrupted, either before or during the activity. | ||
throw SpannerExceptionFactory.propagateInterrupt(e); | ||
} catch (TimeoutException e) { | ||
// If the operation timed out propagates the timeout | ||
throw SpannerExceptionFactory.propagateTimeout(e); | ||
} | ||
return null; | ||
} | ||
} | ||
// [END spanner_create_database_with_encryption_key] |
Oops, something went wrong.