Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: KMS Bad Key error when using existing Blob context to overwrite object #507

Merged
merged 7 commits into from Sep 17, 2020
+40 −2
Merged

fix: KMS Bad Key error when using existing Blob context to overwrite object #507

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fdf6ab7
fix: KMS Bad Key error when using existing Blob context to overwrite …
athakor Sep 14, 2020
6e99da1
fix: KMS Bad Key error when using existing Blob context to overwrite …
athakor Sep 14, 2020
dc36622
fix: address review changes
athakor Sep 15, 2020
21bf399
fix: address review changes
athakor Sep 16, 2020
e851fdd
address review changes
athakor Sep 17, 2020
be2f972
fix: address additional comments
athakor Sep 17, 2020
f0e249f
fix: add the change inside HttpStorageRpc
athakor Sep 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 11 additions & 4 deletions google-cloud-storage/src/main/java/com/google/cloud/storage/BlobInfo.java
View file
Open in desktop
Expand Up @@ -323,9 +323,11 @@ public Builder setTimeStorageClassUpdated(Long timeStorageClassUpdated) {
abstract Builder setCustomerEncryption(CustomerEncryption customerEncryption);

/**
* Sets a customer-managed key for server-side encryption of the blob. Note that the kmsKeyName
* must be without resource id ("/cryptoKeyVersions/..") otherwise the requests will fail with a
* 400 Bad Request response.
* Sets a customer-managed key for server-side encryption of the blob.
*
* <p>Note that only KMS key name will be considered (for
* instance,"projects/project-id/locations/us/keyRings/lab1/cryptoKeys/test-key"), if the
* cryptoKeyVersions is specified it will be truncated.
*/
abstract Builder setKmsKeyName(String kmsKeyName);

Expand Down Expand Up @@ -625,7 +627,12 @@ Builder setCustomerEncryption(CustomerEncryption customerEncryption) {

@Override
Builder setKmsKeyName(String kmsKeyName) {
this.kmsKeyName = kmsKeyName;
String cryptoKeyVersions = "/cryptoKeyVersions/";
if (kmsKeyName != null && kmsKeyName.contains(cryptoKeyVersions)) {
this.kmsKeyName = kmsKeyName.substring(0, kmsKeyName.indexOf(cryptoKeyVersions));
athakor marked this conversation as resolved.
Show resolved Hide resolved
} else {
this.kmsKeyName = kmsKeyName;
}
return this;
}

Expand Down
19 changes: 19 additions & 0 deletions google-cloud-storage/src/test/java/com/google/cloud/storage/it/ITStorageTest.java
View file
Open in desktop
Expand Up @@ -3605,4 +3605,23 @@ public void testBlobTimeStorageClassUpdated() {
.isEqualTo(updatedBlob1.getTimeStorageClassUpdated());
assertThat(updatedBlob2.delete()).isTrue();
}

@Test
public void testWriterWithKmsKeyName() throws IOException {
// Write an empty object with a kmsKeyName.
String blobName = "test-empty-blob";
BlobInfo blobInfo = BlobInfo.newBuilder(BUCKET, blobName).build();
Blob blob =
storage.create(blobInfo, Storage.BlobTargetOption.kmsKeyName(kmsKeyOneResourcePath));

// Create a writer using blob that already has metadata received from Storage API.
int numberOfBytes;
try (WriteChannel writer = blob.writer()) {
byte[] content = BLOB_STRING_CONTENT.getBytes(UTF_8);
numberOfBytes = writer.write(ByteBuffer.wrap(content, 0, content.length));
}
assertThat(numberOfBytes).isEqualTo(27);
assertThat(blob.getKmsKeyName()).isNotNull();
assertThat(storage.delete(BUCKET, blobName)).isTrue();
}
}