Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: customer managed keys (CMEK) #249

Merged
merged 14 commits into from Apr 19, 2021
Merged

feat: customer managed keys (CMEK) #249

merged 14 commits into from Apr 19, 2021

Conversation

chrisrossi
Copy link
Contributor

@chrisrossi chrisrossi commented Mar 17, 2021
edited

Implement customer managed keys (CMEK) feature.

Closes #272

feat: customer managed keys (CMEK)
5c9b61a 
Implement customer managed keys (CMEK) feature.

WIP. DO NOT MERGE.
@chrisrossi chrisrossi added api: bigtable Issues related to the googleapis/python-bigtable API. do not merge Indicates a pull request not ready for merge, due to either quality or timing. labels Mar 17, 2021
@chrisrossi chrisrossi requested review from a team as code owners March 17, 2021 20:07
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Mar 17, 2021
@chrisrossi
Copy link
Contributor Author

System tests only work with a particular project and a particular key. I'll need to get it creating its own key ring and key to use.

CMEK system tests are also, literally, just a copy/paste of the existing system tests with the kms_key_name argument added at cluster creation time. There's probably a better way that doesn't replicate so much code. But maybe that's fine.

I need to flesh out a wrapper class, still, for the Status PB that is the value for EncryptionInfo.encryption_status. ATM, it just returns the raw PB.

@kolea2 kolea2 marked this pull request as draft March 18, 2021 03:33
kolea2
kolea2 reviewed Mar 29, 2021
View reviewed changes
google/cloud/bigtable/cluster.py
@@ -145,6 +160,8 @@ def _update_from_pb(self, cluster_pb):
self.location_id = cluster_pb.location.split("/")[-1]
self.serve_nodes = cluster_pb.serve_nodes
self.default_storage_type = cluster_pb.default_storage_type
if cluster_pb.encryption_config:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what does this default to if this condition is not met?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops. If it's being called from the constructor, it will be None, but we can't assume that can we? I'll add an else here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

f1aae9d

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh sorry missed that, makes sense thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, you correctly pointed out a logical error, which I corrected. Thank you!

google/cloud/bigtable/encryption.py Outdated Show resolved Hide resolved
google/cloud/bigtable/error.py Show resolved Hide resolved
google/cloud/bigtable/cluster.py Show resolved Hide resolved
@chrisrossi chrisrossi removed the do not merge Indicates a pull request not ready for merge, due to either quality or timing. label Apr 6, 2021
@chrisrossi chrisrossi marked this pull request as ready for review April 6, 2021 20:48
@chrisrossi chrisrossi marked this pull request as draft April 6, 2021 20:49
@chrisrossi chrisrossi marked this pull request as ready for review April 13, 2021 20:23
kolea2
kolea2 reviewed Apr 14, 2021
View reviewed changes
Copy link
Collaborator

@kolea2 kolea2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good with two small comments. Will also ask @crwilcox to take a quick look

google/cloud/bigtable/error.py Outdated

Values are defined in ``google.rpc.code_pb2.Code``.

See: `googe.rpc.Code
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: typo "google"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e7a45ee

tests/unit/test_table.py Outdated
cluster_states={
"cluster-id1": _ClusterStateEncryptionInfoPB(
encryption_type=ENCRYPTION_TYPE_UNSPECIFIED,
encryption_status=_StatusPB(Code.OK, "beats me"),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😄 , we may want to make these a little more realistic - something like "status ok"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e7a45ee

kolea2
kolea2 approved these changes Apr 15, 2021
View reviewed changes
Copy link
Collaborator

@kolea2 kolea2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, will merge after @crwilcox takes a look. Thank you!

@kolea2 kolea2 merged commit 93df829 into googleapis:master Apr 19, 2021
gcf-merge-on-green bot pushed a commit that referenced this pull request Apr 21, 2021
@release-please
chore: release 2.1.0 (#294)
be17038 
🤖 I have created a release \*beep\* \*boop\*
---
## [2.1.0](https://www.github.com/googleapis/python-bigtable/compare/v2.0.0...v2.1.0) (2021-04-21)


### Features

* customer managed keys (CMEK) ([#249](https://www.github.com/googleapis/python-bigtable/issues/249)) ([93df829](https://www.github.com/googleapis/python-bigtable/commit/93df82998cc0218cbc4a1bc2ab41a48b7478758d))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crwilcox crwilcox crwilcox approved these changes

@kolea2 kolea2 kolea2 approved these changes

Assignees
No one assigned
Labels
api: bigtable Issues related to the googleapis/python-bigtable API. cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add CMEK support to Bigtable
3 participants
@chrisrossi @crwilcox @kolea2