BSrSSKJr SSKJr SSKJr SSKJr SSKrSSKJr SSK J r SS K J r SS K Jr SSKJs Jr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr Sr\"S5\"S5"SS\R@555r!\"S5\"S5"SS\R@555r""SS\RF5r$"SS\RJ5r&g)z"Integration tests for kms command.)absolute_import)print_function)division)unicode_literalsN)randint)mock)AccessDeniedException)PopulateProjectId) SkipForJSON) SkipForS3) SkipForXML) ObjectToURI)SetBotoConfigForTest)SetEnvironmentForTest)Retry) shim_utilOprojects/my-project/locations/us-central1/keyRings/my-keyring/cryptoKeys/my-keyz6gsutil does not support KMS operations for S3 buckets.ct^\rSrSrSrU4Sjr\"\SSS9SSj5rSSjr S r S r S r S r S rSrU=r$)TestKmsSuccessCases*z&Integration tests for the kms command.c>[[U] 5 URR [ S5[ RR[ RRS9Ul g)N)location) superrsetUpkms_api CreateKeyRingr testcaseKmsTestingResources KEYRING_NAMEKEYRING_LOCATION keyring_fqn)self __class__s 'platform/gsutil/gslib/tests/test_kms.pyrTestKmsSuccessCases.setUp/sV t*,||11$$$11-->>2@D)tries timeout_secsc[RR[SS5[SS5[SS54-nURR UR U5nURRU5nUR(a-URR5 UR(aM-URRX45 SSSU/nU(aURSU/5 URUSS9nURUSS9nURS [S5<S U<3U5 URS [S5<S U<S 3U5 g)Nr kms authorize-k-pT return_stdoutzAuthorized project z" to encrypt and decrypt with key: zProject z9 was already authorized to encrypt and decrypt with key: .)rrMUTABLE_KEY_NAME_TEMPLATErrCreateCryptoKeyr!GetKeyIamPolicybindingspopSetKeyIamPolicyextend RunGsUtilassertInr )r"specified_projectkey_namekey_fqn key_policy authorize_cmdstdout1stdout2s r$DoTestAuthorize#TestKmsSuccessCases.DoTestAuthorize9s0++EE1 wq!}gamI55Hll**4+;+;XFG--g6J       LL  5Kw7MD"345nn]$n?Gnn]$n?GMM 4 ' +,35 MM)$/ :NN ^^  dG j  F MMNNr&)r!rN)__name__ __module__ __qualname____firstlineno____doc__rrAssertionErrorrDrKrPrTrWrZrd__static_attributes__ __classcell__)r#s@r$rr*sS/@ qq1E2E8ND I''r&rz?These tests only check for failures when the XML API is forced.cH\rSrSrSr/SQrSrSrSrSr Sr S r S r S r g ) #TestKmsSubcommandsFailWhenXmlForcedzETests that kms subcommands fail early when forced to use the XML API.)) Credentialsgs_oauth2_refresh_tokenN)rqgs_service_client_idN)rqgs_service_key_fileN)rqgs_service_key_file_passwordN)rqgs_access_key_iddummykey)rqgs_secret_access_key dummysecretrc[UR5 URUSSS9nURSU5 SSS5 g!,(df  g=f)Nr(T)expected_status return_stderrz'The "kms" command can only be used with)rboto_config_hmac_auth_onlyr;r<)r" subcommandstderrs r$6DoTestSubcommandFailsWhenXmlForcedFromHmacInBotoConfigZTestKmsSubcommandsFailWhenXmlForced.DoTestSubcommandFailsWhenXmlForcedFromHmacInBotoConfigs? d== >~~j!4~Pf mm=vF ? > >s $A Ac*UR/SQ5 g)N)r-r]gs://dummybucketrrOs r$4testEncryptionFailsWhenXmlForcedFromHmacInBotoConfigXTestKmsSubcommandsFailWhenXmlForced.testEncryptionFailsWhenXmlForcedFromHmacInBotoConfigs??13r&c8URSSS[S/5 g)Nr-r]r/rr_DUMMY_KEYNAMErOs r$9testEncryptionDashKFailsWhenXmlForcedFromHmacInBotoConfig]TestKmsSubcommandsFailWhenXmlForced.testEncryptionDashKFailsWhenXmlForcedFromHmacInBotoConfigs ??  dN4FGIr&c*UR/SQ5 g)N)r-r]r^rrrOs r$9testEncryptionDashDFailsWhenXmlForcedFromHmacInBotoConfig]TestKmsSubcommandsFailWhenXmlForced.testEncryptionDashDFailsWhenXmlForcedFromHmacInBotoConfigs??79r&c*UR/SQ5 g)N)r-rGrrrOs r$8testServiceaccountFailsWhenXmlForcedFromHmacInBotoConfig\TestKmsSubcommandsFailWhenXmlForced.testServiceaccountFailsWhenXmlForcedFromHmacInBotoConfigs??57r&c8URSSS[S/5 g)Nr-r.r/rrrOs r$3testAuthorizeFailsWhenXmlForcedFromHmacInBotoConfigWTestKmsSubcommandsFailWhenXmlForced.testAuthorizeFailsWhenXmlForcedFromHmacInBotoConfigs ??  T>3EFHr&N)rfrgrhrirjr}rrrrrrrrlrr&r$roros8N <.G 3I97Hr&roc"\rSrSrSr\R "S5\R "S5\R "S5\R "S5S5555r\R "S5\R "S5\R "S5\R "S5S5555r\R "S5\R "S5\R "S5\R "S5S 5555r S r g ) TestKmsUnitTestszUnit tests for gsutil kms.Dgslib.cloud_api_delegator.CloudApiDelegator.GetProjectServiceAccountz7gslib.cloud_api_delegator.CloudApiDelegator.PatchBucket$gslib.kms_api.KmsApi.GetKeyIamPolicy$gslib.kms_api.KmsApi.SetKeyIamPolicyc UR5n/URlSURlUR SSS[ [ U5/SS9nURSU5 URUR5 g)Ndummy@google.comr-r]r/Tr1"Setting default KMS key for bucket) r_ return_valuer7 email_address RunCommandrrar< assertTruecalledr"mock_set_key_iam_policymock_get_key_iam_policymock_patch_bucket mock_get_project_service_accountrbrJs r$7testEncryptionSetKeySucceedsWhenUpdateKeyPolicySucceedsHTestKmsUnitTests.testEncryptionSetKeySucceedsWhenUpdateKeyPolicySucceedss""$J46((1BT$11? __ dNZ "F MM6?OO%,,-r&c UR5n[S5UlSURlUR SSS[ S[U5/SS9nURS U5 URUR5 g) NPermission deniedrr-r]r/-wTr1r) r_r side_effectrrrrrar<rrrs r$CtestEncryptionSetKeySucceedsWhenUpdateKeyPolicyFailsWithWarningFlagTTestKmsUnitTests.testEncryptionSetKeySucceedsWhenUpdateKeyPolicyFailsWithWarningFlags""$J*?+'BT$11? __ dNDZ "F MM6?OO%,,-r&c 4UR5n[S5UlSURlUR SSS[ [U5/SS9nURS5 g![a&nURSUR5 SnAgSnAff=f) Nrrr-r]r/Tr1z*Did not get expected AccessDeniedException) r_r rrrrrrafailr<reason)r"rrrrrbrJes r$CtestEncryptionSetKeyFailsWhenUpdateKeyPolicyFailsWithoutWarningFlagTTestKmsUnitTests.testEncryptionSetKeyFailsWhenUpdateKeyPolicyFailsWithoutWarningFlags""$J*?+'BT$11?3 ,nz"$f ii<= 3 mm'223s3A'' B1BBrN) rfrgrhrirjrpatchrrrrlrr&r$rrs"::LN::GH::45::45 .66IN .::LN::GH::45::45 .66IN .::LN::GH::45::45366IN 3r&rc\\rSrSrSr\R "S5\R "S5\R "S5S555rSr\R "S5\R "S5\R "S5S555r S r \R "S5S 5r S r g ) TestKmsUnitTestsWithShimiz%Unit tests for gsutil kms using shim.rrrc ASURl/URl[SS/5 [ SSS.5 UR SSS S S [ /S S 9nSRURS5nURSR[R"S5[ 5U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)NrGSUtiluse_gcloud_storageTruerhidden_shim_modedry_runrfake_dir(CLOUDSDK_CORE_PASS_CREDENTIALS_TO_GSUTILCLOUDSDK_ROOT_DIRr-r.r0foor/Treturn_log_handler infozRGcloud Storage Command: {} storage service-agent --project foo --authorize-cmek {}) rrr7rrrrjoinmessagesr<formatr_get_gcloud_binary_path)r"rrrmock_log_handler info_liness r$$test_shim_translates_authorize_flags=TestKmsUnitTestsWithShim.test_shim_translates_authorize_flagss BT$11?46((1 GHJ K 6<)"  ??5      3 ?C+DYY/88@A   11711*=~2O     K K   K Ks$CA3C3C C C C#c UR5n[SS/5 [SSS.5 URSSS[ U5/S S 9nS R UR S 5nURS R[R"S5[ U55U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)Nrrrrrr-r]r^TrrrzSGcloud Storage Command: {} storage buckets update --clear-default-encryption-key {} r_rrrrarrr<rrrr"rbrrs r$)test_shim_translates_clear_encryption_keyBTestKmsUnitTestsWithShim.test_shim_translates_clear_encryption_key&s""$J GHJ K 6<)"  ?? L$Z(89#+%YY/88@A   11711*=Z 2"#-  /  K K   K Ks#C A;B9(C 9 C C  Cc UR5nASURl/URl[ SS/5 [ SSS.5 UR SSS S [[U5/S S 9nS RURS5nURSR[R"S5[[U55U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)Nrrrrrrr-r]rr/TrrrzQGcloud Storage Command: {} storage buckets update --default-encryption-key {} {})r_rrr7rrrrrarrr<rrr)r"rrrrbrrs r$*test_shim_translates_update_encryption_keyCTestKmsUnitTestsWithShim.test_shim_translates_update_encryption_key9s""$JBT$11?46((1 GHJ K 6<)"  ?? L$n$&#+%YY/88@A   //5v11*=~Z 0"#-  /  K K   K Ks%C8BC'C8' C5 1C88 Dc UR5n[SS/5 [SSS.5 URSS[ U5/SS 9nS R UR S 5nURS R[R"S5[ U55U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f) Nrrrrrr-r]TrrrzGcloud Storage Command: {} storage buckets describe --format=value[separator=": "](name, encryption.defaultKmsKeyName.yesno(no="No default encryption key.")) --raw {}rrs r$,test_shim_translates_displays_encryption_keyETestKmsUnitTestsWithShim.test_shim_translates_displays_encryption_keyVs""$J GHJ K 6<)"  ?? L$z"23+NYY/88@A   y@@L#J/12<  >  K K   K Ks#C A:B8'C 8 C C  Cc SURl[SS/5 [SSS.5 UR S/SQS S 9nS R UR S 5nURS R[R"S55U5 SSS5 SSS5 g!,(df  N=f!,(df  g=f)Nrrrrrrr-)rGr0rTrrrz>Gcloud Storage Command: {} storage service-agent --project foo) rrrrrrrr<rrr)r"rrrs r$+test_shim_translates_serviceaccount_commandDTestKmsUnitTestsWithShim.test_shim_translates_serviceaccount_commandisCU$11? GHJ K 6<)"  ??5+J>B+DYY/88@A   #V11*=?@J L  K K   K Ks#B7A'B&B7& B4 0B77 CrN) rfrgrhrirjrrrrrrrrlrr&r$rrs-::LN::45::4566N8/&::LN::45::45/66N/2>&::LNLNLr&r)'rj __future__rrrrosrandomrunittestrgslib.cloud_apir gslib.project_idr gslib.tests.testcasetestsr)gslib.tests.testcase.integration_testcaser r r gslib.tests.utilrrarrgslib.utils.retry_utilr gslib.utilsrrGsUtilIntegrationTestCaserroGsUtilUnitTestCaserShimUnitTestBaserrr&r$rs)&%' 1.''A?@012(!: CD DEg(<<gFEgT CD NO'H(*L*L'HPE'HT>3x22>3ByLx88yLr&