Example 6 with KeyRingName
use of com.google.cloud.kms.v1.KeyRingName in project java-docs-samples by GoogleCloudPlatform.
the class IamAddMember method iamAddMember.
// Add the given IAM member to the key.
public void iamAddMember(String projectId, String locationId, String keyRingId, String keyId, String member) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
// Get the current policy.
Policy policy = client.getIamPolicy(resourceName);
// Create a new IAM binding for the member and role.
Binding binding = Binding.newBuilder().setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter").addMembers(member).build();
// Add the binding to the policy.
Policy newPolicy = policy.toBuilder().addBindings(binding).build();
client.setIamPolicy(resourceName, newPolicy);
System.out.printf("Updated IAM policy for %s%n", resourceName.toString());
}
}
Also used :
Policy(com.google.iam.v1.Policy)
Binding(com.google.iam.v1.Binding)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 7 with KeyRingName
use of com.google.cloud.kms.v1.KeyRingName in project java-docs-samples by GoogleCloudPlatform.
the class IamGetPolicy method iamGetPolicy.
// Get the IAM policy for the given key.
public void iamGetPolicy(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
// Get the current policy.
Policy policy = client.getIamPolicy(resourceName);
// Print the policy.
System.out.printf("IAM policy:%n");
for (Binding binding : policy.getBindingsList()) {
System.out.printf("%s%n", binding.getRole());
for (String member : binding.getMembersList()) {
System.out.printf("- %s%n", member);
}
}
}
}
Also used :
Policy(com.google.iam.v1.Policy)
Binding(com.google.iam.v1.Binding)
CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 8 with KeyRingName
use of com.google.cloud.kms.v1.KeyRingName in project java-docs-samples by GoogleCloudPlatform.
the class CreateKeyAsymmetricDecrypt method createKeyAsymmetricDecrypt.
// Create a new asymmetric key for the purpose of encrypting and decrypting
// data.
public void createKeyAsymmetricDecrypt(String projectId, String locationId, String keyRingId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
// Build the asymmetric key to create.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ASYMMETRIC_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256)).build();
// Create the key.
CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
System.out.printf("Created asymmetric key %s%n", createdKey.getName());
}
}
Also used :
CryptoKey(com.google.cloud.kms.v1.CryptoKey)
KeyRingName(com.google.cloud.kms.v1.KeyRingName)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 9 with KeyRingName
use of com.google.cloud.kms.v1.KeyRingName in project java-docs-samples by GoogleCloudPlatform.
the class CreateKeyHsm method createKeyHsm.
// Create a new key that is stored in an HSM.
public void createKeyHsm(String projectId, String locationId, String keyRingId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
// Build the hsm key to create.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
// Create the key.
CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
System.out.printf("Created hsm key %s%n", createdKey.getName());
}
}
Also used :
CryptoKey(com.google.cloud.kms.v1.CryptoKey)
KeyRingName(com.google.cloud.kms.v1.KeyRingName)
KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)
Example 10 with KeyRingName
use of com.google.cloud.kms.v1.KeyRingName in project java-kms by googleapis.
the class KeyManagementServiceClientTest method listImportJobsTest.
@Test
public void listImportJobsTest() throws Exception {
ImportJob responsesElement = ImportJob.newBuilder().build();
ListImportJobsResponse expectedResponse = ListImportJobsResponse.newBuilder().setNextPageToken("").addAllImportJobs(Arrays.asList(responsesElement)).build();
mockKeyManagementService.addResponse(expectedResponse);
KeyRingName parent = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
ListImportJobsPagedResponse pagedListResponse = client.listImportJobs(parent);
List<ImportJob> resources = Lists.newArrayList(pagedListResponse.iterateAll());
Assert.assertEquals(1, resources.size());
Assert.assertEquals(expectedResponse.getImportJobsList().get(0), resources.get(0));
List<AbstractMessage> actualRequests = mockKeyManagementService.getRequests();
Assert.assertEquals(1, actualRequests.size());
ListImportJobsRequest actualRequest = ((ListImportJobsRequest) actualRequests.get(0));
Assert.assertEquals(parent.toString(), actualRequest.getParent());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used :
AbstractMessage(com.google.protobuf.AbstractMessage)
ListImportJobsPagedResponse(com.google.cloud.kms.v1.KeyManagementServiceClient.ListImportJobsPagedResponse)
Test(org.junit.Test)
Aggregations
KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)22
KeyRingName (com.google.cloud.kms.v1.KeyRingName)17
CryptoKey (com.google.cloud.kms.v1.CryptoKey)16
CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)7
Binding (com.google.iam.v1.Binding)6
Policy (com.google.iam.v1.Policy)6
AbstractMessage (com.google.protobuf.AbstractMessage)4
Test (org.junit.Test)4
ListCryptoKeysPagedResponse (com.google.cloud.kms.v1.KeyManagementServiceClient.ListCryptoKeysPagedResponse)2
ListImportJobsPagedResponse (com.google.cloud.kms.v1.KeyManagementServiceClient.ListImportJobsPagedResponse)2
KeyManagementServiceBlockingStub (com.google.cloud.kms.v1.KeyManagementServiceGrpc.KeyManagementServiceBlockingStub)2
KeyRing (com.google.cloud.kms.v1.KeyRing)2
StatusRuntimeException (io.grpc.StatusRuntimeException)2
NotFoundException (com.google.api.gax.rpc.NotFoundException)1
CreateCryptoKeyRequest (com.google.cloud.kms.v1.CreateCryptoKeyRequest)1
CreateKeyRingRequest (com.google.cloud.kms.v1.CreateKeyRingRequest)1
GetCryptoKeyRequest (com.google.cloud.kms.v1.GetCryptoKeyRequest)1
GetKeyRingRequest (com.google.cloud.kms.v1.GetKeyRingRequest)1
ImportJob (com.google.cloud.kms.v1.ImportJob)1
KeyManagementServiceGrpc (com.google.cloud.kms.v1.KeyManagementServiceGrpc)1
