From 60bbf2692d6b8045e29da3b57457ef5e91b5ba4a Mon Sep 17 00:00:00 2001 From: Jason Dobry Date: Wed, 23 Aug 2017 08:59:19 -0700 Subject: [PATCH] KMS: Makes samples consistent across languages. (#461) This change, in particular: * Consistently names variables with the API (locationId, keyRingId, cryptoKeyId). * Displays the function name in the region tag. * Correctly writes decoded base64 to disk and encodes file contents before calling KMS. * Correctly loads decoded base64 from disk. * Labels parameters as plaintextFileName and ciphertextFileName, rather than inFile and outFile where applicable. * Makes test failure messages more readable. --- kms/README.md | 24 +-- kms/keys.js | 334 +++++++++++++++++------------------ kms/system-test/keys.test.js | 60 +++---- 3 files changed, 210 insertions(+), 208 deletions(-) diff --git a/kms/README.md b/kms/README.md index 225438970b..5125d9cc8b 100644 --- a/kms/README.md +++ b/kms/README.md @@ -39,17 +39,19 @@ __Usage:__ `node keys.js --help` ``` Commands: - create Creates a crypto key. - decrypt Decrypts a file. - encrypt Encrypts a file. - get Gets a crypto key. - get-policy Gets a crypto key's IAM policy. - grant-access Adds a members to a crypto key's IAM policy. - keyrings Access key rings subcommands. - list Lists crypto keys. - revoke-access Removes a member from a crypto key's IAM policy. - set-primary Sets a crypto key's primary version. - versions Access crypto key versions subcommands. + create Creates a crypto key. + decrypt Decrypts a file. + + encrypt Encrypts a file. + + get Gets a crypto key. + get-policy Gets a crypto key's IAM policy. + grant-access Adds a members to a crypto key's IAM policy. + keyrings Access key rings subcommands. + list Lists crypto keys. + revoke-access Removes a member from a crypto key's IAM policy. + set-primary Sets a crypto key's primary version. + versions Access crypto key versions subcommands. Options: --help Show help [boolean] diff --git a/kms/keys.js b/kms/keys.js index b91d88b02d..0a65ee5f37 100644 --- a/kms/keys.js +++ b/kms/keys.js @@ -1,4 +1,4 @@ - /** + /** * Copyright 2017, Google, Inc. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,16 +17,16 @@ const Buffer = require('safe-buffer').Buffer; -function createKeyRing (projectId, location, keyRingName) { +function createKeyRing (projectId, locationId, keyRingId) { // [START kms_create_keyring] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the new key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the new key ring, e.g. "my-new-key-ring" - // const keyRingName = 'my-new-key-ring'; + // const keyRingId = 'my-new-key-ring'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -37,9 +37,9 @@ function createKeyRing (projectId, location, keyRingName) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}`, + parent: `projects/${projectId}/locations/${locationId}`, // This will be a path parameter in the request URL - keyRingId: keyRingName + keyRingId: keyRingId }; // Creates a new key ring @@ -55,13 +55,13 @@ function createKeyRing (projectId, location, keyRingName) { // [END kms_create_keyring] } -function listKeyRings (projectId, location) { +function listKeyRings (projectId, locationId) { // [START kms_list_keyrings] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location from which to list key rings, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -72,7 +72,7 @@ function listKeyRings (projectId, location) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}` + parent: `projects/${projectId}/locations/${locationId}` }; // Lists key rings @@ -97,16 +97,16 @@ function listKeyRings (projectId, location) { // [END kms_list_keyrings] } -function getKeyRing (projectId, location, keyRingName) { +function getKeyRing (projectId, locationId, keyRingId) { // [START kms_get_keyring] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -117,7 +117,7 @@ function getKeyRing (projectId, location, keyRingName) { const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}` }; // Gets a key ring @@ -134,16 +134,16 @@ function getKeyRing (projectId, location, keyRingName) { // [END kms_get_keyring] } -function getKeyRingIamPolicy (projectId, location, keyRingName) { +function getKeyRingIamPolicy (projectId, locationId, keyRingId) { // [START kms_get_keyring_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -154,7 +154,7 @@ function getKeyRingIamPolicy (projectId, location, keyRingName) { const request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}` }; // Gets the IAM policy of a key ring @@ -174,23 +174,23 @@ function getKeyRingIamPolicy (projectId, location, keyRingName) { } }); } else { - console.log(`Policy for key ring ${keyRingName} is empty.`); + console.log(`Policy for key ring ${keyRingId} is empty.`); } }); }); // [END kms_get_keyring_policy] } -function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, role) { +function addMemberToKeyRingPolicy (projectId, locationId, keyRingId, member, role) { // [START kms_add_member_to_keyring_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The member to add to the key ring, e.g. "user:developer@company.com" // const member = 'user:developer@company.com'; @@ -207,7 +207,7 @@ function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, rol let request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}` }; // Gets the IAM policy of a key ring @@ -235,7 +235,7 @@ function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, rol request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}`, + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}`, // This will be the request body resource: { policy: policy @@ -249,7 +249,7 @@ function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, rol return; } - console.log(`${member}/${role} combo added to policy for key ring ${keyRingName}.`); + console.log(`${member}/${role} combo added to policy for key ring ${keyRingId}.`); if (policy.bindings) { policy.bindings.forEach((binding) => { if (binding.members && binding.members.length) { @@ -260,7 +260,7 @@ function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, rol } }); } else { - console.log(`Policy for key ring ${keyRingName} is empty.`); + console.log(`Policy for key ring ${keyRingId} is empty.`); } }); }); @@ -268,16 +268,16 @@ function addMemberToKeyRingPolicy (projectId, location, keyRingName, member, rol // [END kms_add_member_to_keyring_policy] } -function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member, role) { +function removeMemberFromKeyRingPolicy (projectId, locationId, keyRingId, member, role) { // [START kms_remove_member_from_keyring_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The member to add to the key ring, e.g. "user:developer@company.com" // const member = 'user:developer@company.com'; @@ -294,7 +294,7 @@ function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member let request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}` }; // Gets the IAM policy of a key ring @@ -324,7 +324,7 @@ function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}`, + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}`, // This will be the request body resource: { policy: policy @@ -338,7 +338,7 @@ function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member return; } - console.log(`${member}/${role} combo removed from policy for key ring ${keyRingName}.`); + console.log(`${member}/${role} combo removed from policy for key ring ${keyRingId}.`); if (policy.bindings) { policy.bindings.forEach((binding) => { if (binding.members && binding.members.length) { @@ -349,7 +349,7 @@ function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member } }); } else { - console.log(`Policy for key ring ${keyRingName} is empty.`); + console.log(`Policy for key ring ${keyRingId} is empty.`); } }); }); @@ -357,19 +357,19 @@ function removeMemberFromKeyRingPolicy (projectId, location, keyRingName, member // [END kms_remove_member_from_keyring_policy] } -function createCryptoKey (projectId, location, keyRingName, keyName) { +function createCryptoKey (projectId, locationId, keyRingId, cryptoKeyId) { // [START kms_create_cryptokey] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the new crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the new crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name for the new crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -380,9 +380,9 @@ function createCryptoKey (projectId, location, keyRingName, keyName) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}`, + parent: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}`, // This will be a path parameter in the request URL - cryptoKeyId: keyName, + cryptoKeyId: cryptoKeyId, resource: { // This will allow the API access to the key for encryption and decryption @@ -403,16 +403,16 @@ function createCryptoKey (projectId, location, keyRingName, keyName) { // [END kms_create_cryptokey] } -function listCryptoKeys (projectId, location, keyRingName) { +function listCryptoKeys (projectId, locationId, keyRingId) { // [START kms_list_cryptokeys] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the key ring from which to list crypto keys, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the key ring from which to list crypto keys, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -423,7 +423,7 @@ function listCryptoKeys (projectId, location, keyRingName) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}` + parent: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}` }; // Creates a new key ring @@ -452,7 +452,7 @@ function listCryptoKeys (projectId, location, keyRingName) { // [END kms_list_cryptokeys] } -function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { +function encrypt (projectId, locationId, keyRingId, cryptoKeyId, plaintextFileName, ciphertextFileName) { // [START kms_encrypt] const fs = require('fs'); @@ -460,19 +460,19 @@ function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The path to the file to encrypt, e.g. "./path/to/plaintext.txt" - // const infile = './path/to/plaintext.txt'; + // const plaintextFileName = './path/to/plaintext.txt'; // The path where the encrypted file should be written, e.g. "./path/to/plaintext.txt.encrypted" - // const outfile = './path/to/plaintext.txt.encrypted'; + // const ciphertextFileName = './path/to/plaintext.txt.encrypted'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -482,7 +482,7 @@ function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { } // Reads the file to be encrypted - fs.readFile(infile, (err, contentsBuffer) => { + fs.readFile(plaintextFileName, (err, contentsBuffer) => { if (err) { console.log(err); return; @@ -490,7 +490,7 @@ function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}`, + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}`, // This will be the request body resource: { plaintext: contentsBuffer.toString('base64') @@ -505,14 +505,14 @@ function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { } // Writes the encrypted file to disk - fs.writeFile(outfile, Buffer.from(result.ciphertext), (err) => { + fs.writeFile(ciphertextFileName, Buffer.from(result.ciphertext, 'base64'), (err) => { if (err) { console.log(err); return; } - console.log(`Encrypted ${infile} using ${result.name}.`); - console.log(`Result saved to ${outfile}.`); + console.log(`Encrypted ${plaintextFileName} using ${result.name}.`); + console.log(`Result saved to ${ciphertextFileName}.`); }); }); }); @@ -520,7 +520,7 @@ function encrypt (projectId, location, keyRingName, keyName, infile, outfile) { // [END kms_encrypt] } -function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { +function decrypt (projectId, locationId, keyRingId, cryptoKeyId, ciphertextFileName, plaintextFileName) { // [START kms_decrypt] const fs = require('fs'); @@ -528,19 +528,19 @@ function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The path to the file to decrypt, e.g. "./path/to/plaintext.txt.encrypted" - // const infile = './path/to/plaintext.txt.encrypted'; + // const ciphertextFileName = './path/to/plaintext.txt.encrypted'; // The path where the decrypted file should be written, e.g. "./path/to/plaintext.txt.decrypted" - // const outfile = './path/to/plaintext.txt.decrypted'; + // const plaintextFileName = './path/to/plaintext.txt.decrypted'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -550,7 +550,7 @@ function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { } // Reads the file to be decrypted - fs.readFile(infile, 'utf8', (err, contentsBuffer) => { + fs.readFile(ciphertextFileName, (err, contentsBuffer) => { if (err) { console.log(err); return; @@ -558,10 +558,10 @@ function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}`, + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}`, // This will be the request body resource: { - ciphertext: contentsBuffer + ciphertext: contentsBuffer.toString('base64') } }; @@ -573,13 +573,13 @@ function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { } // Writes the dencrypted file to disk - fs.writeFile(outfile, Buffer.from(result.plaintext, 'base64'), (err) => { + fs.writeFile(plaintextFileName, Buffer.from(result.plaintext, 'base64'), (err) => { if (err) { console.log(err); return; } - console.log(`Decrypted ${infile}, result saved to ${outfile}.`); + console.log(`Decrypted ${ciphertextFileName}, result saved to ${plaintextFileName}.`); }); }); }); @@ -587,19 +587,19 @@ function decrypt (projectId, location, keyRingName, keyName, infile, outfile) { // [END kms_decrypt] } -function getCryptoKey (projectId, location, keyRingName, keyName) { +function getCryptoKey (projectId, locationId, keyRingId, cryptoKeyId) { // [START kms_get_cryptokey] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -610,7 +610,7 @@ function getCryptoKey (projectId, location, keyRingName, keyName) { const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Gets a crypto key @@ -631,19 +631,19 @@ function getCryptoKey (projectId, location, keyRingName, keyName) { // [END kms_get_cryptokey] } -function setPrimaryCryptoKeyVersion (projectId, location, keyRingName, keyName, version) { +function setPrimaryCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId, version) { // [START kms_set_cryptokey_primary_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The version's id, e.g. 123 // const version = 123; @@ -657,7 +657,7 @@ function setPrimaryCryptoKeyVersion (projectId, location, keyRingName, keyName, const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}`, + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}`, // This will be the request body resource: { cryptoKeyVersionId: `${version}` @@ -671,7 +671,7 @@ function setPrimaryCryptoKeyVersion (projectId, location, keyRingName, keyName, return; } - console.log(`Set ${version} as primary version for crypto key ${keyName}.\n`); + console.log(`Set ${version} as primary version for crypto key ${cryptoKeyId}.\n`); console.log(`Name: ${cryptoKey.name}:`); console.log(`Created: ${new Date(cryptoKey.createTime)}`); console.log(`Purpose: ${cryptoKey.purpose}`); @@ -683,19 +683,19 @@ function setPrimaryCryptoKeyVersion (projectId, location, keyRingName, keyName, // [END kms_set_cryptokey_primary_version] } -function getCryptoKeyIamPolicy (projectId, location, keyRingName, keyName) { +function getCryptoKeyIamPolicy (projectId, locationId, keyRingId, cryptoKeyId) { // [START kms_get_cryptokey_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -706,7 +706,7 @@ function getCryptoKeyIamPolicy (projectId, location, keyRingName, keyName) { const request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Gets the IAM policy of a crypto key @@ -726,26 +726,26 @@ function getCryptoKeyIamPolicy (projectId, location, keyRingName, keyName) { } }); } else { - console.log(`Policy for crypto key ${keyName} is empty.`); + console.log(`Policy for crypto key ${cryptoKeyId} is empty.`); } }); }); // [END kms_get_cryptokey_policy] } -function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, member, role) { +function addMemberToCryptoKeyPolicy (projectId, locationId, keyRingId, cryptoKeyId, member, role) { // [START kms_add_member_to_cryptokey_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The member to add to the crypto key, e.g. "user:developer@company.com" // const member = 'user:developer@company.com'; @@ -762,7 +762,7 @@ function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, let request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Gets the IAM policy of a crypto key @@ -790,7 +790,7 @@ function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}`, + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}`, // This will be the request body resource: { policy: policy @@ -804,7 +804,7 @@ function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, return; } - console.log(`${member}/${role} combo added to policy for crypto key ${keyName}.`); + console.log(`${member}/${role} combo added to policy for crypto key ${cryptoKeyId}.`); if (policy.bindings) { policy.bindings.forEach((binding) => { if (binding.members && binding.members.length) { @@ -815,7 +815,7 @@ function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, } }); } else { - console.log(`Policy for crypto key ${keyName} is empty.`); + console.log(`Policy for crypto key ${cryptoKeyId} is empty.`); } }); }); @@ -823,19 +823,19 @@ function addMemberToCryptoKeyPolicy (projectId, location, keyRingName, keyName, // [END kms_add_member_to_cryptokey_policy] } -function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyName, member, role) { +function removeMemberFromCryptoKeyPolicy (projectId, locationId, keyRingId, cryptoKeyId, member, role) { // [START kms_remove_member_from_cryptokey_policy] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The member to add to the crypto key, e.g. "user:developer@company.com" // const member = 'user:developer@company.com'; @@ -852,7 +852,7 @@ function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyN let request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Gets the IAM policy of a crypto key @@ -882,7 +882,7 @@ function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyN request = { // This will be a path parameter in the request URL - resource_: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}`, + resource_: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}`, // This will be the request body resource: { policy: policy @@ -898,7 +898,7 @@ function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyN return; } - console.log(`${member}/${role} combo removed from policy for crypto key ${keyName}.`); + console.log(`${member}/${role} combo removed from policy for crypto key ${cryptoKeyId}.`); if (policy.bindings) { policy.bindings.forEach((binding) => { if (binding.members && binding.members.length) { @@ -909,7 +909,7 @@ function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyN } }); } else { - console.log(`Policy for crypto key ${keyName} is empty.`); + console.log(`Policy for crypto key ${cryptoKeyId} is empty.`); } }); }); @@ -917,19 +917,19 @@ function removeMemberFromCryptoKeyPolicy (projectId, location, keyRingName, keyN // [END kms_remove_member_from_cryptokey_policy] } -function createCryptoKeyVersion (projectId, location, keyRingName, keyName) { +function createCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId) { // [START kms_create_cryptokey_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -940,7 +940,7 @@ function createCryptoKeyVersion (projectId, location, keyRingName, keyName) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + parent: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Creates a new crypto key version @@ -956,19 +956,19 @@ function createCryptoKeyVersion (projectId, location, keyRingName, keyName) { // [END kms_create_cryptokey_version] } -function listCryptoKeyVersions (projectId, location, keyRingName, keyName) { +function listCryptoKeyVersions (projectId, locationId, keyRingId, cryptoKeyId) { // [START kms_list_cryptokey_versions] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the crypto key from which to list versions, e.g. "my-key" - // const keyName = 'my-key-ring'; + // const cryptoKeyId = 'my-key-ring'; // Builds and authorizes a Cloud KMS client buildAndAuthorizeService((err, cloudkms) => { @@ -979,7 +979,7 @@ function listCryptoKeyVersions (projectId, location, keyRingName, keyName) { const request = { // This will be a path parameter in the request URL - parent: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}` + parent: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}` }; // Creates a new key ring @@ -1005,19 +1005,19 @@ function listCryptoKeyVersions (projectId, location, keyRingName, keyName) { // [END kms_list_cryptokey_versions] } -function destroyCryptoKeyVersion (projectId, location, keyRingName, keyName, version) { +function destroyCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId, version) { // [START kms_destroy_cryptokey_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The version's id, e.g. 123 // const version = 123; @@ -1031,7 +1031,7 @@ function destroyCryptoKeyVersion (projectId, location, keyRingName, keyName, ver const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}/cryptoKeyVersions/${version}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}/cryptoKeyVersions/${version}` }; // Destroys a crypto key version @@ -1047,19 +1047,19 @@ function destroyCryptoKeyVersion (projectId, location, keyRingName, keyName, ver // [END kms_destroy_cryptokey_version] } -function restoreCryptoKeyVersion (projectId, location, keyRingName, keyName, version) { +function restoreCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId, version) { // [START kms_restore_cryptokey_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The version's id, e.g. 123 // const version = 123; @@ -1073,7 +1073,7 @@ function restoreCryptoKeyVersion (projectId, location, keyRingName, keyName, ver const request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}/cryptoKeyVersions/${version}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}/cryptoKeyVersions/${version}` }; // Restores a crypto key version @@ -1089,19 +1089,19 @@ function restoreCryptoKeyVersion (projectId, location, keyRingName, keyName, ver // [END kms_restore_cryptokey_version] } -function enableCryptoKeyVersion (projectId, location, keyRingName, keyName, version) { +function enableCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId, version) { // [START kms_enable_cryptokey_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The version's id, e.g. 123 // const version = 123; @@ -1115,7 +1115,7 @@ function enableCryptoKeyVersion (projectId, location, keyRingName, keyName, vers let request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}/cryptoKeyVersions/${version}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}/cryptoKeyVersions/${version}` }; // Gets a crypto key version @@ -1150,19 +1150,19 @@ function enableCryptoKeyVersion (projectId, location, keyRingName, keyName, vers // [END kms_enable_cryptokey_version] } -function disableCryptoKeyVersion (projectId, location, keyRingName, keyName, version) { +function disableCryptoKeyVersion (projectId, locationId, keyRingId, cryptoKeyId, version) { // [START kms_disable_cryptokey_version] // Your Google Cloud Platform project ID // const projectId = 'YOUR_PROJECT_ID'; // The location of the crypto key versions's key ring, e.g. "global" - // const location = 'global'; + // const locationId = 'global'; // The name of the crypto key version's key ring, e.g. "my-key-ring" - // const keyRingName = 'my-key-ring'; + // const keyRingId = 'my-key-ring'; // The name of the version's crypto key, e.g. "my-key" - // const keyName = 'my-key'; + // const cryptoKeyId = 'my-key'; // The version's id, e.g. 123 // const version = 123; @@ -1176,7 +1176,7 @@ function disableCryptoKeyVersion (projectId, location, keyRingName, keyName, ver let request = { // This will be a path parameter in the request URL - name: `projects/${projectId}/locations/${location}/keyRings/${keyRingName}/cryptoKeys/${keyName}/cryptoKeyVersions/${version}` + name: `projects/${projectId}/locations/${locationId}/keyRings/${keyRingId}/cryptoKeys/${cryptoKeyId}/cryptoKeyVersions/${version}` }; // Gets a crypto key version @@ -1286,40 +1286,40 @@ function disableCryptoKeyVersion (projectId, location, keyRingName, keyName, ver const cli = require(`yargs`) .demand(1) .command( - `create `, + `create `, `Creates a crypto key.`, {}, - (opts) => createCryptoKey(opts.projectId, opts.location, opts.keyRingName, opts.keyName) + (opts) => createCryptoKey(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey) ) .command( - `decrypt `, + `decrypt `, `Decrypts a file.`, {}, - (opts) => decrypt(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.infile, opts.outfile) + (opts) => decrypt(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.ciphertextFileName, opts.plaintextFileName) ) .command( - `encrypt `, + `encrypt `, `Encrypts a file.`, {}, - (opts) => encrypt(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.infile, opts.outfile) + (opts) => encrypt(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.plaintextFileName, opts.ciphertextFileName) ) .command( - `get `, + `get `, `Gets a crypto key.`, {}, - (opts) => getCryptoKey(opts.projectId, opts.location, opts.keyRingName, opts.keyName) + (opts) => getCryptoKey(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey) ) .command( - `get-policy `, + `get-policy `, `Gets a crypto key's IAM policy.`, {}, - (opts) => getCryptoKeyIamPolicy(opts.projectId, opts.location, opts.keyRingName, opts.keyName) + (opts) => getCryptoKeyIamPolicy(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey) ) .command( - `grant-access `, + `grant-access `, `Adds a members to a crypto key's IAM policy.`, {}, - (opts) => addMemberToCryptoKeyPolicy(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.member, opts.role) + (opts) => addMemberToCryptoKeyPolicy(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.member, opts.role) ) .command( `keyrings `, @@ -1327,10 +1327,10 @@ const cli = require(`yargs`) (yargs) => { yargs .command( - `create `, + `create `, `Creates a key ring.`, {}, - (opts) => createKeyRing(opts.projectId, opts.location, opts.keyRingName) + (opts) => createKeyRing(opts.projectId, opts.location, opts.keyRing) ) .command( `list`, @@ -1339,49 +1339,49 @@ const cli = require(`yargs`) (opts) => listKeyRings(opts.projectId, opts.location) ) .command( - `get `, + `get `, `Gets a key ring.`, {}, - (opts) => getKeyRing(opts.projectId, opts.location, opts.keyRingName) + (opts) => getKeyRing(opts.projectId, opts.location, opts.keyRing) ) .command( - `get-policy `, + `get-policy `, `Gets a key ring's IAM policy.`, {}, - (opts) => getKeyRingIamPolicy(opts.projectId, opts.location, opts.keyRingName) + (opts) => getKeyRingIamPolicy(opts.projectId, opts.location, opts.keyRing) ) .command( - `grant-access `, + `grant-access `, `Adds a members to a key ring's IAM policy.`, {}, - (opts) => addMemberToKeyRingPolicy(opts.projectId, opts.location, opts.keyRingName, opts.member, opts.role) + (opts) => addMemberToKeyRingPolicy(opts.projectId, opts.location, opts.keyRing, opts.member, opts.role) ) .command( - `revoke-access `, + `revoke-access `, `Removes a member from a key ring's IAM policy.`, {}, - (opts) => removeMemberFromKeyRingPolicy(opts.projectId, opts.location, opts.keyRingName, opts.member, opts.role) + (opts) => removeMemberFromKeyRingPolicy(opts.projectId, opts.location, opts.keyRing, opts.member, opts.role) ); }, () => {} ) .command( - `list `, + `list `, `Lists crypto keys.`, {}, - (opts) => listCryptoKeys(opts.projectId, opts.location, opts.keyRingName) + (opts) => listCryptoKeys(opts.projectId, opts.location, opts.keyRing) ) .command( - `revoke-access `, + `revoke-access `, `Removes a member from a crypto key's IAM policy.`, {}, - (opts) => removeMemberFromCryptoKeyPolicy(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.member, opts.role) + (opts) => removeMemberFromCryptoKeyPolicy(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.member, opts.role) ) .command( - `set-primary `, + `set-primary `, `Sets a crypto key's primary version.`, {}, - (opts) => setPrimaryCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.version) + (opts) => setPrimaryCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.version) ) .command( `versions `, @@ -1389,40 +1389,40 @@ const cli = require(`yargs`) (yargs) => { yargs .command( - `create `, + `create `, `Creates a crypto key version.`, {}, - (opts) => createCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName) + (opts) => createCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey) ) .command( - `destroy `, + `destroy `, `Destroys a crypto key version.`, {}, - (opts) => destroyCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.version) + (opts) => destroyCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.version) ) .command( - `disable `, + `disable `, `Disables a crypto key version.`, {}, - (opts) => disableCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.version) + (opts) => disableCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.version) ) .command( - `enable `, + `enable `, `Enables a crypto key version.`, {}, - (opts) => enableCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.version) + (opts) => enableCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.version) ) .command( - `list `, + `list `, `Lists crypto key versions.`, {}, - (opts) => listCryptoKeyVersions(opts.projectId, opts.location, opts.keyRingName, opts.keyName) + (opts) => listCryptoKeyVersions(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey) ) .command( - `restore `, + `restore `, `Restores a crypto key version.`, {}, - (opts) => restoreCryptoKeyVersion(opts.projectId, opts.location, opts.keyRingName, opts.keyName, opts.version) + (opts) => restoreCryptoKeyVersion(opts.projectId, opts.location, opts.keyRing, opts.cryptoKey, opts.version) ); }, () => {} diff --git a/kms/system-test/keys.test.js b/kms/system-test/keys.test.js index 2144d9523e..3698e86040 100644 --- a/kms/system-test/keys.test.js +++ b/kms/system-test/keys.test.js @@ -61,46 +61,46 @@ test.serial(`should create a key ring`, async (t) => { t.plan(0); const output = await tools.runAsync(`${cmd} keyrings create "${keyRingName}"`, cwd); if (!output.includes(`KeyRing ${formattedKeyRingName} already exists`)) { - t.true(output.includes(`Key ring ${formattedKeyRingName} created.`)); + t.regex(output, new RegExp(`Key ring ${formattedKeyRingName} created.`)); } }); test.serial(`should list key rings`, async (t) => { await tools.tryTest(async () => { const output = await tools.runAsync(`${cmd} keyrings list`, cwd); - t.true(output.includes(formattedKeyRingName)); + t.regex(output, new RegExp(formattedKeyRingName)); }).start(); }); test.serial(`should get a key ring`, async (t) => { const output = await tools.runAsync(`${cmd} keyrings get "${keyRingName}"`, cwd); - t.true(output.includes(`Name: ${formattedKeyRingName}`)); - t.true(output.includes(`Created: `)); + t.regex(output, new RegExp(`Name: ${formattedKeyRingName}`)); + t.regex(output, new RegExp(`Created: `)); }); // Key ring IAM tests test.serial(`should get a key ring's empty IAM policy`, async (t) => { const output = await tools.runAsync(`${cmd} keyrings get-policy "${keyRingName}"`, cwd); - t.true(output.includes(`Policy for key ring ${keyRingName} is empty.`)); + t.regex(output, new RegExp(`Policy for key ring ${keyRingName} is empty.`)); }); test.serial(`should grant access to a key ring`, async (t) => { const output = await tools.runAsync(`${cmd} keyrings grant-access "${keyRingName}" ${member} ${role}`, cwd); - t.true(output.includes(`${member}/${role} combo added to policy for key ring ${keyRingName}.`)); + t.regex(output, new RegExp(`${member}/${role} combo added to policy for key ring ${keyRingName}.`)); }); test.serial(`should get a key ring's updated IAM policy`, async (t) => { await tools.tryTest(async () => { const output = await tools.runAsync(`${cmd} keyrings get-policy "${keyRingName}"`, cwd); - t.true(output.includes(`${role}:`)); - t.true(output.includes(` ${member}`)); + t.regex(output, new RegExp(`${role}:`)); + t.regex(output, new RegExp(` ${member}`)); }).start(); }); test.serial(`should revoke access to a key ring`, async (t) => { const output = await tools.runAsync(`${cmd} keyrings revoke-access "${keyRingName}" ${member} ${role}`, cwd); - t.true(output.includes(`${member}/${role} combo removed from policy for key ring ${keyRingName}.`)); + t.regex(output, new RegExp(`${member}/${role} combo removed from policy for key ring ${keyRingName}.`)); }); // Crypto key tests @@ -108,95 +108,95 @@ test.serial(`should create a key`, async (t) => { t.plan(0); const output = await tools.runAsync(`${cmd} create "${keyRingName}" "${keyNameOne}"`, cwd); if (!output.includes(`CryptoKey ${formattedKeyName} already exists`)) { - t.true(output.includes(`Key ${formattedKeyName} created.`)); + t.regex(output, new RegExp(`Key ${formattedKeyName} created.`)); } }); test.serial(`should list keys`, async (t) => { await tools.tryTest(async () => { const output = await tools.runAsync(`${cmd} list "${keyRingName}"`, cwd); - t.true(output.includes(formattedKeyName)); + t.regex(output, new RegExp(formattedKeyName)); }).start(); }); test.serial(`should get a key`, async (t) => { const output = await tools.runAsync(`${cmd} get "${keyRingName}" "${keyNameOne}"`, cwd); - t.true(output.includes(`Name: ${formattedKeyName}`)); - t.true(output.includes(`Created: `)); + t.regex(output, new RegExp(`Name: ${formattedKeyName}`)); + t.regex(output, new RegExp(`Created: `)); }); test.serial(`should set a crypto key's primary version`, async (t) => { const output = await tools.runAsync(`${cmd} set-primary "${keyRingName}" "${keyNameOne}" 1`, cwd); - t.true(output.includes(`Set 1 as primary version for crypto key ${keyNameOne}.\n`)); + t.regex(output, new RegExp(`Set 1 as primary version for crypto key ${keyNameOne}.\n`)); }); test.serial(`should encrypt a file`, async (t) => { const output = await tools.runAsync(`${cmd} encrypt "${keyRingName}" "${keyNameOne}" "${plaintext}" "${ciphertext}"`, cwd); - t.true(output.includes(`Encrypted ${plaintext} using ${formattedKeyName}/cryptoKeyVersions/1.`)); - t.true(output.includes(`Result saved to ${ciphertext}.`)); + t.regex(output, new RegExp(`Encrypted ${plaintext} using ${formattedKeyName}/cryptoKeyVersions/1.`)); + t.regex(output, new RegExp(`Result saved to ${ciphertext}.`)); }); test.serial(`should decrypt a file`, async (t) => { const output = await tools.runAsync(`${cmd} decrypt "${keyRingName}" "${keyNameOne}" "${ciphertext}" "${decrypted}"`, cwd); - t.true(output.includes(`Decrypted ${ciphertext}, result saved to ${decrypted}.`)); + t.regex(output, new RegExp(`Decrypted ${ciphertext}, result saved to ${decrypted}.`)); t.is(fs.readFileSync(plaintext, 'utf8'), fs.readFileSync(decrypted, 'utf8')); }); test.serial(`should create a crypto key version`, async (t) => { const output = await tools.runAsync(`${cmd} versions create "${keyRingName}" "${keyNameOne}"`, cwd); - t.true(output.includes(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/`)); - t.true(output.includes(` created.`)); + t.regex(output, new RegExp(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/`)); + t.regex(output, new RegExp(` created.`)); }); test.serial(`should list crypto key versions`, async (t) => { await tools.tryTest(async () => { const output = await tools.runAsync(`${cmd} versions list "${keyRingName}" "${keyNameOne}"`, cwd); - t.true(output.includes(`${formattedKeyName}/cryptoKeyVersions/1`)); - t.true(output.includes(`${formattedKeyName}/cryptoKeyVersions/2`)); + t.regex(output, new RegExp(`${formattedKeyName}/cryptoKeyVersions/1`)); + t.regex(output, new RegExp(`${formattedKeyName}/cryptoKeyVersions/2`)); }).start(); }); test.serial(`should destroy a crypto key version`, async (t) => { const output = await tools.runAsync(`${cmd} versions destroy "${keyRingName}" "${keyNameOne}" 2`, cwd); - t.true(output.includes(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 destroyed.`)); + t.regex(output, new RegExp(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 destroyed.`)); }); test.serial(`should restore a crypto key version`, async (t) => { const output = await tools.runAsync(`${cmd} versions restore "${keyRingName}" "${keyNameOne}" 2`, cwd); - t.true(output.includes(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 restored.`)); + t.regex(output, new RegExp(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 restored.`)); }); test.serial(`should enable a crypto key version`, async (t) => { const output = await tools.runAsync(`${cmd} versions enable "${keyRingName}" "${keyNameOne}" 2`, cwd); - t.true(output.includes(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 enabled.`)); + t.regex(output, new RegExp(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 enabled.`)); }); test.serial(`should disable a crypto key version`, async (t) => { const output = await tools.runAsync(`${cmd} versions disable "${keyRingName}" "${keyNameOne}" 2`, cwd); - t.true(output.includes(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 disabled.`)); + t.regex(output, new RegExp(`Crypto key version ${formattedKeyName}/cryptoKeyVersions/2 disabled.`)); }); // Crypto key IAM tests test.serial(`should get a crypto key's empty IAM policy`, async (t) => { const output = await tools.runAsync(`${cmd} get-policy "${keyRingName}" "${keyNameOne}"`, cwd); - t.true(output.includes(`Policy for crypto key ${keyNameOne} is empty.`)); + t.regex(output, new RegExp(`Policy for crypto key ${keyNameOne} is empty.`)); }); test.serial(`should grant access to a crypto key`, async (t) => { const output = await tools.runAsync(`${cmd} grant-access "${keyRingName}" "${keyNameOne}" ${member} ${role}`, cwd); - t.true(output.includes(`${member}/${role} combo added to policy for crypto key ${keyNameOne}.`)); + t.regex(output, new RegExp(`${member}/${role} combo added to policy for crypto key ${keyNameOne}.`)); }); test.serial(`should get a crypto key's updated IAM policy`, async (t) => { await tools.tryTest(async () => { const output = await tools.runAsync(`${cmd} get-policy "${keyRingName}" "${keyNameOne}"`, cwd); - t.true(output.includes(`${role}:`)); - t.true(output.includes(` ${member}`)); + t.regex(output, new RegExp(`${role}:`)); + t.regex(output, new RegExp(` ${member}`)); }).start(); }); test.serial(`should revoke access to a crypto key`, async (t) => { const output = await tools.runAsync(`${cmd} revoke-access "${keyRingName}" "${keyNameOne}" ${member} ${role}`, cwd); - t.true(output.includes(`${member}/${role} combo removed from policy for crypto key ${keyNameOne}.`)); + t.regex(output, new RegExp(`${member}/${role} combo removed from policy for crypto key ${keyNameOne}.`)); });