From b2b59f0eb4a00eb69393687c6eb3eac180449a03 Mon Sep 17 00:00:00 2001 From: Fedor Isakov Date: Thu, 22 Jul 2021 18:22:12 +0300 Subject: [PATCH 01/84] feat(samples): private CA python samples --- privateca/snippets/conftest.py | 58 ++++ privateca/snippets/create_ca_pool.py | 53 ++++ privateca/snippets/create_certificate.py | 115 ++++++++ .../snippets/create_certificate_authority.py | 97 +++++++ privateca/snippets/delete_ca_pool.py | 45 +++ .../snippets/delete_certificate_authority.py | 76 ++++++ .../snippets/disable_certificate_authority.py | 58 ++++ .../snippets/enable_certificate_authority.py | 61 +++++ privateca/snippets/list_ca_pools.py | 46 ++++ .../snippets/list_certificate_authorities.py | 42 +++ privateca/snippets/list_certificates.py | 46 ++++ privateca/snippets/noxfile.py | 258 ++++++++++++++++++ privateca/snippets/noxfile_config.py | 38 +++ privateca/snippets/requirements-test.txt | 2 + privateca/snippets/requirements.txt | 2 + privateca/snippets/revoke_certificate.py | 64 +++++ privateca/snippets/test_ca_pools.py | 74 +++++ .../snippets/test_certificate_authorities.py | 96 +++++++ privateca/snippets/test_certificates.py | 115 ++++++++ 19 files changed, 1346 insertions(+) create mode 100644 privateca/snippets/conftest.py create mode 100644 privateca/snippets/create_ca_pool.py create mode 100644 privateca/snippets/create_certificate.py create mode 100644 privateca/snippets/create_certificate_authority.py create mode 100644 privateca/snippets/delete_ca_pool.py create mode 100644 privateca/snippets/delete_certificate_authority.py create mode 100644 privateca/snippets/disable_certificate_authority.py create mode 100644 privateca/snippets/enable_certificate_authority.py create mode 100644 privateca/snippets/list_ca_pools.py create mode 100644 privateca/snippets/list_certificate_authorities.py create mode 100644 privateca/snippets/list_certificates.py create mode 100644 privateca/snippets/noxfile.py create mode 100644 privateca/snippets/noxfile_config.py create mode 100644 privateca/snippets/requirements-test.txt create mode 100644 privateca/snippets/requirements.txt create mode 100644 privateca/snippets/revoke_certificate.py create mode 100644 privateca/snippets/test_ca_pools.py create mode 100644 privateca/snippets/test_certificate_authorities.py create mode 100644 privateca/snippets/test_certificates.py diff --git a/privateca/snippets/conftest.py b/privateca/snippets/conftest.py new file mode 100644 index 000000000000..e3cc338a5039 --- /dev/null +++ b/privateca/snippets/conftest.py @@ -0,0 +1,58 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import uuid + +import google.auth + +import pytest + +from create_ca_pool import create_ca_pool +from create_certificate_authority import create_certificate_authority +from delete_ca_pool import delete_ca_pool +from delete_certificate_authority import delete_certificate_authority + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" +COMMON_NAME = "COMMON_NAME" +ORGANIZATION = "ORGANIZATION" +CA_DURATION = 1000000 + + +def generate_name() -> str: + return "test-" + uuid.uuid4().hex[:10] + + +@pytest.fixture +def ca_pool(): + CA_POOL_NAME = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + yield CA_POOL_NAME + + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + +@pytest.fixture +def certificate_authority(ca_pool): + CA_NAME = generate_name() + + create_certificate_authority( + PROJECT, LOCATION, ca_pool, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION + ) + + yield ca_pool, CA_NAME + + delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME) diff --git a/privateca/snippets/create_ca_pool.py b/privateca/snippets/create_ca_pool.py new file mode 100644 index 000000000000..2b11785b039b --- /dev/null +++ b/privateca/snippets/create_ca_pool.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_ca_pool] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def create_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None: + """ + Create a Certificate Authority pool. All certificates created under this CA pool will + follow the same issuance policy, IAM policies,etc., + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: a unique name for the ca pool. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool = privateca_v1.CaPool( + # Set the tier (see: https://cloud.google.com/certificate-authority-service/docs/tiers). + tier=privateca_v1.CaPool.Tier.ENTERPRISE, + ) + location_path = caServiceClient.common_location_path(project_id, location) + + # Create the pool request. + request = privateca_v1.CreateCaPoolRequest( + parent=location_path, + ca_pool_id=ca_pool_name, + ca_pool=ca_pool, + ) + + # Create the CA pool. + operation = caServiceClient.create_ca_pool(request=request) + + print("Operation result:", operation.result()) + + +# [END privateca_create_ca_pool] diff --git a/privateca/snippets/create_certificate.py b/privateca/snippets/create_certificate.py new file mode 100644 index 000000000000..9ec31ac14248 --- /dev/null +++ b/privateca/snippets/create_certificate.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_certificate] +from google.cloud import kms +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import duration_pb2 + + +def create_certificate( + project_id: str, + location: str, + ca_pool_name: str, + ca_name: str, + certificate_name: str, + kms_location: str, + key_ring_id: str, + key_id: str, + key_version_id: str, + common_name: str, + domain_name: str, + certificate_lifetime: int, +) -> None: + """ + Create a Certificate which is issued by the Certificate Authority present in the CA Pool. + The key used to sign the certificate is created by the Cloud KMS. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set a unique name for the CA pool. + ca_name: the name of the certificate authority which issues the certificate. + certificate_name: set a unique name for the certificate. + kms_location: Cloud KMS location. + key_ring_id: ID of the Cloud KMS key ring. + key_id: ID of the key to use. + key_version_id: verstion ID of the key to use. + common_name: a title for your certificate. + domain_name: fully qualified domain name for your certificate. + certificate_lifetime: the validity of the certificate in seconds. + """ + + kmsClient = kms.KeyManagementServiceClient() + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # To sign and issue a certificate, a public key is essential. Here, we are making use + # of Cloud KMS to retrieve an already created public key. For more info, see: https://cloud.google.com/kms/docs/retrieve-public-key. + # Generating keys locally is also possible. + + key_version_name = kmsClient.crypto_key_version_path( + project_id, kms_location, key_ring_id, key_id, key_version_id + ) + kms_public_key = kmsClient.get_public_key(name=key_version_name) + + # Set the Public Key and its format as obtained from the Cloud KMS. + public_key = privateca_v1.PublicKey( + key=str.encode(kms_public_key.pem), + format_=privateca_v1.PublicKey.KeyFormat.PEM, + ) + + subject_config = privateca_v1.CertificateConfig.SubjectConfig( + subject=privateca_v1.Subject(common_name=common_name), + subject_alt_name=privateca_v1.SubjectAltNames(dns_names=[domain_name]), + ) + + # Set the X.509 fields required for the certificate. + x509_parameters = privateca_v1.X509Parameters( + key_usage=privateca_v1.KeyUsage( + base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( + digital_signature=True, + key_encipherment=True, + ), + extended_key_usage=privateca_v1.KeyUsage.ExtendedKeyUsageOptions( + server_auth=True, + client_auth=True, + ), + ), + ) + + # Create certificate. + certificate = privateca_v1.Certificate( + config=privateca_v1.CertificateConfig( + public_key=public_key, + subject_config=subject_config, + x509_config=x509_parameters, + ), + lifetime=duration_pb2.Duration(seconds=certificate_lifetime), + ) + + # Create the Certificate Request. + request = privateca_v1.CreateCertificateRequest( + parent=caServiceClient.ca_pool_path(project_id, location, ca_pool_name), + certificate_id=certificate_name, + certificate=certificate, + issuing_certificate_authority_id=ca_name, + ) + result = caServiceClient.create_certificate(request=request) + + print("Certificate creation result:", result) + + +# [END privateca_create_certificate] diff --git a/privateca/snippets/create_certificate_authority.py b/privateca/snippets/create_certificate_authority.py new file mode 100644 index 000000000000..2cb0c65ec17d --- /dev/null +++ b/privateca/snippets/create_certificate_authority.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_ca] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import duration_pb2 + + +def create_certificate_authority( + project_id: str, + location: str, + ca_pool_name: str, + ca_name: str, + common_name: str, + organization: str, + ca_duration: int, +) -> None: + """ + Create Certificate Authority which is the root CA in the given CA Pool. This CA will be + responsible for signing certificates within this pool. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set it to the CA Pool under which the CA should be created. + ca_name: unique name for the CA. + common_name: a title for your certificate authority. + organization: the name of your company for your certificate authority. + ca_duration: the validity of the certificate authority in seconds. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # Set the types of Algorithm used to create a cloud KMS key. + key_version_spec = privateca_v1.CertificateAuthority.KeyVersionSpec( + algorithm=privateca_v1.CertificateAuthority.SignHashAlgorithm.RSA_PKCS1_4096_SHA256 + ) + + # Set CA subject config. + subject_config = privateca_v1.CertificateConfig.SubjectConfig( + subject=privateca_v1.Subject(common_name=common_name, organization=organization) + ) + + # Set the key usage options for X.509 fields. + x509_parameters = privateca_v1.X509Parameters( + key_usage=privateca_v1.KeyUsage( + base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( + crl_sign=True, + cert_sign=True, + ) + ), + ca_options=privateca_v1.X509Parameters.CaOptions( + is_ca=True, + ), + ) + + # Set certificate authority settings. + certificate_authority = privateca_v1.CertificateAuthority( + # CertificateAuthority.Type.SELF_SIGNED denotes that this CA is a root CA. + type_=privateca_v1.CertificateAuthority.Type.SELF_SIGNED, + key_spec=key_version_spec, + config=privateca_v1.CertificateConfig( + subject_config=subject_config, + x509_config=x509_parameters, + ), + lifetime=duration_pb2.Duration(seconds=ca_duration), + ) + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # Create the CertificateAuthorityRequest. + request = privateca_v1.CreateCertificateAuthorityRequest( + parent=ca_pool_path, + certificate_authority_id=ca_name, + certificate_authority=certificate_authority, + ) + + operation = caServiceClient.create_certificate_authority(request=request) + result = operation.result() + + print("Operation result:", result) + + +# [END privateca_create_ca] diff --git a/privateca/snippets/delete_ca_pool.py b/privateca/snippets/delete_ca_pool.py new file mode 100644 index 000000000000..e90f89b00f8a --- /dev/null +++ b/privateca/snippets/delete_ca_pool.py @@ -0,0 +1,45 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_delete_ca_pool] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def delete_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None: + """ + Delete the CA pool as mentioned by the ca_pool_name. + Before deleting the pool, all CAs in the pool MUST BE deleted. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool to be deleted. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # Create the Delete request. + request = privateca_v1.DeleteCaPoolRequest(name=ca_pool_path) + + # Delete the CA Pool. + caServiceClient.delete_ca_pool(request=request) + + print("Deleted CA Pool:", ca_pool_name) + + +# [END privateca_delete_ca_pool] diff --git a/privateca/snippets/delete_certificate_authority.py b/privateca/snippets/delete_certificate_authority.py new file mode 100644 index 000000000000..fc0b73e4c1cf --- /dev/null +++ b/privateca/snippets/delete_certificate_authority.py @@ -0,0 +1,76 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_delete_ca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def delete_certificate_authority( + project_id: str, location: str, ca_pool_name: str, ca_name: str +) -> None: + """ + Delete the Certificate Authority from the specified CA pool. + Before deletion, the CA must be disabled and must not contain any active certificates. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool under which the CA is present. + ca_name: the name of the CA to be deleted. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + ca_path = caServiceClient.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + + # Check if the CA is enabled. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + print(ca_state) + if ca_state == privateca_v1.CertificateAuthority.State.ENABLED: + print( + "Please disable the Certificate Authority before deletion ! Current state:", + ca_state, + ) + + # Create the DeleteCertificateAuthorityRequest. + # Setting the ignore_active_certificates to True will delete the CA + # even if it contains active certificates. Care should be taken to re-anchor + # the certificates to new CA before deleting. + request = privateca_v1.DeleteCertificateAuthorityRequest( + name=ca_path, ignore_active_certificates=False + ) + + # Delete the Certificate Authority. + operation = caServiceClient.delete_certificate_authority(request=request) + result = operation.result() + + print("Operation result", result) + + # Get the current CA state. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + + # Check if the CA has been deleted. + if ca_state == privateca_v1.CertificateAuthority.State.DELETED: + print("Successfully deleted Certificate Authority:", ca_name) + else: + print( + "Unable to delete Certificate Authority. Please try again ! Current state:", + ca_state, + ) + + +# [END privateca_delete_ca] diff --git a/privateca/snippets/disable_certificate_authority.py b/privateca/snippets/disable_certificate_authority.py new file mode 100644 index 000000000000..5ec4e7c0c7a5 --- /dev/null +++ b/privateca/snippets/disable_certificate_authority.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_disable_ca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def disable_certificate_authority( + project_id: str, location: str, ca_pool_name: str, ca_name: str +) -> None: + """ + Disable a Certificate Authority which is present in the given CA pool. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool under which the CA is present. + ca_name: the name of the CA to be disabled. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + ca_path = caServiceClient.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + + # Create the Disable Certificate Authority Request. + request = privateca_v1.DisableCertificateAuthorityRequest(name=ca_path) + + # Disable the Certificate Authority. + operation = caServiceClient.disable_certificate_authority(request=request) + result = operation.result() + + print("Operation result:", result) + + # Get the current CA state. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + + # Check if the CA is disabled. + if ca_state == privateca_v1.CertificateAuthority.State.DISABLED: + print("Disabled Certificate Authority:", ca_name) + else: + print("Cannot disable the Certificate Authority ! Current CA State:", ca_state) + + +# [END privateca_disable_ca] diff --git a/privateca/snippets/enable_certificate_authority.py b/privateca/snippets/enable_certificate_authority.py new file mode 100644 index 000000000000..a6ecd35580bc --- /dev/null +++ b/privateca/snippets/enable_certificate_authority.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_enable_ca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def enable_certificate_authority( + project_id: str, location: str, ca_pool_name: str, ca_name: str +) -> None: + """ + Enable the Certificate Authority present in the given ca pool. + CA cannot be enabled if it has been already deleted. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool under which the CA is present. + ca_name: the name of the CA to be enabled. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + ca_path = caServiceClient.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + + # Create the Enable Certificate Authority Request. + request = privateca_v1.EnableCertificateAuthorityRequest( + name=ca_path, + ) + + # Enable the Certificate Authority. + operation = caServiceClient.enable_certificate_authority(request=request) + result = operation.result() + + print("Operation result:", result) + + # Get the current CA state. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + + # Check if the CA is enabled. + if ca_state == privateca_v1.CertificateAuthority.State.ENABLED: + print("Enabled Certificate Authority:", ca_name) + else: + print("Cannot enable the Certificate Authority ! Current CA State:", ca_state) + + +# [END privateca_enable_ca] diff --git a/privateca/snippets/list_ca_pools.py b/privateca/snippets/list_ca_pools.py new file mode 100644 index 000000000000..b072045e4345 --- /dev/null +++ b/privateca/snippets/list_ca_pools.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_list_ca_pool] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def list_ca_pools(project_id: str, location: str) -> None: + """ + List all CA pools present in the given project and location. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + location_path = caServiceClient.common_location_path(project_id, location) + + request = privateca_v1.ListCaPoolsRequest(parent=location_path) + + print("Available CA pools:") + + for ca_pool in caServiceClient.list_ca_pools(request=request): + ca_pool_name = ca_pool.name + # ca_pool.name represents the full resource name of the + # format 'projects/{project-id}/locations/{location}/ca-pools/{ca-pool-name}'. + # Hence stripping it down to just pool name. + print(caServiceClient.parse_ca_pool_path(ca_pool_name)["ca_pool"]) + + +# [END privateca_list_ca_pool] diff --git a/privateca/snippets/list_certificate_authorities.py b/privateca/snippets/list_certificate_authorities.py new file mode 100644 index 000000000000..19fd37d9546b --- /dev/null +++ b/privateca/snippets/list_certificate_authorities.py @@ -0,0 +1,42 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_list_ca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def list_certificate_authorities( + project_id: str, location: str, ca_pool_name: str +) -> None: + """ + List all Certificate authorities present in the given CA Pool. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool under which the CAs to be listed are present. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # List the CA name and its corresponding state. + for ca in caServiceClient.list_certificate_authorities(parent=ca_pool_path): + print(ca.name, "is", ca.state) + + +# [END privateca_list_ca] diff --git a/privateca/snippets/list_certificates.py b/privateca/snippets/list_certificates.py new file mode 100644 index 000000000000..9c04ed93470f --- /dev/null +++ b/privateca/snippets/list_certificates.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_list_certificate] + +import google.cloud.security.privateca_v1 as privateca_v1 + + +def list_certificates( + project_id: str, + location: str, + ca_pool_name: str, +) -> None: + """ + List Certificates present in the given CA pool. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: name of the CA pool which contains the certificates to be listed. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # Retrieve and print the certificate names. + print(f"Available certificates in CA pool {ca_pool_name}:") + for certificate in caServiceClient.list_certificates(parent=ca_pool_path): + print(certificate.name) + + +# [END privateca_list_certificate] diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py new file mode 100644 index 000000000000..1a34a3ed3364 --- /dev/null +++ b/privateca/snippets/noxfile.py @@ -0,0 +1,258 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import print_function + +import os +from pathlib import Path +import sys +from typing import Callable, Dict, List, Optional + +import nox + + +# WARNING - WARNING - WARNING - WARNING - WARNING +# WARNING - WARNING - WARNING - WARNING - WARNING +# DO NOT EDIT THIS FILE EVER! +# WARNING - WARNING - WARNING - WARNING - WARNING +# WARNING - WARNING - WARNING - WARNING - WARNING + +# Copy `noxfile_config.py` to your directory and modify it instead. + + +# `TEST_CONFIG` dict is a configuration hook that allows users to +# modify the test configurations. The values here should be in sync +# with `noxfile_config.py`. Users will copy `noxfile_config.py` into +# their directory and modify it. + +TEST_CONFIG = { + # You can opt out from the test for specific Python versions. + "ignored_versions": ["2.7"], + # Old samples are opted out of enforcing Python type hints + # All new samples should feature them + "enforce_type_hints": False, + # An envvar key for determining the project id to use. Change it + # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a + # build specific Cloud project. You can also use your own string + # to use your own Cloud project. + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', + # If you need to use a specific version of pip, + # change pip_version_override to the string representation + # of the version number, for example, "20.2.4" + "pip_version_override": None, + # A dictionary you want to inject into your test. Don't put any + # secrets here. These values will override predefined values. + "envs": {}, +} + + +try: + # Ensure we can import noxfile_config in the project's directory. + sys.path.append(".") + from noxfile_config import TEST_CONFIG_OVERRIDE +except ImportError as e: + print("No user noxfile_config found: detail: {}".format(e)) + TEST_CONFIG_OVERRIDE = {} + +# Update the TEST_CONFIG with the user supplied values. +TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) + + +def get_pytest_env_vars() -> Dict[str, str]: + """Returns a dict for pytest invocation.""" + ret = {} + + # Override the GCLOUD_PROJECT and the alias. + env_key = TEST_CONFIG["gcloud_project_env"] + # This should error out if not set. + ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] + ret["GCLOUD_PROJECT"] = os.environ[env_key] # deprecated + + # Apply user supplied envs. + ret.update(TEST_CONFIG["envs"]) + return ret + + +# DO NOT EDIT - automatically generated. +# All versions used to tested samples. +ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"] + +# Any default versions that should be ignored. +IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] + +TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) + +INSTALL_LIBRARY_FROM_SOURCE = bool(os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False)) +# +# Style Checks +# + + +def _determine_local_import_names(start_dir: str) -> List[str]: + """Determines all import names that should be considered "local". + This is used when running the linter to insure that import order is + properly checked. + """ + file_ext_pairs = [os.path.splitext(path) for path in os.listdir(start_dir)] + return [ + basename + for basename, extension in file_ext_pairs + if extension == ".py" + or os.path.isdir(os.path.join(start_dir, basename)) + and basename not in ("__pycache__") + ] + + +# Linting with flake8. +# +# We ignore the following rules: +# E203: whitespace before ‘:’ +# E266: too many leading ‘#’ for block comment +# E501: line too long +# I202: Additional newline in a section of imports +# +# We also need to specify the rules which are ignored by default: +# ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] +FLAKE8_COMMON_ARGS = [ + "--show-source", + "--builtin=gettext", + "--max-complexity=20", + "--import-order-style=google", + "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", + "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", + "--max-line-length=88", +] + + +@nox.session +def lint(session: nox.sessions.Session) -> None: + if not TEST_CONFIG["enforce_type_hints"]: + session.install("flake8", "flake8-import-order") + else: + session.install("flake8", "flake8-import-order", "flake8-annotations") + + local_names = _determine_local_import_names(".") + args = FLAKE8_COMMON_ARGS + [ + "--application-import-names", + ",".join(local_names), + ".", + ] + session.run("flake8", *args) + + +# +# Black +# + + +@nox.session +def blacken(session: nox.sessions.Session) -> None: + session.install("black") + python_files = [path for path in os.listdir(".") if path.endswith(".py")] + + session.run("black", *python_files) + + +# +# Sample Tests +# + + +PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] + + +def _session_tests( + session: nox.sessions.Session, post_install: Callable = None +) -> None: + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") + """Runs py.test for a particular project.""" + if os.path.exists("requirements.txt"): + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") + + if os.path.exists("requirements-test.txt"): + if os.path.exists("constraints-test.txt"): + session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") + else: + session.install("-r", "requirements-test.txt") + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars(), + ) + + +@nox.session(python=ALL_VERSIONS) +def py(session: nox.sessions.Session) -> None: + """Runs py.test for a sample using the specified version of Python.""" + if session.python in TESTED_VERSIONS: + _session_tests(session) + else: + session.skip( + "SKIPPED: {} tests are disabled for this sample.".format(session.python) + ) + + +# +# Readmegen +# + + +def _get_repo_root() -> Optional[str]: + """Returns the root folder of the project.""" + # Get root of this repository. + # Assume we don't have directories nested deeper than 10 items. + p = Path(os.getcwd()) + for i in range(10): + if p is None: + break + if Path(p / ".git").exists(): + return str(p) + p = p.parent + raise Exception("Unable to detect repository root.") + + +GENERATED_READMES = sorted([x for x in Path(".").rglob("*.rst.in")]) + + +@nox.session +@nox.parametrize("path", GENERATED_READMES) +def readmegen(session: nox.sessions.Session, path: str) -> None: + """(Re-)generates the readme for a sample.""" + session.install("jinja2", "pyyaml") + dir_ = os.path.dirname(path) + + if os.path.exists(os.path.join(dir_, "requirements.txt")): + session.install("-r", os.path.join(dir_, "requirements.txt")) + + in_file = os.path.join(dir_, "README.rst.in") + session.run( + "python", _get_repo_root() + "/scripts/readme-gen/readme_gen.py", in_file + ) diff --git a/privateca/snippets/noxfile_config.py b/privateca/snippets/noxfile_config.py new file mode 100644 index 000000000000..4a4db8c2de30 --- /dev/null +++ b/privateca/snippets/noxfile_config.py @@ -0,0 +1,38 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default TEST_CONFIG_OVERRIDE for python repos. + +# You can copy this file into your directory, then it will be inported from +# the noxfile.py. + +# The source of truth: +# https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/noxfile_config.py + +TEST_CONFIG_OVERRIDE = { + # You can opt out from the test for specific Python versions. + "ignored_versions": ["2.7"], + # Old samples are opted out of enforcing Python type hints + # All new samples should feature them + "enforce_type_hints": False, + # An envvar key for determining the project id to use. Change it + # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a + # build specific Cloud project. You can also use your own string + # to use your own Cloud project. + # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + # A dictionary you want to inject into your test. Don't put any + # secrets here. These values will override predefined values. + "envs": {}, +} diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt new file mode 100644 index 000000000000..95104b00d625 --- /dev/null +++ b/privateca/snippets/requirements-test.txt @@ -0,0 +1,2 @@ +pytest==6.2.4 +google-auth==1.32.1 \ No newline at end of file diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt new file mode 100644 index 000000000000..f6e2fc3c2515 --- /dev/null +++ b/privateca/snippets/requirements.txt @@ -0,0 +1,2 @@ +google-cloud-private-ca==0.4.0 +google-cloud-kms==2.3.0 \ No newline at end of file diff --git a/privateca/snippets/revoke_certificate.py b/privateca/snippets/revoke_certificate.py new file mode 100644 index 000000000000..011999a4b92f --- /dev/null +++ b/privateca/snippets/revoke_certificate.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys + +# [START privateca_revoke_certificate] + +import google.cloud.security.privateca_v1 as privateca_v1 + + +def revoke_certificate( + project_id: str, + location: str, + ca_pool_name: str, + certificate_name: str, +) -> None: + """ + Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire post its lifetime. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: name for the CA pool which contains the certificate. + certificate_name: name of the certificate to be revoked. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # Create Certificate Path. + certificate_path = caServiceClient.certificate_path( + project_id, location, ca_pool_name, certificate_name + ) + + # Create Revoke Certificate Request and specify the appropriate revocation reason. + request = privateca_v1.RevokeCertificateRequest( + name=certificate_path, reason=privateca_v1.RevocationReason.PRIVILEGE_WITHDRAWN + ) + result = caServiceClient.revoke_certificate(request=request) + + print("Certificate revoke result:", result) + + +# [END privateca_revoke_certificate] + +if __name__ == "__main__": + revoke_certificate( + project_id=sys.argv[1], + location=sys.argv[2], + ca_pool_name=sys.argv[3], + certificate_name=sys.argv[4], + ) diff --git a/privateca/snippets/test_ca_pools.py b/privateca/snippets/test_ca_pools.py new file mode 100644 index 000000000000..2f7921c5a055 --- /dev/null +++ b/privateca/snippets/test_ca_pools.py @@ -0,0 +1,74 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +import typing +import uuid + +import google.auth + +from create_ca_pool import create_ca_pool +from delete_ca_pool import delete_ca_pool +from list_ca_pools import list_ca_pools + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" + + +def generate_name() -> str: + return "test-" + uuid.uuid4().hex[:10] + + +def test_create_ca_pool(ca_pool, capsys: typing.Any) -> None: + CA_POOL_NAME = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + out, _ = capsys.readouterr() + + assert re.search( + f'Operation result: name: "projects/{PROJECT}/locations/{LOCATION}/caPools/{CA_POOL_NAME}"', + out, + ) + + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + +def test_list_ca_pools(capsys: typing.Any) -> None: + CA_POOL_NAME_1 = generate_name() + CA_POOL_NAME_2 = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME_1) + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME_2) + list_ca_pools(PROJECT, LOCATION) + + out, _ = capsys.readouterr() + + assert "Available CA pools:" in out + assert f"{CA_POOL_NAME_1}\n" in out + assert f"{CA_POOL_NAME_2}\n" in out + + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME_1) + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME_2) + + +def test_delete_ca_pool(capsys: typing.Any) -> None: + CA_POOL_NAME = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + out, _ = capsys.readouterr() + + assert re.search(f"Deleted CA Pool: {CA_POOL_NAME}", out) diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py new file mode 100644 index 000000000000..8716e189fe62 --- /dev/null +++ b/privateca/snippets/test_certificate_authorities.py @@ -0,0 +1,96 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +import typing +import uuid + +import google.auth + +from create_ca_pool import create_ca_pool +from create_certificate_authority import create_certificate_authority +from delete_ca_pool import delete_ca_pool +from delete_certificate_authority import delete_certificate_authority +from disable_certificate_authority import disable_certificate_authority +from enable_certificate_authority import enable_certificate_authority + + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" +COMMON_NAME = "COMMON_NAME" +ORGANIZATION = "ORGANIZATION" +CA_DURATION = 1000000 + + +def generate_name() -> str: + return "i" + uuid.uuid4().hex[:10] + + +def test_create_certificate(capsys: typing.Any) -> None: + CA_POOL_NAME = generate_name() + CA_NAME = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + create_certificate_authority( + PROJECT, LOCATION, CA_POOL_NAME, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION + ) + + out, _ = capsys.readouterr() + + assert re.search( + f'Operation result: name: "projects/{PROJECT}/locations/{LOCATION}/caPools/{CA_POOL_NAME}/certificateAuthorities/{CA_NAME}"', + out, + ) + + delete_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + +def test_enable_and_disable_certificate_authority( + certificate_authority, capsys: typing.Any +) -> None: + CA_POOL_NAME, CA_NAME = certificate_authority + + enable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + + out, _ = capsys.readouterr() + + assert re.search( + f"Enabled Certificate Authority: {CA_NAME}", + out, + ) + assert re.search( + f"Disabled Certificate Authority: {CA_NAME}", + out, + ) + + +def test_delete_certificate_authority(capsys: typing.Any) -> None: + CA_POOL_NAME = generate_name() + CA_NAME = generate_name() + + create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + create_certificate_authority( + PROJECT, LOCATION, CA_POOL_NAME, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION + ) + delete_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) + + out, _ = capsys.readouterr() + + assert re.search( + f"Successfully deleted Certificate Authority: {CA_NAME}", + out, + ) diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py new file mode 100644 index 000000000000..354f5bce8b29 --- /dev/null +++ b/privateca/snippets/test_certificates.py @@ -0,0 +1,115 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import time +import typing +import uuid + +import google.auth +from google.cloud import kms + +from create_certificate import create_certificate +from disable_certificate_authority import disable_certificate_authority +from enable_certificate_authority import enable_certificate_authority +from revoke_certificate import revoke_certificate + + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" +COMMON_NAME = "COMMON_NAME" +ORGANIZATION = "ORGANIZATION" +CERTIFICATE_LIFETIME = 1000000 +KEY_VERSION = 1 +DOMAIN_NAME = "domain.com" + + +def generate_name() -> str: + return "test-" + uuid.uuid4().hex[:10] + + +def test_create_and_revoke_certificate_authority( + certificate_authority, capsys: typing.Any +) -> None: + KEY_RING_ID = generate_name() + CRYPTO_KEY_ID = generate_name() + CERT_NAME = generate_name() + + CA_POOL_NAME, CA_NAME = certificate_authority + enable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + + kms_client = kms.KeyManagementServiceClient() + + kms_location_name = kms_client.common_location_path(PROJECT, LOCATION) + + kms_client.create_key_ring( + request={ + "parent": kms_location_name, + "key_ring_id": KEY_RING_ID, + "key_ring": {}, + } + ) + + key_ring_path = kms_client.key_ring_path(PROJECT, LOCATION, KEY_RING_ID) + + purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN + algorithm = ( + kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256 + ) + key = { + "purpose": purpose, + "version_template": { + "algorithm": algorithm, + }, + } + + kms_client.create_crypto_key( + request={ + "parent": key_ring_path, + "crypto_key_id": CRYPTO_KEY_ID, + "crypto_key": key, + } + ) + + # Wait while crypto key is generating + time.sleep(30) + + create_certificate( + PROJECT, + LOCATION, + CA_POOL_NAME, + CA_NAME, + CERT_NAME, + LOCATION, + KEY_RING_ID, + CRYPTO_KEY_ID, + KEY_VERSION, + COMMON_NAME, + DOMAIN_NAME, + CERTIFICATE_LIFETIME, + ) + + revoke_certificate( + PROJECT, + LOCATION, + CA_POOL_NAME, + CERT_NAME, + ) + + disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + + out, _ = capsys.readouterr() + + assert "Certificate creation result:" in out + assert "Certificate revoke result:" in out From 2d481cd99f73e9e7dc0fd1c3ac7fde8885f305c7 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 28 Jul 2021 13:26:01 +0200 Subject: [PATCH 02/84] chore(deps): update dependency google-cloud-private-ca to v1 (#89) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index f6e2fc3c2515..c9b48fff41ba 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-private-ca==0.4.0 +google-cloud-private-ca==1.0.2 google-cloud-kms==2.3.0 \ No newline at end of file From c166568ca5234cb5e1bad4dc36b28c83ae787982 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 28 Jul 2021 17:10:45 +0200 Subject: [PATCH 03/84] chore(deps): update dependency google-cloud-kms to v2.4.1 (#88) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index c9b48fff41ba..3d706a530d53 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.0.2 -google-cloud-kms==2.3.0 \ No newline at end of file +google-cloud-kms==2.4.1 From 906d79e26b7287d1311a7bc3c7cbe3f6675c5703 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 28 Jul 2021 18:55:47 +0200 Subject: [PATCH 04/84] chore(deps): update dependency google-cloud-kms to v2.4.2 (#93) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 3d706a530d53..e5c324e7044b 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.0.2 -google-cloud-kms==2.4.1 +google-cloud-kms==2.4.2 From 33fc43482fd5b3242e1398d2f23456f7c525a124 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 28 Jul 2021 19:28:59 +0200 Subject: [PATCH 05/84] chore(deps): update dependency google-auth to v1.33.1 (#87) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 95104b00d625..ba5b7d4b1edd 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==6.2.4 -google-auth==1.32.1 \ No newline at end of file +google-auth==1.33.1 \ No newline at end of file From caf54abf2243792c58a30ef50c07a15e49170841 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 29 Jul 2021 13:04:12 +0200 Subject: [PATCH 06/84] chore(deps): update dependency google-auth to v1.34.0 (#94) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index ba5b7d4b1edd..9877dd55aea6 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,2 +1,2 @@ pytest==6.2.4 -google-auth==1.33.1 \ No newline at end of file +google-auth==1.34.0 \ No newline at end of file From 0a9fd1b266a2d842b557ed7f3cd5d97146319a36 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 29 Jul 2021 18:14:30 +0200 Subject: [PATCH 07/84] chore(deps): update dependency google-cloud-kms to v2.4.3 (#96) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index e5c324e7044b..23ca15924f7c 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.0.2 -google-cloud-kms==2.4.2 +google-cloud-kms==2.4.3 From 9033d165e8cb5a1b4f290bb8a532afb4c0a0a698 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 29 Jul 2021 21:37:58 +0200 Subject: [PATCH 08/84] chore(deps): update dependency google-cloud-private-ca to v1.0.3 (#97) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 23ca15924f7c..201085e9b4f0 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-private-ca==1.0.2 +google-cloud-private-ca==1.0.3 google-cloud-kms==2.4.3 From d6f48abd2408203da1707dfbd468a9c152f67cc9 Mon Sep 17 00:00:00 2001 From: Fedor Isakov Date: Tue, 3 Aug 2021 19:40:55 +0300 Subject: [PATCH 09/84] feat(samples): add local generation for crypto keys (#98) --- privateca/snippets/create_certificate.py | 27 ++++--------- privateca/snippets/requirements-test.txt | 3 +- privateca/snippets/test_certificates.py | 50 ++++++------------------ 3 files changed, 21 insertions(+), 59 deletions(-) diff --git a/privateca/snippets/create_certificate.py b/privateca/snippets/create_certificate.py index 9ec31ac14248..053305654296 100644 --- a/privateca/snippets/create_certificate.py +++ b/privateca/snippets/create_certificate.py @@ -15,7 +15,6 @@ # limitations under the License. # [START privateca_create_certificate] -from google.cloud import kms import google.cloud.security.privateca_v1 as privateca_v1 from google.protobuf import duration_pb2 @@ -26,13 +25,10 @@ def create_certificate( ca_pool_name: str, ca_name: str, certificate_name: str, - kms_location: str, - key_ring_id: str, - key_id: str, - key_version_id: str, common_name: str, domain_name: str, certificate_lifetime: int, + public_key_bytes: bytes, ) -> None: """ Create a Certificate which is issued by the Certificate Authority present in the CA Pool. @@ -44,30 +40,21 @@ def create_certificate( ca_pool_name: set a unique name for the CA pool. ca_name: the name of the certificate authority which issues the certificate. certificate_name: set a unique name for the certificate. - kms_location: Cloud KMS location. - key_ring_id: ID of the Cloud KMS key ring. - key_id: ID of the key to use. - key_version_id: verstion ID of the key to use. common_name: a title for your certificate. domain_name: fully qualified domain name for your certificate. certificate_lifetime: the validity of the certificate in seconds. + public_key_bytes: public key used in signing the certificates. """ - kmsClient = kms.KeyManagementServiceClient() caServiceClient = privateca_v1.CertificateAuthorityServiceClient() - # To sign and issue a certificate, a public key is essential. Here, we are making use - # of Cloud KMS to retrieve an already created public key. For more info, see: https://cloud.google.com/kms/docs/retrieve-public-key. - # Generating keys locally is also possible. + # The public key used to sign the certificate can be generated using any crypto library/framework. + # Also you can use Cloud KMS to retrieve an already created public key. + # For more info, see: https://cloud.google.com/kms/docs/retrieve-public-key. - key_version_name = kmsClient.crypto_key_version_path( - project_id, kms_location, key_ring_id, key_id, key_version_id - ) - kms_public_key = kmsClient.get_public_key(name=key_version_name) - - # Set the Public Key and its format as obtained from the Cloud KMS. + # Set the Public Key and its format. public_key = privateca_v1.PublicKey( - key=str.encode(kms_public_key.pem), + key=public_key_bytes, format_=privateca_v1.PublicKey.KeyFormat.PEM, ) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 9877dd55aea6..769fc5dd0e70 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,2 +1,3 @@ pytest==6.2.4 -google-auth==1.34.0 \ No newline at end of file +google-auth==1.34.0 +cryptography==3.4.7 diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index 354f5bce8b29..080fd5663a3a 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -17,8 +17,13 @@ import typing import uuid +from cryptography.hazmat.backends.openssl.backend import backend +from cryptography.hazmat.primitives.asymmetric import rsa + +from cryptography.hazmat.primitives.serialization import Encoding +from cryptography.hazmat.primitives.serialization import PublicFormat + import google.auth -from google.cloud import kms from create_certificate import create_certificate from disable_certificate_authority import disable_certificate_authority @@ -31,7 +36,6 @@ COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CERTIFICATE_LIFETIME = 1000000 -KEY_VERSION = 1 DOMAIN_NAME = "domain.com" @@ -42,48 +46,21 @@ def generate_name() -> str: def test_create_and_revoke_certificate_authority( certificate_authority, capsys: typing.Any ) -> None: - KEY_RING_ID = generate_name() - CRYPTO_KEY_ID = generate_name() CERT_NAME = generate_name() CA_POOL_NAME, CA_NAME = certificate_authority enable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) - kms_client = kms.KeyManagementServiceClient() - - kms_location_name = kms_client.common_location_path(PROJECT, LOCATION) - - kms_client.create_key_ring( - request={ - "parent": kms_location_name, - "key_ring_id": KEY_RING_ID, - "key_ring": {}, - } + private_key = rsa.generate_private_key( + public_exponent=65537, key_size=2048, backend=backend ) - key_ring_path = kms_client.key_ring_path(PROJECT, LOCATION, KEY_RING_ID) - - purpose = kms.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN - algorithm = ( - kms.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_4096_SHA256 - ) - key = { - "purpose": purpose, - "version_template": { - "algorithm": algorithm, - }, - } - - kms_client.create_crypto_key( - request={ - "parent": key_ring_path, - "crypto_key_id": CRYPTO_KEY_ID, - "crypto_key": key, - } + public_key_bytes = private_key.public_key().public_bytes( + Encoding.PEM, PublicFormat.SubjectPublicKeyInfo ) # Wait while crypto key is generating - time.sleep(30) + time.sleep(5) create_certificate( PROJECT, @@ -91,13 +68,10 @@ def test_create_and_revoke_certificate_authority( CA_POOL_NAME, CA_NAME, CERT_NAME, - LOCATION, - KEY_RING_ID, - CRYPTO_KEY_ID, - KEY_VERSION, COMMON_NAME, DOMAIN_NAME, CERTIFICATE_LIFETIME, + public_key_bytes, ) revoke_certificate( From 15b1db79ccca63647a9b78eaa45b8be11f4a9150 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 10 Aug 2021 18:57:26 +0200 Subject: [PATCH 10/84] chore(deps): update dependency google-cloud-kms to v2.5.0 (#101) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 201085e9b4f0..7eff605100ad 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.0.3 -google-cloud-kms==2.4.3 +google-cloud-kms==2.5.0 From fcb65e3be0846990e9d896915a611966e176527e Mon Sep 17 00:00:00 2001 From: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Date: Wed, 18 Aug 2021 07:40:56 -0600 Subject: [PATCH 11/84] chore: generate python samples templates in owlbot.py (#108) Generate python samples templates in owlbot.py --- privateca/snippets/noxfile.py | 64 ++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 31 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 1a34a3ed3364..e73436a15626 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -1,4 +1,4 @@ -# Copyright 2021 Google LLC +# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,8 +28,9 @@ # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING -# Copy `noxfile_config.py` to your directory and modify it instead. +BLACK_VERSION = "black==19.10b0" +# Copy `noxfile_config.py` to your directory and modify it instead. # `TEST_CONFIG` dict is a configuration hook that allows users to # modify the test configurations. The values here should be in sync @@ -38,15 +39,17 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. - "ignored_versions": ["2.7"], + 'ignored_versions': [], + # Old samples are opted out of enforcing Python type hints # All new samples should feature them - "enforce_type_hints": False, + 'enforce_type_hints': False, + # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # If you need to use a specific version of pip, # change pip_version_override to the string representation @@ -54,13 +57,13 @@ "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - "envs": {}, + 'envs': {}, } try: # Ensure we can import noxfile_config in the project's directory. - sys.path.append(".") + sys.path.append('.') from noxfile_config import TEST_CONFIG_OVERRIDE except ImportError as e: print("No user noxfile_config found: detail: {}".format(e)) @@ -75,26 +78,25 @@ def get_pytest_env_vars() -> Dict[str, str]: ret = {} # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG["gcloud_project_env"] + env_key = TEST_CONFIG['gcloud_project_env'] # This should error out if not set. - ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] - ret["GCLOUD_PROJECT"] = os.environ[env_key] # deprecated + ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] # Apply user supplied envs. - ret.update(TEST_CONFIG["envs"]) + ret.update(TEST_CONFIG['envs']) return ret # DO NOT EDIT - automatically generated. -# All versions used to tested samples. -ALL_VERSIONS = ["2.7", "3.6", "3.7", "3.8", "3.9"] +# All versions used to test samples. +ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] +IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) -INSTALL_LIBRARY_FROM_SOURCE = bool(os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False)) +INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ("True", "true") # # Style Checks # @@ -102,6 +104,7 @@ def get_pytest_env_vars() -> Dict[str, str]: def _determine_local_import_names(start_dir: str) -> List[str]: """Determines all import names that should be considered "local". + This is used when running the linter to insure that import order is properly checked. """ @@ -138,7 +141,7 @@ def _determine_local_import_names(start_dir: str) -> List[str]: @nox.session def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG["enforce_type_hints"]: + if not TEST_CONFIG['enforce_type_hints']: session.install("flake8", "flake8-import-order") else: session.install("flake8", "flake8-import-order", "flake8-annotations") @@ -147,11 +150,9 @@ def lint(session: nox.sessions.Session) -> None: args = FLAKE8_COMMON_ARGS + [ "--application-import-names", ",".join(local_names), - ".", + "." ] session.run("flake8", *args) - - # # Black # @@ -159,12 +160,11 @@ def lint(session: nox.sessions.Session) -> None: @nox.session def blacken(session: nox.sessions.Session) -> None: - session.install("black") + session.install(BLACK_VERSION) python_files = [path for path in os.listdir(".") if path.endswith(".py")] session.run("black", *python_files) - # # Sample Tests # @@ -173,9 +173,7 @@ def blacken(session: nox.sessions.Session) -> None: PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] -def _session_tests( - session: nox.sessions.Session, post_install: Callable = None -) -> None: +def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: if TEST_CONFIG["pip_version_override"]: pip_version = TEST_CONFIG["pip_version_override"] session.install(f"pip=={pip_version}") @@ -205,7 +203,7 @@ def _session_tests( # on travis where slow and flaky tests are excluded. # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html success_codes=[0, 5], - env=get_pytest_env_vars(), + env=get_pytest_env_vars() ) @@ -215,9 +213,9 @@ def py(session: nox.sessions.Session) -> None: if session.python in TESTED_VERSIONS: _session_tests(session) else: - session.skip( - "SKIPPED: {} tests are disabled for this sample.".format(session.python) - ) + session.skip("SKIPPED: {} tests are disabled for this sample.".format( + session.python + )) # @@ -226,15 +224,19 @@ def py(session: nox.sessions.Session) -> None: def _get_repo_root() -> Optional[str]: - """Returns the root folder of the project.""" - # Get root of this repository. - # Assume we don't have directories nested deeper than 10 items. + """ Returns the root folder of the project. """ + # Get root of this repository. Assume we don't have directories nested deeper than 10 items. p = Path(os.getcwd()) for i in range(10): if p is None: break if Path(p / ".git").exists(): return str(p) + # .git is not available in repos cloned via Cloud Build + # setup.py is always in the library's root, so use that instead + # https://github.com/googleapis/synthtool/issues/792 + if Path(p / "setup.py").exists(): + return str(p) p = p.parent raise Exception("Unable to detect repository root.") From 695dcf73380ffef390a8ad6eaeca39fe1a5c6c43 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 25 Aug 2021 15:26:32 +0200 Subject: [PATCH 12/84] chore(deps): update dependency cryptography to v3.4.8 (#109) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 769fc5dd0e70..bc0f7e9d18d8 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.4 google-auth==1.34.0 -cryptography==3.4.7 +cryptography==3.4.8 From 3a52c1ab7a5badae13da2a71680f733e8d6cda0d Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 30 Aug 2021 15:30:32 +0200 Subject: [PATCH 13/84] chore(deps): update dependency google-auth to v2 (#107) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index bc0f7e9d18d8..ce095fdcf482 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.4 -google-auth==1.34.0 +google-auth==2.0.1 cryptography==3.4.8 From 6334c61a273bdf98ff6b5ec638795682acc7004c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 30 Aug 2021 15:51:46 +0200 Subject: [PATCH 14/84] chore(deps): update dependency google-cloud-private-ca to v1.0.4 (#103) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 7eff605100ad..18ca3c542454 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-private-ca==1.0.3 +google-cloud-private-ca==1.0.4 google-cloud-kms==2.5.0 From 245e7bd105d6608b2a613de836dd80ba98cb1648 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 1 Sep 2021 10:59:45 +0200 Subject: [PATCH 15/84] chore(deps): update dependency google-auth to v2.0.2 (#116) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index ce095fdcf482..da82fcee988c 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.4 -google-auth==2.0.1 +google-auth==2.0.2 cryptography==3.4.8 From c8acb2d0ea0d7d6f07dbeb3e288410a45a8371cc Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 1 Sep 2021 11:18:27 +0200 Subject: [PATCH 16/84] chore(deps): update dependency google-cloud-kms to v2.6.0 (#115) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![WhiteSource Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [google-cloud-kms](https://togithub.com/googleapis/python-kms) | `==2.5.0` -> `==2.6.0` | [![age](https://badges.renovateapi.com/packages/pypi/google-cloud-kms/2.6.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/pypi/google-cloud-kms/2.6.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/pypi/google-cloud-kms/2.6.0/compatibility-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/pypi/google-cloud-kms/2.6.0/confidence-slim/2.5.0)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
googleapis/python-kms ### [`v2.6.0`](https://togithub.com/googleapis/python-kms/blob/master/CHANGELOG.md#​260-httpswwwgithubcomgoogleapispython-kmscomparev250v260-2021-08-30) [Compare Source](https://togithub.com/googleapis/python-kms/compare/v2.5.0...v2.6.0) ##### Features - add support for Key Reimport ([#​167](https://www.togithub.com/googleapis/python-kms/issues/167)) ([1aaaea9](https://www.github.com/googleapis/python-kms/commit/1aaaea9405109a2f226f3d6a9631eb5f110349ab)) ##### Documentation - **kms:** add samples for new hmac and rng apis ([#​161](https://www.togithub.com/googleapis/python-kms/issues/161)) ([558b740](https://www.github.com/googleapis/python-kms/commit/558b740f0491311ebcaf3c62d7117ec15883150a))
--- ### Configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box. --- This PR has been generated by [WhiteSource Renovate](https://renovate.whitesourcesoftware.com). View repository job log [here](https://app.renovatebot.com/dashboard#github/googleapis/python-security-private-ca). --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 18ca3c542454..361e0ca8c8ba 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.0.4 -google-cloud-kms==2.5.0 +google-cloud-kms==2.6.0 From 6dcb9752a4fd0dadc68e2e68f4a93db454c55aaa Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 1 Sep 2021 13:31:34 +0200 Subject: [PATCH 17/84] chore(deps): update dependency pytest to v6.2.5 (#114) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index da82fcee988c..ed946b7f63dd 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==6.2.4 +pytest==6.2.5 google-auth==2.0.2 cryptography==3.4.8 From c9e67d3c7984e17971193424e1d7bdf0a931f29b Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 16 Sep 2021 13:54:13 -0400 Subject: [PATCH 18/84] chore: blacken samples noxfile template (#121) Source-Link: https://github.com/googleapis/synthtool/commit/8b781e190b09590992733a214863f770425f5ab3 Post-Processor: gcr.io/repo-automation-bots/owlbot-python:latest@sha256:0ccd9f4d714d36e311f60f407199dd460e43a99a125b5ca64b1d75f6e5f8581b Co-authored-by: Owl Bot --- privateca/snippets/noxfile.py | 44 ++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index e73436a15626..b008613f03ff 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -39,17 +39,15 @@ TEST_CONFIG = { # You can opt out from the test for specific Python versions. - 'ignored_versions': [], - + "ignored_versions": [], # Old samples are opted out of enforcing Python type hints # All new samples should feature them - 'enforce_type_hints': False, - + "enforce_type_hints": False, # An envvar key for determining the project id to use. Change it # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - 'gcloud_project_env': 'GOOGLE_CLOUD_PROJECT', + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', # If you need to use a specific version of pip, # change pip_version_override to the string representation @@ -57,13 +55,13 @@ "pip_version_override": None, # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. - 'envs': {}, + "envs": {}, } try: # Ensure we can import noxfile_config in the project's directory. - sys.path.append('.') + sys.path.append(".") from noxfile_config import TEST_CONFIG_OVERRIDE except ImportError as e: print("No user noxfile_config found: detail: {}".format(e)) @@ -78,12 +76,12 @@ def get_pytest_env_vars() -> Dict[str, str]: ret = {} # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG['gcloud_project_env'] + env_key = TEST_CONFIG["gcloud_project_env"] # This should error out if not set. - ret['GOOGLE_CLOUD_PROJECT'] = os.environ[env_key] + ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] # Apply user supplied envs. - ret.update(TEST_CONFIG['envs']) + ret.update(TEST_CONFIG["envs"]) return ret @@ -92,11 +90,14 @@ def get_pytest_env_vars() -> Dict[str, str]: ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] # Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG['ignored_versions'] +IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) -INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ("True", "true") +INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ( + "True", + "true", +) # # Style Checks # @@ -141,7 +142,7 @@ def _determine_local_import_names(start_dir: str) -> List[str]: @nox.session def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG['enforce_type_hints']: + if not TEST_CONFIG["enforce_type_hints"]: session.install("flake8", "flake8-import-order") else: session.install("flake8", "flake8-import-order", "flake8-annotations") @@ -150,9 +151,11 @@ def lint(session: nox.sessions.Session) -> None: args = FLAKE8_COMMON_ARGS + [ "--application-import-names", ",".join(local_names), - "." + ".", ] session.run("flake8", *args) + + # # Black # @@ -165,6 +168,7 @@ def blacken(session: nox.sessions.Session) -> None: session.run("black", *python_files) + # # Sample Tests # @@ -173,7 +177,9 @@ def blacken(session: nox.sessions.Session) -> None: PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] -def _session_tests(session: nox.sessions.Session, post_install: Callable = None) -> None: +def _session_tests( + session: nox.sessions.Session, post_install: Callable = None +) -> None: if TEST_CONFIG["pip_version_override"]: pip_version = TEST_CONFIG["pip_version_override"] session.install(f"pip=={pip_version}") @@ -203,7 +209,7 @@ def _session_tests(session: nox.sessions.Session, post_install: Callable = None) # on travis where slow and flaky tests are excluded. # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html success_codes=[0, 5], - env=get_pytest_env_vars() + env=get_pytest_env_vars(), ) @@ -213,9 +219,9 @@ def py(session: nox.sessions.Session) -> None: if session.python in TESTED_VERSIONS: _session_tests(session) else: - session.skip("SKIPPED: {} tests are disabled for this sample.".format( - session.python - )) + session.skip( + "SKIPPED: {} tests are disabled for this sample.".format(session.python) + ) # From 7e2911bd471040bb408869e07faed7361ec904c8 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Thu, 30 Sep 2021 16:00:17 +0000 Subject: [PATCH 19/84] chore: fail samples nox session if python version is missing (#128) --- privateca/snippets/noxfile.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index b008613f03ff..1fd8956fbf01 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -98,6 +98,10 @@ def get_pytest_env_vars() -> Dict[str, str]: "True", "true", ) + +# Error if a python version is missing +nox.options.error_on_missing_interpreters = True + # # Style Checks # From 8fe08dcf85a5231da91c333cc095be581e3ed21e Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 8 Oct 2021 17:20:43 +0000 Subject: [PATCH 20/84] chore(python): Add kokoro configs for python 3.10 samples testing (#134) --- privateca/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 1fd8956fbf01..93a9122cc457 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -87,7 +87,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to test samples. -ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9"] +ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9", "3.10"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] From 185d5d49408890c54bad143294807dc1ba2771a3 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 27 Oct 2021 12:25:14 +0200 Subject: [PATCH 21/84] chore(deps): update dependency google-auth to v2.1.0 (#120) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index ed946b7f63dd..dcf9818b99aa 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 -google-auth==2.0.2 +google-auth==2.1.0 cryptography==3.4.8 From 1cc277dab3778e4819f53a91d57ac52fba9ae550 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 30 Oct 2021 18:21:52 +0200 Subject: [PATCH 22/84] chore(deps): update all dependencies (#144) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 4 ++-- privateca/snippets/requirements.txt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index dcf9818b99aa..bb593d46c157 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 -google-auth==2.1.0 -cryptography==3.4.8 +google-auth==2.3.2 +cryptography==35.0.0 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 361e0ca8c8ba..31cda97a15e5 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-private-ca==1.0.4 -google-cloud-kms==2.6.0 +google-cloud-private-ca==1.2.0 +google-cloud-kms==2.10.0 From f671d4c6092d73f516d10e5ced5d6dae365ae3a1 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 2 Nov 2021 18:51:08 +0100 Subject: [PATCH 23/84] chore(deps): update all dependencies (#146) --- privateca/snippets/requirements-test.txt | 2 +- privateca/snippets/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index bb593d46c157..28cca593d369 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 -google-auth==2.3.2 +google-auth==2.3.3 cryptography==35.0.0 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 31cda97a15e5..b02b7f4bac38 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ google-cloud-private-ca==1.2.0 -google-cloud-kms==2.10.0 +google-cloud-kms==2.10.1 From ad4c1ffbf39e886f09f9437139e26ae643d85494 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 4 Nov 2021 11:34:36 +0100 Subject: [PATCH 24/84] chore(deps): update dependency google-cloud-private-ca to v1.2.1 (#147) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index b02b7f4bac38..bc4aa3ab46cc 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,2 @@ -google-cloud-private-ca==1.2.0 +google-cloud-private-ca==1.2.1 google-cloud-kms==2.10.1 From db9be66b91e69a50fcf9e047e5b4b9c2fc0a4898 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 10 Nov 2021 20:38:00 -0500 Subject: [PATCH 25/84] chore(python): run blacken session for all directories with a noxfile (#150) Source-Link: https://github.com/googleapis/synthtool/commit/bc0de6ee2489da6fb8eafd021a8c58b5cc30c947 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:39ad8c0570e4f5d2d3124a509de4fe975e799e2b97e0f58aed88f8880d5a8b60 Co-authored-by: Owl Bot --- privateca/snippets/create_ca_pool.py | 4 +--- privateca/snippets/create_certificate.py | 9 +++------ .../snippets/create_certificate_authority.py | 10 +++------- .../snippets/enable_certificate_authority.py | 4 +--- privateca/snippets/list_certificates.py | 6 +----- privateca/snippets/revoke_certificate.py | 5 +---- .../snippets/test_certificate_authorities.py | 15 +++------------ privateca/snippets/test_certificates.py | 5 +---- 8 files changed, 14 insertions(+), 44 deletions(-) diff --git a/privateca/snippets/create_ca_pool.py b/privateca/snippets/create_ca_pool.py index 2b11785b039b..a8fbaac560b7 100644 --- a/privateca/snippets/create_ca_pool.py +++ b/privateca/snippets/create_ca_pool.py @@ -39,9 +39,7 @@ def create_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None: # Create the pool request. request = privateca_v1.CreateCaPoolRequest( - parent=location_path, - ca_pool_id=ca_pool_name, - ca_pool=ca_pool, + parent=location_path, ca_pool_id=ca_pool_name, ca_pool=ca_pool, ) # Create the CA pool. diff --git a/privateca/snippets/create_certificate.py b/privateca/snippets/create_certificate.py index 053305654296..2e1372ed31fc 100644 --- a/privateca/snippets/create_certificate.py +++ b/privateca/snippets/create_certificate.py @@ -54,8 +54,7 @@ def create_certificate( # Set the Public Key and its format. public_key = privateca_v1.PublicKey( - key=public_key_bytes, - format_=privateca_v1.PublicKey.KeyFormat.PEM, + key=public_key_bytes, format_=privateca_v1.PublicKey.KeyFormat.PEM, ) subject_config = privateca_v1.CertificateConfig.SubjectConfig( @@ -67,12 +66,10 @@ def create_certificate( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - digital_signature=True, - key_encipherment=True, + digital_signature=True, key_encipherment=True, ), extended_key_usage=privateca_v1.KeyUsage.ExtendedKeyUsageOptions( - server_auth=True, - client_auth=True, + server_auth=True, client_auth=True, ), ), ) diff --git a/privateca/snippets/create_certificate_authority.py b/privateca/snippets/create_certificate_authority.py index 2cb0c65ec17d..2856f7d31c18 100644 --- a/privateca/snippets/create_certificate_authority.py +++ b/privateca/snippets/create_certificate_authority.py @@ -58,13 +58,10 @@ def create_certificate_authority( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - crl_sign=True, - cert_sign=True, + crl_sign=True, cert_sign=True, ) ), - ca_options=privateca_v1.X509Parameters.CaOptions( - is_ca=True, - ), + ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=True,), ) # Set certificate authority settings. @@ -73,8 +70,7 @@ def create_certificate_authority( type_=privateca_v1.CertificateAuthority.Type.SELF_SIGNED, key_spec=key_version_spec, config=privateca_v1.CertificateConfig( - subject_config=subject_config, - x509_config=x509_parameters, + subject_config=subject_config, x509_config=x509_parameters, ), lifetime=duration_pb2.Duration(seconds=ca_duration), ) diff --git a/privateca/snippets/enable_certificate_authority.py b/privateca/snippets/enable_certificate_authority.py index a6ecd35580bc..691922db7eb3 100644 --- a/privateca/snippets/enable_certificate_authority.py +++ b/privateca/snippets/enable_certificate_authority.py @@ -38,9 +38,7 @@ def enable_certificate_authority( ) # Create the Enable Certificate Authority Request. - request = privateca_v1.EnableCertificateAuthorityRequest( - name=ca_path, - ) + request = privateca_v1.EnableCertificateAuthorityRequest(name=ca_path,) # Enable the Certificate Authority. operation = caServiceClient.enable_certificate_authority(request=request) diff --git a/privateca/snippets/list_certificates.py b/privateca/snippets/list_certificates.py index 9c04ed93470f..8d2d606a6fab 100644 --- a/privateca/snippets/list_certificates.py +++ b/privateca/snippets/list_certificates.py @@ -19,11 +19,7 @@ import google.cloud.security.privateca_v1 as privateca_v1 -def list_certificates( - project_id: str, - location: str, - ca_pool_name: str, -) -> None: +def list_certificates(project_id: str, location: str, ca_pool_name: str,) -> None: """ List Certificates present in the given CA pool. diff --git a/privateca/snippets/revoke_certificate.py b/privateca/snippets/revoke_certificate.py index 011999a4b92f..8cd640005ec2 100644 --- a/privateca/snippets/revoke_certificate.py +++ b/privateca/snippets/revoke_certificate.py @@ -22,10 +22,7 @@ def revoke_certificate( - project_id: str, - location: str, - ca_pool_name: str, - certificate_name: str, + project_id: str, location: str, ca_pool_name: str, certificate_name: str, ) -> None: """ Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire post its lifetime. diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index 8716e189fe62..4ef01f97b62d 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -67,14 +67,8 @@ def test_enable_and_disable_certificate_authority( out, _ = capsys.readouterr() - assert re.search( - f"Enabled Certificate Authority: {CA_NAME}", - out, - ) - assert re.search( - f"Disabled Certificate Authority: {CA_NAME}", - out, - ) + assert re.search(f"Enabled Certificate Authority: {CA_NAME}", out,) + assert re.search(f"Disabled Certificate Authority: {CA_NAME}", out,) def test_delete_certificate_authority(capsys: typing.Any) -> None: @@ -90,7 +84,4 @@ def test_delete_certificate_authority(capsys: typing.Any) -> None: out, _ = capsys.readouterr() - assert re.search( - f"Successfully deleted Certificate Authority: {CA_NAME}", - out, - ) + assert re.search(f"Successfully deleted Certificate Authority: {CA_NAME}", out,) diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index 080fd5663a3a..85d707f46b71 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -75,10 +75,7 @@ def test_create_and_revoke_certificate_authority( ) revoke_certificate( - PROJECT, - LOCATION, - CA_POOL_NAME, - CERT_NAME, + PROJECT, LOCATION, CA_POOL_NAME, CERT_NAME, ) disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) From 1ea16b7271de9066e4c8ebb97c659c390e37b9c2 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 22 Nov 2021 12:09:40 +0100 Subject: [PATCH 26/84] chore(deps): update dependency cryptography to v36 (#154) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 28cca593d369..1e20c5f57071 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 google-auth==2.3.3 -cryptography==35.0.0 +cryptography==36.0.0 From 8dd8f699d104f78d728f95a7a85bc25e3ef01e6b Mon Sep 17 00:00:00 2001 From: Fedor Isakov Date: Mon, 29 Nov 2021 12:57:06 +0300 Subject: [PATCH 27/84] feat(samples): add subordinate CA samples --- privateca/snippets/activate_subordinate_ca.py | 87 ++++++++++++++ privateca/snippets/create_certificate_csr.py | 73 ++++++++++++ privateca/snippets/create_subordinate_ca.py | 97 +++++++++++++++ privateca/snippets/test_subordinate_ca.py | 110 ++++++++++++++++++ 4 files changed, 367 insertions(+) create mode 100644 privateca/snippets/activate_subordinate_ca.py create mode 100644 privateca/snippets/create_certificate_csr.py create mode 100644 privateca/snippets/create_subordinate_ca.py create mode 100644 privateca/snippets/test_subordinate_ca.py diff --git a/privateca/snippets/activate_subordinate_ca.py b/privateca/snippets/activate_subordinate_ca.py new file mode 100644 index 000000000000..ad6d9b5593d9 --- /dev/null +++ b/privateca/snippets/activate_subordinate_ca.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_activate_subordinateca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def activate_subordinate_ca( + project_id: str, + location: str, + ca_pool_name: str, + subordinate_ca_name: str, + pem_ca_certificate: str, + ca_name: str, +) -> None: + """ + Activate a subordinate Certificate Authority (CA). + *Prerequisite*: Get the Certificate Signing Resource (CSR) of the subordinate CA signed by another CA. Pass in the signed + certificate and (issuer CA's name or the issuer CA's Certificate chain). + *Post*: After activating the subordinate CA, it should be enabled before issuing certificates. + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set it to the CA Pool under which the CA should be created. + pem_ca_certificate: the signed certificate, obtained by signing the CSR. + subordinate_ca_name: the CA to be activated. + ca_name: The name of the certificate authority which signed the CSR. + If an external CA (CA not present in Google Cloud) was used for signing, + then use the CA's issuerCertificateChain. + """ + + ca_service_client = privateca_v1.CertificateAuthorityServiceClient() + + subordinate_ca_path = ca_service_client.certificate_authority_path( + project_id, location, ca_pool_name, subordinate_ca_name + ) + ca_path = ca_service_client.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + + # Set CA subordinate config. + subordinate_config = privateca_v1.SubordinateConfig( + # Follow one of the below methods: + # Method 1: If issuer CA is in Google Cloud, set the Certificate Authority Name. + certificate_authority=ca_path, + # Method 2: If issuer CA is external to Google Cloud, set the issuer's certificate chain. + # The certificate chain of the CA (which signed the CSR) from leaf to root. + # pem_issuer_chain=privateca_v1.SubordinateConfig.SubordinateConfigChain( + # pem_certificates=issuer_certificate_chain, + # ) + ) + + # Construct the "Activate CA Request". + request = privateca_v1.ActivateCertificateAuthorityRequest( + name=subordinate_ca_path, + # The signed certificate. + pem_ca_certificate=pem_ca_certificate, + subordinate_config=subordinate_config, + ) + + # Activate the CA + operation = ca_service_client.activate_certificate_authority(request=request) + result = operation.result() + + print("Operation result:", result) + + # The current state will be STAGED. + # The Subordinate CA has to be ENABLED before issuing certificates. + print( + f"Current state: {ca_service_client.get_certificate_authority(name=subordinate_ca_path).state}" + ) + + +# [END privateca_activate_subordinateca] diff --git a/privateca/snippets/create_certificate_csr.py b/privateca/snippets/create_certificate_csr.py new file mode 100644 index 000000000000..a52f961f199c --- /dev/null +++ b/privateca/snippets/create_certificate_csr.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_certificate_csr] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import duration_pb2 + + +def create_certificate_csr( + project_id: str, + location: str, + ca_pool_name: str, + ca_name: str, + certificate_name: str, + certificate_lifetime: int, + pem_csr: str, +) -> None: + """ + Create a Certificate which is issued by the specified Certificate Authority (CA). + The certificate details and the public key is provided as a Certificate Signing Request (CSR). + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set a unique name for the CA pool. + ca_name: the name of the certificate authority to sign the CSR. + certificate_name: set a unique name for the certificate. + certificate_lifetime: the validity of the certificate in seconds. + pem_csr: set the Certificate Issuing Request in the pem encoded format. + """ + + ca_service_client = privateca_v1.CertificateAuthorityServiceClient() + + # The public key used to sign the certificate can be generated using any crypto library/framework. + # Also you can use Cloud KMS to retrieve an already created public key. + # For more info, see: https://cloud.google.com/kms/docs/retrieve-public-key. + + # Create certificate with CSR. + # The pem_csr contains the public key and the domain details required. + certificate = privateca_v1.Certificate( + pem_csr=pem_csr, lifetime=duration_pb2.Duration(seconds=certificate_lifetime), + ) + + # Create the Certificate Request. + # Set the CA which is responsible for creating the certificate with the provided CSR. + request = privateca_v1.CreateCertificateRequest( + parent=ca_service_client.ca_pool_path(project_id, location, ca_pool_name), + certificate_id=certificate_name, + certificate=certificate, + issuing_certificate_authority_id=ca_name, + ) + response = ca_service_client.create_certificate(request=request) + + print(f"Certificate created successfully: {response.name}") + + # Get the signed certificate and the issuer chain list. + print(f"Signed certificate: {response.pem_certificate}") + print(f"Issuer chain list: {response.pem_certificate_chain}") + + +# [END privateca_create_certificate_csr] diff --git a/privateca/snippets/create_subordinate_ca.py b/privateca/snippets/create_subordinate_ca.py new file mode 100644 index 000000000000..0df36df98f4d --- /dev/null +++ b/privateca/snippets/create_subordinate_ca.py @@ -0,0 +1,97 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_subordinateca] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import duration_pb2 + + +def create_subordinate_ca( + project_id: str, + location: str, + ca_pool_name: str, + subordinate_ca_name: str, + common_name: str, + organization: str, + domain: str, + ca_duration: int, +) -> None: + """ + Create Certificate Authority (CA) which is the subordinate CA in the given CA Pool. + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set it to the CA Pool under which the CA should be created. + subordinate_ca_name: unique name for the Subordinate CA. + common_name: a title for your certificate authority. + organization: the name of your company for your certificate authority. + domain: the name of your company for your certificate authority. + ca_duration: the validity of the certificate authority in seconds. + """ + + ca_service_client = privateca_v1.CertificateAuthorityServiceClient() + + # Set the type of Algorithm + key_version_spec = privateca_v1.CertificateAuthority.KeyVersionSpec( + algorithm=privateca_v1.CertificateAuthority.SignHashAlgorithm.RSA_PKCS1_4096_SHA256 + ) + + # Set CA subject config. + subject_config = privateca_v1.CertificateConfig.SubjectConfig( + subject=privateca_v1.Subject( + common_name=common_name, organization=organization + ), + # Set the fully qualified domain name. + subject_alt_name=privateca_v1.SubjectAltNames(dns_names=[domain]), + ) + + # Set the key usage options for X.509 fields. + x509_parameters = privateca_v1.X509Parameters( + key_usage=privateca_v1.KeyUsage( + base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( + crl_sign=True, cert_sign=True, + ) + ), + ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=True,), + ) + + # Set certificate authority settings. + certificate_authority = privateca_v1.CertificateAuthority( + type_=privateca_v1.CertificateAuthority.Type.SUBORDINATE, + key_spec=key_version_spec, + config=privateca_v1.CertificateConfig( + subject_config=subject_config, x509_config=x509_parameters, + ), + # Set the CA validity duration. + lifetime=duration_pb2.Duration(seconds=ca_duration), + ) + + ca_pool_path = ca_service_client.ca_pool_path(project_id, location, ca_pool_name) + + # Create the CertificateAuthorityRequest. + request = privateca_v1.CreateCertificateAuthorityRequest( + parent=ca_pool_path, + certificate_authority_id=subordinate_ca_name, + certificate_authority=certificate_authority, + ) + + operation = ca_service_client.create_certificate_authority(request=request) + result = operation.result() + + print(f"Operation result: {result}") + + +# [END privateca_create_subordinateca] diff --git a/privateca/snippets/test_subordinate_ca.py b/privateca/snippets/test_subordinate_ca.py new file mode 100644 index 000000000000..ffc3c2450bdf --- /dev/null +++ b/privateca/snippets/test_subordinate_ca.py @@ -0,0 +1,110 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import re +import typing +import uuid + +import google.auth +import google.cloud.security.privateca_v1 as privateca_v1 + +from activate_subordinate_ca import activate_subordinate_ca +from create_certificate_csr import create_certificate_csr +from create_subordinate_ca import create_subordinate_ca +from revoke_certificate import revoke_certificate + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" +COMMON_NAME = "COMMON_NAME" +ORGANIZATION = "ORGANIZATION" +CA_DURATION = CERTIFICATE_LIFETIME = 1000000 +DOMAIN_NAME = "domain.com" + + +def generate_name() -> str: + return "test-" + uuid.uuid4().hex[:10] + + +def test_subordinate_certificate_authority( + certificate_authority, capsys: typing.Any +) -> None: + CSR_CERT_NAME = generate_name() + SUBORDINATE_CA_NAME = generate_name() + + CA_POOL_NAME, ROOT_CA_NAME = certificate_authority + + # 1. Create a Subordinate Certificate Authority. + create_subordinate_ca( + PROJECT, + LOCATION, + CA_POOL_NAME, + SUBORDINATE_CA_NAME, + COMMON_NAME, + ORGANIZATION, + DOMAIN_NAME, + CA_DURATION, + ) + + # 2. Fetch CSR of the given CA. + ca_service_client = privateca_v1.CertificateAuthorityServiceClient() + + ca_path = ca_service_client.certificate_authority_path( + PROJECT, LOCATION, CA_POOL_NAME, SUBORDINATE_CA_NAME + ) + response = ca_service_client.fetch_certificate_authority_csr(name=ca_path) + pem_csr = response.pem_csr + + # 3. Sign the CSR and create a certificate. + create_certificate_csr( + PROJECT, + LOCATION, + CA_POOL_NAME, + ROOT_CA_NAME, + CSR_CERT_NAME, + CERTIFICATE_LIFETIME, + pem_csr, + ) + + # 4. Get certificate PEM format + certificate_name = ca_service_client.certificate_path( + PROJECT, LOCATION, CA_POOL_NAME, CSR_CERT_NAME + ) + pem_certificate = ca_service_client.get_certificate( + name=certificate_name + ).pem_certificate + + # 5. Activate Subordinate CA + activate_subordinate_ca( + PROJECT, + LOCATION, + CA_POOL_NAME, + SUBORDINATE_CA_NAME, + pem_certificate, + ROOT_CA_NAME, + ) + + revoke_certificate( + PROJECT, LOCATION, CA_POOL_NAME, CSR_CERT_NAME, + ) + + out, _ = capsys.readouterr() + + assert re.search( + f'Operation result: name: "projects/{PROJECT}/locations/{LOCATION}/caPools/{CA_POOL_NAME}/certificateAuthorities/{SUBORDINATE_CA_NAME}"', + out, + ) + + assert "Certificate created successfully" in out + assert f"Current state: {privateca_v1.CertificateAuthority.State.STAGED}" in out From 7fb6174c753444e21184a5911aa4bd27de6e0ad1 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 24 Dec 2021 16:33:16 +0100 Subject: [PATCH 28/84] chore(deps): update dependency cryptography to v36.0.1 (#158) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 1e20c5f57071..28616661a7e9 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 google-auth==2.3.3 -cryptography==36.0.0 +cryptography==36.0.1 From a101e028aaafafb69d0d5980cf7d52ed274c428f Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 11 Jan 2022 07:48:32 -0500 Subject: [PATCH 29/84] chore(samples): Add check for tests in directory (#164) Source-Link: https://github.com/googleapis/synthtool/commit/52aef91f8d25223d9dbdb4aebd94ba8eea2101f3 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:36a95b8f494e4674dc9eee9af98961293b51b86b3649942aac800ae6c1f796d4 Co-authored-by: Owl Bot --- privateca/snippets/noxfile.py | 70 +++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 31 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 93a9122cc457..3bbef5d54f44 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -14,6 +14,7 @@ from __future__ import print_function +import glob import os from pathlib import Path import sys @@ -184,37 +185,44 @@ def blacken(session: nox.sessions.Session) -> None: def _session_tests( session: nox.sessions.Session, post_install: Callable = None ) -> None: - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") - else: - session.install("-r", "requirements-test.txt") - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) + # check for presence of tests + test_list = glob.glob("*_test.py") + glob.glob("test_*.py") + if len(test_list) == 0: + print("No tests found, skipping directory.") + else: + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") + """Runs py.test for a particular project.""" + if os.path.exists("requirements.txt"): + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") + + if os.path.exists("requirements-test.txt"): + if os.path.exists("constraints-test.txt"): + session.install( + "-r", "requirements-test.txt", "-c", "constraints-test.txt" + ) + else: + session.install("-r", "requirements-test.txt") + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars(), + ) @nox.session(python=ALL_VERSIONS) From a14b962578dd4598e64a73aeb60f80c2af486eaf Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 18 Jan 2022 20:30:44 -0500 Subject: [PATCH 30/84] chore(python): Noxfile recognizes that tests can live in a folder (#169) Source-Link: https://github.com/googleapis/synthtool/commit/4760d8dce1351d93658cb11d02a1b7ceb23ae5d7 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:f0e4b51deef56bed74d3e2359c583fc104a8d6367da3984fc5c66938db738828 Co-authored-by: Owl Bot --- privateca/snippets/noxfile.py | 1 + 1 file changed, 1 insertion(+) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 3bbef5d54f44..20cdfc620138 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -187,6 +187,7 @@ def _session_tests( ) -> None: # check for presence of tests test_list = glob.glob("*_test.py") + glob.glob("test_*.py") + test_list.extend(glob.glob("tests")) if len(test_list) == 0: print("No tests found, skipping directory.") else: From 453f966fb7f80b8c1b69b4436504a6847fc75cc5 Mon Sep 17 00:00:00 2001 From: Fedor Isakov Date: Sun, 23 Jan 2022 15:02:44 +0300 Subject: [PATCH 31/84] docs(samples): add sample to filter certificates (#160) docs(samples): add sample to undelete certificate authority * samples(security): add filter/undelete certs * add fixture for a deleted CA Co-authored-by: Anthonios Partheniou --- privateca/snippets/conftest.py | 13 ++++ privateca/snippets/filter_certificates.py | 48 +++++++++++++ .../snippets/test_certificate_authorities.py | 15 ++-- privateca/snippets/test_certificates.py | 13 +++- .../undelete_certificate_authority.py | 68 +++++++++++++++++++ 5 files changed, 148 insertions(+), 9 deletions(-) create mode 100644 privateca/snippets/filter_certificates.py create mode 100644 privateca/snippets/undelete_certificate_authority.py diff --git a/privateca/snippets/conftest.py b/privateca/snippets/conftest.py index e3cc338a5039..6c11fc7cadcd 100644 --- a/privateca/snippets/conftest.py +++ b/privateca/snippets/conftest.py @@ -56,3 +56,16 @@ def certificate_authority(ca_pool): yield ca_pool, CA_NAME delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME) + + +@pytest.fixture +def deleted_certificate_authority(ca_pool): + CA_NAME = generate_name() + + create_certificate_authority( + PROJECT, LOCATION, ca_pool, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION + ) + + delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME) + + yield ca_pool, CA_NAME diff --git a/privateca/snippets/filter_certificates.py b/privateca/snippets/filter_certificates.py new file mode 100644 index 000000000000..8ee7aac050d6 --- /dev/null +++ b/privateca/snippets/filter_certificates.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_filter_certificate] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def filter_certificates( + project_id: str, location: str, ca_pool_name: str, filter_condition: str +) -> None: + """ + Filter certificates based on a condition and list them. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: name of the CA pool which contains the certificates to be listed. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # Create the certificate request and set the filter condition. + request = privateca_v1.ListCertificatesRequest( + parent=ca_pool_path, filter=filter_condition, + ) + + # Retrieve and print the certificate names. + print("Available certificates: ") + for cert in caServiceClient.list_certificates(request=request): + print(f"- {cert.name}") + + +# [END privateca_filter_certificate] diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index 4ef01f97b62d..128cf7e79868 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -24,6 +24,7 @@ from delete_certificate_authority import delete_certificate_authority from disable_certificate_authority import disable_certificate_authority from enable_certificate_authority import enable_certificate_authority +from undelete_certificate_authority import undelete_certificate_authority PROJECT = google.auth.default()[1] @@ -71,17 +72,15 @@ def test_enable_and_disable_certificate_authority( assert re.search(f"Disabled Certificate Authority: {CA_NAME}", out,) -def test_delete_certificate_authority(capsys: typing.Any) -> None: - CA_POOL_NAME = generate_name() - CA_NAME = generate_name() +def test_undelete_certificate_authority( + deleted_certificate_authority, capsys: typing.Any +) -> None: + CA_POOL_NAME, CA_NAME = deleted_certificate_authority - create_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) - create_certificate_authority( - PROJECT, LOCATION, CA_POOL_NAME, CA_NAME, COMMON_NAME, ORGANIZATION, CA_DURATION - ) + undelete_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) delete_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) out, _ = capsys.readouterr() - + assert re.search(f"Successfully undeleted Certificate Authority: {CA_NAME}", out,) assert re.search(f"Successfully deleted Certificate Authority: {CA_NAME}", out,) diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index 85d707f46b71..3d129bfa1bf0 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -13,6 +13,7 @@ # limitations under the License. +import re import time import typing import uuid @@ -28,6 +29,7 @@ from create_certificate import create_certificate from disable_certificate_authority import disable_certificate_authority from enable_certificate_authority import enable_certificate_authority +from filter_certificates import filter_certificates from revoke_certificate import revoke_certificate @@ -74,6 +76,11 @@ def test_create_and_revoke_certificate_authority( public_key_bytes, ) + FILTER_CONDITION = ( + f"certificate_description.subject_description.subject.common_name={COMMON_NAME}" + ) + filter_certificates(PROJECT, LOCATION, CA_POOL_NAME, FILTER_CONDITION) + revoke_certificate( PROJECT, LOCATION, CA_POOL_NAME, CERT_NAME, ) @@ -81,6 +88,10 @@ def test_create_and_revoke_certificate_authority( disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) out, _ = capsys.readouterr() - assert "Certificate creation result:" in out + assert "Available certificates:" in out + assert re.search( + f"- projects/.*/locations/{LOCATION}/caPools/{CA_POOL_NAME}/certificates/{CERT_NAME}", + out, + ) assert "Certificate revoke result:" in out diff --git a/privateca/snippets/undelete_certificate_authority.py b/privateca/snippets/undelete_certificate_authority.py new file mode 100644 index 000000000000..f436f891cd38 --- /dev/null +++ b/privateca/snippets/undelete_certificate_authority.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_undelete_ca] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def undelete_certificate_authority( + project_id: str, location: str, ca_pool_name: str, ca_name: str +) -> None: + """ + Restore a deleted CA, if still within the grace period of 30 days. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: the name of the CA pool under which the deleted CA is present. + ca_name: the name of the CA to be restored (undeleted). + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + ca_path = caServiceClient.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + + # Confirm if the CA is in DELETED stage. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + if ca_state != privateca_v1.CertificateAuthority.State.DELETED: + print("CA is not deleted !") + return + + # Create the Request. + request = privateca_v1.UndeleteCertificateAuthorityRequest(name=ca_path) + + # Undelete the CA. + operation = caServiceClient.undelete_certificate_authority(request=request) + result = operation.result() + + print("Operation result", result) + + # Get the current CA state. + ca_state = caServiceClient.get_certificate_authority(name=ca_path).state + + # CA state changes from DELETED to DISABLED if successfully restored. + # Confirm if the CA is DISABLED. + if ca_state == privateca_v1.CertificateAuthority.State.DISABLED: + print("Successfully undeleted Certificate Authority:", ca_name) + else: + print( + "Unable to restore the Certificate Authority! Please try again! Current state:", + ca_state, + ) + + +# [END privateca_undelete_ca] From 2b643ea03c1d9f3012a9683fc5b65bfe9003dcca Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 3 Feb 2022 11:20:29 +0100 Subject: [PATCH 32/84] chore(deps): update dependency google-auth to v2.6.0 (#173) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 28616661a7e9..85db019caa11 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==6.2.5 -google-auth==2.3.3 +google-auth==2.6.0 cryptography==36.0.1 From a9456367b2b6aefc45b07bd32ae31d6ee75ca2d0 Mon Sep 17 00:00:00 2001 From: Fedor Isakov Date: Mon, 14 Feb 2022 13:41:06 +0000 Subject: [PATCH 33/84] docs(samples): add template/monitoring samples (#174) --- privateca/snippets/conftest.py | 13 +++ .../snippets/create_certificate_template.py | 77 ++++++++++++++++ .../snippets/delete_certificate_template.py | 48 ++++++++++ .../snippets/list_certificate_templates.py | 44 +++++++++ .../snippets/monitor_certificate_authority.py | 77 ++++++++++++++++ privateca/snippets/requirements.txt | 1 + privateca/snippets/test_ca_pools.py | 11 +++ .../snippets/test_certificate_authorities.py | 22 +++++ .../test_crud_certificate_templates.py | 72 +++++++++++++++ .../update_ca_pool_issuance_policy.py | 92 +++++++++++++++++++ .../snippets/update_certificate_authority.py | 67 ++++++++++++++ .../snippets/update_certificate_template.py | 81 ++++++++++++++++ 12 files changed, 605 insertions(+) create mode 100644 privateca/snippets/create_certificate_template.py create mode 100644 privateca/snippets/delete_certificate_template.py create mode 100644 privateca/snippets/list_certificate_templates.py create mode 100644 privateca/snippets/monitor_certificate_authority.py create mode 100644 privateca/snippets/test_crud_certificate_templates.py create mode 100644 privateca/snippets/update_ca_pool_issuance_policy.py create mode 100644 privateca/snippets/update_certificate_authority.py create mode 100644 privateca/snippets/update_certificate_template.py diff --git a/privateca/snippets/conftest.py b/privateca/snippets/conftest.py index 6c11fc7cadcd..5e9f943d4abf 100644 --- a/privateca/snippets/conftest.py +++ b/privateca/snippets/conftest.py @@ -20,8 +20,10 @@ from create_ca_pool import create_ca_pool from create_certificate_authority import create_certificate_authority +from create_certificate_template import create_certificate_template from delete_ca_pool import delete_ca_pool from delete_certificate_authority import delete_certificate_authority +from delete_certificate_template import delete_certificate_template PROJECT = google.auth.default()[1] LOCATION = "europe-west1" @@ -69,3 +71,14 @@ def deleted_certificate_authority(ca_pool): delete_certificate_authority(PROJECT, LOCATION, ca_pool, CA_NAME) yield ca_pool, CA_NAME + + +@pytest.fixture +def certificate_template(): + TEMPLATE_NAME = generate_name() + + create_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME) + + yield TEMPLATE_NAME + + delete_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME) diff --git a/privateca/snippets/create_certificate_template.py b/privateca/snippets/create_certificate_template.py new file mode 100644 index 000000000000..b508bd8b12ad --- /dev/null +++ b/privateca/snippets/create_certificate_template.py @@ -0,0 +1,77 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_create_certificate_template] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.type import expr_pb2 + + +def create_certificate_template( + project_id: str, location: str, certificate_template_id: str, +) -> None: + """ + Create a Certificate template. These templates can be reused for common + certificate issuance scenarios. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + certificate_template_id: set a unique name for the certificate template. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # Describes any predefined X.509 values set by this template. + # The provided extensions are copied over to certificate requests that use this template. + x509_parameters = privateca_v1.X509Parameters( + key_usage=privateca_v1.KeyUsage( + base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( + digital_signature=True, key_encipherment=True, + ), + extended_key_usage=privateca_v1.KeyUsage.ExtendedKeyUsageOptions( + server_auth=True, + ), + ), + ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=False,), + ) + + # CEL expression that is evaluated against the Subject and + # Subject Alternative Name of the certificate before it is issued. + expr = expr_pb2.Expr(expression="subject_alt_names.all(san, san.type == DNS)") + + # Set the certificate issuance schema. + certificate_template = privateca_v1.CertificateTemplate( + predefined_values=x509_parameters, + identity_constraints=privateca_v1.CertificateIdentityConstraints( + cel_expression=expr, + allow_subject_passthrough=False, + allow_subject_alt_names_passthrough=False, + ), + ) + + # Request to create a certificate template. + request = privateca_v1.CreateCertificateTemplateRequest( + parent=caServiceClient.common_location_path(project_id, location), + certificate_template=certificate_template, + certificate_template_id=certificate_template_id, + ) + operation = caServiceClient.create_certificate_template(request=request) + result = operation.result() + + print("Operation result:", result) + + +# [END privateca_create_certificate_template] diff --git a/privateca/snippets/delete_certificate_template.py b/privateca/snippets/delete_certificate_template.py new file mode 100644 index 000000000000..8d1a5ad5f7de --- /dev/null +++ b/privateca/snippets/delete_certificate_template.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_delete_certificate_template] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def delete_certificate_template( + project_id: str, location: str, certificate_template_id: str, +) -> None: + """ + Delete the certificate template present in the given project and location. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + certificate_template_id: set a unique name for the certificate template. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # Request to delete a certificate template. + request = privateca_v1.DeleteCertificateTemplateRequest( + name=caServiceClient.certificate_template_path( + project_id, location, certificate_template_id, + ) + ) + operation = caServiceClient.delete_certificate_template(request=request) + result = operation.result() + + print("Operation result", result) + print("Deleted certificate template:", certificate_template_id) + + +# [END privateca_delete_certificate_template] diff --git a/privateca/snippets/list_certificate_templates.py b/privateca/snippets/list_certificate_templates.py new file mode 100644 index 000000000000..8e8c4c7d5c0d --- /dev/null +++ b/privateca/snippets/list_certificate_templates.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_list_certificate_template] +import google.cloud.security.privateca_v1 as privateca_v1 + + +def list_certificate_templates(project_id: str, location: str) -> None: + """ + List the certificate templates present in the given project and location. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # List Templates Request. + request = privateca_v1.ListCertificateTemplatesRequest( + parent=caServiceClient.common_location_path(project_id, location), + ) + + print("Available certificate templates:") + for certificate_template in caServiceClient.list_certificate_templates( + request=request + ): + print(certificate_template.name) + + +# [END privateca_list_certificate_template] diff --git a/privateca/snippets/monitor_certificate_authority.py b/privateca/snippets/monitor_certificate_authority.py new file mode 100644 index 000000000000..bac5e023b983 --- /dev/null +++ b/privateca/snippets/monitor_certificate_authority.py @@ -0,0 +1,77 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_monitor_ca_expiry] +import google.cloud.monitoring_v3 as monitoring_v3 + + +def create_ca_monitor_policy(project_id: str) -> None: + """ + Create a monitoring policy that notifies you 30 days before a managed CA expires. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + """ + + alertPolicyServiceClient = monitoring_v3.AlertPolicyServiceClient() + notificationChannelServiceClient = monitoring_v3.NotificationChannelServiceClient() + + # Query which indicates the resource to monitor and the constraints. + # Here, the alert policy notifies you 30 days before a managed CA expires. + # For more information on creating queries, see: https://cloud.google.com/monitoring/mql/alerts + query = ( + "fetch privateca.googleapis.com/CertificateAuthority" + "| metric 'privateca.googleapis.com/ca/cert_chain_expiration'" + "| group_by 5m," + "[value_cert_chain_expiration_mean: mean(value.cert_chain_expiration)]" + "| every 5m" + "| condition val() < 2.592e+06 's'" + ) + + # Create a notification channel. + notification_channel = monitoring_v3.NotificationChannel( + type_="email", + labels={"email_address": "python-docs-samples-testing@google.com"}, + ) + channel = notificationChannelServiceClient.create_notification_channel( + name=notificationChannelServiceClient.common_project_path(project_id), + notification_channel=notification_channel, + ) + + # Set the query and notification channel. + alert_policy = monitoring_v3.AlertPolicy( + display_name="policy-name", + conditions=[ + monitoring_v3.AlertPolicy.Condition( + display_name="ca-cert-chain-expiration", + condition_monitoring_query_language=monitoring_v3.AlertPolicy.Condition.MonitoringQueryLanguageCondition( + query=query, + ), + ) + ], + combiner=monitoring_v3.AlertPolicy.ConditionCombinerType.AND, + notification_channels=[channel.name], + ) + + policy = alertPolicyServiceClient.create_alert_policy( + name=notificationChannelServiceClient.common_project_path(project_id), + alert_policy=alert_policy, + ) + + print("Monitoring policy successfully created!", policy.name) + + +# [END privateca_monitor_ca_expiry] diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index bc4aa3ab46cc..b51179d3cf7f 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,2 +1,3 @@ google-cloud-private-ca==1.2.1 google-cloud-kms==2.10.1 +google-cloud-monitoring==2.8.0 \ No newline at end of file diff --git a/privateca/snippets/test_ca_pools.py b/privateca/snippets/test_ca_pools.py index 2f7921c5a055..c0775d124294 100644 --- a/privateca/snippets/test_ca_pools.py +++ b/privateca/snippets/test_ca_pools.py @@ -21,6 +21,7 @@ from create_ca_pool import create_ca_pool from delete_ca_pool import delete_ca_pool from list_ca_pools import list_ca_pools +from update_ca_pool_issuance_policy import update_ca_pool_issuance_policy PROJECT = google.auth.default()[1] LOCATION = "europe-west1" @@ -72,3 +73,13 @@ def test_delete_ca_pool(capsys: typing.Any) -> None: out, _ = capsys.readouterr() assert re.search(f"Deleted CA Pool: {CA_POOL_NAME}", out) + + +def test_update_ca_pool_issuance_policy(ca_pool, capsys: typing.Any) -> None: + CA_POOL_NAME = ca_pool + + update_ca_pool_issuance_policy(PROJECT, LOCATION, CA_POOL_NAME) + + out, _ = capsys.readouterr() + + assert "CA Pool Issuance policy has been updated successfully!" in out diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index 128cf7e79868..c596fbea8e99 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -24,7 +24,9 @@ from delete_certificate_authority import delete_certificate_authority from disable_certificate_authority import disable_certificate_authority from enable_certificate_authority import enable_certificate_authority +from monitor_certificate_authority import create_ca_monitor_policy from undelete_certificate_authority import undelete_certificate_authority +from update_certificate_authority import update_ca_label PROJECT = google.auth.default()[1] @@ -84,3 +86,23 @@ def test_undelete_certificate_authority( out, _ = capsys.readouterr() assert re.search(f"Successfully undeleted Certificate Authority: {CA_NAME}", out,) assert re.search(f"Successfully deleted Certificate Authority: {CA_NAME}", out,) + + +def test_update_certificate_authority( + certificate_authority, capsys: typing.Any +) -> None: + CA_POOL_NAME, CA_NAME = certificate_authority + + update_ca_label(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) + + out, _ = capsys.readouterr() + + assert "Successfully updated the labels !" in out + + +def test_create_monitor_ca_policy(capsys: typing.Any) -> None: + create_ca_monitor_policy(PROJECT) + + out, _ = capsys.readouterr() + + assert "Monitoring policy successfully created!" in out diff --git a/privateca/snippets/test_crud_certificate_templates.py b/privateca/snippets/test_crud_certificate_templates.py new file mode 100644 index 000000000000..6ecd752ad106 --- /dev/null +++ b/privateca/snippets/test_crud_certificate_templates.py @@ -0,0 +1,72 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +import typing +import uuid + +import google.auth + +from create_certificate_template import create_certificate_template +from delete_certificate_template import delete_certificate_template +from list_certificate_templates import list_certificate_templates +from update_certificate_template import update_certificate_template + + +PROJECT = google.auth.default()[1] +LOCATION = "europe-west1" +COMMON_NAME = "COMMON_NAME" +ORGANIZATION = "ORGANIZATION" +CA_DURATION = 1000000 + + +def generate_name() -> str: + return "i" + uuid.uuid4().hex[:10] + + +def test_create_delete_certificate_template(capsys: typing.Any) -> None: + TEMPLATE_NAME = generate_name() + + create_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME) + delete_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME) + + out, _ = capsys.readouterr() + + assert re.search( + f'Operation result: name: "projects/{PROJECT}/locations/{LOCATION}/certificateTemplates/{TEMPLATE_NAME}"', + out, + ) + + assert re.search(f"Deleted certificate template: {TEMPLATE_NAME}", out) + + +def test_list_certificate_templates(certificate_template, capsys: typing.Any) -> None: + TEMPLATE_NAME = certificate_template + + list_certificate_templates(PROJECT, LOCATION) + + out, _ = capsys.readouterr() + + assert "Available certificate templates:" in out + assert f"{TEMPLATE_NAME}\n" in out + + +def test_update_certificate_template(certificate_template, capsys: typing.Any) -> None: + TEMPLATE_NAME = certificate_template + + update_certificate_template(PROJECT, LOCATION, TEMPLATE_NAME) + + out, _ = capsys.readouterr() + + assert "Successfully updated the certificate template!" in out diff --git a/privateca/snippets/update_ca_pool_issuance_policy.py b/privateca/snippets/update_ca_pool_issuance_policy.py new file mode 100644 index 000000000000..05a8c9cddd98 --- /dev/null +++ b/privateca/snippets/update_ca_pool_issuance_policy.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python + +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_set_issuance_policy] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import field_mask_pb2 +from google.type import expr_pb2 + + +def update_ca_pool_issuance_policy( + project_id: str, location: str, ca_pool_name: str, +) -> None: + """ + Update the issuance policy for a CA Pool. All certificates issued from this CA Pool should + meet the issuance policy + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: a unique name for the ca pool. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + ca_pool_path = caServiceClient.ca_pool_path(project_id, location, ca_pool_name) + + # Set the updated issuance policy for the CA Pool. + # This particular issuance policy allows only SANs that + # have DNS Names as "us.google.org" or ending in ".google.com". */ + expr = expr_pb2.Expr( + expression='subject_alt_names.all(san, san.type == DNS && (san.value == "us.google.org" || san.value.endsWith(".google.com")) )' + ) + + issuance_policy = privateca_v1.CaPool.IssuancePolicy( + identity_constraints=privateca_v1.CertificateIdentityConstraints( + allow_subject_passthrough=True, + allow_subject_alt_names_passthrough=True, + cel_expression=expr, + ), + ) + + ca_pool = privateca_v1.CaPool(name=ca_pool_path, issuance_policy=issuance_policy,) + + # 1. Set the CA pool with updated values. + # 2. Set the update mask to specify which properties of the CA Pool should be updated. + # Only the properties specified in the mask will be updated. Make sure that the mask fields + # match the updated issuance policy. + # For more info on constructing path for update mask, see: + # https://cloud.google.com/certificate-authority-service/docs/reference/rest/v1/projects.locations.caPools#issuancepolicy */ + request = privateca_v1.UpdateCaPoolRequest( + ca_pool=ca_pool, + update_mask=field_mask_pb2.FieldMask( + paths=[ + "issuance_policy.identity_constraints.allow_subject_alt_names_passthrough", + "issuance_policy.identity_constraints.allow_subject_passthrough", + "issuance_policy.identity_constraints.cel_expression", + ], + ), + ) + operation = caServiceClient.update_ca_pool(request=request) + result = operation.result() + + print("Operation result", result) + + # Get the CA Pool's issuance policy and verify if the fields have been successfully updated. + issuance_policy = caServiceClient.get_ca_pool(name=ca_pool_path).issuance_policy + + # Similarly, you can check for other modified fields as well. + if ( + issuance_policy.identity_constraints.allow_subject_passthrough + and issuance_policy.identity_constraints.allow_subject_alt_names_passthrough + ): + print("CA Pool Issuance policy has been updated successfully!") + return + + print("Error in updating CA Pool Issuance policy! Please try again!") + + +# [END privateca_set_issuance_policy] diff --git a/privateca/snippets/update_certificate_authority.py b/privateca/snippets/update_certificate_authority.py new file mode 100644 index 000000000000..13620ab74d2f --- /dev/null +++ b/privateca/snippets/update_certificate_authority.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_update_ca_label] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import field_mask_pb2 + + +def update_ca_label( + project_id: str, location: str, ca_pool_name: str, ca_name: str, +) -> None: + """ + Update the labels in a certificate authority. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + ca_pool_name: set it to the CA Pool under which the CA should be updated. + ca_name: unique name for the CA. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + # Set the parent path and the new labels. + ca_parent = caServiceClient.certificate_authority_path( + project_id, location, ca_pool_name, ca_name + ) + certificate_authority = privateca_v1.CertificateAuthority( + name=ca_parent, labels={"env": "test"}, + ) + + # Create a request to update the CA. + request = privateca_v1.UpdateCertificateAuthorityRequest( + certificate_authority=certificate_authority, + update_mask=field_mask_pb2.FieldMask(paths=["labels"]), + ) + + operation = caServiceClient.update_certificate_authority(request=request) + result = operation.result() + + print("Operation result:", result) + + # Get the updated CA and check if it contains the new label. + + certificate_authority = caServiceClient.get_certificate_authority(name=ca_parent) + + if ( + "env" in certificate_authority.labels + and certificate_authority.labels["env"] == "test" + ): + print("Successfully updated the labels !") + + +# [END privateca_update_ca_label] diff --git a/privateca/snippets/update_certificate_template.py b/privateca/snippets/update_certificate_template.py new file mode 100644 index 000000000000..e39c09a4ee8b --- /dev/null +++ b/privateca/snippets/update_certificate_template.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python + +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# [START privateca_update_certificate_template] +import google.cloud.security.privateca_v1 as privateca_v1 +from google.protobuf import field_mask_pb2 + + +def update_certificate_template( + project_id: str, location: str, certificate_template_id: str, +) -> None: + """ + Update an existing certificate template. + + Args: + project_id: project ID or project number of the Cloud project you want to use. + location: location you want to use. For a list of locations, see: https://cloud.google.com/certificate-authority-service/docs/locations. + certificate_template_id: set a unique name for the certificate template. + """ + + caServiceClient = privateca_v1.CertificateAuthorityServiceClient() + + certificate_name = caServiceClient.certificate_template_path( + project_id, location, certificate_template_id, + ) + + # Set the parent name and the properties to be updated. + certificate_template = privateca_v1.CertificateTemplate( + name=certificate_name, + identity_constraints=privateca_v1.CertificateIdentityConstraints( + allow_subject_passthrough=False, allow_subject_alt_names_passthrough=True, + ), + ) + + # Set the mask corresponding to the properties updated above. + field_mask = field_mask_pb2.FieldMask( + paths=[ + "identity_constraints.allow_subject_alt_names_passthrough", + "identity_constraints.allow_subject_passthrough", + ], + ) + + # Set the new template. + # Set the mask to specify which properties of the template should be updated. + request = privateca_v1.UpdateCertificateTemplateRequest( + certificate_template=certificate_template, update_mask=field_mask, + ) + operation = caServiceClient.update_certificate_template(request=request) + result = operation.result() + + print("Operation result", result) + + # Get the updated certificate template and check if the properties have been updated. + cert_identity_constraints = caServiceClient.get_certificate_template( + name=certificate_name + ).identity_constraints + + if ( + not cert_identity_constraints.allow_subject_passthrough + and cert_identity_constraints.allow_subject_alt_names_passthrough + ): + print("Successfully updated the certificate template!") + return + + print("Error in updating certificate template!") + + +# [END privateca_update_certificate_template] From 4b2d087ea2af3fb4d1d10080fc98bd2c03627c26 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 26 Feb 2022 19:49:20 +0100 Subject: [PATCH 34/84] chore(deps): update all dependencies (#178) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- privateca/snippets/requirements.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 85db019caa11..f7ef67ae89b0 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==6.2.5 +pytest==7.0.1 google-auth==2.6.0 cryptography==36.0.1 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index b51179d3cf7f..4e308045950c 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.2.1 -google-cloud-kms==2.10.1 +google-cloud-private-ca==1.2.2 +google-cloud-kms==2.11.0 google-cloud-monitoring==2.8.0 \ No newline at end of file From 8f0220bd9e8956f48871d818b436957f542c2cad Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 1 Mar 2022 12:32:44 +0100 Subject: [PATCH 35/84] chore(deps): update all dependencies (#186) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot --- privateca/snippets/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 4e308045950c..6bb225ad0ebc 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.2.2 +google-cloud-private-ca==1.2.3 google-cloud-kms==2.11.0 -google-cloud-monitoring==2.8.0 \ No newline at end of file +google-cloud-monitoring==2.9.0 \ No newline at end of file From c6b7cf8ca3ed50e6fbd7825a243e15920d28007e Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 4 Mar 2022 13:18:01 -0500 Subject: [PATCH 36/84] chore: Adding support for pytest-xdist and pytest-parallel (#193) Source-Link: https://github.com/googleapis/synthtool/commit/82f5cb283efffe96e1b6cd634738e0e7de2cd90a Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:5d8da01438ece4021d135433f2cf3227aa39ef0eaccc941d62aa35e6902832ae Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/noxfile.py | 78 ++++++++++++++++++++--------------- 1 file changed, 44 insertions(+), 34 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 20cdfc620138..85f5836dba3a 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -188,42 +188,52 @@ def _session_tests( # check for presence of tests test_list = glob.glob("*_test.py") + glob.glob("test_*.py") test_list.extend(glob.glob("tests")) + if len(test_list) == 0: print("No tests found, skipping directory.") - else: - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install( - "-r", "requirements-test.txt", "-c", "constraints-test.txt" - ) - else: - session.install("-r", "requirements-test.txt") - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) + return + + if TEST_CONFIG["pip_version_override"]: + pip_version = TEST_CONFIG["pip_version_override"] + session.install(f"pip=={pip_version}") + """Runs py.test for a particular project.""" + concurrent_args = [] + if os.path.exists("requirements.txt"): + if os.path.exists("constraints.txt"): + session.install("-r", "requirements.txt", "-c", "constraints.txt") + else: + session.install("-r", "requirements.txt") + with open("requirements.txt") as rfile: + packages = rfile.read() + + if os.path.exists("requirements-test.txt"): + if os.path.exists("constraints-test.txt"): + session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") + else: + session.install("-r", "requirements-test.txt") + with open("requirements-test.txt") as rtfile: + packages += rtfile.read() + + if INSTALL_LIBRARY_FROM_SOURCE: + session.install("-e", _get_repo_root()) + + if post_install: + post_install(session) + + if "pytest-parallel" in packages: + concurrent_args.extend(["--workers", "auto", "--tests-per-worker", "auto"]) + elif "pytest-xdist" in packages: + concurrent_args.extend(["-n", "auto"]) + + session.run( + "pytest", + *(PYTEST_COMMON_ARGS + session.posargs + concurrent_args), + # Pytest will return 5 when no tests are collected. This can happen + # on travis where slow and flaky tests are excluded. + # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html + success_codes=[0, 5], + env=get_pytest_env_vars(), + ) @nox.session(python=ALL_VERSIONS) From 4a37327d0f6a0dce2cd3e289f490d79616b9011a Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 7 Mar 2022 22:03:13 +0100 Subject: [PATCH 37/84] chore(deps): update all dependencies (#196) --- privateca/snippets/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 6bb225ad0ebc..72582a10d911 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.2.3 -google-cloud-kms==2.11.0 -google-cloud-monitoring==2.9.0 \ No newline at end of file +google-cloud-private-ca==1.2.4 +google-cloud-kms==2.11.1 +google-cloud-monitoring==2.9.1 \ No newline at end of file From c0c3a86bb4eb2b9c1ca420f8ce98426c4ed4ff06 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 12 Mar 2022 16:24:30 +0100 Subject: [PATCH 38/84] chore(deps): update dependency google-cloud-private-ca to v1.3.0 (#199) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 72582a10d911..6d3fbac20654 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.2.4 +google-cloud-private-ca==1.3.0 google-cloud-kms==2.11.1 google-cloud-monitoring==2.9.1 \ No newline at end of file From 698dbc164cd0ae36fa9ddb8201566828def87ad6 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sun, 13 Mar 2022 17:07:14 +0100 Subject: [PATCH 39/84] chore(deps): update dependency pytest to v7.1.0 (#200) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index f7ef67ae89b0..63a1340754e1 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.0.1 +pytest==7.1.0 google-auth==2.6.0 cryptography==36.0.1 From 7dfff5624a6de21af533f1b5aa03a70b2b169aca Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 16 Mar 2022 11:47:01 +0100 Subject: [PATCH 40/84] chore(deps): update dependency cryptography to v36.0.2 (#201) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 63a1340754e1..6d04cddb5f9f 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.0 google-auth==2.6.0 -cryptography==36.0.1 +cryptography==36.0.2 From 8f7813ad7d4baf92e21c84c27530aaa21b8aac58 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 19 Mar 2022 11:52:32 +0100 Subject: [PATCH 41/84] chore(deps): update all dependencies (#202) --- privateca/snippets/requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 6d04cddb5f9f..053faf3c2c2b 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.1.0 -google-auth==2.6.0 +pytest==7.1.1 +google-auth==2.6.2 cryptography==36.0.2 From 42384bfec83fa50599c5eb8480babdca208987c0 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Mon, 28 Mar 2022 23:54:44 +0000 Subject: [PATCH 42/84] chore(python): use black==22.3.0 (#204) Source-Link: https://github.com/googleapis/synthtool/commit/6fab84af09f2cf89a031fd8671d1def6b2931b11 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:7cffbc10910c3ab1b852c05114a08d374c195a81cdec1d4a67a1d129331d0bfe --- privateca/snippets/create_ca_pool.py | 4 +++- privateca/snippets/create_certificate.py | 9 ++++++--- .../snippets/create_certificate_authority.py | 10 +++++++--- privateca/snippets/create_certificate_csr.py | 3 ++- .../snippets/create_certificate_template.py | 11 +++++++--- privateca/snippets/create_subordinate_ca.py | 10 +++++++--- .../snippets/delete_certificate_template.py | 8 ++++++-- .../snippets/enable_certificate_authority.py | 4 +++- privateca/snippets/filter_certificates.py | 3 ++- privateca/snippets/list_certificates.py | 6 +++++- privateca/snippets/noxfile.py | 4 ++-- privateca/snippets/revoke_certificate.py | 5 ++++- .../snippets/test_certificate_authorities.py | 20 +++++++++++++++---- privateca/snippets/test_certificates.py | 5 ++++- privateca/snippets/test_subordinate_ca.py | 5 ++++- .../update_ca_pool_issuance_policy.py | 9 +++++++-- .../snippets/update_certificate_authority.py | 8 ++++++-- .../snippets/update_certificate_template.py | 14 +++++++++---- 18 files changed, 102 insertions(+), 36 deletions(-) diff --git a/privateca/snippets/create_ca_pool.py b/privateca/snippets/create_ca_pool.py index a8fbaac560b7..2b11785b039b 100644 --- a/privateca/snippets/create_ca_pool.py +++ b/privateca/snippets/create_ca_pool.py @@ -39,7 +39,9 @@ def create_ca_pool(project_id: str, location: str, ca_pool_name: str) -> None: # Create the pool request. request = privateca_v1.CreateCaPoolRequest( - parent=location_path, ca_pool_id=ca_pool_name, ca_pool=ca_pool, + parent=location_path, + ca_pool_id=ca_pool_name, + ca_pool=ca_pool, ) # Create the CA pool. diff --git a/privateca/snippets/create_certificate.py b/privateca/snippets/create_certificate.py index 2e1372ed31fc..053305654296 100644 --- a/privateca/snippets/create_certificate.py +++ b/privateca/snippets/create_certificate.py @@ -54,7 +54,8 @@ def create_certificate( # Set the Public Key and its format. public_key = privateca_v1.PublicKey( - key=public_key_bytes, format_=privateca_v1.PublicKey.KeyFormat.PEM, + key=public_key_bytes, + format_=privateca_v1.PublicKey.KeyFormat.PEM, ) subject_config = privateca_v1.CertificateConfig.SubjectConfig( @@ -66,10 +67,12 @@ def create_certificate( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - digital_signature=True, key_encipherment=True, + digital_signature=True, + key_encipherment=True, ), extended_key_usage=privateca_v1.KeyUsage.ExtendedKeyUsageOptions( - server_auth=True, client_auth=True, + server_auth=True, + client_auth=True, ), ), ) diff --git a/privateca/snippets/create_certificate_authority.py b/privateca/snippets/create_certificate_authority.py index 2856f7d31c18..2cb0c65ec17d 100644 --- a/privateca/snippets/create_certificate_authority.py +++ b/privateca/snippets/create_certificate_authority.py @@ -58,10 +58,13 @@ def create_certificate_authority( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - crl_sign=True, cert_sign=True, + crl_sign=True, + cert_sign=True, ) ), - ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=True,), + ca_options=privateca_v1.X509Parameters.CaOptions( + is_ca=True, + ), ) # Set certificate authority settings. @@ -70,7 +73,8 @@ def create_certificate_authority( type_=privateca_v1.CertificateAuthority.Type.SELF_SIGNED, key_spec=key_version_spec, config=privateca_v1.CertificateConfig( - subject_config=subject_config, x509_config=x509_parameters, + subject_config=subject_config, + x509_config=x509_parameters, ), lifetime=duration_pb2.Duration(seconds=ca_duration), ) diff --git a/privateca/snippets/create_certificate_csr.py b/privateca/snippets/create_certificate_csr.py index a52f961f199c..d3bc892507ce 100644 --- a/privateca/snippets/create_certificate_csr.py +++ b/privateca/snippets/create_certificate_csr.py @@ -50,7 +50,8 @@ def create_certificate_csr( # Create certificate with CSR. # The pem_csr contains the public key and the domain details required. certificate = privateca_v1.Certificate( - pem_csr=pem_csr, lifetime=duration_pb2.Duration(seconds=certificate_lifetime), + pem_csr=pem_csr, + lifetime=duration_pb2.Duration(seconds=certificate_lifetime), ) # Create the Certificate Request. diff --git a/privateca/snippets/create_certificate_template.py b/privateca/snippets/create_certificate_template.py index b508bd8b12ad..988ebfc364b4 100644 --- a/privateca/snippets/create_certificate_template.py +++ b/privateca/snippets/create_certificate_template.py @@ -20,7 +20,9 @@ def create_certificate_template( - project_id: str, location: str, certificate_template_id: str, + project_id: str, + location: str, + certificate_template_id: str, ) -> None: """ Create a Certificate template. These templates can be reused for common @@ -39,13 +41,16 @@ def create_certificate_template( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - digital_signature=True, key_encipherment=True, + digital_signature=True, + key_encipherment=True, ), extended_key_usage=privateca_v1.KeyUsage.ExtendedKeyUsageOptions( server_auth=True, ), ), - ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=False,), + ca_options=privateca_v1.X509Parameters.CaOptions( + is_ca=False, + ), ) # CEL expression that is evaluated against the Subject and diff --git a/privateca/snippets/create_subordinate_ca.py b/privateca/snippets/create_subordinate_ca.py index 0df36df98f4d..426a047dc980 100644 --- a/privateca/snippets/create_subordinate_ca.py +++ b/privateca/snippets/create_subordinate_ca.py @@ -62,10 +62,13 @@ def create_subordinate_ca( x509_parameters = privateca_v1.X509Parameters( key_usage=privateca_v1.KeyUsage( base_key_usage=privateca_v1.KeyUsage.KeyUsageOptions( - crl_sign=True, cert_sign=True, + crl_sign=True, + cert_sign=True, ) ), - ca_options=privateca_v1.X509Parameters.CaOptions(is_ca=True,), + ca_options=privateca_v1.X509Parameters.CaOptions( + is_ca=True, + ), ) # Set certificate authority settings. @@ -73,7 +76,8 @@ def create_subordinate_ca( type_=privateca_v1.CertificateAuthority.Type.SUBORDINATE, key_spec=key_version_spec, config=privateca_v1.CertificateConfig( - subject_config=subject_config, x509_config=x509_parameters, + subject_config=subject_config, + x509_config=x509_parameters, ), # Set the CA validity duration. lifetime=duration_pb2.Duration(seconds=ca_duration), diff --git a/privateca/snippets/delete_certificate_template.py b/privateca/snippets/delete_certificate_template.py index 8d1a5ad5f7de..e44dca178c7c 100644 --- a/privateca/snippets/delete_certificate_template.py +++ b/privateca/snippets/delete_certificate_template.py @@ -19,7 +19,9 @@ def delete_certificate_template( - project_id: str, location: str, certificate_template_id: str, + project_id: str, + location: str, + certificate_template_id: str, ) -> None: """ Delete the certificate template present in the given project and location. @@ -35,7 +37,9 @@ def delete_certificate_template( # Request to delete a certificate template. request = privateca_v1.DeleteCertificateTemplateRequest( name=caServiceClient.certificate_template_path( - project_id, location, certificate_template_id, + project_id, + location, + certificate_template_id, ) ) operation = caServiceClient.delete_certificate_template(request=request) diff --git a/privateca/snippets/enable_certificate_authority.py b/privateca/snippets/enable_certificate_authority.py index 691922db7eb3..a6ecd35580bc 100644 --- a/privateca/snippets/enable_certificate_authority.py +++ b/privateca/snippets/enable_certificate_authority.py @@ -38,7 +38,9 @@ def enable_certificate_authority( ) # Create the Enable Certificate Authority Request. - request = privateca_v1.EnableCertificateAuthorityRequest(name=ca_path,) + request = privateca_v1.EnableCertificateAuthorityRequest( + name=ca_path, + ) # Enable the Certificate Authority. operation = caServiceClient.enable_certificate_authority(request=request) diff --git a/privateca/snippets/filter_certificates.py b/privateca/snippets/filter_certificates.py index 8ee7aac050d6..c9789dcc639c 100644 --- a/privateca/snippets/filter_certificates.py +++ b/privateca/snippets/filter_certificates.py @@ -36,7 +36,8 @@ def filter_certificates( # Create the certificate request and set the filter condition. request = privateca_v1.ListCertificatesRequest( - parent=ca_pool_path, filter=filter_condition, + parent=ca_pool_path, + filter=filter_condition, ) # Retrieve and print the certificate names. diff --git a/privateca/snippets/list_certificates.py b/privateca/snippets/list_certificates.py index 8d2d606a6fab..9c04ed93470f 100644 --- a/privateca/snippets/list_certificates.py +++ b/privateca/snippets/list_certificates.py @@ -19,7 +19,11 @@ import google.cloud.security.privateca_v1 as privateca_v1 -def list_certificates(project_id: str, location: str, ca_pool_name: str,) -> None: +def list_certificates( + project_id: str, + location: str, + ca_pool_name: str, +) -> None: """ List Certificates present in the given CA pool. diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 85f5836dba3a..25f87a215d4c 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -29,7 +29,7 @@ # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING -BLACK_VERSION = "black==19.10b0" +BLACK_VERSION = "black==22.3.0" # Copy `noxfile_config.py` to your directory and modify it instead. @@ -253,7 +253,7 @@ def py(session: nox.sessions.Session) -> None: def _get_repo_root() -> Optional[str]: - """ Returns the root folder of the project. """ + """Returns the root folder of the project.""" # Get root of this repository. Assume we don't have directories nested deeper than 10 items. p = Path(os.getcwd()) for i in range(10): diff --git a/privateca/snippets/revoke_certificate.py b/privateca/snippets/revoke_certificate.py index 8cd640005ec2..011999a4b92f 100644 --- a/privateca/snippets/revoke_certificate.py +++ b/privateca/snippets/revoke_certificate.py @@ -22,7 +22,10 @@ def revoke_certificate( - project_id: str, location: str, ca_pool_name: str, certificate_name: str, + project_id: str, + location: str, + ca_pool_name: str, + certificate_name: str, ) -> None: """ Revoke an issued certificate. Once revoked, the certificate will become invalid and will expire post its lifetime. diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index c596fbea8e99..3e4341bad246 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -70,8 +70,14 @@ def test_enable_and_disable_certificate_authority( out, _ = capsys.readouterr() - assert re.search(f"Enabled Certificate Authority: {CA_NAME}", out,) - assert re.search(f"Disabled Certificate Authority: {CA_NAME}", out,) + assert re.search( + f"Enabled Certificate Authority: {CA_NAME}", + out, + ) + assert re.search( + f"Disabled Certificate Authority: {CA_NAME}", + out, + ) def test_undelete_certificate_authority( @@ -84,8 +90,14 @@ def test_undelete_certificate_authority( delete_ca_pool(PROJECT, LOCATION, CA_POOL_NAME) out, _ = capsys.readouterr() - assert re.search(f"Successfully undeleted Certificate Authority: {CA_NAME}", out,) - assert re.search(f"Successfully deleted Certificate Authority: {CA_NAME}", out,) + assert re.search( + f"Successfully undeleted Certificate Authority: {CA_NAME}", + out, + ) + assert re.search( + f"Successfully deleted Certificate Authority: {CA_NAME}", + out, + ) def test_update_certificate_authority( diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index 3d129bfa1bf0..d0f59d6574cd 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -82,7 +82,10 @@ def test_create_and_revoke_certificate_authority( filter_certificates(PROJECT, LOCATION, CA_POOL_NAME, FILTER_CONDITION) revoke_certificate( - PROJECT, LOCATION, CA_POOL_NAME, CERT_NAME, + PROJECT, + LOCATION, + CA_POOL_NAME, + CERT_NAME, ) disable_certificate_authority(PROJECT, LOCATION, CA_POOL_NAME, CA_NAME) diff --git a/privateca/snippets/test_subordinate_ca.py b/privateca/snippets/test_subordinate_ca.py index ffc3c2450bdf..c7b121e69c6e 100644 --- a/privateca/snippets/test_subordinate_ca.py +++ b/privateca/snippets/test_subordinate_ca.py @@ -96,7 +96,10 @@ def test_subordinate_certificate_authority( ) revoke_certificate( - PROJECT, LOCATION, CA_POOL_NAME, CSR_CERT_NAME, + PROJECT, + LOCATION, + CA_POOL_NAME, + CSR_CERT_NAME, ) out, _ = capsys.readouterr() diff --git a/privateca/snippets/update_ca_pool_issuance_policy.py b/privateca/snippets/update_ca_pool_issuance_policy.py index 05a8c9cddd98..750c6f36a320 100644 --- a/privateca/snippets/update_ca_pool_issuance_policy.py +++ b/privateca/snippets/update_ca_pool_issuance_policy.py @@ -21,7 +21,9 @@ def update_ca_pool_issuance_policy( - project_id: str, location: str, ca_pool_name: str, + project_id: str, + location: str, + ca_pool_name: str, ) -> None: """ Update the issuance policy for a CA Pool. All certificates issued from this CA Pool should @@ -52,7 +54,10 @@ def update_ca_pool_issuance_policy( ), ) - ca_pool = privateca_v1.CaPool(name=ca_pool_path, issuance_policy=issuance_policy,) + ca_pool = privateca_v1.CaPool( + name=ca_pool_path, + issuance_policy=issuance_policy, + ) # 1. Set the CA pool with updated values. # 2. Set the update mask to specify which properties of the CA Pool should be updated. diff --git a/privateca/snippets/update_certificate_authority.py b/privateca/snippets/update_certificate_authority.py index 13620ab74d2f..9acd3f8b2eb0 100644 --- a/privateca/snippets/update_certificate_authority.py +++ b/privateca/snippets/update_certificate_authority.py @@ -20,7 +20,10 @@ def update_ca_label( - project_id: str, location: str, ca_pool_name: str, ca_name: str, + project_id: str, + location: str, + ca_pool_name: str, + ca_name: str, ) -> None: """ Update the labels in a certificate authority. @@ -39,7 +42,8 @@ def update_ca_label( project_id, location, ca_pool_name, ca_name ) certificate_authority = privateca_v1.CertificateAuthority( - name=ca_parent, labels={"env": "test"}, + name=ca_parent, + labels={"env": "test"}, ) # Create a request to update the CA. diff --git a/privateca/snippets/update_certificate_template.py b/privateca/snippets/update_certificate_template.py index e39c09a4ee8b..ac05be89bd97 100644 --- a/privateca/snippets/update_certificate_template.py +++ b/privateca/snippets/update_certificate_template.py @@ -20,7 +20,9 @@ def update_certificate_template( - project_id: str, location: str, certificate_template_id: str, + project_id: str, + location: str, + certificate_template_id: str, ) -> None: """ Update an existing certificate template. @@ -34,14 +36,17 @@ def update_certificate_template( caServiceClient = privateca_v1.CertificateAuthorityServiceClient() certificate_name = caServiceClient.certificate_template_path( - project_id, location, certificate_template_id, + project_id, + location, + certificate_template_id, ) # Set the parent name and the properties to be updated. certificate_template = privateca_v1.CertificateTemplate( name=certificate_name, identity_constraints=privateca_v1.CertificateIdentityConstraints( - allow_subject_passthrough=False, allow_subject_alt_names_passthrough=True, + allow_subject_passthrough=False, + allow_subject_alt_names_passthrough=True, ), ) @@ -56,7 +61,8 @@ def update_certificate_template( # Set the new template. # Set the mask to specify which properties of the template should be updated. request = privateca_v1.UpdateCertificateTemplateRequest( - certificate_template=certificate_template, update_mask=field_mask, + certificate_template=certificate_template, + update_mask=field_mask, ) operation = caServiceClient.update_certificate_template(request=request) result = operation.result() From 2f933f7b28a55941b670b9d5e77648439553d2c9 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 8 Apr 2022 01:51:41 +0200 Subject: [PATCH 43/84] chore(deps): update dependency google-auth to v2.6.3 (#211) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 053faf3c2c2b..2eb018433200 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.1 -google-auth==2.6.2 +google-auth==2.6.3 cryptography==36.0.2 From 81e9a54c9e8c95b9bedbc347ef74787146271a8b Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 13 Apr 2022 01:28:34 +0200 Subject: [PATCH 44/84] chore(deps): update dependency google-auth to v2.6.4 (#215) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 2eb018433200..b33373884b20 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.1 -google-auth==2.6.3 +google-auth==2.6.4 cryptography==36.0.2 From e259d72087e7a8f20ff82a98c8c90e16dccb36f1 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 15 Apr 2022 02:43:57 +0200 Subject: [PATCH 45/84] chore(deps): update dependency google-auth to v2.6.5 (#217) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index b33373884b20..1d6fdb2d26af 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.1 -google-auth==2.6.4 +google-auth==2.6.5 cryptography==36.0.2 From 814c4014ce5d43aab5dd711500427a789496032c Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 20 Apr 2022 21:24:08 -0400 Subject: [PATCH 46/84] chore(python): add nox session to sort python imports (#218) * chore(python): add nox session to sort python imports Source-Link: https://github.com/googleapis/synthtool/commit/1b71c10e20de7ed3f97f692f99a0e3399b67049f Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:00c9d764fd1cd56265f12a5ef4b99a0c9e87cf261018099141e2ca5158890416 * revert change to region tag Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/conftest.py | 1 - privateca/snippets/noxfile.py | 23 ++++++++++++++++++- privateca/snippets/revoke_certificate.py | 1 + .../snippets/test_certificate_authorities.py | 1 - privateca/snippets/test_certificates.py | 6 +---- .../test_crud_certificate_templates.py | 1 - 6 files changed, 24 insertions(+), 9 deletions(-) diff --git a/privateca/snippets/conftest.py b/privateca/snippets/conftest.py index 5e9f943d4abf..1d88814a3ce9 100644 --- a/privateca/snippets/conftest.py +++ b/privateca/snippets/conftest.py @@ -15,7 +15,6 @@ import uuid import google.auth - import pytest from create_ca_pool import create_ca_pool diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 25f87a215d4c..3b3ffa5d2b0f 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -22,7 +22,6 @@ import nox - # WARNING - WARNING - WARNING - WARNING - WARNING # WARNING - WARNING - WARNING - WARNING - WARNING # DO NOT EDIT THIS FILE EVER! @@ -30,6 +29,7 @@ # WARNING - WARNING - WARNING - WARNING - WARNING BLACK_VERSION = "black==22.3.0" +ISORT_VERSION = "isort==5.10.1" # Copy `noxfile_config.py` to your directory and modify it instead. @@ -168,12 +168,33 @@ def lint(session: nox.sessions.Session) -> None: @nox.session def blacken(session: nox.sessions.Session) -> None: + """Run black. Format code to uniform standard.""" session.install(BLACK_VERSION) python_files = [path for path in os.listdir(".") if path.endswith(".py")] session.run("black", *python_files) +# +# format = isort + black +# + + +@nox.session +def format(session: nox.sessions.Session) -> None: + """ + Run isort to sort imports. Then run black + to format code to uniform standard. + """ + session.install(BLACK_VERSION, ISORT_VERSION) + python_files = [path for path in os.listdir(".") if path.endswith(".py")] + + # Use the --fss option to sort imports using strict alphabetical order. + # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections + session.run("isort", "--fss", *python_files) + session.run("black", *python_files) + + # # Sample Tests # diff --git a/privateca/snippets/revoke_certificate.py b/privateca/snippets/revoke_certificate.py index 011999a4b92f..fa0d2f24e203 100644 --- a/privateca/snippets/revoke_certificate.py +++ b/privateca/snippets/revoke_certificate.py @@ -16,6 +16,7 @@ import sys +# isort: split # [START privateca_revoke_certificate] import google.cloud.security.privateca_v1 as privateca_v1 diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index 3e4341bad246..9d4227b24441 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -28,7 +28,6 @@ from undelete_certificate_authority import undelete_certificate_authority from update_certificate_authority import update_ca_label - PROJECT = google.auth.default()[1] LOCATION = "europe-west1" COMMON_NAME = "COMMON_NAME" diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index d0f59d6574cd..023e4754217c 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -20,10 +20,7 @@ from cryptography.hazmat.backends.openssl.backend import backend from cryptography.hazmat.primitives.asymmetric import rsa - -from cryptography.hazmat.primitives.serialization import Encoding -from cryptography.hazmat.primitives.serialization import PublicFormat - +from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat import google.auth from create_certificate import create_certificate @@ -32,7 +29,6 @@ from filter_certificates import filter_certificates from revoke_certificate import revoke_certificate - PROJECT = google.auth.default()[1] LOCATION = "europe-west1" COMMON_NAME = "COMMON_NAME" diff --git a/privateca/snippets/test_crud_certificate_templates.py b/privateca/snippets/test_crud_certificate_templates.py index 6ecd752ad106..d2d906018748 100644 --- a/privateca/snippets/test_crud_certificate_templates.py +++ b/privateca/snippets/test_crud_certificate_templates.py @@ -23,7 +23,6 @@ from list_certificate_templates import list_certificate_templates from update_certificate_template import update_certificate_template - PROJECT = google.auth.default()[1] LOCATION = "europe-west1" COMMON_NAME = "COMMON_NAME" From 09c0e7fbf112ddcd2c5a49cef4332a0b16c75512 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 22 Apr 2022 02:56:34 +0200 Subject: [PATCH 47/84] chore(deps): update dependency google-auth to v2.6.6 (#221) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 1d6fdb2d26af..5a0fbca9f935 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.1 -google-auth==2.6.5 +google-auth==2.6.6 cryptography==36.0.2 From 6f535060223a5917f719c145811e42cda83f4036 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Mon, 25 Apr 2022 17:02:26 +0200 Subject: [PATCH 48/84] chore(deps): update dependency pytest to v7.1.2 (#222) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 5a0fbca9f935..e93b1e75344c 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.1.1 +pytest==7.1.2 google-auth==2.6.6 cryptography==36.0.2 From 8a4c02e857d701e3259ef9ab4fa8b76bd89b2143 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 26 Apr 2022 18:22:05 +0200 Subject: [PATCH 49/84] chore(deps): update dependency cryptography to v37 (#223) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index e93b1e75344c..c05ecde8de50 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 google-auth==2.6.6 -cryptography==36.0.2 +cryptography==37.0.0 From a14b4c25ee4df8ed0bdb8f95d6f1543415b937ca Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 28 Apr 2022 13:20:34 +0200 Subject: [PATCH 50/84] chore(deps): update dependency cryptography to v37.0.1 (#225) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index c05ecde8de50..79854a40783d 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 google-auth==2.6.6 -cryptography==37.0.0 +cryptography==37.0.1 From c3c2b6fc9e7085117942c9d695f03de1471f0117 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 5 May 2022 02:43:34 +0200 Subject: [PATCH 51/84] chore(deps): update dependency cryptography to v37.0.2 (#226) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 79854a40783d..5c9eae8b075b 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 google-auth==2.6.6 -cryptography==37.0.1 +cryptography==37.0.2 From b84346f1c10bb0635c5fcb15646ca5f8d4df8699 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 19 May 2022 16:22:13 +0200 Subject: [PATCH 52/84] chore(deps): update dependency google-cloud-private-ca to v1.3.1 (#230) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 6d3fbac20654..f3be4bae69b7 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.3.0 +google-cloud-private-ca==1.3.1 google-cloud-kms==2.11.1 google-cloud-monitoring==2.9.1 \ No newline at end of file From d66afb113b1c6173b1af926fa4adb3f9fa7da207 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sun, 10 Jul 2022 05:21:43 -0400 Subject: [PATCH 53/84] fix: require python 3.7+ (#267) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(python): drop python 3.6 Source-Link: https://github.com/googleapis/synthtool/commit/4f89b13af10d086458f9b379e56a614f9d6dab7b Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:e7bb19d47c13839fe8c147e50e02e8b6cf5da8edd1af8b82208cd6f66cc2829c * add api_description to .repo-metadata.json * require python 3.7+ in setup.py * remove python 3.6 sample configs * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 3b3ffa5d2b0f..e9eb1cbfa5db 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -88,7 +88,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to test samples. -ALL_VERSIONS = ["3.6", "3.7", "3.8", "3.9", "3.10"] +ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] From ea497215af0ee344b4d9347d8a693b9fbe5f5f88 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 19 Jul 2022 15:13:35 +0200 Subject: [PATCH 54/84] chore(deps): update all dependencies (#262) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- privateca/snippets/requirements.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 5c9eae8b075b..eb3b612de674 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 -google-auth==2.6.6 +google-auth==2.7.0 cryptography==37.0.2 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index f3be4bae69b7..59dd836831da 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.3.1 -google-cloud-kms==2.11.1 +google-cloud-private-ca==1.3.2 +google-cloud-kms==2.11.2 google-cloud-monitoring==2.9.1 \ No newline at end of file From 8c2e33657ba4b6031b47126a214636621b36b684 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 2 Aug 2022 14:45:20 +0200 Subject: [PATCH 55/84] chore(deps): update all dependencies (#273) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 4 ++-- privateca/snippets/requirements.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index eb3b612de674..c5762f39edfa 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 -google-auth==2.7.0 -cryptography==37.0.2 +google-auth==2.9.1 +cryptography==37.0.4 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 59dd836831da..f5b166021c60 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.3.2 -google-cloud-kms==2.11.2 -google-cloud-monitoring==2.9.1 \ No newline at end of file +google-cloud-private-ca==1.4.0 +google-cloud-kms==2.12.0 +google-cloud-monitoring==2.10.1 \ No newline at end of file From 343285b45c076e0e7b88011491b2f35ff8c61bec Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Sat, 6 Aug 2022 02:25:32 +0200 Subject: [PATCH 56/84] chore(deps): update all dependencies (#275) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index c5762f39edfa..1a2fd0207d33 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 -google-auth==2.9.1 +google-auth==2.10.0 cryptography==37.0.4 From f5b41411af1a8d3fdf36e6987fc42403ba357914 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 9 Aug 2022 02:57:51 +0200 Subject: [PATCH 57/84] chore(deps): update all dependencies (#276) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore(deps): update all dependencies * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * revert Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index f5b166021c60..f17b17ce43b3 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ google-cloud-private-ca==1.4.0 google-cloud-kms==2.12.0 -google-cloud-monitoring==2.10.1 \ No newline at end of file +google-cloud-monitoring==2.11.0 \ No newline at end of file From f06041a5d8fe37cb8f8d907777702328217a7669 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 17 Aug 2022 16:53:46 +0200 Subject: [PATCH 58/84] chore(deps): update dependency google-cloud-monitoring to v2.11.1 (#281) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index f17b17ce43b3..d24061c5c101 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ google-cloud-private-ca==1.4.0 google-cloud-kms==2.12.0 -google-cloud-monitoring==2.11.0 \ No newline at end of file +google-cloud-monitoring==2.11.1 \ No newline at end of file From 77050aa38adbeff24da397ba819bf8499105f8f4 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Fri, 19 Aug 2022 18:35:21 +0200 Subject: [PATCH 59/84] chore(deps): update all dependencies (#283) --- privateca/snippets/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index d24061c5c101..534e458060c9 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.4.0 -google-cloud-kms==2.12.0 +google-cloud-private-ca==1.4.1 +google-cloud-kms==2.12.1 google-cloud-monitoring==2.11.1 \ No newline at end of file From 388e65de712d016c816d96415f01927c6088bc5e Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 23 Aug 2022 16:22:36 +0200 Subject: [PATCH 60/84] chore(deps): update dependency google-auth to v2.11.0 (#284) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 1a2fd0207d33..b2a9c99e2912 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.2 -google-auth==2.10.0 +google-auth==2.11.0 cryptography==37.0.4 From fc2d7f8737128497ce589c160e404947b2f31f01 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 6 Sep 2022 17:50:18 +0200 Subject: [PATCH 61/84] chore(deps): update dependency pytest to v7.1.3 (#294) * chore(deps): update all dependencies * revert Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index b2a9c99e2912..066e036edeee 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.1.2 +pytest==7.1.3 google-auth==2.11.0 cryptography==37.0.4 From 4db0646b2a9cdd2a3107f1e6d3d2909a3e2624d8 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 7 Sep 2022 10:43:30 -0400 Subject: [PATCH 62/84] chore: Bump gapic-generator-python version to 1.3.0 (#295) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: Bump gapic-generator-python version to 1.3.0 PiperOrigin-RevId: 472561635 Source-Link: https://github.com/googleapis/googleapis/commit/332ecf599f8e747d8d1213b77ae7db26eff12814 Source-Link: https://github.com/googleapis/googleapis-gen/commit/4313d682880fd9d7247291164d4e9d3d5bd9f177 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiNDMxM2Q2ODI4ODBmZDlkNzI0NzI5MTE2NGQ0ZTlkM2Q1YmQ5ZjE3NyJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * chore: update dependency cryptography Co-authored-by: Owl Bot Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 066e036edeee..50b710b9b868 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.3 google-auth==2.11.0 -cryptography==37.0.4 +cryptography==38.0.1 From 08de6b7c75d73eff930cda62c54871899f46e553 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Tue, 13 Sep 2022 16:20:25 +0000 Subject: [PATCH 63/84] chore: detect samples tests in nested directories (#299) Source-Link: https://github.com/googleapis/synthtool/commit/50db768f450a50d7c1fd62513c113c9bb96fd434 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:e09366bdf0fd9c8976592988390b24d53583dd9f002d476934da43725adbb978 --- privateca/snippets/noxfile.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index e9eb1cbfa5db..c1715136d645 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -207,8 +207,10 @@ def _session_tests( session: nox.sessions.Session, post_install: Callable = None ) -> None: # check for presence of tests - test_list = glob.glob("*_test.py") + glob.glob("test_*.py") - test_list.extend(glob.glob("tests")) + test_list = glob.glob("**/*_test.py", recursive=True) + glob.glob( + "**/test_*.py", recursive=True + ) + test_list.extend(glob.glob("**/tests", recursive=True)) if len(test_list) == 0: print("No tests found, skipping directory.") From 052fd7727b0899a812709609d8699497c202265c Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 20 Sep 2022 13:20:58 +0200 Subject: [PATCH 64/84] chore(deps): update dependency google-auth to v2.11.1 (#300) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 50b710b9b868..0455926ee836 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.3 -google-auth==2.11.0 +google-auth==2.11.1 cryptography==38.0.1 From 6eb7bf56c23f2f25fd7e8efb2098b9b494f5ac1b Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 4 Oct 2022 15:51:56 +0200 Subject: [PATCH 65/84] chore(deps): update dependency google-auth to v2.12.0 (#302) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 0455926ee836..511a9879abfa 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.3 -google-auth==2.11.1 +google-auth==2.12.0 cryptography==38.0.1 From 82f974c10155796c27f20b9c01b5fa4cf2e3c5b6 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Thu, 6 Oct 2022 16:31:41 +0200 Subject: [PATCH 66/84] chore(deps): update all dependencies (#304) * chore(deps): update all dependencies * update location for samples Co-authored-by: Anthonios Partheniou --- privateca/snippets/conftest.py | 2 +- privateca/snippets/requirements.txt | 6 +++--- privateca/snippets/test_ca_pools.py | 2 +- privateca/snippets/test_certificate_authorities.py | 2 +- privateca/snippets/test_certificates.py | 2 +- privateca/snippets/test_crud_certificate_templates.py | 2 +- privateca/snippets/test_subordinate_ca.py | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/privateca/snippets/conftest.py b/privateca/snippets/conftest.py index 1d88814a3ce9..d958e01cafda 100644 --- a/privateca/snippets/conftest.py +++ b/privateca/snippets/conftest.py @@ -25,7 +25,7 @@ from delete_certificate_template import delete_certificate_template PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CA_DURATION = 1000000 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 534e458060c9..605e09ed007c 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.4.1 -google-cloud-kms==2.12.1 -google-cloud-monitoring==2.11.1 \ No newline at end of file +google-cloud-private-ca==1.4.2 +google-cloud-kms==2.12.2 +google-cloud-monitoring==2.11.2 \ No newline at end of file diff --git a/privateca/snippets/test_ca_pools.py b/privateca/snippets/test_ca_pools.py index c0775d124294..5fc17a5d3082 100644 --- a/privateca/snippets/test_ca_pools.py +++ b/privateca/snippets/test_ca_pools.py @@ -24,7 +24,7 @@ from update_ca_pool_issuance_policy import update_ca_pool_issuance_policy PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" def generate_name() -> str: diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index 9d4227b24441..daac5bcf0e0d 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -29,7 +29,7 @@ from update_certificate_authority import update_ca_label PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CA_DURATION = 1000000 diff --git a/privateca/snippets/test_certificates.py b/privateca/snippets/test_certificates.py index 023e4754217c..35fcac35008f 100644 --- a/privateca/snippets/test_certificates.py +++ b/privateca/snippets/test_certificates.py @@ -30,7 +30,7 @@ from revoke_certificate import revoke_certificate PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CERTIFICATE_LIFETIME = 1000000 diff --git a/privateca/snippets/test_crud_certificate_templates.py b/privateca/snippets/test_crud_certificate_templates.py index d2d906018748..8c2c94b86d8a 100644 --- a/privateca/snippets/test_crud_certificate_templates.py +++ b/privateca/snippets/test_crud_certificate_templates.py @@ -24,7 +24,7 @@ from update_certificate_template import update_certificate_template PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CA_DURATION = 1000000 diff --git a/privateca/snippets/test_subordinate_ca.py b/privateca/snippets/test_subordinate_ca.py index c7b121e69c6e..1fe2d29a395b 100644 --- a/privateca/snippets/test_subordinate_ca.py +++ b/privateca/snippets/test_subordinate_ca.py @@ -26,7 +26,7 @@ from revoke_certificate import revoke_certificate PROJECT = google.auth.default()[1] -LOCATION = "europe-west1" +LOCATION = "us-central1" COMMON_NAME = "COMMON_NAME" ORGANIZATION = "ORGANIZATION" CA_DURATION = CERTIFICATE_LIFETIME = 1000000 From fa75df02cfa00783b6ae8a663477fb72e52b42ed Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 18 Oct 2022 15:15:20 +0200 Subject: [PATCH 67/84] chore(deps): update all dependencies (#307) --- privateca/snippets/requirements-test.txt | 2 +- privateca/snippets/requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 511a9879abfa..a76c1fef21be 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.1.3 -google-auth==2.12.0 +google-auth==2.13.0 cryptography==38.0.1 diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 605e09ed007c..3a44849e428d 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.4.2 -google-cloud-kms==2.12.2 -google-cloud-monitoring==2.11.2 \ No newline at end of file +google-cloud-private-ca==1.4.3 +google-cloud-kms==2.12.3 +google-cloud-monitoring==2.11.3 \ No newline at end of file From 5462d82a40717b9186642b8ccaaafe0e1a7514ae Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Wed, 26 Oct 2022 12:49:34 +0200 Subject: [PATCH 68/84] chore(deps): update dependency pytest to v7.2.0 (#308) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index a76c1fef21be..bbf6daff9b8e 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.1.3 +pytest==7.2.0 google-auth==2.13.0 cryptography==38.0.1 From c78daf2fd4396383bbfbccd9478b307638aaeef0 Mon Sep 17 00:00:00 2001 From: WhiteSource Renovate Date: Tue, 1 Nov 2022 14:08:58 +0100 Subject: [PATCH 69/84] chore(deps): update dependency google-auth to v2.14.0 (#310) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index bbf6daff9b8e..416c1a583848 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 -google-auth==2.13.0 +google-auth==2.14.0 cryptography==38.0.1 From 10a3d3507e124dafaaef12d2b2e55cd7e7760917 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Sat, 26 Nov 2022 10:45:12 -0500 Subject: [PATCH 70/84] chore(python): drop flake8-import-order in samples noxfile (#315) Source-Link: https://github.com/googleapis/synthtool/commit/6ed3a831cb9ff69ef8a504c353e098ec0192ad93 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:3abfa0f1886adaf0b83f07cb117b24a639ea1cb9cffe56d43280b977033563eb Co-authored-by: Owl Bot --- privateca/snippets/noxfile.py | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index c1715136d645..0577084695fc 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -18,7 +18,7 @@ import os from pathlib import Path import sys -from typing import Callable, Dict, List, Optional +from typing import Callable, Dict, Optional import nox @@ -108,22 +108,6 @@ def get_pytest_env_vars() -> Dict[str, str]: # -def _determine_local_import_names(start_dir: str) -> List[str]: - """Determines all import names that should be considered "local". - - This is used when running the linter to insure that import order is - properly checked. - """ - file_ext_pairs = [os.path.splitext(path) for path in os.listdir(start_dir)] - return [ - basename - for basename, extension in file_ext_pairs - if extension == ".py" - or os.path.isdir(os.path.join(start_dir, basename)) - and basename not in ("__pycache__") - ] - - # Linting with flake8. # # We ignore the following rules: @@ -138,7 +122,6 @@ def _determine_local_import_names(start_dir: str) -> List[str]: "--show-source", "--builtin=gettext", "--max-complexity=20", - "--import-order-style=google", "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", "--max-line-length=88", @@ -148,14 +131,11 @@ def _determine_local_import_names(start_dir: str) -> List[str]: @nox.session def lint(session: nox.sessions.Session) -> None: if not TEST_CONFIG["enforce_type_hints"]: - session.install("flake8", "flake8-import-order") + session.install("flake8") else: - session.install("flake8", "flake8-import-order", "flake8-annotations") + session.install("flake8", "flake8-annotations") - local_names = _determine_local_import_names(".") args = FLAKE8_COMMON_ARGS + [ - "--application-import-names", - ",".join(local_names), ".", ] session.run("flake8", *args) From 8002cc821f2c97d97f396e299678b12dfa0c3bc1 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Sat, 26 Nov 2022 22:29:45 +0100 Subject: [PATCH 71/84] chore(deps): update all dependencies (#311) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 416c1a583848..2ff81a3d8449 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 -google-auth==2.14.0 -cryptography==38.0.1 +google-auth==2.14.1 +cryptography==38.0.3 From 063f97678904f08bd172bd56410bc464516c159d Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 28 Nov 2022 16:47:37 +0100 Subject: [PATCH 72/84] chore(deps): update dependency cryptography to v38.0.4 (#317) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 2ff81a3d8449..45a1b36f870f 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 google-auth==2.14.1 -cryptography==38.0.3 +cryptography==38.0.4 From 6c4d347ce79860be8c586744653a3a793369310d Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 15 Dec 2022 19:45:12 +0100 Subject: [PATCH 73/84] chore(deps): update dependency google-auth to v2.15.0 (#318) Co-authored-by: Anthonios Partheniou --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 45a1b36f870f..85058b9f844b 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 -google-auth==2.14.1 +google-auth==2.15.0 cryptography==38.0.4 From 09d35f750219fd115d70f5356d6f12dc4a6da825 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 15 Dec 2022 20:44:47 +0100 Subject: [PATCH 74/84] chore(deps): update all dependencies (#321) --- privateca/snippets/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 3a44849e428d..6426d5a761c2 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ google-cloud-private-ca==1.4.3 -google-cloud-kms==2.12.3 -google-cloud-monitoring==2.11.3 \ No newline at end of file +google-cloud-kms==2.13.0 +google-cloud-monitoring==2.12.0 \ No newline at end of file From cf3dab9de40bd3f8f6b796c68e6afdfe24a6b16a Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Fri, 16 Dec 2022 03:24:57 +0100 Subject: [PATCH 75/84] chore(deps): update dependency google-cloud-private-ca to v1.5.0 (#322) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 6426d5a761c2..34d2ed60ee04 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.4.3 +google-cloud-private-ca==1.5.0 google-cloud-kms==2.13.0 google-cloud-monitoring==2.12.0 \ No newline at end of file From ab905cf4966abe740fbc806fdb00aff3e778e2a3 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 4 Jan 2023 20:04:20 +0100 Subject: [PATCH 76/84] chore(deps): update dependency cryptography to v39 (#323) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 85058b9f844b..6cc6dc69a110 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 google-auth==2.15.0 -cryptography==38.0.4 +cryptography==39.0.0 From 5d1909c3e7773c38e81a9c54fd849066e39435f6 Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 13:53:23 -0500 Subject: [PATCH 77/84] chore(python): add support for python 3.11 (#324) Source-Link: https://github.com/googleapis/synthtool/commit/7197a001ffb6d8ce7b0b9b11c280f0c536c1033a Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-python:latest@sha256:c43f1d918bcf817d337aa29ff833439494a158a0831508fda4ec75dc4c0d0320 Co-authored-by: Owl Bot --- privateca/snippets/noxfile.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py index 0577084695fc..de104dbc64d3 100644 --- a/privateca/snippets/noxfile.py +++ b/privateca/snippets/noxfile.py @@ -88,7 +88,7 @@ def get_pytest_env_vars() -> Dict[str, str]: # DO NOT EDIT - automatically generated. # All versions used to test samples. -ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10"] +ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11"] # Any default versions that should be ignored. IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] From 9c1fc09a10e7922a5bf78b338106bd698d7b3fe3 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 9 Jan 2023 17:58:42 +0000 Subject: [PATCH 78/84] chore(deps): update dependency google-cloud-monitoring to v2.13.0 (#325) --- privateca/snippets/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 34d2ed60ee04..41735b957efe 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ google-cloud-private-ca==1.5.0 google-cloud-kms==2.13.0 -google-cloud-monitoring==2.12.0 \ No newline at end of file +google-cloud-monitoring==2.13.0 \ No newline at end of file From 1a0a4e2a07c5e8fdbff3199965178aa434aeef4c Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 9 Jan 2023 22:49:53 +0000 Subject: [PATCH 79/84] chore(deps): update dependency google-auth to v2.16.0 (#326) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 6cc6dc69a110..7603501fe44e 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ pytest==7.2.0 -google-auth==2.15.0 +google-auth==2.16.0 cryptography==39.0.0 From b8d644e438a9b0c8d9e939e0f074e0542a5f270b Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 11 Jan 2023 18:36:49 +0000 Subject: [PATCH 80/84] chore(deps): update all dependencies (#329) --- privateca/snippets/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/privateca/snippets/requirements.txt b/privateca/snippets/requirements.txt index 41735b957efe..539381cc9c26 100644 --- a/privateca/snippets/requirements.txt +++ b/privateca/snippets/requirements.txt @@ -1,3 +1,3 @@ -google-cloud-private-ca==1.5.0 -google-cloud-kms==2.13.0 -google-cloud-monitoring==2.13.0 \ No newline at end of file +google-cloud-private-ca==1.6.0 +google-cloud-kms==2.14.0 +google-cloud-monitoring==2.14.0 \ No newline at end of file From e9546056c46591110a1de8f3f738c06326a1ea50 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Sat, 14 Jan 2023 18:13:23 +0000 Subject: [PATCH 81/84] chore(deps): update dependency pytest to v7.2.1 (#330) --- privateca/snippets/requirements-test.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 7603501fe44e..77d6f60472ee 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,3 @@ -pytest==7.2.0 +pytest==7.2.1 google-auth==2.16.0 cryptography==39.0.0 From e33f1135ad98364e3e1bca375455a6adeab0e0fd Mon Sep 17 00:00:00 2001 From: rsamborski Date: Mon, 23 Jan 2023 11:56:50 +0100 Subject: [PATCH 82/84] dee-migration: test fixes Updated the gcloud project and removed conflicting noxfile.py to default to the main used by repo --- privateca/snippets/noxfile.py | 292 --------------------------- privateca/snippets/noxfile_config.py | 4 +- 2 files changed, 2 insertions(+), 294 deletions(-) delete mode 100644 privateca/snippets/noxfile.py diff --git a/privateca/snippets/noxfile.py b/privateca/snippets/noxfile.py deleted file mode 100644 index de104dbc64d3..000000000000 --- a/privateca/snippets/noxfile.py +++ /dev/null @@ -1,292 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import print_function - -import glob -import os -from pathlib import Path -import sys -from typing import Callable, Dict, Optional - -import nox - -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING -# DO NOT EDIT THIS FILE EVER! -# WARNING - WARNING - WARNING - WARNING - WARNING -# WARNING - WARNING - WARNING - WARNING - WARNING - -BLACK_VERSION = "black==22.3.0" -ISORT_VERSION = "isort==5.10.1" - -# Copy `noxfile_config.py` to your directory and modify it instead. - -# `TEST_CONFIG` dict is a configuration hook that allows users to -# modify the test configurations. The values here should be in sync -# with `noxfile_config.py`. Users will copy `noxfile_config.py` into -# their directory and modify it. - -TEST_CONFIG = { - # You can opt out from the test for specific Python versions. - "ignored_versions": [], - # Old samples are opted out of enforcing Python type hints - # All new samples should feature them - "enforce_type_hints": False, - # An envvar key for determining the project id to use. Change it - # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a - # build specific Cloud project. You can also use your own string - # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - # 'gcloud_project_env': 'BUILD_SPECIFIC_GCLOUD_PROJECT', - # If you need to use a specific version of pip, - # change pip_version_override to the string representation - # of the version number, for example, "20.2.4" - "pip_version_override": None, - # A dictionary you want to inject into your test. Don't put any - # secrets here. These values will override predefined values. - "envs": {}, -} - - -try: - # Ensure we can import noxfile_config in the project's directory. - sys.path.append(".") - from noxfile_config import TEST_CONFIG_OVERRIDE -except ImportError as e: - print("No user noxfile_config found: detail: {}".format(e)) - TEST_CONFIG_OVERRIDE = {} - -# Update the TEST_CONFIG with the user supplied values. -TEST_CONFIG.update(TEST_CONFIG_OVERRIDE) - - -def get_pytest_env_vars() -> Dict[str, str]: - """Returns a dict for pytest invocation.""" - ret = {} - - # Override the GCLOUD_PROJECT and the alias. - env_key = TEST_CONFIG["gcloud_project_env"] - # This should error out if not set. - ret["GOOGLE_CLOUD_PROJECT"] = os.environ[env_key] - - # Apply user supplied envs. - ret.update(TEST_CONFIG["envs"]) - return ret - - -# DO NOT EDIT - automatically generated. -# All versions used to test samples. -ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11"] - -# Any default versions that should be ignored. -IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"] - -TESTED_VERSIONS = sorted([v for v in ALL_VERSIONS if v not in IGNORED_VERSIONS]) - -INSTALL_LIBRARY_FROM_SOURCE = os.environ.get("INSTALL_LIBRARY_FROM_SOURCE", False) in ( - "True", - "true", -) - -# Error if a python version is missing -nox.options.error_on_missing_interpreters = True - -# -# Style Checks -# - - -# Linting with flake8. -# -# We ignore the following rules: -# E203: whitespace before ‘:’ -# E266: too many leading ‘#’ for block comment -# E501: line too long -# I202: Additional newline in a section of imports -# -# We also need to specify the rules which are ignored by default: -# ['E226', 'W504', 'E126', 'E123', 'W503', 'E24', 'E704', 'E121'] -FLAKE8_COMMON_ARGS = [ - "--show-source", - "--builtin=gettext", - "--max-complexity=20", - "--exclude=.nox,.cache,env,lib,generated_pb2,*_pb2.py,*_pb2_grpc.py", - "--ignore=E121,E123,E126,E203,E226,E24,E266,E501,E704,W503,W504,I202", - "--max-line-length=88", -] - - -@nox.session -def lint(session: nox.sessions.Session) -> None: - if not TEST_CONFIG["enforce_type_hints"]: - session.install("flake8") - else: - session.install("flake8", "flake8-annotations") - - args = FLAKE8_COMMON_ARGS + [ - ".", - ] - session.run("flake8", *args) - - -# -# Black -# - - -@nox.session -def blacken(session: nox.sessions.Session) -> None: - """Run black. Format code to uniform standard.""" - session.install(BLACK_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - session.run("black", *python_files) - - -# -# format = isort + black -# - - -@nox.session -def format(session: nox.sessions.Session) -> None: - """ - Run isort to sort imports. Then run black - to format code to uniform standard. - """ - session.install(BLACK_VERSION, ISORT_VERSION) - python_files = [path for path in os.listdir(".") if path.endswith(".py")] - - # Use the --fss option to sort imports using strict alphabetical order. - # See https://pycqa.github.io/isort/docs/configuration/options.html#force-sort-within-sections - session.run("isort", "--fss", *python_files) - session.run("black", *python_files) - - -# -# Sample Tests -# - - -PYTEST_COMMON_ARGS = ["--junitxml=sponge_log.xml"] - - -def _session_tests( - session: nox.sessions.Session, post_install: Callable = None -) -> None: - # check for presence of tests - test_list = glob.glob("**/*_test.py", recursive=True) + glob.glob( - "**/test_*.py", recursive=True - ) - test_list.extend(glob.glob("**/tests", recursive=True)) - - if len(test_list) == 0: - print("No tests found, skipping directory.") - return - - if TEST_CONFIG["pip_version_override"]: - pip_version = TEST_CONFIG["pip_version_override"] - session.install(f"pip=={pip_version}") - """Runs py.test for a particular project.""" - concurrent_args = [] - if os.path.exists("requirements.txt"): - if os.path.exists("constraints.txt"): - session.install("-r", "requirements.txt", "-c", "constraints.txt") - else: - session.install("-r", "requirements.txt") - with open("requirements.txt") as rfile: - packages = rfile.read() - - if os.path.exists("requirements-test.txt"): - if os.path.exists("constraints-test.txt"): - session.install("-r", "requirements-test.txt", "-c", "constraints-test.txt") - else: - session.install("-r", "requirements-test.txt") - with open("requirements-test.txt") as rtfile: - packages += rtfile.read() - - if INSTALL_LIBRARY_FROM_SOURCE: - session.install("-e", _get_repo_root()) - - if post_install: - post_install(session) - - if "pytest-parallel" in packages: - concurrent_args.extend(["--workers", "auto", "--tests-per-worker", "auto"]) - elif "pytest-xdist" in packages: - concurrent_args.extend(["-n", "auto"]) - - session.run( - "pytest", - *(PYTEST_COMMON_ARGS + session.posargs + concurrent_args), - # Pytest will return 5 when no tests are collected. This can happen - # on travis where slow and flaky tests are excluded. - # See http://doc.pytest.org/en/latest/_modules/_pytest/main.html - success_codes=[0, 5], - env=get_pytest_env_vars(), - ) - - -@nox.session(python=ALL_VERSIONS) -def py(session: nox.sessions.Session) -> None: - """Runs py.test for a sample using the specified version of Python.""" - if session.python in TESTED_VERSIONS: - _session_tests(session) - else: - session.skip( - "SKIPPED: {} tests are disabled for this sample.".format(session.python) - ) - - -# -# Readmegen -# - - -def _get_repo_root() -> Optional[str]: - """Returns the root folder of the project.""" - # Get root of this repository. Assume we don't have directories nested deeper than 10 items. - p = Path(os.getcwd()) - for i in range(10): - if p is None: - break - if Path(p / ".git").exists(): - return str(p) - # .git is not available in repos cloned via Cloud Build - # setup.py is always in the library's root, so use that instead - # https://github.com/googleapis/synthtool/issues/792 - if Path(p / "setup.py").exists(): - return str(p) - p = p.parent - raise Exception("Unable to detect repository root.") - - -GENERATED_READMES = sorted([x for x in Path(".").rglob("*.rst.in")]) - - -@nox.session -@nox.parametrize("path", GENERATED_READMES) -def readmegen(session: nox.sessions.Session, path: str) -> None: - """(Re-)generates the readme for a sample.""" - session.install("jinja2", "pyyaml") - dir_ = os.path.dirname(path) - - if os.path.exists(os.path.join(dir_, "requirements.txt")): - session.install("-r", os.path.join(dir_, "requirements.txt")) - - in_file = os.path.join(dir_, "README.rst.in") - session.run( - "python", _get_repo_root() + "/scripts/readme-gen/readme_gen.py", in_file - ) diff --git a/privateca/snippets/noxfile_config.py b/privateca/snippets/noxfile_config.py index 4a4db8c2de30..e4659f78d1e3 100644 --- a/privateca/snippets/noxfile_config.py +++ b/privateca/snippets/noxfile_config.py @@ -30,8 +30,8 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + # "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": {}, From dce1074603c4aa22c23793cd2a36bf83b2f4678d Mon Sep 17 00:00:00 2001 From: rsamborski Date: Mon, 23 Jan 2023 13:44:18 +0100 Subject: [PATCH 83/84] dee-migration: add backoff to mitigate quota issue --- privateca/snippets/requirements-test.txt | 1 + privateca/snippets/test_certificate_authorities.py | 4 +++- privateca/snippets/test_subordinate_ca.py | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 77d6f60472ee..6b4971e6cbfd 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,3 +1,4 @@ pytest==7.2.1 google-auth==2.16.0 cryptography==39.0.0 +backoff=2.2.1 \ No newline at end of file diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index daac5bcf0e0d..c9e7ee1a7660 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -15,6 +15,7 @@ import re import typing import uuid +import backoff import google.auth @@ -38,7 +39,8 @@ def generate_name() -> str: return "i" + uuid.uuid4().hex[:10] - +@backoff.on_exception(backoff.expo, + Exception, max_tries=3) def test_create_certificate(capsys: typing.Any) -> None: CA_POOL_NAME = generate_name() CA_NAME = generate_name() diff --git a/privateca/snippets/test_subordinate_ca.py b/privateca/snippets/test_subordinate_ca.py index 1fe2d29a395b..77b19e248ea8 100644 --- a/privateca/snippets/test_subordinate_ca.py +++ b/privateca/snippets/test_subordinate_ca.py @@ -16,6 +16,7 @@ import re import typing import uuid +import backoff import google.auth import google.cloud.security.privateca_v1 as privateca_v1 @@ -36,7 +37,8 @@ def generate_name() -> str: return "test-" + uuid.uuid4().hex[:10] - +@backoff.on_exception(backoff.expo, + Exception, max_tries=3) def test_subordinate_certificate_authority( certificate_authority, capsys: typing.Any ) -> None: From 30c8db93969fd8bc4cdeb889261a4d1e4507c380 Mon Sep 17 00:00:00 2001 From: rsamborski Date: Mon, 23 Jan 2023 18:24:29 +0100 Subject: [PATCH 84/84] dee-migration: fixing tests --- privateca/snippets/noxfile_config.py | 4 ++-- privateca/snippets/requirements-test.txt | 2 +- privateca/snippets/test_certificate_authorities.py | 6 +++--- privateca/snippets/test_subordinate_ca.py | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/privateca/snippets/noxfile_config.py b/privateca/snippets/noxfile_config.py index e4659f78d1e3..4a4db8c2de30 100644 --- a/privateca/snippets/noxfile_config.py +++ b/privateca/snippets/noxfile_config.py @@ -30,8 +30,8 @@ # to 'BUILD_SPECIFIC_GCLOUD_PROJECT' if you want to opt in using a # build specific Cloud project. You can also use your own string # to use your own Cloud project. - "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", - # "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", + # "gcloud_project_env": "GOOGLE_CLOUD_PROJECT", + "gcloud_project_env": "BUILD_SPECIFIC_GCLOUD_PROJECT", # A dictionary you want to inject into your test. Don't put any # secrets here. These values will override predefined values. "envs": {}, diff --git a/privateca/snippets/requirements-test.txt b/privateca/snippets/requirements-test.txt index 6b4971e6cbfd..10a038a3a41c 100644 --- a/privateca/snippets/requirements-test.txt +++ b/privateca/snippets/requirements-test.txt @@ -1,4 +1,4 @@ pytest==7.2.1 google-auth==2.16.0 cryptography==39.0.0 -backoff=2.2.1 \ No newline at end of file +backoff==2.2.1 \ No newline at end of file diff --git a/privateca/snippets/test_certificate_authorities.py b/privateca/snippets/test_certificate_authorities.py index c9e7ee1a7660..e3ad215bcb09 100644 --- a/privateca/snippets/test_certificate_authorities.py +++ b/privateca/snippets/test_certificate_authorities.py @@ -15,8 +15,8 @@ import re import typing import uuid -import backoff +import backoff import google.auth from create_ca_pool import create_ca_pool @@ -39,8 +39,8 @@ def generate_name() -> str: return "i" + uuid.uuid4().hex[:10] -@backoff.on_exception(backoff.expo, - Exception, max_tries=3) + +@backoff.on_exception(backoff.expo, Exception, max_tries=3) def test_create_certificate(capsys: typing.Any) -> None: CA_POOL_NAME = generate_name() CA_NAME = generate_name() diff --git a/privateca/snippets/test_subordinate_ca.py b/privateca/snippets/test_subordinate_ca.py index 77b19e248ea8..d90eecf4c52a 100644 --- a/privateca/snippets/test_subordinate_ca.py +++ b/privateca/snippets/test_subordinate_ca.py @@ -16,8 +16,8 @@ import re import typing import uuid -import backoff +import backoff import google.auth import google.cloud.security.privateca_v1 as privateca_v1 @@ -37,8 +37,8 @@ def generate_name() -> str: return "test-" + uuid.uuid4().hex[:10] -@backoff.on_exception(backoff.expo, - Exception, max_tries=3) + +@backoff.on_exception(backoff.expo, Exception, max_tries=3) def test_subordinate_certificate_authority( certificate_authority, capsys: typing.Any ) -> None: