Skip to content
This repository was archived by the owner on Mar 31, 2026. It is now read-only.

fix(storage): fix upload object with bucket cmek enabled #158

Merged
frankyn merged 5 commits into from
May 22, 2020
Merged

fix(storage): fix upload object with bucket cmek enabled #158

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8d0fe99
fix(storage): fix upload object with bucket cmek enabled
HemangChothani May 21, 2020
0b254c0
Merge branch 'master' into storage_issue_155
frankyn May 21, 2020
14a31db
Merge branch 'master' into storage_issue_155
frankyn May 22, 2020
ba92f58
fix(storage): add comments for condition used
HemangChothani May 22, 2020
71935ad
fix(storage): nit
HemangChothani May 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions google/cloud/storage/blob.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1280,7 +1280,10 @@ def _do_multipart_upload(
if self.user_project is not None:
name_value_pairs.append(("userProject", self.user_project))

if self.kms_key_name is not None:
if (
self.kms_key_name is not None
and "cryptoKeyVersions" not in self.kms_key_name
Copy link
Copy Markdown
Contributor

@frankyn frankyn May 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add comments on why this is needed for posterity. Mainly that Cloud Storage object metadata stores kmsKeyName with version information and uploads() expect non-versioned information.

):
name_value_pairs.append(("kmsKeyName", self.kms_key_name))

if predefined_acl is not None:
Expand Down Expand Up @@ -1417,7 +1420,10 @@ def _initiate_resumable_upload(
if self.user_project is not None:
name_value_pairs.append(("userProject", self.user_project))

if self.kms_key_name is not None:
if (
self.kms_key_name is not None
and "cryptoKeyVersions" not in self.kms_key_name
):
name_value_pairs.append(("kmsKeyName", self.kms_key_name))

if predefined_acl is not None:
Expand Down
24 changes: 24 additions & 0 deletions tests/system/test_system.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1966,6 +1966,30 @@ def test_rewrite_rotate_csek_to_cmek(self):

self.assertEqual(dest.download_as_string(), source_data)

def test_upload_new_blob_w_bucket_cmek_enabled(self):
blob_name = "test-blob"
payload = b"DEADBEEF"
alt_payload = b"NEWDEADBEEF"

kms_key_name = self._kms_key_name()
self.bucket.default_kms_key_name = kms_key_name
self.bucket.patch()
self.assertEqual(self.bucket.default_kms_key_name, kms_key_name)

blob = self.bucket.blob(blob_name)
blob.upload_from_string(payload)
# We don't know the current version of the key.
self.assertTrue(blob.kms_key_name.startswith(kms_key_name))

blob.upload_from_string(alt_payload, if_generation_match=blob.generation)
self.case_blobs_to_delete.append(blob)

self.assertEqual(blob.download_as_string(), alt_payload)

self.bucket.default_kms_key_name = None
self.bucket.patch()
self.assertIsNone(self.bucket.default_kms_key_name)


class TestRetentionPolicy(unittest.TestCase):
def setUp(self):
Expand Down
25 changes: 23 additions & 2 deletions tests/unit/test_blob.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1525,7 +1525,7 @@ def _do_multipart_success(
if predefined_acl is not None:
qs_params.append(("predefinedAcl", predefined_acl))

if kms_key_name is not None:
if kms_key_name is not None and "cryptoKeyVersions" not in kms_key_name:
qs_params.append(("kmsKeyName", kms_key_name))

if if_generation_match is not None:
Expand Down Expand Up @@ -1579,6 +1579,17 @@ def test__do_multipart_upload_with_kms(self, mock_get_boundary):
)
self._do_multipart_success(mock_get_boundary, kms_key_name=kms_resource)

@mock.patch(u"google.resumable_media._upload.get_boundary", return_value=b"==0==")
def test__do_multipart_upload_with_kms_with_version(self, mock_get_boundary):
kms_resource = (
"projects/test-project-123/"
"locations/us/"
"keyRings/test-ring/"
"cryptoKeys/test-key"
"cryptoKeyVersions/1"
)
self._do_multipart_success(mock_get_boundary, kms_key_name=kms_resource)

@mock.patch(u"google.resumable_media._upload.get_boundary", return_value=b"==0==")
def test__do_multipart_upload_with_retry(self, mock_get_boundary):
self._do_multipart_success(mock_get_boundary, num_retries=8)
Expand Down Expand Up @@ -1685,7 +1696,7 @@ def _initiate_resumable_helper(
if predefined_acl is not None:
qs_params.append(("predefinedAcl", predefined_acl))

if kms_key_name is not None:
if kms_key_name is not None and "cryptoKeyVersions" not in kms_key_name:
qs_params.append(("kmsKeyName", kms_key_name))

if if_generation_match is not None:
Expand Down Expand Up @@ -1770,6 +1781,16 @@ def test__initiate_resumable_upload_with_kms(self):
)
self._initiate_resumable_helper(kms_key_name=kms_resource)

def test__initiate_resumable_upload_with_kms_with_version(self):
kms_resource = (
"projects/test-project-123/"
"locations/us/"
"keyRings/test-ring/"
"cryptoKeys/test-key"
"cryptoKeyVersions/1"
)
self._initiate_resumable_helper(kms_key_name=kms_resource)

def test__initiate_resumable_upload_without_chunk_size(self):
self._initiate_resumable_helper(blob_chunk_size=None)

Expand Down