• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2019 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""Tests for tink.python.tink.integration.gcp_kms_client."""
16
17import os
18
19from absl.testing import absltest
20
21from tink.integration import gcpkms
22from tink.testing import helper
23
24
25CREDENTIAL_PATH = os.path.join(helper.tink_py_testdata_path(),
26                               'gcp/credential.json')
27
28
29class GcpKmsClientTest(absltest.TestCase):
30
31  def test_client_bound_to_key_uri(self):
32    gcp_key1 = 'gcp-kms://projects/someProject/.../cryptoKeys/key1'
33    gcp_key2 = 'gcp-kms://projects/otherProject/.../cryptoKeys/key2'
34    non_gcp_key = 'aws-kms://arn:aws:kms:us-west-2:acc:other/key3'
35
36    gcp_client = gcpkms.GcpKmsClient(gcp_key1, CREDENTIAL_PATH)
37
38    self.assertEqual(gcp_client.does_support(gcp_key1), True)
39    self.assertEqual(gcp_client.does_support(gcp_key2), False)
40    self.assertEqual(gcp_client.does_support(non_gcp_key), False)
41
42  def test_client_not_bound_to_key_uri(self):
43    gcp_key1 = 'gcp-kms://projects/someProject/.../cryptoKeys/key1'
44    gcp_key2 = 'gcp-kms://projects/otherProject/.../cryptoKeys/key2'
45    non_gcp_key = 'aws-kms://arn:aws:kms:us-west-2:acc:other/key3'
46
47    gcp_client = gcpkms.GcpKmsClient(None, CREDENTIAL_PATH)
48
49    self.assertEqual(gcp_client.does_support(gcp_key1), True)
50    self.assertEqual(gcp_client.does_support(gcp_key2), True)
51    self.assertEqual(gcp_client.does_support(non_gcp_key), False)
52
53  def test_client_empty_key_uri(self):
54    gcp_key = 'gcp-kms://projects/someProject/.../cryptoKeys/key1'
55    gcp_client = gcpkms.GcpKmsClient('', CREDENTIAL_PATH)
56    self.assertEqual(gcp_client.does_support(gcp_key), True)
57
58  def test_client_invalid_path(self):
59    with self.assertRaises(FileNotFoundError):
60      gcpkms.GcpKmsClient(None, CREDENTIAL_PATH + 'corrupted')
61
62
63if __name__ == '__main__':
64  absltest.main()
65