Merge pull request GoogleCloudPlatform#946 from GoogleCloudPlatform/hmac-sa

[Storage] HMAC key samples

Author: frankyn

storage/README.md

@@ -48,6 +48,9 @@ This simple command-line application demonstrates how to invoke
     get-object-v2-signed-url         Generate a v2 signed URL for downloading an object.
     get-object-v4-signed-url         Generate a v4 signed URL for downloading an object.
     get-object-v4-upload-signed-url  Generate a v4 signed URL for uploading an object.
+    hmac-sa-manage                   Manage HMAC Service Account keys.
+    hmac-sa-list                     List HMAC Service Account keys.
+    hmac-sa-create                   Create an HMAC Service Account key.
     ```
 6. Run `php storage.php COMMAND --help` to print information about the usage of each command.
 

storage/composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "google/cloud-storage": "^1.9.0",
+        "google/cloud-storage": "^1.14.0",
         "paragonie/random_compat": "^2.0",
         "symfony/console": " ^3.0"
     },
@@ -13,21 +13,25 @@
             "src/add_object_acl.php",
             "src/copy_object.php",
             "src/create_bucket.php",
+            "src/create_hmac_key.php",
             "src/delete_bucket.php",
             "src/delete_bucket_acl.php",
             "src/delete_bucket_default_acl.php",
             "src/delete_object.php",
             "src/delete_object_acl.php",
+            "src/delete_hmac_key.php",
             "src/disable_bucket_policy_only.php",
             "src/disable_default_event_based_hold.php",
             "src/disable_requester_pays.php",
+            "src/deactivate_hmac_key.php",
             "src/download_encrypted_object.php",
             "src/download_file_requester_pays.php",
             "src/download_object.php",
             "src/enable_bucket_policy_only.php",
             "src/enable_default_event_based_hold.php",
             "src/enable_default_kms_key.php",
             "src/enable_requester_pays.php",
+            "src/activate_hmac_key.php",
             "src/generate_encryption_key.php",
             "src/bucket_metadata.php",
             "src/get_bucket_acl.php",
@@ -44,9 +48,11 @@
             "src/get_requester_pays_status.php",
             "src/get_retention_policy.php",
             "src/get_default_event_based_hold.php",
+            "src/get_hmac_key.php",
             "src/list_buckets.php",
             "src/list_objects.php",
             "src/list_objects_with_prefix.php",
+            "src/list_hmac_keys.php",
             "src/lock_retention_policy.php",
             "src/make_public.php",
             "src/move_object.php",

storage/src/activate_hmac_key.php

@@ -0,0 +1,47 @@
+
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_activate_hmac_key]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Activate an HMAC key.
+ *
+ * @param string $accessId Access ID for an inactive HMAC key.
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function activate_hmac_key($accessId, $projectId)
+{
+    $storage = new StorageClient();
+    // By default hmacKey will use the projectId used by StorageClient().
+    $hmacKey = $storage->hmacKey($accessId, $projectId);
+
+    $hmacKey->update('ACTIVE');
+
+    print('The HMAC key is now active.' . PHP_EOL);
+    printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKey->info(), true));
+}
+# [END storage_activate_hmac_key]

storage/src/create_bucket.php

@@ -32,7 +32,6 @@
  * @param string $bucketName name of the bucket to create.
  * @param string $options options for the new bucket.
  *
- * @return Google\Cloud\Storage\Bucket the newly created bucket.
  */
 function create_bucket($bucketName, $options = [])
 {

storage/src/create_hmac_key.php

@@ -0,0 +1,46 @@
+
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_create_hmac_key]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Create a new HMAC key.
+ *
+ * @param string $serviceAccountEmail Service account email to associate with the new HMAC key.
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function create_hmac_key($serviceAccountEmail, $projectId)
+{
+    $storage = new StorageClient();
+    // By default createHmacKey will use the projectId used by StorageClient().
+    $hmacKeyCreated = $storage->createHmacKey($serviceAccountEmail, ['projectId' => $projectId]);
+
+    printf('The base64 encoded secret is: %s' . PHP_EOL, $hmacKeyCreated->secret());
+    print('Do not miss that secret, there is no API to recover it.' . PHP_EOL);
+    printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKeyCreated->hmacKey()->info(), true));
+}
+# [END storage_create_hmac_key]

storage/src/deactivate_hmac_key.php

@@ -0,0 +1,47 @@
+
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_deactivate_hmac_key]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Deactivate an HMAC key.
+ *
+ * @param string $accessId Access ID for an inactive HMAC key.
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function deactivate_hmac_key($accessId, $projectId)
+{
+    $storage = new StorageClient();
+    // By default hmacKey will use the projectId used by StorageClient().
+    $hmacKey = $storage->hmacKey($accessId, $projectId);
+
+    $hmacKey->update('INACTIVE');
+
+    print('The HMAC key is now inactive.' . PHP_EOL);
+    printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKey->info(), true));
+}
+# [END storage_deactivate_hmac_key]

storage/src/delete_hmac_key.php

@@ -0,0 +1,48 @@
+
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_delete_hmac_key]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Delete an HMAC key.
+ *
+ * @param string $accessId Access ID for an HMAC key.
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function delete_hmac_key($accessId, $projectId)
+{
+    $storage = new StorageClient();
+    // By default hmacKey will use the projectId used by StorageClient().
+    $hmacKey = $storage->hmacKey($accessId, $projectId);
+
+    $hmacKey->delete();
+    print(
+      'The key is deleted, though it may still appear in the results of calls ' .
+      'to StorageClient.hmacKeys([\'showDeletedKeys\' => true])' . PHP_EOL
+    );
+}
+# [END storage_get_hmac_key]

storage/src/get_hmac_key.php

@@ -0,0 +1,43 @@
+
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_get_hmac_key]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * Get an HMAC key.
+ *
+ * @param string $accessId Access ID for an HMAC key.
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function get_hmac_key($accessId, $projectId)
+{
+    $storage = new StorageClient();
+    $hmacKey = $storage->hmacKey($accessId, $projectId);
+
+    printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKey->info(), true));
+}
+# [END storage_get_hmac_key]

storage/src/list_hmac_keys.php

@@ -0,0 +1,45 @@
+
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * For instructions on how to run the full sample:
+ *
+ * @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/storage/README.md
+ */
+
+namespace Google\Cloud\Samples\Storage;
+
+# [START storage_list_hmac_keys]
+use Google\Cloud\Storage\StorageClient;
+
+/**
+ * List HMAC keys.
+ *
+ * @param string $projectId Google Cloud Project ID.
+ *
+ */
+function list_hmac_keys($projectId)
+{
+    $storage = new StorageClient();
+    // By default hmacKeys will use the projectId used by StorageClient() to list HMAC Keys.
+    $hmacKeys = $storage->hmacKeys(['projectId' => $projectId]);
+
+    foreach ($hmacKeys as $hmacKey) {
+        printf('HMAC key Metadata: %s' . PHP_EOL, print_r($hmacKey->info(), true));
+    }
+}
+# [END storage_list_hmac_keys]