-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(spanner): add MR CMEK samples (#2044)
* Add create_database_with_MR_CMEK.php * Add testCreateDatabaseWithMRCMEK to spannerTest.php * Add create_backup_with_MR_CMEK * Add testCreateBackupWithMRCMEK to spannerBackupTest.php * Add restore_backup_with_MR_CMEK * Add testRestoreBackupWithMRCMEK to spannerBackupTest.php * Rename create_backup_with_MR_CMEK to create_backup_with_MR_CMEK.php * Rename restore_backup_with_MR_CMEK to restore_backup_with_MR_CMEK.php * Add copy_backup_with_MR_CMEK.php * Add testCopyBackupWithMRCMEK to spannerBackupTest.php * Update copy_backup_with_MR_CMEK.php * Update copy_backup_with_MR_CMEK.php * Update create_database_with_MR_CMEK.php Add indentation * Update copy_backup_with_MR_CMEK.php * Update copy_backup_with_MR_CMEK.php * Update create_database_with_MR_CMEK.php * Update restore_backup_with_MR_CMEK.php * Update create_backup_with_MR_CMEK.php Use encryptionInformation * Update copy_backup_with_MR_CMEK.php Use encryptionInformation * Update print_firewall_rule.php formatting * Update and rename copy_backup_with_MR_CMEK.php to copy_backup_with_mr_cmek.php Change from MR_CMEK to mr_cmek * Update and rename create_backup_with_MR_CMEK.php to create_backup_with_mr_cmek.php Change from MR_CMEK to mr_cmek * Update and rename create_database_with_MR_CMEK.php to create_database_with_mr_cmek.php Change from MR_CMEK to mr_cmek * Update and rename restore_backup_with_MR_CMEK.php to restore_backup_with_mr_cmek.php Change from MR_CMEK to mr_cmek * Update spannerBackupTest.php Change from MR_CMEK to mr_cmek * Update spannerTest.php Change from MR_CMEK to mr_cmek * Update spannerTest.php Add self::$ to kmsKeyName * Update spannerBackupTest.php Add self::$ to kmsKeyName * Update spannerTest.php * Update spannerTest.php Shorten database id * Update spannerBackupTest.php Shorten names * Update spannerTest.php Use MR instance * Update spannerTest.php Add spanner client * Update spannerBackupTest.php Add mr copy instance * Update spannerTest.php Add self::$instanceConfig * Update spannerTest.php Create instance config * Update spannerBackupTest.php * Update spannerBackupTest.php --------- Co-authored-by: Brent Shaffer <[email protected]>
- Loading branch information
1 parent
3d2ba82
commit 5ad66db
Showing
6 changed files
with
559 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
<?php | ||
/** | ||
* Copyright 2024 Google Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/** | ||
* For instructions on how to run the full sample: | ||
* | ||
* @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/spanner/README.md | ||
*/ | ||
|
||
namespace Google\Cloud\Samples\Spanner; | ||
|
||
// [START spanner_copy_backup_with_MR_CMEK] | ||
use Google\Cloud\Spanner\Admin\Database\V1\Client\DatabaseAdminClient; | ||
use Google\Cloud\Spanner\Admin\Database\V1\CopyBackupRequest; | ||
use Google\Cloud\Spanner\Admin\Database\V1\CopyBackupEncryptionConfig; | ||
use Google\Protobuf\Timestamp; | ||
|
||
/** | ||
* Copy a MR CMEK backup. | ||
* Example: | ||
* ``` | ||
* copy_backup_with_mr_cmek($projectId, $instanceId, $sourceBackupId, $backupId, $kmsKeyNames); | ||
* ``` | ||
* @param string $projectId The Google Cloud project ID. | ||
* @param string $instanceId The Spanner instance ID. | ||
* @param string $sourceBackupId The Spanner source backup ID. | ||
* @param string $backupId The Spanner backup ID. | ||
* @param string[] $kmsKeyNames The KMS keys used for encryption. | ||
*/ | ||
/** | ||
* Create a copy MR CMEK backup from another source backup. | ||
* Example: | ||
* ``` | ||
* copy_backup_with_mr_cmek($projectId, $destInstanceId, $destBackupId, $sourceInstanceId, $sourceBackupId, $kmsKeyNames); | ||
* ``` | ||
* | ||
* @param string $projectId The Google Cloud project ID. | ||
* @param string $destInstanceId The Spanner instance ID where the copy backup will reside. | ||
* @param string $destBackupId The Spanner backup ID of the new backup to be created. | ||
* @param string $sourceInstanceId The Spanner instance ID of the source backup. | ||
* @param string $sourceBackupId The Spanner backup ID of the source. | ||
* @param string[] $kmsKeyNames The KMS keys used for encryption. | ||
*/ | ||
function copy_backup_with_mr_cmek( | ||
string $projectId, | ||
string $destInstanceId, | ||
string $destBackupId, | ||
string $sourceInstanceId, | ||
string $sourceBackupId, | ||
array $kmsKeyNames | ||
): void { | ||
$databaseAdminClient = new DatabaseAdminClient(); | ||
|
||
$destInstanceFullName = DatabaseAdminClient::instanceName($projectId, $destInstanceId); | ||
$expireTime = new Timestamp(); | ||
$expireTime->setSeconds((new \DateTime('+8 hours'))->getTimestamp()); | ||
$sourceBackupFullName = DatabaseAdminClient::backupName($projectId, $sourceInstanceId, $sourceBackupId); | ||
$request = new CopyBackupRequest([ | ||
'source_backup' => $sourceBackupFullName, | ||
'parent' => $destInstanceFullName, | ||
'backup_id' => $destBackupId, | ||
'expire_time' => $expireTime, | ||
'encryption_config' => new CopyBackupEncryptionConfig([ | ||
'kms_key_names' => $kmsKeyNames, | ||
'encryption_type' => CopyBackupEncryptionConfig\EncryptionType::CUSTOMER_MANAGED_ENCRYPTION | ||
]) | ||
]); | ||
|
||
$operationResponse = $databaseAdminClient->copyBackup($request); | ||
$operationResponse->pollUntilComplete(); | ||
|
||
if (!$operationResponse->operationSucceeded()) { | ||
$error = $operationResponse->getError(); | ||
printf('Backup not created due to error: %s.' . PHP_EOL, $error->getMessage()); | ||
return; | ||
} | ||
$destBackupInfo = $operationResponse->getResult(); | ||
$kmsKeyVersions = []; | ||
foreach ($destBackupInfo->getEncryptionInformation() as $encryptionInfo) { | ||
$kmsKeyVersions[] = $encryptionInfo->getKmsKeyVersion(); | ||
} | ||
printf( | ||
'Backup %s of size %d bytes was copied at %d from the source backup %s using encryption keys %s' . PHP_EOL, | ||
basename($destBackupInfo->getName()), | ||
$destBackupInfo->getSizeBytes(), | ||
$destBackupInfo->getCreateTime()->getSeconds(), | ||
$sourceBackupId, | ||
print_r($kmsKeyVersions, true) | ||
); | ||
printf('Version time of the copied backup: %d' . PHP_EOL, $destBackupInfo->getVersionTime()->getSeconds()); | ||
} | ||
// [END spanner_copy_backup_with_MR_CMEK] | ||
|
||
// The following 2 lines are only needed to run the samples | ||
require_once __DIR__ . '/../../testing/sample_helpers.php'; | ||
\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
<?php | ||
/** | ||
* Copyright 2024 Google Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/** | ||
* For instructions on how to run the full sample: | ||
* | ||
* @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/spanner/README.md | ||
*/ | ||
|
||
namespace Google\Cloud\Samples\Spanner; | ||
|
||
// [START spanner_create_backup_with_MR_CMEK] | ||
use Google\Cloud\Spanner\Admin\Database\V1\Backup; | ||
use \Google\Cloud\Spanner\Admin\Database\V1\Backup\State; | ||
use Google\Cloud\Spanner\Admin\Database\V1\Client\DatabaseAdminClient; | ||
use Google\Cloud\Spanner\Admin\Database\V1\CreateBackupEncryptionConfig; | ||
use Google\Cloud\Spanner\Admin\Database\V1\CreateBackupRequest; | ||
use Google\Cloud\Spanner\Admin\Database\V1\GetBackupRequest; | ||
use Google\Protobuf\Timestamp; | ||
|
||
/** | ||
* Create a CMEK backup. | ||
* Example: | ||
* ``` | ||
* create_backup_with_mr_cmek($projectId, $instanceId, $databaseId, $backupId, $kmsKeyNames); | ||
* ``` | ||
* | ||
* @param string $projectId The Google Cloud project ID. | ||
* @param string $instanceId The Spanner instance ID. | ||
* @param string $databaseId The Spanner database ID. | ||
* @param string $backupId The Spanner backup ID. | ||
* @param string[] $kmsKeyNames The KMS keys used for encryption. | ||
*/ | ||
function create_backup_with_mr_cmek( | ||
string $projectId, | ||
string $instanceId, | ||
string $databaseId, | ||
string $backupId, | ||
array $kmsKeyNames | ||
): void { | ||
$databaseAdminClient = new DatabaseAdminClient(); | ||
$instanceFullName = DatabaseAdminClient::instanceName($projectId, $instanceId); | ||
$databaseFullName = DatabaseAdminClient::databaseName($projectId, $instanceId, $databaseId); | ||
$expireTime = new Timestamp(); | ||
$expireTime->setSeconds((new \DateTime('+14 days'))->getTimestamp()); | ||
$request = new CreateBackupRequest([ | ||
'parent' => $instanceFullName, | ||
'backup_id' => $backupId, | ||
'encryption_config' => new CreateBackupEncryptionConfig([ | ||
'kms_key_names' => $kmsKeyNames, | ||
'encryption_type' => CreateBackupEncryptionConfig\EncryptionType::CUSTOMER_MANAGED_ENCRYPTION | ||
]), | ||
'backup' => new Backup([ | ||
'database' => $databaseFullName, | ||
'expire_time' => $expireTime | ||
]) | ||
]); | ||
|
||
$operation = $databaseAdminClient->createBackup($request); | ||
|
||
print('Waiting for operation to complete...' . PHP_EOL); | ||
$operation->pollUntilComplete(); | ||
|
||
$request = new GetBackupRequest(); | ||
$request->setName($databaseAdminClient->backupName($projectId, $instanceId, $backupId)); | ||
$info = $databaseAdminClient->getBackup($request); | ||
if (State::name($info->getState()) == 'READY') { | ||
$kmsKeyVersions = []; | ||
foreach ($info->getEncryptionInformation() as $encryptionInfo) { | ||
$kmsKeyVersions[] = $encryptionInfo->getKmsKeyVersion(); | ||
} | ||
printf( | ||
'Backup %s of size %d bytes was created at %d using encryption keys %s' . PHP_EOL, | ||
basename($info->getName()), | ||
$info->getSizeBytes(), | ||
$info->getCreateTime()->getSeconds(), | ||
print_r($kmsKeyVersions, true) | ||
); | ||
} else { | ||
print('Backup is not ready!' . PHP_EOL); | ||
} | ||
} | ||
// [END spanner_create_backup_with_MR_CMEK] | ||
|
||
// The following 2 lines are only needed to run the samples | ||
require_once __DIR__ . '/../../testing/sample_helpers.php'; | ||
\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
<?php | ||
/** | ||
* Copyright 2024 Google Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/** | ||
* For instructions on how to run the full sample: | ||
* | ||
* @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/spanner/README.md | ||
*/ | ||
|
||
namespace Google\Cloud\Samples\Spanner; | ||
|
||
// [START spanner_create_database_with_MR_CMEK] | ||
use Google\Cloud\Spanner\Admin\Database\V1\Client\DatabaseAdminClient; | ||
use Google\Cloud\Spanner\Admin\Database\V1\CreateDatabaseRequest; | ||
use Google\Cloud\Spanner\Admin\Database\V1\EncryptionConfig; | ||
|
||
/** | ||
* Creates a MR CMEK database with tables for sample data. | ||
* Example: | ||
* ``` | ||
* create_database_with_mr_cmek($projectId, $instanceId, $databaseId, $kmsKeyNames); | ||
* ``` | ||
* | ||
* @param string $projectId The Google Cloud project ID. | ||
* @param string $instanceId The Spanner instance ID. | ||
* @param string $databaseId The Spanner database ID. | ||
* @param string[] $kmsKeyNames The KMS keys used for encryption. | ||
*/ | ||
function create_database_with_mr_cmek( | ||
string $projectId, | ||
string $instanceId, | ||
string $databaseId, | ||
array $kmsKeyNames | ||
): void { | ||
$databaseAdminClient = new DatabaseAdminClient(); | ||
$instanceName = DatabaseAdminClient::instanceName($projectId, $instanceId); | ||
|
||
$createDatabaseRequest = new CreateDatabaseRequest(); | ||
$createDatabaseRequest->setParent($instanceName); | ||
$createDatabaseRequest->setCreateStatement(sprintf('CREATE DATABASE `%s`', $databaseId)); | ||
$createDatabaseRequest->setExtraStatements([ | ||
'CREATE TABLE Singers ( | ||
SingerId INT64 NOT NULL, | ||
FirstName STRING(1024), | ||
LastName STRING(1024), | ||
SingerInfo BYTES(MAX) | ||
) PRIMARY KEY (SingerId)', | ||
'CREATE TABLE Albums ( | ||
SingerId INT64 NOT NULL, | ||
AlbumId INT64 NOT NULL, | ||
AlbumTitle STRING(MAX) | ||
) PRIMARY KEY (SingerId, AlbumId), | ||
INTERLEAVE IN PARENT Singers ON DELETE CASCADE' | ||
]); | ||
|
||
if (!empty($kmsKeyNames)) { | ||
$encryptionConfig = new EncryptionConfig(); | ||
$encryptionConfig->setKmsKeyNames($kmsKeyNames); | ||
$createDatabaseRequest->setEncryptionConfig($encryptionConfig); | ||
} | ||
|
||
$operationResponse = $databaseAdminClient->createDatabase($createDatabaseRequest); | ||
printf('Waiting for operation to complete...' . PHP_EOL); | ||
$operationResponse->pollUntilComplete(); | ||
|
||
if ($operationResponse->operationSucceeded()) { | ||
$database = $operationResponse->getResult(); | ||
printf( | ||
'Created database %s on instance %s with encryption keys %s' . PHP_EOL, | ||
$databaseId, | ||
$instanceId, | ||
print_r($database->getEncryptionConfig()->getKmsKeyNames(), true) | ||
); | ||
} else { | ||
$error = $operationResponse->getError(); | ||
printf('Failed to create encrypted database: %s' . PHP_EOL, $error->getMessage()); | ||
} | ||
} | ||
// [END spanner_create_database_with_MR_CMEK] | ||
|
||
// The following 2 lines are only needed to run the samples | ||
require_once __DIR__ . '/../../testing/sample_helpers.php'; | ||
\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
<?php | ||
/** | ||
* Copyright 2024 Google Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
/** | ||
* For instructions on how to run the full sample: | ||
* | ||
* @see https://github.com/GoogleCloudPlatform/php-docs-samples/tree/main/spanner/README.md | ||
*/ | ||
|
||
namespace Google\Cloud\Samples\Spanner; | ||
|
||
// [START spanner_restore_backup_with_MR_CMEK] | ||
use Google\Cloud\Spanner\Admin\Database\V1\Client\DatabaseAdminClient; | ||
use Google\Cloud\Spanner\Admin\Database\V1\RestoreDatabaseEncryptionConfig; | ||
use Google\Cloud\Spanner\Admin\Database\V1\RestoreDatabaseRequest; | ||
|
||
/** | ||
* Restore a MR CMEK database from a backup. | ||
* Example: | ||
* ``` | ||
* restore_backup_with_mr_cmek($projectId, $instanceId, $databaseId, $backupId, $kmsKeyNames); | ||
* ``` | ||
* @param string $projectId The Google Cloud project ID. | ||
* @param string $instanceId The Spanner instance ID. | ||
* @param string $databaseId The Spanner database ID. | ||
* @param string $backupId The Spanner backup ID. | ||
* @param string[] $kmsKeyNames The KMS keys used for encryption. | ||
*/ | ||
function restore_backup_with_mr_cmek( | ||
string $projectId, | ||
string $instanceId, | ||
string $databaseId, | ||
string $backupId, | ||
array $kmsKeyNames | ||
): void { | ||
$databaseAdminClient = new DatabaseAdminClient(); | ||
$instanceFullName = DatabaseAdminClient::instanceName($projectId, $instanceId); | ||
$backupFullName = DatabaseAdminClient::backupName($projectId, $instanceId, $backupId); | ||
$request = new RestoreDatabaseRequest([ | ||
'parent' => $instanceFullName, | ||
'database_id' => $databaseId, | ||
'backup' => $backupFullName, | ||
'encryption_config' => new RestoreDatabaseEncryptionConfig([ | ||
'kms_key_names' => $kmsKeyNames, | ||
'encryption_type' => RestoreDatabaseEncryptionConfig\EncryptionType::CUSTOMER_MANAGED_ENCRYPTION | ||
]) | ||
]); | ||
|
||
// Create restore operation | ||
$operation = $databaseAdminClient->restoreDatabase($request); | ||
|
||
print('Waiting for operation to complete...' . PHP_EOL); | ||
$operation->pollUntilComplete(); | ||
|
||
// Reload new database and get restore info | ||
$database = $operation->operationSucceeded() ? $operation->getResult() : null; | ||
$restoreInfo = $database->getRestoreInfo(); | ||
$backupInfo = $restoreInfo->getBackupInfo(); | ||
$sourceDatabase = $backupInfo->getSourceDatabase(); | ||
$sourceBackup = $backupInfo->getBackup(); | ||
$encryptionConfig = $database->getEncryptionConfig(); | ||
printf( | ||
'Database %s restored from backup %s using encryption keys %s' . PHP_EOL, | ||
$sourceDatabase, $sourceBackup, print_r($encryptionConfig->getKmsKeyNames(), true) | ||
); | ||
} | ||
// [END spanner_restore_backup_with_MR_CMEK] | ||
|
||
// The following 2 lines are only needed to run the samples | ||
require_once __DIR__ . '/../../testing/sample_helpers.php'; | ||
\Google\Cloud\Samples\execute_sample(__FILE__, __NAMESPACE__, $argv); |
Oops, something went wrong.