forked from GoogleCloudPlatform/python-docs-samples
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhmac_samples.py
More file actions
157 lines (143 loc) · 5.87 KB
/
Copy pathhmac_samples.py
File metadata and controls
157 lines (143 loc) · 5.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# Copyright 2019 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Samples to illustrate management of HMAC keys via the python client library.
"""
from google.cloud import storage
def list_keys(project_id):
"""
List all HMAC keys associated with the project.
"""
# [START storage_list_hmac_keys]
# project_id = 'Your Google Cloud project ID'
storage_client = storage.Client(project=project_id)
hmac_keys = storage_client.list_hmac_keys(project_id=project_id)
print('HMAC Keys:')
for hmac_key in hmac_keys:
print('Service Account Email: {}'.format(
hmac_key.service_account_email))
print('Access ID: {}'.format(hmac_key.access_id))
# [END storage_list_hmac_keys]
return hmac_keys
def create_key(project_id, service_account_email):
"""
Create a new HMAC key using the given project and service account.
"""
# [START storage_create_hmac_key]
# project_id = 'Your Google Cloud project ID'
# service_account_email = 'Service account used to generate HMAC key'
storage_client = storage.Client(project=project_id)
hmac_key, secret = storage_client.create_hmac_key(
service_account_email=service_account_email,
project_id=project_id)
print('The base64 encoded secret is {}'.format(secret))
print('Do not miss that secret, there is no API to recover it.')
print('The HMAC key metadata is:')
print('Service Account Email: {}'.format(hmac_key.service_account_email))
print('Key ID: {}'.format(hmac_key.id))
print('Access ID: {}'.format(hmac_key.access_id))
print('Project ID: {}'.format(hmac_key.project))
print('State: {}'.format(hmac_key.state))
print('Created At: {}'.format(hmac_key.time_created))
print('Updated At: {}'.format(hmac_key.updated))
print('Etag: {}'.format(hmac_key.etag))
# [END storage_create_hmac_key]
return hmac_key
def get_key(access_id, project_id):
"""
Retrieve the HMACKeyMetadata with the given access id.
"""
# [START storage_get_hmac_key]
# project_id = 'Your Google Cloud project ID'
# access_id = 'ID of an HMAC key'
storage_client = storage.Client(project=project_id)
hmac_key = storage_client.get_hmac_key_metadata(
access_id,
project_id=project_id)
print('The HMAC key metadata is:')
print('Service Account Email: {}'.format(hmac_key.service_account_email))
print('Key ID: {}'.format(hmac_key.id))
print('Access ID: {}'.format(hmac_key.access_id))
print('Project ID: {}'.format(hmac_key.project))
print('State: {}'.format(hmac_key.state))
print('Created At: {}'.format(hmac_key.time_created))
print('Updated At: {}'.format(hmac_key.updated))
print('Etag: {}'.format(hmac_key.etag))
# [END storage_get_hmac_key]
return hmac_key
def activate_key(access_id, project_id):
"""
Activate the HMAC key with the given access ID.
"""
# [START storage_activate_hmac_key]
# project_id = 'Your Google Cloud project ID'
# access_id = 'ID of an inactive HMAC key'
storage_client = storage.Client(project=project_id)
hmac_key = storage_client.get_hmac_key_metadata(
access_id,
project_id=project_id)
hmac_key.state = 'ACTIVE'
hmac_key.update()
print('The HMAC key metadata is:')
print('Service Account Email: {}'.format(hmac_key.service_account_email))
print('Key ID: {}'.format(hmac_key.id))
print('Access ID: {}'.format(hmac_key.access_id))
print('Project ID: {}'.format(hmac_key.project))
print('State: {}'.format(hmac_key.state))
print('Created At: {}'.format(hmac_key.time_created))
print('Updated At: {}'.format(hmac_key.updated))
print('Etag: {}'.format(hmac_key.etag))
# [END storage_activate_hmac_key]
return hmac_key
def deactivate_key(access_id, project_id):
"""
Deactivate the HMAC key with the given access ID.
"""
# [START storage_deactivate_hmac_key]
# project_id = 'Your Google Cloud project ID'
# access_id = 'ID of an active HMAC key'
storage_client = storage.Client(project=project_id)
hmac_key = storage_client.get_hmac_key_metadata(
access_id,
project_id=project_id)
hmac_key.state = 'INACTIVE'
hmac_key.update()
print('The HMAC key is now inactive.')
print('The HMAC key metadata is:')
print('Service Account Email: {}'.format(hmac_key.service_account_email))
print('Key ID: {}'.format(hmac_key.id))
print('Access ID: {}'.format(hmac_key.access_id))
print('Project ID: {}'.format(hmac_key.project))
print('State: {}'.format(hmac_key.state))
print('Created At: {}'.format(hmac_key.time_created))
print('Updated At: {}'.format(hmac_key.updated))
print('Etag: {}'.format(hmac_key.etag))
# [END storage_deactivate_hmac_key]
return hmac_key
def delete_key(access_id, project_id):
"""
Delete the HMAC key with the given access ID. Key must have state INACTIVE
in order to succeed.
"""
# [START storage_delete_hmac_key]
# project_id = 'Your Google Cloud project ID'
# access_id = 'ID of an HMAC key (must be in INACTIVE state)'
storage_client = storage.Client(project=project_id)
hmac_key = storage_client.get_hmac_key_metadata(
access_id,
project_id=project_id)
hmac_key.delete()
print('The key is deleted, though it may still appear in list_hmac_keys()'
' results.')
# [END storage_delete_hmac_key]