/
fakekms.go
124 lines (106 loc) · 3.38 KB
/
fakekms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package fakekms contains a fake of the Google Cloud Key Management service.
// go/mocks#prefer-fakes
package fakekms
import (
"net"
"sync"
"time"
"cloud.google.com/kms/integrations/fakekms/fault"
"google.golang.org/grpc"
"cloud.google.com/go/kms/apiv1/kmspb"
"cloud.google.com/kms/integrations/fakekms/fault/faultpb"
)
// maxPageSize is the maximum number of elements that will be returned in
// a single paged result of a list request.
const maxPageSize = 1000
// fakeKMS implements a fake of the Cloud KMS API.
type fakeKMS struct {
kmspb.UnimplementedKeyManagementServiceServer
keyRings map[keyRingName]*keyRing
// Protects keyRings. For guarding object use within RPCs, the lock is held
// in the lock interceptor rather than directly in the RPC function.
mux sync.RWMutex
}
// keyRing models a KeyRing in Cloud KMS.
type keyRing struct {
pb *kmspb.KeyRing
keys map[cryptoKeyName]*cryptoKey
}
// cryptoKey models a CryptoKey in Cloud KMS.
type cryptoKey struct {
pb *kmspb.CryptoKey
versions map[cryptoKeyVersionName]*cryptoKeyVersion
}
func (f *fakeKMS) cryptoKey(name cryptoKeyName) (*cryptoKey, error) {
kr, ok := f.keyRings[name.keyRingName]
if !ok {
return nil, errNotFound(name)
}
ck, ok := kr.keys[name]
if !ok {
return nil, errNotFound(name)
}
return ck, nil
}
// cryptoKeyVersion models a CryptoKeyVersion in Cloud KMS.
type cryptoKeyVersion struct {
pb *kmspb.CryptoKeyVersion
keyMaterial interface{}
}
func (f *fakeKMS) cryptoKeyVersion(name cryptoKeyVersionName) (*cryptoKeyVersion, error) {
kr, ok := f.keyRings[name.keyRingName]
if !ok {
return nil, errNotFound(name)
}
ck, ok := kr.keys[name.cryptoKeyName]
if !ok {
return nil, errNotFound(name)
}
ckv, ok := ck.versions[name]
if !ok {
return nil, errNotFound(name)
}
return ckv, nil
}
// Server wraps a local gRPC server that serves KMS requests.
type Server struct {
Addr net.Addr
grpcServer *grpc.Server
}
// Close stops the server by immediately closing all connections and listeners.
func (s *Server) Close() {
s.grpcServer.Stop()
}
// ServerOptions contains options for the FakeKMS server.
type ServerOptions struct {
// The amount of time each request should be delayed before processing.
Delay time.Duration
}
// NewServer starts a new local Fake KMS server that is listening for gRPC requests.
func NewServer() (*Server, error) {
lis, err := net.Listen("tcp", "localhost:0")
if err != nil {
return nil, err
}
fakeKMS := &fakeKMS{keyRings: make(map[keyRingName]*keyRing)}
faultServer := &fault.Server{}
s := grpc.NewServer(grpc.ChainUnaryInterceptor(
faultServer.NewInterceptor(), newLockInterceptor(&fakeKMS.mux)))
kmspb.RegisterKeyManagementServiceServer(s, fakeKMS)
faultpb.RegisterFaultServiceServer(s, faultServer)
go s.Serve(lis)
return &Server{Addr: lis.Addr(), grpcServer: s}, nil
}