google-cloud-spanner 2.5.0 → 2.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9768d839e58d7697a3ec4d57f924c6dd251bf59b1bb531ca2fbcf14da1b6120d
4
- data.tar.gz: 2fd33ab3bfddeaed840fd815d057e3ddb81bf3a4b746b88f20dcc72ecca46e44
3
+ metadata.gz: 0faea5b1e581fbc3981a52fa5ea8b2f1674f79fc71bc3000639020739747b5ea
4
+ data.tar.gz: bd4d345cbf3cefc8dbba31a2d74d4f729e8a5d9e3364277ba3d168d572c2538b
5
5
  SHA512:
6
- metadata.gz: ba9f01ea9fc094a4ece357bacddc46cf235704f242eea88393de8ea5b1e5ae56b1f5260ad26e999ad53047d4a4c7f6d855612ea6de139e80ae7d60ec6b305fdf
7
- data.tar.gz: fb498abaae70d4b8c56736b8267f87ae3637ddfe6b3aad675ad35c2faa1d4681a3a91be98ce6604454b185557a11aaf5a8294b0e007a849ff08ff19cad3088ae
6
+ metadata.gz: 8b315bed1e2a9ef29f956333086d2ad35a77f8d8c305440fea90830b89d074269c8969cb5c6002a33f3f660974defa165eb270d4671338a3f7df43c07015d78f
7
+ data.tar.gz: c2807ef7f0f1289a6515114c34aba03dd3959a50467f4c2fa6ef22efd88c2b75db87b40e1ec8b5a3b29a7e334f5c96d2fc07a1196e3100a3a6c518d726da3ecd
data/CHANGELOG.md CHANGED
@@ -1,5 +1,18 @@
1
1
  # Release History
2
2
 
3
+ ### 2.6.0 / 2021-03-31
4
+
5
+ #### Features
6
+
7
+ * add cmek backup support - ext of [#8142](https://www.github.com/googleapis/google-cloud-ruby/issues/8142) ([#8168](https://www.github.com/googleapis/google-cloud-ruby/issues/8168))
8
+ * feat(spanner): add cmek backup support
9
+ * Add encryption_config to restore database.
10
+ * doc example for backup create with encryption config
11
+ * create backup with encryption type
12
+ * backup restore with encryption type changes
13
+ * fix typo
14
+ * add cmek db support
15
+
3
16
  ### 2.5.0 / 2021-03-10
4
17
 
5
18
  #### Features
@@ -88,6 +88,12 @@ module Google
88
88
  @grpc.database.split("/")[5]
89
89
  end
90
90
 
91
+ # Encryption information for a given resource.
92
+ # @return [Google::Cloud::Spanner::Admin::Database::V1::EncryptionInfo, nil]
93
+ def encryption_info
94
+ @grpc.encryption_info
95
+ end
96
+
91
97
  ##
92
98
  # The full path for the backup. Values are of the form
93
99
  # `projects/<project>/instances/<instance>/backups/<backup_id>`.
@@ -245,6 +251,29 @@ module Google
245
251
  # project and have the same instance configuration as the instance
246
252
  # containing the source backup. Optional. Default value is same as a
247
253
  # backup instance.
254
+ # @param [Hash] encryption_config An encryption configuration describing
255
+ # the encryption type and key resources in Cloud KMS used to
256
+ # encrypt/decrypt the database to restore to. If this field is not
257
+ # specified, the restored database will use the same encryption
258
+ # configuration as the backup by default. Optional. The following
259
+ # settings can be provided:
260
+ #
261
+ # * `:kms_key_name` (String) The name of KMS key to use which should
262
+ # be the full path, e.g., `projects/<project>/locations/<location>\
263
+ # /keyRings/<key_ring>/cryptoKeys/<kms_key_name>`
264
+ # This field should be set only when encryption type
265
+ # `:CUSTOMER_MANAGED_ENCRYPTION`.
266
+ # * `:encryption_type` (Symbol) The encryption type of the backup.
267
+ # Valid values are:
268
+ # 1. `:USE_CONFIG_DEFAULT_OR_BACKUP_ENCRYPTION` - This is the default
269
+ # option when config is not specified.
270
+ # 2. `:GOOGLE_DEFAULT_ENCRYPTION` - Google default encryption.
271
+ # 3. `:CUSTOMER_MANAGED_ENCRYPTION` - Use customer managed encryption.
272
+ # If specified, `:kms_key_name` must contain a valid Cloud KMS key.
273
+ #
274
+ # @raise [ArgumentError] if `:CUSTOMER_MANAGED_ENCRYPTION` specified without
275
+ # customer managed kms key.
276
+ #
248
277
  # @return [Database] Restored database.
249
278
  #
250
279
  # @example
@@ -288,16 +317,50 @@ module Google
288
317
  # database = job.database
289
318
  # end
290
319
  #
291
- def restore database_id, instance_id: nil
320
+ # @example Restore database with encryption config
321
+ # require "google/cloud/spanner"
322
+ #
323
+ # spanner = Google::Cloud::Spanner.new
324
+ #
325
+ # instance = spanner.instance "my-instance"
326
+ # backup = instance.backup "my-backup"
327
+ # kms_key_name = "projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>"
328
+ # encryption_config = {
329
+ # kms_key_name: kms_key_name,
330
+ # encryption_type: :CUSTOMER_MANAGED_ENCRYPTION
331
+ # }
332
+ # job = backup.restore(
333
+ # "my-restored-database",
334
+ # encryption_config: encryption_config
335
+ # )
336
+ #
337
+ # job.done? #=> false
338
+ # job.reload! # API call
339
+ # job.done? #=> true
340
+ #
341
+ # if job.error?
342
+ # status = job.error
343
+ # else
344
+ # database = job.database
345
+ # end
346
+ #
347
+ def restore database_id, instance_id: nil, encryption_config: nil
292
348
  ensure_service!
293
349
 
294
350
  instance_id ||= self.instance_id
295
351
 
352
+ if encryption_config&.include?(:kms_key_name) &&
353
+ encryption_config[:encryption_type] != :CUSTOMER_MANAGED_ENCRYPTION
354
+ raise Google::Cloud::InvalidArgumentError,
355
+ "kms_key_name only used with CUSTOMER_MANAGED_ENCRYPTION"
356
+ end
357
+
296
358
  grpc = service.restore_database \
297
359
  self.instance_id,
298
360
  backup_id,
299
361
  instance_id,
300
- database_id
362
+ database_id,
363
+ encryption_config: encryption_config
301
364
  Restore::Job.from_grpc grpc, service
302
365
  end
303
366
 
@@ -113,6 +113,31 @@ module Google
113
113
  @grpc.state
114
114
  end
115
115
 
116
+ # An encryption configuration describing the encryption type and key
117
+ # resources in Cloud KMS.
118
+ #
119
+ # @return [Google::Cloud::Spanner::Admin::Database::V1::EncryptionConfig, nil]
120
+ def encryption_config
121
+ @grpc.encryption_config
122
+ end
123
+
124
+ # Encryption information for the database.
125
+ #
126
+ # For databases that are using customer managed encryption, this
127
+ # field contains the encryption information for the database, such as
128
+ # encryption state and the Cloud KMS key versions that are in use.
129
+ #
130
+ # For databases that are using Google default or other types of encryption,
131
+ # this field is empty.
132
+ #
133
+ # This field is propagated lazily from the backend. There might be a delay
134
+ # from when a key version is being used and when it appears in this field.
135
+ #
136
+ # @return [Array<Google::Cloud::Spanner::Admin::Database::V1::EncryptionInfo>]
137
+ def encryption_info
138
+ @grpc.encryption_info.to_a
139
+ end
140
+
116
141
  ##
117
142
  # The database is still being created. Operations on the database may
118
143
  # raise with `FAILED_PRECONDITION` in this state.
@@ -417,6 +442,26 @@ module Google
417
442
  # it will be automatically set to the backup create time. The version
418
443
  # time can be as far in the past as specified by the database earliest
419
444
  # version time. Optional.
445
+ # @param [Hash] encryption_config An encryption configuration describing
446
+ # the encryption type and key resources in Cloud KMS. Optional. The
447
+ # following settings can be provided:
448
+ #
449
+ # * `:kms_key_name` (String) The name of KMS key to use which should
450
+ # be the full path, e.g., `projects/<project>/locations/<location>\
451
+ # /keyRings/<key_ring>/cryptoKeys/<kms_key_name>`
452
+ # This field should be set only when encryption type
453
+ # `:CUSTOMER_MANAGED_ENCRYPTION`.
454
+ # * `:encryption_type` (Symbol) The encryption type of the backup.
455
+ # Valid values are:
456
+ # 1. `:USE_DATABASE_ENCRYPTION` - Use the same encryption configuration as
457
+ # the database.
458
+ # 2. `:GOOGLE_DEFAULT_ENCRYPTION` - Google default encryption.
459
+ # 3. `:CUSTOMER_MANAGED_ENCRYPTION` - Use customer managed encryption.
460
+ # If specified, `:kms_key_name` must contain a valid Cloud KMS key.
461
+ #
462
+ # @raise [ArgumentError] if `:CUSTOMER_MANAGED_ENCRYPTION` specified without
463
+ # customer managed kms key.
464
+ #
420
465
  # @return [Google::Cloud::Spanner::Backup::Job] The job representing
421
466
  # the long-running, asynchronous processing of a backup create
422
467
  # operation.
@@ -443,14 +488,48 @@ module Google
443
488
  # backup = job.backup
444
489
  # end
445
490
  #
446
- def create_backup backup_id, expire_time, version_time: nil
491
+ # @example Create backup with encryption config
492
+ # require "google/cloud/spanner"
493
+ #
494
+ # spanner = Google::Cloud::Spanner.new
495
+ # database = spanner.database "my-instance", "my-database"
496
+ #
497
+ # kms_key_name = "projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>"
498
+ # encryption_config = {
499
+ # kms_key_name: kms_key_name,
500
+ # encryption_type: :CUSTOMER_MANAGED_ENCRYPTION
501
+ # }
502
+ # job = database.create_backup "my-backup",
503
+ # Time.now + 36000,
504
+ # encryption_config: encryption_config
505
+ #
506
+ # job.done? #=> false
507
+ # job.reload! # API call
508
+ # job.done? #=> true
509
+ #
510
+ # if job.error?
511
+ # status = job.error
512
+ # else
513
+ # backup = job.backup
514
+ # end
515
+ #
516
+ def create_backup backup_id, expire_time,
517
+ version_time: nil, encryption_config: nil
447
518
  ensure_service!
519
+
520
+ if encryption_config&.include?(:kms_key_name) &&
521
+ encryption_config[:encryption_type] != :CUSTOMER_MANAGED_ENCRYPTION
522
+ raise Google::Cloud::InvalidArgumentError,
523
+ "kms_key_name only used with CUSTOMER_MANAGED_ENCRYPTION"
524
+ end
525
+
448
526
  grpc = service.create_backup \
449
527
  instance_id,
450
528
  database_id,
451
529
  backup_id,
452
530
  expire_time,
453
- version_time
531
+ version_time,
532
+ encryption_config: encryption_config
454
533
  Backup::Job.from_grpc grpc, service
455
534
  end
456
535
 
@@ -306,6 +306,13 @@ module Google
306
306
  # These statements execute atomically with the creation of the
307
307
  # database: if there is an error in any statement, the database is not
308
308
  # created. Optional.
309
+ # @param [Hash] encryption_config An encryption configuration describing
310
+ # the encryption type and key resources in Cloud KMS. Optional. The
311
+ # following settings can be provided:
312
+ #
313
+ # * `:kms_key_name` (String) The name of KMS key to use which should
314
+ # be the full path, e.g., `projects/<project>/locations/<location>\
315
+ # /keyRings/<key_ring>/cryptoKeys/<kms_key_name>`
309
316
  #
310
317
  # @return [Database::Job] The job representing the long-running,
311
318
  # asynchronous processing of a database create operation.
@@ -328,9 +335,30 @@ module Google
328
335
  # database = job.database
329
336
  # end
330
337
  #
331
- def create_database database_id, statements: []
338
+ # @example Create with encryption config
339
+ # require "google/cloud/spanner"
340
+ #
341
+ # spanner = Google::Cloud::Spanner.new
342
+ #
343
+ # instance = spanner.instance "my-instance"
344
+ #
345
+ # kms_key_name = "projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>"
346
+ # job = instance.create_database "my-new-database", encryption_config: { kms_key_name: kms_key_name }
347
+ #
348
+ # job.done? #=> false
349
+ # job.reload! # API call
350
+ # job.done? #=> true
351
+ #
352
+ # if job.error?
353
+ # status = job.error
354
+ # else
355
+ # database = job.database
356
+ # end
357
+ #
358
+ def create_database database_id, statements: [], encryption_config: nil
332
359
  grpc = service.create_database instance_id, database_id,
333
- statements: statements
360
+ statements: statements,
361
+ encryption_config: encryption_config
334
362
  Database::Job.from_grpc grpc, service
335
363
  end
336
364
 
@@ -380,6 +380,13 @@ module Google
380
380
  # These statements execute atomically with the creation of the
381
381
  # database: if there is an error in any statement, the database is not
382
382
  # created. Optional.
383
+ # @param [Hash] encryption_config An encryption configuration describing
384
+ # the encryption type and key resources in Cloud KMS. Optional. The
385
+ # following settings can be provided:
386
+ #
387
+ # * `:kms_key_name` (String) The name of KMS key to use which should
388
+ # be the full path, e.g., `projects/<project>/locations/<location>\
389
+ # /keyRings/<key_ring>/cryptoKeys/<kms_key_name>`
383
390
  #
384
391
  # @return [Database::Job] The job representing the long-running,
385
392
  # asynchronous processing of a database create operation.
@@ -402,9 +409,32 @@ module Google
402
409
  # database = job.database
403
410
  # end
404
411
  #
405
- def create_database instance_id, database_id, statements: []
412
+ # @example Create with encryption config
413
+ # require "google/cloud/spanner"
414
+ #
415
+ # spanner = Google::Cloud::Spanner.new
416
+ #
417
+ # kms_key_name = "projects/<project>/locations/<location>/keyRings/<key_ring>/cryptoKeys/<kms_key_name>"
418
+ # encryption_config = { kms_key_name: kms_key_name }
419
+ # job = spanner.create_database "my-instance",
420
+ # "my-new-database",
421
+ # encryption_config: encryption_config
422
+ #
423
+ # job.done? #=> false
424
+ # job.reload! # API call
425
+ # job.done? #=> true
426
+ #
427
+ # if job.error?
428
+ # status = job.error
429
+ # else
430
+ # database = job.database
431
+ # end
432
+ #
433
+ def create_database instance_id, database_id, statements: [],
434
+ encryption_config: nil
406
435
  grpc = service.create_database instance_id, database_id,
407
- statements: statements
436
+ statements: statements,
437
+ encryption_config: encryption_config
408
438
  Database::Job.from_grpc grpc, service
409
439
  end
410
440
 
@@ -214,12 +214,13 @@ module Google
214
214
  end
215
215
 
216
216
  def create_database instance_id, database_id, statements: [],
217
- call_options: nil
217
+ call_options: nil, encryption_config: nil
218
218
  opts = default_options call_options: call_options
219
219
  request = {
220
220
  parent: instance_path(instance_id),
221
221
  create_statement: "CREATE DATABASE `#{database_id}`",
222
- extra_statements: Array(statements)
222
+ extra_statements: Array(statements),
223
+ encryption_config: encryption_config
223
224
  }
224
225
  databases.create_database request, opts
225
226
  end
@@ -468,7 +469,8 @@ module Google
468
469
  end
469
470
 
470
471
  def create_backup instance_id, database_id, backup_id, expire_time,
471
- version_time, call_options: nil
472
+ version_time, call_options: nil,
473
+ encryption_config: nil
472
474
  opts = default_options call_options: call_options
473
475
  backup = {
474
476
  database: database_path(instance_id, database_id),
@@ -478,7 +480,8 @@ module Google
478
480
  request = {
479
481
  parent: instance_path(instance_id),
480
482
  backup_id: backup_id,
481
- backup: backup
483
+ backup: backup,
484
+ encryption_config: encryption_config
482
485
  }
483
486
  databases.create_backup request, opts
484
487
  end
@@ -545,12 +548,13 @@ module Google
545
548
 
546
549
  def restore_database backup_instance_id, backup_id,
547
550
  database_instance_id, database_id,
548
- call_options: nil
551
+ call_options: nil, encryption_config: nil
549
552
  opts = default_options call_options: call_options
550
553
  request = {
551
554
  parent: instance_path(database_instance_id),
552
555
  database_id: database_id,
553
- backup: backup_path(backup_instance_id, backup_id)
556
+ backup: backup_path(backup_instance_id, backup_id),
557
+ encryption_config: encryption_config
554
558
  }
555
559
  databases.restore_database request, opts
556
560
  end
@@ -16,7 +16,7 @@
16
16
  module Google
17
17
  module Cloud
18
18
  module Spanner
19
- VERSION = "2.5.0".freeze
19
+ VERSION = "2.6.0".freeze
20
20
  end
21
21
  end
22
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-spanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.0
4
+ version: 2.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Moore
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-03-11 00:00:00.000000000 Z
12
+ date: 2021-03-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: google-cloud-core