feat(parametermanager): Added samples for kms_key field in parameter manager #4071
Conversation
product-auto-label
bot
added
the
samples
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hello @durgesh-ninave-crest, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
This pull request introduces samples for managing KMS keys with the Parameter Manager, both for global and regional parameters. It includes samples for creating, updating, and removing KMS keys associated with parameters. The changes involve adding new JavaScript files for each of these operations, along with updates to the package.json file and test files to include the new samples.
Highlights
- New samples: Added six new samples demonstrating how to create, update, and remove KMS keys for both global and regional parameters using the Parameter Manager SDK.
- Regional parameter support: The samples include specific examples for regional parameters, showcasing the use of regional endpoints.
- KMS key integration: Demonstrates how to integrate KMS keys for encryption of parameters, providing enhanced security.
Changelog
Click here to see the changelog
- parametermanager/createParamWithKmsKey.js
- Added a new sample to create a global parameter with a KMS key.
- Includes code to instantiate a Parameter Manager client and create a parameter with the specified KMS key.
- parametermanager/package.json
- Updated dependencies to include
@google-cloud/kmsand other development dependencies. - Modified the test script to include testing for the new KMS key samples.
- Updated dependencies to include
- parametermanager/regional_samples/createRegionalParamWithKmsKey.js
- Added a new sample to create a regional parameter with a KMS key.
- Includes code to set the regional endpoint and create a regional parameter with the specified KMS key.
- parametermanager/regional_samples/removeRegionalParamKmsKey.js
- Added a new sample to remove a KMS key from a regional parameter.
- Includes code to update the parameter and remove the KMS key association.
- parametermanager/regional_samples/updateRegionalParamKmsKey.js
- Added a new sample to update a regional parameter with a KMS key.
- Includes code to update the parameter with the specified KMS key.
- parametermanager/removeParamKmsKey.js
- Added a new sample to remove a KMS key from a global parameter.
- Includes code to update the parameter and remove the KMS key association.
- parametermanager/test/.eslintrc.yaml
- Added eslint configuration for mocha environment
- parametermanager/test/parametermanager.test.js
- Added tests for the new KMS key samples, covering create, update, and remove operations for both global and regional parameters.
- Includes setup and teardown logic to create and destroy test parameters and KMS keys.
- parametermanager/updateParamKmsKey.js
- Added a new sample to update a global parameter with a KMS key.
- Includes code to update the parameter with the specified KMS key.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
In realms of code, where secrets reside,
A KMS key, our trusted guide.
Encrypting data, safe and sound,
Parameter Manager, security profound.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
The pull request introduces samples for using KMS keys with the Parameter Manager service, covering both global and regional parameters. The samples include creating, updating, and removing KMS keys. Overall, the code is well-structured and easy to follow. However, there are a few areas that could be improved for clarity and consistency.
Summary of Findings
- Missing KMS Key Version Destruction: The tests create KMS keys and crypto keys, but do not destroy the crypto key versions after use. This could lead to resource accumulation and unexpected costs.
- Inconsistent Parameter ID Naming: In the tests, some parameter IDs are appended with '-1' during creation, while others are not. This inconsistency can be confusing and should be addressed for clarity.
- Redundant KMS Key Parameter in Remove Samples: The remove samples include a KMS key parameter in the CLI arguments, but this parameter is not actually used in the code. This can be misleading to users.
Merge Readiness
The pull request is almost ready for merging. However, the identified issues should be addressed first. Specifically, the KMS key version destruction in tests is important to prevent resource accumulation. The inconsistent parameter ID naming and redundant KMS key parameter in remove samples should also be fixed for clarity and consistency. I am unable to approve this pull request, and recommend that another reviewer also approves this code before merging.
| try { | ||
| await kmsClient.destroyCryptoKeyVersion({ | ||
| name: `${kmsKey}/cryptoKeyVersions/1`, | ||
| }); | ||
| } catch (error) { | ||
| if (error.code === 5) { | ||
| // If the method is not found, skip it. | ||
| } | ||
| } | ||
|
|
||
| try { | ||
| await kmsClient.destroyCryptoKeyVersion({ | ||
| name: `${kmsKey1}/cryptoKeyVersions/1`, | ||
| }); | ||
| } catch (error) { | ||
| if (error.code === 5) { | ||
| // If the method is not found, skip it. | ||
| } | ||
| } | ||
|
|
||
| try { | ||
| await kmsClient.destroyCryptoKeyVersion({ | ||
| name: `${regionalKmsKey}/cryptoKeyVersions/1`, | ||
| }); | ||
| } catch (error) { | ||
| if (error.code === 5) { | ||
| // If the method is not found, skip it. | ||
| } | ||
| } | ||
|
|
||
| try { | ||
| await kmsClient.destroyCryptoKeyVersion({ | ||
| name: `${regionalKmsKey1}/cryptoKeyVersions/1`, | ||
| }); | ||
| } catch (error) { | ||
| if (error.code === 5) { | ||
| // If the method is not found, skip it. | ||
| } | ||
| } |
There was a problem hiding this comment.
Consider destroying the crypto key versions after the tests to avoid accumulating resources and incurring costs. You can use kmsClient.destroyCryptoKeyVersion to destroy the versions.
| * @param {string} projectId - The Google Cloud project ID where the parameter is to be updated. | ||
| * @param {string} locationId - The ID of the region where parameter is to be updated. | ||
| * @param {string} parameterId - The ID of the parameter to update. This ID must be unique within the project. | ||
| */ |
There was a problem hiding this comment.
The function description mentions that the parameter ID must be unique within the project, but it should also specify that it must be unique within the region.
| async function main( | ||
| projectId = 'my-project', | ||
| locationId = 'us-central1', | ||
| parameterId = 'my-parameter' |
There was a problem hiding this comment.
The kmsKey parameter is not used in this function. Consider removing it from the function signature to avoid confusion.
| parameterId = 'my-parameter' | |
| locationId = 'us-central1', | |
| parameterId = 'my-parameter' | |
| ) { |
| * | ||
| * @param {string} projectId - The Google Cloud project ID where the parameter is to be updated. | ||
| * @param {string} parameterId - The ID of the parameter to update. This ID must be unique within the project. | ||
| */ |
There was a problem hiding this comment.
The function description mentions that the parameter ID must be unique within the project.
|
|
||
| it('should create a parameter with kms_key', async () => { | ||
| const output = execSync( | ||
| `node createParamWithKmsKey.js ${projectId} ${parameterId}-1 ${kmsKey}` |
There was a problem hiding this comment.
Inconsistent naming: Why is '-1' appended here but not in other create parameter tests? Consider removing the '-1' to keep the naming consistent with other tests.
const output = execSync(
`node createParamWithKmsKey.js ${projectId} ${parameterId} ${kmsKey}`
);|
|
||
| it('should create a regional parameter with kms_key', async () => { | ||
| const output = execSync( | ||
| `node regional_samples/createRegionalParamWithKmsKey.js ${projectId} ${locationId} ${regionalParameterId}-1 ${regionalKmsKey}` |
There was a problem hiding this comment.
Inconsistent naming: Why is '-1' appended here but not in other create parameter tests? Consider removing the '-1' to keep the naming consistent with other tests.
const output = execSync(
`node regional_samples/createRegionalParamWithKmsKey.js ${projectId} ${locationId} ${regionalParameterId} ${regionalKmsKey}`
);
|
Here is the summary of changes. You are about to add 6 region tags.
This comment is generated by snippet-bot.
|
Description
Created samples for the KMS key field in the global and regional parameter manager.
Samples List:
Checklist
npm test(see Testing)npm run lint(see Style)GoogleCloudPlatform/nodejs-docs-samples. Not a fork.