feat[Spanner]: Add Multi Region Encryption samples

Author: panerorenn9541

spanner/api/Spanner.Samples.Tests/CopyBackupTest.cs

@@ -1,4 +1,4 @@
-// Copyright 2022 Google Inc.
+// Copyright 2022 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -30,17 +30,12 @@ public CopyBackupTest(SpannerFixture spannerFixture)
     public void CopyBackup()
     {
         CopyBackupSample copyBackupSample = new CopyBackupSample();
-        string source_Project_id = _spannerFixture.ProjectId;
-        string source_Instance_id = _spannerFixture.InstanceId;
-        string source_backupId = _spannerFixture.BackupId;
-        string target_Project_id = _spannerFixture.ProjectId;
-        string target_Instance_id = _spannerFixture.InstanceId;
-        string target_backupId = SpannerFixture.GenerateId("test_", 16);
-        DateTimeOffset expireTime = DateTimeOffset.UtcNow.AddHours(12);
 
-        Backup backup = copyBackupSample.CopyBackup(source_Instance_id, source_Project_id, source_backupId, 
-            target_Instance_id, target_Project_id, target_backupId, expireTime);
+        Backup backup = copyBackupSample.CopyBackup(
+            sourceProjectId: _spannerFixture.ProjectId, sourceInstanceId: _spannerFixture.InstanceId, sourceBackupId: _spannerFixture.BackupId,
+            targetProjectId: _spannerFixture.ProjectId, targetInstanceId: _spannerFixture.InstanceId, targetBackupId: SpannerFixture.GenerateId("test_", 16),
+            expireTime: DateTimeOffset.UtcNow.AddHours(6));
 
         Assert.NotNull(backup);
     }
-}
+}

spanner/api/Spanner.Samples.Tests/CopyBackupWithMultiRegionEncryptionAsyncTest.cs

@@ -0,0 +1,43 @@
+// Copyright 2024 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using Google.Cloud.Spanner.Admin.Database.V1;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+
+[Collection(nameof(SpannerFixture))]
+public class CopyBackupWithMultiRegionEncryptionAsyncTest
+{
+    private readonly SpannerFixture _fixture;
+
+    public CopyBackupWithMultiRegionEncryptionAsyncTest(SpannerFixture fixture)
+    {
+        _fixture = fixture;
+    }
+
+    [SkippableFact]
+    public async Task TestCopyBackupWithMultiRegionEncryptionAsync()
+    {
+        CopyBackupWithMultiRegionEncryptionAsyncSample copyBackupSample = new CopyBackupWithMultiRegionEncryptionAsyncSample();
+
+        var backup = await copyBackupSample.CopyBackupWithMultiRegionEncryptionAsync(
+            sourceProjectId: _fixture.ProjectId, sourceInstanceId: _fixture.InstanceId, sourceBackupId: _fixture.BackupId,
+            targetProjectId: _fixture.ProjectId, targetInstanceId: _fixture.InstanceId, targetBackupId: SpannerFixture.GenerateId("test_", 16),
+            expireTime: DateTimeOffset.UtcNow.AddHours(6), kmsKeyNames: _fixture.KmsKeyNames);
+
+        Assert.All(backup.EncryptionInformation, encryptionInfo => _fixture.KmsKeyNames.Any(keyName => encryptionInfo.KmsKeyVersion.StartsWith(keyName.ToString())));
+    }
+}

spanner/api/Spanner.Samples.Tests/CreateBackupWithEncryptionKeyAsyncTest.cs

@@ -1,4 +1,4 @@
-// Copyright 2021 Google Inc.
+// Copyright 2021 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ public CreateBackupWithEncryptionKeyAsyncTest(SpannerFixture fixture)
     [SkippableFact]
     public async Task TestCreatBackupWithEncryptionKeyAsync()
     {
-        Skip.If(!_fixture.RunCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
+        Skip.If(_fixture.SkipCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
         // Create a backup with a custom encryption key.
         var sample = new CreateBackupWithEncryptionKeyAsyncSample();
         var backup = await sample.CreateBackupWithEncryptionKeyAsync(_fixture.ProjectId, _fixture.InstanceId, _fixture.FixedEncryptedDatabaseId, _fixture.EncryptedBackupId, _fixture.KmsKeyName);

spanner/api/Spanner.Samples.Tests/CreateBackupWithMultiRegionEncryptionAsyncTest.cs

@@ -0,0 +1,43 @@
+// Copyright 2024 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using Google.Cloud.Spanner.Admin.Database.V1;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+
+/// <summary>
+/// Tests creating a backup using MR CMEK.
+/// </summary>
+[Collection(nameof(SpannerFixture))]
+public class CreateBackupWithMultiRegionEncryptionAsyncTest
+{
+    private readonly SpannerFixture _fixture;
+
+    public CreateBackupWithMultiRegionEncryptionAsyncTest(SpannerFixture fixture)
+    {
+        _fixture = fixture;
+    }
+
+    [SkippableFact]
+    public async Task TestCreateBackupWithMultiRegionEncryptionAsync()
+    {
+        Skip.If(_fixture.SkipCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
+        // Create a backup with custom encryption keys.
+        var sample = new CreateBackupWithMultiRegionEncryptionAsyncSample();
+        var backup = await sample.CreateBackupWithMultiRegionEncryptionAsync(_fixture.ProjectId, _fixture.InstanceId, _fixture.FixedMultiRegionEncryptedBackupId, _fixture.MultiRegionEncryptedBackupId, _fixture.KmsKeyNames);
+        Assert.All(backup.EncryptionInformation, encryptionInfo => _fixture.KmsKeyNames.Any(keyName => encryptionInfo.KmsKeyVersion.StartsWith(keyName.ToString())));
+    }
+}

spanner/api/Spanner.Samples.Tests/CreateDatabaseWithMultiRegionEncryptionAsyncTest.cs

@@ -0,0 +1,41 @@
+// Copyright 2024 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Threading.Tasks;
+using Xunit;
+using Google.Cloud.Spanner.Admin.Database.V1;
+using System.Linq;
+
+/// <summary>
+/// Tests creating a databases using MR CMEK.
+/// </summary>
+[Collection(nameof(SpannerFixture))]
+public class CreateDatabaseWithMultiRegionEncryptionAsyncTest
+{
+    private readonly SpannerFixture _fixture;
+
+    public CreateDatabaseWithMultiRegionEncryptionAsyncTest(SpannerFixture fixture)
+    {
+        _fixture = fixture;
+    }
+
+    [Fact]
+    public async Task TestCreateDatabaseWithMultiRegionEncryptionAsync()
+    {
+        // Create a database with custom encryption keys.
+        var sample = new CreateDatabaseWithMultiRegionEncryptionAsyncSample();
+        var database = await sample.CreateDatabaseWithMultiRegionEncryptionAsync(_fixture.ProjectId, _fixture.InstanceId, _fixture.MultiRegionEncryptedDatabaseId, _fixture.KmsKeyNames);
+        Assert.All(database.EncryptionConfig.KmsKeyNamesAsCryptoKeyNames, keyName => _fixture.KmsKeyNames.Contains(keyName));
+    }
+}

spanner/api/Spanner.Samples.Tests/RestoreDatabaseWithEncryptionKeyAsyncTest.cs

@@ -1,4 +1,4 @@
-// Copyright 2021 Google Inc.
+// Copyright 2021 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ public RestoreDatabaseWithEncryptionKeyAsyncTest(SpannerFixture fixture)
     [SkippableFact]
     public async Task TestRestoreDatabaseWithEncryptionKeyAsync()
     {
-        Skip.If(!_fixture.RunCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
+        Skip.If(_fixture.SkipCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
         var sample = new RestoreDatabaseWithEncryptionAsyncSample();
         var database = await sample.RestoreDatabaseWithEncryptionAsync(_fixture.ProjectId, _fixture.InstanceId, _fixture.EncryptedRestoreDatabaseId, _fixture.FixedEncryptedBackupId, _fixture.KmsKeyName);
         Assert.Equal(_fixture.KmsKeyName, CryptoKeyName.Parse(database.EncryptionConfig.KmsKeyName));

spanner/api/Spanner.Samples.Tests/RestoreDatabaseWithMultiRegionEncryptionAsyncTest.cs

@@ -0,0 +1,42 @@
+// Copyright 2024 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using Google.Cloud.Spanner.Admin.Database.V1;
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Xunit;
+
+/// <summary>
+/// Tests restoring a databases using customer managed encryption.
+/// </summary>
+[Collection(nameof(SpannerFixture))]
+public class RestoreDatabaseWithMultiRegionEncryptionAsyncTest
+{
+    private readonly SpannerFixture _fixture;
+
+    public RestoreDatabaseWithMultiRegionEncryptionAsyncTest(SpannerFixture fixture)
+    {
+        _fixture = fixture;
+    }
+
+    [SkippableFact]
+    public async Task TestRestoreDatabaseWithMultiRegionEncryptionAsync()
+    {
+        Skip.If(_fixture.SkipCmekBackupSampleTests, SpannerFixture.SkipCmekBackupSamplesMessage);
+        var sample = new RestoreDatabaseWithMultiRegionEncryptionAsyncSample();
+        var database = await sample.RestoreDatabaseWithMultiRegionEncryptionAsync(_fixture.ProjectId, _fixture.InstanceId, _fixture.MultiRegionEncryptedDatabaseId, _fixture.FixedMultiRegionEncryptedBackupId, _fixture.KmsKeyNames);
+        Assert.All(database.EncryptionConfig.KmsKeyNamesAsCryptoKeyNames, keyName => _fixture.KmsKeyNames.Contains(keyName));
+    }
+}

spanner/api/Spanner.Samples.Tests/SpannerFixture.cs

@@ -60,23 +60,31 @@ AlbumTitle STRING(MAX)
     public string ToBeCancelledBackupId { get; } = GenerateId("my-backup-");
     public string RestoredDatabaseId { get; private set; }
 
-    public bool RunCmekBackupSampleTests { get; private set; }
+    public bool SkipCmekBackupSampleTests { get; private set; }
     public const string SkipCmekBackupSamplesMessage = "Spanner CMEK backup sample tests are disabled by default for performance reasons. Set the environment variable RUN_SPANNER_CMEK_BACKUP_SAMPLES_TESTS=true to enable the test.";
 
     public string EncryptedDatabaseId { get; private set; }
     public string EncryptedBackupId { get; } = GenerateId("my-enc-backup-");
-    // 'restore' is abbreviated to prevent the name from becoming longer than 30 characters.
     public string EncryptedRestoreDatabaseId { get; private set; }
 
     // These are intentionally kept on the instance to avoid the need to create a new encrypted database and backup for each run.
     public string FixedEncryptedDatabaseId { get; } = "fixed-enc-backup-db";
     public string FixedEncryptedBackupId { get; } = "fixed-enc-backup";
 
+    public string MultiRegionEncryptedDatabaseId { get; private set; }
+    public string MultiRegionEncryptedBackupId { get; } = GenerateId("my-mr-enc-backup-");
+    public string MultiRegionEncryptedRestoreDatabaseId { get; private set; }
+
+    // These are intentionally kept on the instance to avoid the need to create a new encrypted database and backup for each run.
+    public string FixedMultiRegionEncryptedDatabaseId { get; } = "fixed-mr-backup-db";
+    public string FixedMultiRegionEncryptedBackupId { get; } = "fixed-mr-backup";
+
     public CryptoKeyName KmsKeyName { get; } = new CryptoKeyName(
         Environment.GetEnvironmentVariable("spanner.test.key.project") ?? Environment.GetEnvironmentVariable("GOOGLE_PROJECT_ID"),
         Environment.GetEnvironmentVariable("spanner.test.key.location") ?? "us-central1",
         Environment.GetEnvironmentVariable("spanner.test.key.ring") ?? "spanner-test-keyring",
         Environment.GetEnvironmentVariable("spanner.test.key.name") ?? "spanner-test-key");
+    public CryptoKeyName[] KmsKeyNames { get; private set; }
 
     public string InstanceIdWithProcessingUnits { get; } = GenerateId("my-ins-pu-");
     public string InstanceIdWithMultiRegion { get; } = GenerateId("my-ins-mr-");
@@ -103,6 +111,9 @@ public async Task InitializeAsync()
         RestoredDatabaseId = GenerateTempDatabaseId("my-restore-db-");
         EncryptedDatabaseId = GenerateTempDatabaseId("my-enc-db-");
         EncryptedRestoreDatabaseId = GenerateTempDatabaseId("my-enc-r-db-");
+        MultiRegionEncryptedDatabaseId = GenerateTempDatabaseId("my-mr-db-");
+        MultiRegionEncryptedRestoreDatabaseId = GenerateTempDatabaseId("my-mr-r-db-");
+        KmsKeyNames = new CryptoKeyName[] { KmsKeyName };
 
         DatabaseAdminClient = await DatabaseAdminClient.CreateAsync();
         InstanceAdminClient = await InstanceAdminClient.CreateAsync();
@@ -111,7 +122,7 @@ public async Task InitializeAsync()
         PgSpannerConnection = new SpannerConnection($"Data Source=projects/{ProjectId}/instances/{InstanceId}/databases/{PostgreSqlDatabaseId}");
 
         bool.TryParse(Environment.GetEnvironmentVariable("RUN_SPANNER_CMEK_BACKUP_SAMPLES_TESTS"), out var runCmekBackupSampleTests);
-        RunCmekBackupSampleTests = runCmekBackupSampleTests;
+        SkipCmekBackupSampleTests = !runCmekBackupSampleTests;
 
         await MaybeInitializeTestInstanceAsync();
         await CreateInstanceWithMultiRegionAsync();
@@ -122,9 +133,10 @@ public async Task InitializeAsync()
 
         // Create encryption key for creating an encrypted database and optionally backing up and restoring an encrypted database.
         await InitializeEncryptionKeys();
-        if (RunCmekBackupSampleTests)
+        if (!SkipCmekBackupSampleTests)
         {
             await InitializeEncryptedBackupAsync();
+            await InitializeMultiRegionEncryptedBackupAsync();
         }
     }
 
@@ -138,9 +150,9 @@ public async Task DisposeAsync()
                 DeleteInstanceAsync(InstanceIdWithProcessingUnits),
                 DeleteInstanceAsync(InstanceIdWithInstancePartition),
                 DeleteBackupAsync(ToBeCancelledBackupId),
-                DeleteBackupAsync(EncryptedBackupId)
+                DeleteBackupAsync(EncryptedBackupId),
+                DeleteBackupAsync(MultiRegionEncryptedRestoreDatabaseId)
             };
-
             DeleteInstanceConfig(CreateCustomInstanceConfigId);
             DeleteInstanceConfig(UpdateCustomInstanceConfigId);
             DeleteInstanceConfig(DeleteCustomInstanceConfigId);
@@ -378,6 +390,38 @@ private async Task InitializeEncryptedBackupAsync()
         }
     }
 
+    private async Task InitializeMultiRegionEncryptedBackupAsync()
+    {
+        // Sample backup for MR CMEK restore test.
+        try
+        {
+            CreateDatabaseWithMultiRegionEncryptionAsyncSample createDatabaseAsyncSample = new CreateDatabaseWithMultiRegionEncryptionAsyncSample();
+            InsertDataAsyncSample insertDataAsyncSample = new InsertDataAsyncSample();
+            await createDatabaseAsyncSample.CreateDatabaseWithMultiRegionEncryptionAsync(ProjectId, InstanceId, FixedMultiRegionEncryptedDatabaseId, KmsKeyNames);
+            await insertDataAsyncSample.InsertDataAsync(ProjectId, InstanceId, FixedMultiRegionEncryptedDatabaseId);
+        }
+        catch (Exception e) when (e.ToString().Contains("Database already exists"))
+        {
+            // We intentionally keep an existing database around to reduce
+            // the likelihood of test timeouts when creating a backup so
+            // it's ok to get an AlreadyExists error.
+            Console.WriteLine($"Database {FixedMultiRegionEncryptedDatabaseId} already exists.");
+        }
+
+        try
+        {
+            CreateBackupWithMultiRegionEncryptionAsyncSample createBackupSample = new CreateBackupWithMultiRegionEncryptionAsyncSample();
+            await createBackupSample.CreateBackupWithMultiRegionEncryptionAsync(ProjectId, InstanceId, FixedMultiRegionEncryptedDatabaseId, FixedMultiRegionEncryptedBackupId, KmsKeyNames);
+        }
+        catch (RpcException e) when (e.StatusCode == StatusCode.AlreadyExists)
+        {
+            // We intentionally keep an existing backup around to reduce
+            // the likelihood of test timeouts when creating a backup so
+            // it's ok to get an AlreadyExists error.
+            Console.WriteLine($"Backup {FixedMultiRegionEncryptedBackupId} already exists.");
+        }
+    }
+
     private async Task DeleteInstanceAsync(string instanceId)
     {
         try

spanner/api/Spanner.Samples/CopyBackup.cs

@@ -1,4 +1,4 @@
-// Copyright 2022 Google Inc.
+// Copyright 2022 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -22,18 +22,19 @@
 
 public class CopyBackupSample
 {
-    public Backup CopyBackup(string sourceInstanceId, string sourceProjectId, string sourceBackupId, 
-        string targetInstanceId, string targetProjectId, string targetBackupId, 
+    public Backup CopyBackup(
+        string sourceProjectId, string sourceInstanceId, string sourceBackupId,
+        string targetProjectId, string targetInstanceId, string targetBackupId,
         DateTimeOffset expireTime)
     {
         DatabaseAdminClient databaseAdminClient = DatabaseAdminClient.Create();
 
         var request = new CopyBackupRequest
         {
-            SourceBackupAsBackupName = new BackupName(sourceProjectId, sourceInstanceId, sourceBackupId), 
+            SourceBackupAsBackupName = new BackupName(sourceProjectId, sourceInstanceId, sourceBackupId),
             ParentAsInstanceName = new InstanceName(targetProjectId, targetInstanceId),
             BackupId = targetBackupId,
-            ExpireTime = Timestamp.FromDateTimeOffset(expireTime) 
+            ExpireTime = Timestamp.FromDateTimeOffset(expireTime)
         };
 
         var response = databaseAdminClient.CopyBackup(request);
@@ -50,10 +51,10 @@ public Backup CopyBackup(string sourceInstanceId, string sourceProjectId, string
 
         Console.WriteLine($"Backup created successfully.");
         Console.WriteLine($"Backup with Id {sourceBackupId} has been copied from {sourceProjectId}/{sourceInstanceId} to {targetProjectId}/{targetInstanceId} Backup {targetBackupId}");
-        Console.WriteLine($"Backup {backup.Name} of size {backup.SizeBytes} bytes was created at {backup.CreateTime} from {backup.Database} and is in state {backup.State} and has version time {backup.VersionTime.ToDateTime()}");
+        Console.WriteLine($"Backup {backup.Name} of size {backup.SizeBytes} bytes was created at {backup.CreateTime} from {backup.Database} and is in state {backup.State} and has version time {backup.VersionTime}");
 
         return backup;
     }
 }
 
-// [END spanner_copy_backup]
+// [END spanner_copy_backup]