GoogleCloudPlatform · dpebot · Feb 3, 2017 · Feb 1, 2017 · Feb 2, 2017
diff --git a/kms/pom.xml b/kms/pom.xml
@@ -17,6 +17,17 @@
       <groupId>com.google.apis</groupId>
       <artifactId>google-api-services-cloudkms</artifactId>
       <version>v1beta1-rev51-1.18.0-rc</version>
+      <exclusions>
+        <exclusion> <!-- exclude an old version of Guava -->
+          <groupId>com.google.guava</groupId>
+          <artifactId>guava-jdk5</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+      <version>20.0</version>
     </dependency>
     <dependency>
       <groupId>com.google.api-client</groupId>

diff --git a/kms/src/main/java/com/example/CryptFile.java b/kms/src/main/java/com/example/CryptFile.java
@@ -60,15 +60,31 @@ public static CloudKMS createAuthorizedClient() throws IOException {
   }
 
   /**
-   * Encrypts the given bytes, using the specified crypto key.
+   * Encrypts the given bytes, using the primary version of the specified crypto key.
+   *
+   * The primary version can be updated via the <a
+   * href="https://g.co/cloud/kms/docs/reference/rest/v1beta1/projects.locations.keyRings.cryptoKeys/updatePrimaryVersion">updatePrimaryVersion</a>
+   * method.
    */
   public static byte[] encrypt(String projectId, String ringId, String keyId, byte[] plaintext)
       throws IOException {
+    return encrypt(projectId, ringId, keyId, null, plaintext);
+  }
+
+  /**
+   * Encrypts the given bytes, using the specified crypto key version.
+   */
+  public static byte[] encrypt(
+      String projectId, String ringId, String keyId, String version, byte[] plaintext)
+      throws IOException {
     String location = "global";
     // The resource name of the cryptoKey
     String cryptoKeyName = String.format(
         "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
         projectId, location, ringId, keyId);
+    if (null != version) {
+      cryptoKeyName += "/cryptoKeyVersions/" + version;
+    }
     // Create the Cloud KMS client.
     CloudKMS kms = createAuthorizedClient();
 

diff --git a/kms/src/main/java/com/example/Quickstart.java b/kms/src/main/java/com/example/Quickstart.java
diff --git a/kms/src/main/java/com/example/SnippetCommands.java b/kms/src/main/java/com/example/SnippetCommands.java
@@ -68,6 +68,18 @@ public void run() throws IOException {
     }
   }
 
+  public static class CreateCryptoKeyVersionCommand extends KeyArgs implements Command {
+    public void run() throws IOException {
+      Snippets.createCryptoKeyVersion(projectId, ringId, keyId);
+    }
+  }
+
+  public static class ListKeyRingsCommand extends ProjectIdArgs implements Command {
+    public void run() throws IOException {
+      Snippets.listKeyRings(projectId);
+    }
+  }
+
   public static class ListCryptoKeysCommand extends KeyRingArgs implements Command {
     public void run() throws IOException {
       Snippets.listCryptoKeys(projectId, ringId);
@@ -173,6 +185,8 @@ public void run() throws IOException {
   @SubCommands({
       @SubCommand(name = "createKeyRing", impl = CreateKeyRingCommand.class),
       @SubCommand(name = "createCryptoKey", impl = CreateCryptoKeyCommand.class),
+      @SubCommand(name = "createCryptoKeyVersion", impl = CreateCryptoKeyVersionCommand.class),
+      @SubCommand(name = "listKeyRings", impl = ListKeyRingsCommand.class),
       @SubCommand(name = "listCryptoKeys", impl = ListCryptoKeysCommand.class),
       @SubCommand(name = "listCryptoKeyVersions", impl = ListCryptoKeyVersionsCommand.class),
       @SubCommand(name = "disableCryptoKeyVersion", impl = DisableCryptoKeyVersionCommand.class),

diff --git a/kms/src/main/java/com/example/Snippets.java b/kms/src/main/java/com/example/Snippets.java
@@ -28,6 +28,7 @@
 import com.google.api.services.cloudkms.v1beta1.model.KeyRing;
 import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeyVersionsResponse;
 import com.google.api.services.cloudkms.v1beta1.model.ListCryptoKeysResponse;
+import com.google.api.services.cloudkms.v1beta1.model.ListKeyRingsResponse;
 import com.google.api.services.cloudkms.v1beta1.model.Policy;
 import com.google.api.services.cloudkms.v1beta1.model.SetIamPolicyRequest;
 
@@ -114,6 +115,30 @@ public static CryptoKey createCryptoKey(String projectId, String ringId, String
     return createdKey;
   }
 
+  /**
+   * Creates a new crypto key version for the given id.
+   */
+  public static void createCryptoKeyVersion(
+      String projectId, String ringId, String keyId) throws IOException {
+    String location = "global";
+    // Create the Cloud KMS client.
+    CloudKMS kms = createAuthorizedClient();
+
+    // The resource name of the cryptoKey
+    String cryptoKeys = String.format(
+        "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s",
+        projectId, location, ringId, keyId);
+
+    CryptoKeyVersion version = new CryptoKeyVersion();
+
+    CryptoKeyVersion newVersion = kms.projects().locations().keyRings().cryptoKeys()
+        .cryptoKeyVersions()
+        .create(cryptoKeys, version)
+        .execute();
+
+    System.out.println(newVersion);
+  }
+
   /**
    * Disables the given version of the crypto key.
    */
@@ -263,11 +288,12 @@ public static Policy addMemberToCryptoKeyPolicy(
     iamPolicy.setBindings(bindings);
 
     // Set the new IAM Policy.
-    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
+    Policy newIamPolicy = kms.projects().locations().keyRings()
+        .cryptoKeys()
         .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
         .execute();
 
-    System.out.println(newIamPolicy);
+    System.out.println("Response: " + newIamPolicy);
     return newIamPolicy;
   }
 
@@ -320,11 +346,12 @@ public static Policy addMemberToKeyRingPolicy(
     iamPolicy.setBindings(bindings);
 
     // Set the new IAM Policy.
-    Policy newIamPolicy = kms.projects().locations().keyRings()
+    Policy newIamPolicy = kms.projects().locations()
+        .keyRings()
         .setIamPolicy(keyring, new SetIamPolicyRequest().setPolicy(iamPolicy))
         .execute();
 
-    System.out.println(newIamPolicy);
+    System.out.println("Response: " + newIamPolicy);
     return newIamPolicy;
   }
 
@@ -346,21 +373,26 @@ public static Policy removeMemberFromCryptoKeyPolicy(
     // Get the current IAM policy and add the new account to it.
     Policy iamPolicy = getCryptoKeyPolicy(projectId, ringId, keyId);
 
-    List<Binding> bindings = iamPolicy.getBindings();
+    if (null == iamPolicy.getBindings()) {
+      // Nothing to remove
+      return null;
+    }
+
     // Filter out the given member
-    for (Binding b : bindings) {
+    for (Binding b : iamPolicy.getBindings()) {
       if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
-        b.getMembers().remove(member);
+        b.getMembers().removeAll(Collections.singletonList(member));
         break;
       }
     }
 
     // Set the new IAM Policy.
-    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
+    Policy newIamPolicy = kms.projects().locations().keyRings()
+        .cryptoKeys()
         .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
         .execute();
 
-    System.out.println(newIamPolicy);
+    System.out.println("Response: " + newIamPolicy);
     return newIamPolicy;
   }
 
@@ -382,24 +414,54 @@ public static Policy removeMemberFromKeyRingPolicy(
     // Get the current IAM policy and add the new account to it.
     Policy iamPolicy = getKeyRingPolicy(projectId, ringId);
 
-    List<Binding> bindings = iamPolicy.getBindings();
     // Filter out the given member
-    for (Binding b : bindings) {
+    for (Binding b : iamPolicy.getBindings()) {
       if (role.equals(b.getRole()) && b.getMembers().contains(member)) {
         b.getMembers().remove(member);
         break;
       }
     }
 
     // Set the new IAM Policy.
-    Policy newIamPolicy = kms.projects().locations().keyRings().cryptoKeys()
+    Policy newIamPolicy = kms.projects().locations()
+        .keyRings()
         .setIamPolicy(cryptoKey, new SetIamPolicyRequest().setPolicy(iamPolicy))
         .execute();
 
-    System.out.println(newIamPolicy);
+    System.out.println("Response: " + newIamPolicy);
     return newIamPolicy;
   }
 
+  /**
+   * Prints all the keyrings in the given project.
+   */
+  public static void listKeyRings(String projectId) throws IOException {
+    String location = "global";
+    // Create the Cloud KMS client.
+    CloudKMS kms = createAuthorizedClient();
+
+    // The resource name of the cryptoKey
+    String keyRingPath = String.format(
+        "projects/%s/locations/%s",
+        projectId, location);
+
+    // Make the RPC call
+    ListKeyRingsResponse response = kms.projects().locations()
+        .keyRings()
+        .list(keyRingPath)
+        .execute();
+
+    // Print the returned key rings
+    if (null != response.getKeyRings()) {
+      System.out.println("Key Rings: ");
+      for (KeyRing keyRing : response.getKeyRings()) {
+        System.out.println(keyRing.getName());
+      }
+    } else {
+      System.out.println("No keyrings defined.");
+    }
+  }
+
   /**
    * Prints all the keys in the given key ring.
    */