feat: Adding code samples to self-managed SSL certificate registration. (GoogleCloudPlatform#7390)

m-strzelczyk · dandhlee · web-flow · commit 351608b42a5f · 2022-03-04T16:20:16.000+01:00
Co-authored-by: Dan Lee &lt;71398022+dandhlee@users.noreply.github.com&gt;
diff --git a/compute/load_balancing/create_certificate.py b/compute/load_balancing/create_certificate.py
@@ -0,0 +1,61 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# [START compute_certificate_create]
+from pathlib import Path
+from pprint import pprint
+from typing import Union
+
+from googleapiclient import discovery
+
+
+def create_certificate(
+    project_id: str, certificate_file: Union[str, Path], private_key_file: Union[str, Path], certificate_name: str, description: str = "Certificate created from a code sample."
+) -> None:
+    """
+    Create a global SSL self-signed certificate within your Google Cloud project.
+
+    Args:
+        project_id: project ID or project number of the Cloud project you want to use.
+        certificate_file: path to the file with the certificate you want to create in your project.
+        private_key_file: path to the private key you used to sign the certificate with.
+        certificate_name: name for the certificate once it's created in your project.
+        description: description of the certificate.
+    """
+    service = discovery.build("compute", "v1")
+
+    # Read the cert into memory
+    with open(certificate_file) as f:
+        _temp_cert = f.read()
+
+    # Read the private_key into memory
+    with open(private_key_file) as f:
+        _temp_key = f.read()
+
+    # Now that the certificate and private key are in memory, you can create the
+    # certificate resource
+    ssl_certificate_body = {
+        "name": certificate_name,
+        "description": description,
+        "certificate": _temp_cert,
+        "privateKey": _temp_key,
+    }
+    request = service.sslCertificates().insert(
+        project=project_id, body=ssl_certificate_body
+    )
+    response = request.execute()
+    pprint(response)
+
+
+# [END compute_certificate_create]
diff --git a/compute/load_balancing/create_regional_certificate.py b/compute/load_balancing/create_regional_certificate.py
@@ -0,0 +1,67 @@
+#  Copyright 2022 Google LLC
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from pathlib import Path
+# [START compute_certificate_create_regional]
+from pprint import pprint
+from typing import Union
+
+from googleapiclient import discovery
+
+
+def create_regional_certificate(
+    project_id: str,
+    region: str,
+    certificate_file: Union[str, Path],
+    private_key_file: Union[str, Path],
+    certificate_name: str,
+    description: str = "Certificate created from a code sample."
+) -> None:
+    """
+    Create a regional SSL self-signed certificate within your Google Cloud project.
+
+    Args:
+        project_id: project ID or project number of the Cloud project you want to use.
+        region: name of the region you want to use.
+        certificate_file: path to the file with the certificate you want to create in your project.
+        private_key_file: path to the private key you used to sign the certificate with.
+        certificate_name: name for the certificate once it's created in your project.
+        description: description of the certificate.
+    """
+    service = discovery.build("compute", "v1")
+
+    # Read the cert into memory
+    with open(certificate_file) as f:
+        _temp_cert = f.read()
+
+    # Read the private_key into memory
+    with open(private_key_file) as f:
+        _temp_key = f.read()
+
+    # Now that the certificate and private key are in memory, you can create the
+    # certificate resource
+    ssl_certificate_body = {
+        "name": certificate_name,
+        "description": description,
+        "certificate": _temp_cert,
+        "privateKey": _temp_key,
+    }
+    request = service.regionSslCertificates().insert(
+        project=project_id, region=region, body=ssl_certificate_body
+    )
+    response = request.execute()
+    pprint(response)
+
+
+# [END compute_certificate_create_regional]
diff --git a/compute/load_balancing/requirements-test.txt b/compute/load_balancing/requirements-test.txt
@@ -0,0 +1 @@
+pytest==6.2.4
diff --git a/compute/load_balancing/requirements.txt b/compute/load_balancing/requirements.txt
@@ -0,0 +1 @@
+google-api-python-client==2.34.0
diff --git a/compute/load_balancing/test_certificates.py b/compute/load_balancing/test_certificates.py
@@ -0,0 +1,88 @@
+#  Copyright 2022 Google LLC
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+import os
+from pathlib import Path
+import time
+import uuid
+
+from googleapiclient import discovery
+import pytest
+from pytest import fixture
+
+from create_certificate import create_certificate
+from create_regional_certificate import create_regional_certificate
+
+PROJECT_ID = os.environ["GOOGLE_CLOUD_PROJECT"]
+CERTIFICATE_FILE = Path(__file__).parent / "test_fixtures" / "certificate.pem"
+PRIVATE_KEY_FILE = Path(__file__).parent / "test_fixtures" / "test_key.pem"
+
+
+@fixture(scope="module")
+def api_service():
+    service = discovery.build("compute", "v1")
+    yield service
+
+
+@fixture
+def autodelete_certificate_name(api_service):
+    cert_name = "test-certificate-" + uuid.uuid4().hex[:10]
+
+    yield cert_name
+
+    api_service.sslCertificates().delete(
+        project=PROJECT_ID, sslCertificate=cert_name
+    ).execute()
+
+
+@fixture
+def autodelete_regional_certificate_name(api_service):
+    cert_name = "test-certificate-" + uuid.uuid4().hex[:10]
+
+    yield cert_name, "europe-central2"
+
+    api_service.regionSslCertificates().delete(
+        project=PROJECT_ID, sslCertificate=cert_name, region="europe-central2"
+    ).execute()
+
+
+def test_global_register(api_service, autodelete_certificate_name):
+    create_certificate(
+        PROJECT_ID, CERTIFICATE_FILE, PRIVATE_KEY_FILE, autodelete_certificate_name
+    )
+    time.sleep(2)
+    certificates = api_service.sslCertificates().list(project=PROJECT_ID).execute()
+    for certificate in certificates["items"]:
+        if certificate["name"] == autodelete_certificate_name:
+            break
+    else:
+        pytest.fail("Certificate wasn't created.")
+
+
+def test_regional_register(api_service, autodelete_regional_certificate_name):
+    certificate_name, region_name = autodelete_regional_certificate_name
+
+    create_regional_certificate(
+        PROJECT_ID, region_name, CERTIFICATE_FILE, PRIVATE_KEY_FILE, certificate_name
+    )
+    time.sleep(2)
+    certificates = (
+        api_service.regionSslCertificates()
+        .list(project=PROJECT_ID, region=region_name)
+        .execute()
+    )
+    for certificate in certificates["items"]:
+        if certificate["name"] == certificate_name:
+            break
+    else:
+        pytest.fail("Certificate wasn't created.")
diff --git a/compute/load_balancing/test_fixtures/certificate.pem b/compute/load_balancing/test_fixtures/certificate.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKzCCAxOgAwIBAgIUBqe2Dqsf7G8nyLFLUt6AxeAzM8kwDQYJKoZIhvcNAQEL
+BQAwgacxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tpZTEPMA0GA1UE
+BwwGV2Fyc2F3MRwwGgYDVQQKDBNHb29nbGUgQ2xvdWQgUG9sYW5kMQ8wDQYDVQQL
+DAZEZXZSZWwxFTATBgNVBAMMDEdvb2dsZSBDbG91ZDErMCkGCSqGSIb3DQEJARYc
+ZG9udHdyaXRlaGVyZUBub3QtZ29vZ2xlLmNvbTAeFw0yMjAxMjAxNzEzMzlaFw0z
+MjAxMTgxNzEzMzlaMIGnMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNr
+aWUxDzANBgNVBAcMBldhcnNhdzEcMBoGA1UECgwTR29vZ2xlIENsb3VkIFBvbGFu
+ZDEPMA0GA1UECwwGRGV2UmVsMRUwEwYDVQQDDAxHb29nbGUgQ2xvdWQxKzApBgkq
+hkiG9w0BCQEWHGRvbnR3cml0ZWhlcmVAbm90LWdvb2dsZS5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX17w2+kv8o5xdwPN6iHpCbDyCpqCRDSE/
+WBfcnYgwCPLtJuL9DGNzJr0fCNVEGIxrw1omxZmHSrL1yy+6bEL1ZyXrU9jZpVXc
+t+12PcA/vfwczWX74HLfIuEq1So+LMgV8DCZrefhT/fy0bzIa2ZOlgOgvyCvIILB
+YamJUqiBSIah4g9kbIOptwfwDrpG6v3OV1F8EilLRt2V3mpFfu32orlLEPay5w8j
+jjhxQ0aD2kNFVZAzAyt7glwYHyEhmk4Cs0jq3WfeBRS8nvxu0kbszSePT4KQ7dme
+vTztgJ1ZA4TtSUOVd8DM1wIVZtPAMw7hHso4Z723hg6lWBkONArhAgMBAAGjTTBL
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMDEGA1UdEQQqMCiCEmV4YW1wbGUtZG9t
+YWluLmNvbYISZXhhbXBsZS1kb21haW4ubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQAl
+/Pk5CKGSKgH9Ogd8KGcgJ/+ugiTt3t7GlHWyAHILJ7/71OzX+p/ixF1vTOuK8Efx
+20aqTo/cby72NGiXOI/tKaayS9lyOft27LocOZz8FUQS0FIoUZH0cH+rBgZSduEo
+OJhzn8z816r6wkfbZ+n8ndAw2OP0aE/L7PzYfHwRTfzhk1IpTtyBWKAWHxU8zHxi
+3vGaPi7Mwi+U4CaLMWVnF1xeG2yOxlVTjfN4znYawPwRGxATP+DY+UrtfNusKQ0b
+ilP7H5SlETPxzGcWI7M4MNRvm70C+wTp6rsbZAeDjM2GVRcJQVLQk3Sd7lG4eOhM
+KdJk8Pt391pfLNiFj00D
+-----END CERTIFICATE-----
diff --git a/compute/load_balancing/test_fixtures/openssl_config.ini b/compute/load_balancing/test_fixtures/openssl_config.ini
@@ -0,0 +1,23 @@
+[req]
+default_bits              = 2048
+req_extensions            = extension_requirements
+distinguished_name        = dn_requirements
+
+[extension_requirements]
+basicConstraints          = CA:FALSE
+keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName            = @sans_list
+
+[dn_requirements]
+countryName               = Country Name (2 letter code)
+stateOrProvinceName       = State or Province Name (full name)
+localityName              = Locality Name (eg, city)
+0.organizationName        = Organization Name (eg, company)
+organizationalUnitName    = Organizational Unit Name (eg, section)
+commonName                = Common Name (e.g. server FQDN or YOUR name)
+emailAddress              = Email Address
+
+[sans_list]
+DNS.1                     = example-domain.com
+DNS.2                     = example-domain.net
+
diff --git a/compute/load_balancing/test_fixtures/request.csr b/compute/load_balancing/test_fixtures/request.csr
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIDSTCCAjECAQAwgacxCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2llY2tp
+ZTEPMA0GA1UEBwwGV2Fyc2F3MRwwGgYDVQQKDBNHb29nbGUgQ2xvdWQgUG9sYW5k
+MQ8wDQYDVQQLDAZEZXZSZWwxFTATBgNVBAMMDEdvb2dsZSBDbG91ZDErMCkGCSqG
+SIb3DQEJARYcZG9udHdyaXRlaGVyZUBub3QtZ29vZ2xlLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANfXvDb6S/yjnF3A83qIekJsPIKmoJENIT9Y
+F9ydiDAI8u0m4v0MY3MmvR8I1UQYjGvDWibFmYdKsvXLL7psQvVnJetT2NmlVdy3
+7XY9wD+9/BzNZfvgct8i4SrVKj4syBXwMJmt5+FP9/LRvMhrZk6WA6C/IK8ggsFh
+qYlSqIFIhqHiD2Rsg6m3B/AOukbq/c5XUXwSKUtG3ZXeakV+7faiuUsQ9rLnDyOO
+OHFDRoPaQ0VVkDMDK3uCXBgfISGaTgKzSOrdZ94FFLye/G7SRuzNJ49PgpDt2Z69
+PO2AnVkDhO1JQ5V3wMzXAhVm08AzDuEeyjhnvbeGDqVYGQ40CuECAwEAAaBcMFoG
+CSqGSIb3DQEJDjFNMEswCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwMQYDVR0RBCow
+KIISZXhhbXBsZS1kb21haW4uY29tghJleGFtcGxlLWRvbWFpbi5uZXQwDQYJKoZI
+hvcNAQELBQADggEBAKdC1y10fECmLFmXEtM1Lkb0IhjJosMKJ3OgBDujM9+S7STA
+YTvf05gEQtMhzbZ8ymRbXRFT4jQ6vdlILmZ/eDFwEnoIRQ29fZChNssv97YTv8wO
+Ej3JpxWu2BZQMNibbBl+wmmghgG3EHELZz7WRL0/qdPMKO3YK9Lgt5yTgbJBG+tM
+QTGHI1BjR0Ax0KdbC9F1pSkzobc6t6QiLWIKLvrOxp1XXBiOyY8n5t+h9hV0Mogz
+BfC5aEEobETGkcZWDybqVgG0I01PdqE/VJe76+xkNj+zV7v0szdcIGfXKrel78ew
+x1ClYyK7VAlB3da8cFPQeEbEY6NKMXIuvWBnCtg=
+-----END CERTIFICATE REQUEST-----
diff --git a/compute/load_balancing/test_fixtures/test_key.pem b/compute/load_balancing/test_fixtures/test_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA19e8NvpL/KOcXcDzeoh6Qmw8gqagkQ0hP1gX3J2IMAjy7Sbi
+/Qxjcya9HwjVRBiMa8NaJsWZh0qy9csvumxC9Wcl61PY2aVV3Lftdj3AP738HM1l
+++By3yLhKtUqPizIFfAwma3n4U/38tG8yGtmTpYDoL8gryCCwWGpiVKogUiGoeIP
+ZGyDqbcH8A66Rur9zldRfBIpS0bdld5qRX7t9qK5SxD2sucPI444cUNGg9pDRVWQ
+MwMre4JcGB8hIZpOArNI6t1n3gUUvJ78btJG7M0nj0+CkO3Znr087YCdWQOE7UlD
+lXfAzNcCFWbTwDMO4R7KOGe9t4YOpVgZDjQK4QIDAQABAoIBAQCqk9syE7MTsPV1
+fnStRMhiUAmuMyM4HwlEd0k8V972H0xksVO4Kh86NMZHjYKFs2TeEV/gvk7sBdPS
+vkY07TQpnt/vz67Tqn9l1JG83WZeubVRyd2sJiCCSZ1rbVVaF6f09oJiIXbcsIdC
+hhDMz1vmBVZOpl2dKXNMgvMqDIIQ0J3SYCC91f4OXzMY6cNq77iU6a8oAvHqV81U
+eZRVxcFF7jiHJCZCI9HeWyHxciKaeE/VHX7jB3S/Qlvwa6kv7gxaG3tEAfqrjRmK
+NR2sfTBvtFcnrczIdIqGNyRT/zdEmbeO24Qo1ZaIVm9iiIsMvmo2IughvNL8Pbk2
+06HHSKZFAoGBAOuEIKfkbZHrFh8EtWtVoRTBkfOJX1Fi/kQizsqMpK8pWcmcK/4m
+8mVk7Etqlow01Mspw6C/CWYyfiDh9yHWJaUdCzPXiYrfdYZAXvct3lacdUM5ITuJ
+u8SU5lZGw+gC+RhtXfyyU8C+bsXkg8WM51da24ZMsbDxS+JXYMc+rDtnAoGBAOqd
+kgR969YO+MPUDy4mGzVqz3rBg0UOhu3cRJntbFaJ3kY6n2jYONVeV75ajstRkn6K
+gi7L+ETnUAcFqPDW1xVZp2dAVIRtcVOFkF2VKcpW1ZJvZNulQiGjguQqF9JdpIsD
+bjXZDcBGfiSMyG+UwTJLdpMgC5NiixGgNFHuAWJ3AoGAU95HasJTqoTW6dDZchGa
+PTP5b4pZ4TepaEYk8chH1QCassrkd6sS4ryf0PNyDRe7N2X1/kZJaJVOiRMu2GPU
+IApJtPpqRoPw7A/8QXWaGam5sGilxvfzX7vOkqa8mOCGKAa6U4SFgrvN4rbPngfh
+UiBO0HJ7TJGA/mczVYCiAL0CgYA0sxo2ehZ8abaFPl/+jL612/0o5MjYvS+fxEeA
+j+0y7xsHiWl/QnpZqyxobK0AjJ0sYW5mlph42cCHI0VUe92qRQ4uSivx5yd6jFjm
+PHg7pA+rKexszg0xwynGmJHrRe+M7kNWQyAsnWj+SsVHExHmez7yQ1N2Ur9MQUEf
+WifjdwKBgQCy8OzFjh7u44T9KauHwEvtCNp3N/WCZH4AUHygYoa8wUrWBuGWG+hM
+7dW9qkJp7bUmH2KakKLDdYL+uOMvdYslBVgDFoN7osl2tjL7HIcOJVKH5VYzt9+c
+nml67R6p+DmTvR9IL/5s8pUk3Js+Cdjj6N0Qo5lqxr0tfHHYXBd6Xw==
+-----END RSA PRIVATE KEY-----
