updating code

shubhangi-google · shubhangi-google · commit e493d07a54b7 · 2026-04-07T09:56:07.000Z
diff --git a/google-cloud-storage/acceptance/storage/bucket_encryption_test.rb b/google-cloud-storage/acceptance/storage/bucket_encryption_test.rb
@@ -25,20 +25,17 @@
     ENV["GCLOUD_TEST_STORAGE_KMS_KEY_2"] ||
       "projects/#{storage.project_id}/locations/#{bucket_location}/keyRings/ruby-test/cryptoKeys/ruby-test-key-2"
   }
+
   let(:customer_managed_config) do
-    Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig.new(
-      restriction_mode: "NotRestricted"
-    )
+    { restriction_mode: "NotRestricted" }
   end
+
   let(:customer_supplied_config) do
-    Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig.new(
-      restriction_mode: "FullyRestricted"
-    )
+    { restriction_mode: "FullyRestricted" }
   end
+
   let(:google_managed_config) do
-    Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new(
-      restriction_mode: "FullyRestricted"
-    )
+    { restriction_mode: "FullyRestricted" }
   end
 
   let :bucket do
@@ -90,6 +87,10 @@
   end
 
   describe "Encryption Enforcement Config" do
+    let(:google_managed_config_complete) do
+      {google_managed_encryption_enforcement_config: { restriction_mode: "FullyRestricted" } }
+    end
+
     it "knows its encryption enforcement config" do
       _(bucket.customer_managed_encryption_enforcement_config).wont_be :nil?
       _(bucket.customer_managed_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
@@ -103,8 +104,7 @@
 
       bucket.customer_supplied_encryption_enforcement_config = customer_supplied_config
       _(bucket.customer_supplied_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
-
-      bucket.update_bucket_encryption_enforcement_config google_managed_config
+      bucket.update_bucket_encryption_enforcement_config  google_managed_config_complete
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
 
       bucket.reload!
diff --git a/google-cloud-storage/lib/google/cloud/storage/bucket.rb b/google-cloud-storage/lib/google/cloud/storage/bucket.rb
@@ -727,96 +727,99 @@ def default_kms_key= new_default_kms_key
         #   #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   bucket.customer_managed_encryption_enforcement_config #=> Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig.new
-        #     restriction_mode: "NotRestricted"
+        #   bucket.customer_managed_encryption_enforcement_config 
+        #   ==> #<Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig:0x00007f3b1c102e90 @restriction_mode="NotRestricted">
         #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted"
 
         def customer_managed_encryption_enforcement_config
           @gapi.encryption&.customer_managed_encryption_enforcement_config
         end
         ##
-        # Sets the bucket's encryption configuration for customer-managed encryption that will be used to protect files.
-        # @param [Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig, nil] new_customer_managed_encryption_enforcement_config The bucket's encryption configuration, or `nil` to delete the encryption configuration.
-        # @example
+        # Sets the customer-managed encryption enforcement configuration for the bucket.
+        #
+        # @param new_customer_managed_encryption_enforcement_config [Hash, nil] 
+        #   The configuration hash for encryption enforcement. 
+        #   * `:restriction_mode` (String) - Can be "NotRestricted" or "FullyRestricted".
+        #   Pass `nil` to clear the current configuration.
+        #
+        # @example Enforcing Customer-Managed Encryption
         #   require "google/cloud/storage"
-        #   #
+        #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   new_config = Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig.new restriction_mode: "FullyRestricted"
+        #
+        #   # Set restriction mode to FullyRestricted
+        #   new_config = { restriction_mode: "FullyRestricted" }
         #   bucket.customer_managed_encryption_enforcement_config = new_config
-        #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted"
-
+        #
+        # @return [Hash] The updated configuration hash.
+        # @raise [Google::Cloud::Error] If the update fails due to permissions or invalid arguments.
         def customer_managed_encryption_enforcement_config= new_customer_managed_encryption_enforcement_config
           @gapi.encryption ||= API::Bucket::Encryption.new
           @gapi.encryption.customer_managed_encryption_enforcement_config =
             new_customer_managed_encryption_enforcement_config || {}
           patch_gapi! :encryption
         end
 
-        ##
-        # Updates the bucket's encryption enforcement configuration.
-        #
-        # @param [Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig, Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig, Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig] incoming_config The new encryption enforcement configuration to apply.
-        #
-        # @raise [ArgumentError] If the provided config type is unsupported.
-        #
-        # @example
-        #   require "google/cloud/storage"
-        #
-        #   storage = Google::Cloud::Storage.new
-        #   bucket = storage.bucket "my-bucket"
-        #
-        #   new_config = Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new restriction_mode: "FullyRestricted"
-        #   bucket.update_bucket_encryption_enforcement_config new_config
-        #
-        def update_bucket_encryption_enforcement_config incoming_config
-          attr_name = case incoming_config
-                      when Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig
-                        :google_managed_encryption_enforcement_config
-                      when Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig
-                        :customer_managed_encryption_enforcement_config
-                      when Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig
-                        :customer_supplied_encryption_enforcement_config
-                      else
-                        raise ArgumentError, "Unsupported config type: #{incoming_config.class}"
-                      end
-          encryption_patch = Google::Apis::StorageV1::Bucket::Encryption.new
-          encryption_patch.public_send "#{attr_name}=", incoming_config
-          patch_gapi! :encryption, bucket_encryption_config: encryption_patch
-        end
-
-        ##
-        # The bucket's encryption configuration for customer-supplied encryption keys. This configuration defines the
-        # default encryption behavior for the bucket and its files, and it can be used to enforce encryption requirements
-        # for the bucket.
+       # Updates the bucket's encryption enforcement configuration.
+       #
+       # This method applies a patch to the bucket's encryption settings using the 
+       # provided configuration.
+       #
+       # @param incoming_config [Hash, Google::Apis::StorageV1::Bucket::Encryption] 
+       #   The encryption configuration to apply. If a Hash is provided, it should 
+       #   contain keys corresponding to the encryption enforcement types.
+       #
+       # @example Updating to Google-Managed Encryption
+       #   storage = Google::Cloud::Storage.new
+       #   bucket = storage.bucket "my-bucket"
+       #
+       #   new_config = {
+       #     google_managed_encryption_enforcement_config: { restriction_mode: "NotRestricted" }
+       #   }
+       #
+       #   bucket.update_bucket_encryption_enforcement_config new_config
+       #
+       # @return [void]
+       # @raise [Google::Cloud::Error] If the API request fails (e.g., insufficient permissions).
+       def update_bucket_encryption_enforcement_config incoming_config
+         patch_gapi! :encryption, bucket_encryption_config: incoming_config
+       end
+
+        ##
+        # The bucket's encryption configuration for customer-supplied encryption keys.
         # For more information, see [Bucket encryption](https://docs.cloud.google.com/storage/docs/encryption/).
-        # @return [Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig, nil] 
+        # @return [Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig, nil]
         # The bucket's encryption configuration, or `nil` if no encryption configuration has been set.
         # @example
         #   require "google/cloud/storage"
         #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   
-        #   new_config = Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig.new restriction_mode: "NotRestricted"
-        #   bucket.customer_supplied_encryption_enforcement_config = new_config
+        #
+        #   bucket.customer_supplied_encryption_enforcement_config 
+        #     ==> #<Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig:0x00007f3b1c102e90 @restriction_mode="NotRestricted">
         #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted".
 
         def customer_supplied_encryption_enforcement_config
           @gapi.encryption&.customer_supplied_encryption_enforcement_config
         end
 
         ##
-        # Sets the bucket's encryption configuration for customer-managed encryption that will be used to protect files.
-        # @param [Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig, nil] new_customer_supplied_encryption_enforcement_config The bucket's encryption configuration, or `nil` to delete the encryption configuration.
+        # Sets the bucket's encryption configuration for customer-supplied encryption that will be used to protect files.
+        # @param new_customer_supplied_encryption_enforcement_config [Hash, nil]
+        #   The configuration hash for encryption enforcement. 
+        #   * `:restriction_mode` (String) - Can be "NotRestricted" or "FullyRestricted".
+        #   Pass `nil` to clear the current configuration.
         # @example
         #   require "google/cloud/storage"
         #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   new_config = Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig.new restriction_mode: "FullyRestricted"
+        #   new_config = { restriction_mode: "FullyRestricted" }
         #   bucket.customer_supplied_encryption_enforcement_config = new_config
-        #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted"
+        # @return [Hash] The updated configuration hash.
+        # @raise [Google::Cloud::Error] If the update fails due to permissions or invalid arguments.
 
         def customer_supplied_encryption_enforcement_config= new_customer_supplied_encryption_enforcement_config
           @gapi.encryption ||= API::Bucket::Encryption.new
@@ -838,25 +841,34 @@ def customer_supplied_encryption_enforcement_config= new_customer_supplied_encry
         #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   new_config= Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new restriction_mode: "NotRestricted"
-        #   bucket.google_managed_encryption_enforcement_config = new_config
+        #   bucket.google_managed_encryption_enforcement_config
+        #   ==> #<Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig:0x00007f3b1c102e90 @restriction_mode="NotRestricted">
         #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted".
 
         def google_managed_encryption_enforcement_config
           @gapi.encryption&.google_managed_encryption_enforcement_config
         end
 
         ##
-        # Sets the bucket's encryption configuration for google-managed encryption that will be used to protect files.
-        # @param [Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig, nil] new_google_managed_encryption_enforcement_config The bucket's encryption configuration, or `nil` to delete the encryption configuration.
-        # @example
+        # Sets the google-managed encryption enforcement configuration for the bucket.
+        #
+        # @param new_google_managed_encryption_enforcement_config [Hash, nil] 
+        #   The configuration hash for encryption enforcement. 
+        #   * `:restriction_mode` (String) - Can be "NotRestricted" or "FullyRestricted".
+        #   Pass `nil` to clear the current configuration.
+        #
+        # @example Enforcing Customer-Managed Encryption
         #   require "google/cloud/storage"
-        #   #
+        #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
-        #   new_config = Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new restriction_mode: "FullyRestricted"
-        #   bucket.google_managed_encryption_enforcement_config = new_config
-        #   The value for `restriction_mode` can be either "NotRestricted" or "FullyRestricted"
+        #
+        #   # Set restriction mode to FullyRestricted
+        #   new_config = { restriction_mode: "FullyRestricted" }
+        #   bucket.new_google_managed_encryption_enforcement_config = new_config
+        #
+        # @return [Hash] The updated configuration hash.
+        # @raise [Google::Cloud::Error] If the update fails due to permissions or invalid arguments.
 
         def google_managed_encryption_enforcement_config= new_google_managed_encryption_enforcement_config
           @gapi.encryption ||= API::Bucket::Encryption.new
diff --git a/google-cloud-storage/samples/storage_set_bucket_encryption_enforcement_config.rb b/google-cloud-storage/samples/storage_set_bucket_encryption_enforcement_config.rb
@@ -21,18 +21,9 @@ def set_bucket_encryption_enforcement_config bucket_name:
 
   storage = Google::Cloud::Storage.new
 
-  customer_managed_config =
-    Google::Apis::StorageV1::Bucket::Encryption::CustomerManagedEncryptionEnforcementConfig.new(
-      restriction_mode: "NotRestricted"
-    )
-  customer_supplied_config =
-    Google::Apis::StorageV1::Bucket::Encryption::CustomerSuppliedEncryptionEnforcementConfig.new(
-      restriction_mode: "FullyRestricted"
-    )
-  google_managed_config =
-    Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new(
-      restriction_mode: "FullyRestricted"
-    )
+  customer_managed_config = { restriction_mode: "NotRestricted" }
+  customer_supplied_config = { restriction_mode: "FullyRestricted" }
+  google_managed_config = { restriction_mode: "FullyRestricted" }
 
   bucket = storage.create_bucket bucket_name do |b|
     b.customer_managed_encryption_enforcement_config = customer_managed_config
diff --git a/google-cloud-storage/samples/storage_update_bucket_encryption_enforcement_config.rb b/google-cloud-storage/samples/storage_update_bucket_encryption_enforcement_config.rb
@@ -22,12 +22,11 @@ def update_bucket_encryption_enforcement_config bucket_name:
 
   storage = Google::Cloud::Storage.new
   bucket = storage.bucket bucket_name
-  
   # Update a specific type (e.g., change GMEK to NotRestricted)
-  google_managed_config =
-    Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new(
-      restriction_mode: "NotRestricted"
-    )
+  google_managed_config =  {
+    google_managed_encryption_enforcement_config: { restriction_mode: "NotRestricted" }
+  }
+  
   bucket.update_bucket_encryption_enforcement_config google_managed_config
 
   puts "Updated google_managed_config to " \
diff --git a/google-cloud-storage/test/google/cloud/storage/bucket_encryption_test.rb b/google-cloud-storage/test/google/cloud/storage/bucket_encryption_test.rb
@@ -89,7 +89,6 @@
       bucket_gapi_with_key = bucket_gapi.dup
       bucket_gapi_with_key.encryption = encryption_gapi(key_name: kms_key)
       bucket_with_key = Google::Cloud::Storage::Bucket.from_gapi bucket_gapi_with_key, storage.service
-      patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new encryption: encryption_gapi(key_name: kms_key)
       patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new(
         encryption: Google::Apis::StorageV1::Bucket::Encryption.new(
           default_kms_key_name: nil 
@@ -150,17 +149,19 @@
 
     it "updates encryption_enforcement_config using update_bucket_encryption_enforcement_config" do
       mock = Minitest::Mock.new
-      incoming_config = Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new restriction_mode: "FullyRestricted"
+      incoming_config = { google_managed_encryption_enforcement_config: { restriction_mode: "FullyRestricted" } }
 
       patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new(
         encryption: Google::Apis::StorageV1::Bucket::Encryption.new(
-          google_managed_encryption_enforcement_config: incoming_config
+          google_managed_encryption_enforcement_config: Google::Apis::StorageV1::Bucket::Encryption::GoogleManagedEncryptionEnforcementConfig.new(
+            restriction_mode: "FullyRestricted"
+          )
         )
       )
 
       returned_bucket_gapi = bucket_gapi.dup
       returned_bucket_gapi.encryption = bucket_gapi.encryption.dup
-      returned_bucket_gapi.encryption.google_managed_encryption_enforcement_config = incoming_config
+      returned_bucket_gapi.encryption.google_managed_encryption_enforcement_config = patch_bucket_gapi.encryption.google_managed_encryption_enforcement_config
       mock.expect :patch_bucket, returned_bucket_gapi, [bucket_name, patch_bucket_gapi], **patch_bucket_args(options: { retries: 0 })
 
       bucket.service.mocked_service = mock
@@ -169,18 +170,13 @@
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
 
       bucket.update_bucket_encryption_enforcement_config incoming_config
-       _(bucket.customer_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
+      _(bucket.customer_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
       _(bucket.customer_supplied_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
 
       mock.verify
     end
 
-    it "raises error on invalid config using update_bucket_encryption_enforcement_config" do
-      expect {
-        bucket.update_bucket_encryption_enforcement_config "invalid config"
-      }.must_raise ArgumentError
-    end
 
     it "deletes all encryption enforcement configs together and preserves default_kms_key" do
       mock = Minitest::Mock.new
diff --git a/google-cloud-storage/test/helper.rb b/google-cloud-storage/test/helper.rb
@@ -262,20 +262,9 @@ def google_managed_encryption
      )
   end
 
-  def encryption_gapi(key_name: nil, 
-                    customer_managed_config_restriction_mode: nil, 
-                    customer_supplied_config_restriction_mode: nil, 
-                    google_managed_config_restriction_mode: nil)
-  
-    cm_config = customer_managed_config(restriction_mode: customer_managed_config_restriction_mode) if customer_managed_config_restriction_mode
-    cs_config = customer_supplied_config(restriction_mode: customer_supplied_config_restriction_mode) if customer_supplied_config_restriction_mode
-    gm_config = google_managed_config(restriction_mode: google_managed_config_restriction_mode) if google_managed_config_restriction_mode
-
+  def encryption_gapi key_name: nil
     params = {
-      default_kms_key_name: key_name,
-      customer_managed_encryption_enforcement_config: cm_config,
-      customer_supplied_encryption_enforcement_config: cs_config,
-      google_managed_encryption_enforcement_config: gm_config
+      default_kms_key_name: key_name
     }.compact
 
     Google::Apis::StorageV1::Bucket::Encryption.new(**params)
