using update method

shubhangi-google · shubhangi-google · commit e7f1983e1b8b · 2026-04-14T14:18:22.000Z
diff --git a/google-cloud-storage/acceptance/storage/bucket_encryption_test.rb b/google-cloud-storage/acceptance/storage/bucket_encryption_test.rb
@@ -104,7 +104,9 @@
 
       bucket.customer_supplied_encryption_enforcement_config = customer_supplied_config
       _(bucket.customer_supplied_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
-      bucket.update_bucket_encryption_enforcement_config  google_managed_config_complete
+       bucket.update do |b|
+        b.google_managed_encryption_enforcement_config = google_managed_config
+      end
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
 
       bucket.reload!
@@ -113,14 +115,6 @@
     end
 
     it "deletes all encryption enforcement configs" do
-      # For the update, need to specify all three configs
-      bucket.update do |b|
-        b.customer_supplied_encryption_enforcement_config = customer_supplied_config
-        b.google_managed_encryption_enforcement_config = google_managed_config
-      end
-      _(bucket.customer_managed_encryption_enforcement_config).wont_be :nil?
-      _(bucket.customer_supplied_encryption_enforcement_config).wont_be :nil?
-      _(bucket.google_managed_encryption_enforcement_config).wont_be :nil?
 
       bucket.update do |b|
         b.customer_managed_encryption_enforcement_config = nil
diff --git a/google-cloud-storage/lib/google/cloud/storage/bucket.rb b/google-cloud-storage/lib/google/cloud/storage/bucket.rb
@@ -771,62 +771,6 @@ def customer_managed_encryption_enforcement_config= new_customer_managed_encrypt
           patch_gapi! :encryption
         end
 
-        # Updates the bucket's encryption enforcement configuration.
-        #
-        # This method applies a patch to the bucket's encryption settings using the 
-        # provided configuration.
-        #
-        # @param incoming_config [Hash, Google::Apis::StorageV1::Bucket::Encryption] 
-        #   The encryption configuration to apply. If a Hash is provided, it should 
-        #   contain keys corresponding to the encryption enforcement types.
-        #
-        # @example Updating to Google-Managed Encryption
-        #   storage = Google::Cloud::Storage.new
-        #   bucket = storage.bucket "my-bucket"
-        #
-        #   new_config = {
-        #     google_managed_encryption_enforcement_config: { restriction_mode: "NotRestricted" }
-        #   }
-        #
-        #   bucket.update_bucket_encryption_enforcement_config new_config
-        #
-        # @example Passing a Request Object
-        #   require "google/apis/storage_v1"
-        #   config_obj = Google::Apis::StorageV1::Bucket::Encryption.new(
-        #     google_managed_encryption_enforcement_config: { restriction_mode: "NotRestricted" }
-        #   )
-        #   bucket.update_bucket_encryption_enforcement_config config_obj
-        # @raise [ArgumentError] If the config is empty, contains invalid keys, or is the wrong type.
-        def update_bucket_encryption_enforcement_config incoming_config
-          allowed_keys = [
-            :google_managed_encryption_enforcement_config,
-            :customer_managed_encryption_enforcement_config,
-            :customer_supplied_encryption_enforcement_config
-          ]
-
-          if incoming_config.is_a? Hash
-            input_keys = incoming_config.keys
-            raise ArgumentError, "Config cannot be empty" if input_keys.empty?
-
-            extra_keys = input_keys - allowed_keys
-            unless extra_keys.empty?
-              raise ArgumentError, "Invalid config detected: #{extra_keys.join(', ')}. " \
-                                  "Only #{allowed_keys.join(', ')} are allowed."
-            end
-
-          elsif incoming_config.is_a? Google::Apis::StorageV1::Bucket::Encryption
-            # For objects, ensure at least one of the allowed enforcement configs is present
-            has_any_config = allowed_keys.any? { |key| !incoming_config.send(key).nil? }
-            binding.pry
-            raise ArgumentError, "Encryption request object must have at least one enforcement config set" unless has_any_config
-            
-          else
-            raise ArgumentError, "incoming_config must be a Hash or Google::Apis::StorageV1::Bucket::Encryption"
-          end
-
-          patch_gapi! :encryption, bucket_encryption_config: incoming_config
-        end
-
         ##
         # The bucket's encryption configuration for customer-supplied encryption keys.
         # For more information, see [Bucket encryption](https://docs.cloud.google.com/storage/docs/encryption/).
@@ -1595,6 +1539,7 @@ def update if_metageneration_match: nil, if_metageneration_not_match: nil
           updater.check_for_changed_labels!
           updater.check_for_mutable_cors!
           updater.check_for_mutable_lifecycle!
+          updater.check_for_encryption_enforcement_config!
           return if updater.updates.empty?
           update_gapi! updater.updates,
                        if_metageneration_match: if_metageneration_match,
@@ -3474,18 +3419,13 @@ def ensure_gapi!
 
         def patch_gapi! attributes,
                         if_metageneration_match: nil,
-                        if_metageneration_not_match: nil,
-                        bucket_encryption_config: nil
+                        if_metageneration_not_match: nil
           attributes = Array(attributes)
           attributes.flatten!
           return if attributes.empty?
           ensure_service!
           patch_args = attributes.to_h do |attr|
-            if bucket_encryption_config
-              [attr, bucket_encryption_config]
-            else
-              [attr, @gapi.send(attr)]
-            end
+            [attr, @gapi.send(attr)]
           end
           patch_gapi = API::Bucket.new(**patch_args)
           @gapi = service.patch_bucket name,
@@ -3613,6 +3553,26 @@ def check_for_mutable_lifecycle!
             patch_gapi! :lifecycle
           end
 
+          def check_for_encryption_enforcement_config!
+            return unless @gapi.encryption
+
+            [
+              :google_managed_encryption_enforcement_config,
+              :customer_managed_encryption_enforcement_config,
+              :customer_supplied_encryption_enforcement_config
+            ].each do |attr|
+              config = @gapi.encryption.send(attr)
+              next unless config
+              unless config.respond_to?(:to_h)
+                raise ArgumentError, "Encryption config for #{attr} must be a Hash or valid Config object"
+              end
+              clean_config = config.to_h
+              clean_config.delete :effective_time
+              clean_config.delete "effective_time"
+              @gapi.encryption.send "#{attr}=", clean_config
+            end
+          end
+
           protected
 
           ##
diff --git a/google-cloud-storage/samples/acceptance/buckets_test.rb b/google-cloud-storage/samples/acceptance/buckets_test.rb
@@ -58,6 +58,7 @@
 require_relative "../storage_get_autoclass"
 require_relative "../storage_set_autoclass"
 require_relative "../storage_move_object"
+require 'pry'
 
 describe "Buckets Snippets" do
   let(:storage_client)   { Google::Cloud::Storage.new }
diff --git a/google-cloud-storage/samples/storage_update_bucket_encryption_enforcement_config.rb b/google-cloud-storage/samples/storage_update_bucket_encryption_enforcement_config.rb
@@ -23,12 +23,11 @@ def update_bucket_encryption_enforcement_config bucket_name:
   storage = Google::Cloud::Storage.new
   bucket = storage.bucket bucket_name
   # Update a specific type (e.g., change GMEK to NotRestricted)
-  new_config =  {
-    google_managed_encryption_enforcement_config: { restriction_mode: "NotRestricted" }
-  }
-
-  bucket.update_bucket_encryption_enforcement_config new_config
+  new_config =  { restriction_mode: "NotRestricted" }
 
+  bucket.update do |b|
+    b.google_managed_encryption_enforcement_config = new_config
+  end
   puts "Updated google_managed_config to " \
        "#{bucket.google_managed_encryption_enforcement_config.restriction_mode} " \
        "for bucket #{bucket.name}."
diff --git a/google-cloud-storage/test/google/cloud/storage/bucket_encryption_test.rb b/google-cloud-storage/test/google/cloud/storage/bucket_encryption_test.rb
@@ -149,7 +149,7 @@
 
     it "updates encryption_enforcement_config using update_bucket_encryption_enforcement_config" do
       mock = Minitest::Mock.new
-      incoming_config = { google_managed_encryption_enforcement_config: { restriction_mode: "FullyRestricted" } }
+      incoming_config = { restriction_mode: "FullyRestricted" }
 
       patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new(
         encryption: Google::Apis::StorageV1::Bucket::Encryption.new(
@@ -162,39 +162,42 @@
       returned_bucket_gapi = bucket_gapi.dup
       returned_bucket_gapi.encryption = bucket_gapi.encryption.dup
       returned_bucket_gapi.encryption.google_managed_encryption_enforcement_config = patch_bucket_gapi.encryption.google_managed_encryption_enforcement_config
-      mock.expect :patch_bucket, returned_bucket_gapi, [bucket_name, patch_bucket_gapi], **patch_bucket_args(options: { retries: 0 })
+
+      mock.expect :update_bucket, returned_bucket_gapi do |name, patch_obj, **kwargs|
+        cm_config = patch_obj.encryption.customer_managed_encryption_enforcement_config
+        cs_config = patch_obj.encryption.customer_supplied_encryption_enforcement_config
+        gm_config = patch_obj.encryption.google_managed_encryption_enforcement_config
+  
+      end
 
       bucket.service.mocked_service = mock
       _(bucket.customer_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
       _(bucket.customer_supplied_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
 
-      bucket.update_bucket_encryption_enforcement_config incoming_config
+      bucket.update do |b|
+        b.google_managed_encryption_enforcement_config = incoming_config
+      end
+      # bucket.update_bucket_encryption_enforcement_config incoming_config
       _(bucket.customer_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
       _(bucket.customer_supplied_encryption_enforcement_config.restriction_mode).must_equal "NotRestricted"
       _(bucket.google_managed_encryption_enforcement_config.restriction_mode).must_equal "FullyRestricted"
 
       mock.verify
     end
 
-    it "raises error when invalid config is provided for update " do
-      config = { 
-        wrongconfig: { restriction_mode: "NotRestricted" }
-      }
-      err = assert_raises(ArgumentError) do
-        bucket.update_bucket_encryption_enforcement_config(config)
-      end
-      assert_match /Invalid config detected: wrongconfig/, err.message
 
-    end
+    it "raises error when a Hash is not provided for encryption enforcement config" do
+      invalid_config = "test"
 
-    it "raises error when a Hash in not provided for update " do
-      config = "wrongconfig"
       err = assert_raises(ArgumentError) do
-        bucket.update_bucket_encryption_enforcement_config(config)
+        bucket.update do |b|
+          b.google_managed_encryption_enforcement_config = invalid_config
+        end
       end
-      assert /incoming_config must be a Hash/
 
+      # Update the regex to match the error message in your validation method
+      assert_match(/must be a Hash or valid Config object/, err.message)
     end
 
     it "deletes all encryption enforcement configs together and preserves default_kms_key" do
