samples: add samples for bucket encryption enforcement config

Co-authored-by: nidhiii-27 <224584462+nidhiii-27@users.noreply.github.com>

Author: google-labs-jules[bot]

fix_test.py

@@ -0,0 +1,23 @@
+import re
+with open("samples/snippets/encryption_test.py", "r") as f:
+    lines = f.readlines()
+
+new_lines = []
+for i, line in enumerate(lines):
+    if line.startswith("def test_") or line.startswith("@pytest.fixture"):
+        # Make sure there are two blank lines before it
+        # by checking the end of new_lines
+        if not (len(new_lines) >= 2 and new_lines[-1] == "\n" and new_lines[-2] == "\n"):
+            while len(new_lines) > 0 and new_lines[-1] == "\n":
+                new_lines.pop()
+            if len(new_lines) > 0:
+                new_lines.append("\n")
+                new_lines.append("\n")
+    if line.startswith("def test_blob"):
+        # make sure no blank lines between @pytest.fixture and def test_blob
+        while len(new_lines) > 0 and new_lines[-1] == "\n":
+            new_lines.pop()
+    new_lines.append(line)
+
+with open("samples/snippets/encryption_test.py", "w") as f:
+    f.writelines(new_lines)

samples/snippets/encryption_test.py

@@ -131,6 +131,7 @@ def test_object_csek_to_cmek(test_blob):
 
     assert cmek_blob.download_as_bytes(), test_blob_content
 
+
 def test_bucket_encryption_enforcement_config(capsys):
     bucket_name = f"test_encryption_enforcement_{uuid.uuid4().hex}"
 

samples/snippets/storage_get_bucket_encryption_enforcement_config.py

@@ -14,6 +14,7 @@
 
 from google.cloud import storage
 
+
 # [START storage_get_bucket_encryption_enforcement_config]
 def get_bucket_encryption_enforcement_config(bucket_name):
     """Gets the bucket encryption enforcement configuration."""
@@ -32,9 +33,8 @@ def get_bucket_encryption_enforcement_config(bucket_name):
     print(f"Customer-managed encryption enforcement config restriction mode: {cmek_config.restriction_mode if cmek_config else None}")
     print(f"Customer-supplied encryption enforcement config restriction mode: {csek_config.restriction_mode if csek_config else None}")
     print(f"Google-managed encryption enforcement config restriction mode: {gmek_config.restriction_mode if gmek_config else None}")
-
-
 # [END storage_get_bucket_encryption_enforcement_config]
 
+
 if __name__ == "__main__":
     get_bucket_encryption_enforcement_config(bucket_name="your-unique-bucket-name")

samples/snippets/storage_remove_all_bucket_encryption_enforcement_config.py

@@ -14,6 +14,7 @@
 
 from google.cloud import storage
 
+
 # [START storage_remove_all_bucket_encryption_enforcement_config]
 def remove_all_bucket_encryption_enforcement_config(bucket_name):
     """Removes all bucket encryption enforcement configuration."""
@@ -29,8 +30,8 @@ def remove_all_bucket_encryption_enforcement_config(bucket_name):
     bucket.patch()
 
     print(f"Removed Encryption Enforcement Config from bucket {bucket.name}.")
-
 # [END storage_remove_all_bucket_encryption_enforcement_config]
 
+
 if __name__ == "__main__":
     remove_all_bucket_encryption_enforcement_config(bucket_name="your-unique-bucket-name")

samples/snippets/storage_set_bucket_encryption_enforcement_config.py

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 from google.cloud import storage
+from google.cloud.storage.bucket import EncryptionEnforcementConfig
+
 
 # [START storage_set_bucket_encryption_enforcement_config]
 def set_bucket_encryption_enforcement_config(bucket_name):
@@ -24,17 +26,15 @@ def set_bucket_encryption_enforcement_config(bucket_name):
     bucket = storage_client.bucket(bucket_name)
 
     # Restriction mode can be "FULLY_RESTRICTED" or "NOT_RESTRICTED"
-    from google.cloud.storage.bucket import EncryptionEnforcementConfig
-
     bucket.customer_managed_encryption_enforcement_config = EncryptionEnforcementConfig(restriction_mode="NOT_RESTRICTED")
     bucket.customer_supplied_encryption_enforcement_config = EncryptionEnforcementConfig(restriction_mode="FULLY_RESTRICTED")
     bucket.google_managed_encryption_enforcement_config = EncryptionEnforcementConfig(restriction_mode="FULLY_RESTRICTED")
 
     bucket.create()
 
     print(f"Created bucket {bucket.name} with Encryption Enforcement Config.")
-
 # [END storage_set_bucket_encryption_enforcement_config]
 
+
 if __name__ == "__main__":
     set_bucket_encryption_enforcement_config(bucket_name="your-unique-bucket-name")

samples/snippets/storage_update_encryption_enforcement_config.py

@@ -13,6 +13,8 @@
 # limitations under the License.
 
 from google.cloud import storage
+from google.cloud.storage.bucket import EncryptionEnforcementConfig
+
 
 # [START storage_update_encryption_enforcement_config]
 def update_encryption_enforcement_config(bucket_name):
@@ -24,7 +26,6 @@ def update_encryption_enforcement_config(bucket_name):
     bucket = storage_client.get_bucket(bucket_name)
 
     # 1. Update a specific type (e.g., change GMEK to FULLY_RESTRICTED)
-    from google.cloud.storage.bucket import EncryptionEnforcementConfig
     bucket.google_managed_encryption_enforcement_config = EncryptionEnforcementConfig(restriction_mode="FULLY_RESTRICTED")
     bucket.customer_managed_encryption_enforcement_config = EncryptionEnforcementConfig(restriction_mode="NOT_RESTRICTED")
 
@@ -35,8 +36,8 @@ def update_encryption_enforcement_config(bucket_name):
 
     print(f"Encryption enforcement policy updated for bucket {bucket.name}.")
     print("GMEK is now fully restricted, CMEK is now not restricted, and CSEK enforcement has been removed.")
-
 # [END storage_update_encryption_enforcement_config]
 
+
 if __name__ == "__main__":
     update_encryption_enforcement_config(bucket_name="your-unique-bucket-name")