1load("@rules_python//python:defs.bzl", "py_binary") 2load("@pip_deps//:requirements.bzl", "requirement") 3 4package(default_visibility = ["//visibility:private"]) 5 6licenses(["notice"]) 7 8py_binary( 9 name = "encrypted_keyset", 10 srcs = ["encrypted_keyset.py"], 11 python_version = "PY3", 12 deps = [ 13 requirement("absl-py"), 14 "@tink_py//tink:tink_python", 15 "@tink_py//tink/aead", 16 "@tink_py//tink/integration/gcpkms", 17 ], 18) 19 20# In order to run this test, you'd have to use your own Cloud KMS key and credential. 21sh_test( 22 name = "encrypted_keyset_test", 23 size = "small", 24 srcs = ["encrypted_keyset_test.sh"], 25 args = [ 26 "$(rootpath :encrypted_keyset)", 27 # Change this to your key. 28 "gcp-kms://projects/tink-test-infrastructure/locations/global/keyRings/unit-and-integration-testing/cryptoKeys/aead-key", 29 # Change this to your credential. 30 "$(rootpath //testdata/gcp:credential.json)", 31 ], 32 data = [ 33 ":encrypted_keyset", 34 "@google_root_pem//file", 35 # Change this to your credential. 36 "//testdata/gcp:credential.json", 37 ], 38 tags = ["manual"], 39) 40 41# This runs the previous test, assuming the Tink python package has been 42# installed previously with pip3 install. 43sh_test( 44 name = "encrypted_keyset_test_package", 45 size = "small", 46 srcs = ["encrypted_keyset_test.sh"], 47 args = [ 48 "'python3 $(rootpath :encrypted_keyset.py)'", 49 # Change this to your key. 50 "gcp-kms://projects/tink-test-infrastructure/locations/global/keyRings/unit-and-integration-testing/cryptoKeys/aead-key", 51 # Change this to your credential. 52 "$(rootpath //testdata/gcp:credential.json)", 53 ], 54 data = [ 55 ":encrypted_keyset.py", 56 "@google_root_pem//file", 57 # Change this to your credential. 58 "//testdata/gcp:credential.json", 59 ], 60 tags = ["manual"], 61) 62