feat: implement support for clusters with CMEK encryption

[stephenplusplus]

edit (kolea2): removing doc

This adds support for CMEK configuration of a Cluster when it is created.

Creating an instance

await bigtable.createInstance('my-instance', {
  clusters: [
    {
      id: 'my-cluster',
      encryption: {
        kmsKeyName: 'kms-key-name',
      },
      // ... other options
    },
  ],
});

Creating a cluster

await instance.createCluster('my-cluster', {
  encryption: {
    kmsKeyName: 'kms-key-name',
  },
  // ... other options
});

The key alias

Instead of providing the encryption option, the user has a choice to use the alias key:

await bigtable.createInstance('my-instance', {
  clusters: [
    {
      id: 'my-cluster',
-     encryption: {
-       kmsKeyName: 'kms-key-name',
-     },
+     key: 'kms-key-name',
      // ... other options
    },
  ],
});

await instance.createCluster('my-cluster', {
- encryption: {
-   kmsKeyName: 'kms-key-name',
- },
+ key: 'kms-key-name',
  // ... other options
});

If both options are set, an error is thrown.

[codecov]

Codecov Report

Merging #855 (6e0d033) into master (0ef8976) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff            @@
##           master     #855    +/-   ##
========================================
  Coverage   99.22%   99.23%            
========================================
  Files          18       18            
  Lines       17416    17539   +123     
  Branches     1025      977    -48     
========================================
+ Hits        17281    17404   +123     
  Misses        132      132            
  Partials        3        3            

Impacted Files	Coverage Δ
src/app-profile.ts	99.59% <100.00%> (ø)
src/backup.ts	100.00% <100.00%> (ø)
src/cluster.ts	99.72% <100.00%> (+<0.01%)	⬆️
src/family.ts	99.58% <100.00%> (ø)
src/index.ts	100.00% <100.00%> (ø)
src/instance.ts	100.00% <100.00%> (ø)
src/row.ts	100.00% <100.00%> (ø)
src/table.ts	99.89% <100.00%> (ø)
src/v2/bigtable_client.ts	96.55% <100.00%> (ø)
src/v2/bigtable_instance_admin_client.ts	98.79% <100.00%> (+<0.01%)	⬆️
... and 1 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bac490d...6e0d033. Read the comment docs.

[kolea2]

Thanks for working on this! For this to be feature complete, I think we will need to add API to both backups and table as well, specifically to get encryption info on them - see the java impl for more details https://github.com/googleapis/java-bigtable/pull/656/files. Let me know if I'm missing anything :)

[stephenplusplus]

Thanks for the review @kolea2! Generally for anything that is accessible through the response from "getMetadata()", we won't create an additional method. However, we can of course make an exception if that's a requirement.

How it works now:

const [metadata] = await backup.getMetadata();
console.log(metadata.encryptionInfo);

[craiglabenz]

Looks good from a Node perspective.

[kolea2]

Thanks for the review @kolea2! Generally for anything that is accessible through the response from "getMetadata()", we won't create an additional method. However, we can of course make an exception if that's a requirement.

How it works now:

const [metadata] = await backup.getMetadata();
console.log(metadata.encryptionInfo);

Thank you! Makes sense to me, thanks for the explanation. Will take a look at the rest.

[kolea2]

is this creating a key per test run? If so, I think these will need to be cleaned up as well?

[stephenplusplus]

Good catch, it was. I added a commit that uses the destroy method to schedule the destroy of the key. Please let me know if there's a better or more thorough way to remove these crypto key resources!