From 264a604e5b2897c6f9d488086d70e29917eb83d5 Mon Sep 17 00:00:00 2001
From: Jon Wayne Parrott <jon.wayne.parrott@gmail.com>
Date: Tue, 10 May 2016 10:59:07 -0700
Subject: [PATCH] Adding test for customer-supplied disk encryption key. Fixes
 #281

Change-Id: I4380eabd4602cc06cd6946ac0ca20d1d543c3935
---
 .../generate_wrapped_rsa_key_test.py          | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/compute/encryption/generate_wrapped_rsa_key_test.py b/compute/encryption/generate_wrapped_rsa_key_test.py
index e309be743e6..92d919e1801 100644
--- a/compute/encryption/generate_wrapped_rsa_key_test.py
+++ b/compute/encryption/generate_wrapped_rsa_key_test.py
@@ -11,8 +11,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import os
+
 import generate_wrapped_rsa_key
+from googleapiclient import discovery
+from oauth2client.client import GoogleCredentials
 
 
 def test_main():
     generate_wrapped_rsa_key.main(None)
+
+
+def test_create_disk(cloud_config):
+    credentials = GoogleCredentials.get_application_default()
+    compute = discovery.build('compute', 'beta', credentials=credentials)
+
+    # Generate the key.
+    key_bytes = os.urandom(32)
+    google_public_key = generate_wrapped_rsa_key.get_google_public_cert_key()
+    wrapped_rsa_key = generate_wrapped_rsa_key.wrap_rsa_key(
+        google_public_key, key_bytes)
+
+    # Create the disk, if the encryption key is invalid, this will raise.
+    compute.disks().insert(
+        project=cloud_config.project,
+        zone='us-central1-f',
+        body={
+            'name': 'new-encrypted-disk',
+            'diskEncryptionKey': {
+                'rsaEncryptedKey': wrapped_rsa_key.decode('utf-8')
+            }
+        }).execute()
+
+    # Delete the disk.
+    compute.disks().delete(
+        project=cloud_config.project,
+        zone='us-central1-f',
+        disk='new-encrypted-disk').execute()