Refactor(storage): streamline enforcement flow

thiyaguk09 · thiyaguk09 · commit d4eeb57c105a · 2026-03-18T05:11:41.000Z
- Refactor `set_bucket_encryption_enforcement_config` to apply
enforcement settings during bucket creation instead of a separate update
call.
- Rename test variable to `$enforcementBucketName` to better align with
`BucketEncryptionEnforcementConfig`.
- Update PHPUnit test suite to use a dependent data-passing flow for
improved reliability and cleaner logic.
diff --git a/storage/src/set_bucket_encryption_enforcement_config.php b/storage/src/set_bucket_encryption_enforcement_config.php
@@ -27,7 +27,7 @@
 use Google\Cloud\Storage\StorageClient;
 
 /**
- * Configures a bucket to enforce specific encryption types (e.g., CMEK-only).
+ * Creates a bucket with specific encryption enforcement (e.g., CMEK-only).
  *
  * @param string $bucketName The ID of your GCS bucket (e.g. "my-bucket").
  * @param string $kmsKeyName The name of the KMS key to be used as the default (e.g. "projects/my-project/...").
@@ -53,9 +53,9 @@ function set_bucket_encryption_enforcement_config(string $bucketName, string $km
             ],
         ],
     ];
-    $bucket->update($options);
+    $storage->createBucket($bucketName, $options);
 
-    printf('Encryption enforcement configuration updated for bucket %s.' . PHP_EOL, $bucketName);
+    printf('Bucket %s created with encryption enforcement configuration.' . PHP_EOL, $bucketName);
 }
 # [END storage_set_bucket_encryption_enforcement_config]
 
diff --git a/storage/test/storageTest.php b/storage/test/storageTest.php
@@ -32,7 +32,6 @@ class storageTest extends TestCase
     use TestTrait;
 
     private static $bucketName;
-    private static $kmsEncryptedBucketName;
     private static $storage;
     private static $tempBucket;
     private static $objectRetentionBucketName;
@@ -41,7 +40,6 @@ public static function setUpBeforeClass(): void
     {
         self::checkProjectEnvVars();
         self::$bucketName = self::requireEnv('GOOGLE_STORAGE_BUCKET');
-        self::$kmsEncryptedBucketName = self::$bucketName . '-kms-encrypted';
         self::$storage = new StorageClient();
         self::$tempBucket = self::$storage->createBucket(
             sprintf('%s-test-bucket-%s', self::$projectId, time())
@@ -513,27 +511,31 @@ public function testDownloadEncryptedFileFails()
 
     public function testEnableDefaultKmsKey()
     {
+        $kmsEncryptedBucketName = self::$bucketName . '-kms-encrypted';
+
         $output = $this->runFunctionSnippet('enable_default_kms_key', [
-            self::$kmsEncryptedBucketName,
+            $kmsEncryptedBucketName,
             $this->keyName(),
         ]);
 
         $this->assertEquals($output, sprintf(
             'Default KMS key for %s was set to %s' . PHP_EOL,
-            self::$kmsEncryptedBucketName,
+            $kmsEncryptedBucketName,
             $this->keyName()
         ));
     }
 
     /** @depends testEnableDefaultKmsKey */
     public function testUploadWithKmsKey()
     {
+        $kmsEncryptedBucketName = self::$bucketName . '-kms-encrypted';
+
         $objectName = 'test-object-' . time();
         $uploadFrom = tempnam(sys_get_temp_dir(), '/tests');
         file_put_contents($uploadFrom, 'foo' . rand());
 
         $output = $this->runFunctionSnippet('upload_with_kms_key', [
-            self::$kmsEncryptedBucketName,
+            $kmsEncryptedBucketName,
             $objectName,
             $uploadFrom,
             $this->keyName(),
@@ -542,7 +544,7 @@ public function testUploadWithKmsKey()
         $this->assertEquals($output, sprintf(
             'Uploaded %s to gs://%s/%s using encryption key %s' . PHP_EOL,
             basename($uploadFrom),
-            self::$kmsEncryptedBucketName,
+            $kmsEncryptedBucketName,
             $objectName,
             $this->keyName()
         ));
@@ -553,11 +555,12 @@ public function testUploadWithKmsKey()
     /** @depends testUploadWithKmsKey */
     public function testObjectGetKmsKey(string $objectName)
     {
-        $bucket = self::$storage->bucket(self::$kmsEncryptedBucketName);
+        $kmsEncryptedBucketName = self::$bucketName . '-kms-encrypted';
+        $bucket = self::$storage->bucket($kmsEncryptedBucketName);
         $objectInfo = $bucket->object($objectName)->info();
 
         $output = $this->runFunctionSnippet('object_get_kms_key', [
-            self::$kmsEncryptedBucketName,
+            $kmsEncryptedBucketName,
             $objectName,
         ]);
 
@@ -570,30 +573,33 @@ public function testObjectGetKmsKey(string $objectName)
         );
     }
 
-    /** @depends testEnableDefaultKmsKey */
     public function testSetBucketEncryptionEnforcementConfig()
     {
+        $enforcementBucketName = self::$bucketName . '-enc-enforcement';
+
         $output = $this->runFunctionSnippet('set_bucket_encryption_enforcement_config', [
-            self::$kmsEncryptedBucketName,
+            $enforcementBucketName,
             $this->keyName(),
         ]);
 
         $this->assertEquals($output, sprintf(
-            'Encryption enforcement configuration updated for bucket %s.' . PHP_EOL,
-            self::$kmsEncryptedBucketName
+            'Bucket %s created with encryption enforcement configuration.' . PHP_EOL,
+            $enforcementBucketName
         ));
     }
 
     /** @depends testSetBucketEncryptionEnforcementConfig */
     public function testGetBucketEncryptionEnforcementConfig()
     {
+        $enforcementBucketName = self::$bucketName . '-enc-enforcement';
+
         sleep(2);
         $output = $this->runFunctionSnippet('get_bucket_encryption_enforcement_config', [
-            self::$kmsEncryptedBucketName
+            $enforcementBucketName
         ]);
 
         $this->assertStringContainsString(
-            sprintf('Encryption enforcement configuration for bucket %s.', self::$kmsEncryptedBucketName),
+            sprintf('Encryption enforcement configuration for bucket %s.', $enforcementBucketName),
             $output
         );
         $this->assertStringContainsString(sprintf('Default KMS Key: %s', $this->keyName()), $output);
@@ -605,24 +611,26 @@ public function testGetBucketEncryptionEnforcementConfig()
     /** @depends testGetBucketEncryptionEnforcementConfig */
     public function testUpdateBucketEncryptionEnforcementConfig()
     {
+        $enforcementBucketName = self::$bucketName . '-enc-enforcement';
+
         $output = $this->runFunctionSnippet('update_bucket_encryption_enforcement_config', [
-            self::$kmsEncryptedBucketName
+            $enforcementBucketName
         ]);
 
         $this->assertStringContainsString(
-            sprintf('Google-managed encryption enforcement set to FullyRestricted for %s.', self::$kmsEncryptedBucketName),
+            sprintf('Google-managed encryption enforcement set to FullyRestricted for %s.', $enforcementBucketName),
             $output
         );
 
         $this->assertStringContainsString(
-            sprintf('All encryption enforcement configurations removed from bucket %s.', self::$kmsEncryptedBucketName),
+            sprintf('All encryption enforcement configurations removed from bucket %s.', $enforcementBucketName),
             $output
         );
 
         // Final verification: Ensure 'Get' now shows no configuration
         sleep(2);
         $finalOutput = $this->runFunctionSnippet('get_bucket_encryption_enforcement_config', [
-            self::$kmsEncryptedBucketName
+            $enforcementBucketName
         ]);
 
         $this->assertStringContainsString('No encryption configuration found (Default GMEK is active).', $finalOutput);
