Feat: add bucket encryption enforcement configuration

[thiyaguk09]

Description

This PR implements support for Bucket Encryption Enforcement in the BucketMetadata interface. This feature allows users to restrict object creation based on specific encryption types (Google-managed, Customer-managed, or Customer-supplied).

Key Changes:

• Added googleManagedEncryptionEnforcementConfig, customerManagedEncryptionEnforcementConfig, and customerSuppliedEncryptionEnforcementConfig to the BucketMetadata interface.
• Included the server-generated effectiveTime (readonly) and restrictionMode fields for each configuration type.
• Added three new code samples: setBucketEncryptionEnforcementConfig, getBucketEncryptionEnforcementConfig, and removeAllBucketEncryptionEnforcementConfig.

Impact

This is a non-breaking feature addition. It enables security-conscious users to enforce CMEK-only (Customer-Managed Encryption Keys) policies at the bucket level, aligning the Node.js library with the latest GCS API capabilities.

Testing

• Unit Tests: Added coverage in test/bucket.ts to verify that metadata is correctly serialized into PATCH requests. All tests follow the recommended pattern of mocking the underlying request layer.
• System Tests: Added new test cases in system-test/storage.ts that execute the sample scripts against a live GCS project to verify end-to-end functionality and backend state persistence.
• Samples: Verified that all three new samples run successfully and produce human-readable output.

Additional Information

Note that effectiveTime is treated as a read-only field populated by the server, which is verified in the system tests.

Checklist

• Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
• Ensure the tests and linter pass
• Code coverage does not decrease
• Appropriate docs were updated
• Appropriate comments were added, particularly in complex areas or places that require background
• No new warnings or issues will be generated from this change

Fixes #🦕

[gemini-code-assist]

Summary of Changes

Hello @thiyaguk09, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the BucketMetadata interface to support advanced encryption enforcement configurations for Google Cloud Storage buckets. It allows users to define policies that restrict object creation based on the type of encryption used (Google-managed, customer-managed, or customer-supplied), thereby providing greater control over data security and compliance.

Highlights

• New Encryption Enforcement Configuration: Introduced a new EncryptionEnforcementConfig interface and integrated it into the BucketMetadata interface to define encryption restriction modes and effective times.
• Support for Multiple Encryption Types: Added dedicated fields within BucketMetadata.encryption for googleManagedEncryptionEnforcementConfig, customerManagedEncryptionEnforcementConfig, and customerSuppliedEncryptionEnforcementConfig.
• Updated Documentation and Examples: Included JSDoc examples for bucket.setMetadata to clearly demonstrate how to configure CMEK-only enforcement, blocking other encryption types.
• Comprehensive Unit Tests: Added new unit tests to validate the parsing, patching, and serialization of these new encryption enforcement configurations, covering scenarios like partial updates, invalid values, and nullification.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[thiyaguk09]

/gemini review

[gemini-code-assist]

Code Review

This pull request adds support for encryption enforcement configurations in BucketMetadata, which is a great feature. The interface changes and JSDoc examples are clear. However, the new unit tests for setMetadata are flawed as they mock the method being tested, rendering them ineffective. I've provided a detailed comment with a suggestion on how to fix this to ensure the new functionality is properly tested.

[gemini-code-assist]

Code Review

This pull request adds support for encryption enforcement configurations in BucketMetadata. The changes to the BucketMetadata interface and the addition of the EncryptionEnforcementConfig interface are correct. The new JSDoc example is also a good addition.

However, the new unit tests for setMetadata are not effectively testing the functionality. They mock the method under test, which makes them tautological. I've provided a detailed comment with a suggestion on how to refactor them to properly test the behavior by mocking the underlying request method.

[thiyaguk09]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces support for encryption enforcement configurations in BucketMetadata, allowing for more granular control over object encryption within a bucket. The changes include updates to the BucketMetadata interface, new JSDoc examples, and a comprehensive set of new samples and tests.

The implementation looks solid, but I've found a few issues:

• A minor typo in a log message within one of the new sample files.
• Several system tests have assertions that do not match the output of the sample scripts they are testing, which will cause them to fail.
• The new unit tests for setMetadata are flawed as they mock the method under test, rendering them ineffective. I've provided a detailed comment on how to refactor them.

Addressing these points will improve the quality and correctness of the new code and its tests.

[mahendra-google]

LGTM