feat(storage): add Object Contexts samples and system tests

storage/getBucketEncryptionEnforcementConfig.js

@@ -0,0 +1,76 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Get Bucket Encryption Enforcement
+//   description: Retrieves the current encryption enforcement configurations for a bucket.
+//   usage: node getBucketEncryptionEnforcementConfig.js <BUCKET_NAME>
+
+function main(bucketName = 'my-bucket') {
+  // [START storage_get_encryption_enforcement_config]
+  /**
+   * TODO(developer): Uncomment the following lines before running the sample.
+   */
+  // The ID of your GCS bucket
+  // const bucketName = 'your-unique-bucket-name';
+
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  async function getBucketEncryptionEnforcementConfig() {
+    const [metadata] = await storage.bucket(bucketName).getMetadata();
+
+    console.log(
+      `Encryption enforcement configuration for bucket ${bucketName}.`
+    );
+    const enc = metadata.encryption;
+    if (!enc) {
+      console.log(
+        'No encryption configuration found (Default GMEK is active).'
+      );
+      return;
+    }
+    console.log(`Default KMS Key: ${enc.defaultKmsKeyName || 'None'}`);
+
+    const printConfig = (label, config) => {
+      if (config) {
+        console.log(`${label}:`);
+        console.log(`  Mode: ${config.restrictionMode}`);
+        console.log(`  Effective: ${config.effectiveTime}`);
+      }
+    };
+
+    printConfig(
+      'Google Managed (GMEK) Enforcement',
+      enc.googleManagedEncryptionEnforcementConfig
+    );
+    printConfig(
+      'Customer Managed (CMEK) Enforcement',
+      enc.customerManagedEncryptionEnforcementConfig
+    );
+    printConfig(
+      'Customer Supplied (CSEK) Enforcement',
+      enc.customerSuppliedEncryptionEnforcementConfig
+    );
+  }
+
+  getBucketEncryptionEnforcementConfig().catch(console.error);
+  // [END storage_get_encryption_enforcement_config]
+}
+main(...process.argv.slice(2));

storage/getObjectContexts.js

@@ -0,0 +1,71 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Get Object Contexts
+//   description: Retrieves the structured Object Contexts from an object.
+//   usage: node getObjectContexts.js <BUCKET_NAME> <FILE_NAME>
+
+/**
+ * This application demonstrates how to retrieve the 'contexts' field from a file
+ * in Google Cloud Storage.
+ */
+
+function main(bucketName = 'my-bucket', fileName = 'test.txt') {
+  // [START storage_get_object_contexts]
+  /**
+   * TODO(developer): Uncomment the following lines before running the sample.
+   */
+  // The ID of your GCS bucket
+  // const bucketName = 'your-unique-bucket-name';
+
+  // The ID of your GCS file
+  // const fileName = 'your-file-name';
+
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  async function getObjectContexts() {
+    // Gets the metadata for the file
+    const [metadata] = await storage
+      .bucket(bucketName)
+      .file(fileName)
+      .getMetadata();
+
+    // Contexts are stored in metadata.contexts.custom
+    if (metadata.contexts && metadata.contexts.custom) {
+      console.log(`Object Contexts for ${fileName}:`);
+
+      // Iterate through the custom contexts to show values and timestamps
+      for (const [key, details] of Object.entries(metadata.contexts.custom)) {
+        console.log(`- Key: ${key}`);
+        console.log(`  Value: ${details.value}`);
+        console.log(`  Created: ${details.createTime}`);
+        console.log(`  Updated: ${details.updateTime}`);
+      }
+    } else {
+      console.log(`No Object Contexts found for ${fileName}.`);
+    }
+  }
+
+  getObjectContexts().catch(console.error);
+  // [END storage_get_object_contexts]
+}
+
+main(...process.argv.slice(2));

storage/listObjectContexts.js

@@ -0,0 +1,104 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: List Objects with Context Filter
+//   description: Lists objects in a bucket that match specific custom contexts.
+//   usage: node listObjectContexts.js <BUCKET_NAME>
+
+/**
+ * This application demonstrates how to list objects in a bucket while filtering
+ * by their custom 'contexts' metadata.
+ */
+
+function main(bucketName = 'my-bucket') {
+  // [START storage_list_object_contexts]
+  /**
+   * TODO(developer): Uncomment the following lines before running the sample.
+   */
+  // The ID of your GCS bucket
+  // const bucketName = 'your-unique-bucket-name';
+
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  async function listObjectContexts() {
+    // Define the filter for contexts.
+    const bucket = storage.bucket(bucketName);
+
+    /**
+     * List any object that has a context with the specified key and value.
+     * Syntax: contexts."<key>"="<value>"
+     */
+    const filterByValue = 'contexts."priority"="high"';
+    const [filesByValue] = await bucket.getFiles({
+      filter: filterByValue,
+    });
+
+    console.log(`\nFiles matching filter [${filterByValue}]:`);
+    filesByValue.forEach(file => console.log(` - ${file.name}`));
+
+    /**
+     * List any object that has a context with the specified key attached.
+     * Syntax: contexts."<key>":*
+     */
+    const filterByExistence = 'contexts."team-owner":*';
+    const [filesWithKey] = await bucket.getFiles({
+      filter: filterByExistence,
+    });
+
+    console.log(
+      `\nFiles with the "team-owner" context key [${filterByExistence}]:`
+    );
+    filesWithKey.forEach(file => console.log(` - ${file.name}`));
+
+    /**
+     * List any object that does not have a context with the specified key and value attached.
+     * Syntax: -contexts."<key>"="<value>"
+     */
+    const absenceOfValuePair = '-contexts."priority"="high"';
+    const [filesNoHighPriority] = await bucket.getFiles({
+      filter: absenceOfValuePair,
+    });
+
+    console.log(
+      `\nFiles matching absence of value pair [${absenceOfValuePair}]:`
+    );
+    filesNoHighPriority.forEach(file => console.log(` - ${file.name}`));
+
+    /**
+     * List any object that does not have a context with the specified key attached.
+     * Syntax: -contexts."<key>":*
+     */
+    const absenceOfKey = '-contexts."team-owner":*';
+    const [filesNoTeamOwner] = await bucket.getFiles({
+      filter: absenceOfKey,
+    });
+
+    console.log(
+      `\nFiles matching absence of key regardless of value [${absenceOfKey}]:`
+    );
+    filesNoTeamOwner.forEach(file => console.log(` - ${file.name}`));
+  }
+
+  listObjectContexts().catch(console.error);
+  // [END storage_list_object_contexts]
+}
+
+main(...process.argv.slice(2));

storage/setBucketEncryptionEnforcementConfig.js

@@ -0,0 +1,93 @@
+// Copyright 2026 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+'use strict';
+
+// sample-metadata:
+//   title: Set Bucket Encryption Enforcement
+//   description: Configures a bucket to enforce specific encryption types (e.g., CMEK-only).
+//   usage: node setBucketEncryptionEnforcementConfig.js <BUCKET_NAME> <KMS_KEY_NAME>
+
+function main(
+  bucketName = 'my-bucket',
+  defaultKmsKeyName = process.env.GOOGLE_CLOUD_KMS_KEY_ASIA
+) {
+  // [START storage_set_encryption_enforcement_config]
+  /**
+   * TODO(developer): Uncomment the following lines before running the sample.
+   */
+  // The ID of your GCS bucket
+  // const bucketName = 'your-unique-bucket-name';
+
+  // The name of the KMS key to be used as the default
+  // const defaultKmsKeyName = 'my-key';
+
+  // Imports the Google Cloud client library
+  const {Storage} = require('@google-cloud/storage');
+
+  // Creates a client
+  const storage = new Storage();
+
+  async function setBucketEncryptionEnforcementConfig() {
+    const options = {
+      encryption: {
+        defaultKmsKeyName,
+        googleManagedEncryptionEnforcementConfig: {
+          restrictionMode: 'FullyRestricted',
+        },
+        customerSuppliedEncryptionEnforcementConfig: {
+          restrictionMode: 'FullyRestricted',
+        },
+        customerManagedEncryptionEnforcementConfig: {
+          restrictionMode: 'NotRestricted',
+        },
+      },
+    };
+
+    const [metadata] = await storage.bucket(bucketName).setMetadata(options);
+
+    console.log(
+      `Encryption enforcement configuration updated for bucket ${bucketName}.`
+    );
+    const enc = metadata.encryption;
+    if (enc) {
+      console.log(`Default KMS Key: ${enc.defaultKmsKeyName}`);
+
+      const logEnforcement = (label, config) => {
+        if (config) {
+          console.log(`${label}:`);
+          console.log(`  Mode: ${config.restrictionMode}`);
+          console.log(`  Effective: ${config.effectiveTime}`);
+        }
+      };
+
+      logEnforcement(
+        'Google Managed (GMEK) Enforcement',
+        enc.googleManagedEncryptionEnforcementConfig
+      );
+      logEnforcement(
+        'Customer Managed (CMEK) Enforcement',
+        enc.customerManagedEncryptionEnforcementConfig
+      );
+      logEnforcement(
+        'Customer Supplied (CSEK) Enforcement',
+        enc.customerSuppliedEncryptionEnforcementConfig
+      );
+    }
+  }
+
+  setBucketEncryptionEnforcementConfig().catch(console.error);
+  // [END storage_set_encryption_enforcement_config]
+}
+main(...process.argv.slice(2));