add primary key version (#9651)

* add primary key version

* Update mmv1/products/kms/CryptoKey.yaml

Co-authored-by: Stephen Lewis (Burrows) <[email protected]>

* address PR comments

* add resource attribute check

* fix test

* indexed value

* fmt

* 8th time's the charm

---------

Co-authored-by: Stephen Lewis (Burrows) <[email protected]>

mmv1/products/kms/CryptoKey.yaml

@@ -85,6 +85,23 @@ properties:
     name: 'labels'
     description: |
       Labels with user-defined metadata to apply to this resource.
+  - !ruby/object:Api::Type::NestedObject
+    name: 'primary'
+    description: |
+      A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
+      Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
+    output: true
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        description: |
+          The resource name for this CryptoKeyVersion.
+        output: true
+      - !ruby/object:Api::Type::String
+        name: 'state'
+        description: |
+          The current state of the CryptoKeyVersion.
+        output: true
   - !ruby/object:Api::Type::String
     name: 'purpose'
     description: |

mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go

@@ -150,6 +150,9 @@ func TestAccKmsCryptoKey_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testGoogleKmsCryptoKey_basic(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("google_kms_crypto_key.crypto_key", "primary.0.name"),
+				),
 			},
 			{
 				ResourceName:            "google_kms_crypto_key.crypto_key",