From cc421c4ffd35fe8d85384534c5ff021e4ecb042f Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Mon, 4 Dec 2023 12:09:50 -0800 Subject: [PATCH 01/13] Add folder and organization setting resources --- mmv1/products/logging/FolderSettings.yaml | 84 ++++++++++++ .../logging/OrganizationSettings.yaml | 82 ++++++++++++ .../examples/logging_folder_settings.tf.erb | 33 +++++ .../logging_organization_settings.tf.erb | 28 ++++ .../resource_logging_folder_settings_test.go | 120 ++++++++++++++++++ ...urce_logging_organization_settings_test.go | 108 ++++++++++++++++ 6 files changed, 455 insertions(+) create mode 100644 mmv1/products/logging/FolderSettings.yaml create mode 100644 mmv1/products/logging/OrganizationSettings.yaml create mode 100644 mmv1/templates/terraform/examples/logging_folder_settings.tf.erb create mode 100644 mmv1/templates/terraform/examples/logging_organization_settings.tf.erb create mode 100644 mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go create mode 100644 mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml new file mode 100644 index 000000000000..13703fbbc67a --- /dev/null +++ b/mmv1/products/logging/FolderSettings.yaml @@ -0,0 +1,84 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'FolderSettings' +description: | + Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configure default settings for organizations and folders': 'https://cloud.google.com/logging/docs/default-settings' + api: 'https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings' +base_url: 'folders/{{folder}}/settings' +self_link: 'folders/{{folder}}/settings' +import_format: ['folders/{{folder}}/settings'] +# Hardcode the updateMask since d.HasChanged does not work on create. +create_url: 'folders/{{folder}}/settings?updateMask=disableDefaultSink,storageLocation,kmsKeyName' +update_url: 'folders/{{folder}}/settings?updateMask=disableDefaultSink,storageLocation,kmsKeyName' +# This is a singleton resource that already is created, so create +# is really an update, and therefore should be PATCHed. +create_verb: :PATCH +update_verb: :PATCH +# update_mask: true +# This is a singleton resource that cannot be deleted, so skip delete. +skip_delete: true +autogen_async: false +examples: + - !ruby/object:Provider::Terraform::Examples + name: "logging_folder_settings" + primary_resource_id: "example" + vars: + key_name: "k-" + keyring_name: "keyring-" + folder_name: "folder-" + test_env_vars: + org_id: :ORG_ID +parameters: + - !ruby/object:Api::Type::String + name: 'folder' + required: yes + immutable: yes + url_param_only: yes + description: | + The folder for which to retrieve settings. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the settings. + - !ruby/object:Api::Type::String + name: kmsKeyName + default_from_api: true + description: | + The resource name for the configured Cloud KMS key. + - !ruby/object:Api::Type::String + name: kmsServiceAccountId + output: true + description: | + The service account that will be used by the Log Router to access your Cloud KMS key. + - !ruby/object:Api::Type::String + name: storageLocation + default_from_api: true + description: | + The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. + - !ruby/object:Api::Type::Boolean + name: disableDefaultSink + default_from_api: true + description: | + If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + - !ruby/object:Api::Type::String + name: loggingServiceAccountId + output: true + description: | + The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml new file mode 100644 index 000000000000..9e1b9ee091f6 --- /dev/null +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -0,0 +1,82 @@ +# Copyright 2023 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'OrganizationSettings' +description: | + Default resource settings control whether CMEK is required for new log buckets. These settings also determine the storage location for the _Default and _Required log buckets, and whether the _Default sink is enabled or disabled. +references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Configure default settings for organizations and folders': 'https://cloud.google.com/logging/docs/default-settings' + api: 'https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getSettings' +base_url: 'organizations/{{organization}}/settings' +self_link: 'organizations/{{organization}}/settings' +import_format: ['organizations/{{organization}}/settings'] +# Hardcode the updateMask since d.HasChanged does not work on create. +create_url: 'organizations/{{organization}}/settings?updateMask=disableDefaultSink,storageLocation,kmsKeyName' +update_url: 'organizations/{{organization}}/settings?updateMask=disableDefaultSink,storageLocation,kmsKeyName' +# This is a singleton resource that already is created, so create +# is really an update, and therefore should be PATCHed. +create_verb: :PATCH +update_verb: :PATCH +# This is a singleton resource that cannot be deleted, so skip delete. +skip_delete: true +autogen_async: false +examples: + - !ruby/object:Provider::Terraform::Examples + name: "logging_organization_settings" + primary_resource_id: "example" + vars: + key_name: "key-" + keyring_name: "keyring-" + test_env_vars: + org_id: :ORG_ID +parameters: + - !ruby/object:Api::Type::String + name: 'organization' + required: yes + immutable: yes + url_param_only: yes + description: | + The organization for which to retrieve or configure settings. +properties: + - !ruby/object:Api::Type::String + name: name + output: true + description: | + The resource name of the settings. + - !ruby/object:Api::Type::String + name: kmsKeyName + default_from_api: true + description: | + The resource name for the configured Cloud KMS key. + - !ruby/object:Api::Type::String + name: kmsServiceAccountId + output: true + description: | + The service account that will be used by the Log Router to access your Cloud KMS key. + - !ruby/object:Api::Type::String + name: storageLocation + default_from_api: true + description: | + The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided. + - !ruby/object:Api::Type::Boolean + name: disableDefaultSink + default_from_api: true + description: | + If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed. + - !ruby/object:Api::Type::String + name: loggingServiceAccountId + output: true + description: | + The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided. diff --git a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb new file mode 100644 index 000000000000..f6ad24ded6c5 --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb @@ -0,0 +1,33 @@ +resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { + disable_default_sink = true + folder = google_folder.my_folder.folder_id + kms_key_name = google_kms_crypto_key.key.id + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "<%= ctx[:vars]['keyring_name'] %>" + location = "us-central1" +} + +resource "google_kms_crypto_key" "key" { + name = "<%= ctx[:vars]['key_name'] %>" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +resource "google_folder" "my_folder" { + display_name = "<%= ctx[:vars]['folder_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb new file mode 100644 index 000000000000..e272d041890e --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb @@ -0,0 +1,28 @@ +resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { + disable_default_sink = true + kms_key_name = google_kms_crypto_key.key.id + organization = "<%= ctx[:test_env_vars]['org_id'] %>" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "<%= ctx[:vars]['keyring_name'] %>" + location = "us-central1" +} + +resource "google_kms_crypto_key" "key" { + name = "<%= ctx[:vars]['key_name'] %>" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +data "google_logging_organization_settings" "settings" { + organization = "<%= ctx[:test_env_vars]['org_id'] %>" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go new file mode 100644 index 000000000000..ef60ebe250fb --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go @@ -0,0 +1,120 @@ +package logging_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccLoggingFolderSettings_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": envvar.GetTestOrgFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccLoggingFolderSettings_full(context), + }, + { + ResourceName: "google_logging_folder_settings.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"folder"}, + }, + { + Config: testAccLoggingFolderSettings_update(context), + }, + { + ResourceName: "google_logging_folder_settings.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"folder"}, + }, + }, + }) +} + +func testAccLoggingFolderSettings_full(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_logging_folder_settings" "example" { + disable_default_sink = true + folder = google_folder.my_folder.folder_id + kms_key_name = google_kms_crypto_key.key.id + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "tf-test-keyring-%{random_suffix}" + location = "us-central1" +} + +resource "google_kms_crypto_key" "key" { + name = "tf-test-k-%{random_suffix}" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +resource "google_folder" "my_folder" { + display_name = "tf-test-folder-%{random_suffix}" + parent = "organizations/%{org_id}" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" +} +`, context) +} + +func testAccLoggingFolderSettings_update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_logging_folder_settings" "example" { + disable_default_sink = false + folder = google_folder.my_folder.folder_id + kms_key_name = google_kms_crypto_key.key.id + storage_location = "us-east1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "tf-test-keyring-%{random_suffix}" + location = "us-east1" +} + +resource "google_kms_crypto_key" "key" { + name = "tf-test-k-%{random_suffix}" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +resource "google_folder" "my_folder" { + display_name = "tf-test-folder-%{random_suffix}" + parent = "organizations/%{org_id}" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go new file mode 100644 index 000000000000..e763d6470d24 --- /dev/null +++ b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go @@ -0,0 +1,108 @@ +package logging_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccLoggingOrganizationSettings_update(t *testing.T) { + context := map[string]interface{}{ + "org_id": envvar.GetTestOrgFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccLoggingOrganizationSettings_full(context), + }, + { + ResourceName: "google_logging_organization_settings.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"organization"}, + }, + { + Config: testAccLoggingOrganizationSettings_update(context), + }, + { + ResourceName: "google_logging_organization_settings.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"organization"}, + }, + }, + }) +} + +func testAccLoggingOrganizationSettings_full(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_logging_organization_settings" "example" { + disable_default_sink = false + kms_key_name = google_kms_crypto_key.key.id + organization = "%{org_id}" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "tf-test-keyring-%{random_suffix}" + location = "us-central1" +} + +resource "google_kms_crypto_key" "key" { + name = "tf-test-key-%{random_suffix}" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +data "google_logging_organization_settings" "settings" { + organization = "%{org_id}" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} +`, context) +} + +func testAccLoggingOrganizationSettings_update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_logging_organization_settings" "example" { + disable_default_sink = true + kms_key_name = google_kms_crypto_key.key.id + organization = "%{org_id}" + storage_location = "us-east1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_kms_key_ring" "keyring" { + name = "tf-test-keyring-%{random_suffix}" + location = "us-east1" +} + +resource "google_kms_crypto_key" "key" { + name = "tf-test-key-%{random_suffix}" + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +data "google_logging_organization_settings" "settings" { + organization = "%{org_id}" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = google_kms_crypto_key.key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} +`, context) +} From 892c2e1b0bd75ac4544052a3dc681a6d153c2894 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Wed, 6 Dec 2023 14:38:07 -0800 Subject: [PATCH 02/13] Try GetTestOrgTargetFromEnv instead of GetTestOrgFromEnv. --- .../logging/resource_logging_organization_settings_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go index e763d6470d24..0c36097269ae 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go @@ -11,7 +11,7 @@ import ( func TestAccLoggingOrganizationSettings_update(t *testing.T) { context := map[string]interface{}{ - "org_id": envvar.GetTestOrgFromEnv(t), + "org_id": envvar.GetTestOrgTargetFromEnv(t), "random_suffix": acctest.RandString(t, 10), } From 68fa6d680f9fc854d7c05558b0248bfb7dc32485 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Fri, 8 Dec 2023 09:01:26 -0800 Subject: [PATCH 03/13] Use correct organization for testing. --- mmv1/products/logging/OrganizationSettings.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index 9e1b9ee091f6..a09a8500c631 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -40,7 +40,7 @@ examples: key_name: "key-" keyring_name: "keyring-" test_env_vars: - org_id: :ORG_ID + org_id: :ORG_TARGET parameters: - !ruby/object:Api::Type::String name: 'organization' From 818e52edb2a31980482c6053efb354f85ffc958a Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Fri, 8 Dec 2023 09:01:44 -0800 Subject: [PATCH 04/13] Remove key rotation to fix VCR test. --- mmv1/templates/terraform/examples/logging_folder_settings.tf.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb index f6ad24ded6c5..a453cd7a6a80 100644 --- a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb +++ b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb @@ -14,7 +14,6 @@ resource "google_kms_key_ring" "keyring" { resource "google_kms_crypto_key" "key" { name = "<%= ctx[:vars]['key_name'] %>" key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" } resource "google_folder" "my_folder" { From f06a4af0633cd66167f1dd08eb56969e5ebf0053 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Fri, 8 Dec 2023 18:19:46 -0800 Subject: [PATCH 05/13] Don't specify fields matching default values. --- mmv1/products/logging/FolderSettings.yaml | 1 - mmv1/products/logging/OrganizationSettings.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml index 13703fbbc67a..ddee480039ac 100644 --- a/mmv1/products/logging/FolderSettings.yaml +++ b/mmv1/products/logging/FolderSettings.yaml @@ -32,7 +32,6 @@ update_verb: :PATCH # update_mask: true # This is a singleton resource that cannot be deleted, so skip delete. skip_delete: true -autogen_async: false examples: - !ruby/object:Provider::Terraform::Examples name: "logging_folder_settings" diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index a09a8500c631..5221b0edc992 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -31,7 +31,6 @@ create_verb: :PATCH update_verb: :PATCH # This is a singleton resource that cannot be deleted, so skip delete. skip_delete: true -autogen_async: false examples: - !ruby/object:Provider::Terraform::Examples name: "logging_organization_settings" From 7b76955d84f563f712d6e7d3aefc3eb3e3896ac9 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Fri, 8 Dec 2023 18:20:44 -0800 Subject: [PATCH 06/13] Specify true instead of yes. --- mmv1/products/logging/FolderSettings.yaml | 6 +++--- mmv1/products/logging/OrganizationSettings.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml index ddee480039ac..aa463cff71db 100644 --- a/mmv1/products/logging/FolderSettings.yaml +++ b/mmv1/products/logging/FolderSettings.yaml @@ -45,9 +45,9 @@ examples: parameters: - !ruby/object:Api::Type::String name: 'folder' - required: yes - immutable: yes - url_param_only: yes + required: true + immutable: true + url_param_only: true description: | The folder for which to retrieve settings. properties: diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index 5221b0edc992..d8d17e4fa0c1 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -43,9 +43,9 @@ examples: parameters: - !ruby/object:Api::Type::String name: 'organization' - required: yes - immutable: yes - url_param_only: yes + required: true + immutable: true + url_param_only: true description: | The organization for which to retrieve or configure settings. properties: From d2dbe1f59f0f65deca14455ab4b0461ba0f12c3c Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Fri, 8 Dec 2023 18:48:09 -0800 Subject: [PATCH 07/13] Use BootstrapKMSKeyInLocation instead of creating new keys. --- mmv1/products/logging/FolderSettings.yaml | 7 ++-- .../logging/OrganizationSettings.yaml | 5 ++- .../examples/logging_folder_settings.tf.erb | 18 ++------- .../logging_organization_settings.tf.erb | 19 ++------- .../resource_logging_folder_settings_test.go | 40 +++++-------------- ...urce_logging_organization_settings_test.go | 40 +++++-------------- 6 files changed, 35 insertions(+), 94 deletions(-) diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml index aa463cff71db..9284e73e647f 100644 --- a/mmv1/products/logging/FolderSettings.yaml +++ b/mmv1/products/logging/FolderSettings.yaml @@ -37,11 +37,12 @@ examples: name: "logging_folder_settings" primary_resource_id: "example" vars: - key_name: "k-" - keyring_name: "keyring-" - folder_name: "folder-" + key_name: "kms-key" + folder_name: "folder-name" test_env_vars: org_id: :ORG_ID + test_vars_overrides: + key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' parameters: - !ruby/object:Api::Type::String name: 'folder' diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index d8d17e4fa0c1..d8b0856ec18c 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -36,10 +36,11 @@ examples: name: "logging_organization_settings" primary_resource_id: "example" vars: - key_name: "key-" - keyring_name: "keyring-" + key_name: "kms-key" test_env_vars: org_id: :ORG_TARGET + test_vars_overrides: + key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' parameters: - !ruby/object:Api::Type::String name: 'organization' diff --git a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb index a453cd7a6a80..35a35ccd6fac 100644 --- a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb +++ b/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb @@ -1,21 +1,11 @@ resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { disable_default_sink = true folder = google_folder.my_folder.folder_id - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = "<%= ctx[:vars]['key_name'] %>" storage_location = "us-central1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "<%= ctx[:vars]['keyring_name'] %>" - location = "us-central1" -} - -resource "google_kms_crypto_key" "key" { - name = "<%= ctx[:vars]['key_name'] %>" - key_ring = google_kms_key_ring.keyring.id -} - resource "google_folder" "my_folder" { display_name = "<%= ctx[:vars]['folder_name'] %>" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" @@ -26,7 +16,7 @@ data "google_logging_folder_settings" "settings" { } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" } \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb index e272d041890e..dd4b38bde6dd 100644 --- a/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb +++ b/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb @@ -1,28 +1,17 @@ resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { disable_default_sink = true - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = "<%= ctx[:vars]['key_name'] %>" organization = "<%= ctx[:test_env_vars]['org_id'] %>" storage_location = "us-central1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "<%= ctx[:vars]['keyring_name'] %>" - location = "us-central1" -} - -resource "google_kms_crypto_key" "key" { - name = "<%= ctx[:vars]['key_name'] %>" - key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" -} - data "google_logging_organization_settings" "settings" { organization = "<%= ctx[:test_env_vars]['org_id'] %>" } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" } \ No newline at end of file diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go index ef60ebe250fb..cd1955fafbb7 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go @@ -15,6 +15,8 @@ func TestAccLoggingFolderSettings_update(t *testing.T) { context := map[string]interface{}{ "org_id": envvar.GetTestOrgFromEnv(t), "random_suffix": acctest.RandString(t, 10), + "original_key": acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name, + "updated_key": acctest.BootstrapKMSKeyInLocation(t, "us-east1").CryptoKey.Name, } acctest.VcrTest(t, resource.TestCase{ @@ -48,22 +50,11 @@ func testAccLoggingFolderSettings_full(context map[string]interface{}) string { resource "google_logging_folder_settings" "example" { disable_default_sink = true folder = google_folder.my_folder.folder_id - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = %{original_key} storage_location = "us-central1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "tf-test-keyring-%{random_suffix}" - location = "us-central1" -} - -resource "google_kms_crypto_key" "key" { - name = "tf-test-k-%{random_suffix}" - key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" -} - resource "google_folder" "my_folder" { display_name = "tf-test-folder-%{random_suffix}" parent = "organizations/%{org_id}" @@ -74,9 +65,9 @@ data "google_logging_folder_settings" "settings" { } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" + crypto_key_id = "%{original_key}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" } `, context) } @@ -86,22 +77,11 @@ func testAccLoggingFolderSettings_update(context map[string]interface{}) string resource "google_logging_folder_settings" "example" { disable_default_sink = false folder = google_folder.my_folder.folder_id - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = "%{updated_key}" storage_location = "us-east1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "tf-test-keyring-%{random_suffix}" - location = "us-east1" -} - -resource "google_kms_crypto_key" "key" { - name = "tf-test-k-%{random_suffix}" - key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" -} - resource "google_folder" "my_folder" { display_name = "tf-test-folder-%{random_suffix}" parent = "organizations/%{org_id}" @@ -112,9 +92,9 @@ data "google_logging_folder_settings" "settings" { } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" + crypto_key_id = "%{updated_key}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" } `, context) } diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go index 0c36097269ae..da8d50ee1ece 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go @@ -13,6 +13,8 @@ func TestAccLoggingOrganizationSettings_update(t *testing.T) { context := map[string]interface{}{ "org_id": envvar.GetTestOrgTargetFromEnv(t), "random_suffix": acctest.RandString(t, 10), + "original_key": acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name, + "updated_key": acctest.BootstrapKMSKeyInLocation(t, "us-east1").CryptoKey.Name, } acctest.VcrTest(t, resource.TestCase{ @@ -45,31 +47,20 @@ func testAccLoggingOrganizationSettings_full(context map[string]interface{}) str return acctest.Nprintf(` resource "google_logging_organization_settings" "example" { disable_default_sink = false - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = "%{original_key}" organization = "%{org_id}" storage_location = "us-central1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "tf-test-keyring-%{random_suffix}" - location = "us-central1" -} - -resource "google_kms_crypto_key" "key" { - name = "tf-test-key-%{random_suffix}" - key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" -} - data "google_logging_organization_settings" "settings" { organization = "%{org_id}" } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" + crypto_key_id = "%{original_key}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" } `, context) } @@ -78,31 +69,20 @@ func testAccLoggingOrganizationSettings_update(context map[string]interface{}) s return acctest.Nprintf(` resource "google_logging_organization_settings" "example" { disable_default_sink = true - kms_key_name = google_kms_crypto_key.key.id + kms_key_name = "%{updated_key}" organization = "%{org_id}" storage_location = "us-east1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } -resource "google_kms_key_ring" "keyring" { - name = "tf-test-keyring-%{random_suffix}" - location = "us-east1" -} - -resource "google_kms_crypto_key" "key" { - name = "tf-test-key-%{random_suffix}" - key_ring = google_kms_key_ring.keyring.id - rotation_period = "100000s" -} - data "google_logging_organization_settings" "settings" { organization = "%{org_id}" } resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = google_kms_crypto_key.key.id - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" + crypto_key_id = "%{updated_key}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" } `, context) } From 77c071b76159211bb9f89260390c15040953fa06 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Mon, 11 Dec 2023 09:59:50 -0800 Subject: [PATCH 08/13] Add missing quotes --- .../services/logging/resource_logging_folder_settings_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go index cd1955fafbb7..3ada4aa25687 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go @@ -50,7 +50,7 @@ func testAccLoggingFolderSettings_full(context map[string]interface{}) string { resource "google_logging_folder_settings" "example" { disable_default_sink = true folder = google_folder.my_folder.folder_id - kms_key_name = %{original_key} + kms_key_name = "%{original_key}" storage_location = "us-central1" depends_on = [ google_kms_crypto_key_iam_member.iam ] } From 73ad195426c73797d5c81ba06d2868b82dcea7c2 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Mon, 11 Dec 2023 13:29:25 -0800 Subject: [PATCH 09/13] Add additional examples to generate additional tests. --- mmv1/products/logging/FolderSettings.yaml | 26 ++++++++++++++++++- .../logging/OrganizationSettings.yaml | 21 ++++++++++++++- ...erb => logging_folder_settings_all.tf.erb} | 0 .../logging_folder_settings_only_cmek.tf.erb | 21 +++++++++++++++ ...older_settings_only_disable_default.tf.erb | 13 ++++++++++ ...gging_folder_settings_only_location.tf.erb | 13 ++++++++++ ... logging_organization_settings_all.tf.erb} | 0 ...ing_organization_settings_only_cmek.tf.erb | 17 ++++++++++++ ...ation_settings_only_disable_default.tf.erb | 17 ++++++++++++ ...organization_settings_only_location.tf.erb | 17 ++++++++++++ 10 files changed, 143 insertions(+), 2 deletions(-) rename mmv1/templates/terraform/examples/{logging_folder_settings.tf.erb => logging_folder_settings_all.tf.erb} (100%) create mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb create mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb create mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb rename mmv1/templates/terraform/examples/{logging_organization_settings.tf.erb => logging_organization_settings_all.tf.erb} (100%) create mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb create mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb create mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml index 9284e73e647f..0ee13707e15e 100644 --- a/mmv1/products/logging/FolderSettings.yaml +++ b/mmv1/products/logging/FolderSettings.yaml @@ -34,7 +34,7 @@ update_verb: :PATCH skip_delete: true examples: - !ruby/object:Provider::Terraform::Examples - name: "logging_folder_settings" + name: "logging_folder_settings_all" primary_resource_id: "example" vars: key_name: "kms-key" @@ -43,6 +43,30 @@ examples: org_id: :ORG_ID test_vars_overrides: key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - !ruby/object:Provider::Terraform::Examples + name: "logging_folder_settings_only_cmek" + primary_resource_id: "example" + vars: + key_name: "kms-key" + folder_name: "folder-name" + test_env_vars: + org_id: :ORG_ID + test_vars_overrides: + key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - !ruby/object:Provider::Terraform::Examples + name: "logging_folder_settings_only_location" + primary_resource_id: "example" + vars: + folder_name: "folder-name" + test_env_vars: + org_id: :ORG_ID + - !ruby/object:Provider::Terraform::Examples + name: "logging_folder_settings_only_disable_default" + primary_resource_id: "example" + vars: + folder_name: "folder-name" + test_env_vars: + org_id: :ORG_ID parameters: - !ruby/object:Api::Type::String name: 'folder' diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index d8b0856ec18c..18e6b50e3b81 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -33,7 +33,7 @@ update_verb: :PATCH skip_delete: true examples: - !ruby/object:Provider::Terraform::Examples - name: "logging_organization_settings" + name: "logging_organization_settings_all" primary_resource_id: "example" vars: key_name: "kms-key" @@ -41,6 +41,25 @@ examples: org_id: :ORG_TARGET test_vars_overrides: key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - !ruby/object:Provider::Terraform::Examples + name: "logging_organization_settings_only_cmek" + primary_resource_id: "example" + vars: + key_name: "kms-key" + test_env_vars: + org_id: :ORG_TARGET + test_vars_overrides: + key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - !ruby/object:Provider::Terraform::Examples + name: "logging_organization_settings_only_location" + primary_resource_id: "example" + test_env_vars: + org_id: :ORG_TARGET + - !ruby/object:Provider::Terraform::Examples + name: "logging_organization_settings_only_disable_default" + primary_resource_id: "example" + test_env_vars: + org_id: :ORG_TARGET parameters: - !ruby/object:Api::Type::String name: 'organization' diff --git a/mmv1/templates/terraform/examples/logging_folder_settings.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_all.tf.erb similarity index 100% rename from mmv1/templates/terraform/examples/logging_folder_settings.tf.erb rename to mmv1/templates/terraform/examples/logging_folder_settings_all.tf.erb diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb new file mode 100644 index 000000000000..530e5fa67e86 --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb @@ -0,0 +1,21 @@ +resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { + folder = google_folder.my_folder.folder_id + kms_key_name = "<%= ctx[:vars]['key_name'] %>" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +resource "google_folder" "my_folder" { + display_name = "<%= ctx[:vars]['folder_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb new file mode 100644 index 000000000000..3452f319103a --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb @@ -0,0 +1,13 @@ +resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { + folder = google_folder.my_folder.folder_id + disable_default_sink = true +} + +resource "google_folder" "my_folder" { + display_name = "<%= ctx[:vars]['folder_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb new file mode 100644 index 000000000000..dd1243e3fc24 --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb @@ -0,0 +1,13 @@ +resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { + folder = google_folder.my_folder.folder_id + storage_location = "us-central1" +} + +resource "google_folder" "my_folder" { + display_name = "<%= ctx[:vars]['folder_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" +} + +data "google_logging_folder_settings" "settings" { + folder = google_folder.my_folder.folder_id +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_all.tf.erb similarity index 100% rename from mmv1/templates/terraform/examples/logging_organization_settings.tf.erb rename to mmv1/templates/terraform/examples/logging_organization_settings_all.tf.erb diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb new file mode 100644 index 000000000000..dd4b38bde6dd --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb @@ -0,0 +1,17 @@ +resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { + disable_default_sink = true + kms_key_name = "<%= ctx[:vars]['key_name'] %>" + organization = "<%= ctx[:test_env_vars]['org_id'] %>" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +data "google_logging_organization_settings" "settings" { + organization = "<%= ctx[:test_env_vars]['org_id'] %>" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb new file mode 100644 index 000000000000..dd4b38bde6dd --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb @@ -0,0 +1,17 @@ +resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { + disable_default_sink = true + kms_key_name = "<%= ctx[:vars]['key_name'] %>" + organization = "<%= ctx[:test_env_vars]['org_id'] %>" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +data "google_logging_organization_settings" "settings" { + organization = "<%= ctx[:test_env_vars]['org_id'] %>" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb new file mode 100644 index 000000000000..dd4b38bde6dd --- /dev/null +++ b/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb @@ -0,0 +1,17 @@ +resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { + disable_default_sink = true + kms_key_name = "<%= ctx[:vars]['key_name'] %>" + organization = "<%= ctx[:test_env_vars]['org_id'] %>" + storage_location = "us-central1" + depends_on = [ google_kms_crypto_key_iam_member.iam ] +} + +data "google_logging_organization_settings" "settings" { + organization = "<%= ctx[:test_env_vars]['org_id'] %>" +} + +resource "google_kms_crypto_key_iam_member" "iam" { + crypto_key_id = "<%= ctx[:vars]['key_name'] %>" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" +} \ No newline at end of file From 08c51daf542f0e9346a58a03d781248bbe4e28e1 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Mon, 11 Dec 2023 15:45:19 -0800 Subject: [PATCH 10/13] Remove unneeded resources from examples. --- ..._folder_settings_only_disable_default.tf.erb | 4 ---- ...logging_folder_settings_only_location.tf.erb | 4 ---- ...ization_settings_only_disable_default.tf.erb | 13 ------------- ...g_organization_settings_only_location.tf.erb | 17 ++--------------- 4 files changed, 2 insertions(+), 36 deletions(-) diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb index 3452f319103a..0345d4564a5f 100644 --- a/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb +++ b/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb @@ -7,7 +7,3 @@ resource "google_folder" "my_folder" { display_name = "<%= ctx[:vars]['folder_name'] %>" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" } - -data "google_logging_folder_settings" "settings" { - folder = google_folder.my_folder.folder_id -} diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb index dd1243e3fc24..5d498aedfa3f 100644 --- a/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb +++ b/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb @@ -7,7 +7,3 @@ resource "google_folder" "my_folder" { display_name = "<%= ctx[:vars]['folder_name'] %>" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" } - -data "google_logging_folder_settings" "settings" { - folder = google_folder.my_folder.folder_id -} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb index dd4b38bde6dd..880339079e2a 100644 --- a/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb +++ b/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb @@ -1,17 +1,4 @@ resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { disable_default_sink = true - kms_key_name = "<%= ctx[:vars]['key_name'] %>" organization = "<%= ctx[:test_env_vars]['org_id'] %>" - storage_location = "us-central1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] } - -data "google_logging_organization_settings" "settings" { - organization = "<%= ctx[:test_env_vars]['org_id'] %>" -} - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "<%= ctx[:vars]['key_name'] %>" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" -} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb index dd4b38bde6dd..f226e1bc55f0 100644 --- a/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb +++ b/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb @@ -1,17 +1,4 @@ resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { - disable_default_sink = true - kms_key_name = "<%= ctx[:vars]['key_name'] %>" - organization = "<%= ctx[:test_env_vars]['org_id'] %>" - storage_location = "us-central1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] + organization = "<%= ctx[:test_env_vars]['org_id'] %>" + storage_location = "us-central1" } - -data "google_logging_organization_settings" "settings" { - organization = "<%= ctx[:test_env_vars]['org_id'] %>" -} - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "<%= ctx[:vars]['key_name'] %>" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" -} \ No newline at end of file From 28c0e4497785d06cdc444a7928d31dd8dedebafc Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Tue, 12 Dec 2023 10:49:16 -0800 Subject: [PATCH 11/13] Simplify tests to be one full resource creation and one update. --- mmv1/products/logging/FolderSettings.yaml | 24 ------------------- .../logging/OrganizationSettings.yaml | 20 +--------------- .../logging_folder_settings_only_cmek.tf.erb | 21 ---------------- ...older_settings_only_disable_default.tf.erb | 9 ------- ...gging_folder_settings_only_location.tf.erb | 9 ------- ...ing_organization_settings_only_cmek.tf.erb | 17 ------------- ...ation_settings_only_disable_default.tf.erb | 4 ---- ...organization_settings_only_location.tf.erb | 4 ---- .../resource_logging_folder_settings_test.go | 22 ++++------------- ...urce_logging_organization_settings_test.go | 18 ++------------ 10 files changed, 7 insertions(+), 141 deletions(-) delete mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb delete mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb delete mode 100644 mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb delete mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb delete mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb delete mode 100644 mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb diff --git a/mmv1/products/logging/FolderSettings.yaml b/mmv1/products/logging/FolderSettings.yaml index 0ee13707e15e..8cd0f8f3b5c7 100644 --- a/mmv1/products/logging/FolderSettings.yaml +++ b/mmv1/products/logging/FolderSettings.yaml @@ -43,30 +43,6 @@ examples: org_id: :ORG_ID test_vars_overrides: key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - - !ruby/object:Provider::Terraform::Examples - name: "logging_folder_settings_only_cmek" - primary_resource_id: "example" - vars: - key_name: "kms-key" - folder_name: "folder-name" - test_env_vars: - org_id: :ORG_ID - test_vars_overrides: - key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - - !ruby/object:Provider::Terraform::Examples - name: "logging_folder_settings_only_location" - primary_resource_id: "example" - vars: - folder_name: "folder-name" - test_env_vars: - org_id: :ORG_ID - - !ruby/object:Provider::Terraform::Examples - name: "logging_folder_settings_only_disable_default" - primary_resource_id: "example" - vars: - folder_name: "folder-name" - test_env_vars: - org_id: :ORG_ID parameters: - !ruby/object:Api::Type::String name: 'folder' diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index 18e6b50e3b81..eb1a3b77c074 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -35,31 +35,13 @@ examples: - !ruby/object:Provider::Terraform::Examples name: "logging_organization_settings_all" primary_resource_id: "example" + skip_test: true vars: key_name: "kms-key" test_env_vars: org_id: :ORG_TARGET test_vars_overrides: key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - - !ruby/object:Provider::Terraform::Examples - name: "logging_organization_settings_only_cmek" - primary_resource_id: "example" - vars: - key_name: "kms-key" - test_env_vars: - org_id: :ORG_TARGET - test_vars_overrides: - key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' - - !ruby/object:Provider::Terraform::Examples - name: "logging_organization_settings_only_location" - primary_resource_id: "example" - test_env_vars: - org_id: :ORG_TARGET - - !ruby/object:Provider::Terraform::Examples - name: "logging_organization_settings_only_disable_default" - primary_resource_id: "example" - test_env_vars: - org_id: :ORG_TARGET parameters: - !ruby/object:Api::Type::String name: 'organization' diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb deleted file mode 100644 index 530e5fa67e86..000000000000 --- a/mmv1/templates/terraform/examples/logging_folder_settings_only_cmek.tf.erb +++ /dev/null @@ -1,21 +0,0 @@ -resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { - folder = google_folder.my_folder.folder_id - kms_key_name = "<%= ctx[:vars]['key_name'] %>" - storage_location = "us-central1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] -} - -resource "google_folder" "my_folder" { - display_name = "<%= ctx[:vars]['folder_name'] %>" - parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" -} - -data "google_logging_folder_settings" "settings" { - folder = google_folder.my_folder.folder_id -} - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "<%= ctx[:vars]['key_name'] %>" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" -} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb deleted file mode 100644 index 0345d4564a5f..000000000000 --- a/mmv1/templates/terraform/examples/logging_folder_settings_only_disable_default.tf.erb +++ /dev/null @@ -1,9 +0,0 @@ -resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { - folder = google_folder.my_folder.folder_id - disable_default_sink = true -} - -resource "google_folder" "my_folder" { - display_name = "<%= ctx[:vars]['folder_name'] %>" - parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" -} diff --git a/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb deleted file mode 100644 index 5d498aedfa3f..000000000000 --- a/mmv1/templates/terraform/examples/logging_folder_settings_only_location.tf.erb +++ /dev/null @@ -1,9 +0,0 @@ -resource "google_logging_folder_settings" "<%= ctx[:primary_resource_id] %>" { - folder = google_folder.my_folder.folder_id - storage_location = "us-central1" -} - -resource "google_folder" "my_folder" { - display_name = "<%= ctx[:vars]['folder_name'] %>" - parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" -} diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb deleted file mode 100644 index dd4b38bde6dd..000000000000 --- a/mmv1/templates/terraform/examples/logging_organization_settings_only_cmek.tf.erb +++ /dev/null @@ -1,17 +0,0 @@ -resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { - disable_default_sink = true - kms_key_name = "<%= ctx[:vars]['key_name'] %>" - organization = "<%= ctx[:test_env_vars]['org_id'] %>" - storage_location = "us-central1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] -} - -data "google_logging_organization_settings" "settings" { - organization = "<%= ctx[:test_env_vars]['org_id'] %>" -} - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "<%= ctx[:vars]['key_name'] %>" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" -} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb deleted file mode 100644 index 880339079e2a..000000000000 --- a/mmv1/templates/terraform/examples/logging_organization_settings_only_disable_default.tf.erb +++ /dev/null @@ -1,4 +0,0 @@ -resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { - disable_default_sink = true - organization = "<%= ctx[:test_env_vars]['org_id'] %>" -} diff --git a/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb b/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb deleted file mode 100644 index f226e1bc55f0..000000000000 --- a/mmv1/templates/terraform/examples/logging_organization_settings_only_location.tf.erb +++ /dev/null @@ -1,4 +0,0 @@ -resource "google_logging_organization_settings" "<%= ctx[:primary_resource_id] %>" { - organization = "<%= ctx[:test_env_vars]['org_id'] %>" - storage_location = "us-central1" -} diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go index 3ada4aa25687..e88dc0d529a5 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_folder_settings_test.go @@ -24,7 +24,7 @@ func TestAccLoggingFolderSettings_update(t *testing.T) { ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), Steps: []resource.TestStep{ { - Config: testAccLoggingFolderSettings_full(context), + Config: testAccLoggingFolderSettings_onlyRequired(context), }, { ResourceName: "google_logging_folder_settings.example", @@ -33,7 +33,7 @@ func TestAccLoggingFolderSettings_update(t *testing.T) { ImportStateVerifyIgnore: []string{"folder"}, }, { - Config: testAccLoggingFolderSettings_update(context), + Config: testAccLoggingFolderSettings_full(context), }, { ResourceName: "google_logging_folder_settings.example", @@ -72,29 +72,15 @@ resource "google_kms_crypto_key_iam_member" "iam" { `, context) } -func testAccLoggingFolderSettings_update(context map[string]interface{}) string { +func testAccLoggingFolderSettings_onlyRequired(context map[string]interface{}) string { return acctest.Nprintf(` resource "google_logging_folder_settings" "example" { - disable_default_sink = false - folder = google_folder.my_folder.folder_id - kms_key_name = "%{updated_key}" - storage_location = "us-east1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] + folder = google_folder.my_folder.folder_id } resource "google_folder" "my_folder" { display_name = "tf-test-folder-%{random_suffix}" parent = "organizations/%{org_id}" } - -data "google_logging_folder_settings" "settings" { - folder = google_folder.my_folder.folder_id -} - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "%{updated_key}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_folder_settings.settings.kms_service_account_id}" -} `, context) } diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go index da8d50ee1ece..e1bf2d79db0d 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go @@ -22,7 +22,7 @@ func TestAccLoggingOrganizationSettings_update(t *testing.T) { ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), Steps: []resource.TestStep{ { - Config: testAccLoggingOrganizationSettings_full(context), + Config: testAccLoggingOrganizationSettings_onlyRequired(context), }, { ResourceName: "google_logging_organization_settings.example", @@ -31,7 +31,7 @@ func TestAccLoggingOrganizationSettings_update(t *testing.T) { ImportStateVerifyIgnore: []string{"organization"}, }, { - Config: testAccLoggingOrganizationSettings_update(context), + Config: testAccLoggingOrganizationSettings_full(context), }, { ResourceName: "google_logging_organization_settings.example", @@ -68,21 +68,7 @@ resource "google_kms_crypto_key_iam_member" "iam" { func testAccLoggingOrganizationSettings_update(context map[string]interface{}) string { return acctest.Nprintf(` resource "google_logging_organization_settings" "example" { - disable_default_sink = true - kms_key_name = "%{updated_key}" - organization = "%{org_id}" - storage_location = "us-east1" - depends_on = [ google_kms_crypto_key_iam_member.iam ] -} - -data "google_logging_organization_settings" "settings" { organization = "%{org_id}" } - -resource "google_kms_crypto_key_iam_member" "iam" { - crypto_key_id = "%{updated_key}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_logging_organization_settings.settings.kms_service_account_id}" -} `, context) } From f8dc04c99fc6de08279e3bb2f3ce74851a7355c8 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Tue, 12 Dec 2023 11:22:00 -0800 Subject: [PATCH 12/13] Fix typo in test --- .../logging/resource_logging_organization_settings_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go index e1bf2d79db0d..ce2896c4e181 100644 --- a/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go +++ b/mmv1/third_party/terraform/services/logging/resource_logging_organization_settings_test.go @@ -65,7 +65,7 @@ resource "google_kms_crypto_key_iam_member" "iam" { `, context) } -func testAccLoggingOrganizationSettings_update(context map[string]interface{}) string { +func testAccLoggingOrganizationSettings_onlyRequired(context map[string]interface{}) string { return acctest.Nprintf(` resource "google_logging_organization_settings" "example" { organization = "%{org_id}" From f2903fcc675c197c5e66fbcb1011604743d619e5 Mon Sep 17 00:00:00 2001 From: Zach Berger Date: Wed, 13 Dec 2023 09:23:04 -0800 Subject: [PATCH 13/13] Document and cleanup example. --- mmv1/products/logging/OrganizationSettings.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mmv1/products/logging/OrganizationSettings.yaml b/mmv1/products/logging/OrganizationSettings.yaml index eb1a3b77c074..cf5acbabb4eb 100644 --- a/mmv1/products/logging/OrganizationSettings.yaml +++ b/mmv1/products/logging/OrganizationSettings.yaml @@ -35,13 +35,12 @@ examples: - !ruby/object:Provider::Terraform::Examples name: "logging_organization_settings_all" primary_resource_id: "example" + # Covered by update test. skip_test: true vars: key_name: "kms-key" test_env_vars: org_id: :ORG_TARGET - test_vars_overrides: - key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' parameters: - !ruby/object:Api::Type::String name: 'organization'