forked from GoogleCloudPlatform/magic-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add support for netapp KMS_config(GoogleCloudPlatform#9353)
* KMS_config_first_commit * kmscommit for author change * Updated label to KeyValueLabels * kmsconfig_update_key_ring_crypto_key_name * Fixed issues in resource_netapp_kmsconfig_test.go * removed roation_period * changed location to us-west1 * fixed double quotes * changes_with_labels * changed location to us-central1
- Loading branch information
1 parent
af1e211
commit 8de2608
Showing
4 changed files
with
236 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
# Copyright 2023 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- | ||
!ruby/object:Api::Resource # API resource name | ||
name: "kmsconfig" | ||
description: | | ||
NetApp Volumes always encrypts your data at rest using volume-specific keys. | ||
A CMEK policy (customer-managed encryption key) warps such volume-specific keys in a key stored in Cloud Key Management Service (KMS). | ||
references: !ruby/object:Api::Resource::ReferenceLinks | ||
guides: | ||
# Link to quickstart in the API's Guides section. For example: | ||
# 'Create and connect to a database': 'https://cloud.google.com/alloydb/docs/quickstart/create-and-connect' | ||
"Documentation": "https://cloud.google.com/netapp/volumes/docs/configure-and-use/cmek/cmek-overview" | ||
# Link to the REST API reference for the resource. For example, | ||
api: "https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.kmsConfigs" | ||
base_url: projects/{{project}}/locations/{{location}}/kmsConfigs | ||
self_link: projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}} | ||
create_url: projects/{{project}}/locations/{{location}}/kmsConfigs?kmsConfigId={{name}} | ||
update_url: projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}} | ||
update_verb: :PATCH | ||
update_mask: true | ||
autogen_async: true | ||
|
||
async: !ruby/object:Api::OpAsync | ||
# Overrides which API calls return operations. Default: ['create', | ||
# 'update', 'delete'] | ||
# actions: ['create', 'update', 'delete'] | ||
operation: !ruby/object:Api::OpAsync::Operation | ||
base_url: "{{op_id}}" | ||
custom_code: !ruby/object:Provider::Terraform::CustomCode | ||
post_create: templates/terraform/post_create/KMS_Verify.go.erb | ||
|
||
id_format: "projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}" | ||
import_format: | ||
["projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}"] | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: "location" | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
Name of the policy location. CMEK policies apply to the whole region. | ||
- !ruby/object:Api::Type::String # OK: This needs to be 'name' IMHO | ||
name: "name" | ||
description: | | ||
Name of the CMEK policy. | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: "kmsConfig_create" | ||
primary_resource_id: "kmsConfig" | ||
vars: | ||
kms_name: "kms-test" | ||
key_ring_value: "key-ring" | ||
crypto_name: "crypto-name" | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: "description" | ||
description: | | ||
Description for the CMEK policy. | ||
- !ruby/object:Api::Type::KeyValueLabels | ||
name: "labels" | ||
description: | | ||
Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`. | ||
- !ruby/object:Api::Type::String | ||
name: "cryptoKeyName" | ||
description: | | ||
Resource name of the KMS key to use. Only regional keys are supported. Format: `projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}`. | ||
required: true | ||
- !ruby/object:Api::Type::String | ||
name: "instructions" | ||
description: | | ||
Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access. | ||
To make the policy work, a CMEK policy check is required, which verifies key access. | ||
output: true | ||
|
||
- !ruby/object:Api::Type::String | ||
name: "serviceAccount" | ||
description: | | ||
The Service account which needs to have access to the provided KMS key. | ||
output: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
resource "google_kms_key_ring" "keyring" { | ||
name = "<%= ctx[:vars]['key_ring_value'] %>" | ||
location = "us-central1" | ||
} | ||
|
||
resource "google_kms_crypto_key" "crypto_key" { | ||
name = "<%= ctx[:vars]['crypto_name'] %>" | ||
key_ring = google_kms_key_ring.keyring.id | ||
# rotation_period = "100000s" | ||
} | ||
|
||
resource "google_netapp_kmsconfig" "<%= ctx[:primary_resource_id] %>" { | ||
name = "<%= ctx[:vars]['kms_name'] %>" | ||
description="this is a test description" | ||
crypto_key_name=google_kms_crypto_key.crypto_key.id | ||
location="us-central1" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
url_kms_verify, err := tpgresource.ReplaceVars(d, config, "{{NetappBasePath}}projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}:verify") | ||
if err != nil { | ||
return err | ||
} | ||
|
||
res_kms_verify, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ | ||
Config: config, | ||
Method: "POST", | ||
Project: billingProject, | ||
RawURL: url_kms_verify, | ||
UserAgent: userAgent, | ||
Timeout: d.Timeout(schema.TimeoutCreate), | ||
}) | ||
if err != nil { | ||
return fmt.Errorf("Error verifying kmsconfig: %s", err) | ||
} | ||
log.Printf("[DEBUG] Finished verifying kmsconfig : %#v",res_kms_verify) |
105 changes: 105 additions & 0 deletions
105
mmv1/third_party/terraform/services/netapp/resource_netapp_kmsconfig_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: MPL-2.0 | ||
|
||
// ---------------------------------------------------------------------------- | ||
// | ||
// *** AUTO GENERATED CODE *** Type: MMv1 *** | ||
// | ||
// ---------------------------------------------------------------------------- | ||
// | ||
// This file is automatically generated by Magic Modules and manual | ||
// changes will be clobbered when the file is regenerated. | ||
// | ||
// Please read more about how to change this file in | ||
// .github/CONTRIBUTING.md. | ||
// | ||
// ---------------------------------------------------------------------------- | ||
|
||
package netapp_test | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
|
||
"github.com/hashicorp/terraform-provider-google/google/acctest" | ||
) | ||
|
||
func TestAccNetappkmsconfig_kmsConfigCreateExample_Update(t *testing.T) { | ||
// t.Parallel() | ||
|
||
context := map[string]interface{}{ | ||
"random_suffix": acctest.RandString(t, 10), | ||
} | ||
|
||
acctest.VcrTest(t, resource.TestCase{ | ||
PreCheck: func() { acctest.AccTestPreCheck(t) }, | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), | ||
CheckDestroy: testAccCheckNetappkmsconfigDestroyProducer(t), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNetappkmsconfig_kmsConfigCreateExample_Full(context), | ||
}, | ||
{ | ||
ResourceName: "google_netapp_kmsconfig.kmsConfig", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"}, | ||
}, | ||
{ | ||
Config: testAccNetappkmsconfig_kmsConfigCreateExample_Update(context), | ||
}, | ||
{ | ||
ResourceName: "google_netapp_kmsconfig.kmsConfig", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"}, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccNetappkmsconfig_kmsConfigCreateExample_Full(context map[string]interface{}) string { | ||
return acctest.Nprintf(` | ||
resource "google_kms_key_ring" "keyring" { | ||
name = "tf-test-key-ring%{random_suffix}" | ||
location = "us-central1" | ||
} | ||
resource "google_kms_crypto_key" "crypto_key" { | ||
name = "tf-test-crypto-name%{random_suffix}" | ||
key_ring = google_kms_key_ring.keyring.id | ||
} | ||
resource "google_netapp_kmsconfig" "kmsConfig" { | ||
name = "tf-test-kms-test%{random_suffix}" | ||
description="this is a test description" | ||
crypto_key_name=google_kms_crypto_key.crypto_key.id | ||
location="us-central1" | ||
} | ||
`, context) | ||
} | ||
|
||
func testAccNetappkmsconfig_kmsConfigCreateExample_Update(context map[string]interface{}) string { | ||
return acctest.Nprintf(` | ||
resource "google_kms_key_ring" "keyring" { | ||
name = "tf-test-key-ring%{random_suffix}" | ||
location = "us-central1" | ||
} | ||
resource "google_kms_crypto_key" "crypto_key" { | ||
name = "tf-test-crypto-name%{random_suffix}" | ||
key_ring = google_kms_key_ring.keyring.id | ||
} | ||
resource "google_netapp_kmsconfig" "kmsConfig" { | ||
name = "tf-test-kms-test%{random_suffix}" | ||
description="kmsconfig update" | ||
crypto_key_name=google_kms_crypto_key.crypto_key.id | ||
location="us-central1" | ||
labels = { | ||
"foo": "bar", | ||
} | ||
} | ||
`, context) | ||
} |