Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paddy drop pgp key #2680

Merged
merged 5 commits into from
Nov 14, 2019
Merged

Paddy drop pgp key #2680

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b502be4
Drop pgp_key.
paddycarver Nov 12, 2019
7b4e255
Remove website docs.
paddycarver Nov 12, 2019
3164ec5
Remove extra pgp_key fields.
paddycarver Nov 13, 2019
3b8b874
Drop unused constant.
paddycarver Nov 13, 2019
b9e4f3f
Update tracked submodules -> HEAD on Wed Nov 13 23:59:39 UTC 2019
modular-magician Nov 13, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/terraform
Open in desktop
Submodule terraform updated from 4b6171 to ef9af1
2 changes: 1 addition & 1 deletion build/terraform-beta
Open in desktop
Submodule terraform-beta updated from c4c149 to 7eb717
28 changes: 7 additions & 21 deletions third_party/terraform/resources/resource_google_service_account_key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"fmt"
"log"

"github.com/hashicorp/terraform-plugin-sdk/helper/encryption"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"google.golang.org/api/iam/v1"
Expand All @@ -31,10 +30,10 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
ValidateFunc: validation.StringInSlice([]string{"KEY_ALG_UNSPECIFIED", "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048"}, false),
},
"pgp_key": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Deprecated: "The pgp_key field has been deprecated and support for encrypting values in state will be removed in version 3.0.0. See https://www.terraform.io/docs/extend/best-practices/sensitive-state.html for more information.",
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Removed: "The pgp_key field has been removed. See https://www.terraform.io/docs/extend/best-practices/sensitive-state.html for more information.",
},
"private_key_type": {
Type: schema.TypeString,
Expand Down Expand Up @@ -77,10 +76,12 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
"private_key_encrypted": {
Type: schema.TypeString,
Computed: true,
Removed: "The private_key_encrypted field has been removed. See https://www.terraform.io/docs/extend/best-practices/sensitive-state.html for more information.",
},
"private_key_fingerprint": {
Type: schema.TypeString,
Computed: true,
Removed: "The private_key_fingerprint field has been removed. See https://www.terraform.io/docs/extend/best-practices/sensitive-state.html for more information.",
},
},
}
Expand Down Expand Up @@ -108,22 +109,7 @@ func resourceGoogleServiceAccountKeyCreate(d *schema.ResourceData, meta interfac
// Data only available on create.
d.Set("valid_after", sak.ValidAfterTime)
d.Set("valid_before", sak.ValidBeforeTime)
if v, ok := d.GetOk("pgp_key"); ok {
encryptionKey, err := encryption.RetrieveGPGKey(v.(string))
if err != nil {
return err
}

fingerprint, encrypted, err := encryption.EncryptValue(encryptionKey, sak.PrivateKeyData, "Google Service Account Key")
if err != nil {
return err
}

d.Set("private_key_encrypted", encrypted)
d.Set("private_key_fingerprint", fingerprint)
} else {
d.Set("private_key", sak.PrivateKeyData)
}
d.Set("private_key", sak.PrivateKeyData)

err = serviceAccountKeyWaitTime(config.clientIAM.Projects.ServiceAccounts.Keys, d.Id(), d.Get("public_key_type").(string), "Creating Service account key", 4)
if err != nil {
Expand Down
66 changes: 0 additions & 66 deletions third_party/terraform/tests/resource_google_service_account_key_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,28 +58,6 @@ func TestAccServiceAccountKey_fromEmail(t *testing.T) {
})
}

func TestAccServiceAccountKey_pgp(t *testing.T) {
t.Parallel()
resourceName := "google_service_account_key.acceptance"
accountID := "a" + acctest.RandString(10)
displayName := "Terraform Test"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccServiceAccountKey_pgp(accountID, displayName, testKeyPairPubKey1),
Check: resource.ComposeTestCheckFunc(
testAccCheckGoogleServiceAccountKeyExists(resourceName),
resource.TestCheckResourceAttrSet(resourceName, "public_key"),
resource.TestCheckResourceAttrSet(resourceName, "private_key_encrypted"),
resource.TestCheckResourceAttrSet(resourceName, "private_key_fingerprint"),
),
},
},
})
}

func testAccCheckGoogleServiceAccountKeyExists(r string) resource.TestCheckFunc {
return func(s *terraform.State) error {

Expand Down Expand Up @@ -129,47 +107,3 @@ resource "google_service_account_key" "acceptance" {
}
`, account, name)
}

func testAccServiceAccountKey_pgp(account, name string, key string) string {
return fmt.Sprintf(`
resource "google_service_account" "acceptance" {
account_id = "%s"
display_name = "%s"
}

resource "google_service_account_key" "acceptance" {
service_account_id = "${google_service_account.acceptance.name}"
public_key_type = "TYPE_X509_PEM_FILE"
pgp_key = <<EOF
%s
EOF
}
`, account, name, key)
}

const testKeyPairPubKey1 = `mQENBFXbjPUBCADjNjCUQwfxKL+RR2GA6pv/1K+zJZ8UWIF9S0lk7cVIEfJiprzzwiMwBS5cD0da
rGin1FHvIWOZxujA7oW0O2TUuatqI3aAYDTfRYurh6iKLC+VS+F7H+/mhfFvKmgr0Y5kDCF1j0T/
063QZ84IRGucR/X43IY7kAtmxGXH0dYOCzOe5UBX1fTn3mXGe2ImCDWBH7gOViynXmb6XNvXkP0f
sF5St9jhO7mbZU9EFkv9O3t3EaURfHopsCVDOlCkFCw5ArY+DUORHRzoMX0PnkyQb5OzibkChzpg
8hQssKeVGpuskTdz5Q7PtdW71jXd4fFVzoNH8fYwRpziD2xNvi6HABEBAAG0EFZhdWx0IFRlc3Qg
S2V5IDGJATgEEwECACIFAlXbjPUCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOfLr44B
HbeTo+sH/i7bapIgPnZsJ81hmxPj4W12uvunksGJiC7d4hIHsG7kmJRTJfjECi+AuTGeDwBy84TD
cRaOB6e79fj65Fg6HgSahDUtKJbGxj/lWzmaBuTzlN3CEe8cMwIPqPT2kajJVdOyrvkyuFOdPFOE
A7bdCH0MqgIdM2SdF8t40k/ATfuD2K1ZmumJ508I3gF39jgTnPzD4C8quswrMQ3bzfvKC3klXRlB
C0yoArn+0QA3cf2B9T4zJ2qnvgotVbeK/b1OJRNj6Poeo+SsWNc/A5mw7lGScnDgL3yfwCm1gQXa
QKfOt5x+7GqhWDw10q+bJpJlI10FfzAnhMF9etSqSeURBRW5AQ0EVduM9QEIAL53hJ5bZJ7oEDCn
aY+SCzt9QsAfnFTAnZJQrvkvusJzrTQ088eUQmAjvxkfRqnv981fFwGnh2+I1Ktm698UAZS9Jt8y
jak9wWUICKQO5QUt5k8cHwldQXNXVXFa+TpQWQR5yW1a9okjh5o/3d4cBt1yZPUJJyLKY43Wvptb
6EuEsScO2DnRkh5wSMDQ7dTooddJCmaq3LTjOleRFQbu9ij386Do6jzK69mJU56TfdcydkxkWF5N
ZLGnED3lq+hQNbe+8UI5tD2oP/3r5tXKgMy1R/XPvR/zbfwvx4FAKFOP01awLq4P3d/2xOkMu4Lu
9p315E87DOleYwxk+FoTqXEAEQEAAYkCPgQYAQIACQUCVduM9QIbLgEpCRDny6+OAR23k8BdIAQZ
AQIABgUCVduM9QAKCRAID0JGyHtSGmqYB/4m4rJbbWa7dBJ8VqRU7ZKnNRDR9CVhEGipBmpDGRYu
lEimOPzLUX/ZXZmTZzgemeXLBaJJlWnopVUWuAsyjQuZAfdd8nHkGRHG0/DGum0l4sKTta3OPGHN
C1z1dAcQ1RCr9bTD3PxjLBczdGqhzw71trkQRBRdtPiUchltPMIyjUHqVJ0xmg0hPqFic0fICsr0
YwKoz3h9+QEcZHvsjSZjgydKvfLYcm+4DDMCCqcHuJrbXJKUWmJcXR0y/+HQONGrGJ5xWdO+6eJi
oPn2jVMnXCm4EKc7fcLFrz/LKmJ8seXhxjM3EdFtylBGCrx3xdK0f+JDNQaC/rhUb5V2XuX6VwoH
/AtY+XsKVYRfNIupLOUcf/srsm3IXT4SXWVomOc9hjGQiJ3rraIbADsc+6bCAr4XNZS7moViAAcI
PXFv3m3WfUlnG/om78UjQqyVACRZqqAGmuPq+TSkRUCpt9h+A39LQWkojHqyob3cyLgy6z9Q557O
9uK3lQozbw2gH9zC0RqnePl+rsWIUU/ga16fH6pWc1uJiEBt8UZGypQ/E56/343epmYAe0a87sHx
8iDV+dNtDVKfPRENiLOOc19MmS+phmUyrbHqI91c0pmysYcJZCD3a502X1gpjFbPZcRtiTmGnUKd
OIu60YPNE4+h7u2CfYyFPu3AlUaGNMBlvy6PEpU=`
19 changes: 1 addition & 18 deletions third_party/terraform/website/docs/r/google_service_account_key.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,6 @@ Valid values are listed at

* `private_key_type` (Optional) The output format of the private key. TYPE_GOOGLE_CREDENTIALS_FILE is the default output format.

* `pgp_key` – (Optional, Deprecated) An optional PGP key to encrypt the resulting private
key material. Only used when creating or importing a new key pair. May either be
a base64-encoded public key or a `keybase:keybaseusername` string for looking up
in Vault.

~> **NOTE:** The pgp_key field has been deprecated and support for encrypting values in state will be removed in version 3.0.0.
See https://www.terraform.io/docs/extend/best-practices/sensitive-state.html for more information.


## Attributes Reference

The following attributes are exported in addition to the arguments listed above:
Expand All @@ -97,15 +88,7 @@ The following attributes are exported in addition to the arguments listed above:
* `public_key` - The public key, base64 encoded

* `private_key` - The private key in JSON format, base64 encoded. This is what you normally get as a file when creating
service account keys through the CLI or web console. This is only populated when creating a new key, and when no
`pgp_key` is provided.

* `private_key_encrypted` – The private key material, base 64 encoded and
encrypted with the given `pgp_key`. This is only populated when creating a new
key and `pgp_key` is supplied

* `private_key_fingerprint` - The MD5 public key fingerprint for the encrypted
private key. This is only populated when creating a new key and `pgp_key` is supplied
service account keys through the CLI or web console. This is only populated when creating a new key.

* `valid_after` - The key can be used after this timestamp. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

Expand Down