-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Data Sources for KMS Key Ring and Key (#2891)
<!-- This change is generated by MagicModules. --> /cc @kierachell
- Loading branch information
1 parent
b2142b4
commit 30fe927
Showing
10 changed files
with
270 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package google | ||
|
|
||
| import ( | ||
| "github.com/hashicorp/terraform/helper/schema" | ||
| ) | ||
|
|
||
| func dataSourceGoogleKmsCryptoKey() *schema.Resource { | ||
| dsSchema := datasourceSchemaFromResourceSchema(resourceKmsCryptoKey().Schema) | ||
| addRequiredFieldsToSchema(dsSchema, "name") | ||
| addRequiredFieldsToSchema(dsSchema, "key_ring") | ||
|
|
||
| return &schema.Resource{ | ||
| Read: dataSourceGoogleKmsCryptoKeyRead, | ||
| Schema: dsSchema, | ||
| } | ||
|
|
||
| } | ||
|
|
||
| func dataSourceGoogleKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error { | ||
| config := meta.(*Config) | ||
|
|
||
| keyRingId, err := parseKmsKeyRingId(d.Get("key_ring").(string), config) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| cryptoKeyId := kmsCryptoKeyId{ | ||
| KeyRingId: *keyRingId, | ||
| Name: d.Get("name").(string), | ||
| } | ||
|
|
||
| d.SetId(cryptoKeyId.cryptoKeyId()) | ||
|
|
||
| return resourceKmsCryptoKeyRead(d, meta) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| package google | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "regexp" | ||
| "strings" | ||
| "testing" | ||
|
|
||
| "github.com/hashicorp/terraform/helper/resource" | ||
| ) | ||
|
|
||
| func TestAccDataSourceGoogleKmsCryptoKey_basic(t *testing.T) { | ||
| kms := BootstrapKMSKey(t) | ||
|
|
||
| // Name in the KMS client is in the format projects/<project>/locations/<location>/keyRings/<keyRingName>/cryptoKeys/<keyId> | ||
| keyParts := strings.Split(kms.CryptoKey.Name, "/") | ||
| cryptoKeyId := keyParts[len(keyParts)-1] | ||
|
|
||
| fmt.Println(testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId)) | ||
|
|
||
| resource.Test(t, resource.TestCase{ | ||
| PreCheck: func() { testAccPreCheck(t) }, | ||
| Providers: testAccProviders, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId), | ||
| Check: resource.TestMatchResourceAttr("data.google_kms_crypto_key.kms_crypto_key", "self_link", regexp.MustCompile(kms.CryptoKey.Name)), | ||
| }, | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| /* | ||
| This test should run in its own project, because KMS key rings and crypto keys are not deletable | ||
| */ | ||
| func testAccDataSourceGoogleKmsCryptoKey_basic(keyRingName, cryptoKeyName string) string { | ||
| return fmt.Sprintf(` | ||
| data "google_kms_crypto_key" "kms_crypto_key" { | ||
| key_ring = "%s" | ||
| name = "%s" | ||
| } | ||
| `, keyRingName, cryptoKeyName) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| package google | ||
|
|
||
| import ( | ||
| "github.com/hashicorp/terraform/helper/schema" | ||
| ) | ||
|
|
||
| func dataSourceGoogleKmsKeyRing() *schema.Resource { | ||
| dsSchema := datasourceSchemaFromResourceSchema(resourceKmsKeyRing().Schema) | ||
| addRequiredFieldsToSchema(dsSchema, "name") | ||
| addRequiredFieldsToSchema(dsSchema, "location") | ||
| addOptionalFieldsToSchema(dsSchema, "project") | ||
|
|
||
| return &schema.Resource{ | ||
| Read: dataSourceGoogleKmsKeyRingRead, | ||
| Schema: dsSchema, | ||
| } | ||
| } | ||
|
|
||
| func dataSourceGoogleKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { | ||
| config := meta.(*Config) | ||
|
|
||
| project, err := getProject(d, config) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| keyRingId := kmsKeyRingId{ | ||
| Name: d.Get("name").(string), | ||
| Location: d.Get("location").(string), | ||
| Project: project, | ||
| } | ||
| d.SetId(keyRingId.terraformId()) | ||
|
|
||
| return resourceKmsKeyRingRead(d, meta) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| package google | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "regexp" | ||
| "strings" | ||
| "testing" | ||
|
|
||
| "github.com/hashicorp/terraform/helper/resource" | ||
| ) | ||
|
|
||
| func TestAccDataSourceGoogleKmsKeyRing_basic(t *testing.T) { | ||
| kms := BootstrapKMSKey(t) | ||
|
|
||
| keyParts := strings.Split(kms.KeyRing.Name, "/") | ||
| keyRingId := keyParts[len(keyParts)-1] | ||
|
|
||
| resource.Test(t, resource.TestCase{ | ||
| PreCheck: func() { testAccPreCheck(t) }, | ||
| Providers: testAccProviders, | ||
| Steps: []resource.TestStep{ | ||
| { | ||
| Config: testAccDataSourceGoogleKmsKeyRing_basic(keyRingId), | ||
| Check: resource.TestMatchResourceAttr("data.google_kms_key_ring.kms_key_ring", "self_link", regexp.MustCompile(kms.KeyRing.Name)), | ||
| }, | ||
| }, | ||
| }) | ||
| } | ||
|
|
||
| /* | ||
| This test should run in its own project, because keys and key rings are not deletable | ||
| */ | ||
| func testAccDataSourceGoogleKmsKeyRing_basic(keyRingName string) string { | ||
| return fmt.Sprintf(` | ||
| data "google_kms_key_ring" "kms_key_ring" { | ||
| name = "%s" | ||
| location = "global" | ||
| } | ||
| `, keyRingName) | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| --- | ||
| layout: "google" | ||
| page_title: "Google: google_kms_crypto_key" | ||
| sidebar_current: "docs-google-datasource-kms-crypto-key" | ||
| description: |- | ||
| Provides access to KMS key data with Google Cloud KMS. | ||
| --- | ||
|
|
||
| # google\_kms\_crypto\_key | ||
|
|
||
| Provides access to a Google Cloud Platform KMS CryptoKey. For more information see | ||
| [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) | ||
| and | ||
| [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys). | ||
|
|
||
| A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a | ||
| Google Cloud KMS KeyRing. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```hcl | ||
| data "google_kms_key_ring" "my_key_ring" { | ||
| name = "my-key-ring" | ||
| location = "us-central1" | ||
| } | ||
| data "google_kms_crypto_key" "my_crypto_key" { | ||
| name = "my-crypto-key" | ||
| key_ring = "${data.google_kms_key_ring.my_key_ring.self_link}" | ||
| } | ||
| ``` | ||
|
|
||
| ## Argument Reference | ||
|
|
||
| The following arguments are supported: | ||
|
|
||
| * `name` - (Required) The CryptoKey's name. | ||
| A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` | ||
|
|
||
| * `key_ring` - (Required) The `self_link` of the Google Cloud Platform KeyRing to which the key belongs. | ||
|
|
||
| ## Attributes Reference | ||
|
|
||
| In addition to the arguments listed above, the following computed attributes are | ||
| exported: | ||
|
|
||
| * `rotation_period` - Every time this period passes, generate a new CryptoKeyVersion and set it as | ||
| the primary. The first rotation will take place after the specified period. The rotation period has the format | ||
| of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). | ||
|
|
||
| * `self_link` - The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| --- | ||
| layout: "google" | ||
| page_title: "Google: google_kms_key_ring" | ||
| sidebar_current: "docs-google-datasource-kms-key-ring" | ||
| description: |- | ||
| Provides access to KMS key ring data with Google Cloud KMS. | ||
| --- | ||
|
|
||
| # google\_kms\_key\_ring | ||
|
|
||
| Provides access to Google Cloud Platform KMS KeyRing. For more information see | ||
| [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) | ||
| and | ||
| [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings). | ||
|
|
||
| A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project | ||
| and resides in a specific location. | ||
|
|
||
| ## Example Usage | ||
|
|
||
| ```hcl | ||
| data "google_kms_key_ring" "my_key_ring" { | ||
| name = "my-key-ring" | ||
| location = "us-central1" | ||
| } | ||
| ``` | ||
|
|
||
| ## Argument Reference | ||
|
|
||
| The following arguments are supported: | ||
|
|
||
| * `name` - (Required) The KeyRing's name. | ||
| A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}` | ||
|
|
||
| * `location` - (Required) The Google Cloud Platform location for the KeyRing. | ||
| A full list of valid locations can be found by running `gcloud kms locations list`. | ||
|
|
||
| - - - | ||
|
|
||
| * `project` - (Optional) The project in which the resource belongs. If it | ||
| is not provided, the provider project is used. | ||
|
|
||
| ## Attributes Reference | ||
|
|
||
| In addition to the arguments listed above, the following computed attributes are | ||
| exported: | ||
|
|
||
| * `self_link` - The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters