IAM resources for KMS KeyRIng and CryptoKey

[tragiclifestories]

Resolves #762. Many thanks to @rosbo for making it much easier to add this sort of thing.

[rosbo]

Thanks. A few comments and are good to merge

[rosbo]

Consider extracting the conversion logic in a function and reuse it for the keys and the rings. See:
https://github.com/terraform-providers/terraform-provider-google/blob/master/google/iam_folder.go#L85

[rosbo]

You can remove this comment, it only applies to organizations. We cannot create organization on-the-fly the same way we create a different crypto key for each test.

You can split the iam_member test from the iam_binding test. Since a different crypto key is created for each, there won't be concurrent update of the IAM policy between the tests.

I envision two tests: TestAccGoogleKmsCryptoKeyIamMember and TestAccGoogleKmsCryptoKeyIamBinding. You can also put them in two separate test files.

[rosbo]

Same comment than for crypto keys

[rosbo]

You have to update also the website/google.erb file to add an entry in the left menu panel

[tragiclifestories]

Added. There are now enough KMS resources in there that it might be a good idea to pull out another submenu - what do you think?

Also, how exactly do I build these docs? I'm basically slamming changes in there and hoping it works at this point ...

[rosbo]

I am planning on reorganizing the docs around IAM next week. I want to discuss it with @paddycarver and @danawillow first. I would say for now it is fine the way you did it.

About building the docs, @paddycarver do we have documentation somewhere about how to easily build the docs?

[rosbo]

@tragiclifestories The documentation on how to build the website is there:
https://github.com/hashicorp/terraform-website

[rosbo]

No doc entry for the member resource?

[tragiclifestories]

They''re in now.

[tragiclifestories]

Thanks. Extra Todo so I remember tomorrow - the tests need to run in their own project so the created resources can be cleaned up after (keyrings etc are immutable).

[tragiclifestories]

I haven't actually been able to run the latest version of the acceptance tests as GCP will not allow me to create any more projects. If someone could fire off a test run when they have a moment, that would be just ducky - I do not anticipate that they will fail, but it's possible that I haven't got all the needed services enabled in the configs.

[rosbo]

All tests are passing.

--- PASS: TestAccGoogleKmsCryptoKeyIamBinding (86.97s)
--- PASS: TestAccGoogleKmsCryptoKeyIamMember (82.93s)
--- PASS: TestAccGoogleKmsKeyRingIamMember (79.73s)
--- PASS: TestAccGoogleKmsKeyRingIamBinding (88.74s)

[tragiclifestories]

Thanks man.

…

On Tue, 28 Nov 2017, 00:23 Vincent Roseberry, ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In website/docs/r/google_kms_crypto_key_iam_binding.html.markdown <#781 (comment)> : > @@ -0,0 +1,47 @@ +--- @tragiclifestories <https://github.com/tragiclifestories> The documentation on how to build the website is there: https://github.com/hashicorp/terraform-website — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#781 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACLeSpsBPMIcR07n2LX1WATA2JDQU194ks5s60RbgaJpZM4Qnjdl> .

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!