public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-06-29 06:42:36 +00:00
Code Issues Projects Releases Wiki Activity

Data Sources for KMS Key Ring and Key (#2891)

Browse Source 
<!-- This change is generated by MagicModules. -->
/cc @kierachell
This commit is contained in:
The Magician 2019-01-17 16:12:22 -08:00 committed by Chris Stephens
parent b2142b4bcc
commit 30fe927df6
10 changed files with 270 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
google/data_source_google_kms_crypto_key.go Normal file
View File

@ -0,0 +1,35 @@
package google
import (
"github.com/hashicorp/terraform/helper/schema"
)
func dataSourceGoogleKmsCryptoKey() *schema.Resource {
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsCryptoKey().Schema)
addRequiredFieldsToSchema(dsSchema, "name")
addRequiredFieldsToSchema(dsSchema, "key_ring")
return &schema.Resource{
Read: dataSourceGoogleKmsCryptoKeyRead,
Schema: dsSchema,
}
}
func dataSourceGoogleKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
keyRingId, err := parseKmsKeyRingId(d.Get("key_ring").(string), config)
if err != nil {
return err
}
cryptoKeyId := kmsCryptoKeyId{
KeyRingId: *keyRingId,
Name: d.Get("name").(string),
}
d.SetId(cryptoKeyId.cryptoKeyId())
return resourceKmsCryptoKeyRead(d, meta)
}

43
google/data_source_google_kms_crypto_key_test.go Normal file
View File

@ -0,0 +1,43 @@
package google
import (
"fmt"
"regexp"
"strings"
"testing"
"github.com/hashicorp/terraform/helper/resource"
)
func TestAccDataSourceGoogleKmsCryptoKey_basic(t *testing.T) {
kms := BootstrapKMSKey(t)
// Name in the KMS client is in the format projects/<project>/locations/<location>/keyRings/<keyRingName>/cryptoKeys/<keyId>
keyParts := strings.Split(kms.CryptoKey.Name, "/")
cryptoKeyId := keyParts[len(keyParts)-1]
fmt.Println(testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId),
Check: resource.TestMatchResourceAttr("data.google_kms_crypto_key.kms_crypto_key", "self_link", regexp.MustCompile(kms.CryptoKey.Name)),
},
},
})
}
/*
This test should run in its own project, because KMS key rings and crypto keys are not deletable
*/
func testAccDataSourceGoogleKmsCryptoKey_basic(keyRingName, cryptoKeyName string) string {
return fmt.Sprintf(`
data "google_kms_crypto_key" "kms_crypto_key" {
key_ring = "%s"
name = "%s"
}
`, keyRingName, cryptoKeyName)
}

35
google/data_source_google_kms_key_ring.go Normal file
View File

@ -0,0 +1,35 @@
package google
import (
"github.com/hashicorp/terraform/helper/schema"
)
func dataSourceGoogleKmsKeyRing() *schema.Resource {
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsKeyRing().Schema)
addRequiredFieldsToSchema(dsSchema, "name")
addRequiredFieldsToSchema(dsSchema, "location")
addOptionalFieldsToSchema(dsSchema, "project")
return &schema.Resource{
Read: dataSourceGoogleKmsKeyRingRead,
Schema: dsSchema,
}
}
func dataSourceGoogleKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
if err != nil {
return err
}
keyRingId := kmsKeyRingId{
Name: d.Get("name").(string),
Location: d.Get("location").(string),
Project: project,
}
d.SetId(keyRingId.terraformId())
return resourceKmsKeyRingRead(d, meta)
}

41
google/data_source_google_kms_key_ring_test.go Normal file
View File

@ -0,0 +1,41 @@
package google
import (
"fmt"
"regexp"
"strings"
"testing"
"github.com/hashicorp/terraform/helper/resource"
)
func TestAccDataSourceGoogleKmsKeyRing_basic(t *testing.T) {
kms := BootstrapKMSKey(t)
keyParts := strings.Split(kms.KeyRing.Name, "/")
keyRingId := keyParts[len(keyParts)-1]
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceGoogleKmsKeyRing_basic(keyRingId),
Check: resource.TestMatchResourceAttr("data.google_kms_key_ring.kms_key_ring", "self_link", regexp.MustCompile(kms.KeyRing.Name)),
},
},
})
}
/*
This test should run in its own project, because keys and key rings are not deletable
*/
func testAccDataSourceGoogleKmsKeyRing_basic(keyRingName string) string {
return fmt.Sprintf(`
data "google_kms_key_ring" "kms_key_ring" {
name = "%s"
location = "global"
}
`, keyRingName)
}

2
google/provider.go
View File

@ -100,6 +100,8 @@ func Provider() terraform.ResourceProvider {
"google_iam_policy": dataSourceGoogleIamPolicy(),
"google_iam_role": dataSourceGoogleIamRole(),
"google_kms_secret": dataSourceGoogleKmsSecret(),
"google_kms_key_ring": dataSourceGoogleKmsKeyRing(),
"google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(),
"google_folder": dataSourceGoogleFolder(),
"google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(),
"google_organization": dataSourceGoogleOrganization(),

52
website/docs/d/google_kms_crypto_key.html.markdown Normal file
View File

@ -0,0 +1,52 @@
---
layout: "google"
page_title: "Google: google_kms_crypto_key"
sidebar_current: "docs-google-datasource-kms-crypto-key"
description: |-
Provides access to KMS key data with Google Cloud KMS.
---
# google\_kms\_crypto\_key
Provides access to a Google Cloud Platform KMS CryptoKey. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
Google Cloud KMS KeyRing.
## Example Usage
```hcl
data "google_kms_key_ring" "my_key_ring" {
name = "my-key-ring"
location = "us-central1"
}
data "google_kms_crypto_key" "my_crypto_key" {
name = "my-crypto-key"
key_ring = "${data.google_kms_key_ring.my_key_ring.self_link}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The CryptoKey's name.
A CryptoKeys name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
* `key_ring` - (Required) The `self_link` of the Google Cloud Platform KeyRing to which the key belongs.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `rotation_period` - Every time this period passes, generate a new CryptoKeyVersion and set it as
the primary. The first rotation will take place after the specified period. The rotation period has the format
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
* `self_link` - The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.

48
website/docs/d/google_kms_key_ring.html.markdown Normal file
View File

@ -0,0 +1,48 @@
---
layout: "google"
page_title: "Google: google_kms_key_ring"
sidebar_current: "docs-google-datasource-kms-key-ring"
description: |-
Provides access to KMS key ring data with Google Cloud KMS.
---
# google\_kms\_key\_ring
Provides access to Google Cloud Platform KMS KeyRing. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project
and resides in a specific location.
## Example Usage
```hcl
data "google_kms_key_ring" "my_key_ring" {
name = "my-key-ring"
location = "us-central1"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The KeyRing's name.
A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
* `location` - (Required) The Google Cloud Platform location for the KeyRing.
A full list of valid locations can be found by running `gcloud kms locations list`.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.

4
website/docs/r/google_kms_crypto_key.html.markdown
View File

@ -9,7 +9,7 @@ description: |-
# google\_kms\_crypto\_key
Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#cryptokey)
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
@ -59,7 +59,7 @@ The following arguments are supported:
the primary. The first rotation will take place after the specified period. The rotation period has the format
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
a day (ie, 86400).
* `version_template` - (Optional) A template describing settings for new crypto key versions. Structure is documented below.
---

4
website/docs/r/google_kms_key_ring.html.markdown
View File

@ -9,8 +9,8 @@ description: |-
# google\_kms\_key\_ring
Allows creation of a Google Cloud Platform KMS KeyRing. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#keyring)
and
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project

14
website/google.erb
View File

@ -112,13 +112,19 @@
<a href="/docs/providers/google/d/google_folder.html">google_folder</a>
</li>
<li<%= sidebar_current("docs-google-datasource-iam-policy") %>>
<a href="/docs/providers/google/d/google_iam_policy.html">google_iam_policy</a>
<a href="/docs/providers/google/d/google_iam_policy.html">google_iam_policy</a>
</li>
<li<%= sidebar_current("docs-google-datasource-iam-role") %>>
<a href="/docs/providers/google/d/datasource_google_iam_role.html">google_iam_role</a>
</li>
<li<%= sidebar_current("docs-google-datasource-kms-key-ring") %>>
<a href="/docs/providers/google/d/google_kms_key_ring.html">google_kms_key_ring</a>
</li>
<li<%= sidebar_current("docs-google-datasource-kms-crypto-key") %>>
<a href="/docs/providers/google/d/google_kms_crypto_key.html">google_kms_crypto_key</a>
</li>
<li<%= sidebar_current("docs-google-kms-secret") %>>
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
</li>
<li<%= sidebar_current("docs-google-datasource-netblock-ip-ranges") %>>
<a href="/docs/providers/google/d/datasource_google_netblock_ip_ranges.html">google_netblock_ip_ranges</a>
@ -127,10 +133,10 @@
<a href="/docs/providers/google/d/google_organization.html">google_organization</a>
</li>
<li<%= sidebar_current("docs-google-datasource-project") %>>
<a href="/docs/providers/google/d/google_project.html">google_project</a>
<a href="/docs/providers/google/d/google_project.html">google_project</a>
</li>
<li<%= sidebar_current("docs-google-datasource-service-account") %>>
<a href="/docs/providers/google/d/datasource_google_service_account.html">google_service_account</a>
<a href="/docs/providers/google/d/datasource_google_service_account.html">google_service_account</a>
</li>
<li<%= sidebar_current("docs-google-datasource-service-account-key") %>>
<a href="/docs/providers/google/d/datasource_google_service_account_key.html">google_service_account_key</a>