diff --git a/google/data_source_google_kms_crypto_key.go b/google/data_source_google_kms_crypto_key.go new file mode 100644 index 00000000..e4f20bf2 --- /dev/null +++ b/google/data_source_google_kms_crypto_key.go @@ -0,0 +1,35 @@ +package google + +import ( + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceGoogleKmsCryptoKey() *schema.Resource { + dsSchema := datasourceSchemaFromResourceSchema(resourceKmsCryptoKey().Schema) + addRequiredFieldsToSchema(dsSchema, "name") + addRequiredFieldsToSchema(dsSchema, "key_ring") + + return &schema.Resource{ + Read: dataSourceGoogleKmsCryptoKeyRead, + Schema: dsSchema, + } + +} + +func dataSourceGoogleKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + keyRingId, err := parseKmsKeyRingId(d.Get("key_ring").(string), config) + if err != nil { + return err + } + + cryptoKeyId := kmsCryptoKeyId{ + KeyRingId: *keyRingId, + Name: d.Get("name").(string), + } + + d.SetId(cryptoKeyId.cryptoKeyId()) + + return resourceKmsCryptoKeyRead(d, meta) +} diff --git a/google/data_source_google_kms_crypto_key_test.go b/google/data_source_google_kms_crypto_key_test.go new file mode 100644 index 00000000..b6f633ad --- /dev/null +++ b/google/data_source_google_kms_crypto_key_test.go @@ -0,0 +1,43 @@ +package google + +import ( + "fmt" + "regexp" + "strings" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceGoogleKmsCryptoKey_basic(t *testing.T) { + kms := BootstrapKMSKey(t) + + // Name in the KMS client is in the format projects//locations//keyRings//cryptoKeys/ + keyParts := strings.Split(kms.CryptoKey.Name, "/") + cryptoKeyId := keyParts[len(keyParts)-1] + + fmt.Println(testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId), + Check: resource.TestMatchResourceAttr("data.google_kms_crypto_key.kms_crypto_key", "self_link", regexp.MustCompile(kms.CryptoKey.Name)), + }, + }, + }) +} + +/* + This test should run in its own project, because KMS key rings and crypto keys are not deletable +*/ +func testAccDataSourceGoogleKmsCryptoKey_basic(keyRingName, cryptoKeyName string) string { + return fmt.Sprintf(` +data "google_kms_crypto_key" "kms_crypto_key" { + key_ring = "%s" + name = "%s" +} + `, keyRingName, cryptoKeyName) +} diff --git a/google/data_source_google_kms_key_ring.go b/google/data_source_google_kms_key_ring.go new file mode 100644 index 00000000..3c9bbb01 --- /dev/null +++ b/google/data_source_google_kms_key_ring.go @@ -0,0 +1,35 @@ +package google + +import ( + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceGoogleKmsKeyRing() *schema.Resource { + dsSchema := datasourceSchemaFromResourceSchema(resourceKmsKeyRing().Schema) + addRequiredFieldsToSchema(dsSchema, "name") + addRequiredFieldsToSchema(dsSchema, "location") + addOptionalFieldsToSchema(dsSchema, "project") + + return &schema.Resource{ + Read: dataSourceGoogleKmsKeyRingRead, + Schema: dsSchema, + } +} + +func dataSourceGoogleKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + project, err := getProject(d, config) + if err != nil { + return err + } + + keyRingId := kmsKeyRingId{ + Name: d.Get("name").(string), + Location: d.Get("location").(string), + Project: project, + } + d.SetId(keyRingId.terraformId()) + + return resourceKmsKeyRingRead(d, meta) +} diff --git a/google/data_source_google_kms_key_ring_test.go b/google/data_source_google_kms_key_ring_test.go new file mode 100644 index 00000000..515fb574 --- /dev/null +++ b/google/data_source_google_kms_key_ring_test.go @@ -0,0 +1,41 @@ +package google + +import ( + "fmt" + "regexp" + "strings" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceGoogleKmsKeyRing_basic(t *testing.T) { + kms := BootstrapKMSKey(t) + + keyParts := strings.Split(kms.KeyRing.Name, "/") + keyRingId := keyParts[len(keyParts)-1] + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceGoogleKmsKeyRing_basic(keyRingId), + Check: resource.TestMatchResourceAttr("data.google_kms_key_ring.kms_key_ring", "self_link", regexp.MustCompile(kms.KeyRing.Name)), + }, + }, + }) +} + +/* + This test should run in its own project, because keys and key rings are not deletable +*/ +func testAccDataSourceGoogleKmsKeyRing_basic(keyRingName string) string { + return fmt.Sprintf(` + +data "google_kms_key_ring" "kms_key_ring" { + name = "%s" + location = "global" +} + `, keyRingName) +} diff --git a/google/provider.go b/google/provider.go index b1ebe1ef..f3dd0032 100644 --- a/google/provider.go +++ b/google/provider.go @@ -100,6 +100,8 @@ func Provider() terraform.ResourceProvider { "google_iam_policy": dataSourceGoogleIamPolicy(), "google_iam_role": dataSourceGoogleIamRole(), "google_kms_secret": dataSourceGoogleKmsSecret(), + "google_kms_key_ring": dataSourceGoogleKmsKeyRing(), + "google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(), "google_folder": dataSourceGoogleFolder(), "google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(), "google_organization": dataSourceGoogleOrganization(), diff --git a/website/docs/d/google_kms_crypto_key.html.markdown b/website/docs/d/google_kms_crypto_key.html.markdown new file mode 100644 index 00000000..8a8dce34 --- /dev/null +++ b/website/docs/d/google_kms_crypto_key.html.markdown @@ -0,0 +1,52 @@ +--- +layout: "google" +page_title: "Google: google_kms_crypto_key" +sidebar_current: "docs-google-datasource-kms-crypto-key" +description: |- + Provides access to KMS key data with Google Cloud KMS. +--- + +# google\_kms\_crypto\_key + +Provides access to a Google Cloud Platform KMS CryptoKey. For more information see +[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) +and +[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys). + +A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a +Google Cloud KMS KeyRing. + +## Example Usage + +```hcl +data "google_kms_key_ring" "my_key_ring" { + name = "my-key-ring" + location = "us-central1" +} + +data "google_kms_crypto_key" "my_crypto_key" { + name = "my-crypto-key" + key_ring = "${data.google_kms_key_ring.my_key_ring.self_link}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The CryptoKey's name. + A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}` + +* `key_ring` - (Required) The `self_link` of the Google Cloud Platform KeyRing to which the key belongs. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `rotation_period` - Every time this period passes, generate a new CryptoKeyVersion and set it as + the primary. The first rotation will take place after the specified period. The rotation period has the format + of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). + +* `self_link` - The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`. + diff --git a/website/docs/d/google_kms_key_ring.html.markdown b/website/docs/d/google_kms_key_ring.html.markdown new file mode 100644 index 00000000..62818cb2 --- /dev/null +++ b/website/docs/d/google_kms_key_ring.html.markdown @@ -0,0 +1,48 @@ +--- +layout: "google" +page_title: "Google: google_kms_key_ring" +sidebar_current: "docs-google-datasource-kms-key-ring" +description: |- + Provides access to KMS key ring data with Google Cloud KMS. +--- + +# google\_kms\_key\_ring + +Provides access to Google Cloud Platform KMS KeyRing. For more information see +[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) +and +[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings). + +A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project +and resides in a specific location. + +## Example Usage + +```hcl +data "google_kms_key_ring" "my_key_ring" { + name = "my-key-ring" + location = "us-central1" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) The KeyRing's name. + A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}` + +* `location` - (Required) The Google Cloud Platform location for the KeyRing. + A full list of valid locations can be found by running `gcloud kms locations list`. + +- - - + +* `project` - (Optional) The project in which the resource belongs. If it + is not provided, the provider project is used. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `self_link` - The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`. diff --git a/website/docs/r/google_kms_crypto_key.html.markdown b/website/docs/r/google_kms_crypto_key.html.markdown index 42edd80e..1e3f911c 100644 --- a/website/docs/r/google_kms_crypto_key.html.markdown +++ b/website/docs/r/google_kms_crypto_key.html.markdown @@ -9,7 +9,7 @@ description: |- # google\_kms\_crypto\_key Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see -[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#cryptokey) +[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key) and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys). @@ -59,7 +59,7 @@ The following arguments are supported: the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400). - + * `version_template` - (Optional) A template describing settings for new crypto key versions. Structure is documented below. --- diff --git a/website/docs/r/google_kms_key_ring.html.markdown b/website/docs/r/google_kms_key_ring.html.markdown index d5e8dacc..5acde059 100644 --- a/website/docs/r/google_kms_key_ring.html.markdown +++ b/website/docs/r/google_kms_key_ring.html.markdown @@ -9,8 +9,8 @@ description: |- # google\_kms\_key\_ring Allows creation of a Google Cloud Platform KMS KeyRing. For more information see -[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#keyring) -and +[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring) +and [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings). A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project diff --git a/website/google.erb b/website/google.erb index 87f7000c..2eab312e 100644 --- a/website/google.erb +++ b/website/google.erb @@ -112,13 +112,19 @@ google_folder > - google_iam_policy + google_iam_policy > google_iam_role + > + google_kms_key_ring + + > + google_kms_crypto_key + > - google_kms_secret + google_kms_secret > google_netblock_ip_ranges @@ -127,10 +133,10 @@ google_organization > - google_project + google_project > - google_service_account + google_service_account > google_service_account_key