mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-01 16:21:06 +00:00
Data Sources for KMS Key Ring and Key (#2891)
<!-- This change is generated by MagicModules. --> /cc @kierachell
This commit is contained in:
parent
b2142b4bcc
commit
30fe927df6
35
google/data_source_google_kms_crypto_key.go
Normal file
35
google/data_source_google_kms_crypto_key.go
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
package google
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
)
|
||||||
|
|
||||||
|
func dataSourceGoogleKmsCryptoKey() *schema.Resource {
|
||||||
|
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsCryptoKey().Schema)
|
||||||
|
addRequiredFieldsToSchema(dsSchema, "name")
|
||||||
|
addRequiredFieldsToSchema(dsSchema, "key_ring")
|
||||||
|
|
||||||
|
return &schema.Resource{
|
||||||
|
Read: dataSourceGoogleKmsCryptoKeyRead,
|
||||||
|
Schema: dsSchema,
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func dataSourceGoogleKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
config := meta.(*Config)
|
||||||
|
|
||||||
|
keyRingId, err := parseKmsKeyRingId(d.Get("key_ring").(string), config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
cryptoKeyId := kmsCryptoKeyId{
|
||||||
|
KeyRingId: *keyRingId,
|
||||||
|
Name: d.Get("name").(string),
|
||||||
|
}
|
||||||
|
|
||||||
|
d.SetId(cryptoKeyId.cryptoKeyId())
|
||||||
|
|
||||||
|
return resourceKmsCryptoKeyRead(d, meta)
|
||||||
|
}
|
43
google/data_source_google_kms_crypto_key_test.go
Normal file
43
google/data_source_google_kms_crypto_key_test.go
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
package google
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestAccDataSourceGoogleKmsCryptoKey_basic(t *testing.T) {
|
||||||
|
kms := BootstrapKMSKey(t)
|
||||||
|
|
||||||
|
// Name in the KMS client is in the format projects/<project>/locations/<location>/keyRings/<keyRingName>/cryptoKeys/<keyId>
|
||||||
|
keyParts := strings.Split(kms.CryptoKey.Name, "/")
|
||||||
|
cryptoKeyId := keyParts[len(keyParts)-1]
|
||||||
|
|
||||||
|
fmt.Println(testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId))
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId),
|
||||||
|
Check: resource.TestMatchResourceAttr("data.google_kms_crypto_key.kms_crypto_key", "self_link", regexp.MustCompile(kms.CryptoKey.Name)),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
This test should run in its own project, because KMS key rings and crypto keys are not deletable
|
||||||
|
*/
|
||||||
|
func testAccDataSourceGoogleKmsCryptoKey_basic(keyRingName, cryptoKeyName string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
data "google_kms_crypto_key" "kms_crypto_key" {
|
||||||
|
key_ring = "%s"
|
||||||
|
name = "%s"
|
||||||
|
}
|
||||||
|
`, keyRingName, cryptoKeyName)
|
||||||
|
}
|
35
google/data_source_google_kms_key_ring.go
Normal file
35
google/data_source_google_kms_key_ring.go
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
package google
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
|
)
|
||||||
|
|
||||||
|
func dataSourceGoogleKmsKeyRing() *schema.Resource {
|
||||||
|
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsKeyRing().Schema)
|
||||||
|
addRequiredFieldsToSchema(dsSchema, "name")
|
||||||
|
addRequiredFieldsToSchema(dsSchema, "location")
|
||||||
|
addOptionalFieldsToSchema(dsSchema, "project")
|
||||||
|
|
||||||
|
return &schema.Resource{
|
||||||
|
Read: dataSourceGoogleKmsKeyRingRead,
|
||||||
|
Schema: dsSchema,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func dataSourceGoogleKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
config := meta.(*Config)
|
||||||
|
|
||||||
|
project, err := getProject(d, config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
keyRingId := kmsKeyRingId{
|
||||||
|
Name: d.Get("name").(string),
|
||||||
|
Location: d.Get("location").(string),
|
||||||
|
Project: project,
|
||||||
|
}
|
||||||
|
d.SetId(keyRingId.terraformId())
|
||||||
|
|
||||||
|
return resourceKmsKeyRingRead(d, meta)
|
||||||
|
}
|
41
google/data_source_google_kms_key_ring_test.go
Normal file
41
google/data_source_google_kms_key_ring_test.go
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
package google
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestAccDataSourceGoogleKmsKeyRing_basic(t *testing.T) {
|
||||||
|
kms := BootstrapKMSKey(t)
|
||||||
|
|
||||||
|
keyParts := strings.Split(kms.KeyRing.Name, "/")
|
||||||
|
keyRingId := keyParts[len(keyParts)-1]
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccDataSourceGoogleKmsKeyRing_basic(keyRingId),
|
||||||
|
Check: resource.TestMatchResourceAttr("data.google_kms_key_ring.kms_key_ring", "self_link", regexp.MustCompile(kms.KeyRing.Name)),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
This test should run in its own project, because keys and key rings are not deletable
|
||||||
|
*/
|
||||||
|
func testAccDataSourceGoogleKmsKeyRing_basic(keyRingName string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
|
||||||
|
data "google_kms_key_ring" "kms_key_ring" {
|
||||||
|
name = "%s"
|
||||||
|
location = "global"
|
||||||
|
}
|
||||||
|
`, keyRingName)
|
||||||
|
}
|
@ -100,6 +100,8 @@ func Provider() terraform.ResourceProvider {
|
|||||||
"google_iam_policy": dataSourceGoogleIamPolicy(),
|
"google_iam_policy": dataSourceGoogleIamPolicy(),
|
||||||
"google_iam_role": dataSourceGoogleIamRole(),
|
"google_iam_role": dataSourceGoogleIamRole(),
|
||||||
"google_kms_secret": dataSourceGoogleKmsSecret(),
|
"google_kms_secret": dataSourceGoogleKmsSecret(),
|
||||||
|
"google_kms_key_ring": dataSourceGoogleKmsKeyRing(),
|
||||||
|
"google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(),
|
||||||
"google_folder": dataSourceGoogleFolder(),
|
"google_folder": dataSourceGoogleFolder(),
|
||||||
"google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(),
|
"google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(),
|
||||||
"google_organization": dataSourceGoogleOrganization(),
|
"google_organization": dataSourceGoogleOrganization(),
|
||||||
|
52
website/docs/d/google_kms_crypto_key.html.markdown
Normal file
52
website/docs/d/google_kms_crypto_key.html.markdown
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
layout: "google"
|
||||||
|
page_title: "Google: google_kms_crypto_key"
|
||||||
|
sidebar_current: "docs-google-datasource-kms-crypto-key"
|
||||||
|
description: |-
|
||||||
|
Provides access to KMS key data with Google Cloud KMS.
|
||||||
|
---
|
||||||
|
|
||||||
|
# google\_kms\_crypto\_key
|
||||||
|
|
||||||
|
Provides access to a Google Cloud Platform KMS CryptoKey. For more information see
|
||||||
|
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
|
||||||
|
and
|
||||||
|
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
|
||||||
|
|
||||||
|
A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
|
||||||
|
Google Cloud KMS KeyRing.
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
data "google_kms_key_ring" "my_key_ring" {
|
||||||
|
name = "my-key-ring"
|
||||||
|
location = "us-central1"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "google_kms_crypto_key" "my_crypto_key" {
|
||||||
|
name = "my-crypto-key"
|
||||||
|
key_ring = "${data.google_kms_key_ring.my_key_ring.self_link}"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `name` - (Required) The CryptoKey's name.
|
||||||
|
A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
|
||||||
|
|
||||||
|
* `key_ring` - (Required) The `self_link` of the Google Cloud Platform KeyRing to which the key belongs.
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
In addition to the arguments listed above, the following computed attributes are
|
||||||
|
exported:
|
||||||
|
|
||||||
|
* `rotation_period` - Every time this period passes, generate a new CryptoKeyVersion and set it as
|
||||||
|
the primary. The first rotation will take place after the specified period. The rotation period has the format
|
||||||
|
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
|
||||||
|
|
||||||
|
* `self_link` - The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.
|
||||||
|
|
48
website/docs/d/google_kms_key_ring.html.markdown
Normal file
48
website/docs/d/google_kms_key_ring.html.markdown
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
layout: "google"
|
||||||
|
page_title: "Google: google_kms_key_ring"
|
||||||
|
sidebar_current: "docs-google-datasource-kms-key-ring"
|
||||||
|
description: |-
|
||||||
|
Provides access to KMS key ring data with Google Cloud KMS.
|
||||||
|
---
|
||||||
|
|
||||||
|
# google\_kms\_key\_ring
|
||||||
|
|
||||||
|
Provides access to Google Cloud Platform KMS KeyRing. For more information see
|
||||||
|
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
|
||||||
|
and
|
||||||
|
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
|
||||||
|
|
||||||
|
A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project
|
||||||
|
and resides in a specific location.
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
data "google_kms_key_ring" "my_key_ring" {
|
||||||
|
name = "my-key-ring"
|
||||||
|
location = "us-central1"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `name` - (Required) The KeyRing's name.
|
||||||
|
A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
|
||||||
|
|
||||||
|
* `location` - (Required) The Google Cloud Platform location for the KeyRing.
|
||||||
|
A full list of valid locations can be found by running `gcloud kms locations list`.
|
||||||
|
|
||||||
|
- - -
|
||||||
|
|
||||||
|
* `project` - (Optional) The project in which the resource belongs. If it
|
||||||
|
is not provided, the provider project is used.
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
In addition to the arguments listed above, the following computed attributes are
|
||||||
|
exported:
|
||||||
|
|
||||||
|
* `self_link` - The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.
|
@ -9,7 +9,7 @@ description: |-
|
|||||||
# google\_kms\_crypto\_key
|
# google\_kms\_crypto\_key
|
||||||
|
|
||||||
Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see
|
Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see
|
||||||
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#cryptokey)
|
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
|
||||||
and
|
and
|
||||||
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
|
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@ description: |-
|
|||||||
# google\_kms\_key\_ring
|
# google\_kms\_key\_ring
|
||||||
|
|
||||||
Allows creation of a Google Cloud Platform KMS KeyRing. For more information see
|
Allows creation of a Google Cloud Platform KMS KeyRing. For more information see
|
||||||
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#keyring)
|
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
|
||||||
and
|
and
|
||||||
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
|
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
|
||||||
|
|
||||||
|
@ -117,6 +117,12 @@
|
|||||||
<li<%= sidebar_current("docs-google-datasource-iam-role") %>>
|
<li<%= sidebar_current("docs-google-datasource-iam-role") %>>
|
||||||
<a href="/docs/providers/google/d/datasource_google_iam_role.html">google_iam_role</a>
|
<a href="/docs/providers/google/d/datasource_google_iam_role.html">google_iam_role</a>
|
||||||
</li>
|
</li>
|
||||||
|
<li<%= sidebar_current("docs-google-datasource-kms-key-ring") %>>
|
||||||
|
<a href="/docs/providers/google/d/google_kms_key_ring.html">google_kms_key_ring</a>
|
||||||
|
</li>
|
||||||
|
<li<%= sidebar_current("docs-google-datasource-kms-crypto-key") %>>
|
||||||
|
<a href="/docs/providers/google/d/google_kms_crypto_key.html">google_kms_crypto_key</a>
|
||||||
|
</li>
|
||||||
<li<%= sidebar_current("docs-google-kms-secret") %>>
|
<li<%= sidebar_current("docs-google-kms-secret") %>>
|
||||||
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
|
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
|
||||||
</li>
|
</li>
|
||||||
|
Loading…
Reference in New Issue
Block a user