mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 15:52:39 +00:00
Add support for protection_level to google_kms_crypto_key (#2751)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
2ab6d1995f
commit
a1e5c4fff0
|
@ -2,6 +2,7 @@ package google
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/hashicorp/terraform/helper/validation"
|
||||
"log"
|
||||
"regexp"
|
||||
"strconv"
|
||||
|
@ -39,6 +40,27 @@ func resourceKmsCryptoKey() *schema.Resource {
|
|||
Optional: true,
|
||||
ValidateFunc: validateKmsCryptoKeyRotationPeriod,
|
||||
},
|
||||
"version_template": {
|
||||
Type: schema.TypeList,
|
||||
MaxItems: 1,
|
||||
Optional: true,
|
||||
Computed: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"algorithm": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"protection_level": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
Default: "SOFTWARE",
|
||||
ValidateFunc: validation.StringInSlice([]string{"SOFTWARE", "HSM", ""}, false),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"self_link": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
|
@ -84,7 +106,10 @@ func resourceKmsCryptoKeyCreate(d *schema.ResourceData, meta interface{}) error
|
|||
Name: d.Get("name").(string),
|
||||
}
|
||||
|
||||
key := cloudkms.CryptoKey{Purpose: "ENCRYPT_DECRYPT"}
|
||||
key := cloudkms.CryptoKey{
|
||||
Purpose: "ENCRYPT_DECRYPT",
|
||||
VersionTemplate: expandVersionTemplate(d.Get("version_template").([]interface{})),
|
||||
}
|
||||
|
||||
if d.Get("rotation_period") != "" {
|
||||
rotationPeriod := d.Get("rotation_period").(string)
|
||||
|
@ -133,6 +158,10 @@ func resourceKmsCryptoKeyUpdate(d *schema.ResourceData, meta interface{}) error
|
|||
key.RotationPeriod = rotationPeriod
|
||||
}
|
||||
|
||||
if d.HasChange("version_template") {
|
||||
key.VersionTemplate = expandVersionTemplate(d.Get("version_template").([]interface{}))
|
||||
}
|
||||
|
||||
cryptoKey, err := config.clientKms.Projects.Locations.KeyRings.CryptoKeys.Patch(cryptoKeyId.cryptoKeyId(), &key).UpdateMask("rotation_period,next_rotation_time").Do()
|
||||
|
||||
if err != nil {
|
||||
|
@ -165,6 +194,10 @@ func resourceKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error {
|
|||
d.Set("rotation_period", cryptoKey.RotationPeriod)
|
||||
d.Set("self_link", cryptoKey.Name)
|
||||
|
||||
if err = d.Set("version_template", flattenVersionTemplate(cryptoKey.VersionTemplate)); err != nil {
|
||||
return fmt.Errorf("Error setting version_template in state: %s", err.Error())
|
||||
}
|
||||
|
||||
d.SetId(cryptoKeyId.cryptoKeyId())
|
||||
|
||||
return nil
|
||||
|
@ -219,6 +252,33 @@ and all its CryptoKeyVersions will be destroyed, but it will still be present on
|
|||
return nil
|
||||
}
|
||||
|
||||
func expandVersionTemplate(configured []interface{}) *cloudkms.CryptoKeyVersionTemplate {
|
||||
if configured == nil || len(configured) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
data := configured[0].(map[string]interface{})
|
||||
return &cloudkms.CryptoKeyVersionTemplate{
|
||||
Algorithm: data["algorithm"].(string),
|
||||
ProtectionLevel: data["protection_level"].(string),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenVersionTemplate(versionTemplate *cloudkms.CryptoKeyVersionTemplate) []map[string]interface{} {
|
||||
if versionTemplate == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
versionTemplateSchema := make([]map[string]interface{}, 0, 1)
|
||||
data := map[string]interface{}{
|
||||
"algorithm": versionTemplate.Algorithm,
|
||||
"protection_level": versionTemplate.ProtectionLevel,
|
||||
}
|
||||
|
||||
versionTemplateSchema = append(versionTemplateSchema, data)
|
||||
return versionTemplateSchema
|
||||
}
|
||||
|
||||
func validateKmsCryptoKeyRotationPeriod(value interface{}, _ string) (ws []string, errors []error) {
|
||||
period := value.(string)
|
||||
pattern := regexp.MustCompile("^([0-9.]*\\d)s$")
|
||||
|
|
|
@ -270,6 +270,10 @@ resource "google_kms_crypto_key" "crypto_key" {
|
|||
name = "%s"
|
||||
key_ring = "${google_kms_key_ring.key_ring.self_link}"
|
||||
rotation_period = "1000000s"
|
||||
version_template {
|
||||
algorithm = "GOOGLE_SYMMETRIC_ENCRYPTION"
|
||||
protection_level = "SOFTWARE"
|
||||
}
|
||||
}
|
||||
`, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName)
|
||||
}
|
||||
|
|
|
@ -59,6 +59,19 @@ The following arguments are supported:
|
|||
the primary. The first rotation will take place after the specified period. The rotation period has the format
|
||||
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
|
||||
a day (ie, 86400).
|
||||
|
||||
* `version_template` - (Optional) A template describing settings for new crypto key versions. Structure is documented below.
|
||||
|
||||
---
|
||||
|
||||
The `version_template` block supports:
|
||||
|
||||
* `algorithm` - (Required) The algorithm to use when creating a version based on this template.
|
||||
See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm)
|
||||
for possible inputs.
|
||||
|
||||
* `protection_level` - (Optional) The protection level to use when creating a version based on this template.
|
||||
One of `SOFTWARE`, or `HSM`.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user