mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-01 16:21:06 +00:00
KMS changes - non functional (#2302)
<!-- This change is generated by MagicModules. --> /cc @slevenick
This commit is contained in:
parent
9da993f663
commit
a7e94bbfeb
@ -1211,6 +1211,7 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["diskEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
@ -1220,6 +1221,7 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["sourceImageEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
@ -1229,6 +1231,7 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["sourceSnapshotEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
|
@ -220,7 +220,7 @@ func TestAccComputeDisk_basic(t *testing.T) {
|
||||
Config: testAccComputeDisk_basic(diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
"google_compute_disk.foobar", getTestProjectFromEnv(), &disk),
|
||||
testAccCheckComputeDiskHasLabel(&disk, "my-label", "my-label-value"),
|
||||
testAccCheckComputeDiskHasLabelFingerprint(&disk, "google_compute_disk.foobar"),
|
||||
),
|
||||
@ -264,7 +264,7 @@ func TestAccComputeDisk_update(t *testing.T) {
|
||||
Config: testAccComputeDisk_basic(diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
"google_compute_disk.foobar", getTestProjectFromEnv(), &disk),
|
||||
resource.TestCheckResourceAttr("google_compute_disk.foobar", "size", "50"),
|
||||
testAccCheckComputeDiskHasLabel(&disk, "my-label", "my-label-value"),
|
||||
testAccCheckComputeDiskHasLabelFingerprint(&disk, "google_compute_disk.foobar"),
|
||||
@ -274,7 +274,7 @@ func TestAccComputeDisk_update(t *testing.T) {
|
||||
Config: testAccComputeDisk_updated(diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
"google_compute_disk.foobar", getTestProjectFromEnv(), &disk),
|
||||
resource.TestCheckResourceAttr("google_compute_disk.foobar", "size", "100"),
|
||||
testAccCheckComputeDiskHasLabel(&disk, "my-label", "my-updated-label-value"),
|
||||
testAccCheckComputeDiskHasLabel(&disk, "a-new-label", "a-new-label-value"),
|
||||
@ -304,14 +304,14 @@ func TestAccComputeDisk_fromSnapshot(t *testing.T) {
|
||||
Config: testAccComputeDisk_fromSnapshot(projectName, firstDiskName, snapshotName, diskName, "self_link"),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.seconddisk", &disk),
|
||||
"google_compute_disk.seconddisk", getTestProjectFromEnv(), &disk),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccComputeDisk_fromSnapshot(projectName, firstDiskName, snapshotName, diskName, "name"),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.seconddisk", &disk),
|
||||
"google_compute_disk.seconddisk", getTestProjectFromEnv(), &disk),
|
||||
),
|
||||
},
|
||||
},
|
||||
@ -333,7 +333,7 @@ func TestAccComputeDisk_encryption(t *testing.T) {
|
||||
Config: testAccComputeDisk_encryption(diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
"google_compute_disk.foobar", getTestProjectFromEnv(), &disk),
|
||||
testAccCheckEncryptionKey(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
),
|
||||
@ -342,6 +342,42 @@ func TestAccComputeDisk_encryption(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeDisk_encryptionKMS(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
org := getTestOrgFromEnv(t)
|
||||
pid := "tf-test-" + acctest.RandString(10)
|
||||
billingAccount := getTestBillingAccountFromEnv(t)
|
||||
diskName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||||
keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||||
keyName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||||
importID := fmt.Sprintf("%s/%s/%s", pid, "us-central1-a", diskName)
|
||||
var disk compute.Disk
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeDiskDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeDisk_encryptionKMS(pid, pname, org, billingAccount, diskName, keyRingName, keyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foobar", pid, &disk),
|
||||
testAccCheckEncryptionKey(
|
||||
"google_compute_disk.foobar", &disk),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_disk.foobar",
|
||||
ImportStateId: importID,
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeDisk_deleteDetach(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@ -358,7 +394,7 @@ func TestAccComputeDisk_deleteDetach(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetach(instanceName, diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
),
|
||||
},
|
||||
// this needs to be a second step so we refresh and see the instance
|
||||
@ -369,7 +405,7 @@ func TestAccComputeDisk_deleteDetach(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetach(instanceName, diskName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
testAccCheckComputeDiskInstances(
|
||||
"google_compute_disk.foo", &disk),
|
||||
),
|
||||
@ -395,7 +431,7 @@ func TestAccComputeDisk_deleteDetachIGM(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetachIGM(diskName, mgrName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
),
|
||||
},
|
||||
// this needs to be a second step so we refresh and see the instance
|
||||
@ -406,7 +442,7 @@ func TestAccComputeDisk_deleteDetachIGM(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetachIGM(diskName, mgrName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
testAccCheckComputeDiskInstances(
|
||||
"google_compute_disk.foo", &disk),
|
||||
),
|
||||
@ -416,7 +452,7 @@ func TestAccComputeDisk_deleteDetachIGM(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetachIGM(diskName2, mgrName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
),
|
||||
},
|
||||
// Add the extra step like before
|
||||
@ -424,7 +460,7 @@ func TestAccComputeDisk_deleteDetachIGM(t *testing.T) {
|
||||
Config: testAccComputeDisk_deleteDetachIGM(diskName2, mgrName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeDiskExists(
|
||||
"google_compute_disk.foo", &disk),
|
||||
"google_compute_disk.foo", getTestProjectFromEnv(), &disk),
|
||||
testAccCheckComputeDiskInstances(
|
||||
"google_compute_disk.foo", &disk),
|
||||
),
|
||||
@ -483,9 +519,8 @@ func testAccCheckComputeDiskDestroy(s *terraform.State) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccCheckComputeDiskExists(n string, disk *compute.Disk) resource.TestCheckFunc {
|
||||
func testAccCheckComputeDiskExists(n, p string, disk *compute.Disk) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
p := getTestProjectFromEnv()
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", n)
|
||||
@ -693,6 +728,83 @@ resource "google_compute_disk" "foobar" {
|
||||
}`, diskName)
|
||||
}
|
||||
|
||||
func testAccComputeDisk_encryptionKMS(pid, pname, org, billing, diskName, keyRingName, keyName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_project" "project" {
|
||||
project_id = "%s"
|
||||
name = "%s"
|
||||
org_id = "%s"
|
||||
billing_account = "%s"
|
||||
}
|
||||
|
||||
data "google_compute_image" "my_image" {
|
||||
family = "debian-9"
|
||||
project = "debian-cloud"
|
||||
}
|
||||
|
||||
resource "google_project_services" "apis" {
|
||||
project = "${google_project.project.project_id}"
|
||||
|
||||
services = [
|
||||
"oslogin.googleapis.com",
|
||||
"compute.googleapis.com",
|
||||
"cloudkms.googleapis.com",
|
||||
"appengine.googleapis.com",
|
||||
]
|
||||
}
|
||||
|
||||
resource "google_project_iam_member" "kms-project-binding" {
|
||||
project = "${google_project.project.project_id}"
|
||||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
|
||||
member = "serviceAccount:service-${google_project.project.number}@compute-system.iam.gserviceaccount.com"
|
||||
|
||||
depends_on = ["google_project_services.apis"]
|
||||
}
|
||||
|
||||
resource "google_kms_crypto_key_iam_binding" "kms-key-binding" {
|
||||
crypto_key_id = "${google_kms_crypto_key.my_crypto_key.self_link}"
|
||||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
|
||||
|
||||
members = [
|
||||
"serviceAccount:service-${google_project.project.number}@compute-system.iam.gserviceaccount.com",
|
||||
]
|
||||
|
||||
depends_on = ["google_project_services.apis"]
|
||||
}
|
||||
|
||||
resource "google_kms_key_ring" "my_key_ring" {
|
||||
name = "%s"
|
||||
project = "${google_project.project.project_id}"
|
||||
location = "us-central1"
|
||||
|
||||
depends_on = ["google_project_services.apis"]
|
||||
}
|
||||
|
||||
resource "google_kms_crypto_key" "my_crypto_key" {
|
||||
name = "%s"
|
||||
key_ring = "${google_kms_key_ring.my_key_ring.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_disk" "foobar" {
|
||||
name = "%s"
|
||||
image = "${data.google_compute_image.my_image.self_link}"
|
||||
size = 10
|
||||
type = "pd-ssd"
|
||||
zone = "us-central1-a"
|
||||
project = "${google_project.project.project_id}"
|
||||
|
||||
disk_encryption_key {
|
||||
kms_key_self_link = "${google_kms_crypto_key.my_crypto_key.self_link}"
|
||||
}
|
||||
|
||||
depends_on = [
|
||||
"google_kms_crypto_key_iam_binding.kms-key-binding",
|
||||
"google_project_iam_member.kms-project-binding",
|
||||
]
|
||||
}
|
||||
`, pid, pname, org, billing, keyRingName, keyName, diskName)
|
||||
}
|
||||
|
||||
func testAccComputeDisk_deleteDetach(instanceName, diskName string) string {
|
||||
return fmt.Sprintf(`
|
||||
data "google_compute_image" "my_image" {
|
||||
|
@ -892,6 +892,7 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["diskEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
@ -901,6 +902,7 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["sourceImageEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
@ -910,6 +912,7 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||
// The raw key won't be returned, so we need to use the original.
|
||||
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
||||
transformed["sha256"] = original["sha256"]
|
||||
|
||||
res["sourceSnapshotEncryptionKey"] = transformed
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user