From ccf079b01402db443c67633a74eef94bf072824c Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Wed, 9 Jan 2019 16:48:04 -0800
Subject: [PATCH] Make kms links for compute disk GA (#2850)

<!-- This change is generated by MagicModules. -->
/cc @chrisst
---
 google/resource_compute_disk.go        | 18 +++++++
 google/resource_compute_disk_test.go   | 65 ++++++++++++++++++++++++++
 google/resource_compute_region_disk.go | 19 ++++++++
 3 files changed, 102 insertions(+)

diff --git a/google/resource_compute_disk.go b/google/resource_compute_disk.go
index 1f96f3c1..fc91dd3b 100644
--- a/google/resource_compute_disk.go
+++ b/google/resource_compute_disk.go
@@ -1180,6 +1180,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
 		transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["diskEncryptionKey"] = transformed
 	}
 
@@ -1190,6 +1196,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
 		transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["sourceImageEncryptionKey"] = transformed
 	}
 
@@ -1200,6 +1212,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
 		transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["sourceSnapshotEncryptionKey"] = transformed
 	}
 
diff --git a/google/resource_compute_disk_test.go b/google/resource_compute_disk_test.go
index bdf7e92f..01db0da2 100644
--- a/google/resource_compute_disk_test.go
+++ b/google/resource_compute_disk_test.go
@@ -313,6 +313,39 @@ func TestAccComputeDisk_encryption(t *testing.T) {
 	})
 }
 
+func TestAccComputeDisk_encryptionKMS(t *testing.T) {
+	t.Parallel()
+
+	kms := BootstrapKMSKey(t)
+	pid := getTestProjectFromEnv()
+	diskName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
+	importID := fmt.Sprintf("%s/%s/%s", pid, "us-central1-a", diskName)
+	var disk compute.Disk
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeDiskDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeDisk_encryptionKMS(pid, diskName, kms.CryptoKey.Name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeDiskExists(
+						"google_compute_disk.foobar", pid, &disk),
+					testAccCheckEncryptionKey(
+						"google_compute_disk.foobar", &disk),
+				),
+			},
+			{
+				ResourceName:      "google_compute_disk.foobar",
+				ImportStateId:     importID,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccComputeDisk_deleteDetach(t *testing.T) {
 	t.Parallel()
 
@@ -644,6 +677,38 @@ resource "google_compute_disk" "foobar" {
 	}
 }`, diskName)
 }
+
+func testAccComputeDisk_encryptionKMS(pid, diskName, kmsKey string) string {
+	return fmt.Sprintf(`
+data "google_project" "project" {
+	project_id = "%s"
+}
+
+data "google_compute_image" "my_image" {
+  family  = "debian-9"
+  project = "debian-cloud"
+}
+
+resource "google_project_iam_member" "kms-project-binding" {
+  project = "${data.google_project.project.project_id}"
+  role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member  = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
+}
+
+resource "google_compute_disk" "foobar" {
+  name    = "%s"
+  image   = "${data.google_compute_image.my_image.self_link}"
+  size    = 10
+  type    = "pd-ssd"
+  zone    = "us-central1-a"
+
+  disk_encryption_key {
+    kms_key_self_link = "%s"
+  }
+}
+`, pid, diskName, kmsKey)
+}
+
 func testAccComputeDisk_deleteDetach(instanceName, diskName string) string {
 	return fmt.Sprintf(`
 data "google_compute_image" "my_image" {
diff --git a/google/resource_compute_region_disk.go b/google/resource_compute_region_disk.go
index 8d51b899..8436ecf0 100644
--- a/google/resource_compute_region_disk.go
+++ b/google/resource_compute_region_disk.go
@@ -19,6 +19,7 @@ import (
 	"log"
 	"reflect"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform/helper/customdiff"
@@ -883,6 +884,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
 		transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["diskEncryptionKey"] = transformed
 	}
 
@@ -893,6 +900,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
 		transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["sourceImageEncryptionKey"] = transformed
 	}
 
@@ -903,6 +916,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
 		transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
 		transformed["sha256"] = original["sha256"]
 
+		if kmsKeyName, ok := original["kmsKeyName"]; ok {
+			// The response for crypto keys often includes the version of the key which needs to be removed
+			// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
+			transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
+		}
+
 		res["sourceSnapshotEncryptionKey"] = transformed
 	}