mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 16:52:40 +00:00
Make kms links for compute disk GA (#2850)
<!-- This change is generated by MagicModules. --> /cc @chrisst
This commit is contained in:
parent
b9cedc68ef
commit
ccf079b014
|
@ -1180,6 +1180,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||||
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["diskEncryptionKey"] = transformed
|
res["diskEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1190,6 +1196,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||||
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["sourceImageEncryptionKey"] = transformed
|
res["sourceImageEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1200,6 +1212,12 @@ func resourceComputeDiskDecoder(d *schema.ResourceData, meta interface{}, res ma
|
||||||
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["sourceSnapshotEncryptionKey"] = transformed
|
res["sourceSnapshotEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -313,6 +313,39 @@ func TestAccComputeDisk_encryption(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccComputeDisk_encryptionKMS(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
kms := BootstrapKMSKey(t)
|
||||||
|
pid := getTestProjectFromEnv()
|
||||||
|
diskName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
|
||||||
|
importID := fmt.Sprintf("%s/%s/%s", pid, "us-central1-a", diskName)
|
||||||
|
var disk compute.Disk
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckComputeDiskDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccComputeDisk_encryptionKMS(pid, diskName, kms.CryptoKey.Name),
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
testAccCheckComputeDiskExists(
|
||||||
|
"google_compute_disk.foobar", pid, &disk),
|
||||||
|
testAccCheckEncryptionKey(
|
||||||
|
"google_compute_disk.foobar", &disk),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceName: "google_compute_disk.foobar",
|
||||||
|
ImportStateId: importID,
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestAccComputeDisk_deleteDetach(t *testing.T) {
|
func TestAccComputeDisk_deleteDetach(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
@ -644,6 +677,38 @@ resource "google_compute_disk" "foobar" {
|
||||||
}
|
}
|
||||||
}`, diskName)
|
}`, diskName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccComputeDisk_encryptionKMS(pid, diskName, kmsKey string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
data "google_project" "project" {
|
||||||
|
project_id = "%s"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "google_compute_image" "my_image" {
|
||||||
|
family = "debian-9"
|
||||||
|
project = "debian-cloud"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_project_iam_member" "kms-project-binding" {
|
||||||
|
project = "${data.google_project.project.project_id}"
|
||||||
|
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
|
||||||
|
member = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_disk" "foobar" {
|
||||||
|
name = "%s"
|
||||||
|
image = "${data.google_compute_image.my_image.self_link}"
|
||||||
|
size = 10
|
||||||
|
type = "pd-ssd"
|
||||||
|
zone = "us-central1-a"
|
||||||
|
|
||||||
|
disk_encryption_key {
|
||||||
|
kms_key_self_link = "%s"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`, pid, diskName, kmsKey)
|
||||||
|
}
|
||||||
|
|
||||||
func testAccComputeDisk_deleteDetach(instanceName, diskName string) string {
|
func testAccComputeDisk_deleteDetach(instanceName, diskName string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
data "google_compute_image" "my_image" {
|
data "google_compute_image" "my_image" {
|
||||||
|
|
|
@ -19,6 +19,7 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/customdiff"
|
"github.com/hashicorp/terraform/helper/customdiff"
|
||||||
|
@ -883,6 +884,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||||
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("disk_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["diskEncryptionKey"] = transformed
|
res["diskEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -893,6 +900,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||||
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("source_image_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["sourceImageEncryptionKey"] = transformed
|
res["sourceImageEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -903,6 +916,12 @@ func resourceComputeRegionDiskDecoder(d *schema.ResourceData, meta interface{},
|
||||||
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
transformed["rawKey"] = d.Get("source_snapshot_encryption_key.0.raw_key")
|
||||||
transformed["sha256"] = original["sha256"]
|
transformed["sha256"] = original["sha256"]
|
||||||
|
|
||||||
|
if kmsKeyName, ok := original["kmsKeyName"]; ok {
|
||||||
|
// The response for crypto keys often includes the version of the key which needs to be removed
|
||||||
|
// format: projects/<project>/locations/<region>/keyRings/<keyring>/cryptoKeys/<key>/cryptoKeyVersions/1
|
||||||
|
transformed["kmsKeyName"] = strings.Split(kmsKeyName.(string), "/cryptoKeyVersions")[0]
|
||||||
|
}
|
||||||
|
|
||||||
res["sourceSnapshotEncryptionKey"] = transformed
|
res["sourceSnapshotEncryptionKey"] = transformed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user