add updates for big query kms changes (#4934)

* add updates for big query kms changes * update docs for bigquery_table
GoogleCloudPlatform · Jul 2, 2021 · 958544e · 958544e
1 parent dcc3582
commit 958544e
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 1 deletion.
diff --git a/mmv1/products/bigquery/api.yaml b/mmv1/products/bigquery/api.yaml
@@ -575,6 +575,11 @@ objects:
                       Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.
                       The BigQuery Service Account associated with your project requires access to this encryption key.
                     required: true
+                  - !ruby/object:Api::Type::String
+                    name: 'kmsKeyVersion'
+                    description: |
+                      Describes the Cloud KMS encryption key version used to protect destination BigQuery table.
+                    output: true
               - !ruby/object:Api::Type::NestedObject
                 name: 'scriptOptions'
                 description: |
@@ -801,6 +806,11 @@ objects:
                       Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.
                       The BigQuery Service Account associated with your project requires access to this encryption key.
                     required: true
+                  - !ruby/object:Api::Type::String
+                    name: 'kmsKeyVersion'
+                    description: |
+                      Describes the Cloud KMS encryption key version used to protect destination BigQuery table.
+                    output: true
           - !ruby/object:Api::Type::NestedObject
             name: 'copy'
             description: 'Copies a table.'
@@ -881,6 +891,11 @@ objects:
                       Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.
                       The BigQuery Service Account associated with your project requires access to this encryption key.
                     required: true
+                  - !ruby/object:Api::Type::String
+                    name: 'kmsKeyVersion'
+                    description: |
+                      Describes the Cloud KMS encryption key version used to protect destination BigQuery table.
+                    output: true
           - !ruby/object:Api::Type::NestedObject
             name: 'extract'
             description: 'Configures an extract job.'

diff --git a/mmv1/products/bigquery/terraform.yaml b/mmv1/products/bigquery/terraform.yaml
@@ -323,6 +323,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           The dataset. Can be specified `{{dataset_id}}` if `project_id` is also set,
           or of the form `projects/{{project}}/datasets/{{dataset_id}}` if not.
         diff_suppress_func: 'compareSelfLinkRelativePaths'
+      configuration.copy.destinationEncryptionConfiguration: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/bigquery_kms_version.go.erb'
+      configuration.load.destinationEncryptionConfiguration: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/bigquery_kms_version.go.erb'
+      configuration.query.destinationEncryptionConfiguration: !ruby/object:Overrides::Terraform::PropertyOverride
+        custom_flatten: 'templates/terraform/custom_flatten/bigquery_kms_version.go.erb'
       jobReference: !ruby/object:Overrides::Terraform::PropertyOverride
         flatten_object: true
       jobReference.projectId: !ruby/object:Overrides::Terraform::PropertyOverride

diff --git a/mmv1/templates/terraform/custom_flatten/bigquery_kms_version.go.erb b/mmv1/templates/terraform/custom_flatten/bigquery_kms_version.go.erb
@@ -0,0 +1,38 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2021 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+// KmsKeyName switched from using a key name to a key version, this will separate the key name from the key version and save them
+// separately in state.  https://github.com/hashicorp/terraform-provider-google/issues/9208
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return []map[string]interface{}{}
+	}
+
+	kmsKeyName := v.(map[string]interface{})["kmsKeyName"].(string)
+	re := regexp.MustCompile(`(projects/.*/locations/.*/keyRings/.*/cryptoKeys/.*)/cryptoKeyVersions/.*`)
+	paths := re.FindStringSubmatch(kmsKeyName)
+
+	if len(paths) > 0 {
+		return []map[string]interface{}{
+			{
+				"kms_key_name":    paths[0],
+				"kms_key_version": kmsKeyName,
+			},
+		}
+	}
+
+	//	The key name was returned, no need to set the version
+	return []map[string]interface{}{{"kms_key_name": kmsKeyName, "kms_key_version": ""}}
+
+}
diff --git a/mmv1/third_party/terraform/resources/resource_bigquery_table.go b/mmv1/third_party/terraform/resources/resource_bigquery_table.go
@@ -6,6 +6,7 @@ import (
 	"errors"
 	"fmt"
 	"log"
+	"regexp"
 	"sort"
 	"strconv"
 	"strings"
@@ -820,6 +821,11 @@ func resourceBigQueryTable() *schema.Resource {
 							Required:    true,
 							Description: `The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.`,
 						},
+						"kms_key_version": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The self link or full name of the kms key version used to encrypt this table.`,
+						},
 					},
 				},
 			},
@@ -1543,7 +1549,20 @@ func expandRangePartitioning(configured interface{}) (*bigquery.RangePartitionin
 }
 
 func flattenEncryptionConfiguration(ec *bigquery.EncryptionConfiguration) []map[string]interface{} {
-	return []map[string]interface{}{{"kms_key_name": ec.KmsKeyName}}
+	re := regexp.MustCompile(`(projects/.*/locations/.*/keyRings/.*/cryptoKeys/.*)/cryptoKeyVersions/.*`)
+	paths := re.FindStringSubmatch(ec.KmsKeyName)
+
+	if len(paths) > 0 {
+		return []map[string]interface{}{
+			{
+				"kms_key_name":    paths[0],
+				"kms_key_version": ec.KmsKeyName,
+			},
+		}
+	}
+
+	//	The key name was returned, no need to set the version
+	return []map[string]interface{}{{"kms_key_name": ec.KmsKeyName, "kms_key_version": ""}}
 }
 
 func flattenTimePartitioning(tp *bigquery.TimePartitioning) []map[string]interface{} {

diff --git a/mmv1/third_party/terraform/website/docs/r/bigquery_table.html.markdown b/mmv1/third_party/terraform/website/docs/r/bigquery_table.html.markdown
@@ -322,6 +322,8 @@ exported:
 
 * `etag` - A hash of the resource.
 
+* `kms_key_version` - The self link or full name of the kms key version used to encrypt this table.
+
 * `last_modified_time` - The time when this table was last modified, in milliseconds since the epoch.
 
 * `location` - The geographic location where the table resides. This value is inherited from the dataset.