Skip to content

Commit

Permalink
Upgrade DCL to 1.75.0 (#12046)
Browse files Browse the repository at this point in the history
[upstream:7c1c0c38f84ec0a7447dbecc280b0e017a8495d2]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician committed Oct 23, 2024
1 parent bb261ec commit 050580a
Show file tree
Hide file tree
Showing 6 changed files with 82 additions and 6 deletions.
3 changes: 3 additions & 0 deletions .changelog/12046.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
assuredworkloads: added `workload_options` field to `google_assured_workloads_workload` resource
```
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.21

require (
cloud.google.com/go/bigtable v1.33.0
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0
github.com/apparentlymart/go-cidr v1.1.0
github.com/davecgh/go-spew v1.1.1
github.com/dnaeon/go-vcr v1.0.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,6 @@ cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3
dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0 h1:YV3eTXgDw3Zp8Mc12WE2Aa3+22twNd07xkFkEODrlOQ=
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg=
Expand Down Expand Up @@ -478,3 +476,5 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0 h1:7tFkHNjfjm7dYnjqyuzMon+31lPaMTjca3OuamWd0Oo=
github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,15 @@ func ResourceAssuredWorkloadsWorkload() *schema.Resource {
Description: "Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.",
},

"workload_options": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: "Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.",
MaxItems: 1,
Elem: AssuredWorkloadsWorkloadWorkloadOptionsSchema(),
},

"compliance_status": {
Type: schema.TypeList,
Computed: true,
Expand Down Expand Up @@ -303,6 +312,19 @@ func AssuredWorkloadsWorkloadResourceSettingsSchema() *schema.Resource {
}
}

func AssuredWorkloadsWorkloadWorkloadOptionsSchema() *schema.Resource {
return &schema.Resource{
Schema: map[string]*schema.Schema{
"kaj_enrollment_type": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: "Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF",
},
},
}
}

func AssuredWorkloadsWorkloadComplianceStatusSchema() *schema.Resource {
return &schema.Resource{
Schema: map[string]*schema.Schema{
Expand Down Expand Up @@ -402,6 +424,7 @@ func resourceAssuredWorkloadsWorkloadCreate(d *schema.ResourceData, meta interfa
ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)),
ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")),
ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)),
WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")),
}

id, err := obj.ID()
Expand Down Expand Up @@ -470,6 +493,7 @@ func resourceAssuredWorkloadsWorkloadRead(d *schema.ResourceData, meta interface
ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)),
ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")),
ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)),
WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")),
Name: dcl.StringOrNil(d.Get("name").(string)),
}

Expand Down Expand Up @@ -537,6 +561,9 @@ func resourceAssuredWorkloadsWorkloadRead(d *schema.ResourceData, meta interface
if err = d.Set("violation_notifications_enabled", res.ViolationNotificationsEnabled); err != nil {
return fmt.Errorf("error setting violation_notifications_enabled in state: %s", err)
}
if err = d.Set("workload_options", flattenAssuredWorkloadsWorkloadWorkloadOptions(res.WorkloadOptions)); err != nil {
return fmt.Errorf("error setting workload_options in state: %s", err)
}
if err = d.Set("compliance_status", flattenAssuredWorkloadsWorkloadComplianceStatus(res.ComplianceStatus)); err != nil {
return fmt.Errorf("error setting compliance_status in state: %s", err)
}
Expand Down Expand Up @@ -588,6 +615,7 @@ func resourceAssuredWorkloadsWorkloadUpdate(d *schema.ResourceData, meta interfa
ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)),
ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")),
ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)),
WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")),
Name: dcl.StringOrNil(d.Get("name").(string)),
}
// Construct state hint from old values
Expand All @@ -606,6 +634,7 @@ func resourceAssuredWorkloadsWorkloadUpdate(d *schema.ResourceData, meta interfa
ProvisionedResourcesParent: dcl.String(tpgdclresource.OldValue(d.GetChange("provisioned_resources_parent")).(string)),
ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(tpgdclresource.OldValue(d.GetChange("resource_settings"))),
ViolationNotificationsEnabled: dcl.Bool(tpgdclresource.OldValue(d.GetChange("violation_notifications_enabled")).(bool)),
WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(tpgdclresource.OldValue(d.GetChange("workload_options"))),
Name: dcl.StringOrNil(tpgdclresource.OldValue(d.GetChange("name")).(string)),
}
directive := tpgdclresource.UpdateDirective
Expand Down Expand Up @@ -660,6 +689,7 @@ func resourceAssuredWorkloadsWorkloadDelete(d *schema.ResourceData, meta interfa
ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)),
ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")),
ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)),
WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")),
Name: dcl.StringOrNil(d.Get("name").(string)),
}

Expand Down Expand Up @@ -825,6 +855,32 @@ func flattenAssuredWorkloadsWorkloadResourceSettings(obj *assuredworkloads.Workl

}

func expandAssuredWorkloadsWorkloadWorkloadOptions(o interface{}) *assuredworkloads.WorkloadWorkloadOptions {
if o == nil {
return assuredworkloads.EmptyWorkloadWorkloadOptions
}
objArr := o.([]interface{})
if len(objArr) == 0 || objArr[0] == nil {
return assuredworkloads.EmptyWorkloadWorkloadOptions
}
obj := objArr[0].(map[string]interface{})
return &assuredworkloads.WorkloadWorkloadOptions{
KajEnrollmentType: assuredworkloads.WorkloadWorkloadOptionsKajEnrollmentTypeEnumRef(obj["kaj_enrollment_type"].(string)),
}
}

func flattenAssuredWorkloadsWorkloadWorkloadOptions(obj *assuredworkloads.WorkloadWorkloadOptions) interface{} {
if obj == nil || obj.Empty() {
return nil
}
transformed := map[string]interface{}{
"kaj_enrollment_type": obj.KajEnrollmentType,
}

return []interface{}{transformed}

}

func flattenAssuredWorkloadsWorkloadComplianceStatus(obj *assuredworkloads.WorkloadComplianceStatus) interface{} {
if obj == nil || obj.Empty() {
return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func TestAccAssuredWorkloadsWorkload_BasicHandWritten(t *testing.T) {
ResourceName: "google_assured_workloads_workload.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
},
{
Config: testAccAssuredWorkloadsWorkload_BasicHandWrittenUpdate0(context),
Expand All @@ -64,7 +64,7 @@ func TestAccAssuredWorkloadsWorkload_BasicHandWritten(t *testing.T) {
ResourceName: "google_assured_workloads_workload.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
},
},
})
Expand All @@ -91,7 +91,7 @@ func TestAccAssuredWorkloadsWorkload_FullHandWritten(t *testing.T) {
ResourceName: "google_assured_workloads_workload.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"},
},
},
})
Expand All @@ -109,6 +109,9 @@ resource "google_assured_workloads_workload" "primary" {
provisioned_resources_parent = google_folder.folder1.name
organization = "%{org_id}"
location = "us-central1"
workload_options {
kaj_enrollment_type = "KEY_ACCESS_TRANSPARENCY_OFF"
}
resource_settings {
resource_type = "CONSUMER_FOLDER"
display_name = "folder-display-name"
Expand Down
14 changes: 14 additions & 0 deletions website/docs/r/assured_workloads_workload.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@ resource "google_assured_workloads_workload" "primary" {
violation_notifications_enabled = true
workload_options {
kaj_enrollment_type = "KEY_ACCESS_TRANSPARENCY_OFF"
}
labels = {
label-one = "value-one"
}
Expand Down Expand Up @@ -207,6 +211,10 @@ Please refer to the field `effective_labels` for all of the labels present on th
(Optional)
Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.

* `workload_options` -
(Optional)
Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.



The `kms_settings` block supports:
Expand Down Expand Up @@ -247,6 +255,12 @@ The `resource_settings` block supports:
(Optional)
Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

The `workload_options` block supports:

* `kaj_enrollment_type` -
(Optional)
Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:
Expand Down

0 comments on commit 050580a

Please sign in to comment.