Skip to content

Commit

Permalink
Data Sources for KMS Key Ring and Key (#2891)
Browse files Browse the repository at this point in the history
<!-- This change is generated by MagicModules. -->
/cc @kierachell
  • Loading branch information
modular-magician authored and chrisst committed Jan 18, 2019
1 parent b2142b4 commit 30fe927
Show file tree
Hide file tree
Showing 10 changed files with 270 additions and 8 deletions.
35 changes: 35 additions & 0 deletions google/data_source_google_kms_crypto_key.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package google

import (
"github.com/hashicorp/terraform/helper/schema"
)

func dataSourceGoogleKmsCryptoKey() *schema.Resource {
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsCryptoKey().Schema)
addRequiredFieldsToSchema(dsSchema, "name")
addRequiredFieldsToSchema(dsSchema, "key_ring")

return &schema.Resource{
Read: dataSourceGoogleKmsCryptoKeyRead,
Schema: dsSchema,
}

}

func dataSourceGoogleKmsCryptoKeyRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)

keyRingId, err := parseKmsKeyRingId(d.Get("key_ring").(string), config)
if err != nil {
return err
}

cryptoKeyId := kmsCryptoKeyId{
KeyRingId: *keyRingId,
Name: d.Get("name").(string),
}

d.SetId(cryptoKeyId.cryptoKeyId())

return resourceKmsCryptoKeyRead(d, meta)
}
43 changes: 43 additions & 0 deletions google/data_source_google_kms_crypto_key_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package google

import (
"fmt"
"regexp"
"strings"
"testing"

"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataSourceGoogleKmsCryptoKey_basic(t *testing.T) {
kms := BootstrapKMSKey(t)

// Name in the KMS client is in the format projects/<project>/locations/<location>/keyRings/<keyRingName>/cryptoKeys/<keyId>
keyParts := strings.Split(kms.CryptoKey.Name, "/")
cryptoKeyId := keyParts[len(keyParts)-1]

fmt.Println(testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId))

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceGoogleKmsCryptoKey_basic(kms.KeyRing.Name, cryptoKeyId),
Check: resource.TestMatchResourceAttr("data.google_kms_crypto_key.kms_crypto_key", "self_link", regexp.MustCompile(kms.CryptoKey.Name)),
},
},
})
}

/*
This test should run in its own project, because KMS key rings and crypto keys are not deletable
*/
func testAccDataSourceGoogleKmsCryptoKey_basic(keyRingName, cryptoKeyName string) string {
return fmt.Sprintf(`
data "google_kms_crypto_key" "kms_crypto_key" {
key_ring = "%s"
name = "%s"
}
`, keyRingName, cryptoKeyName)
}
35 changes: 35 additions & 0 deletions google/data_source_google_kms_key_ring.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package google

import (
"github.com/hashicorp/terraform/helper/schema"
)

func dataSourceGoogleKmsKeyRing() *schema.Resource {
dsSchema := datasourceSchemaFromResourceSchema(resourceKmsKeyRing().Schema)
addRequiredFieldsToSchema(dsSchema, "name")
addRequiredFieldsToSchema(dsSchema, "location")
addOptionalFieldsToSchema(dsSchema, "project")

return &schema.Resource{
Read: dataSourceGoogleKmsKeyRingRead,
Schema: dsSchema,
}
}

func dataSourceGoogleKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)

project, err := getProject(d, config)
if err != nil {
return err
}

keyRingId := kmsKeyRingId{
Name: d.Get("name").(string),
Location: d.Get("location").(string),
Project: project,
}
d.SetId(keyRingId.terraformId())

return resourceKmsKeyRingRead(d, meta)
}
41 changes: 41 additions & 0 deletions google/data_source_google_kms_key_ring_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
package google

import (
"fmt"
"regexp"
"strings"
"testing"

"github.com/hashicorp/terraform/helper/resource"
)

func TestAccDataSourceGoogleKmsKeyRing_basic(t *testing.T) {
kms := BootstrapKMSKey(t)

keyParts := strings.Split(kms.KeyRing.Name, "/")
keyRingId := keyParts[len(keyParts)-1]

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccDataSourceGoogleKmsKeyRing_basic(keyRingId),
Check: resource.TestMatchResourceAttr("data.google_kms_key_ring.kms_key_ring", "self_link", regexp.MustCompile(kms.KeyRing.Name)),
},
},
})
}

/*
This test should run in its own project, because keys and key rings are not deletable
*/
func testAccDataSourceGoogleKmsKeyRing_basic(keyRingName string) string {
return fmt.Sprintf(`
data "google_kms_key_ring" "kms_key_ring" {
name = "%s"
location = "global"
}
`, keyRingName)
}
2 changes: 2 additions & 0 deletions google/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ func Provider() terraform.ResourceProvider {
"google_iam_policy": dataSourceGoogleIamPolicy(),
"google_iam_role": dataSourceGoogleIamRole(),
"google_kms_secret": dataSourceGoogleKmsSecret(),
"google_kms_key_ring": dataSourceGoogleKmsKeyRing(),
"google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(),
"google_folder": dataSourceGoogleFolder(),
"google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(),
"google_organization": dataSourceGoogleOrganization(),
Expand Down
52 changes: 52 additions & 0 deletions website/docs/d/google_kms_crypto_key.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
layout: "google"
page_title: "Google: google_kms_crypto_key"
sidebar_current: "docs-google-datasource-kms-crypto-key"
description: |-
Provides access to KMS key data with Google Cloud KMS.
---

# google\_kms\_crypto\_key

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
Google Cloud KMS KeyRing.

## Example Usage

```hcl
data "google_kms_key_ring" "my_key_ring" {
name = "my-key-ring"
location = "us-central1"
}
data "google_kms_crypto_key" "my_crypto_key" {
name = "my-crypto-key"
key_ring = "${data.google_kms_key_ring.my_key_ring.self_link}"
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required) The CryptoKey's name.
A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`

* `key_ring` - (Required) The `self_link` of the Google Cloud Platform KeyRing to which the key belongs.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
exported:

* `rotation_period` - Every time this period passes, generate a new CryptoKeyVersion and set it as
the primary. The first rotation will take place after the specified period. The rotation period has the format
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

* `self_link` - The self link of the created CryptoKey. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}`.

48 changes: 48 additions & 0 deletions website/docs/d/google_kms_key_ring.html.markdown
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---
layout: "google"
page_title: "Google: google_kms_key_ring"
sidebar_current: "docs-google-datasource-kms-key-ring"
description: |-
Provides access to KMS key ring data with Google Cloud KMS.
---

# google\_kms\_key\_ring

Provides access to Google Cloud Platform KMS KeyRing. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project
and resides in a specific location.

## Example Usage

```hcl
data "google_kms_key_ring" "my_key_ring" {
name = "my-key-ring"
location = "us-central1"
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required) The KeyRing's name.
A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`

* `location` - (Required) The Google Cloud Platform location for the KeyRing.
A full list of valid locations can be found by running `gcloud kms locations list`.

- - -

* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
exported:

* `self_link` - The self link of the created KeyRing. Its format is `projects/{projectId}/locations/{location}/keyRings/{keyRingName}`.
4 changes: 2 additions & 2 deletions website/docs/r/google_kms_crypto_key.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ description: |-
# google\_kms\_crypto\_key

Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#cryptokey)
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).

Expand Down Expand Up @@ -59,7 +59,7 @@ The following arguments are supported:
the primary. The first rotation will take place after the specified period. The rotation period has the format
of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
a day (ie, 86400).

* `version_template` - (Optional) A template describing settings for new crypto key versions. Structure is documented below.

---
Expand Down
4 changes: 2 additions & 2 deletions website/docs/r/google_kms_key_ring.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ description: |-
# google\_kms\_key\_ring

Allows creation of a Google Cloud Platform KMS KeyRing. For more information see
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#keyring)
and
[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
and
[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project
Expand Down
14 changes: 10 additions & 4 deletions website/google.erb
Original file line number Diff line number Diff line change
Expand Up @@ -112,13 +112,19 @@
<a href="/docs/providers/google/d/google_folder.html">google_folder</a>
</li>
<li<%= sidebar_current("docs-google-datasource-iam-policy") %>>
<a href="/docs/providers/google/d/google_iam_policy.html">google_iam_policy</a>
<a href="/docs/providers/google/d/google_iam_policy.html">google_iam_policy</a>
</li>
<li<%= sidebar_current("docs-google-datasource-iam-role") %>>
<a href="/docs/providers/google/d/datasource_google_iam_role.html">google_iam_role</a>
</li>
<li<%= sidebar_current("docs-google-datasource-kms-key-ring") %>>
<a href="/docs/providers/google/d/google_kms_key_ring.html">google_kms_key_ring</a>
</li>
<li<%= sidebar_current("docs-google-datasource-kms-crypto-key") %>>
<a href="/docs/providers/google/d/google_kms_crypto_key.html">google_kms_crypto_key</a>
</li>
<li<%= sidebar_current("docs-google-kms-secret") %>>
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
<a href="/docs/providers/google/d/google_kms_secret.html">google_kms_secret</a>
</li>
<li<%= sidebar_current("docs-google-datasource-netblock-ip-ranges") %>>
<a href="/docs/providers/google/d/datasource_google_netblock_ip_ranges.html">google_netblock_ip_ranges</a>
Expand All @@ -127,10 +133,10 @@
<a href="/docs/providers/google/d/google_organization.html">google_organization</a>
</li>
<li<%= sidebar_current("docs-google-datasource-project") %>>
<a href="/docs/providers/google/d/google_project.html">google_project</a>
<a href="/docs/providers/google/d/google_project.html">google_project</a>
</li>
<li<%= sidebar_current("docs-google-datasource-service-account") %>>
<a href="/docs/providers/google/d/datasource_google_service_account.html">google_service_account</a>
<a href="/docs/providers/google/d/datasource_google_service_account.html">google_service_account</a>
</li>
<li<%= sidebar_current("docs-google-datasource-service-account-key") %>>
<a href="/docs/providers/google/d/datasource_google_service_account_key.html">google_service_account_key</a>
Expand Down

0 comments on commit 30fe927

Please sign in to comment.