diff --git a/.changelog/11419.txt b/.changelog/11419.txt new file mode 100644 index 00000000000..5fb9602761b --- /dev/null +++ b/.changelog/11419.txt @@ -0,0 +1,3 @@ +```release-note:bug +kms: restrict beta-only field test to beta environment +``` \ No newline at end of file diff --git a/google/services/kms/resource_kms_crypto_key_test.go b/google/services/kms/resource_kms_crypto_key_test.go index d30faaa2dea..0f1b41f8158 100644 --- a/google/services/kms/resource_kms_crypto_key_test.go +++ b/google/services/kms/resource_kms_crypto_key_test.go @@ -319,53 +319,6 @@ func TestAccKmsCryptoKey_destroyDuration(t *testing.T) { }) } -func TestAccKmsCryptoKey_keyAccessJustificationsPolicy(t *testing.T) { - t.Parallel() - - projectId := fmt.Sprintf("tf-test-%d", acctest.RandInt(t)) - projectOrg := envvar.GetTestOrgFromEnv(t) - location := envvar.GetTestRegionFromEnv() - projectBillingAccount := envvar.GetTestBillingAccountFromEnv(t) - keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) - cryptoKeyName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) - allowedAccessReason := "CUSTOMER_INITIATED_SUPPORT" - updatedAllowedAccessReason := "GOOGLE_INITIATED_SERVICE" - - acctest.VcrTest(t, resource.TestCase{ - PreCheck: func() { acctest.AccTestPreCheck(t) }, - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), - Steps: []resource.TestStep{ - { - Config: testGoogleKmsCryptoKey_keyAccessJustificationsPolicy(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, allowedAccessReason), - }, - { - ResourceName: "google_kms_crypto_key.crypto_key", - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, - }, - { - Config: testGoogleKmsCryptoKey_keyAccessJustificationsPolicy(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, updatedAllowedAccessReason), - }, - { - ResourceName: "google_kms_crypto_key.crypto_key", - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, - }, - // Use a separate TestStep rather than a CheckDestroy because we need the project to still exist. - { - Config: testGoogleKmsCryptoKey_removed(projectId, projectOrg, projectBillingAccount, keyRingName), - Check: resource.ComposeTestCheckFunc( - testAccCheckGoogleKmsCryptoKeyWasRemovedFromState("google_kms_crypto_key.crypto_key"), - testAccCheckGoogleKmsCryptoKeyVersionsDestroyed(t, projectId, location, keyRingName, cryptoKeyName), - testAccCheckGoogleKmsCryptoKeyRotationDisabled(t, projectId, location, keyRingName, cryptoKeyName), - ), - }, - }, - }) -} - func TestAccKmsCryptoKey_importOnly(t *testing.T) { t.Parallel() @@ -838,39 +791,6 @@ resource "google_kms_crypto_key" "crypto_key" { `, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName) } -func testGoogleKmsCryptoKey_keyAccessJustificationsPolicy(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, allowed_access_reason string) string { - return fmt.Sprintf(` -resource "google_project" "acceptance" { - name = "%s" - project_id = "%s" - org_id = "%s" - billing_account = "%s" -} - -resource "google_project_service" "acceptance" { - project = google_project.acceptance.project_id - service = "cloudkms.googleapis.com" -} - -resource "google_kms_key_ring" "key_ring" { - project = google_project_service.acceptance.project - name = "%s" - location = "us-central1" -} - -resource "google_kms_crypto_key" "crypto_key" { - name = "%s" - key_ring = google_kms_key_ring.key_ring.id - labels = { - key = "value" - } - key_access_justifications_policy { - allowed_access_reasons = ["%s"] - } -} -`, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName, allowed_access_reason) -} - func testGoogleKmsCryptoKey_importOnly(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName string) string { return fmt.Sprintf(` resource "google_project" "acceptance" {