From 050580aa9e110c8cad26c59080172290bb61d9af Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Wed, 23 Oct 2024 17:07:18 +0000 Subject: [PATCH] Upgrade DCL to 1.75.0 (#12046) [upstream:7c1c0c38f84ec0a7447dbecc280b0e017a8495d2] Signed-off-by: Modular Magician --- .changelog/12046.txt | 3 + go.mod | 2 +- go.sum | 4 +- .../resource_assured_workloads_workload.go | 56 +++++++++++++++++++ ...sured_workloads_workload_generated_test.go | 9 ++- .../assured_workloads_workload.html.markdown | 14 +++++ 6 files changed, 82 insertions(+), 6 deletions(-) create mode 100644 .changelog/12046.txt diff --git a/.changelog/12046.txt b/.changelog/12046.txt new file mode 100644 index 00000000000..f8dc4696ffc --- /dev/null +++ b/.changelog/12046.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +assuredworkloads: added `workload_options` field to `google_assured_workloads_workload` resource +``` \ No newline at end of file diff --git a/go.mod b/go.mod index 63a9b05595b..a1f5c67209c 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( cloud.google.com/go/bigtable v1.33.0 - github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0 + github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0 github.com/apparentlymart/go-cidr v1.1.0 github.com/davecgh/go-spew v1.1.1 github.com/dnaeon/go-vcr v1.0.1 diff --git a/go.sum b/go.sum index 57e82021318..935dcda0074 100644 --- a/go.sum +++ b/go.sum @@ -36,8 +36,6 @@ cloud.google.com/go/monitoring v1.21.0/go.mod h1:tuJ+KNDdJbetSsbSGTqnaBvbauS5kr3 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0 h1:YV3eTXgDw3Zp8Mc12WE2Aa3+22twNd07xkFkEODrlOQ= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.74.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= @@ -478,3 +476,5 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0 h1:7tFkHNjfjm7dYnjqyuzMon+31lPaMTjca3OuamWd0Oo= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.75.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= diff --git a/google/services/assuredworkloads/resource_assured_workloads_workload.go b/google/services/assuredworkloads/resource_assured_workloads_workload.go index 545169405b4..8443b2c0a8d 100644 --- a/google/services/assuredworkloads/resource_assured_workloads_workload.go +++ b/google/services/assuredworkloads/resource_assured_workloads_workload.go @@ -160,6 +160,15 @@ func ResourceAssuredWorkloadsWorkload() *schema.Resource { Description: "Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.", }, + "workload_options": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Description: "Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads.", + MaxItems: 1, + Elem: AssuredWorkloadsWorkloadWorkloadOptionsSchema(), + }, + "compliance_status": { Type: schema.TypeList, Computed: true, @@ -303,6 +312,19 @@ func AssuredWorkloadsWorkloadResourceSettingsSchema() *schema.Resource { } } +func AssuredWorkloadsWorkloadWorkloadOptionsSchema() *schema.Resource { + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "kaj_enrollment_type": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF", + }, + }, + } +} + func AssuredWorkloadsWorkloadComplianceStatusSchema() *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -402,6 +424,7 @@ func resourceAssuredWorkloadsWorkloadCreate(d *schema.ResourceData, meta interfa ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)), ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")), ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)), + WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")), } id, err := obj.ID() @@ -470,6 +493,7 @@ func resourceAssuredWorkloadsWorkloadRead(d *schema.ResourceData, meta interface ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)), ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")), ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)), + WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")), Name: dcl.StringOrNil(d.Get("name").(string)), } @@ -537,6 +561,9 @@ func resourceAssuredWorkloadsWorkloadRead(d *schema.ResourceData, meta interface if err = d.Set("violation_notifications_enabled", res.ViolationNotificationsEnabled); err != nil { return fmt.Errorf("error setting violation_notifications_enabled in state: %s", err) } + if err = d.Set("workload_options", flattenAssuredWorkloadsWorkloadWorkloadOptions(res.WorkloadOptions)); err != nil { + return fmt.Errorf("error setting workload_options in state: %s", err) + } if err = d.Set("compliance_status", flattenAssuredWorkloadsWorkloadComplianceStatus(res.ComplianceStatus)); err != nil { return fmt.Errorf("error setting compliance_status in state: %s", err) } @@ -588,6 +615,7 @@ func resourceAssuredWorkloadsWorkloadUpdate(d *schema.ResourceData, meta interfa ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)), ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")), ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)), + WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")), Name: dcl.StringOrNil(d.Get("name").(string)), } // Construct state hint from old values @@ -606,6 +634,7 @@ func resourceAssuredWorkloadsWorkloadUpdate(d *schema.ResourceData, meta interfa ProvisionedResourcesParent: dcl.String(tpgdclresource.OldValue(d.GetChange("provisioned_resources_parent")).(string)), ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(tpgdclresource.OldValue(d.GetChange("resource_settings"))), ViolationNotificationsEnabled: dcl.Bool(tpgdclresource.OldValue(d.GetChange("violation_notifications_enabled")).(bool)), + WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(tpgdclresource.OldValue(d.GetChange("workload_options"))), Name: dcl.StringOrNil(tpgdclresource.OldValue(d.GetChange("name")).(string)), } directive := tpgdclresource.UpdateDirective @@ -660,6 +689,7 @@ func resourceAssuredWorkloadsWorkloadDelete(d *schema.ResourceData, meta interfa ProvisionedResourcesParent: dcl.String(d.Get("provisioned_resources_parent").(string)), ResourceSettings: expandAssuredWorkloadsWorkloadResourceSettingsArray(d.Get("resource_settings")), ViolationNotificationsEnabled: dcl.Bool(d.Get("violation_notifications_enabled").(bool)), + WorkloadOptions: expandAssuredWorkloadsWorkloadWorkloadOptions(d.Get("workload_options")), Name: dcl.StringOrNil(d.Get("name").(string)), } @@ -825,6 +855,32 @@ func flattenAssuredWorkloadsWorkloadResourceSettings(obj *assuredworkloads.Workl } +func expandAssuredWorkloadsWorkloadWorkloadOptions(o interface{}) *assuredworkloads.WorkloadWorkloadOptions { + if o == nil { + return assuredworkloads.EmptyWorkloadWorkloadOptions + } + objArr := o.([]interface{}) + if len(objArr) == 0 || objArr[0] == nil { + return assuredworkloads.EmptyWorkloadWorkloadOptions + } + obj := objArr[0].(map[string]interface{}) + return &assuredworkloads.WorkloadWorkloadOptions{ + KajEnrollmentType: assuredworkloads.WorkloadWorkloadOptionsKajEnrollmentTypeEnumRef(obj["kaj_enrollment_type"].(string)), + } +} + +func flattenAssuredWorkloadsWorkloadWorkloadOptions(obj *assuredworkloads.WorkloadWorkloadOptions) interface{} { + if obj == nil || obj.Empty() { + return nil + } + transformed := map[string]interface{}{ + "kaj_enrollment_type": obj.KajEnrollmentType, + } + + return []interface{}{transformed} + +} + func flattenAssuredWorkloadsWorkloadComplianceStatus(obj *assuredworkloads.WorkloadComplianceStatus) interface{} { if obj == nil || obj.Empty() { return nil diff --git a/google/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go b/google/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go index f71b27eef9a..9ad70c3a3e2 100644 --- a/google/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go +++ b/google/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go @@ -55,7 +55,7 @@ func TestAccAssuredWorkloadsWorkload_BasicHandWritten(t *testing.T) { ResourceName: "google_assured_workloads_workload.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, + ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, }, { Config: testAccAssuredWorkloadsWorkload_BasicHandWrittenUpdate0(context), @@ -64,7 +64,7 @@ func TestAccAssuredWorkloadsWorkload_BasicHandWritten(t *testing.T) { ResourceName: "google_assured_workloads_workload.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, + ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, }, }, }) @@ -91,7 +91,7 @@ func TestAccAssuredWorkloadsWorkload_FullHandWritten(t *testing.T) { ResourceName: "google_assured_workloads_workload.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, + ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "workload_options", "provisioned_resources_parent", "partner_services_billing_account", "labels", "terraform_labels"}, }, }, }) @@ -109,6 +109,9 @@ resource "google_assured_workloads_workload" "primary" { provisioned_resources_parent = google_folder.folder1.name organization = "%{org_id}" location = "us-central1" + workload_options { + kaj_enrollment_type = "KEY_ACCESS_TRANSPARENCY_OFF" + } resource_settings { resource_type = "CONSUMER_FOLDER" display_name = "folder-display-name" diff --git a/website/docs/r/assured_workloads_workload.html.markdown b/website/docs/r/assured_workloads_workload.html.markdown index a954c56de52..29ab577e548 100644 --- a/website/docs/r/assured_workloads_workload.html.markdown +++ b/website/docs/r/assured_workloads_workload.html.markdown @@ -55,6 +55,10 @@ resource "google_assured_workloads_workload" "primary" { violation_notifications_enabled = true + workload_options { + kaj_enrollment_type = "KEY_ACCESS_TRANSPARENCY_OFF" + } + labels = { label-one = "value-one" } @@ -207,6 +211,10 @@ Please refer to the field `effective_labels` for all of the labels present on th (Optional) Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. +* `workload_options` - + (Optional) + Optional. Used to specify certain options for a workload during workload creation - currently only supporting KAT Optionality for Regional Controls workloads. + The `kms_settings` block supports: @@ -247,6 +255,12 @@ The `resource_settings` block supports: (Optional) Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER +The `workload_options` block supports: + +* `kaj_enrollment_type` - + (Optional) + Indicates type of KAJ enrollment for the workload. Currently, only specifiying KEY_ACCESS_TRANSPARENCY_OFF is implemented to not enroll in KAT-level KAJ enrollment for Regional Controls workloads. Possible values: KAJ_ENROLLMENT_TYPE_UNSPECIFIED, FULL_KAJ, EKM_ONLY, KEY_ACCESS_TRANSPARENCY_OFF + ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: