Adds support for creating KMS KeyRing resources

google/config.go

@@ -18,6 +18,7 @@ import (
 	"golang.org/x/oauth2/jwt"
 	"google.golang.org/api/bigquery/v2"
 	"google.golang.org/api/cloudbilling/v1"
+	"google.golang.org/api/cloudkms/v1"
 	"google.golang.org/api/cloudresourcemanager/v1"
 	resourceManagerV2Beta1 "google.golang.org/api/cloudresourcemanager/v2beta1"
 	computeBeta "google.golang.org/api/compute/v0.beta"
@@ -47,6 +48,7 @@ type Config struct {
 	clientComputeBeta            *computeBeta.Service
 	clientContainer              *container.Service
 	clientDns                    *dns.Service
+	clientKms                    *cloudkms.Service
 	clientLogging                *cloudlogging.Service
 	clientPubsub                 *pubsub.Service
 	clientResourceManager        *cloudresourcemanager.Service
@@ -155,6 +157,13 @@ func (c *Config) loadAndValidate() error {
 	}
 	c.clientDns.UserAgent = userAgent
 
+	log.Printf("[INFO] Instantiating Google Cloud KMS Client...")
+	c.clientKms, err = cloudkms.New(client)
+	if err != nil {
+		return err
+	}
+	c.clientKms.UserAgent = userAgent
+
 	log.Printf("[INFO] Instantiating Google Stackdriver Logging client...")
 	c.clientLogging, err = cloudlogging.New(client)
 	if err != nil {

google/import_kms_key_ring_test.go

@@ -0,0 +1,42 @@
+package google
+
+import (
+	"testing"
+
+	"fmt"
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"os"
+)
+
+func TestAccGoogleKmsKeyRing_importBasic(t *testing.T) {
+	skipIfEnvNotSet(t,
+		[]string{
+			"GOOGLE_ORG",
+			"GOOGLE_BILLING_ACCOUNT",
+		}...,
+	)
+
+	resourceName := "google_kms_key_ring.key_ring"
+
+	projectId := "terraform-" + acctest.RandString(10)
+	projectOrg := os.Getenv("GOOGLE_ORG")
+	projectBillingAccount := os.Getenv("GOOGLE_BILLING_ACCOUNT")
+	keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testGoogleKmsKeyRing_basic(projectId, projectOrg, projectBillingAccount, keyRingName),
+			},
+
+			resource.TestStep{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}

google/provider.go

@@ -116,6 +116,7 @@ func Provider() terraform.ResourceProvider {
 			"google_logging_billing_account_sink":          resourceLoggingBillingAccountSink(),
 			"google_logging_folder_sink":                   resourceLoggingFolderSink(),
 			"google_logging_project_sink":                  resourceLoggingProjectSink(),
+			"google_kms_key_ring":                          resourceKmsKeyRing(),
 			"google_sourcerepo_repository":                 resourceSourceRepoRepository(),
 			"google_spanner_instance":                      resourceSpannerInstance(),
 			"google_spanner_database":                      resourceSpannerDatabase(),

google/resource_kms_key_ring.go

@@ -0,0 +1,172 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/cloudkms/v1"
+	"log"
+	"regexp"
+	"strings"
+)
+
+func resourceKmsKeyRing() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceKmsKeyRingCreate,
+		Read:   resourceKmsKeyRingRead,
+		Delete: resourceKmsKeyRingDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceKmsKeyRingImportState,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"name": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"location": &schema.Schema{
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"project": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+type kmsKeyRingId struct {
+	Project  string
+	Location string
+	Name     string
+}
+
+func (s *kmsKeyRingId) keyRingId() string {
+	return fmt.Sprintf("projects/%s/locations/%s/keyRings/%s", s.Project, s.Location, s.Name)
+}
+
+func (s *kmsKeyRingId) parentId() string {
+	return fmt.Sprintf("projects/%s/locations/%s", s.Project, s.Location)
+}
+
+func (s *kmsKeyRingId) terraformId() string {
+	return fmt.Sprintf("%s/%s/%s", s.Project, s.Location, s.Name)
+}
+
+func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	project, err := getProject(d, config)
+	if err != nil {
+		return err
+	}
+
+	keyRingId := &kmsKeyRingId{
+		Project:  project,
+		Location: d.Get("location").(string),
+		Name:     d.Get("name").(string),
+	}
+
+	keyRing, err := config.clientKms.Projects.Locations.KeyRings.Create(keyRingId.parentId(), &cloudkms.KeyRing{}).KeyRingId(keyRingId.Name).Do()
+
+	if err != nil {
+		return fmt.Errorf("Error creating KeyRing: %s", err)
+	}
+
+	log.Printf("[DEBUG] Created KeyRing %s", keyRing.Name)
+
+	d.SetId(keyRingId.terraformId())
+
+	return resourceKmsKeyRingRead(d, meta)
+}
+
+func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	keyRingId, err := parseKmsKeyRingId(d.Id(), config)
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingId.keyRingId())
+
+	_, err = config.clientKms.Projects.Locations.KeyRings.Get(keyRingId.keyRingId()).Do()
+
+	if err != nil {
+		return fmt.Errorf("Error reading KeyRing: %s", err)
+	}
+
+	return nil
+}
+
+/*
+	Because KMS KeyRing resources cannot be deleted on GCP, we are only going to remove it from state.
+	Re-creation of this resource through Terraform will produce an error.
+*/
+
+func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	keyRingId, err := parseKmsKeyRingId(d.Id(), config)
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[WARNING] KMS KeyRing resources cannot be deleted from GCP. This KeyRing %s will be removed from Terraform state, but will still be present on the server.", keyRingId.keyRingId())
+
+	d.SetId("")
+
+	return nil
+}
+
+func parseKmsKeyRingId(id string, config *Config) (*kmsKeyRingId, error) {
+	parts := strings.Split(id, "/")
+
+	keyRingIdRegex := regexp.MustCompile("^([a-z0-9-]+)/([a-z0-9-])+/([a-zA-Z0-9_-]{1,63})$")
+	keyRingIdWithoutProjectRegex := regexp.MustCompile("^([a-z0-9-])+/([a-zA-Z0-9_-]{1,63})$")
+
+	if keyRingIdRegex.MatchString(id) {
+		return &kmsKeyRingId{
+			Project:  parts[0],
+			Location: parts[1],
+			Name:     parts[2],
+		}, nil
+	}
+
+	if keyRingIdWithoutProjectRegex.MatchString(id) {
+		if config.Project == "" {
+			return nil, fmt.Errorf("The default project for the provider must be set when using the `{location}/{keyRingName}` id format.")
+		}
+
+		return &kmsKeyRingId{
+			Project:  config.Project,
+			Location: parts[0],
+			Name:     parts[1],
+		}, nil
+	}
+
+	return nil, fmt.Errorf("Invalid KeyRing id format, expecting `{projectId}/{locationId}/{keyRingName}` or `{locationId}/{keyRingName}.`")
+}
+
+func resourceKmsKeyRingImportState(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*Config)
+
+	keyRingId, err := parseKmsKeyRingId(d.Id(), config)
+	if err != nil {
+		return nil, err
+	}
+
+	d.Set("name", keyRingId.Name)
+	d.Set("location", keyRingId.Location)
+
+	if config.Project != keyRingId.Project {
+		d.Set("project", keyRingId.Project)
+	}
+
+	d.SetId(keyRingId.terraformId())
+
+	return []*schema.ResourceData{d}, nil
+}