-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds support for creating KMS KeyRing resources #518
Changes from 6 commits
ab18653
d18db25
946eef1
7afead9
b491ad0
0ce76d7
34e5b64
7536f92
5b815d7
bc9527f
1248ab8
e3de446
d6cb880
9d7ff51
c524051
5a7b690
33b74c0
5c49d08
775d43f
23500d0
b8d0dbe
c4317ab
c2106a9
27fc744
a2c3363
82f4785
6e2a6c0
2120b47
65cbadc
024b45b
2791c74
248d518
3fbf0bb
6dc9035
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package google | ||
|
||
import ( | ||
"fmt" | ||
"github.com/hashicorp/terraform/helper/schema" | ||
"google.golang.org/api/cloudkms/v1" | ||
"log" | ||
) | ||
|
||
func resourceKmsKeyRing() *schema.Resource { | ||
return &schema.Resource{ | ||
Create: resourceKmsKeyRingCreate, | ||
Read: resourceKmsKeyRingRead, | ||
Delete: resourceKmsKeyRingDelete, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"name": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
"location": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Required: true, | ||
ForceNew: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func createKmsResourceParentString(project, location string) string { | ||
return fmt.Sprintf("projects/%s/locations/%s", project, location) | ||
} | ||
|
||
func createKmsResourceKeyRingName(project, location, keyRingName string) string { | ||
return fmt.Sprintf("%s/keyRings/%s", createKmsResourceParentString(project, location), keyRingName) | ||
} | ||
|
||
func resourceKmsKeyRingCreate(d *schema.ResourceData, meta interface{}) error { | ||
config := meta.(*Config) | ||
|
||
project, err := getProject(d, config) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
name := d.Get("name").(string) | ||
location := d.Get("location").(string) | ||
|
||
parent := createKmsResourceParentString(project, location) | ||
|
||
_, err = config.clientKms.Projects.Locations.KeyRings. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. style nit: for consistency with other resources, I'd recommend either not breaking at all or breaking after There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, I'm not sure what you mean by this. Could you give me another resource to look at as an example? |
||
Create(parent, &cloudkms.KeyRing{}). | ||
KeyRingId(name). | ||
Do() | ||
|
||
if err != nil { | ||
return fmt.Errorf("Error creating KeyRing: %s", err) | ||
} | ||
|
||
keyRingName := createKmsResourceKeyRingName(project, location, name) | ||
|
||
d.SetId(keyRingName) | ||
|
||
return resourceKmsKeyRingRead(d, meta) | ||
} | ||
|
||
func resourceKmsKeyRingRead(d *schema.ResourceData, meta interface{}) error { | ||
config := meta.(*Config) | ||
|
||
keyRingName := d.Id() | ||
|
||
log.Printf("[DEBUG] Executing read for KMS KeyRing %s", keyRingName) | ||
|
||
keyRing, err := config.clientKms.Projects.Locations.KeyRings. | ||
Get(keyRingName). | ||
Do() | ||
|
||
if err != nil { | ||
return fmt.Errorf("Error reading KeyRing: %s", err) | ||
} | ||
|
||
d.SetId(keyRing.Name) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't think we usually set the id again on read- any reason why you needed it here? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I thought I saw another resource do this, but I can't remember where I saw it. I'll remove this. |
||
|
||
return nil | ||
} | ||
|
||
func resourceKmsKeyRingDelete(d *schema.ResourceData, meta interface{}) error { | ||
return nil | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
package google | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform/helper/acctest" | ||
"github.com/hashicorp/terraform/helper/resource" | ||
"github.com/hashicorp/terraform/terraform" | ||
"log" | ||
) | ||
|
||
func TestAccGoogleKmsKeyRing_basic(t *testing.T) { | ||
name := acctest.RandString(10) | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: testGoogleKmsKeyRing_recreate(name), | ||
Steps: []resource.TestStep{ | ||
resource.TestStep{ | ||
Config: testGoogleKmsKeyRing_basic(name), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckGoogleKmsKeyRingExists("google_kms_key_ring.key_ring"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testGoogleKmsKeyRing_basic(name string) string { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't have a good reason behind this, but we tend to keep these functions at the end of the file |
||
return fmt.Sprintf(` | ||
resource "google_kms_key_ring" "key_ring" { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit- can you align this all the way to the left? |
||
name = "%s" | ||
location = "us-central1" | ||
} | ||
`, name) | ||
} | ||
|
||
func testAccCheckGoogleKmsKeyRingExists(resourceName string) resource.TestCheckFunc { | ||
return func(s *terraform.State) error { | ||
config := testAccProvider.Meta().(*Config) | ||
|
||
rs, ok := s.RootModule().Resources[resourceName] | ||
if !ok { | ||
return fmt.Errorf("Resource not found: %s", resourceName) | ||
} | ||
|
||
name := rs.Primary.Attributes["name"] | ||
location := rs.Primary.Attributes["location"] | ||
|
||
parent := createKmsResourceParentString(config.Project, location) | ||
keyRingName := createKmsResourceKeyRingName(config.Project, location, name) | ||
|
||
listKeyRingsResponse, err := config.clientKms.Projects.Locations.KeyRings.List(parent).Do() | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why list rather than get? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I used list because I don't like it when my tests look similar to the production code. I thought this would be a good way to still test the intended functionality without making it too similar to I am open to changing it if you would like me to. |
||
if err != nil { | ||
return fmt.Errorf("Error listing KeyRings: %s", err) | ||
} | ||
|
||
for _, keyRing := range listKeyRingsResponse.KeyRings { | ||
log.Printf("[DEBUG] Found KeyRing: %s", keyRing.Name) | ||
|
||
if keyRing.Name == keyRingName { | ||
return nil | ||
} | ||
} | ||
|
||
return fmt.Errorf("KeyRing not found: %s", keyRingName) | ||
} | ||
} | ||
|
||
// TODO | ||
// KMS KeyRings cannot be deleted. This will test if the resource can be added back to state after being removed | ||
func testGoogleKmsKeyRing_recreate(name string) resource.TestCheckFunc { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If the resource already exists server-side, we can add import functionality instead of trying to get it to essentially import on create. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. What is the expected behavior of attempting to create a KeyRing that already exists? Should it fail because the resource already exists on the server? Or should it handle it similar to how an import would? I think most resources would fail here because you'd expect to have to use In either case, my intention was for this test to capture that logic, where I either expect a failure when re-creating, or for it to be handled gracefully. |
||
return func(s *terraform.State) error { | ||
return nil | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
readability nit: I'm not a huge fan of
create
being used in functions that don't actually create something, especially in a code base like this where it realistically could be making API calls. How about justkmsResourceParentString
?