diff --git a/mmv1/products/compute/go_BackendService.yaml b/mmv1/products/compute/go_BackendService.yaml index a224db0981b1..c5863819ad42 100644 --- a/mmv1/products/compute/go_BackendService.yaml +++ b/mmv1/products/compute/go_BackendService.yaml @@ -742,6 +742,7 @@ properties: - name: 'iap' type: NestedObject description: Settings for enabling Cloud Identity Aware Proxy + default_from_api: true send_empty_value: true properties: - name: 'enabled' diff --git a/mmv1/products/compute/go_Interconnect.yaml b/mmv1/products/compute/go_Interconnect.yaml index 2d6227970926..f01e7bf770e5 100644 --- a/mmv1/products/compute/go_Interconnect.yaml +++ b/mmv1/products/compute/go_Interconnect.yaml @@ -25,7 +25,7 @@ references: docs: base_url: 'projects/{{project}}/global/interconnects' self_link: 'projects/{{project}}/global/interconnects/{{name}}' -immutable: true +update_verb: 'PATCH' timeouts: insert_minutes: 20 update_minutes: 20 @@ -376,6 +376,7 @@ properties: description: | Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to. + immutable: true - name: 'requestedFeatures' type: Array description: | @@ -384,6 +385,7 @@ properties: specified, the default value is false, which allocates non-MACsec capable ports first if available). Note that MACSEC is still technically allowed for compatibility reasons, but it does not work with the API, and will be removed in an upcoming major version. + immutable: true item_type: type: Enum description: | diff --git a/mmv1/products/compute/go_RegionBackendService.yaml b/mmv1/products/compute/go_RegionBackendService.yaml index fed219a2bdf3..89037c828208 100644 --- a/mmv1/products/compute/go_RegionBackendService.yaml +++ b/mmv1/products/compute/go_RegionBackendService.yaml @@ -747,6 +747,7 @@ properties: - name: 'iap' type: NestedObject description: Settings for enabling Cloud Identity Aware Proxy + default_from_api: true send_empty_value: true properties: - name: 'enabled' diff --git a/mmv1/products/looker/go_Instance.yaml b/mmv1/products/looker/go_Instance.yaml index 510fbf172aca..ac4949b34cb0 100644 --- a/mmv1/products/looker/go_Instance.yaml +++ b/mmv1/products/looker/go_Instance.yaml @@ -62,6 +62,12 @@ examples: instance_name: 'my-instance' client_id: 'my-client-id' client_secret: 'my-client-secret' + - name: 'looker_instance_fips' + primary_resource_id: 'looker-instance' + vars: + instance_name: 'my-instance-fips' + client_id: 'my-client-id' + client_secret: 'my-client-secret' - name: 'looker_instance_enterprise_full' primary_resource_id: 'looker-instance' vars: @@ -260,6 +266,10 @@ properties: Full name and version of the CMEK key currently in use to encrypt Looker data. output: true # Encryption Config Object - End + - name: 'fipsEnabled' + type: Boolean + description: | + FIPS 140-2 Encryption enablement for Looker (Google Cloud Core). - name: 'ingressPrivateIp' type: String description: | diff --git a/mmv1/products/metastore/go_Service.yaml b/mmv1/products/metastore/go_Service.yaml index 01873b30387d..8d8bc07142bb 100644 --- a/mmv1/products/metastore/go_Service.yaml +++ b/mmv1/products/metastore/go_Service.yaml @@ -64,6 +64,14 @@ examples: primary_resource_name: 'fmt.Sprintf("tf-test-metastore-srv%s", context["random_suffix"])' vars: metastore_service_name: 'metastore-srv' + - name: 'dataproc_metastore_service_deletion_protection' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-metastore-srv%s", context["random_suffix"])' + vars: + metastore_service_name: 'metastore-srv' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' - name: 'dataproc_metastore_service_cmek_test' primary_resource_id: 'default' vars: @@ -297,6 +305,10 @@ properties: description: | A Cloud Storage URI of a folder, in the format gs:///. A sub-folder containing backup files will be stored below it. required: true + - name: 'deletionProtection' + type: Boolean + description: | + Indicates if the dataproc metastore should be protected against accidental deletions. - name: 'maintenanceWindow' type: NestedObject description: | diff --git a/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml b/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml index 5668c9249878..0f25724aa831 100644 --- a/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml +++ b/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml @@ -138,19 +138,18 @@ properties: An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - # TODO : Add versionAliases field support once google_secret_manager_regional_secret_version is added - # - !ruby/object:Api::Type::KeyValuePairs - # name: versionAliases - # description: | - # Mapping from version alias to version name. + - name: 'versionAliases' + type: KeyValuePairs + description: | + Mapping from version alias to version name. - # A version alias is a string with a maximum length of 63 characters and can contain - # uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') - # characters. An alias string must start with a letter and cannot be the string - # 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. + A version alias is a string with a maximum length of 63 characters and can contain + uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_') + characters. An alias string must start with a letter and cannot be the string + 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. - # An object containing a list of "key": value pairs. Example: - # { "name": "wrench", "mass": "1.3kg", "count": "3" }. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. - name: 'customerManagedEncryption' type: NestedObject description: | diff --git a/mmv1/products/secretmanagerregional/go_RegionalSecretVersion.yaml b/mmv1/products/secretmanagerregional/go_RegionalSecretVersion.yaml new file mode 100644 index 000000000000..1c8bd798c1f9 --- /dev/null +++ b/mmv1/products/secretmanagerregional/go_RegionalSecretVersion.yaml @@ -0,0 +1,161 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionalSecretVersion' +description: | + A regional secret version resource. +docs: + optional_properties: | + * `is_secret_data_base64` - (Optional) If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is. +base_url: '{{name}}' +self_link: '{{name}}' +create_url: '{{secret}}:addVersion' +delete_url: '{{name}}:destroy' +delete_verb: 'POST' +import_format: + - 'projects/{{%project}}/locations/{{%location}}/secrets/{{%secret_id}}/versions/{{%version}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + extra_schema_entry: 'templates/terraform/extra_schema_entry/go/secret_version_is_secret_data_base64.go.tmpl' + decoder: 'templates/terraform/decoders/go/treat_destroyed_state_as_gone.tmpl' + pre_create: 'templates/terraform/pre_create/go/secret_manager_regional_secret_version.go.tmpl' + post_create: 'templates/terraform/post_create/go/regional_secret_version.go.tmpl' + pre_read: 'templates/terraform/pre_read/go/secret_manager_regional_secret_version.go.tmpl' + custom_update: 'templates/terraform/custom_update/go/regional_secret_version.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/regional_secret_version_deletion_policy.go.tmpl' + custom_import: 'templates/terraform/custom_import/go/regional_secret_version.go.tmpl' +# Sweeper skipped as this resource has customized deletion. +exclude_sweeper: true +examples: + - name: 'regional_secret_version_basic' + primary_resource_id: 'regional_secret_version_basic' + vars: + secret_id: 'secret-version' + data: 'secret-data' + - name: 'regional_secret_version_with_base64_data' + primary_resource_id: 'regional_secret_version_base64' + vars: + secret_id: 'secret-version' + data: 'secret-data.pfx' + test_vars_overrides: + 'data': '"./test-fixtures/binary-file.pfx"' + ignore_read_extra: + - 'is_secret_data_base64' + - name: 'regional_secret_version_disabled' + primary_resource_id: 'regional_secret_version_disabled' + vars: + secret_id: 'secret-version' + data: 'secret-data' + - name: 'regional_secret_version_deletion_policy_abandon' + primary_resource_id: 'regional_secret_version_deletion_policy' + vars: + secret_id: 'secret-version' + data: 'secret-data' + ignore_read_extra: + - 'deletion_policy' + - name: 'regional_secret_version_deletion_policy_disable' + primary_resource_id: 'regional_secret_version_deletion_policy' + vars: + secret_id: 'secret-version' + data: 'secret-data' + ignore_read_extra: + - 'deletion_policy' +virtual_fields: + - name: 'deletion_policy' + description: | + The deletion policy for the regional secret version. Setting `ABANDON` allows the resource + to be abandoned rather than deleted. Setting `DISABLE` allows the resource to be + disabled rather than deleted. Default is `DELETE`. Possible values are: + * DELETE + * DISABLE + * ABANDON + type: String + default_value: "DELETE" +parameters: + - name: 'secret' + type: ResourceRef + description: | + Secret Manager regional secret resource. + url_param_only: true + required: true + immutable: true + resource: 'RegionalSecret' + imports: 'name' + - name: 'location' + type: String + description: | + Location of Secret Manager regional secret resource. + url_param_only: true + output: true +properties: + - name: 'name' + type: String + description: | + The resource name of the regional secret version. Format: + `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}/versions/{{version}}` + output: true + - name: 'createTime' + type: String + description: | + The time at which the regional secret version was created. + output: true + - name: 'destroyTime' + type: String + description: | + The time at which the regional secret version was destroyed. Only present if state is DESTROYED. + output: true + - name: 'customerManagedEncryption' + type: NestedObject + description: | + The customer-managed encryption configuration of the regional secret. + output: true + properties: + - name: 'kmsKeyVersionName' + type: String + description: | + The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. + output: true + - name: 'version' + type: String + description: | + The version of the Regional Secret. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/regional_secret_version_version.go.tmpl' + - name: 'enabled' + type: Boolean + description: | + The current state of the regional secret version. + api_name: state + custom_flatten: 'templates/terraform/custom_flatten/go/secret_version_enable.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl' + default_value: true + - name: 'payload' + type: NestedObject + description: The secret payload of the Regional SecretVersion. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/regional_secret_version_access.go.tmpl' + flatten_object: true + properties: + - name: 'secret_data' + type: String + description: The secret data. Must be no larger than 64KiB. + api_name: data + required: true + immutable: true + sensitive: true + custom_expand: 'templates/terraform/custom_expand/go/secret_version_secret_data.go.tmpl' diff --git a/mmv1/provider/terraform.rb b/mmv1/provider/terraform.rb index b3070a23cdc5..ce267c40736a 100644 --- a/mmv1/provider/terraform.rb +++ b/mmv1/provider/terraform.rb @@ -416,7 +416,8 @@ def generate_object_modified(object, output_folder, version_name) return if (output_folder.include? 'healthcare') || (output_folder.include? 'memorystore') generate_product = false - if @go_yaml_files + + unless @go_yaml_files.empty? found = false @go_yaml_files.each do |f| no_ext = Pathname.new(f).sub_ext '' @@ -433,11 +434,13 @@ def generate_object_modified(object, output_folder, version_name) data = build_object_data(pwd, object, output_folder, version_name) Dir.chdir output_folder Google::LOGGER.info "Generating #{object.name} rewrite yaml" - if @go_yaml_files + # rubocop:disable Style/UnlessElse + unless @go_yaml_files.empty? generate_newyaml_temp(pwd, data.clone, generate_product) else generate_newyaml(pwd, data.clone) end + # rubocop:enable Style/UnlessElse Dir.chdir pwd end diff --git a/mmv1/templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl b/mmv1/templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl new file mode 100644 index 000000000000..a3a2c9effc47 --- /dev/null +++ b/mmv1/templates/terraform/custom_expand/go/regional_secret_version_enable.go.tmpl @@ -0,0 +1,50 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +func expand{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + name := d.Get("name").(string) + if name == "" { + return "", nil + } + + url, err := tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}name{{"}}"}}") + if err != nil { + return nil, err + } + + if v == true { + url = fmt.Sprintf("%s:enable", url) + } else { + url = fmt.Sprintf("%s:disable", url) + } + + parts := strings.Split(name, "/") + project := parts[1] + + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return nil, err + } + + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "POST", + Project: project, + RawURL: url, + UserAgent: userAgent, + }) + if err != nil { + return nil, err + } + + return nil, nil +} diff --git a/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_access.go.tmpl b/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_access.go.tmpl new file mode 100644 index 000000000000..b9bfd5e47dac --- /dev/null +++ b/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_access.go.tmpl @@ -0,0 +1,56 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + transformed := make(map[string]interface{}) + + // if this secret version is disabled, the api will return an error, as the value cannot be accessed, return what we have + if d.Get("enabled").(bool) == false { + transformed["secret_data"] = d.Get("secret_data") + return []interface{}{transformed} + } + + url, err := tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}name{{"}}"}}:access") + if err != nil { + return err + } + + parts := strings.Split(d.Get("name").(string), "/") + project := parts[1] + + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + accessRes, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: project, + RawURL: url, + UserAgent: userAgent, + }) + if err != nil { + return err + } + + if d.Get("is_secret_data_base64").(bool) { + transformed["secret_data"] = accessRes["payload"].(map[string]interface{})["data"].(string) + } else { + data, err := base64.StdEncoding.DecodeString(accessRes["payload"].(map[string]interface{})["data"].(string)) + if err != nil { + return err + } + transformed["secret_data"] = string(data) + } + return []interface{}{transformed} +} diff --git a/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_version.go.tmpl b/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_version.go.tmpl new file mode 100644 index 000000000000..00ba7e872a98 --- /dev/null +++ b/mmv1/templates/terraform/custom_flatten/go/regional_secret_version_version.go.tmpl @@ -0,0 +1,23 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +func flatten{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + name := d.Get("name").(string) + secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$") + + parts := secretRegex.FindStringSubmatch(name) + if len(parts) != 5 { + return fmt.Errorf("Version name does not fit the format `projects/{{"{{"}}project{{"}}"}}/locations/{{"{{"}}location{{"}}"}}/secrets/{{"{{"}}secret{{"}}"}}/versions/{{"{{"}}version{{"}}"}}`") + } + + return parts[4] +} diff --git a/mmv1/templates/terraform/custom_import/go/regional_secret_version.go.tmpl b/mmv1/templates/terraform/custom_import/go/regional_secret_version.go.tmpl new file mode 100644 index 000000000000..f17c4a672d91 --- /dev/null +++ b/mmv1/templates/terraform/custom_import/go/regional_secret_version.go.tmpl @@ -0,0 +1,47 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} + config := meta.(*transport_tpg.Config) + + // current import_formats can't import fields with forward slashes in their value + if err := tpgresource.ParseImportId([]string{"(?P.+)"}, d, config); err != nil { + return nil, err + } + + name := d.Get("name").(string) + secretRegex := regexp.MustCompile("(projects/.+/locations/.+/secrets/.+)/versions/.+$") + versionRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$") + + parts := secretRegex.FindStringSubmatch(name) + if len(parts) != 2 { + return nil, fmt.Errorf("Version name does not fit the format `projects/{{"{{"}}project{{"}}"}}/locations/{{"{{"}}location{{"}}"}}/secrets/{{"{{"}}secret{{"}}"}}/versions/{{"{{"}}version{{"}}"}}`") + } + if err := d.Set("secret", parts[1]); err != nil { + return nil, fmt.Errorf("Error setting secret: %s", err) + } + + parts = versionRegex.FindStringSubmatch(name) + + if err := d.Set("version", parts[4]); err != nil { + return nil, fmt.Errorf("Error setting version: %s", err) + } + + // Explicitly set virtual fields to default values on import + if err := d.Set("deletion_policy", "DELETE"); err != nil { + return nil, fmt.Errorf("Error setting deletion policy: %s", err) + } + + if err := d.Set("location", parts[2]); err != nil { + return nil, fmt.Errorf("Error setting location: %s", err) + } + + return []*schema.ResourceData{d}, nil diff --git a/mmv1/templates/terraform/custom_update/go/regional_secret_version.go.tmpl b/mmv1/templates/terraform/custom_update/go/regional_secret_version.go.tmpl new file mode 100644 index 000000000000..7cb6e95cdcff --- /dev/null +++ b/mmv1/templates/terraform/custom_update/go/regional_secret_version.go.tmpl @@ -0,0 +1,18 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +_, err := expandSecretManagerRegionalRegionalSecretVersionEnabled(d.Get("enabled"), d, config) +if err != nil { + return err +} + +return resourceSecretManagerRegionalRegionalSecretVersionRead(d, meta) diff --git a/mmv1/templates/terraform/examples/go/dataproc_metastore_service_deletion_protection.tf.tmpl b/mmv1/templates/terraform/examples/go/dataproc_metastore_service_deletion_protection.tf.tmpl new file mode 100644 index 000000000000..41a8c9146deb --- /dev/null +++ b/mmv1/templates/terraform/examples/go/dataproc_metastore_service_deletion_protection.tf.tmpl @@ -0,0 +1,21 @@ +resource "google_dataproc_metastore_service" "{{$.PrimaryResourceId}}" { + service_id = "{{index $.Vars "metastore_service_name"}}" + location = "us-central1" + port = 9080 + tier = "DEVELOPER" + deletion_protection = "{{index $.Vars "deletion_protection"}}" + + maintenance_window { + hour_of_day = 2 + day_of_week = "SUNDAY" + } + + hive_metastore_config { + version = "2.3.6" + } + + labels = { + env = "test" + } + } + \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/looker_instance_fips.tf.tmpl b/mmv1/templates/terraform/examples/go/looker_instance_fips.tf.tmpl new file mode 100644 index 000000000000..05e4becab26d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/looker_instance_fips.tf.tmpl @@ -0,0 +1,11 @@ +resource "google_looker_instance" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "instance_name"}}" + platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL" + region = "us-central1" + public_ip_enabled = true + fips_enabled = true + oauth_config { + client_id = "{{index $.Vars "client_id"}}" + client_secret = "{{index $.Vars "client_secret"}}" + } +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_version_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_version_basic.tf.tmpl new file mode 100644 index 000000000000..129d5eec661d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_version_basic.tf.tmpl @@ -0,0 +1,9 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "{{$.PrimaryResourceId}}" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "{{index $.Vars "data"}}" +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_abandon.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_abandon.tf.tmpl new file mode 100644 index 000000000000..72d884c66774 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_abandon.tf.tmpl @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "{{$.PrimaryResourceId}}" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "{{index $.Vars "data"}}" + deletion_policy = "ABANDON" +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_disable.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_disable.tf.tmpl new file mode 100644 index 000000000000..4869268a0a4d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_version_deletion_policy_disable.tf.tmpl @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "{{$.PrimaryResourceId}}" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "{{index $.Vars "data"}}" + deletion_policy = "DISABLE" +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_version_disabled.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_version_disabled.tf.tmpl new file mode 100644 index 000000000000..5af98899fa61 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_version_disabled.tf.tmpl @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "{{$.PrimaryResourceId}}" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "{{index $.Vars "data"}}" + enabled = false +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_version_with_base64_data.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_version_with_base64_data.tf.tmpl new file mode 100644 index 000000000000..810fa1d0be2a --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_version_with_base64_data.tf.tmpl @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "{{$.PrimaryResourceId}}" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = filebase64("{{index $.Vars "data"}}") + is_secret_data_base64 = true +} diff --git a/mmv1/templates/terraform/post_create/go/regional_secret_version.go.tmpl b/mmv1/templates/terraform/post_create/go/regional_secret_version.go.tmpl new file mode 100644 index 000000000000..8c97a8ae614a --- /dev/null +++ b/mmv1/templates/terraform/post_create/go/regional_secret_version.go.tmpl @@ -0,0 +1,26 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +// `name` is autogenerated from the api so needs to be set post-create +name, ok := res["name"] +if !ok { + return fmt.Errorf("Create response didn't contain critical fields. Create may not have succeeded.") +} +if err := d.Set("name", name.(string)); err != nil { + return fmt.Errorf("Error setting name: %s", err) +} +d.SetId(name.(string)) + +_, err = expandSecretManagerRegionalRegionalSecretVersionEnabled(d.Get("enabled"), d, config) +if err != nil { + return err +} diff --git a/mmv1/templates/terraform/pre_create/go/secret_manager_regional_secret_version.go.tmpl b/mmv1/templates/terraform/pre_create/go/secret_manager_regional_secret_version.go.tmpl new file mode 100644 index 000000000000..82e59af6c286 --- /dev/null +++ b/mmv1/templates/terraform/pre_create/go/secret_manager_regional_secret_version.go.tmpl @@ -0,0 +1,29 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +secret := d.Get("secret").(string) +secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$") + +parts := secretRegex.FindStringSubmatch(secret) +if len(parts) != 4 { + return fmt.Errorf("secret does not fit the format `projects/{{"{{"}}project{{"}}"}}/locations/{{"{{"}}location{{"}}"}}/secrets/{{"{{"}}secret{{"}}"}}`") +} + +if err := d.Set("location", parts[2]); err!=nil { + return fmt.Errorf("Error setting location: %s", err) +} + +// Override the url after setting the location +url, err = tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}secret{{"}}"}}:addVersion") +if err != nil { + return err +} diff --git a/mmv1/templates/terraform/pre_delete/go/regional_secret_version_deletion_policy.go.tmpl b/mmv1/templates/terraform/pre_delete/go/regional_secret_version_deletion_policy.go.tmpl new file mode 100644 index 000000000000..63b88d34db56 --- /dev/null +++ b/mmv1/templates/terraform/pre_delete/go/regional_secret_version_deletion_policy.go.tmpl @@ -0,0 +1,22 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +deletionPolicy := d.Get("deletion_policy"); + +if deletionPolicy == "ABANDON" { + return nil +} else if deletionPolicy == "DISABLE" { + url, err = tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}name{{"}}"}}:disable") + if err != nil { + return err + } +} diff --git a/mmv1/templates/terraform/pre_read/go/secret_manager_regional_secret_version.go.tmpl b/mmv1/templates/terraform/pre_read/go/secret_manager_regional_secret_version.go.tmpl new file mode 100644 index 000000000000..4ad72dad2c6b --- /dev/null +++ b/mmv1/templates/terraform/pre_read/go/secret_manager_regional_secret_version.go.tmpl @@ -0,0 +1,36 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +secret := d.Get("secret").(string) +secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$") + +parts := secretRegex.FindStringSubmatch(secret) +if len(parts) != 4 { + return fmt.Errorf("secret does not fit the format `projects/{{"{{"}}project{{"}}"}}/locations/{{"{{"}}location{{"}}"}}/secrets/{{"{{"}}secret{{"}}"}}`") +} + +if err := d.Set("location", parts[2]); err!=nil { + return fmt.Errorf("Error setting location: %s", err) +} + +// Override the url after setting the location +url, err = tpgresource.ReplaceVars(d, config, "{{"{{"}}SecretManagerRegionalBasePath{{"}}"}}{{"{{"}}name{{"}}"}}") +if err != nil { + return err +} + +// Explicitly set the field to default value if unset +if _, ok := d.GetOkExists("is_secret_data_base64"); !ok { + if err := d.Set("is_secret_data_base64", false); err != nil { + return fmt.Errorf("Error setting is_secret_data_base64: %s", err) + } +} diff --git a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl index 51881c4c2df0..022bfb078ab4 100644 --- a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl @@ -179,6 +179,7 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_runtimeconfig_config": runtimeconfig.DataSourceGoogleRuntimeconfigConfig(), "google_runtimeconfig_variable": runtimeconfig.DataSourceGoogleRuntimeconfigVariable(), {{- end }} + "google_secret_manager_regional_secret_version": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersion(), "google_secret_manager_regional_secret": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecret(), "google_secret_manager_secret": secretmanager.DataSourceSecretManagerSecret(), "google_secret_manager_secrets": secretmanager.DataSourceSecretManagerSecrets(), diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_test.go.tmpl index 04c0535d9a0e..de0014749660 100644 --- a/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_instance_test.go.tmpl @@ -8457,18 +8457,6 @@ data "google_compute_image" "my_image" { data "google_project" "project" {} -resource "google_kms_crypto_key_iam_member" "crypto_key" { - crypto_key_id = "%{key_name}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:${data.google_project.project.number}-compute@developer.gserviceaccount.com" -} - -resource "google_kms_crypto_key_iam_member" "crypto_key_2" { - crypto_key_id = "%{key_name}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com" -} - resource "google_compute_instance" "foobar" { name = "%{instance_name}" machine_type = "%{machine_type}" @@ -8490,7 +8478,6 @@ resource "google_compute_instance" "foobar" { network_interface { network = "default" } - depends_on = [google_kms_crypto_key_iam_member.crypto_key] } `, context) diff --git a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl index 74fd6c15f8e6..abe7a87b0797 100644 --- a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl @@ -100,12 +100,13 @@ func schemaLoggingVariant() *schema.Schema { } func schemaGcfsConfig() *schema.Schema { - return &schema.Schema{ - Type: schema.TypeList, - Optional: true, - MaxItems: 1, + return &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, Description: `GCFS configuration for this node.`, - Elem: &schema.Resource{ + Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { Type: schema.TypeBool, @@ -114,7 +115,7 @@ func schemaGcfsConfig() *schema.Schema { }, }, }, - } + } } func schemaNodeConfig() *schema.Schema { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster.go.tmpl index 7d43a21c88c1..ec8a0cd8c432 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster.go.tmpl @@ -3882,6 +3882,55 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s: default-pool setting for insecure_kubelet_readonly_port_enabled updated to %s", d.Id(), it) } } + + if d.HasChange("node_config.0.gcfs_config") { + + defaultPool := "default-pool" + + timeout := d.Timeout(schema.TimeoutCreate) + + nodePoolInfo, err := extractNodePoolInformationFromCluster(d, config, clusterName) + if err != nil { + return err + } + + // Acquire write-lock on nodepool. + npLockKey := nodePoolInfo.nodePoolLockKey(defaultPool) + + gcfsEnabled := d.Get("node_config.0.gcfs_config.0.enabled").(bool) + + // While we're getting the value from the drepcated field in + // node_config.kubelet_config, the actual setting that needs to be updated + // is on the default nodepool. + req := &container.UpdateNodePoolRequest{ + Name: defaultPool, + GcfsConfig: &container.GcfsConfig{ + Enabled: gcfsEnabled, + }, + } + + updateF := func() error { + clusterNodePoolsUpdateCall := config.NewContainerClient(userAgent).Projects.Locations.Clusters.NodePools.Update(nodePoolInfo.fullyQualifiedName(defaultPool), req) + if config.UserProjectOverride { + clusterNodePoolsUpdateCall.Header().Add("X-Goog-User-Project", nodePoolInfo.project) + } + op, err := clusterNodePoolsUpdateCall.Do() + if err != nil { + return err + } + + // Wait until it's updated + return ContainerOperationWait(config, op, nodePoolInfo.project, nodePoolInfo.location, + "updating GKE node pool gcfs_config", userAgent, timeout) + } + + if err := retryWhileIncompatibleOperation(timeout, npLockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s: %s setting for gcfs_config updated to %t", d.Id(), defaultPool, gcfsEnabled) + } + } if d.HasChange("notification_config") { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl index abb1ab9d3d31..f9f6f30ac85d 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl @@ -1535,6 +1535,49 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { }) } +func TestAccContainerCluster_withNodeConfigGcfsConfig(t *testing.T) { + t.Parallel() + clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) + networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") + subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withNodeConfigGcfsConfig(clusterName, networkName, subnetworkName, false), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + acctest.ExpectNoDelete(), + }, + }, + }, + { + ResourceName: "google_container_cluster.with_node_config_gcfs_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + { + Config: testAccContainerCluster_withNodeConfigGcfsConfig(clusterName, networkName, subnetworkName, true), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + acctest.ExpectNoDelete(), + }, + }, + }, + { + ResourceName: "google_container_cluster.with_node_config_gcfs_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + }, + }) +} + // Note: Updates for these are currently known to be broken (b/361634104), and // so are not tested here. // They can probably be made similar to, or consolidated with, @@ -6692,6 +6735,26 @@ resource "google_container_cluster" "with_node_config" { `, clusterName, networkName, subnetworkName) } +func testAccContainerCluster_withNodeConfigGcfsConfig(clusterName, networkName, subnetworkName string, enabled bool) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_node_config_gcfs_config" { + name = "%s" + location = "us-central1-f" + initial_node_count = 1 + + node_config { + gcfs_config { + enabled = %t + } + } + + deletion_protection = false + network = "%s" + subnetwork = "%s" +} +`, clusterName, enabled, networkName, subnetworkName) +} + func testAccContainerCluster_withNodeConfigKubeletConfigSettings(clusterName, networkName, subnetworkName string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_node_config_kubelet_config_settings" { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool.go.tmpl index 379a430ddcfe..3a0badc171c7 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool.go.tmpl @@ -1786,6 +1786,39 @@ func nodePoolUpdate(d *schema.ResourceData, meta interface{}, nodePoolInfo *Node log.Printf("[INFO] Updated workload_metadata_config for node pool %s", name) } + if d.HasChange(prefix + "node_config.0.gcfs_config") { + gcfsEnabled := bool(d.Get(prefix + "node_config.0.gcfs_config.0.enabled").(bool)) + req := &container.UpdateNodePoolRequest{ + NodePoolId: name, + GcfsConfig: &container.GcfsConfig{ + Enabled: gcfsEnabled, + }, + } + updateF := func() error { + clusterNodePoolsUpdateCall := config.NewContainerClient(userAgent).Projects.Locations.Clusters.NodePools.Update(nodePoolInfo.fullyQualifiedName(name),req) + if config.UserProjectOverride { + clusterNodePoolsUpdateCall.Header().Add("X-Goog-User-Project", nodePoolInfo.project) + } + op, err := clusterNodePoolsUpdateCall.Do() + if err != nil { + return err + } + + // Wait until it's updated + return ContainerOperationWait(config, op, + nodePoolInfo.project, + nodePoolInfo.location, + "updating GKE node pool gcfs_config", userAgent, + timeout) + } + + if err := retryWhileIncompatibleOperation(timeout, npLockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] Updated gcfs_config for node pool %s", name) + } + if d.HasChange(prefix + "node_config.0.kubelet_config") { req := &container.UpdateNodePoolRequest{ NodePoolId: name, diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl index 769d43e7d3b0..128ee9254e31 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl @@ -1674,9 +1674,9 @@ resource "google_container_node_pool" "np" { node_config { machine_type = "n1-standard-8" image_type = "COS_CONTAINERD" - gcfs_config { - enabled = true - } + gcfs_config { + enabled = true + } secondary_boot_disks { disk_image = "" mode = "CONTAINER_IMAGE_CACHE" @@ -1693,9 +1693,9 @@ resource "google_container_node_pool" "np-no-mode" { node_config { machine_type = "n1-standard-8" image_type = "COS_CONTAINERD" - gcfs_config { - enabled = true - } + gcfs_config { + enabled = true + } secondary_boot_disks { disk_image = "" } @@ -1719,10 +1719,14 @@ func TestAccContainerNodePool_gcfsConfig(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccContainerNodePool_gcfsConfig(cluster, np, networkName, subnetworkName, true), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("google_container_node_pool.np", - "node_config.0.gcfs_config.0.enabled", "true"), - ), + }, + { + ResourceName: "google_container_node_pool.np", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccContainerNodePool_gcfsConfig(cluster, np, networkName, subnetworkName, false), }, { ResourceName: "google_container_node_pool.np", diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go index f58ab01270b7..0324798304b8 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go @@ -499,58 +499,57 @@ func TestAccSecretManagerRegionalRegionalSecret_versionDestroyTtlUpdate(t *testi }) } -// TODO: Uncomment once google_secret_manager_regional_secret_version is added -// func TestAccSecretManagerRegionalRegionalSecret_versionAliasesUpdate(t *testing.T) { -// t.Parallel() -// -// context := map[string]interface{}{ -// "random_suffix": acctest.RandString(t, 10), -// } -// -// acctest.VcrTest(t, resource.TestCase{ -// PreCheck: func() { acctest.AccTestPreCheck(t) }, -// ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), -// CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), -// Steps: []resource.TestStep{ -// { -// Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), -// }, -// { -// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, -// }, -// { -// Config: testAccSecretManagerRegionalSecret_versionAliasesBasic(context), -// }, -// { -// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, -// }, -// { -// Config: testAccSecretManagerRegionalSecret_versionAliasesUpdate(context), -// }, -// { -// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, -// }, -// { -// Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), -// }, -// { -// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", -// ImportState: true, -// ImportStateVerify: true, -// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, -// }, -// }, -// }) -// } +func TestAccSecretManagerRegionalRegionalSecret_versionAliasesUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_versionAliasesBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_versionAliasesUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} func testAccSecretManagerRegionalSecret_basic(context map[string]interface{}) string { return acctest.Nprintf(` @@ -1182,130 +1181,129 @@ resource "google_secret_manager_regional_secret" "regional-secret-with-version-d `, context) } -// TODO: Uncomment once google_secret_manager_regional_secret_version is added -// func testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context map[string]interface{}) string { -// return acctest.Nprintf(` -// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { -// secret_id = "tf-test-reg-secret%{random_suffix}" -// location = "us-central1" -// -// labels = { -// mylabel = "mykey" -// } -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-1" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-2" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-3" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-4" -// } -// `, context) -// } -// -// func testAccSecretManagerRegionalSecret_versionAliasesBasic(context map[string]interface{}) string { -// return acctest.Nprintf(` -// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { -// secret_id = "tf-test-reg-secret%{random_suffix}" -// location = "us-central1" -// -// version_aliases = { -// firstalias = "1", -// secondalias = "2", -// thirdalias = "3", -// otheralias = "2", -// somealias = "3" -// } -// -// labels = { -// mylabel = "mykey" -// } -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-1" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-2" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-3" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-4" -// } -// `, context) -// } -// -// func testAccSecretManagerRegionalSecret_versionAliasesUpdate(context map[string]interface{}) string { -// return acctest.Nprintf(` -// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { -// secret_id = "tf-test-reg-secret%{random_suffix}" -// location = "us-central1" -// -// version_aliases = { -// firstalias = "1", -// secondaliasupdated = "2", -// otheralias = "1", -// somealias = "3", -// fourthalias = "4" -// } -// -// labels = { -// mylabel = "mykey" -// } -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-1" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-2" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-3" -// } -// -// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { -// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id -// -// secret_data = "very secret data keep it down %{random_suffix}-4" -// } -// `, context) -// } +func testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-1" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-2" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-3" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-4" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_versionAliasesBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + version_aliases = { + firstalias = "1", + secondalias = "2", + thirdalias = "3", + otheralias = "2", + somealias = "3" + } + + labels = { + mylabel = "mykey" + } +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-1" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-2" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-3" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-4" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_versionAliasesUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + version_aliases = { + firstalias = "1", + secondaliasupdated = "2", + otheralias = "1", + somealias = "3", + fourthalias = "4" + } + + labels = { + mylabel = "mykey" + } +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-1" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-2" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-3" +} + +resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { + secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id + + secret_data = "very secret data keep it down %{random_suffix}-4" +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_version_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_version_test.go new file mode 100644 index 000000000000..23af25d99c88 --- /dev/null +++ b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_version_test.go @@ -0,0 +1,140 @@ +package secretmanagerregional_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" +) + +func TestAccSecretManagerRegionalRegionalSecretVersion_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalRegionalSecretVersion_basic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_version.secret-version-basic", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccSecretManagerRegionalRegionalSecretVersion_disable(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_version.secret-version-basic", + ImportState: true, + ImportStateVerify: true, + // at this point the secret data is disabled and so reading the data on import will + // give an empty string + ImportStateVerifyIgnore: []string{"secret_data"}, + }, + { + Config: testAccSecretManagerRegionalRegionalSecretVersion_basic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_version.secret-version-basic", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecretVersion_cmekOutputOnly(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "kms_key_name": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-secret-manager-managed-central-key5").CryptoKey.Name, + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalRegionalSecretVersion_cmekOutputOnly(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_version.secret-version-cmek", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccSecretManagerRegionalRegionalSecretVersion_basic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "tf-test-secret-version-%{random_suffix}" + location = "us-central1" + labels = { + label = "my-label" + } +} + +resource "google_secret_manager_regional_secret_version" "secret-version-basic" { + secret = google_secret_manager_regional_secret.secret-basic.name + secret_data = "my-tf-test-secret%{random_suffix}" + enabled = true +} +`, context) +} + +func testAccSecretManagerRegionalRegionalSecretVersion_disable(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "tf-test-secret-version-%{random_suffix}" + location = "us-central1" + labels = { + label = "my-label" + } +} + +resource "google_secret_manager_regional_secret_version" "secret-version-basic" { + secret = google_secret_manager_regional_secret.secret-basic.name + secret_data = "my-tf-test-secret%{random_suffix}" + enabled = false +} +`, context) +} + +func testAccSecretManagerRegionalRegionalSecretVersion_cmekOutputOnly(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project-ds" {} + +resource "google_kms_crypto_key_iam_member" "kms-secret-binding-reg-sec-ver" { + crypto_key_id = "%{kms_key_name}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project-ds.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-reg-sec-ver" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + customer_managed_encryption { + kms_key_name = "%{kms_key_name}" + } + + depends_on = [ google_kms_crypto_key_iam_member.kms-secret-binding-reg-sec-ver ] +} + +resource "google_secret_manager_regional_secret_version" "secret-version-cmek" { + secret = google_secret_manager_regional_secret.regional-secret-reg-sec-ver.name + secret_data = "my-tf-test-secret%{random_suffix}" +} +`, context) +}