Add KMS support for the google_bigquery_connection resource (GoogleCl…

…oudPlatform#10561) Co-authored-by: Stephen Lewis (Burrows) <stephen.r.burrows@gmail.com>
Cheriit · Jun 4, 2024 · c276b8b · c276b8b
1 parent 8dd4321
commit c276b8b
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 0 deletions.
diff --git a/mmv1/products/bigqueryconnection/Connection.yaml b/mmv1/products/bigqueryconnection/Connection.yaml
@@ -125,6 +125,26 @@ examples:
     primary_resource_id: "connection"
     vars:
       connection_id: "my-connection"
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'bigquery_connection_kms'
+    primary_resource_id:
+      'bq-connection-cmek'
+    vars:
+      database_instance_name: 'my-database-instance'
+      username: 'user'
+      deletion_protection: 'true'
+      kms_key_name: 'projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key'
+    test_vars_overrides:
+      deletion_protection: 'false'
+      kms_key_name: 'acctest.BootstrapKMSKey(t).CryptoKey.Name'
+      policyChanged:
+        "acctest.BootstrapPSARole(t, \"bq-\", \"bigquery-encryption\",
+        \"roles/cloudkms.cryptoKeyEncrypterDecrypter\"\
+        )"
+    oics_vars_overrides:
+      deletion_protection: 'false'
+    ignore_read_extra:
+      - 'cloud_sql.0.credential'  # password removed
 properties:
   - !ruby/object:Api::Type::String
     name: name
@@ -164,6 +184,12 @@ properties:
     output: true
     description: |
       True if the connection has credential assigned.
+  - !ruby/object:Api::Type::String
+    name: 'kmsKeyName'
+    description: |
+      Optional. The Cloud KMS key that is used for encryption.
+
+      Example: projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]
   - !ruby/object:Api::Type::NestedObject
     name: 'cloudSql'
     description: Connection properties specific to the Cloud SQL.

diff --git a/mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb b/mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb
@@ -0,0 +1,38 @@
+resource "google_sql_database_instance" "instance" {
+    name             = "<%= ctx[:vars]['database_instance_name'] %>"
+    database_version = "POSTGRES_11"
+    region           = "us-central1"
+    settings {
+		tier = "db-f1-micro"
+	}
+
+    deletion_protection  = "<%= ctx[:vars]['deletion_protection'] %>"
+}
+
+resource "google_sql_database" "db" {
+    instance = google_sql_database_instance.instance.name
+    name     = "db"
+}
+
+resource "google_sql_user" "user" {
+    name = "<%= ctx[:vars]['username'] %>"
+    instance = google_sql_database_instance.instance.name
+    password = "tf-test-my-password%{random_suffix}"
+}
+
+resource "google_bigquery_connection" "<%= ctx[:primary_resource_id] %>" {
+    friendly_name = "👋"
+    description   = "a riveting description"
+    location      = "US"
+    kms_key_name  = "<%= ctx[:vars]['kms_key_name'] %>"
+    cloud_sql {
+        instance_id = google_sql_database_instance.instance.connection_name
+        database    = google_sql_database.db.name
+        type        = "POSTGRES"
+        credential {
+          username = google_sql_user.user.name
+          password = google_sql_user.user.password
+        }
+    }
+}
+