-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
Copy pathterraform.yaml
177 lines (172 loc) · 8.28 KB
/
terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Copyright 2019 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
--- !ruby/object:Provider::Terraform::Config
overrides: !ruby/object:Overrides::ResourceOverrides
KeyRing: !ruby/object:Overrides::Terraform::ResourceOverride
description: |
{{description}}
~> **Note:** KeyRings cannot be deleted from Google Cloud Platform.
Destroying a Terraform-managed KeyRing will remove it from state but
*will not delete the resource from the project.*
id_format: "projects/{{project}}/locations/{{location}}/keyRings/{{name}}"
import_format: ["projects/{{project}}/locations/{{location}}/keyRings/{{name}}"]
skip_delete: true
examples:
- !ruby/object:Provider::Terraform::Examples
name: "kms_key_ring_basic"
primary_resource_id: "example-keyring"
# Because we can't really delete the resource, we get an error of
# dangling resources with the auto generated tests. The hand-written
# tests do a better job at testing that the key was removed from state
# and that no keyrings are left behind since they create (and destroy)
# a project just for this test, but they require org level IAM roles
# for the test service account.
skip_test: true
properties:
createTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
location: !ruby/object:Overrides::Terraform::PropertyOverride
ignore_read: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
decoder: templates/terraform/decoders/kms.go.erb
encoder: templates/terraform/encoders/send_nil_body.go.erb
CryptoKey: !ruby/object:Overrides::Terraform::ResourceOverride
description: |
{{description}}
~> **Note:** CryptoKeys cannot be deleted from Google Cloud Platform.
Destroying a Terraform-managed CryptoKey will remove it from state
and delete all CryptoKeyVersions, rendering the key unusable, but *will
not delete the resource from the project.* When Terraform destroys these keys,
any data previously encrypted with these keys will be irrecoverable.
For this reason, it is strongly recommended that you add lifecycle hooks
to the resource to prevent accidental destruction.
id_format: "{{key_ring}}/cryptoKeys/{{name}}"
import_format: ["{{key_ring}}/cryptoKeys/{{name}}"]
supports_indirect_user_project_override: true
schema_version: 1
examples:
- !ruby/object:Provider::Terraform::Examples
name: "kms_crypto_key_basic"
primary_resource_id: "example-key"
skip_test: true
- !ruby/object:Provider::Terraform::Examples
name: "kms_crypto_key_asymmetric_sign"
primary_resource_id: "example-asymmetric-sign-key"
skip_test: true
properties:
createTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
keyRing: !ruby/object:Overrides::Terraform::PropertyOverride
diff_suppress_func: 'kmsCryptoKeyRingsEquivalent'
ignore_read: true
name: !ruby/object:Overrides::Terraform::PropertyOverride
ignore_read: true
rotationPeriod: !ruby/object:Overrides::Terraform::PropertyOverride
validation: !ruby/object:Provider::Terraform::Validation
function: 'orEmpty(validateKmsCryptoKeyRotationPeriod)'
update_mask_fields:
- "rotationPeriod"
- "nextRotationTime"
versionTemplate: !ruby/object:Overrides::Terraform::PropertyOverride
default_from_api: true
update_mask_fields:
- "versionTemplate.algorithm"
versionTemplate.protectionLevel: !ruby/object:Overrides::Terraform::PropertyOverride
default_value: "SOFTWARE"
nextRotationTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
destroyScheduledDuration: !ruby/object:Overrides::Terraform::PropertyOverride
default_from_api: true
importOnly: !ruby/object:Overrides::Terraform::PropertyOverride
default_from_api: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
custom_delete: templates/terraform/custom_delete/kms_crypto_key.erb
custom_import: templates/terraform/custom_import/kms_crypto_key.go.erb
decoder: templates/terraform/decoders/kms.go.erb
encoder: templates/terraform/encoders/kms_crypto_key.go.erb
update_encoder: templates/terraform/update_encoder/kms_crypto_key.go.erb
KeyRingImportJob: !ruby/object:Overrides::Terraform::ResourceOverride
description: |
{{description}}
~> **Note:** KeyRingImportJobs cannot be deleted from Google Cloud Platform.
Destroying a Terraform-managed KeyRingImportJob will remove it from state but
*will not delete the resource from the project.*
id_format: "{{name}}"
import_format: ["{{name}}"]
examples:
- !ruby/object:Provider::Terraform::Examples
name: "kms_key_ring_import_job"
primary_resource_id: "import-job"
vars:
keyring: "keyring-example"
cryptokey: "cryptokey-example"
skip_test: true
properties:
createTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
keyRing: !ruby/object:Overrides::Terraform::PropertyOverride
diff_suppress_func: 'kmsCryptoKeyRingsEquivalent'
ignore_read: true
createTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
generateTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
expireEventTime: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
custom_code: !ruby/object:Provider::Terraform::CustomCode
custom_import: templates/terraform/custom_import/kms_key_ring_import_job.go.erb
SecretCiphertext: !ruby/object:Overrides::Terraform::ResourceOverride
description: |
{{description}}
~> **NOTE:** Using this resource will allow you to conceal secret data within your
resource definitions, but it does not take care of protecting that data in the
logging output, plan output, or state output. Please take care to secure your secret
data outside of resource definitions.
id_format: "{{crypto_key}}/{{ciphertext}}"
supports_indirect_user_project_override: true
exclude_import: true
exclude_validator: true
skip_delete: true
examples:
- !ruby/object:Provider::Terraform::Examples
name: "kms_secret_ciphertext_basic"
primary_resource_id: "my_password"
vars:
instance_name: "my-instance"
skip_test: true
properties:
cryptoKey: !ruby/object:Overrides::Terraform::PropertyOverride
# url_param_only already makes this ignored on read, but including
# to be extra clear that nothing gets read
ignore_read: true
plaintext: !ruby/object:Overrides::Terraform::PropertyOverride
ignore_read: true
sensitive: true
custom_expand: templates/terraform/custom_expand/base64.go.erb
additionalAuthenticatedData: !ruby/object:Overrides::Terraform::PropertyOverride
ignore_read: true
sensitive: true
custom_expand: templates/terraform/custom_expand/base64.go.erb
ciphertext: !ruby/object:Overrides::Terraform::PropertyOverride
ignore_read: true
validation: !ruby/object:Provider::Terraform::Validation
function: 'validateBase64String'
custom_code: !ruby/object:Provider::Terraform::CustomCode
post_create: templates/terraform/post_create/kms_secret_ciphertext.go.erb
decoder: templates/terraform/decoders/noop.go.erb
# This is for copying files over
files: !ruby/object:Provider::Config::Files
# These files have templating (ERB) code that will be run.
# This is usually to add licensing info, autogeneration notices, etc.
compile:
<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%>