Fix kms crypto key iam asset name

mmv1/templates/validator/resource_converter_iam.go.erb

@@ -127,7 +127,7 @@ func new<%= resource_name -%>IamAsset(
 func Fetch<%= resource_name -%>IamPolicy(d TerraformResourceData, config *Config) (Asset, error) {
 	// Check if the identity field returns a value
   <% resource_params.each do |param| -%>
-  if _, ok := d.GetOk("{{<%= param.underscore -%>}}"); !ok {
+  if _, ok := d.GetOk("<%= param.underscore -%>"); !ok {
     return Asset{}, ErrEmptyIdentityField
   }
   <% end # resource_params.each -%>

mmv1/third_party/validator/kms_crypto_key_iam.go

@@ -1,6 +1,9 @@
 package google
 
-import "fmt"
+import (
+	"fmt"
+	"strings"
+)
 
 func resourceConverterKmsCryptoKeyIamPolicy() ResourceConverter {
 	return ResourceConverter{
@@ -73,7 +76,8 @@ func newKmsCryptoKeyIamAsset(
 		return []Asset{}, fmt.Errorf("expanding bindings: %v", err)
 	}
 
-	name, err := assetName(d, config, "//cloudkms.googleapis.com/{{crypto_key_id}}")
+	assetNameTemplate := constructAssetNameTemplate(d)
+	name, err := assetName(d, config, assetNameTemplate)
 	if err != nil {
 		return []Asset{}, err
 	}
@@ -93,12 +97,28 @@ func FetchKmsCryptoKeyIamPolicy(d TerraformResourceData, config *Config) (Asset,
 		return Asset{}, ErrEmptyIdentityField
 	}
 
+	assetNameTemplate := constructAssetNameTemplate(d)
+
 	// We use crypto_key_id in the asset name template to be consistent with newKmsCryptoKeyIamAsset.
 	return fetchIamPolicy(
 		NewKmsCryptoKeyIamUpdater,
 		d,
 		config,
-		"//cloudkms.googleapis.com/{{crypto_key_id}}", // asset name
-		"cloudkms.googleapis.com/CryptoKey",           // asset type
+		assetNameTemplate,                   // asset name
+		"cloudkms.googleapis.com/CryptoKey", // asset type
 	)
 }
+
+func constructAssetNameTemplate(d TerraformResourceData) string {
+	assetNameTemplate := "//cloudkms.googleapis.com/{{crypto_key_id}}"
+	if val, ok := d.GetOk("crypto_key_id"); ok {
+		cryptoKeyID := val.(string)
+		splits := strings.Split(cryptoKeyID, "/")
+		if len(splits) == 4 {
+			assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2], splits[3])
+		} else if len(splits) == 3 {
+			assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/{{project}}/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2])
+		}
+	}
+	return assetNameTemplate
+}

mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json

@@ -1,44 +1,27 @@
 [
-	{
-		"name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example",
-		"asset_type": "cloudkms.googleapis.com/CryptoKey",
-		"ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}",
-		"resource": {
-			"version": "v1",
-			"discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest",
-			"discovery_name": "CryptoKey",
-			"parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}",
-			"data": {
-				"purpose": "ENCRYPT_DECRYPT"
-			}
-		}
-	},
-	{
-		"name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q",
-		"asset_type": "cloudkms.googleapis.com/CryptoKey",
-		"ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}",
-		"iam_policy": {
-			"bindings": [
-				{
-					"role": "roles/cloudkms.admin",
-					"members": [
-						"allUsers",
-						"allAuthenticatedUsers"
-					]
-				}
-			]
-		}
-	},
-	{
-		"name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example",
-		"asset_type": "cloudkms.googleapis.com/KeyRing",
-		"ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}",
-		"resource": {
-			"version": "v1",
-			"discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest",
-			"discovery_name": "KeyRing",
-			"parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}",
-			"data": null
-		}
-	}
-]
+  {
+    "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example",
+    "asset_type": "cloudkms.googleapis.com/CryptoKey",
+    "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}",
+    "resource": {
+      "version": "v1",
+      "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest",
+      "discovery_name": "CryptoKey",
+      "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}",
+      "data": {
+        "purpose": "ENCRYPT_DECRYPT"
+      }
+    },
+    "iam_policy": {
+      "bindings": [
+        {
+          "role": "roles/cloudkms.admin",
+          "members": [
+            "allUsers",
+            "allAuthenticatedUsers"
+          ]
+        }
+      ]
+    }
+  }
+]

mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf

@@ -27,19 +27,13 @@ provider "google" {
   {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}}
 }
 
-resource "google_kms_key_ring" "example_keyring" {
-  name     = "keyring-example"
-  location = "global"
-  project  = "{{.Provider.project}}"
-}
-
 resource "google_kms_crypto_key" "example_crypto_key" {
   name     = "crypto-key-example"
-  key_ring = google_kms_key_ring.example_keyring.id
+  key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example"
 }
 
 resource "google_kms_crypto_key_iam_binding" "crypto_key" {
-  crypto_key_id = google_kms_crypto_key.example_crypto_key.id
+  crypto_key_id = "{{.Provider.project}}/global/keyring-example/crypto-key-example"
   role          = "roles/cloudkms.admin"
   members = [
     "allUsers", "allAuthenticatedUsers"