diff --git a/mmv1/templates/validator/resource_converter_iam.go.erb b/mmv1/templates/validator/resource_converter_iam.go.erb index 6ee8d0ab24fa..d7530974c5f0 100644 --- a/mmv1/templates/validator/resource_converter_iam.go.erb +++ b/mmv1/templates/validator/resource_converter_iam.go.erb @@ -127,7 +127,7 @@ func new<%= resource_name -%>IamAsset( func Fetch<%= resource_name -%>IamPolicy(d TerraformResourceData, config *Config) (Asset, error) { // Check if the identity field returns a value <% resource_params.each do |param| -%> - if _, ok := d.GetOk("{{<%= param.underscore -%>}}"); !ok { + if _, ok := d.GetOk("<%= param.underscore -%>"); !ok { return Asset{}, ErrEmptyIdentityField } <% end # resource_params.each -%> diff --git a/mmv1/third_party/validator/kms_crypto_key_iam.go b/mmv1/third_party/validator/kms_crypto_key_iam.go index 6745960cb09b..b7ed8ab43675 100644 --- a/mmv1/third_party/validator/kms_crypto_key_iam.go +++ b/mmv1/third_party/validator/kms_crypto_key_iam.go @@ -1,6 +1,9 @@ package google -import "fmt" +import ( + "fmt" + "strings" +) func resourceConverterKmsCryptoKeyIamPolicy() ResourceConverter { return ResourceConverter{ @@ -73,7 +76,8 @@ func newKmsCryptoKeyIamAsset( return []Asset{}, fmt.Errorf("expanding bindings: %v", err) } - name, err := assetName(d, config, "//cloudkms.googleapis.com/{{crypto_key_id}}") + assetNameTemplate := constructAssetNameTemplate(d) + name, err := assetName(d, config, assetNameTemplate) if err != nil { return []Asset{}, err } @@ -93,12 +97,28 @@ func FetchKmsCryptoKeyIamPolicy(d TerraformResourceData, config *Config) (Asset, return Asset{}, ErrEmptyIdentityField } + assetNameTemplate := constructAssetNameTemplate(d) + // We use crypto_key_id in the asset name template to be consistent with newKmsCryptoKeyIamAsset. return fetchIamPolicy( NewKmsCryptoKeyIamUpdater, d, config, - "//cloudkms.googleapis.com/{{crypto_key_id}}", // asset name - "cloudkms.googleapis.com/CryptoKey", // asset type + assetNameTemplate, // asset name + "cloudkms.googleapis.com/CryptoKey", // asset type ) } + +func constructAssetNameTemplate(d TerraformResourceData) string { + assetNameTemplate := "//cloudkms.googleapis.com/{{crypto_key_id}}" + if val, ok := d.GetOk("crypto_key_id"); ok { + cryptoKeyID := val.(string) + splits := strings.Split(cryptoKeyID, "/") + if len(splits) == 4 { + assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2], splits[3]) + } else if len(splits) == 3 { + assetNameTemplate = fmt.Sprintf("//cloudkms.googleapis.com/projects/{{project}}/locations/%s/keyRings/%s/cryptoKeys/%s", splits[0], splits[1], splits[2]) + } + } + return assetNameTemplate +} diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json index 7e6c4d9a6fd6..cd765e5bc893 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.json @@ -1,44 +1,27 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allUsers", - "allAuthenticatedUsers" - ] - } - ] - } - }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null - } - } -] \ No newline at end of file + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } + }, + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allUsers", + "allAuthenticatedUsers" + ] + } + ] + } + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf index a66c3cb90df2..56ce6fc1f95a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_binding" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "{{.Provider.project}}/global/keyring-example/crypto-key-example" role = "roles/cloudkms.admin" members = [ "allUsers", "allAuthenticatedUsers" diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json index 4670182a6345..2942be72bdf2 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_binding.tfplan.json @@ -1,183 +1,171 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": null, - "timeouts": null - } - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "condition": [], - "members": ["allAuthenticatedUsers", "allUsers"], - "role": "roles/cloudkms.admin" - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - }] - } - }, - "resource_changes": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": null, - "timeouts": null - }, - "after_unknown": { - "destroy_scheduled_duration": true, - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - } - } - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "condition": [], - "members": ["allAuthenticatedUsers", "allUsers"], - "role": "roles/cloudkms.admin" - }, - "after_unknown": { - "condition": [], - "crypto_key_id": true, - "etag": true, - "id": true, - "members": [false, false] - } - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - } - } - }], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "credentials": { - "constant_value": "{{.Provider.project}}" - } - } - } - }, - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": ["google_kms_key_ring.example_keyring"] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, { - "address": "google_kms_crypto_key_iam_binding.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_binding", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": ["google_kms_crypto_key.example_crypto_key"] - }, - "members": { - "constant_value": ["allUsers", "allAuthenticatedUsers"] - }, - "role": { - "constant_value": "roles/cloudkms.admin" - } - }, - "schema_version": 0 - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - }] - } - } + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "condition": [], + "crypto_key_id": "{{.Provider.project}}/global/keyring-example/crypto-key-example", + "members": [ + "allAuthenticatedUsers", + "allUsers" + ], + "role": "roles/cloudkms.admin" + }, + "sensitive_values": { + "condition": [], + "members": [ + false, + false + ] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] + } + } + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "condition": [], + "crypto_key_id": "{{.Provider.project}}/global/keyring-example/crypto-key-example", + "members": [ + "allAuthenticatedUsers", + "allUsers" + ], + "role": "roles/cloudkms.admin" + }, + "after_unknown": { + "condition": [], + "etag": true, + "id": true, + "members": [ + false, + false + ] + }, + "before_sensitive": false, + "after_sensitive": { + "condition": [], + "members": [ + false, + false + ] + } + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" + } + }, + "schema_version": 1 + }, + { + "address": "google_kms_crypto_key_iam_binding.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_binding", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "{{.Provider.project}}/global/keyring-example/crypto-key-example" + }, + "members": { + "constant_value": [ + "allUsers", + "allAuthenticatedUsers" + ] + }, + "role": { + "constant_value": "roles/cloudkms.admin" + } + }, + "schema_version": 0 + } + ] + } + } } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json index aff1e5fe9aef..f743cc71d904 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.json @@ -1,43 +1,26 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allAuthenticatedUsers" - ] - } - ] - } + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allAuthenticatedUsers" + ] } + ] } -] \ No newline at end of file + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf index 02d07e5a2a27..011241ad25a8 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_member" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "global/keyring-example/crypto-key-example" role = "roles/cloudkms.admin" member = "allAuthenticatedUsers" } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json index 8018c7d0f748..c3075bf106ee 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_member.tfplan.json @@ -1,191 +1,150 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - } - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "condition": [], - "member": "allAuthenticatedUsers", - "role": "roles/cloudkms.admin" - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - }] - } - }, - "resource_changes": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - }, - "after_unknown": { - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - }, - "before_sensitive": false, - "after_sensitive": { - "version_template": [] - } - } - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "condition": [], - "member": "allAuthenticatedUsers", - "role": "roles/cloudkms.admin" - }, - "after_unknown": { - "condition": [], - "crypto_key_id": true, - "etag": true, - "id": true - }, - "before_sensitive": false, - "after_sensitive": { - "condition": [] - } - } - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": ["create"], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - }, - "before_sensitive": false, - "after_sensitive": {} - } - }], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "project": { - "constant_value": "{{.Provider.project}}" - } - } + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "condition": [], + "crypto_key_id": "global/keyring-example/crypto-key-example", + "member": "allAuthenticatedUsers", + "role": "roles/cloudkms.admin" + }, + "sensitive_values": { + "condition": [] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] + } + } + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "condition": [], + "crypto_key_id": "global/keyring-example/crypto-key-example", + "member": "allAuthenticatedUsers", + "role": "roles/cloudkms.admin" + }, + "after_unknown": { + "condition": [], + "etag": true, + "id": true + }, + "before_sensitive": false, + "after_sensitive": { + "condition": [] + } + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" } - }, - "root_module": { - "resources": [{ - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": ["google_kms_key_ring.example_keyring"] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, { - "address": "google_kms_crypto_key_iam_member.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_member", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": ["google_kms_crypto_key.example_crypto_key"] - }, - "member": { - "constant_value": "allAuthenticatedUsers" - }, - "role": { - "constant_value": "roles/cloudkms.admin" - } - }, - "schema_version": 0 - }, { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - }] - } - } + }, + "schema_version": 1 + }, + { + "address": "google_kms_crypto_key_iam_member.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_member", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "global/keyring-example/crypto-key-example" + }, + "member": { + "constant_value": "allAuthenticatedUsers" + }, + "role": { + "constant_value": "roles/cloudkms.admin" + } + }, + "schema_version": 0 + } + ] + } + } } diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json index ef39bbfd9e56..64c09c1bf1bd 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.json @@ -1,44 +1,27 @@ [ - { - "name": "//cloudkms.googleapis.com/placeholder-BpLnfgDs/cryptoKeys/crypto-key-example", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "CryptoKey", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": { - "purpose": "ENCRYPT_DECRYPT" - } - } - }, - { - "name": "//cloudkms.googleapis.com/placeholder-c2WD8F2q", - "asset_type": "cloudkms.googleapis.com/CryptoKey", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "iam_policy": { - "bindings": [ - { - "role": "roles/cloudkms.admin", - "members": [ - "allAuthenticatedUsers", - "serviceAccount:998476993360@cloudservices.gserviceaccount.com" - ] - } - ] - } - }, - { - "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", - "asset_type": "cloudkms.googleapis.com/KeyRing", - "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", - "resource": { - "version": "v1", - "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", - "discovery_name": "KeyRing", - "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", - "data": null - } - } -] \ No newline at end of file + { + "name": "//cloudkms.googleapis.com/projects/{{.Provider.project}}/locations/global/keyRings/keyring-example/cryptoKeys/crypto-key-example", + "asset_type": "cloudkms.googleapis.com/CryptoKey", + "ancestry_path": "{{.Ancestry}}/project/{{.Provider.project}}", + "resource": { + "version": "v1", + "discovery_document_uri": "https://www.googleapis.com/discovery/v1/apis/cloudkms/v1/rest", + "discovery_name": "CryptoKey", + "parent": "//cloudresourcemanager.googleapis.com/projects/{{.Provider.project}}", + "data": { + "purpose": "ENCRYPT_DECRYPT" + } + }, + "iam_policy": { + "bindings": [ + { + "role": "roles/cloudkms.admin", + "members": [ + "allAuthenticatedUsers", + "serviceAccount:998476993360@cloudservices.gserviceaccount.com" + ] + } + ] + } + } +] diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf index 5b43dc4817e6..b10e12f3064a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tf @@ -27,19 +27,13 @@ provider "google" { {{if .Provider.credentials }}credentials = "{{.Provider.credentials}}"{{end}} } -resource "google_kms_key_ring" "example_keyring" { - name = "keyring-example" - location = "global" - project = "{{.Provider.project}}" -} - resource "google_kms_crypto_key" "example_crypto_key" { name = "crypto-key-example" - key_ring = google_kms_key_ring.example_keyring.id + key_ring = "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" } resource "google_kms_crypto_key_iam_policy" "crypto_key" { - crypto_key_id = google_kms_crypto_key.example_crypto_key.id + crypto_key_id = "global/keyring-example/crypto-key-example" policy_data = jsonencode( { bindings = [ diff --git a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json index 65d16b928cc7..43f28a43ff4a 100644 --- a/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json +++ b/mmv1/third_party/validator/tests/data/example_kms_crypto_key_iam_policy.tfplan.json @@ -1,201 +1,136 @@ { - "format_version": "0.1", - "terraform_version": "0.12.31", - "planned_values": { - "root_module": { - "resources": [ - { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_name": "google", - "schema_version": 0, - "values": { - "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" - } - }, - { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "schema_version": 1, - "values": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - } - }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "schema_version": 0, - "values": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - } - } - ] - } - }, - "resource_changes": [ + "format_version": "0.2", + "terraform_version": "1.0.10", + "planned_values": { + "root_module": { + "resources": [ { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" - }, - "after_unknown": { - "crypto_key_id": true, - "etag": true, - "id": true - }, - "before_sensitive": false, - "after_sensitive": {} - } + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 1, + "values": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null + }, + "sensitive_values": { + "version_template": [] + } }, { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "labels": null, - "name": "crypto-key-example", - "purpose": "ENCRYPT_DECRYPT", - "rotation_period": null, - "skip_initial_version_creation": false, - "timeouts": null - }, - "after_unknown": { - "id": true, - "key_ring": true, - "self_link": true, - "version_template": true - }, - "before_sensitive": false, - "after_sensitive": { - "version_template": [] - } - } + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "crypto_key_id": "global/keyring-example/crypto-key-example", + "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" + }, + "sensitive_values": {} + } + ] + } + }, + "resource_changes": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "key_ring": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example", + "labels": null, + "name": "crypto-key-example", + "purpose": "ENCRYPT_DECRYPT", + "rotation_period": null, + "skip_initial_version_creation": null, + "timeouts": null }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_name": "google", - "change": { - "actions": [ - "create" - ], - "before": null, - "after": { - "location": "global", - "name": "keyring-example", - "project": "{{.Provider.project}}", - "timeouts": null - }, - "after_unknown": { - "id": true, - "self_link": true - }, - "before_sensitive": false, - "after_sensitive": {} - } + "after_unknown": { + "destroy_scheduled_duration": true, + "id": true, + "import_only": true, + "version_template": true + }, + "before_sensitive": false, + "after_sensitive": { + "version_template": [] } - ], - "configuration": { - "provider_config": { - "google": { - "name": "google", - "expressions": { - "project": { - "constant_value": "{{.Provider.project}}" - } - } + } + }, + { + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "crypto_key_id": "global/keyring-example/crypto-key-example", + "policy_data": "{\"bindings\":[{\"members\":[\"allAuthenticatedUsers\",\"serviceAccount:998476993360@cloudservices.gserviceaccount.com\"],\"role\":\"roles/cloudkms.admin\"}]}" + }, + "after_unknown": { + "etag": true, + "id": true + }, + "before_sensitive": false, + "after_sensitive": {} + } + } + ], + "configuration": { + "root_module": { + "resources": [ + { + "address": "google_kms_crypto_key.example_crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key", + "name": "example_crypto_key", + "provider_config_key": "google", + "expressions": { + "key_ring": { + "constant_value": "projects/{{.Provider.project}}/locations/global/keyRings/keyring-example" + }, + "name": { + "constant_value": "crypto-key-example" } + }, + "schema_version": 1 }, - "root_module": { - "resources": [ - { - "address": "google_kms_crypto_key.example_crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key", - "name": "example_crypto_key", - "provider_config_key": "google", - "expressions": { - "key_ring": { - "references": [ - "google_kms_key_ring.example_keyring" - ] - }, - "name": { - "constant_value": "crypto-key-example" - } - }, - "schema_version": 1 - }, - { - "address": "google_kms_crypto_key_iam_policy.crypto_key", - "mode": "managed", - "type": "google_kms_crypto_key_iam_policy", - "name": "crypto_key", - "provider_config_key": "google", - "expressions": { - "crypto_key_id": { - "references": [ - "google_kms_crypto_key.example_crypto_key" - ] - }, - "policy_data": {} - }, - "schema_version": 0 - }, - { - "address": "google_kms_key_ring.example_keyring", - "mode": "managed", - "type": "google_kms_key_ring", - "name": "example_keyring", - "provider_config_key": "google", - "expressions": { - "location": { - "constant_value": "global" - }, - "name": { - "constant_value": "keyring-example" - }, - "project": { - "constant_value": "{{.Provider.project}}" - } - }, - "schema_version": 0 - } - ] + { + "address": "google_kms_crypto_key_iam_policy.crypto_key", + "mode": "managed", + "type": "google_kms_crypto_key_iam_policy", + "name": "crypto_key", + "provider_config_key": "google", + "expressions": { + "crypto_key_id": { + "constant_value": "global/keyring-example/crypto-key-example" + }, + "policy_data": {} + }, + "schema_version": 0 } + ] } + } }