(Upstreaming) Add KMS support to bigquery tables. (#2784)

Merged PR #2784.
GoogleCloudPlatform · Dec 6, 2019 · 75c7575 · 75c7575
1 parent 5eb989d
commit 75c7575
Show file tree

Hide file tree

Showing 8 changed files with 331 additions and 130 deletions.
diff --git a/build/terraform b/build/terraform
diff --git a/build/terraform-beta b/build/terraform-beta
diff --git a/third_party/terraform/data_sources/data_source_google_bigquery_default_service_account.go b/third_party/terraform/data_sources/data_source_google_bigquery_default_service_account.go
@@ -0,0 +1,41 @@
+package google
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGoogleBigqueryDefaultServiceAccount() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGoogleBigqueryDefaultServiceAccountRead,
+		Schema: map[string]*schema.Schema{
+			"email": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func dataSourceGoogleBigqueryDefaultServiceAccountRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	project, err := getProject(d, config)
+	if err != nil {
+		return err
+	}
+
+	projectResource, err := config.clientBigQuery.Projects.GetServiceAccount(project).Do()
+	if err != nil {
+		return handleNotFoundError(err, d, "GCE service account not found")
+	}
+
+	d.SetId(projectResource.Email)
+	d.Set("email", projectResource.Email)
+	d.Set("project", project)
+	return nil
+}
diff --git a/third_party/terraform/resources/resource_bigquery_table.go.erb b/third_party/terraform/resources/resource_bigquery_table.go.erb
@@ -311,6 +311,19 @@ func resourceBigQueryTable() *schema.Resource {
 				MaxItems: 4,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
+			"encryption_configuration": {
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"kms_key_name": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+					},
+				},
+			},
 
 			// CreationTime: [Output-only] The time when this table was created, in
 			// milliseconds since the epoch.
@@ -421,6 +434,12 @@ func resourceTable(d *schema.ResourceData, meta interface{}) (*bigquery.Table, e
 		table.FriendlyName = v.(string)
 	}
 
+	if v, ok := d.GetOk("encryption_configuration.0.kms_key_name"); ok {
+		table.EncryptionConfiguration = &bigquery.EncryptionConfiguration{
+			KmsKeyName: v.(string),
+		}
+	}
+
 	if v, ok := d.GetOk("labels"); ok {
 		labels := map[string]string{}
 
@@ -536,6 +555,11 @@ func resourceBigQueryTableRead(d *schema.ResourceData, meta interface{}) error {
 	if res.Clustering != nil {
 		d.Set("clustering", res.Clustering.Fields)
 	}
+	if res.EncryptionConfiguration != nil {
+		if err := d.Set("encryption_configuration", flattenEncryptionConfiguration(res.EncryptionConfiguration)); err != nil {
+			return err
+		}
+	}
 
 	if res.Schema != nil {
 		schema, err := flattenSchema(res.Schema)
@@ -813,6 +837,10 @@ func expandTimePartitioning(configured interface{}) *bigquery.TimePartitioning {
 	return tp
 }
 
+func flattenEncryptionConfiguration(ec *bigquery.EncryptionConfiguration) []map[string]interface{} {
+	return []map[string]interface{}{{"kms_key_name": ec.KmsKeyName}}
+}
+
 func flattenTimePartitioning(tp *bigquery.TimePartitioning) []map[string]interface{} {
 	result := map[string]interface{}{"type": tp.Type}