From 807e2f6c28607f989af9741458844a41a4ae8ffa Mon Sep 17 00:00:00 2001 From: Daan Heikens Date: Thu, 9 May 2024 00:41:48 +0200 Subject: [PATCH] Add KMS support for the google_bigquery_connection resource (#10561) Co-authored-by: Stephen Lewis (Burrows) --- .../bigqueryconnection/Connection.yaml | 26 +++++++++++++ .../examples/bigquery_connection_kms.tf.erb | 38 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb diff --git a/mmv1/products/bigqueryconnection/Connection.yaml b/mmv1/products/bigqueryconnection/Connection.yaml index a40bb68f0387..6de344ec5e59 100644 --- a/mmv1/products/bigqueryconnection/Connection.yaml +++ b/mmv1/products/bigqueryconnection/Connection.yaml @@ -125,6 +125,26 @@ examples: primary_resource_id: "connection" vars: connection_id: "my-connection" + - !ruby/object:Provider::Terraform::Examples + name: 'bigquery_connection_kms' + primary_resource_id: + 'bq-connection-cmek' + vars: + database_instance_name: 'my-database-instance' + username: 'user' + deletion_protection: 'true' + kms_key_name: 'projects/project/locations/us-central1/keyRings/us-central1/cryptoKeys/bq-key' + test_vars_overrides: + deletion_protection: 'false' + kms_key_name: 'acctest.BootstrapKMSKey(t).CryptoKey.Name' + policyChanged: + "acctest.BootstrapPSARole(t, \"bq-\", \"bigquery-encryption\", + \"roles/cloudkms.cryptoKeyEncrypterDecrypter\"\ + )" + oics_vars_overrides: + deletion_protection: 'false' + ignore_read_extra: + - 'cloud_sql.0.credential' # password removed properties: - !ruby/object:Api::Type::String name: name @@ -164,6 +184,12 @@ properties: output: true description: | True if the connection has credential assigned. + - !ruby/object:Api::Type::String + name: 'kmsKeyName' + description: | + Optional. The Cloud KMS key that is used for encryption. + + Example: projects/[kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key] - !ruby/object:Api::Type::NestedObject name: 'cloudSql' description: Connection properties specific to the Cloud SQL. diff --git a/mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb b/mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb new file mode 100644 index 000000000000..083916d9b5db --- /dev/null +++ b/mmv1/templates/terraform/examples/bigquery_connection_kms.tf.erb @@ -0,0 +1,38 @@ +resource "google_sql_database_instance" "instance" { + name = "<%= ctx[:vars]['database_instance_name'] %>" + database_version = "POSTGRES_11" + region = "us-central1" + settings { + tier = "db-f1-micro" + } + + deletion_protection = "<%= ctx[:vars]['deletion_protection'] %>" +} + +resource "google_sql_database" "db" { + instance = google_sql_database_instance.instance.name + name = "db" +} + +resource "google_sql_user" "user" { + name = "<%= ctx[:vars]['username'] %>" + instance = google_sql_database_instance.instance.name + password = "tf-test-my-password%{random_suffix}" +} + +resource "google_bigquery_connection" "<%= ctx[:primary_resource_id] %>" { + friendly_name = "👋" + description = "a riveting description" + location = "US" + kms_key_name = "<%= ctx[:vars]['kms_key_name'] %>" + cloud_sql { + instance_id = google_sql_database_instance.instance.connection_name + database = google_sql_database.db.name + type = "POSTGRES" + credential { + username = google_sql_user.user.name + password = google_sql_user.user.password + } + } +} +