Spanner MR CMEK Integration #11319
Spanner MR CMEK Integration #11319
Conversation
- Add kmsKeyNames to encryptionConfig - Make kmsKeyName and kmsKeyNames not required
Add MR CMEK test
Mr cmek integration
|
Hello! I am a robot. Tests will require approval from a repository maintainer to run. @c2thorn, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 30 Click here to see the affected service packages
Tests were added that are skipped in VCR:
View the build log |
Tests analyticsTotal tests: 30 Click here to see the affected service packages
Tests were added that are skipped in VCR:
View the build log |
There was a problem hiding this comment.
can you update the release note based on https://googlecloudplatform.github.io/magic-modules/contribute/release-notes/
I'll run the test in our environment to make sure its passing
mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go.erb
Outdated
Show resolved
Hide resolved
Added a note. |
There was a problem hiding this comment.
=== RUN TestAccSpannerDatabase_mrcmek
=== PAUSE TestAccSpannerDatabase_mrcmek
=== CONT TestAccSpannerDatabase_mrcmek
vcr_utils.go:152: Step 1/2 error: Error running apply: exit status 1
Error: Error creating Database: googleapi: Error 400: Invalid CreateDatabase request.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Expected projects/{project ID}/locations/{location ID}/keyRings/{keyring ID}/cryptoKeys/{kms_key_name}\nGot: google_kms_crypto_key.example-key-us-central1.id\nError: Resource name 'google_kms_crypto_key.example-key-us-central1.id' does not match pattern 'projects/([^/]{1,100})/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})'.",
"field": "encryption_config.kms_key_names[0]"
}
]
}
]
with google_spanner_database.database,
on terraform_plugin_test.tf line 9, in resource "google_spanner_database" "database":
9: resource "google_spanner_database" "database" {
|
I am seeing the error "The Cloud Spanner multi-region CMEK feature is currently not supported" |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use spaces rather than tabs
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use spaces instead of tabs
Change description of kmsKeyNames to use plurals
…ey_names.go.tmpl Clarify comment Co-authored-by: Stephen Lewis (Burrows) <stephen.r.burrows@gmail.com>
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use spaces instead of tabs
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use BootstrapKMSKey instead of crypto keys because crypto keys can't be deleted
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
1 similar comment
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Tests analyticsTotal tests: 4152 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
| resource "google_kms_crypto_key_iam_binding" "crypto_key1" { | ||
| crypto_key_id = "%{key_name1}" | ||
| role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
| members = [ | ||
| google_project_service_identity.ck_sa.member, | ||
| ] | ||
| } | ||
|
|
||
| resource "google_kms_crypto_key_iam_binding" "crypto_key2" { | ||
| crypto_key_id = "%{key_name2}" | ||
| role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
| members = [ | ||
| google_project_service_identity.ck_sa.member, | ||
| ] | ||
| } | ||
|
|
||
| resource "google_kms_crypto_key_iam_binding" "crypto_key3" { | ||
| crypto_key_id = "%{key_name3}" | ||
| role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
| members = [ | ||
| google_project_service_identity.ck_sa.member, | ||
| ] | ||
| } |
There was a problem hiding this comment.
Can you remove these IAM roles? I'll manually add them once done. Then we should be good to go here.
Promote Spanner MR CMEK support to GA:
Adds the new field kmsKeyNames to encryptionConfig to support creating a Spanner MR CMEK database.
Release Note Template for Downstream PRs (will be copied)