Skip to content

Commit

Permalink
Add kms key field to Artifact Registry repository. (#3658) (#2254)
Browse files Browse the repository at this point in the history 
Co-authored-by: Dana Hoffman <danahoffman@google.com>
Signed-off-by: Modular Magician <magic-modules@google.com>

Co-authored-by: Dana Hoffman <danahoffman@google.com>
  • Loading branch information
@modular-magician @danawillow
modular-magician and danawillow authored Jul 6, 2020
1 parent ce0799a commit 28d4d01
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/3658.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
artifactregistry: Added field `kms_key_name` to `google_artifact_registry_repository`
```
32 changes: 32 additions & 0 deletions google-beta/resource_artifact_registry_repository.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,15 @@ func resourceArtifactRegistryRepository() *schema.Resource {
Optional: true,
Description: `The user-provided description of the repository.`,
},
"kms_key_name": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: `The Cloud KMS resource name of the customer managed encryption key that’s
used to encrypt the contents of the Repository. Has the form:
'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.
This value may not be changed after the Repository has been created.`,
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Expand Down Expand Up @@ -126,6 +135,12 @@ func resourceArtifactRegistryRepositoryCreate(d *schema.ResourceData, meta inter
} else if v, ok := d.GetOkExists("labels"); !isEmptyValue(reflect.ValueOf(labelsProp)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
kmsKeyNameProp, err := expandArtifactRegistryRepositoryKmsKeyName(d.Get("kms_key_name"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("kms_key_name"); !isEmptyValue(reflect.ValueOf(kmsKeyNameProp)) && (ok || !reflect.DeepEqual(v, kmsKeyNameProp)) {
obj["kmsKeyName"] = kmsKeyNameProp
}

url, err := replaceVars(d, config, "{{ArtifactRegistryBasePath}}projects/{{project}}/locations/{{location}}/repositories?repository_id={{repository_id}}")
if err != nil {
Expand Down Expand Up @@ -210,6 +225,9 @@ func resourceArtifactRegistryRepositoryRead(d *schema.ResourceData, meta interfa
if err := d.Set("labels", flattenArtifactRegistryRepositoryLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading Repository: %s", err)
}
if err := d.Set("kms_key_name", flattenArtifactRegistryRepositoryKmsKeyName(res["kmsKeyName"], d, config)); err != nil {
return fmt.Errorf("Error reading Repository: %s", err)
}
if err := d.Set("create_time", flattenArtifactRegistryRepositoryCreateTime(res["createTime"], d, config)); err != nil {
return fmt.Errorf("Error reading Repository: %s", err)
}
Expand Down Expand Up @@ -247,6 +265,12 @@ func resourceArtifactRegistryRepositoryUpdate(d *schema.ResourceData, meta inter
} else if v, ok := d.GetOkExists("labels"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, labelsProp)) {
obj["labels"] = labelsProp
}
kmsKeyNameProp, err := expandArtifactRegistryRepositoryKmsKeyName(d.Get("kms_key_name"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("kms_key_name"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, kmsKeyNameProp)) {
obj["kmsKeyName"] = kmsKeyNameProp
}

url, err := replaceVars(d, config, "{{ArtifactRegistryBasePath}}projects/{{project}}/locations/{{location}}/repositories/{{name}}")
if err != nil {
Expand Down Expand Up @@ -343,6 +367,10 @@ func flattenArtifactRegistryRepositoryLabels(v interface{}, d *schema.ResourceDa
return v
}

func flattenArtifactRegistryRepositoryKmsKeyName(v interface{}, d *schema.ResourceData, config *Config) interface{} {
return v
}

func flattenArtifactRegistryRepositoryCreateTime(v interface{}, d *schema.ResourceData, config *Config) interface{} {
return v
}
Expand All @@ -369,3 +397,7 @@ func expandArtifactRegistryRepositoryLabels(v interface{}, d TerraformResourceDa
}
return m, nil
}

func expandArtifactRegistryRepositoryKmsKeyName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
return v, nil
}
34 changes: 34 additions & 0 deletions google-beta/resource_artifact_registry_repository_generated_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,40 @@ resource "google_artifact_registry_repository" "my-repo" {
`, context)
}

func TestAccArtifactRegistryRepository_artifactRegistryRepositoryCmekExample(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"kms_key_name": BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name,
"random_suffix": randString(t, 10),
}

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersOiCS,
CheckDestroy: testAccCheckArtifactRegistryRepositoryDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccArtifactRegistryRepository_artifactRegistryRepositoryCmekExample(context),
},
},
})
}

func testAccArtifactRegistryRepository_artifactRegistryRepositoryCmekExample(context map[string]interface{}) string {
return Nprintf(`
resource "google_artifact_registry_repository" "my-repo" {
provider = google-beta
location = "us-central1"
repository_id = "tf-test-my-repository%{random_suffix}"
description = "example docker repository with cmek"
format = "DOCKER"
kms_key_name = "%{kms_key_name}"
}
`, context)
}

func TestAccArtifactRegistryRepository_artifactRegistryRepositoryIamExample(t *testing.T) {
t.Parallel()

Expand Down
26 changes: 26 additions & 0 deletions website/docs/r/artifact_registry_repository.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,25 @@ resource "google_artifact_registry_repository" "my-repo" {
format = "DOCKER"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgit.luolix.top%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_cmek&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Artifact Registry Repository Cmek


```hcl
resource "google_artifact_registry_repository" "my-repo" {
provider = google-beta
location = "us-central1"
repository_id = "my-repository"
description = "example docker repository with cmek"
format = "DOCKER"
kms_key_name = "kms-key"
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgit.luolix.top%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=artifact_registry_repository_iam&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
Expand Down Expand Up @@ -123,6 +142,13 @@ The following arguments are supported:
and may only contain lowercase letters, numeric characters, underscores,
and dashes.

* `kms_key_name` -
(Optional)
The Cloud KMS resource name of the customer managed encryption key that’s
used to encrypt the contents of the Repository. Has the form:
`projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key`.
This value may not be changed after the Repository has been created.

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.

Expand Down

0 comments on commit 28d4d01

Please sign in to comment.