Add support for AutokeyConfig and KeyHandle KMS resources

google/services/kms/kms_operation.go

@@ -0,0 +1,92 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package kms
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+type KMSOperationWaiter struct {
+	Config    *transport_tpg.Config
+	UserAgent string
+	Project   string
+	tpgresource.CommonOperationWaiter
+}
+
+func (w *KMSOperationWaiter) QueryOp() (interface{}, error) {
+	if w == nil {
+		return nil, fmt.Errorf("Cannot query operation, it's unset or nil.")
+	}
+	// Returns the proper get.
+	url := fmt.Sprintf("%s%s", w.Config.KMSBasePath, w.CommonOperationWaiter.Op.Name)
+
+	return transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    w.Config,
+		Method:    "GET",
+		Project:   w.Project,
+		RawURL:    url,
+		UserAgent: w.UserAgent,
+	})
+}
+
+func createKMSWaiter(config *transport_tpg.Config, op map[string]interface{}, project, activity, userAgent string) (*KMSOperationWaiter, error) {
+	w := &KMSOperationWaiter{
+		Config:    config,
+		UserAgent: userAgent,
+		Project:   project,
+	}
+	if err := w.CommonOperationWaiter.SetOp(op); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+// nolint: deadcode,unused
+func KMSOperationWaitTimeWithResponse(config *transport_tpg.Config, op map[string]interface{}, response *map[string]interface{}, project, activity, userAgent string, timeout time.Duration) error {
+	w, err := createKMSWaiter(config, op, project, activity, userAgent)
+	if err != nil {
+		return err
+	}
+	if err := tpgresource.OperationWait(w, activity, timeout, config.PollInterval); err != nil {
+		return err
+	}
+	rawResponse := []byte(w.CommonOperationWaiter.Op.Response)
+	if len(rawResponse) == 0 {
+		return errors.New("`resource` not set in operation response")
+	}
+	return json.Unmarshal(rawResponse, response)
+}
+
+func KMSOperationWaitTime(config *transport_tpg.Config, op map[string]interface{}, project, activity, userAgent string, timeout time.Duration) error {
+	if val, ok := op["name"]; !ok || val == "" {
+		// This was a synchronous call - there is no operation to wait for.
+		return nil
+	}
+	w, err := createKMSWaiter(config, op, project, activity, userAgent)
+	if err != nil {
+		// If w is nil, the op was synchronous.
+		return err
+	}
+	return tpgresource.OperationWait(w, activity, timeout, config.PollInterval)
+}

website/docs/r/kms_autokey_config.html.markdown

@@ -0,0 +1,173 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Cloud Key Management Service"
+description: |-
+  `AutokeyConfig` is a singleton resource used to configure the auto-provisioning
+  flow of CryptoKeys for CMEK.
+---
+
+# google_kms_autokey_config
+
+`AutokeyConfig` is a singleton resource used to configure the auto-provisioning
+flow of CryptoKeys for CMEK.
+
+
+~> **Note:** AutokeyConfigs cannot be deleted from Google Cloud Platform.
+Destroying a Terraform-managed AutokeyConfig will remove it from state but
+*will not delete the resource from the project.*
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about AutokeyConfig, see:
+
+* [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/AutokeyConfig)
+* How-to Guides
+    * [Cloud KMS with Autokey](https://cloud.google.com/kms/docs/kms-with-autokey)
+
+## Example Usage - Kms Autokey Config All
+
+
+```hcl
+# Create Folder in GCP Organization
+resource "google_folder" "autokms_folder" {
+  provider     = google-beta
+  display_name = "my-folder"
+  parent       = "organizations/123456789"
+}
+
+# Create the key project
+resource "google_project" "key_project" {
+  provider        = google-beta
+  project_id      = "key-proj"
+  name            = "key-proj"
+  folder_id       = google_folder.autokms_folder.folder_id
+  billing_account = "000000-0000000-0000000-000000"
+  depends_on      = [google_folder.autokms_folder]
+}
+
+# Enable the Cloud KMS API
+resource "google_project_service" "kms_api_service" {
+  provider                   = google-beta
+  service                    = "cloudkms.googleapis.com"
+  project                    = google_project.key_project.project_id
+  disable_on_destroy         = false
+  disable_dependent_services = true
+  depends_on                 = [google_project.key_project]
+}
+
+# Wait delay after enabling APIs
+resource "time_sleep" "wait_enable_service_api" {
+  depends_on       = [google_project_service.kms_api_service]
+  create_duration  = "30s"
+}
+
+#Create KMS Service Agent
+resource "google_project_service_identity" "kms_service_agent" {
+  provider   = google-beta
+  service    = "cloudkms.googleapis.com"
+  project    = google_project.key_project.number
+  depends_on = [time_sleep.wait_enable_service_api]
+}
+
+# Wait delay after creating service agent.
+resource "time_sleep" "wait_service_agent" {
+  depends_on       = [google_project_service_identity.kms_service_agent]
+  create_duration  = "10s"
+}
+
+#Grant the KMS Service Agent the Cloud KMS Admin role
+resource "google_project_iam_member" "autokey_project_admin" {
+  provider   = google-beta
+  project    = google_project.key_project.project_id
+  role       = "roles/cloudkms.admin"
+  member     = "serviceAccount:service-${google_project.key_project.number}@gcp-sa-cloudkms.iam.gserviceaccount.com"
+  depends_on = [time_sleep.wait_service_agent]
+}
+
+# Wait delay after granting IAM permissions
+resource "time_sleep" "wait_srv_acc_permissions" {
+  create_duration = "10s"
+  depends_on      = [google_project_iam_member.autokey_project_admin]
+}
+
+resource "google_kms_autokey_config" "example-autokeyconfig" {
+  provider    = google-beta
+  folder      = google_folder.autokms_folder.folder_id
+  key_project = "projects/${google_project.key_project.project_id}"
+  depends_on  = [time_sleep.wait_srv_acc_permissions]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `folder` -
+  (Required)
+  The folder for which to retrieve config.
+
+
+- - -
+
+
+* `key_project` -
+  (Optional)
+  The target key project for a given folder where KMS Autokey will provision a
+  CryptoKey for any new KeyHandle the Developer creates. Should have the form
+  `projects/<project_id_or_number>`.
+
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `folders/{{folder}}/autokeyConfig`
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+AutokeyConfig can be imported using any of these accepted formats:
+
+* `folders/{{folder}}/autokeyConfig`
+* `{{folder}}`
+
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import AutokeyConfig using one of the formats above. For example:
+
+```tf
+import {
+  id = "folders/{{folder}}/autokeyConfig"
+  to = google_kms_autokey_config.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), AutokeyConfig can be imported using one of the formats above. For example:
+
+```
+$ terraform import google_kms_autokey_config.default folders/{{folder}}/autokeyConfig
+$ terraform import google_kms_autokey_config.default {{folder}}
+```