add support for netapp KMS_config(GoogleCloudPlatform#9353)

* KMS_config_first_commit * kmscommit for author change * Updated label to KeyValueLabels * kmsconfig_update_key_ring_crypto_key_name * Fixed issues in resource_netapp_kmsconfig_test.go * removed roation_period * changed location to us-west1 * fixed double quotes * changes_with_labels * changed location to us-central1
pengq-google · May 21, 2024 · ebbc1b9 · ebbc1b9
1 parent 55a2c02
commit ebbc1b9
Show file tree

Hide file tree

Showing 4 changed files with 236 additions and 0 deletions.
diff --git a/mmv1/products/netapp/kmsconfig.yaml b/mmv1/products/netapp/kmsconfig.yaml
@@ -0,0 +1,97 @@
+# Copyright 2023 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+!ruby/object:Api::Resource # API resource name
+name: "kmsconfig"
+description: |
+  NetApp Volumes always encrypts your data at rest using volume-specific keys.
+
+  A CMEK policy (customer-managed encryption key) warps such volume-specific keys in a key stored in Cloud Key Management Service (KMS).
+references: !ruby/object:Api::Resource::ReferenceLinks
+  guides:
+    # Link to quickstart in the API's Guides section. For example:
+    # 'Create and connect to a database': 'https://cloud.google.com/alloydb/docs/quickstart/create-and-connect'
+    "Documentation": "https://cloud.google.com/netapp/volumes/docs/configure-and-use/cmek/cmek-overview"
+  # Link to the REST API reference for the resource. For example,
+  api: "https://cloud.google.com/netapp/volumes/docs/reference/rest/v1/projects.locations.kmsConfigs"
+base_url: projects/{{project}}/locations/{{location}}/kmsConfigs
+self_link: projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}
+create_url: projects/{{project}}/locations/{{location}}/kmsConfigs?kmsConfigId={{name}}
+update_url: projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}
+update_verb: :PATCH
+update_mask: true
+autogen_async: true
+
+async: !ruby/object:Api::OpAsync
+  # Overrides which API calls return operations. Default: ['create',
+  # 'update', 'delete']
+  # actions: ['create', 'update', 'delete']
+  operation: !ruby/object:Api::OpAsync::Operation
+    base_url: "{{op_id}}"
+custom_code: !ruby/object:Provider::Terraform::CustomCode
+  post_create: templates/terraform/post_create/KMS_Verify.go.erb
+
+id_format: "projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}"
+import_format:
+  ["projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}"]
+parameters:
+  - !ruby/object:Api::Type::String
+    name: "location"
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      Name of the policy location. CMEK policies apply to the whole region.
+  - !ruby/object:Api::Type::String # OK: This needs to be 'name' IMHO
+    name: "name"
+    description: |
+      Name of the CMEK policy.
+    required: true
+    immutable: true
+    url_param_only: true
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: "kmsConfig_create"
+    primary_resource_id: "kmsConfig"
+    vars:
+      kms_name: "kms-test"
+      key_ring_value: "key-ring"
+      crypto_name: "crypto-name"
+properties:
+  - !ruby/object:Api::Type::String
+    name: "description"
+    description: |
+      Description for the CMEK policy.
+  - !ruby/object:Api::Type::KeyValueLabels
+    name: "labels"
+    description: |
+      Labels as key value pairs. Example: `{ "owner": "Bob", "department": "finance", "purpose": "testing" }`.
+  - !ruby/object:Api::Type::String
+    name: "cryptoKeyName"
+    description: |
+      Resource name of the KMS key to use. Only regional keys are supported. Format: `projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}`.
+    required: true
+  - !ruby/object:Api::Type::String
+    name: "instructions"
+    description: |
+      Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.
+
+      To make the policy work, a CMEK policy check is required, which verifies key access.
+    output: true
+
+  - !ruby/object:Api::Type::String
+    name: "serviceAccount"
+    description: |
+      The Service account which needs to have access to the  provided KMS key.
+    output: true
diff --git a/mmv1/templates/terraform/examples/kmsConfig_create.tf.erb b/mmv1/templates/terraform/examples/kmsConfig_create.tf.erb
@@ -0,0 +1,17 @@
+resource "google_kms_key_ring" "keyring" {
+  name     = "<%= ctx[:vars]['key_ring_value'] %>"
+  location = "us-central1"
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  name            = "<%= ctx[:vars]['crypto_name'] %>"
+  key_ring        = google_kms_key_ring.keyring.id
+  # rotation_period = "100000s"
+}
+
+resource "google_netapp_kmsconfig" "<%= ctx[:primary_resource_id] %>" {
+  name = "<%= ctx[:vars]['kms_name'] %>"
+  description="this is a test description"
+  crypto_key_name=google_kms_crypto_key.crypto_key.id
+  location="us-central1"
+}
diff --git a/mmv1/templates/terraform/post_create/KMS_Verify.go.erb b/mmv1/templates/terraform/post_create/KMS_Verify.go.erb
@@ -0,0 +1,17 @@
+url_kms_verify, err := tpgresource.ReplaceVars(d, config, "{{NetappBasePath}}projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}:verify")
+	if err != nil {
+		return err
+	}
+
+	res_kms_verify, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "POST",
+		Project:   billingProject,
+		RawURL:    url_kms_verify,
+		UserAgent: userAgent,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+	})
+	if err != nil {
+		return fmt.Errorf("Error verifying kmsconfig: %s", err)
+	}
+    log.Printf("[DEBUG] Finished verifying kmsconfig : %#v",res_kms_verify)
diff --git a/mmv1/third_party/terraform/services/netapp/resource_netapp_kmsconfig_test.go b/mmv1/third_party/terraform/services/netapp/resource_netapp_kmsconfig_test.go
@@ -0,0 +1,105 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package netapp_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccNetappkmsconfig_kmsConfigCreateExample_Update(t *testing.T) {
+	// t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckNetappkmsconfigDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetappkmsconfig_kmsConfigCreateExample_Full(context),
+			},
+			{
+				ResourceName:            "google_netapp_kmsconfig.kmsConfig",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"},
+			},
+			{
+				Config: testAccNetappkmsconfig_kmsConfigCreateExample_Update(context),
+			},
+			{
+				ResourceName:            "google_netapp_kmsconfig.kmsConfig",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location", "name", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetappkmsconfig_kmsConfigCreateExample_Full(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+	resource "google_kms_key_ring" "keyring" {
+		name     = "tf-test-key-ring%{random_suffix}"
+		location = "us-central1"
+	}
+	  
+	resource "google_kms_crypto_key" "crypto_key" {
+		name            = "tf-test-crypto-name%{random_suffix}"
+		key_ring        = google_kms_key_ring.keyring.id
+	}
+	  
+	resource "google_netapp_kmsconfig" "kmsConfig" {
+		name = "tf-test-kms-test%{random_suffix}"
+		description="this is a test description"
+		crypto_key_name=google_kms_crypto_key.crypto_key.id
+		location="us-central1"
+	}
+`, context)
+}
+
+func testAccNetappkmsconfig_kmsConfigCreateExample_Update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+	resource "google_kms_key_ring" "keyring" {
+		name     = "tf-test-key-ring%{random_suffix}"
+		location = "us-central1"
+	}
+	  
+	resource "google_kms_crypto_key" "crypto_key" {
+		name            = "tf-test-crypto-name%{random_suffix}"
+		key_ring        = google_kms_key_ring.keyring.id
+	}
+	  
+	resource "google_netapp_kmsconfig" "kmsConfig" {
+		name = "tf-test-kms-test%{random_suffix}"
+		description="kmsconfig update"
+		crypto_key_name=google_kms_crypto_key.crypto_key.id
+		location="us-central1"
+		labels = {
+			"foo": "bar",
+		}
+	}
+`, context)
+}