diff --git a/.changelog/11413.txt b/.changelog/11413.txt new file mode 100644 index 00000000000..a731029805a --- /dev/null +++ b/.changelog/11413.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +kms: updated the `google_kms_autokey_config` resource's `folder` field to accept values that are either full resource names (`folders/{folder_id}`) or just the folder id (`{folder_id}` only) +``` \ No newline at end of file diff --git a/google/services/kms/resource_kms_autokey_config_sweeper.go b/google/services/kms/resource_kms_autokey_config_sweeper.go new file mode 100644 index 00000000000..c0cc643b9cb --- /dev/null +++ b/google/services/kms/resource_kms_autokey_config_sweeper.go @@ -0,0 +1,126 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package kms + +import ( + "context" + "log" + "strings" + "testing" + + "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/sweeper" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func init() { + sweeper.AddTestSweepers("KMSAutokeyConfig", testSweepKMSAutokeyConfig) +} + +// At the time of writing, the CI only passes us-central1 as the region +func testSweepKMSAutokeyConfig(region string) error { + resourceName := "KMSAutokeyConfig" + log.Printf("[INFO][SWEEPER_LOG] Starting sweeper for %s", resourceName) + + config, err := sweeper.SharedConfigForRegion(region) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error getting shared config for region: %s", err) + return err + } + + err = config.LoadAndValidate(context.Background()) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error loading: %s", err) + return err + } + + t := &testing.T{} + billingId := envvar.GetTestBillingAccountFromEnv(t) + + // Setup variables to replace in list template + d := &tpgresource.ResourceDataMock{ + FieldsInSchema: map[string]interface{}{ + "project": config.Project, + "region": region, + "location": region, + "zone": "-", + "billing_account": billingId, + }, + } + + listTemplate := strings.Split("https://cloudkms.googleapis.com/v1/folders/{{folder}}/autokeyConfig", "?")[0] + listUrl, err := tpgresource.ReplaceVars(d, config, listTemplate) + listUrl = strings.Replace(listUrl, "folders/folders/", "folders/", 1) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err) + return nil + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: config.Project, + RawURL: listUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error in response from request %s: %s", listUrl, err) + return nil + } + + resourceList, ok := res["autokeyConfigs"] + if !ok { + log.Printf("[INFO][SWEEPER_LOG] Nothing found in response.") + return nil + } + + rl := resourceList.([]interface{}) + + log.Printf("[INFO][SWEEPER_LOG] Found %d items in %s list response.", len(rl), resourceName) + // Keep count of items that aren't sweepable for logging. + nonPrefixCount := 0 + for _, ri := range rl { + obj := ri.(map[string]interface{}) + if obj["name"] == nil { + log.Printf("[INFO][SWEEPER_LOG] %s resource name was nil", resourceName) + return nil + } + + name := tpgresource.GetResourceNameFromSelfLink(obj["name"].(string)) + // Skip resources that shouldn't be sweeped + if !sweeper.IsSweepableTestResource(name) { + nonPrefixCount++ + continue + } + + deleteTemplate := "https://cloudkms.googleapis.com/v1/folders/{{folder}}/autokeyConfig?updateMask=keyProject" + deleteUrl, err := tpgresource.ReplaceVars(d, config, deleteTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err) + return nil + } + deleteUrl = deleteUrl + name + deleteUrl = strings.Replace(deleteUrl, "folders/folders/", "folders/", 1) + + // Don't wait on operations as we may have a lot to delete + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "DELETE", + Project: config.Project, + RawURL: deleteUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error deleting for url %s : %s", deleteUrl, err) + } else { + log.Printf("[INFO][SWEEPER_LOG] Sent delete request for %s resource: %s", resourceName, name) + } + } + + if nonPrefixCount > 0 { + log.Printf("[INFO][SWEEPER_LOG] %d items were non-sweepable and skipped.", nonPrefixCount) + } + + return nil +} diff --git a/website/docs/r/kms_autokey_config.html.markdown b/website/docs/r/kms_autokey_config.html.markdown index 5de4ee21c32..de7f883773a 100644 --- a/website/docs/r/kms_autokey_config.html.markdown +++ b/website/docs/r/kms_autokey_config.html.markdown @@ -107,10 +107,17 @@ resource "time_sleep" "wait_srv_acc_permissions" { resource "google_kms_autokey_config" "example-autokeyconfig" { provider = google-beta - folder = google_folder.autokms_folder.folder_id + folder = google_folder.autokms_folder.id key_project = "projects/${google_project.key_project.project_id}" depends_on = [time_sleep.wait_srv_acc_permissions] } + +# Wait delay after setting AutokeyConfig, to prevent diffs on reapply, +# because setting the config takes a little to fully propagate. +resource "time_sleep" "wait_autokey_propagation" { + create_duration = "30s" + depends_on = [google_kms_autokey_config.example-autokeyconfig] +} ``` ## Argument Reference