Fix failing CMEK tests for Managed Kafka Cluster creation (#15386)

Co-authored-by: Stephen Lewis (Burrows) <[email protected]>

Author: jessdejong

mmv1/products/managedkafka/Cluster.yaml

@@ -56,6 +56,11 @@ examples:
       cluster_id: 'my-cluster'
       key_name: 'example-key'
       key_ring_name: 'example-key-ring'
+    bootstrap_iam:
+      - member: "serviceAccount:service-{project_number}@gcp-sa-managedkafka.iam.gserviceaccount.com"
+        role: "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+    test_vars_overrides:
+      key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name'
     external_providers: ["time"]
 parameters:
   - name: 'location'

mmv1/templates/terraform/examples/managedkafka_cluster_cmek.tf.tmpl

@@ -11,7 +11,7 @@ resource "google_managed_kafka_cluster" "{{$.PrimaryResourceId}}" {
         subnet = "projects/${data.google_project.project.number}/regions/us-central1/subnetworks/default"
       }
     }
-    kms_key = google_kms_crypto_key.key.id
+    kms_key = "{{index $.Vars "key_name"}}"
   }
 
   provider = google-beta
@@ -24,31 +24,6 @@ resource "google_project_service_identity" "kafka_service_identity" {
   provider = google-beta
 }
 
-resource "google_kms_crypto_key" "key" {
-  name     = "{{index $.Vars "key_name"}}"
-  key_ring = google_kms_key_ring.key_ring.id
-
-  provider = google-beta
-}
-
-resource "google_kms_key_ring" "key_ring" {
-  name     = "{{index $.Vars "key_ring_name"}}"
-  location = "us-central1"
-
-  provider = google-beta
-}
-
-resource "google_kms_crypto_key_iam_binding" "crypto_key_binding" {
-  crypto_key_id = google_kms_crypto_key.key.id
-  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
-
-  members = [
-    "serviceAccount:service-${data.google_project.project.number}@gcp-sa-managedkafka.iam.gserviceaccount.com",
-  ]
-
-  provider = google-beta
-}
-
 data "google_project" "project" {
   provider = google-beta
 }