added encryption_config field to google_backup_dr_backup_vault (#15583)

mizanali-04 · web-flow · commit 5425dbd16171 · 2025-11-18T22:14:06.000Z
diff --git a/mmv1/products/backupdr/BackupVault.yaml b/mmv1/products/backupdr/BackupVault.yaml
@@ -41,12 +41,24 @@ custom_code:
   pre_delete: 'templates/terraform/pre_delete/backup_dr_backup_vault.go.tmpl'
 include_in_tgc_next_DO_NOT_USE: true
 examples:
-  - name: 'backup_dr_backup_vault_full'
+  - name: 'backup_dr_backup_vault_simple'
     primary_resource_id: 'backup-vault-test'
     vars:
       backup_vault_id: 'backup-vault-test'
     test_env_vars:
       project: 'PROJECT_NAME'
+  - name: 'backup_dr_backup_vault_cmek'
+    primary_resource_id: 'backup-vault-cmek'
+    bootstrap_iam:
+      - member: "serviceAccount:service-{project_number}@gcp-sa-backupdr.iam.gserviceaccount.com"
+        role: "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+    vars:
+      backup_vault_id: 'backup-vault-cmek'
+      kms_key_name: 'bkpvault-key'
+    test_env_vars:
+      project: 'PROJECT_NAME'
+    test_vars_overrides:
+      kms_key_name: 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name'
 parameters:
   - name: 'location'
     type: String
@@ -192,3 +204,10 @@ properties:
       - 'BACKUP_RETENTION_INHERITANCE_UNSPECIFIED'
       - 'INHERIT_VAULT_RETENTION'
       - 'MATCH_BACKUP_EXPIRE_TIME'
+  - name: 'encryptionConfig'
+    type: NestedObject
+    description: 'Encryption configuration for the backup vault.'
+    properties:
+      - name: 'kmsKeyName'
+        type: String
+        description: 'The Resource name of the Cloud KMS key to be used to encrypt new backups. The key must be in the same location as the backup vault. The key must be a Cloud KMS CryptoKey.'
diff --git a/mmv1/templates/terraform/examples/backup_dr_backup_vault_cmek.tf.tmpl b/mmv1/templates/terraform/examples/backup_dr_backup_vault_cmek.tf.tmpl
@@ -0,0 +1,27 @@
+data "google_project" "test_project" {
+	project_id = "{{index $.TestEnvVars "project"}}"
+}
+
+resource "google_backup_dr_backup_vault" "{{$.PrimaryResourceId}}" {
+  location = "us-central1"
+  backup_vault_id    = "{{index $.Vars "backup_vault_id"}}"
+  description = "This is a second backup vault built by Terraform."
+  backup_minimum_enforced_retention_duration = "100000s"
+  annotations = {
+    annotations1 = "bar1"
+    annotations2 = "baz1"
+  }
+  labels = {
+    foo = "bar1"
+    bar = "baz1"
+  }
+  encryption_config {
+    kms_key_name = "{{index $.Vars "kms_key_name"}}"
+  }
+  force_update = "true"
+  access_restriction = "WITHIN_ORGANIZATION"
+  backup_retention_inheritance = "INHERIT_VAULT_RETENTION"
+  ignore_inactive_datasources = "true"
+  ignore_backup_plan_references = "true"
+  allow_missing = "true"
+}
diff --git a/mmv1/templates/terraform/examples/backup_dr_backup_vault_simple.tf.tmpl b/mmv1/templates/terraform/examples/backup_dr_backup_vault_simple.tf.tmpl
