hashicorp
diff --git a/‎.changelog/15257.txt‎
Lines changed: 3 additions & 0 deletions b/‎.changelog/15257.txt‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎google-beta/provider/provider_mmv1_resources.go‎
Lines changed: 3 additions & 2 deletions b/‎google-beta/provider/provider_mmv1_resources.go‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎google-beta/services/kms/resource_kms_project_kaj_policy_config.go‎
Lines changed: 337 additions & 0 deletions b/‎google-beta/services/kms/resource_kms_project_kaj_policy_config.go‎
Lines changed: 337 additions & 0 deletions
diff --git a/‎google-beta/services/kms/resource_kms_project_kaj_policy_config_generated_meta.yaml‎
Lines changed: 10 additions & 0 deletions b/‎google-beta/services/kms/resource_kms_project_kaj_policy_config_generated_meta.yaml‎
Lines changed: 10 additions & 0 deletions
@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_kms_project_kaj_policy_config`
+```
@@ -616,9 +616,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 714
+// Generated resources: 715
 // Generated IAM resources: 348
-// Total generated resources: 1062
+// Total generated resources: 1063
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -1351,6 +1351,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_kms_key_ring":                                                        kms.ResourceKMSKeyRing(),
 	"google_kms_key_ring_import_job":                                             kms.ResourceKMSKeyRingImportJob(),
 	"google_kms_organization_kaj_policy_config":                                  kms.ResourceKMSOrganizationKajPolicyConfig(),
+	"google_kms_project_kaj_policy_config":                                       kms.ResourceKMSProjectKajPolicyConfig(),
 	"google_kms_secret_ciphertext":                                               kms.ResourceKMSSecretCiphertext(),
 	"google_logging_folder_settings":                                             logging.ResourceLoggingFolderSettings(),
 	"google_logging_linked_dataset":                                              logging.ResourceLoggingLinkedDataset(),
 
@@ -0,0 +1,337 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This code is generated by Magic Modules using the following:
+//
+//     Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/kms/ProjectKajPolicyConfig.yaml
+//     Template:      https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.go.tmpl
+//
+//     DO NOT EDIT this file directly. Any changes made to this file will be
+//     overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+
+package kms
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"reflect"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/verify"
+)
+
+func ResourceKMSProjectKajPolicyConfig() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceKMSProjectKajPolicyConfigCreate,
+		Read:   resourceKMSProjectKajPolicyConfigRead,
+		Update: resourceKMSProjectKajPolicyConfigUpdate,
+		Delete: resourceKMSProjectKajPolicyConfigDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: resourceKMSProjectKajPolicyConfigImport,
+		},
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Update: schema.DefaultTimeout(20 * time.Minute),
+			Delete: schema.DefaultTimeout(20 * time.Minute),
+		},
+
+		CustomizeDiff: customdiff.All(
+			tpgresource.DefaultProviderProject,
+		),
+
+		Schema: map[string]*schema.Schema{
+			"default_key_access_justification_policy": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Description: `The default key access justification policy used when a CryptoKey is
+created in this project. This is only used when a Key Access Justifications
+policy is not provided in the CreateCryptoKeyRequest.`,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"allowed_access_reasons": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Description: `A KeyAccessJustificationsPolicy specifies zero or more allowed
+AccessReason values for encrypt, decrypt, and sign operations on a
+CryptoKey. Possible values: ["CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_INITIATED_REVIEW", "CUSTOMER_INITIATED_ACCESS", "GOOGLE_INITIATED_SYSTEM_OPERATION", "REASON_NOT_EXPECTED", "MODIFIED_CUSTOMER_INITIATED_ACCESS", "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"]`,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: verify.ValidateEnum([]string{"CUSTOMER_INITIATED_SUPPORT", "GOOGLE_INITIATED_SERVICE", "THIRD_PARTY_DATA_REQUEST", "GOOGLE_INITIATED_REVIEW", "CUSTOMER_INITIATED_ACCESS", "GOOGLE_INITIATED_SYSTEM_OPERATION", "REASON_NOT_EXPECTED", "MODIFIED_CUSTOMER_INITIATED_ACCESS", "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION", "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT", "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING"}),
+							},
+						},
+					},
+				},
+			},
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+		UseJSONNumber: true,
+	}
+}
+
+func resourceKMSProjectKajPolicyConfigCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	defaultKeyAccessJustificationPolicyProp, err := expandKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicy(d.Get("default_key_access_justification_policy"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("default_key_access_justification_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(defaultKeyAccessJustificationPolicyProp)) && (ok || !reflect.DeepEqual(v, defaultKeyAccessJustificationPolicyProp)) {
+		obj["defaultKeyAccessJustificationPolicy"] = defaultKeyAccessJustificationPolicyProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{KMSBasePath}}projects/{{project}}/kajPolicyConfig?updateMask=defaultKeyAccessJustificationPolicy")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating new ProjectKajPolicyConfig: %#v", obj)
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for ProjectKajPolicyConfig: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	headers := make(http.Header)
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "PATCH",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+		Headers:   headers,
+	})
+	if err != nil {
+		return fmt.Errorf("Error creating ProjectKajPolicyConfig: %s", err)
+	}
+
+	// Store the ID now
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/kajPolicyConfig")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	// This is useful if the resource in question doesn't have a perfectly consistent API
+	// That is, the Operation for Create might return before the Get operation shows the
+	// completed state of the resource.
+	time.Sleep(1 * time.Minute)
+
+	log.Printf("[DEBUG] Finished creating ProjectKajPolicyConfig %q: %#v", d.Id(), res)
+
+	return resourceKMSProjectKajPolicyConfigRead(d, meta)
+}
+
+func resourceKMSProjectKajPolicyConfigRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{KMSBasePath}}projects/{{project}}/kajPolicyConfig")
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for ProjectKajPolicyConfig: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	headers := make(http.Header)
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Headers:   headers,
+	})
+	if err != nil {
+		return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("KMSProjectKajPolicyConfig %q", d.Id()))
+	}
+
+	if err := d.Set("project", project); err != nil {
+		return fmt.Errorf("Error reading ProjectKajPolicyConfig: %s", err)
+	}
+
+	if err := d.Set("default_key_access_justification_policy", flattenKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicy(res["defaultKeyAccessJustificationPolicy"], d, config)); err != nil {
+		return fmt.Errorf("Error reading ProjectKajPolicyConfig: %s", err)
+	}
+
+	return nil
+}
+
+func resourceKMSProjectKajPolicyConfigUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for ProjectKajPolicyConfig: %s", err)
+	}
+	billingProject = project
+
+	obj := make(map[string]interface{})
+	defaultKeyAccessJustificationPolicyProp, err := expandKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicy(d.Get("default_key_access_justification_policy"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("default_key_access_justification_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, defaultKeyAccessJustificationPolicyProp)) {
+		obj["defaultKeyAccessJustificationPolicy"] = defaultKeyAccessJustificationPolicyProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{KMSBasePath}}projects/{{project}}/kajPolicyConfig?updateMask=defaultKeyAccessJustificationPolicy")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Updating ProjectKajPolicyConfig %q: %#v", d.Id(), obj)
+	headers := make(http.Header)
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "PATCH",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutUpdate),
+		Headers:   headers,
+	})
+
+	if err != nil {
+		return fmt.Errorf("Error updating ProjectKajPolicyConfig %q: %s", d.Id(), err)
+	} else {
+		log.Printf("[DEBUG] Finished updating ProjectKajPolicyConfig %q: %#v", d.Id(), res)
+	}
+
+	// This is useful if the resource in question doesn't have a perfectly consistent API
+	// That is, the Operation for Create might return before the Get operation shows the
+	// completed state of the resource.
+	time.Sleep(1 * time.Minute)
+	return resourceKMSProjectKajPolicyConfigRead(d, meta)
+}
+
+func resourceKMSProjectKajPolicyConfigDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARNING] KMS ProjectKajPolicyConfig resources"+
+		" cannot be deleted from Google Cloud. The resource %s will be removed from Terraform"+
+		" state, but will still be present on Google Cloud.", d.Id())
+	d.SetId("")
+
+	return nil
+}
+
+func resourceKMSProjectKajPolicyConfigImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*transport_tpg.Config)
+	if err := tpgresource.ParseImportId([]string{
+		"^projects/(?P<project>[^/]+)/kajPolicyConfig$",
+		"^(?P<project>[^/]+)$",
+	}, d, config); err != nil {
+		return nil, err
+	}
+
+	// Replace import id for the resource id
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/kajPolicyConfig")
+	if err != nil {
+		return nil, fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	return []*schema.ResourceData{d}, nil
+}
+
+func flattenKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicy(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["allowed_access_reasons"] =
+		flattenKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicyAllowedAccessReasons(original["allowedAccessReasons"], d, config)
+	return []interface{}{transformed}
+}
+func flattenKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicyAllowedAccessReasons(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func expandKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicy(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	if v == nil {
+		return nil, nil
+	}
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedAllowedAccessReasons, err := expandKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicyAllowedAccessReasons(original["allowed_access_reasons"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedAllowedAccessReasons); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["allowedAccessReasons"] = transformedAllowedAccessReasons
+	}
+
+	return transformed, nil
+}
+
+func expandKMSProjectKajPolicyConfigDefaultKeyAccessJustificationPolicyAllowedAccessReasons(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
@@ -0,0 +1,10 @@
+resource: 'google_kms_project_kaj_policy_config'
+generation_type: 'mmv1'
+source_file: 'products/kms/ProjectKajPolicyConfig.yaml'
+api_service_name: 'cloudkms.googleapis.com'
+api_version: 'v1'
+api_resource_type_kind: 'KeyAccessJustificationsPolicyConfig'
+api_variant_patterns:
+  - 'projects/{{project}}/kajPolicyConfig'
+fields:
+  - field: 'default_key_access_justification_policy.allowed_access_reasons'
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:new-resource
	`2`	+`google_kms_project_kaj_policy_config`
	`3`	+```