add primary key version (#9651) (#6782)

modular-magician · web-flow · commit dae9c809133a · 2023-12-19T17:03:02.000-08:00
* add primary key version

* Update mmv1/products/kms/CryptoKey.yaml



* address PR comments

* add resource attribute check

* fix test

* indexed value

* fmt

* 8th time's the charm

---------


[upstream:79fbafca8d218b26313bd2bb4e353483a3bc5fe4]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/9651.txt b/.changelog/9651.txt
@@ -0,0 +1,4 @@
+```release-note:enhancement
+Add output-only `primary` version attribute to `google_kms_crypto_key` resource
+
+```
diff --git a/google-beta/services/kms/resource_kms_crypto_key.go b/google-beta/services/kms/resource_kms_crypto_key.go
@@ -160,6 +160,26 @@ See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v
 				Description: `All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.`,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
+			"primary": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Description: `A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
+Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The resource name for this CryptoKeyVersion.`,
+						},
+						"state": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The current state of the CryptoKeyVersion.`,
+						},
+					},
+				},
+			},
 			"terraform_labels": {
 				Type:     schema.TypeMap,
 				Computed: true,
@@ -313,6 +333,9 @@ func resourceKMSCryptoKeyRead(d *schema.ResourceData, meta interface{}) error {
 	if err := d.Set("labels", flattenKMSCryptoKeyLabels(res["labels"], d, config)); err != nil {
 		return fmt.Errorf("Error reading CryptoKey: %s", err)
 	}
+	if err := d.Set("primary", flattenKMSCryptoKeyPrimary(res["primary"], d, config)); err != nil {
+		return fmt.Errorf("Error reading CryptoKey: %s", err)
+	}
 	if err := d.Set("purpose", flattenKMSCryptoKeyPurpose(res["purpose"], d, config)); err != nil {
 		return fmt.Errorf("Error reading CryptoKey: %s", err)
 	}
@@ -508,6 +531,29 @@ func flattenKMSCryptoKeyLabels(v interface{}, d *schema.ResourceData, config *tr
 	return transformed
 }
 
+func flattenKMSCryptoKeyPrimary(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["name"] =
+		flattenKMSCryptoKeyPrimaryName(original["name"], d, config)
+	transformed["state"] =
+		flattenKMSCryptoKeyPrimaryState(original["state"], d, config)
+	return []interface{}{transformed}
+}
+func flattenKMSCryptoKeyPrimaryName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenKMSCryptoKeyPrimaryState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenKMSCryptoKeyPurpose(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
diff --git a/google-beta/services/kms/resource_kms_crypto_key_test.go b/google-beta/services/kms/resource_kms_crypto_key_test.go
@@ -152,6 +152,9 @@ func TestAccKmsCryptoKey_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: testGoogleKmsCryptoKey_basic(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("google_kms_crypto_key.crypto_key", "primary.0.name"),
+				),
 			},
 			{
 				ResourceName:            "google_kms_crypto_key.crypto_key",
diff --git a/website/docs/r/kms_crypto_key.html.markdown b/website/docs/r/kms_crypto_key.html.markdown
@@ -157,6 +157,11 @@ In addition to the arguments listed above, the following computed attributes are
 
 * `id` - an identifier for the resource with format `{{key_ring}}/cryptoKeys/{{name}}`
 
+* `primary` -
+  A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.
+  Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
+  Structure is [documented below](#nested_primary).
+
 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.
@@ -165,6 +170,16 @@ In addition to the arguments listed above, the following computed attributes are
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
 
 
+<a name="nested_primary"></a>The `primary` block contains:
+
+* `name` -
+  (Output)
+  The resource name for this CryptoKeyVersion.
+
+* `state` -
+  (Output)
+  The current state of the CryptoKeyVersion.
+
 ## Timeouts
 
 This resource provides the following

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +```release-note:enhancement
 +Add output-only `primary` version attribute to `google_kms_crypto_key` resource
++
 +```
Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,9 @@ func TestAccKmsCryptoKey_basic(t *testing.T) {`
`152`	`152`	`Steps: []resource.TestStep{`
`153`	`153`	`{`
`154`	`154`	`Config: testGoogleKmsCryptoKey_basic(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName),`
	`155`	`+ Check: resource.ComposeTestCheckFunc(`
	`156`	`+ resource.TestCheckResourceAttrSet("google_kms_crypto_key.crypto_key", "primary.0.name"),`
	`157`	`+ ),`
`155`	`158`	`},`
`156`	`159`	`{`
`157`	`160`	`ResourceName: "google_kms_crypto_key.crypto_key",`