fix TestAccDiscoveryEngineCmekConfig_* tests (#14694) (#10452)

[upstream:df4dd8819408c5e25e1106cdf40bf2c472906601]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

google-beta/services/discoveryengine/resource_discovery_engine_cmek_config_generated_test.go

@@ -62,6 +62,15 @@ resource "google_discovery_engine_cmek_config" "default" {
   location            = "us"
   cmek_config_id      = "tf-test-cmek-config-id%{random_suffix}"
   kms_key             = "%{kms_key_name}"
+  depends_on = [google_kms_crypto_key_iam_member.crypto_key]
+}
+
+data "google_project" "project" {}
+
+resource "google_kms_crypto_key_iam_member" "crypto_key" {
+  crypto_key_id = "%{kms_key_name}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
 }
 `, context)
 }

google-beta/services/discoveryengine/resource_discovery_engine_cmek_config_sweeper.go

@@ -57,12 +57,10 @@ func listAndActionDiscoveryEngineCmekConfig(action sweeper.ResourceAction) error
 	var configs []*tpgresource.ResourceDataMock
 	t := &testing.T{}
 	billingId := envvar.GetTestBillingAccountFromEnv(t)
-	// Default single config
-	intermediateValues := []map[string]string{
-		{
-			"region": "us-central1",
-		},
-	}
+	// Build URL substitution maps individually to ensure proper formatting
+	intermediateValues := make([]map[string]string, 1)
+	intermediateValues[0] = map[string]string{}
+	intermediateValues[0]["location"] = "us"
 
 	// Create configs from intermediate values
 	for _, values := range intermediateValues {

google-beta/services/discoveryengine/resource_discovery_engine_cmek_config_test.go

@@ -27,7 +27,7 @@ func TestAccDiscoveryEngineCmekConfig_discoveryengineCmekconfigDefaultExample_up
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"kms_key_name":                acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us", "tftest-shared-key-4").CryptoKey.Name,
+		"kms_key_name":                acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us", "tftest-shared-key-6").CryptoKey.Name,
 		"single_region_kms_key_name1": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-east1", "tftest-shared-key-us-east1").CryptoKey.Name,
 		"single_region_kms_key_name2": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tftest-shared-key-us-central1").CryptoKey.Name,
 		"single_region_kms_key_name3": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-west1", "tftest-shared-key-us-west1").CryptoKey.Name,
@@ -67,6 +67,15 @@ resource "google_discovery_engine_cmek_config" "default" {
   cmek_config_id      = "tf-test-cmek-config-id%{random_suffix}"
   kms_key             = "%{kms_key_name}"
   set_default         = false
+  depends_on = [google_kms_crypto_key_iam_member.crypto_key]
+}
+
+data "google_project" "project" {}
+
+resource "google_kms_crypto_key_iam_member" "crypto_key" {
+  crypto_key_id = "%{kms_key_name}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
 }
 `, context)
 }
@@ -87,7 +96,33 @@ resource "google_discovery_engine_cmek_config" "default" {
   single_region_keys { 
     kms_key = "%{single_region_kms_key_name3}"
   }
+  depends_on = [google_kms_crypto_key_iam_member.crypto_key]
+}
+
+data "google_project" "project" {}
+
+resource "google_kms_crypto_key_iam_member" "crypto_key" {
+  crypto_key_id = "%{kms_key_name}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-alloydb.iam.gserviceaccount.com"
+}
+
+resource "google_kms_crypto_key_iam_member" "single_region_crypto_key1" {
+  crypto_key_id = "%{single_region_kms_key_name1}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
+}
+
+resource "google_kms_crypto_key_iam_member" "single_region_crypto_key2" {
+  crypto_key_id = "%{single_region_kms_key_name2}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
+}
 
+resource "google_kms_crypto_key_iam_member" "single_region_crypto_key3" {
+  crypto_key_id = "%{single_region_kms_key_name3}"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
 }
 `, context)
 }

website/docs/r/discovery_engine_cmek_config.html.markdown

@@ -43,6 +43,15 @@ resource "google_discovery_engine_cmek_config" "default" {
   location            = "us"
   cmek_config_id      = "cmek-config-id"
   kms_key             = "kms-key-name"
+  depends_on = [google_kms_crypto_key_iam_member.crypto_key]
+}
+
+data "google_project" "project" {}
+
+resource "google_kms_crypto_key_iam_member" "crypto_key" {
+  crypto_key_id = "kms-key-name"
+  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-discoveryengine.iam.gserviceaccount.com"
 }
 ```