Add kmskeyname to datastore (#14161) (#23469)

[upstream:898f47c4fd9efd9d69094dc105f9ec42835abda7]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14161.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+discoveryengine: added `kms_key_name` field to `google_discovery_engine_data_store` resource
+```

google/services/discoveryengine/resource_discovery_engine_data_store.go

@@ -268,6 +268,16 @@ config will be applied to all file types for Document parsing.`,
 					},
 				},
 			},
+			"kms_key_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Description: `KMS key resource name which will be used to encrypt resources:
+'/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}'
+The KMS key to be used to protect this DataStore at creation time. Must be
+set for requests that need to comply with CMEK Org Policy protections.
+If this field is set and processed successfully, the DataStore will be
+protected by the KMS key, as indicated in the cmek_config field.`,
+			},
 			"skip_default_schema_creation": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -357,6 +367,12 @@ func resourceDiscoveryEngineDataStoreCreate(d *schema.ResourceData, meta interfa
 	} else if v, ok := d.GetOkExists("advanced_site_search_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(advancedSiteSearchConfigProp)) && (ok || !reflect.DeepEqual(v, advancedSiteSearchConfigProp)) {
 		obj["advancedSiteSearchConfig"] = advancedSiteSearchConfigProp
 	}
+	kmsKeyNameProp, err := expandDiscoveryEngineDataStoreKmsKeyName(d.Get("kms_key_name"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("kms_key_name"); !tpgresource.IsEmptyValue(reflect.ValueOf(kmsKeyNameProp)) && (ok || !reflect.DeepEqual(v, kmsKeyNameProp)) {
+		obj["kmsKeyName"] = kmsKeyNameProp
+	}
 	documentProcessingConfigProp, err := expandDiscoveryEngineDataStoreDocumentProcessingConfig(d.Get("document_processing_config"), d, config)
 	if err != nil {
 		return err
@@ -515,6 +531,12 @@ func resourceDiscoveryEngineDataStoreUpdate(d *schema.ResourceData, meta interfa
 	} else if v, ok := d.GetOkExists("display_name"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, displayNameProp)) {
 		obj["displayName"] = displayNameProp
 	}
+	kmsKeyNameProp, err := expandDiscoveryEngineDataStoreKmsKeyName(d.Get("kms_key_name"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("kms_key_name"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, kmsKeyNameProp)) {
+		obj["kmsKeyName"] = kmsKeyNameProp
+	}
 
 	url, err := tpgresource.ReplaceVars(d, config, "{{DiscoveryEngineBasePath}}projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}")
 	if err != nil {
@@ -528,6 +550,10 @@ func resourceDiscoveryEngineDataStoreUpdate(d *schema.ResourceData, meta interfa
 	if d.HasChange("display_name") {
 		updateMask = append(updateMask, "displayName")
 	}
+
+	if d.HasChange("kms_key_name") {
+		updateMask = append(updateMask, "kmsKeyName")
+	}
 	// updateMask is a URL parameter but not present in the schema, so ReplaceVars
 	// won't set it
 	url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
@@ -910,6 +936,10 @@ func expandDiscoveryEngineDataStoreAdvancedSiteSearchConfigDisableAutomaticRefre
 	return v, nil
 }
 
+func expandDiscoveryEngineDataStoreKmsKeyName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDiscoveryEngineDataStoreDocumentProcessingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

google/services/discoveryengine/resource_discovery_engine_data_store_generated_meta.yaml

@@ -27,6 +27,7 @@ fields:
   - field: 'document_processing_config.parsing_config_overrides.parsing_config_overrides.layout_parsing_config'
   - field: 'document_processing_config.parsing_config_overrides.parsing_config_overrides.ocr_parsing_config.use_native_text'
   - field: 'industry_vertical'
+  - field: 'kms_key_name'
   - field: 'location'
     provider_only: true
   - field: 'name'

google/services/discoveryengine/resource_discovery_engine_data_store_generated_test.go

@@ -49,7 +49,7 @@ func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreBasicExample(t *tes
 				ResourceName:            "google_discovery_engine_data_store.basic",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "location", "skip_default_schema_creation"},
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
 			},
 		},
 	})
@@ -70,6 +70,48 @@ resource "google_discovery_engine_data_store" "basic" {
 `, context)
 }
 
+func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"kms_key_name":  acctest.BootstrapKMSKeyInLocation(t, "us").CryptoKey.Name,
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDiscoveryEngineDataStoreDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample(context),
+			},
+			{
+				ResourceName:            "google_discovery_engine_data_store.kms_key_name",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
+			},
+		},
+	})
+}
+
+func testAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_discovery_engine_data_store" "kms_key_name" {
+  location                     = "us"
+  data_store_id                = "tf-test-data-store-id%{random_suffix}"
+  display_name                 = "tf-test-structured-datastore"
+  industry_vertical            = "GENERIC"
+  content_config               = "NO_CONTENT"
+  solution_types               = ["SOLUTION_TYPE_SEARCH"]
+  kms_key_name                 = "%{kms_key_name}"
+  create_advanced_site_search  = false
+  skip_default_schema_creation = false
+}
+`, context)
+}
+
 func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreDocumentProcessingConfigExample(t *testing.T) {
 	t.Parallel()
 
@@ -89,7 +131,7 @@ func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreDocumentProcessingC
 				ResourceName:            "google_discovery_engine_data_store.document_processing_config",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "location", "skip_default_schema_creation"},
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
 			},
 		},
 	})
@@ -139,7 +181,7 @@ func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreDocumentProcessingC
 				ResourceName:            "google_discovery_engine_data_store.document_processing_config_ocr",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "location", "skip_default_schema_creation"},
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
 			},
 		},
 	})
@@ -185,7 +227,7 @@ func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreDocumentProcessingC
 				ResourceName:            "google_discovery_engine_data_store.document_processing_config_layout",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "location", "skip_default_schema_creation"},
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
 			},
 		},
 	})
@@ -235,7 +277,7 @@ func TestAccDiscoveryEngineDataStore_discoveryengineDatastoreAdvancedSiteSearchC
 				ResourceName:            "google_discovery_engine_data_store.advanced_site_search_config",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "location", "skip_default_schema_creation"},
+				ImportStateVerifyIgnore: []string{"create_advanced_site_search", "data_store_id", "kms_key_name", "location", "skip_default_schema_creation"},
 			},
 		},
 	})

website/docs/r/discovery_engine_data_store.html.markdown

@@ -53,6 +53,27 @@ resource "google_discovery_engine_data_store" "basic" {
   skip_default_schema_creation = false
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=discoveryengine_datastore_kms_key_name&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Discoveryengine Datastore Kms Key Name
+
+
+```hcl
+resource "google_discovery_engine_data_store" "kms_key_name" {
+  location                     = "us"
+  data_store_id                = "data-store-id"
+  display_name                 = "tf-test-structured-datastore"
+  industry_vertical            = "GENERIC"
+  content_config               = "NO_CONTENT"
+  solution_types               = ["SOLUTION_TYPE_SEARCH"]
+  kms_key_name                 = "kms-key"
+  create_advanced_site_search  = false
+  skip_default_schema_creation = false
+}
+```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=discoveryengine_datastore_document_processing_config&open_in_editor=main.tf" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
@@ -152,6 +173,15 @@ The following arguments are supported:
   Configuration data for advance site search.
   Structure is [documented below](#nested_advanced_site_search_config).
 
+* `kms_key_name` -
+  (Optional)
+  KMS key resource name which will be used to encrypt resources:
+  `/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`
+  The KMS key to be used to protect this DataStore at creation time. Must be
+  set for requests that need to comply with CMEK Org Policy protections.
+  If this field is set and processed successfully, the DataStore will be
+  protected by the KMS key, as indicated in the cmek_config field.
+
 * `document_processing_config` -
   (Optional)
   Configuration for Document understanding and enrichment.