Adding KMS CMEK support for Dialogflow (#14206) (#23335)

[upstream:9ffb46b73330db0327937df09e14272ddc032f40]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14206.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_dialogflow_encryption_spec`
+```

google/provider/provider_mmv1_resources.go

@@ -542,9 +542,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 620
+// Generated resources: 621
 // Generated IAM resources: 309
-// Total generated resources: 929
+// Total generated resources: 930
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -987,6 +987,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_developer_connect_connection":                                        developerconnect.ResourceDeveloperConnectConnection(),
 	"google_developer_connect_git_repository_link":                               developerconnect.ResourceDeveloperConnectGitRepositoryLink(),
 	"google_dialogflow_agent":                                                    dialogflow.ResourceDialogflowAgent(),
+	"google_dialogflow_encryption_spec":                                          dialogflow.ResourceDialogflowEncryptionSpec(),
 	"google_dialogflow_entity_type":                                              dialogflow.ResourceDialogflowEntityType(),
 	"google_dialogflow_fulfillment":                                              dialogflow.ResourceDialogflowFulfillment(),
 	"google_dialogflow_intent":                                                   dialogflow.ResourceDialogflowIntent(),

google/services/dialogflow/dialogflow_operation.go

@@ -0,0 +1,103 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+// ----------------------------------------------------------------------------
+//
+//	***     AUTO GENERATED CODE    ***    Type: Handwritten     ***
+//
+// ----------------------------------------------------------------------------
+//
+//	This code is generated by Magic Modules using the following:
+//
+//	Source file: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/third_party/terraform/services/dialogflow/dialogflow_operation.go
+//
+//	DO NOT EDIT this file directly. Any changes made to this file will be
+//	overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+package dialogflow
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"regexp"
+	"time"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+type DialogflowOperationWaiter struct {
+	Config    *transport_tpg.Config
+	UserAgent string
+	Project   string
+	tpgresource.CommonOperationWaiter
+}
+
+func (w *DialogflowOperationWaiter) QueryOp() (interface{}, error) {
+	if w == nil {
+		return nil, fmt.Errorf("Cannot query operation, it's unset or nil.")
+	}
+	// Returns the proper get.
+	location := ""
+	if parts := regexp.MustCompile(`locations\/([^\/]*)\/`).FindStringSubmatch(w.CommonOperationWaiter.Op.Name); parts != nil {
+		location = parts[1]
+	} else {
+		return nil, fmt.Errorf(
+			"Saw %s when the op name is expected to contains location %s",
+			w.CommonOperationWaiter.Op.Name,
+			"projects/{{project}}/locations/{{location}}/...",
+		)
+	}
+
+	url := fmt.Sprintf("https://%s-dialogflow.googleapis.com/v2/%s", location, w.CommonOperationWaiter.Op.Name)
+
+	return transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    w.Config,
+		Method:    "GET",
+		Project:   w.Project,
+		RawURL:    url,
+		UserAgent: w.UserAgent,
+	})
+}
+
+func createDialogflowWaiter(config *transport_tpg.Config, op map[string]interface{}, project, activity, userAgent string) (*DialogflowOperationWaiter, error) {
+	w := &DialogflowOperationWaiter{
+		Config:    config,
+		UserAgent: userAgent,
+		Project:   project,
+	}
+	if err := w.CommonOperationWaiter.SetOp(op); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+// nolint: deadcode,unused
+func DialogflowOperationWaitTimeWithResponse(config *transport_tpg.Config, op map[string]interface{}, response *map[string]interface{}, project, activity, userAgent string, timeout time.Duration) error {
+	w, err := createDialogflowWaiter(config, op, project, activity, userAgent)
+	if err != nil {
+		return err
+	}
+	if err := tpgresource.OperationWait(w, activity, timeout, config.PollInterval); err != nil {
+		return err
+	}
+	rawResponse := []byte(w.CommonOperationWaiter.Op.Response)
+	if len(rawResponse) == 0 {
+		return errors.New("`resource` not set in operation response")
+	}
+	return json.Unmarshal(rawResponse, response)
+}
+
+func DialogflowOperationWaitTime(config *transport_tpg.Config, op map[string]interface{}, project, activity, userAgent string, timeout time.Duration) error {
+	if val, ok := op["name"]; !ok || val == "" {
+		// This was a synchronous call - there is no operation to wait for.
+		return nil
+	}
+	w, err := createDialogflowWaiter(config, op, project, activity, userAgent)
+	if err != nil {
+		// If w is nil, the op was synchronous.
+		return err
+	}
+	return tpgresource.OperationWait(w, activity, timeout, config.PollInterval)
+}

google/services/dialogflow/resource_dialogflow_encryption_spec.go

@@ -0,0 +1,229 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This code is generated by Magic Modules using the following:
+//
+//     Configuration: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/products/dialogflow/EncryptionSpec.yaml
+//     Template:      https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/templates/terraform/resource.go.tmpl
+//
+//     DO NOT EDIT this file directly. Any changes made to this file will be
+//     overwritten during the next generation cycle.
+//
+// ----------------------------------------------------------------------------
+
+package dialogflow
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"reflect"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func ResourceDialogflowEncryptionSpec() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceDialogflowEncryptionSpecCreate,
+		Read:   resourceDialogflowEncryptionSpecRead,
+		Delete: resourceDialogflowEncryptionSpecDelete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Delete: schema.DefaultTimeout(20 * time.Minute),
+		},
+
+		CustomizeDiff: customdiff.All(
+			tpgresource.DefaultProviderProject,
+		),
+
+		Schema: map[string]*schema.Schema{
+			"encryption_spec": {
+				Type:        schema.TypeList,
+				Required:    true,
+				ForceNew:    true,
+				Description: `A nested object resource.`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"kms_key": {
+							Type:     schema.TypeString,
+							Required: true,
+							ForceNew: true,
+							Description: `The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
+If empty, the resource is secured by the default Google encryption key.
+Only the key in the same location as this resource is allowed to be used for encryption.
+Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}`,
+						},
+					},
+				},
+			},
+			"location": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: `The location in which the encryptionSpec is to be initialized.`,
+			},
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+		UseJSONNumber: true,
+	}
+}
+
+func resourceDialogflowEncryptionSpecCreate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	obj := make(map[string]interface{})
+	encryptionSpecProp, err := expandDialogflowEncryptionSpecEncryptionSpec(d.Get("encryption_spec"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("encryption_spec"); !tpgresource.IsEmptyValue(reflect.ValueOf(encryptionSpecProp)) && (ok || !reflect.DeepEqual(v, encryptionSpecProp)) {
+		obj["encryptionSpec"] = encryptionSpecProp
+	}
+	locationProp, err := expandDialogflowEncryptionSpecLocation(d.Get("location"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("location"); !tpgresource.IsEmptyValue(reflect.ValueOf(locationProp)) && (ok || !reflect.DeepEqual(v, locationProp)) {
+		obj["location"] = locationProp
+	}
+
+	url, err := tpgresource.ReplaceVars(d, config, "{{DialogflowBasePath}}projects/{{project}}/locations/{{location}}/encryptionSpec:initialize")
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[DEBUG] Creating new EncryptionSpec: %#v", obj)
+	billingProject := ""
+
+	project, err := tpgresource.GetProject(d, config)
+	if err != nil {
+		return fmt.Errorf("Error fetching project for EncryptionSpec: %s", err)
+	}
+	billingProject = project
+
+	// err == nil indicates that the billing_project value was found
+	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
+		billingProject = bp
+	}
+
+	headers := make(http.Header)
+	location := d.Get("location").(string)
+
+	// insert location into url for a different endpoint.
+	if strings.HasPrefix(url, "https://dialogflow.googleapis.com/v2/") {
+		url = strings.Replace(url, "https://dialogflow", fmt.Sprintf("https://%s-dialogflow", location), 1)
+	}
+	res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "POST",
+		Project:   billingProject,
+		RawURL:    url,
+		UserAgent: userAgent,
+		Body:      obj,
+		Timeout:   d.Timeout(schema.TimeoutCreate),
+		Headers:   headers,
+	})
+	if err != nil {
+		return fmt.Errorf("Error creating EncryptionSpec: %s", err)
+	}
+
+	// Store the ID now
+	id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/encryptionSpec/{{name}}")
+	if err != nil {
+		return fmt.Errorf("Error constructing id: %s", err)
+	}
+	d.SetId(id)
+
+	err = DialogflowOperationWaitTime(
+		config, res, project, "Creating EncryptionSpec", userAgent,
+		d.Timeout(schema.TimeoutCreate))
+
+	if err != nil {
+		// The resource didn't actually create
+		d.SetId("")
+		return fmt.Errorf("Error waiting to create EncryptionSpec: %s", err)
+	}
+
+	log.Printf("[DEBUG] Finished creating EncryptionSpec %q: %#v", d.Id(), res)
+
+	return resourceDialogflowEncryptionSpecRead(d, meta)
+}
+
+func resourceDialogflowEncryptionSpecRead(d *schema.ResourceData, meta interface{}) error {
+	// This resource could not be read from the API.
+	return nil
+}
+
+func resourceDialogflowEncryptionSpecDelete(d *schema.ResourceData, meta interface{}) error {
+	log.Printf("[WARNING] Dialogflow EncryptionSpec resources"+
+		" cannot be deleted from Google Cloud. The resource %s will be removed from Terraform"+
+		" state, but will still be present on Google Cloud.", d.Id())
+	d.SetId("")
+
+	return nil
+}
+
+func flattenDialogflowEncryptionSpecEncryptionSpec(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["kms_key"] =
+		flattenDialogflowEncryptionSpecEncryptionSpecKmsKey(original["kmsKey"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDialogflowEncryptionSpecEncryptionSpecKmsKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func expandDialogflowEncryptionSpecEncryptionSpec(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedKmsKey, err := expandDialogflowEncryptionSpecEncryptionSpecKmsKey(original["kms_key"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedKmsKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["kmsKey"] = transformedKmsKey
+	}
+
+	return transformed, nil
+}
+
+func expandDialogflowEncryptionSpecEncryptionSpecKmsKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandDialogflowEncryptionSpecLocation(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}

google/services/dialogflow/resource_dialogflow_encryption_spec_generated_meta.yaml

@@ -0,0 +1,9 @@
+resource: 'google_dialogflow_encryption_spec'
+generation_type: 'mmv1'
+source_file: 'products/dialogflow/EncryptionSpec.yaml'
+api_service_name: 'dialogflow.googleapis.com'
+api_version: 'v2'
+api_resource_type_kind: 'EncryptionSpec'
+fields:
+  - field: 'encryption_spec.kms_key'
+  - field: 'location'

google/services/dialogflow/resource_dialogflow_encryption_spec_generated_test.go

@@ -0,0 +1,18 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
+//
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
+//
+// ----------------------------------------------------------------------------
+
+package dialogflow_test