chore: Making kms module adc compliant

Author: anshukaira

Makefile

@@ -76,9 +76,10 @@ docker_test_lint:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
+		-e ENABLE_BPMETADATA=1 \
 		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
-		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
 
 # Alias for backwards compatibility
 .PHONY: generate_docs

metadata.display.yaml

@@ -0,0 +1,214 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-kms-display
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  info:
+    title: Google KMS Terraform Module
+    source:
+      repo: https://github.com/anshukaira/terraform-google-kms.git
+      sourceType: git
+  ui:
+    input:
+      variables:
+        crypto_key_backend:
+          name: crypto_key_backend
+          title: Crypto Key Backend
+          level: 1
+        decrypters:
+          name: decrypters
+          title: Decrypters
+          level: 1
+        encrypters:
+          name: encrypters
+          title: Encrypters
+          level: 1
+        import_only:
+          name: import_only
+          title: Import Only
+          level: 1
+        key_algorithm:
+          name: key_algorithm
+          title: Key Algorithm
+          level: 1
+          enumValueLabels:
+          - label: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
+            value: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED         
+          - label: GOOGLE_SYMMETRIC_ENCRYPTION
+            value: GOOGLE_SYMMETRIC_ENCRYPTION
+          - label: AES_128_GCM
+            value: AES_128_GCM          
+          - label: AES_256_GCM
+            value: AES_256_GCM
+          - label: AES_128_CBC
+            value: AES_128_CBC
+          - label: AES_256_CBC
+            value: AES_256_CBC
+          - label: AES_128_CTR
+            value: AES_128_CTR
+          - label: AES_256_CTR
+            value: AES_256_CTR
+          - label: RSA_SIGN_PSS_2048_SHA256
+            value: RSA_SIGN_PSS_2048_SHA256
+          - label: RSA_SIGN_PSS_3072_SHA256
+            value: RSA_SIGN_PSS_3072_SHA256
+          - label: RSA_SIGN_PSS_4096_SHA256
+            value: RSA_SIGN_PSS_4096_SHA256
+          - label: RSA_SIGN_PSS_4096_SHA512
+            value: RSA_SIGN_PSS_4096_SHA512
+          - label: RSA_SIGN_PKCS1_2048_SHA256
+            value: RSA_SIGN_PKCS1_2048_SHA256
+          - label: RSA_SIGN_PKCS1_3072_SHA256
+            value: RSA_SIGN_PKCS1_3072_SHA256
+          - label: RSA_SIGN_PKCS1_4096_SHA256
+            value: RSA_SIGN_PKCS1_4096_SHA256
+          - label: RSA_SIGN_PKCS1_4096_SHA512
+            value: RSA_SIGN_PKCS1_4096_SHA512
+          - label: RSA_SIGN_RAW_PKCS1_2048
+            value: RSA_SIGN_RAW_PKCS1_2048
+          - label: RSA_SIGN_RAW_PKCS1_3072
+            value: RSA_SIGN_RAW_PKCS1_3072
+          - label: RSA_SIGN_RAW_PKCS1_4096
+            value: RSA_SIGN_RAW_PKCS1_4096
+          - label: RSA_DECRYPT_OAEP_2048_SHA256
+            value: RSA_DECRYPT_OAEP_2048_SHA256
+          - label: RSA_DECRYPT_OAEP_3072_SHA256
+            value: RSA_DECRYPT_OAEP_3072_SHA256
+          - label: RSA_DECRYPT_OAEP_4096_SHA256
+            value: RSA_DECRYPT_OAEP_4096_SHA256
+          - label: RSA_DECRYPT_OAEP_4096_SHA512
+            value: RSA_DECRYPT_OAEP_4096_SHA512
+          - label: RSA_DECRYPT_OAEP_2048_SHA1
+            value: RSA_DECRYPT_OAEP_2048_SHA1
+          - label: RSA_DECRYPT_OAEP_3072_SHA1
+            value: RSA_DECRYPT_OAEP_3072_SHA1
+          - label: RSA_DECRYPT_OAEP_4096_SHA1
+            value: RSA_DECRYPT_OAEP_4096_SHA1
+          - label: EC_SIGN_P256_SHA256
+            value: EC_SIGN_P256_SHA256
+          - label: EC_SIGN_P384_SHA384
+            value: EC_SIGN_P384_SHA384
+          - label: EC_SIGN_SECP256K1_SHA256
+            value: EC_SIGN_SECP256K1_SHA256
+          - label: EC_SIGN_ED25519
+            value: EC_SIGN_ED25519
+          - label: HMAC_SHA256
+            value: HMAC_SHA256
+          - label: HMAC_SHA1
+            value: HMAC_SHA1
+          - label: HMAC_SHA384
+            value: HMAC_SHA384
+          - label: HMAC_SHA512
+            value: HMAC_SHA512
+          - label: HMAC_SHA224
+            value: HMAC_SHA224
+          - label: EXTERNAL_SYMMETRIC_ENCRYPTION
+            value: EXTERNAL_SYMMETRIC_ENCRYPTION
+          - label: ML_KEM_768
+            value: ML_KEM_768
+          - label: ML_KEM_1024
+            value: ML_KEM_1024
+          - label: KEM_XWING
+            value: KEM_XWING
+          - label: PQ_SIGN_ML_DSA_65
+            value: PQ_SIGN_ML_DSA_65
+          - label: PQ_SIGN_SLH_DSA_SHA2_128S
+            value: PQ_SIGN_SLH_DSA_SHA2_128S
+          - label: PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256
+            value: PQ_SIGN_HASH_SLH_DSA_SHA2_128S_SHA256
+        key_destroy_scheduled_duration:
+          name: key_destroy_scheduled_duration
+          title: Key Destroy Scheduled Duration
+          level: 1
+        key_protection_level:
+          name: key_protection_level
+          title: Key Protection Level
+          enumValueLabels: 
+            - label: SOFTWARE
+              value: SOFTWARE
+            - label: HSM
+              value: HSM
+            - label: EXTERNAL
+              value: EXTERNAL
+            - label: EXTERNAL_VPC
+              value: EXTERNAL_VPC
+          level: 1
+        key_rotation_period:
+          name: key_rotation_period
+          title: Key Rotation Period
+          level: 1
+        keyring:
+          name: keyring
+          title: Keyring
+        keys:
+          name: keys
+          title: Keys
+          regexValidation: ^[a-zA-Z0-9_-]{1,63}$
+          validation: Keyring name must be 1-63 characters and can only contain letters, numbers, underscores, and hyphens.
+        labels:
+          name: labels
+          title: Labels
+        location:
+          name: location
+          title: Location
+        owners:
+          name: owners
+          title: Owners
+          level: 1
+        prevent_destroy:
+          name: prevent_destroy
+          title: Prevent Destroy
+          level: 1
+        project_id:
+          name: project_id
+          title: Project Id
+        purpose:
+          name: purpose
+          title: Purpose
+          enumValueLabels: 
+            - label: CRYPTO_KEY_PURPOSE_UNSPECIFIED
+              value: CRYPTO_KEY_PURPOSE_UNSPECIFIED
+            - label: ENCRYPT_DECRYPT
+              value: ENCRYPT_DECRYPT
+            - label: ASYMMETRIC_SIGN
+              value: ASYMMETRIC_SIGN
+            - label: ASYMMETRIC_DECRYPT
+              value: ASYMMETRIC_DECRYPT
+            - label: RAW_ENCRYPT_DECRYPT
+              value: RAW_ENCRYPT_DECRYPT
+            - label: MAC
+              value: MAC
+            - label: KEY_ENCAPSULATION
+              value: KEY_ENCAPSULATION
+        set_decrypters_for:
+          name: set_decrypters_for
+          title: Set Decrypters For
+          level: 1
+        set_encrypters_for:
+          name: set_encrypters_for
+          title: Set Encrypters For
+          level: 1
+        set_owners_for:
+          name: set_owners_for
+          title: Set Owners For
+          level: 1
+        skip_initial_version_creation:
+          name: skip_initial_version_creation
+          title: Skip Initial Version Creation
+          level: 1

metadata.yaml

@@ -0,0 +1,151 @@
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-kms
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  info:
+    title: Google KMS Terraform Module
+    source:
+      repo: https://github.com/anshukaira/terraform-google-kms.git
+      sourceType: git
+    version: 4.1.0
+    actuationTool:
+      flavor: Terraform
+      version: ">= 1.3"
+    description: {}
+  content:
+    subBlueprints:
+      - name: autokey
+        location: modules/autokey
+    examples:
+      - name: autokey_setup
+        location: examples/autokey_setup
+      - name: bucket_setup_using_autokey
+        location: examples/bucket_setup_using_autokey
+      - name: import_only_example
+        location: examples/import_only_example
+      - name: monitoring_alerts
+        location: examples/monitoring_alerts
+      - name: simple_example
+        location: examples/simple_example
+  interfaces:
+    variables:
+      - name: project_id
+        description: Project id where the keyring will be created.
+        varType: string
+        required: true
+      - name: location
+        description: Location for the keyring.
+        varType: string
+        required: true
+      - name: keyring
+        description: Keyring name.
+        varType: string
+        required: true
+      - name: keys
+        description: Key names.
+        varType: list(string)
+        defaultValue: []
+      - name: prevent_destroy
+        description: Set the prevent_destroy lifecycle attribute on keys.
+        varType: bool
+        defaultValue: true
+      - name: key_destroy_scheduled_duration
+        description: Set the period of time that versions of keys spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.
+        varType: string
+      - name: purpose
+        description: The immutable purpose of the CryptoKey. Default value is ENCRYPT_DECRYPT. See purpose reference (https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs.
+        varType: string
+        defaultValue: ENCRYPT_DECRYPT
+      - name: set_owners_for
+        description: Name of keys for which owners will be set.
+        varType: list(string)
+        defaultValue: []
+      - name: owners
+        description: List of comma-separated owners for each key declared in set_owners_for.
+        varType: list(string)
+        defaultValue: []
+      - name: set_encrypters_for
+        description: Name of keys for which encrypters will be set.
+        varType: list(string)
+        defaultValue: []
+      - name: encrypters
+        description: List of comma-separated owners for each key declared in set_encrypters_for.
+        varType: list(string)
+        defaultValue: []
+      - name: set_decrypters_for
+        description: Name of keys for which decrypters will be set.
+        varType: list(string)
+        defaultValue: []
+      - name: decrypters
+        description: List of comma-separated owners for each key declared in set_decrypters_for.
+        varType: list(string)
+        defaultValue: []
+      - name: key_rotation_period
+        description: Generate a new key every time this period passes.
+        varType: string
+        defaultValue: 7776000s
+      - name: key_algorithm
+        description: The algorithm to use when creating a version based on this template. See the https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm for possible inputs.
+        varType: string
+        defaultValue: GOOGLE_SYMMETRIC_ENCRYPTION
+      - name: key_protection_level
+        description: "The protection level to use when creating a version based on this template. Default value: \"SOFTWARE\" Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\"]"
+        varType: string
+        defaultValue: SOFTWARE
+      - name: labels
+        description: Labels, provided as a map
+        varType: map(string)
+        defaultValue: {}
+      - name: import_only
+        description: Whether these keys may contain imported versions only.
+        varType: bool
+        defaultValue: false
+      - name: skip_initial_version_creation
+        description: If set to true, the request will create CryptoKeys without any CryptoKeyVersions.
+        varType: bool
+        defaultValue: false
+      - name: crypto_key_backend
+        description: (Optional) The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format 'projects//locations//ekmConnections/*' and only applies to 'EXTERNAL_VPC' keys.
+        varType: string
+    outputs:
+      - name: keyring
+        description: Self link of the keyring.
+        type: string
+      - name: keyring_name
+        description: Name of the keyring.
+        type: string
+      - name: keyring_resource
+        description: Keyring resource.
+        type:
+          - object
+          - id: string
+            location: string
+            name: string
+            project: string
+            timeouts:
+              - object
+              - create: string
+                delete: string
+      - name: keys
+        description: Map of key name => key self link.
+        type:
+          - map
+          - string
+  requirements:
+    roles:
+      - level: Project
+        roles:
+          - roles/cloudkms.admin
+          - roles/owner
+    services:
+      - cloudkms.googleapis.com
+      - serviceusage.googleapis.com
+      - cloudresourcemanager.googleapis.com
+      - monitoring.googleapis.com
+      - logging.googleapis.com
+    providerVersions:
+      - source: hashicorp/google
+        version: ">= 5.31.0, < 8"