Adds support for creating KMS CryptoKeys resources (hashicorp#692)

* Adds support for creating KMS CryptoKeys resources * Destroy extant CryptoKeyVersions on CryptoKey destroy * Inherit project, location etc from KeyRing in CryptoKey * Add function to calculate next rotation * Implement RotationPeriod parameter on CryptoKey * Import CryptoKey state * Uncommit my local acceptance test hacks * Docs for google_kms_crypto_key * Clear id at the end of CryptoKey deletion Also add more detail to warning message. * Fix parseCryptoKeyId error messages * Use correct naming in CryptoKeyIdParsing test * Check RotationPeriod is present in acceptance test * Rename variable in test function for consistency * Fix wrong resource name in cryptokey docs * Add KeyRing to CryptoKey doc example * Run test CryptoKey configs through terraform fmt * Don't set CryptoKey purpose in terraform state on import * Fix indentation in CryptoKey test * Parallelise CryptoKey tests * Set rotation_key on CryptoKey read * Move RotationPeriod validation to planning phase * Use import state passthrough for CryptoKey * Correct casing issues in test case names * Remove redundant CheckDestroy calls in CryptoKey tests * Add explanatory comment about extra test steps * More explicit error handling in CryptoKey tests * Explicit dependency on project services in test keyring configs * Clean up comments in cryptokey resource * Do not repeat in cryptokey id regexes
chrisst · Nov 14, 2017 · 08d2316 · 08d2316
1 parent d8c9829
commit 08d2316
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 0 deletions.
diff --git a/docs/r/google_kms_crypto_key.html.markdown b/docs/r/google_kms_crypto_key.html.markdown
@@ -0,0 +1,69 @@
+---
+layout: "google"
+page_title: "Google: google_kms_crypto_key"
+sidebar_current: "docs-google-kms-crypto-key"
+description: |-
+ Allows creation of a Google Cloud Platform KMS CryptoKey.
+---
+
+# google\_kms\_crypto\_key
+
+Allows creation of a Google Cloud Platform KMS CryptoKey. For more information see
+[the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#cryptokey)
+and
+[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
+
+A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
+Google Cloud KMS KeyRing.
+
+~> Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed CryptoKey will remove it
+from state and delete all CryptoKeyVersions, rendering the key unusable, but **will not delete the resource on the server**.
+
+## Example Usage
+
+```hcl
+resource "google_kms_key_ring" "my_key_ring" {
+  name     = "my-key-ring"
+  project  = "my-project"
+  location = "us-central1"
+}
+
+resource "google_kms_crypto_key" "my_crypto_key" {
+  name            = "my-crypto-key"
+  key_ring        = "${google_kms_key_ring.my_key_ring.id}"
+  rotation_period = "100000s"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The CryptoKey's name.
+    A CryptoKey’s name must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
+
+* `key_ring` - (Required) The id of the Google Cloud Platform KeyRing to which the key shall belong.
+
+- - -
+
+* `rotation_period` - (Optional) Every time this period passes, generate a new CryptoKeyVersion and set it as
+    the primary. The first rotation will take place after the specified period. The rotation period has the format
+    of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than
+    a day (ie, 83400).
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are
+exported:
+
+* `id` - The ID of the created CryptoKey. Its format is `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
+
+## Import
+
+CryptoKeys can be imported using the CryptoKey autogenerated `id`, e.g.
+
+```
+$ terraform import google_kms_crypto_key.my_crypto_key my-gcp-project/us-central1/my-key-ring/my-crypto-key
+
+$ terraform import google_kms_crypto_key.my_crypto_key us-central1/my-key-ring/my-crypto-key
+```
diff --git a/google.erb b/google.erb
@@ -80,6 +80,9 @@
       <li<%= sidebar_current("docs-google-kms-key-ring") %>>
         <a href="/docs/providers/google/r/google_kms_key_ring.html">google_kms_key_ring</a>
       </li>
+      <li<%= sidebar_current("docs-google-kms-crypto-key") %>>
+        <a href="/docs/providers/google/r/google_kms_crypto_key.html">google_kms_crypto_key</a>
+      </li>
       <li<%= sidebar_current("docs-google-organization-policy") %>>
         <a href="/docs/providers/google/r/google_organization_policy.html">google_organization_policy</a>
       </li>