Support containeranalysis Note and Occurence for attestation (#3564) (#…

…6474) * add fields to note * add occurrence * doc comments Signed-off-by: Modular Magician <[email protected]>
hashicorp · May 27, 2020 · efd663c · efd663c
1 parent 87e8719
commit efd663c
Show file tree

Hide file tree

Showing 12 changed files with 1,705 additions and 70 deletions.
diff --git a/.changelog/3564.txt b/.changelog/3564.txt
@@ -0,0 +1,6 @@
+```release-note:enhancement
+container_analysis: Added top-level generic note fields to `google_container_analysis_note`
+```
+```release-note:new-resource
+`google_container_analysis_occurence`
+```
diff --git a/google/bootstrap_utils_test.go b/google/bootstrap_utils_test.go
@@ -51,10 +51,12 @@ func BootstrapKMSKeyWithPurpose(t *testing.T, purpose string) bootstrappedKMS {
 * a KMS key.
 **/
 func BootstrapKMSKeyWithPurposeInLocation(t *testing.T, purpose, locationID string) bootstrappedKMS {
-	if v := os.Getenv("TF_ACC"); v == "" {
-		t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
+	return BootstrapKMSKeyWithPurposeInLocationAndName(t, purpose, locationID, SharedCryptoKey[purpose])
+}
 
-		// If not running acceptance tests, return an empty object
+func BootstrapKMSKeyWithPurposeInLocationAndName(t *testing.T, purpose, locationID, keyShortName string) bootstrappedKMS {
+	config := BootstrapConfig(t)
+	if config == nil {
 		return bootstrappedKMS{
 			&cloudkms.KeyRing{},
 			&cloudkms.CryptoKey{},
@@ -65,20 +67,7 @@ func BootstrapKMSKeyWithPurposeInLocation(t *testing.T, purpose, locationID stri
 	keyRingParent := fmt.Sprintf("projects/%s/locations/%s", projectID, locationID)
 	keyRingName := fmt.Sprintf("%s/keyRings/%s", keyRingParent, SharedKeyRing)
 	keyParent := fmt.Sprintf("projects/%s/locations/%s/keyRings/%s", projectID, locationID, SharedKeyRing)
-	keyName := fmt.Sprintf("%s/cryptoKeys/%s", keyParent, SharedCryptoKey[purpose])
-
-	config := &Config{
-		Credentials: getTestCredsFromEnv(),
-		Project:     getTestProjectFromEnv(),
-		Region:      getTestRegionFromEnv(),
-		Zone:        getTestZoneFromEnv(),
-	}
-
-	ConfigureBasePaths(config)
-
-	if err := config.LoadAndValidate(context.Background()); err != nil {
-		t.Errorf("Unable to bootstrap KMS key: %s", err)
-	}
+	keyName := fmt.Sprintf("%s/cryptoKeys/%s", keyParent, keyShortName)
 
 	// Get or Create the hard coded shared keyring for testing
 	kmsClient := config.clientKms
@@ -118,7 +107,7 @@ func BootstrapKMSKeyWithPurposeInLocation(t *testing.T, purpose, locationID stri
 			}
 
 			cryptoKey, err = kmsClient.Projects.Locations.KeyRings.CryptoKeys.Create(keyParent, &newKey).
-				CryptoKeyId(SharedCryptoKey[purpose]).Do()
+				CryptoKeyId(keyShortName).Do()
 			if err != nil {
 				t.Errorf("Unable to bootstrap KMS key. Cannot create new CryptoKey: %s", err)
 			}
@@ -202,24 +191,11 @@ func impersonationServiceAccountPermissions(config *Config, sa *iam.ServiceAccou
 }
 
 func BootstrapServiceAccount(t *testing.T, project, testRunner string) string {
-	if v := os.Getenv("TF_ACC"); v == "" {
-		t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
+	config := BootstrapConfig(t)
+	if config == nil {
 		return ""
 	}
 
-	config := &Config{
-		Credentials: getTestCredsFromEnv(),
-		Project:     getTestProjectFromEnv(),
-		Region:      getTestRegionFromEnv(),
-		Zone:        getTestZoneFromEnv(),
-	}
-
-	ConfigureBasePaths(config)
-
-	if err := config.LoadAndValidate(context.Background()); err != nil {
-		t.Fatalf("Bootstrapping failed. Unable to load test config: %s", err)
-	}
-
 	sa, err := getOrCreateServiceAccount(config, project)
 	if err != nil {
 		t.Fatalf("Bootstrapping failed. Cannot retrieve service account, %s", err)
@@ -244,23 +220,12 @@ const SharedTestNetworkPrefix = "tf-bootstrap-net-"
 // testId specifies the test/suite for which a shared network is used/initialized.
 // Returns the name of an network, creating it if hasn't been created in the test projcet.
 func BootstrapSharedTestNetwork(t *testing.T, testId string) string {
-	if v := os.Getenv("TF_ACC"); v == "" {
-		t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
-		// If not running acceptance tests, return an empty string
-		return ""
-	}
-
 	project := getTestProjectFromEnv()
 	networkName := SharedTestNetworkPrefix + testId
-	config := &Config{
-		Credentials: getTestCredsFromEnv(),
-		Project:     project,
-		Region:      getTestRegionFromEnv(),
-		Zone:        getTestZoneFromEnv(),
-	}
-	ConfigureBasePaths(config)
-	if err := config.LoadAndValidate(context.Background()); err != nil {
-		t.Errorf("Unable to bootstrap network: %s", err)
+
+	config := BootstrapConfig(t)
+	if config == nil {
+		return ""
 	}
 
 	log.Printf("[DEBUG] Getting shared test network %q", networkName)
@@ -298,24 +263,12 @@ func BootstrapSharedTestNetwork(t *testing.T, testId string) string {
 var SharedServicePerimeterProjectPrefix = "tf-bootstrap-sp-"
 
 func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*cloudresourcemanager.Project {
-	if v := os.Getenv("TF_ACC"); v == "" {
-		t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
+	config := BootstrapConfig(t)
+	if config == nil {
 		return nil
 	}
 
 	org := getTestOrgFromEnv(t)
-	config := &Config{
-		Credentials: getTestCredsFromEnv(),
-		Project:     getTestProjectFromEnv(),
-		Region:      getTestRegionFromEnv(),
-		Zone:        getTestZoneFromEnv(),
-	}
-
-	ConfigureBasePaths(config)
-
-	if err := config.LoadAndValidate(context.Background()); err != nil {
-		t.Fatalf("Bootstrapping failed. Unable to load test config: %s", err)
-	}
 
 	// The filter endpoint works differently if you provide both the parent id and parent type, and
 	// doesn't seem to allow for prefix matching. Don't change this to include the parent type unless
@@ -361,3 +314,24 @@ func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*clo
 
 	return projects
 }
+
+func BootstrapConfig(t *testing.T) *Config {
+	if v := os.Getenv("TF_ACC"); v == "" {
+		t.Skip("Acceptance tests and bootstrapping skipped unless env 'TF_ACC' set")
+		return nil
+	}
+
+	config := &Config{
+		Credentials: getTestCredsFromEnv(),
+		Project:     getTestProjectFromEnv(),
+		Region:      getTestRegionFromEnv(),
+		Zone:        getTestZoneFromEnv(),
+	}
+
+	ConfigureBasePaths(config)
+
+	if err := config.LoadAndValidate(context.Background()); err != nil {
+		t.Fatalf("Bootstrapping failed. Unable to load test config: %s", err)
+	}
+	return config
+}
diff --git a/google/provider.go b/google/provider.go
@@ -563,9 +563,9 @@ func Provider() terraform.ResourceProvider {
 	return provider
 }
 
-// Generated resources: 132
+// Generated resources: 133
 // Generated IAM resources: 57
-// Total generated resources: 189
+// Total generated resources: 190
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -666,6 +666,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_compute_url_map":                                       resourceComputeUrlMap(),
 			"google_compute_vpn_tunnel":                                    resourceComputeVpnTunnel(),
 			"google_container_analysis_note":                               resourceContainerAnalysisNote(),
+			"google_container_analysis_occurrence":                         resourceContainerAnalysisOccurrence(),
 			"google_data_catalog_entry_group":                              resourceDataCatalogEntryGroup(),
 			"google_data_catalog_entry_group_iam_binding":                  ResourceIamBinding(DataCatalogEntryGroupIamSchema, DataCatalogEntryGroupIamUpdaterProducer, DataCatalogEntryGroupIdParseFunc),
 			"google_data_catalog_entry_group_iam_member":                   ResourceIamMember(DataCatalogEntryGroupIamSchema, DataCatalogEntryGroupIamUpdaterProducer, DataCatalogEntryGroupIdParseFunc),