Adding DataSource for KMS Autokey Keyhandle (#12553)

[upstream:0669054c194d06807b6f086a3019755c50f04df2] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Dec 17, 2024 · 44d1aa2 · 44d1aa2
1 parent 93d806f
commit 44d1aa2
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 10 deletions.
diff --git a/.changelog/12553.txt b/.changelog/12553.txt
@@ -0,0 +1,3 @@
+```release-note:new-datasource
+`google_kms_key_handle`
+```
diff --git a/google/acctest/bootstrap_test_utils.go b/google/acctest/bootstrap_test_utils.go
@@ -33,6 +33,7 @@ import (
 )
 
 var SharedKeyRing = "tftest-shared-keyring-1"
+
 var SharedCryptoKey = map[string]string{
 	"ENCRYPT_DECRYPT":    "tftest-shared-key-1",
 	"ASYMMETRIC_SIGN":    "tftest-shared-sign-key-1",
@@ -635,30 +636,33 @@ func BootstrapServicePerimeterProjects(t *testing.T, desiredProjects int) []*clo
 // Given the existing projects being used by our team, the prefix provided to
 // this function can be no longer than 18 characters.
 func BootstrapProject(t *testing.T, projectIDPrefix, billingAccount string, services []string) *cloudresourcemanager.Project {
-	config := BootstrapConfig(t)
-	if config == nil {
-		return nil
+	org := envvar.GetTestOrgFromEnv(t)
+	parent := &cloudresourcemanager.ResourceId{
+		Type: "organization",
+		Id:   org,
 	}
-
 	projectIDSuffix := strings.Replace(envvar.GetTestProjectFromEnv(), "ci-test-project-", "", 1)
 	projectID := projectIDPrefix + projectIDSuffix
 
+	return BootstrapProjectWithParent(t, projectID, billingAccount, parent, services)
+}
+
+func BootstrapProjectWithParent(t *testing.T, projectID string, billingAccount string, parent *cloudresourcemanager.ResourceId, services []string) *cloudresourcemanager.Project {
+	config := BootstrapConfig(t)
+	if config == nil {
+		return nil
+	}
 	crmClient := config.NewResourceManagerClient(config.UserAgent)
 
 	project, err := crmClient.Projects.Get(projectID).Do()
 	if err != nil {
 		if !transport_tpg.IsGoogleApiErrorWithCode(err, 403) {
 			t.Fatalf("Error getting bootstrapped project: %s", err)
 		}
-		org := envvar.GetTestOrgFromEnv(t)
-
 		op, err := crmClient.Projects.Create(&cloudresourcemanager.Project{
 			ProjectId: projectID,
 			Name:      "Bootstrapped Test Project",
-			Parent: &cloudresourcemanager.ResourceId{
-				Type: "organization",
-				Id:   org,
-			},
+			Parent:    parent,
 		}).Do()
 		if err != nil {
 			t.Fatalf("Error creating bootstrapped test project: %s", err)

diff --git a/google/services/kms/data_source_google_kms_key_handle.go b/google/services/kms/data_source_google_kms_key_handle.go
@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package kms
diff --git a/google/services/kms/data_source_google_kms_key_handle_test.go b/google/services/kms/data_source_google_kms_key_handle_test.go
@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package kms_test
diff --git a/google/services/kms/kms_utils.go b/google/services/kms/kms_utils.go
@@ -22,6 +22,16 @@ type KmsKeyRingId struct {
 	Name     string
 }
 
+type KmsKeyHandleId struct {
+	Project  string
+	Location string
+	Name     string
+}
+
+func (s *KmsKeyHandleId) KeyHandleId() string {
+	return fmt.Sprintf("projects/%s/locations/%s/keyHandles/%s", s.Project, s.Location, s.Name)
+}
+
 func (s *KmsKeyRingId) KeyRingId() string {
 	return fmt.Sprintf("projects/%s/locations/%s/keyRings/%s", s.Project, s.Location, s.Name)
 }

diff --git a/website/docs/d/kms_key_handle.html.markdown b/website/docs/d/kms_key_handle.html.markdown
@@ -0,0 +1,45 @@
+---
+subcategory: "Cloud Key Management Service"
+description: |-
+ Provides access to KMS key handle data with Google Cloud KMS.
+---
+
+# google_kms_key_handle
+
+Provides access to Google Cloud Platform KMS KeyHandle. For more information see
+[the official documentation](https://cloud.google.com/kms/docs/resource-hierarchy#key_handles)
+and
+[API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyHandles).
+
+A key handle is a Cloud KMS resource that helps you safely span the separation of duties to create new Cloud KMS keys for CMEK using Autokey.
+
+## Example Usage
+
+```hcl
+data "google_kms_key_handle" "my_key_handle" {
+  name     = "eed58b7b-20ad-4da8-ad85-ba78a0d5ab87"
+  location = "us-central1"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The KeyHandle's name.
+    A KeyHandle name must exist within the provided location and must be valid UUID.
+
+* `location` - (Required) The Google Cloud Platform location for the KeyHandle.
+    A full list of valid locations can be found by running `gcloud kms locations list`.
+
+- - -
+
+* `project` - (Optional) The project in which the resource belongs. If it
+    is not provided, the provider project is used.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are
+exported:
+
+* `id` - The identifier of the created KeyHandle. Its format is `projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}`.