From 216fffd274b08af2e3f718d3d8aeb8cb6410b420 Mon Sep 17 00:00:00 2001 From: Joakim Tangnes <10198932+Zarux@users.noreply.github.com> Date: Mon, 4 Mar 2024 23:49:48 +0100 Subject: [PATCH] fix(kms): certificate chain type to array of strings (#9582) --- mmv1/products/kms/CryptoKeyVersion.yaml | 9 ++- .../kms/resource_kms_crypto_key_test.go | 67 +++++++++++++++++++ 2 files changed, 73 insertions(+), 3 deletions(-) diff --git a/mmv1/products/kms/CryptoKeyVersion.yaml b/mmv1/products/kms/CryptoKeyVersion.yaml index b193fee87c02..4fc87f93a051 100644 --- a/mmv1/products/kms/CryptoKeyVersion.yaml +++ b/mmv1/products/kms/CryptoKeyVersion.yaml @@ -104,15 +104,18 @@ properties: description: | The certificate chains needed to validate the attestation properties: - - !ruby/object:Api::Type::String + - !ruby/object:Api::Type::Array + item_type: Api::Type::String name: 'caviumCerts' description: | Cavium certificate chain corresponding to the attestation. - - !ruby/object:Api::Type::String + - !ruby/object:Api::Type::Array + item_type: Api::Type::String name: 'googleCardCerts' description: | Google card certificate chain corresponding to the attestation. - - !ruby/object:Api::Type::String + - !ruby/object:Api::Type::Array + item_type: Api::Type::String name: 'googlePartitionCerts' description: | Google partition certificate chain corresponding to the attestation. diff --git a/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go b/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go index 328fc50734d7..29c650fa0ecb 100644 --- a/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go +++ b/mmv1/third_party/terraform/services/kms/resource_kms_crypto_key_test.go @@ -444,6 +444,35 @@ func TestAccKmsCryptoKeyVersion_basic(t *testing.T) { }) } +func TestAccKmsCryptoKeyVersionWithSymmetricHSM(t *testing.T) { + t.Parallel() + + projectId := fmt.Sprintf("tf-test-%d", acctest.RandInt(t)) + projectOrg := envvar.GetTestOrgFromEnv(t) + projectBillingAccount := envvar.GetTestBillingAccountFromEnv(t) + keyRingName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) + cryptoKeyName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testGoogleKmsCryptoKeyVersionWithSymmetricHSM(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName), + }, + { + ResourceName: "google_kms_crypto_key_version.crypto_key_version", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + { + Config: testGoogleKmsCryptoKeyVersion_removed(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName), + }, + }, + }) +} + func TestAccKmsCryptoKeyVersion_skipInitialVersion(t *testing.T) { t.Parallel() @@ -747,6 +776,44 @@ resource "google_kms_crypto_key_version" "crypto_key_version" { `, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName) } +func testGoogleKmsCryptoKeyVersionWithSymmetricHSM(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName string) string { + return fmt.Sprintf(` +resource "google_project" "acceptance" { + name = "%s" + project_id = "%s" + org_id = "%s" + billing_account = "%s" +} + +resource "google_project_service" "acceptance" { + project = google_project.acceptance.project_id + service = "cloudkms.googleapis.com" +} + +resource "google_kms_key_ring" "key_ring" { + project = google_project_service.acceptance.project + name = "%s" + location = "us-central1" +} + +resource "google_kms_crypto_key" "crypto_key" { + name = "%s" + key_ring = google_kms_key_ring.key_ring.id + labels = { + key = "value" + } + version_template { + algorithm = "GOOGLE_SYMMETRIC_ENCRYPTION" + protection_level = "HSM" + } +} + +resource "google_kms_crypto_key_version" "crypto_key_version" { + crypto_key = google_kms_crypto_key.crypto_key.id +} +`, projectId, projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName) +} + func testGoogleKmsCryptoKeyVersion_removed(projectId, projectOrg, projectBillingAccount, keyRingName, cryptoKeyName string) string { return fmt.Sprintf(` resource "google_project" "acceptance" {