diff --git a/.changelog/8859.txt b/.changelog/8859.txt new file mode 100644 index 00000000000..93b8ad33bf6 --- /dev/null +++ b/.changelog/8859.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +secretmanager: removed `automatic` field in `google_secret_manager_secret` resource +``` diff --git a/google/services/secretmanager/resource_secret_manager_secret.go b/google/services/secretmanager/resource_secret_manager_secret.go index 465b3b044ab..7029de1c794 100644 --- a/google/services/secretmanager/resource_secret_manager_secret.go +++ b/google/services/secretmanager/resource_secret_manager_secret.go @@ -89,15 +89,7 @@ encryption is used.`, }, }, }, - ExactlyOneOf: []string{"replication.0.automatic", "replication.0.user_managed", "replication.0.auto"}, - }, - "automatic": { - Type: schema.TypeBool, - Optional: true, - Deprecated: "`automatic` is deprecated and will be removed in a future major release. Use `auto` instead.", - ForceNew: true, - Description: `The Secret will automatically be replicated without any restrictions.`, - ExactlyOneOf: []string{"replication.0.automatic", "replication.0.user_managed", "replication.0.auto"}, + ExactlyOneOf: []string{"replication.0.user_managed", "replication.0.auto"}, }, "user_managed": { Type: schema.TypeList, @@ -141,7 +133,7 @@ encryption is used.`, }, }, }, - ExactlyOneOf: []string{"replication.0.automatic", "replication.0.user_managed", "replication.0.auto"}, + ExactlyOneOf: []string{"replication.0.user_managed", "replication.0.auto"}, }, }, }, @@ -680,22 +672,12 @@ func flattenSecretManagerSecretReplication(v interface{}, d *schema.ResourceData return nil } transformed := make(map[string]interface{}) - _, ok := d.GetOk("replication.0.automatic") - if ok { - transformed["automatic"] = - flattenSecretManagerSecretReplicationAutomatic(original["automatic"], d, config) - } else { - transformed["auto"] = - flattenSecretManagerSecretReplicationAuto(original["automatic"], d, config) - } + transformed["auto"] = + flattenSecretManagerSecretReplicationAuto(original["automatic"], d, config) transformed["user_managed"] = flattenSecretManagerSecretReplicationUserManaged(original["userManaged"], d, config) return []interface{}{transformed} } -func flattenSecretManagerSecretReplicationAutomatic(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { - return v != nil -} - func flattenSecretManagerSecretReplicationAuto(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { if v == nil { return nil @@ -867,22 +849,11 @@ func expandSecretManagerSecretReplication(v interface{}, d tpgresource.Terraform original := raw.(map[string]interface{}) transformed := make(map[string]interface{}) - if _, ok := d.GetOk("replication.0.automatic"); ok { - transformedAutomatic, err := expandSecretManagerSecretReplicationAutomatic(original["automatic"], d, config) - if err != nil { - return nil, err - } else if val := reflect.ValueOf(transformedAutomatic); val.IsValid() && !tpgresource.IsEmptyValue(val) { - transformed["automatic"] = transformedAutomatic - } - } - - if _, ok := d.GetOk("replication.0.auto"); ok { - transformedAuto, err := expandSecretManagerSecretReplicationAuto(original["auto"], d, config) - if err != nil { - return nil, err - } else { - transformed["automatic"] = transformedAuto - } + transformedAuto, err := expandSecretManagerSecretReplicationAuto(original["auto"], d, config) + if err != nil { + return nil, err + } else { + transformed["automatic"] = transformedAuto } transformedUserManaged, err := expandSecretManagerSecretReplicationUserManaged(original["user_managed"], d, config) @@ -895,14 +866,6 @@ func expandSecretManagerSecretReplication(v interface{}, d tpgresource.Terraform return transformed, nil } -func expandSecretManagerSecretReplicationAutomatic(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { - if v == nil || !v.(bool) { - return nil, nil - } - - return struct{}{}, nil -} - func expandSecretManagerSecretReplicationAuto(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 { diff --git a/google/services/secretmanager/resource_secret_manager_secret_test.go b/google/services/secretmanager/resource_secret_manager_secret_test.go index ec27f0f1184..fdc3e7a0387 100644 --- a/google/services/secretmanager/resource_secret_manager_secret_test.go +++ b/google/services/secretmanager/resource_secret_manager_secret_test.go @@ -235,15 +235,6 @@ func TestAccSecretManagerSecret_automaticCmekUpdate(t *testing.T) { ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), CheckDestroy: testAccCheckSecretManagerSecretDestroyProducer(t), Steps: []resource.TestStep{ - { - Config: testAccSecretMangerSecret_automaticBasic(context), - }, - { - ResourceName: "google_secret_manager_secret.secret-basic", - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ttl", "replication.0.automatic", "replication.0.auto"}, - }, { Config: testAccSecretMangerSecret_automaticCmekBasic(context), }, @@ -699,38 +690,6 @@ resource "google_secret_manager_secret" "secret-basic" { `, context) } -func testAccSecretMangerSecret_automaticBasic(context map[string]interface{}) string { - return acctest.Nprintf(` -data "google_project" "project" { - project_id = "%{pid}" -} -resource "google_kms_crypto_key_iam_member" "kms-secret-binding-1" { - crypto_key_id = "%{kms_key_name_1}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" -} -resource "google_kms_crypto_key_iam_member" "kms-secret-binding-2" { - crypto_key_id = "%{kms_key_name_2}" - role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" - member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" -} -resource "google_secret_manager_secret" "secret-basic" { - secret_id = "tf-test-secret-%{random_suffix}" - - labels = { - label = "my-label" - } - replication { - automatic = true - } - depends_on = [ - google_kms_crypto_key_iam_member.kms-secret-binding-1, - google_kms_crypto_key_iam_member.kms-secret-binding-2, - ] -} -`, context) -} - func testAccSecretMangerSecret_automaticCmekBasic(context map[string]interface{}) string { return acctest.Nprintf(` data "google_project" "project" { diff --git a/website/docs/r/secret_manager_secret.html.markdown b/website/docs/r/secret_manager_secret.html.markdown index 190b6358900..871e7ddf99a 100644 --- a/website/docs/r/secret_manager_secret.html.markdown +++ b/website/docs/r/secret_manager_secret.html.markdown @@ -133,12 +133,6 @@ The following arguments are supported: The `replication` block supports: -* `automatic` - - (Optional, Deprecated) - The Secret will automatically be replicated without any restrictions. - - ~> **Warning:** `automatic` is deprecated and will be removed in a future major release. Use `auto` instead. - * `auto` - (Optional) The Secret will automatically be replicated without any restrictions.