-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathAutokeyConfig.yaml
87 lines (84 loc) · 3.34 KB
/
AutokeyConfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
name: 'AutokeyConfig'
# This resource is currently in public preview.
description: |
`AutokeyConfig` is a singleton resource used to configure the auto-provisioning
flow of CryptoKeys for CMEK.
~> **Note:** AutokeyConfigs cannot be deleted from Google Cloud Platform.
Destroying a Terraform-managed AutokeyConfig will remove it from state but
*will not delete the resource from the project.*
min_version: 'beta'
references:
guides:
'Cloud KMS with Autokey': 'https://cloud.google.com/kms/docs/kms-with-autokey'
api: 'https://cloud.google.com/kms/docs/reference/rest/v1/AutokeyConfig'
docs:
id_format: 'folders/{{folder}}/autokeyConfig'
base_url: 'folders/{{folder}}/autokeyConfig'
self_link: 'folders/{{folder}}/autokeyConfig'
# This is a singleton resource that is already created, so create
# is really an update, and therefore should be PATCHed.
create_url: 'folders/{{folder}}/autokeyConfig?updateMask=keyProject'
create_verb: 'PATCH'
update_url: 'folders/{{folder}}/autokeyConfig?updateMask=keyProject'
update_verb: 'PATCH'
delete_url: 'folders/{{folder}}/autokeyConfig?updateMask=keyProject'
delete_verb: 'PATCH'
import_format:
- 'folders/{{folder}}/autokeyConfig'
timeouts:
insert_minutes: 20
update_minutes: 20
delete_minutes: 20
custom_code:
constants: 'templates/terraform/constants/autokey_config_folder_diff.go.tmpl'
pre_create: 'templates/terraform/pre_create/kms_autokey_config_folder.go.tmpl'
pre_read: 'templates/terraform/pre_read/kms_autokey_config_folder.go.tmpl'
pre_update: 'templates/terraform/pre_update/kms_autokey_config_folder.go.tmpl'
pre_delete: 'templates/terraform/pre_delete/kms_autokey_config_folder.go.tmpl'
post_create: 'templates/terraform/post_create/sleep.go.tmpl'
post_update: 'templates/terraform/post_create/sleep.go.tmpl'
test_check_destroy: 'templates/terraform/custom_check_destroy/kms_autokey_config.go.tmpl'
# Using a handwritten sweeper because of pre_delete.
exclude_sweeper: true
examples:
- name: 'kms_autokey_config_all'
primary_resource_id: 'example-autokeyconfig'
min_version: 'beta'
vars:
folder_name: 'my-folder'
key_project_name: 'key-proj'
test_env_vars:
org_id: 'ORG_ID'
billing_account: 'BILLING_ACCT'
external_providers: ["random", "time"]
parameters:
- name: 'folder'
type: String
description: |
The folder for which to retrieve config.
min_version: 'beta'
url_param_only: true
required: true
immutable: true
diff_suppress_func: 'folderPrefixSuppress'
properties:
- name: 'keyProject'
type: String
description: |
The target key project for a given folder where KMS Autokey will provision a
CryptoKey for any new KeyHandle the Developer creates. Should have the form
`projects/<project_id_or_number>`.
min_version: 'beta'