BigQuery: support encryptionConfiguration in google_bigquery_data_transfer_config (#11478)

Author: BBBmau

mmv1/.ruby-version

@@ -1 +1 @@
-3.1.0
+3.2.2

mmv1/products/bigquerydatatransfer/Config.yaml

@@ -46,13 +46,22 @@ examples:
     vars:
       display_name: 'my-query'
       dataset_id: 'my_dataset'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'bigquerydatatransfer_config_cmek'
+    skip_test: true
+    primary_resource_id: 'query_config_cmek'
+    vars:
+      dataset_id: 'example_dataset'
+      key_name: 'example-key'
+      keyring_name: 'example-keyring'
   - !ruby/object:Provider::Terraform::Examples
     skip_test: true
     name: 'bigquerydatatransfer_config_salesforce'
     primary_resource_id: 'salesforce_config'
     vars:
       display_name: 'my-salesforce-config'
       dataset_id: 'my_dataset'
+
 parameters:
   - !ruby/object:Api::Type::String
     name: 'location'
@@ -172,6 +181,16 @@ properties:
       reingests data for [today-10, today-1], rather than ingesting data for
       just [today-1]. Only valid if the data source supports the feature.
       Set the value to 0 to use the default value.
+  - !ruby/object:Api::Type::NestedObject
+    name: 'encryptionConfiguration'
+    description: |
+      Represents the encryption configuration for a transfer.
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'kmsKeyName'
+        required: true
+        description: |
+          The name of the KMS key used for encrypting BigQuery data.
   - !ruby/object:Api::Type::Boolean
     name: 'disabled'
     description: |

mmv1/templates/terraform/examples/bigquerydatatransfer_config_cmek.tf.erb

@@ -0,0 +1,46 @@
+data "google_project" "project" {
+}
+
+resource "google_project_iam_member" "permissions" {
+  project = data.google_project.project.project_id
+  role   = "roles/iam.serviceAccountTokenCreator"
+  member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com"
+}
+
+resource "google_bigquery_data_transfer_config" "<%= ctx[:primary_resource_id] %>" {
+  depends_on = [google_project_iam_member.permissions]
+
+  display_name           = "<%= ctx[:vars]['display_name'] %>"
+  location               = "asia-northeast1"
+  data_source_id         = "scheduled_query"
+  schedule               = "first sunday of quarter 00:00"
+  destination_dataset_id = google_bigquery_dataset.my_dataset.dataset_id
+  params = {
+    destination_table_name_template = "my_table"
+    write_disposition               = "WRITE_APPEND"
+    query                           = "SELECT name FROM tabl WHERE x = 'y'"
+  }
+
+  encryption_configuration {
+    kms_key_name = google_kms_crypto_key.crypto_key.id
+  }
+}
+
+resource "google_bigquery_dataset" "my_dataset" {
+  depends_on = [google_project_iam_member.permissions]
+
+  dataset_id    = "<%= ctx[:vars]['dataset_id'] %>"
+  friendly_name = "foo"
+  description   = "bar"
+  location      = "asia-northeast1"
+}
+
+resource "google_kms_crypto_key" "crypto_key" {
+  name     = "<%= ctx[:vars]['key_name'] %>"
+  key_ring = google_kms_key_ring.key_ring.id
+}
+
+resource "google_kms_key_ring" "key_ring" {
+  name     = "<%= ctx[:vars]['keyring_name'] %>"
+  location = "us"
+}

mmv1/third_party/terraform/services/bigquerydatatransfer/resource_bigquery_data_transfer_config_test.go

@@ -384,6 +384,29 @@ func testAccBigqueryDataTransferConfig_scheduledQuery_update(t *testing.T) {
 	})
 }
 
+func testAccBigqueryDataTransferConfig_CMEK(t *testing.T) {
+	// Uses time.Now
+	acctest.SkipIfVcr(t)
+	random_suffix := acctest.RandString(t, 10)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckBigqueryDataTransferConfigDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBigqueryDataTransferConfig_CMEK_basic(random_suffix),
+			},
+			{
+				ResourceName:            "google_bigquery_data_transfer_config.query_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location"},
+			},
+		},
+	})
+}
+
 func testAccBigqueryDataTransferConfig_scheduledQuery_no_destination(t *testing.T) {
 	// Uses time.Now
 	acctest.SkipIfVcr(t)
@@ -768,6 +791,74 @@ resource "google_bigquery_data_transfer_config" "copy_config" {
 `, random_suffix, random_suffix, random_suffix)
 }
 
+func testAccBigqueryDataTransferConfig_CMEK_basic(random_suffix string) string {
+	return fmt.Sprintf(`
+data "google_project" "project" {
+}
+
+resource "google_kms_key_ring" "example_keyring" {
+  name     = "keyring-test-%s"
+  location = "us-central1"
+}
+
+resource "google_kms_crypto_key" "example_crypto_key" {
+  name = "crypto-key-%s"
+  key_ring = google_kms_key_ring.example_keyring.id
+  purpose = "ENCRYPT_DECRYPT"
+}
+
+resource "google_service_account" "bqwriter%s" {
+  account_id = "bqwriter%s"
+}
+
+resource "google_project_iam_member" "data_editor" {
+  project = data.google_project.project.project_id
+
+  role   = "roles/bigquery.dataEditor"
+  member = "serviceAccount:${google_service_account.bqwriter%s.email}"
+}
+
+data "google_iam_policy" "owner" {
+  binding {
+    role = "roles/bigquery.dataOwner"
+
+    members = [
+      "serviceAccount:${google_service_account.bqwriter%s.email}",
+    ]
+  }
+}
+
+resource "google_bigquery_dataset_iam_policy" "dataset" {
+  dataset_id  = google_bigquery_dataset.my_dataset.dataset_id
+  policy_data = data.google_iam_policy.owner.policy_data
+}
+
+resource "google_bigquery_data_transfer_config" "query_config" {
+  depends_on = [ google_kms_crypto_key.example_crypto_key ]
+  encryption_configuration {
+    kms_key_name = google_kms_crypto_key.example_crypto_key.id
+  }
+  display_name           = "my-query-%s"
+  location               = "us-central1"
+  data_source_id         = "scheduled_query"
+  schedule               = "first sunday of quarter 00:00"
+  destination_dataset_id = google_bigquery_dataset.my_dataset.dataset_id
+  params = {
+    destination_table_name_template = "my_table"
+    write_disposition               = "WRITE_APPEND"
+    query                           = "SELECT name FROM table WHERE x = 'y'"
+  }
+}
+
+resource "google_bigquery_dataset" "my_dataset" {
+  dataset_id    = "my_dataset_%s"
+  friendly_name = "foo"
+  description   = "bar"
+  location      = "us-central1"
+}
+`, random_suffix, random_suffix, random_suffix, random_suffix, random_suffix, random_suffix, random_suffix, random_suffix)
+}
+
 func testAccBigqueryDataTransferConfig_update_params_force_new(random_suffix, path, table string) string {
 	return fmt.Sprintf(`
 resource "google_bigquery_dataset" "dataset" {