-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spanner MR CMEK Integration #11319
base: main
Are you sure you want to change the base?
Spanner MR CMEK Integration #11319
Conversation
- Add kmsKeyNames to encryptionConfig - Make kmsKeyName and kmsKeyNames not required
Add MR CMEK test
Mr cmek integration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Hello! I am a robot. Tests will require approval from a repository maintainer to run. @c2thorn, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look. You can help make sure that review is quick by doing a self-review and by running impacted tests locally. |
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 30 Click here to see the affected service packages
Tests were added that are skipped in VCR:
View the build log |
Tests analyticsTotal tests: 30 Click here to see the affected service packages
Tests were added that are skipped in VCR:
View the build log |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you update the release note based on https://googlecloudplatform.github.io/magic-modules/contribute/release-notes/
I'll run the test in our environment to make sure its passing
mmv1/third_party/terraform/services/spanner/resource_spanner_database_test.go.erb
Outdated
Show resolved
Hide resolved
Added a note. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
=== RUN TestAccSpannerDatabase_mrcmek
=== PAUSE TestAccSpannerDatabase_mrcmek
=== CONT TestAccSpannerDatabase_mrcmek
vcr_utils.go:152: Step 1/2 error: Error running apply: exit status 1
Error: Error creating Database: googleapi: Error 400: Invalid CreateDatabase request.
Details:
[
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Expected projects/{project ID}/locations/{location ID}/keyRings/{keyring ID}/cryptoKeys/{kms_key_name}\nGot: google_kms_crypto_key.example-key-us-central1.id\nError: Resource name 'google_kms_crypto_key.example-key-us-central1.id' does not match pattern 'projects/([^/]{1,100})/locations/([a-zA-Z0-9_-]{1,63})/keyRings/([a-zA-Z0-9_-]{1,63})/cryptoKeys/([a-zA-Z0-9_-]{1,63})'.",
"field": "encryption_config.kms_key_names[0]"
}
]
}
]
with google_spanner_database.database,
on terraform_plugin_test.tf line 9, in resource "google_spanner_database" "database":
9: resource "google_spanner_database" "database" {
I am seeing the error "The Cloud Spanner multi-region CMEK feature is currently not supported" |
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
…ey_names.go.tmpl Clarify comment Co-authored-by: Stephen Lewis (Burrows) <[email protected]>
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use spaces instead of tabs
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
1 similar comment
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Use BootstrapKMSKey instead of crypto keys because crypto keys can't be deleted
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
1 similar comment
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Tests analyticsTotal tests: 4152 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Tests analyticsTotal tests: 4153 Click here to see the affected service packages
Tests were added that are skipped in VCR:
Action takenFound 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
resource "google_kms_crypto_key_iam_binding" "crypto_key1" { | ||
crypto_key_id = "%{key_name1}" | ||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
members = [ | ||
google_project_service_identity.ck_sa.member, | ||
] | ||
} | ||
|
||
resource "google_kms_crypto_key_iam_binding" "crypto_key2" { | ||
crypto_key_id = "%{key_name2}" | ||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
members = [ | ||
google_project_service_identity.ck_sa.member, | ||
] | ||
} | ||
|
||
resource "google_kms_crypto_key_iam_binding" "crypto_key3" { | ||
crypto_key_id = "%{key_name3}" | ||
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" | ||
members = [ | ||
google_project_service_identity.ck_sa.member, | ||
] | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you remove these IAM roles? I'll manually add them once done. Then we should be good to go here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the depends_on =
need to go too?
Remove IAM roles.
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are.
|
Tests analyticsTotal tests: 4159 Click here to see the affected service packages
🔴 Tests were added that are skipped in VCR:
Action takenFound 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
|
🟢 Tests passed during RECORDING mode: 🟢 No issues found for passed tests after REPLAYING rerun. 🔴 Tests failed during RECORDING mode: 🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR. |
Promote Spanner MR CMEK support to GA:
Adds the new field kmsKeyNames to encryptionConfig to support creating a Spanner MR CMEK database.
Release Note Template for Downstream PRs (will be copied)