Merge pull request #1 from p2p-org/non-authoritative

Non-authoritative members mode

.github/release-please.yml

@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 releaseType: terraform-module
 handleGHRelease: true

.github/workflows/stale.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "Close stale issues"
 on:
   schedule:

.gitignore

@@ -3,3 +3,6 @@ terraform.tfstate*
 *.pyc
 .kitchen
 credentials.json
+
+# tf lock file
+.terraform.lock.hcl

CHANGELOG.md

@@ -7,6 +7,31 @@ The format is based on
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.0](https://www.github.com/terraform-google-modules/terraform-google-kms/compare/v2.0.1...v2.1.0) (2021-12-13)
+
+
+### Features
+
+* update TPG version constraints to allow 4.0 ([#50](https://www.github.com/terraform-google-modules/terraform-google-kms/issues/50)) ([14d80d7](https://www.github.com/terraform-google-modules/terraform-google-kms/commit/14d80d70966ff2ea64481cca83e8acbfff3fa65b))
+
+### [2.0.1](https://www.github.com/terraform-google-modules/terraform-google-kms/compare/v2.0.0...v2.0.1) (2021-08-11)
+
+
+### Bug Fixes
+
+* Create dependency with grant ([#46](https://www.github.com/terraform-google-modules/terraform-google-kms/issues/46)) ([9f4129d](https://www.github.com/terraform-google-modules/terraform-google-kms/commit/9f4129d87799c1c22c388e1a3808717b09a58ab3))
+
+## [2.0.0](https://www.github.com/terraform-google-modules/terraform-google-kms/compare/v1.2.0...v2.0.0) (2021-03-15)
+
+
+### ⚠ BREAKING CHANGES
+
+* add Terraform 0.13 constraint and module attribution (#40)
+
+### Features
+
+* add Terraform 0.13 constraint and module attribution ([#40](https://www.github.com/terraform-google-modules/terraform-google-kms/issues/40)) ([e46c56c](https://www.github.com/terraform-google-modules/terraform-google-kms/commit/e46c56c683961ceb750684409cbdfdff4492031d))
+
 ## [1.2.0](https://www.github.com/terraform-google-modules/terraform-google-kms/compare/v1.1.1...v1.2.0) (2020-06-01)
 
 

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -9,28 +9,36 @@ The resources/services/activations/deletions that this module will create/trigge
 - Create IAM role bindings for owners, encrypters, decrypters
 
 ## Compatibility
-
-This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.11.x-compatible
-version of this module, the last released version intended for Terraform 0.11.x
-is [v0.1.0](https://registry.terraform.io/modules/terraform-google-modules/kms/google/0.1.0).
+This module is meant for use with Terraform 1.0+.
 
 ## Usage
 
 Basic usage of this module is as follows:
 
 ```hcl
 module "kms" {
-  source  = "terraform-google-modules/kms/google"
-  version = "~> 1.2"
+  source  = "github.com/p2p-org/terraform-google-kms?ref=v2.0.0"
 
   project_id         = "<PROJECT ID>"
   location           = "europe"
   keyring            = "sample-keyring"
   keys               = ["foo", "spam"]
-  set_owners_for     = ["foo", "spam"]
-  owners = [
-    "group:[email protected],group:[email protected]",
-    "group:[email protected]",
+
+  key_opts = [
+    {
+      key = "foo"
+      rotation_period = "100000s"
+    },
+  ]
+
+  owners = ["group:[email protected]","user:[email protected]"]
+
+  ## additional ACLs
+  acl = [
+    {
+      key = "spam"
+      decrypters = ["serviceAccount:[email protected]"]
+    }
   ]
 }
 ```
@@ -42,45 +50,37 @@ Functional examples are included in the
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| decrypters | List of comma-separated owners for each key declared in set_decrypters_for. | list(string) | `<list>` | no |
-| encrypters | List of comma-separated owners for each key declared in set_encrypters_for. | list(string) | `<list>` | no |
-| key\_algorithm | The algorithm to use when creating a version based on this template. See the https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm for possible inputs. | string | `"GOOGLE_SYMMETRIC_ENCRYPTION"` | no |
-| key\_protection\_level | The protection level to use when creating a version based on this template. Default value: "SOFTWARE" Possible values: ["SOFTWARE", "HSM"] | string | `"SOFTWARE"` | no |
-| key\_rotation\_period |  | string | `"100000s"` | no |
-| keyring | Keyring name. | string | n/a | yes |
-| keys | Key names. | list(string) | `<list>` | no |
-| labels | Labels, provided as a map | map(string) | `<map>` | no |
-| location | Location for the keyring. | string | n/a | yes |
-| owners | List of comma-separated owners for each key declared in set_owners_for. | list(string) | `<list>` | no |
-| prevent\_destroy | Set the prevent_destroy lifecycle attribute on keys. | string | `"true"` | no |
-| project\_id | Project id where the keyring will be created. | string | n/a | yes |
-| set\_decrypters\_for | Name of keys for which decrypters will be set. | list(string) | `<list>` | no |
-| set\_encrypters\_for | Name of keys for which encrypters will be set. | list(string) | `<list>` | no |
-| set\_owners\_for | Name of keys for which owners will be set. | list(string) | `<list>` | no |
+|------|-------------|------|---------|:--------:|
+| owners | Owners shared for all the managed keys. | `list(string)` | `[]` | | no |
+| encrypters | Encrypters shared for all the managed keys. | `list(string)` | `[]` | | no |
+| decrypters | Decrypters shared for all the managed keys. | `list(string)` | `[]` | | no |
+| acl | Additional ACL for for the managed keys. | `list(any)` | `[]` | no |
+| existing\_keyring | Use existing keyring | `bool` | `false` | no |
+| key\_opts | Specifies key specific options. | `list(any)` | `[]` | no |
+| keyring | Keyring name. | `string` | n/a | yes |
+| keys | Key names. | `list(string)` | `[]` | no |
+| location | Location for the keyring. | `string` | n/a | yes |
+| prevent\_destroy | Set the prevent\_destroy lifecycle attribute on keys. | `bool` | `true` | no |
+| project\_id | Project id where the keyring will be created. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| keyring | Self link of the keyring. |
+| existing\_keyring | Existing keyring is used, i.e. keyring has been created. |
+| keyring\_id | Self link of the keyring. |
 | keyring\_name | Name of the keyring. |
-| keyring\_resource | Keyring resource. |
-| keys | Map of key name => key self link. |
+| keyring\_project | Project of the keyring. |
+| keys | Map of key name => id. |
+| kms\_keys | Managed kms keys details. |
+| location | Location of the keyring. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Requirements
 
 These sections describe requirements for using this module.
 
-### Software
-
-The following dependencies must be available:
-
-- [Terraform][terraform] v0.12
-- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0
-
 ### Service Account
 
 A service account with one of the following roles must be used to provision

build/int.cloudbuild.yaml

@@ -37,4 +37,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'

examples/simple_example/README.md

@@ -6,18 +6,19 @@ This example illustrates how to use the `kms` module.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| keyring | Keyring name. | string | n/a | yes |
-| keys | Key names. | list(string) | `<list>` | no |
-| location | Location for the keyring. | string | `"global"` | no |
-| project\_id | The ID of the project in which to provision resources. | string | n/a | yes |
+|------|-------------|------|---------|:--------:|
+| key\_opts | Specifies key specific options. | `any` | `[]` | no |
+| keyring | Keyring name. | `string` | n/a | yes |
+| keys | Key names. | `list(string)` | `[]` | no |
+| location | Location for the keyring. | `string` | `"global"` | no |
+| project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | keyring | The name of the keyring. |
-| keys | List of created kkey names. |
+| keys | List of created key names. |
 | location | The location of the keyring. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/simple_example/main.tf

@@ -14,17 +14,19 @@
  * limitations under the License.
  */
 
-provider "google" {
-  version = "~> 3.0.0"
-}
-
 module "kms" {
-  source     = "../.."
+  source = "../.."
+
   project_id = var.project_id
-  keyring    = var.keyring
-  location   = "global"
-  keys       = var.keys
-  # keys can be destroyed by Terraform
-  prevent_destroy = false
-}
+  location   = var.location
+  keyring    = "sample-keyring"
+  keys       = ["foo"]
 
+  key_opts = [
+    {
+      key             = "foo"
+      rotation_period = "100000s"
+      prevent_destroy = false
+    },
+  ]
+}

examples/simple_example/outputs.tf

@@ -16,15 +16,15 @@
 
 output "keyring" {
   description = "The name of the keyring."
-  value       = module.kms.keyring_resource.name
+  value       = module.kms.keyring_name
 }
 
 output "location" {
   description = "The location of the keyring."
-  value       = module.kms.keyring_resource.location
+  value       = module.kms.location
 }
 
 output "keys" {
-  description = "List of created kkey names."
+  description = "List of created key names."
   value       = keys(module.kms.keys)
 }

examples/simple_example/variables.tf

@@ -35,3 +35,9 @@ variable "keys" {
   type        = list(string)
   default     = []
 }
+
+variable "key_opts" {
+  description = "Specifies key specific options."
+  type        = any
+  default     = []
+}

examples/simple_example/versions.tf

@@ -0,0 +1,25 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+  required_version = ">= 0.13"
+}