From 01aaea406b94ccb61dc48c9fad7fb62357acfd32 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 17 Sep 2024 08:08:46 -0700 Subject: [PATCH] Add support for regional secret version resource `google_secret_manager_regional_secret_version` (#11699) (#797) [upstream:2a9c7e6ce823646f03bbf4a42b8825c7e6166cf7] Signed-off-by: Modular Magician --- regional_secret_version_basic/backing_file.tf | 15 ++++ regional_secret_version_basic/main.tf | 9 +++ regional_secret_version_basic/motd | 7 ++ regional_secret_version_basic/tutorial.md | 79 +++++++++++++++++++ .../backing_file.tf | 15 ++++ .../main.tf | 10 +++ .../motd | 7 ++ .../tutorial.md | 79 +++++++++++++++++++ .../backing_file.tf | 15 ++++ .../main.tf | 10 +++ .../motd | 7 ++ .../tutorial.md | 79 +++++++++++++++++++ .../backing_file.tf | 15 ++++ regional_secret_version_disabled/main.tf | 10 +++ regional_secret_version_disabled/motd | 7 ++ regional_secret_version_disabled/tutorial.md | 79 +++++++++++++++++++ .../backing_file.tf | 15 ++++ .../main.tf | 10 +++ regional_secret_version_with_base64_data/motd | 7 ++ .../tutorial.md | 79 +++++++++++++++++++ 20 files changed, 554 insertions(+) create mode 100644 regional_secret_version_basic/backing_file.tf create mode 100644 regional_secret_version_basic/main.tf create mode 100644 regional_secret_version_basic/motd create mode 100644 regional_secret_version_basic/tutorial.md create mode 100644 regional_secret_version_deletion_policy_abandon/backing_file.tf create mode 100644 regional_secret_version_deletion_policy_abandon/main.tf create mode 100644 regional_secret_version_deletion_policy_abandon/motd create mode 100644 regional_secret_version_deletion_policy_abandon/tutorial.md create mode 100644 regional_secret_version_deletion_policy_disable/backing_file.tf create mode 100644 regional_secret_version_deletion_policy_disable/main.tf create mode 100644 regional_secret_version_deletion_policy_disable/motd create mode 100644 regional_secret_version_deletion_policy_disable/tutorial.md create mode 100644 regional_secret_version_disabled/backing_file.tf create mode 100644 regional_secret_version_disabled/main.tf create mode 100644 regional_secret_version_disabled/motd create mode 100644 regional_secret_version_disabled/tutorial.md create mode 100644 regional_secret_version_with_base64_data/backing_file.tf create mode 100644 regional_secret_version_with_base64_data/main.tf create mode 100644 regional_secret_version_with_base64_data/motd create mode 100644 regional_secret_version_with_base64_data/tutorial.md diff --git a/regional_secret_version_basic/backing_file.tf b/regional_secret_version_basic/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/regional_secret_version_basic/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/regional_secret_version_basic/main.tf b/regional_secret_version_basic/main.tf new file mode 100644 index 00000000..854d0eee --- /dev/null +++ b/regional_secret_version_basic/main.tf @@ -0,0 +1,9 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "secret-version-${local.name_suffix}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "regional_secret_version_basic" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "secret-data-${local.name_suffix}" +} diff --git a/regional_secret_version_basic/motd b/regional_secret_version_basic/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/regional_secret_version_basic/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/regional_secret_version_basic/tutorial.md b/regional_secret_version_basic/tutorial.md new file mode 100644 index 00000000..861fa292 --- /dev/null +++ b/regional_secret_version_basic/tutorial.md @@ -0,0 +1,79 @@ +# Regional Secret Version Basic - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +``` diff --git a/regional_secret_version_deletion_policy_abandon/backing_file.tf b/regional_secret_version_deletion_policy_abandon/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/regional_secret_version_deletion_policy_abandon/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/regional_secret_version_deletion_policy_abandon/main.tf b/regional_secret_version_deletion_policy_abandon/main.tf new file mode 100644 index 00000000..e9942c09 --- /dev/null +++ b/regional_secret_version_deletion_policy_abandon/main.tf @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "secret-version-${local.name_suffix}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "regional_secret_version_deletion_policy" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "secret-data-${local.name_suffix}" + deletion_policy = "ABANDON" +} diff --git a/regional_secret_version_deletion_policy_abandon/motd b/regional_secret_version_deletion_policy_abandon/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/regional_secret_version_deletion_policy_abandon/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/regional_secret_version_deletion_policy_abandon/tutorial.md b/regional_secret_version_deletion_policy_abandon/tutorial.md new file mode 100644 index 00000000..aa883522 --- /dev/null +++ b/regional_secret_version_deletion_policy_abandon/tutorial.md @@ -0,0 +1,79 @@ +# Regional Secret Version Deletion Policy Abandon - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +``` diff --git a/regional_secret_version_deletion_policy_disable/backing_file.tf b/regional_secret_version_deletion_policy_disable/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/regional_secret_version_deletion_policy_disable/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/regional_secret_version_deletion_policy_disable/main.tf b/regional_secret_version_deletion_policy_disable/main.tf new file mode 100644 index 00000000..fc704126 --- /dev/null +++ b/regional_secret_version_deletion_policy_disable/main.tf @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "secret-version-${local.name_suffix}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "regional_secret_version_deletion_policy" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "secret-data-${local.name_suffix}" + deletion_policy = "DISABLE" +} diff --git a/regional_secret_version_deletion_policy_disable/motd b/regional_secret_version_deletion_policy_disable/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/regional_secret_version_deletion_policy_disable/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/regional_secret_version_deletion_policy_disable/tutorial.md b/regional_secret_version_deletion_policy_disable/tutorial.md new file mode 100644 index 00000000..e393e802 --- /dev/null +++ b/regional_secret_version_deletion_policy_disable/tutorial.md @@ -0,0 +1,79 @@ +# Regional Secret Version Deletion Policy Disable - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +``` diff --git a/regional_secret_version_disabled/backing_file.tf b/regional_secret_version_disabled/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/regional_secret_version_disabled/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/regional_secret_version_disabled/main.tf b/regional_secret_version_disabled/main.tf new file mode 100644 index 00000000..ea0d2a04 --- /dev/null +++ b/regional_secret_version_disabled/main.tf @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "secret-version-${local.name_suffix}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "regional_secret_version_disabled" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = "secret-data-${local.name_suffix}" + enabled = false +} diff --git a/regional_secret_version_disabled/motd b/regional_secret_version_disabled/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/regional_secret_version_disabled/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/regional_secret_version_disabled/tutorial.md b/regional_secret_version_disabled/tutorial.md new file mode 100644 index 00000000..9eb1ba05 --- /dev/null +++ b/regional_secret_version_disabled/tutorial.md @@ -0,0 +1,79 @@ +# Regional Secret Version Disabled - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +``` diff --git a/regional_secret_version_with_base64_data/backing_file.tf b/regional_secret_version_with_base64_data/backing_file.tf new file mode 100644 index 00000000..c60b1199 --- /dev/null +++ b/regional_secret_version_with_base64_data/backing_file.tf @@ -0,0 +1,15 @@ +# This file has some scaffolding to make sure that names are unique and that +# a region and zone are selected when you try to create your Terraform resources. + +locals { + name_suffix = "${random_pet.suffix.id}" +} + +resource "random_pet" "suffix" { + length = 2 +} + +provider "google" { + region = "us-central1" + zone = "us-central1-c" +} diff --git a/regional_secret_version_with_base64_data/main.tf b/regional_secret_version_with_base64_data/main.tf new file mode 100644 index 00000000..9ce86264 --- /dev/null +++ b/regional_secret_version_with_base64_data/main.tf @@ -0,0 +1,10 @@ +resource "google_secret_manager_regional_secret" "secret-basic" { + secret_id = "secret-version-${local.name_suffix}" + location = "us-central1" +} + +resource "google_secret_manager_regional_secret_version" "regional_secret_version_base64" { + secret = google_secret_manager_regional_secret.secret-basic.id + secret_data = filebase64("secret-data.pfx-${local.name_suffix}") + is_secret_data_base64 = true +} diff --git a/regional_secret_version_with_base64_data/motd b/regional_secret_version_with_base64_data/motd new file mode 100644 index 00000000..45a906e8 --- /dev/null +++ b/regional_secret_version_with_base64_data/motd @@ -0,0 +1,7 @@ +=== + +These examples use real resources that will be billed to the +Google Cloud Platform project you use - so make sure that you +run "terraform destroy" before quitting! + +=== diff --git a/regional_secret_version_with_base64_data/tutorial.md b/regional_secret_version_with_base64_data/tutorial.md new file mode 100644 index 00000000..9093ff34 --- /dev/null +++ b/regional_secret_version_with_base64_data/tutorial.md @@ -0,0 +1,79 @@ +# Regional Secret Version With Base64 Data - Terraform + +## Setup + + + +Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform. + + + +Terraform provisions real GCP resources, so anything you create in this session will be billed against this project. + +## Terraforming! + +Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command +to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up +the project name from the environment variable. + +```bash +export GOOGLE_CLOUD_PROJECT={{project-id}} +``` + +After that, let's get Terraform started. Run the following to pull in the providers. + +```bash +terraform init +``` + +With the providers downloaded and a project set, you're ready to use Terraform. Go ahead! + +```bash +terraform apply +``` + +Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan. + +```bash +yes +``` + + +## Post-Apply + +### Editing your config + +Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed. + +```bash +terraform plan +``` + +So let's make a change! Try editing a number, or appending a value to the name in the editor. Then, +run a 'plan' again. + +```bash +terraform plan +``` + +Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes +at the 'yes' prompt. + +```bash +terraform apply +``` + +```bash +yes +``` + +## Cleanup + +Run the following to remove the resources Terraform provisioned: + +```bash +terraform destroy +``` +```bash +yes +```