Add encryption, retention policy to buckets (#3384) (#382)

* Add encryption, retention policy to buckets

* snake case

* Typo

* Typo

* Add test, fix docs on sa key

* Remove test

Signed-off-by: Modular Magician <magic-modules@google.com>

docs/resources/google_service_account_keys.md

@@ -15,13 +15,13 @@ end
 
 ### Test that there are no more than a specified number of keys for the service account
 
-    describe google_service_account_keys(service_account: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
+    describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
       its('count') { should be <= 1000}
     end
 
 ### Test that a service account with expected name is available
 
-    describe google_service_account_keys(service_account: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
+    describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
       its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
     end
 

docs/resources/google_storage_bucket.md

@@ -14,6 +14,7 @@ describe google_storage_bucket(name: bucket-name) do
 
   its('storage_class') { should eq "STANDARD" }
   its('labels') { should include("key" => "value") }
+  its('retention_policy.retention_period') { should cmp 1000 }
 end
 
 describe google_storage_bucket(name: "nonexistent") do
@@ -163,12 +164,24 @@ Properties that can be accessed from the `google_storage_bucket` resource:
 
     * `not_found_page`: If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
 
+  * `labels`: Labels applied to this bucket.  A list of key->value pairs.
+
+  * `encryption`: Encryption configuration for the bucket
+
+    * `default_kms_key_name`: A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified.
+
+  * `retention_policy`: Retention policy for the bucket
+
+    * `effective_time`: The time from which the retention policy was effective
+
+    * `is_locked`: If the retention policy is locked. If true, the retention policy cannot be removed and the period cannot be reduced.
+
+    * `retention_period`: The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or made noncurrent.
+
   * `project`: A valid API project identifier.
 
   * `predefined_default_object_acl`: Apply a predefined set of default object access controls to this bucket.  Acceptable values are:   - "authenticatedRead": Object owner gets OWNER access, and     allAuthenticatedUsers get READER access.   - "bucketOwnerFullControl": Object owner gets OWNER access, and     project team owners get OWNER access.   - "bucketOwnerRead": Object owner gets OWNER access, and project     team owners get READER access.   - "private": Object owner gets OWNER access.   - "projectPrivate": Object owner gets OWNER access, and project team     members get access according to their roles.   - "publicRead": Object owner gets OWNER access, and allUsers get     READER access.
 
-  * `labels`: Labels applied to this bucket.  A list of key->value pairs.
-
 
 ## GCP Permissions
 

docs/resources/google_storage_buckets.md

@@ -56,9 +56,11 @@ See [google_storage_bucket.md](google_storage_bucket.md) for more detailed infor
   * `updateds`: an array of `google_storage_bucket` updated
   * `versionings`: an array of `google_storage_bucket` versioning
   * `websites`: an array of `google_storage_bucket` website
+  * `labels`: an array of `google_storage_bucket` labels
+  * `encryptions`: an array of `google_storage_bucket` encryption
+  * `retention_policies`: an array of `google_storage_bucket` retention_policy
   * `projects`: an array of `google_storage_bucket` project
   * `predefined_default_object_acls`: an array of `google_storage_bucket` predefined_default_object_acl
-  * `labels`: an array of `google_storage_bucket` labels
 
 ## Filter Criteria
 This resource supports all of the above properties as filter criteria, which can be used

libraries/google/storage/property/bucket_encryption.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Storage
+    module Property
+      class BucketEncryption
+        attr_reader :default_kms_key_name
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @default_kms_key_name = args['defaultKmsKeyName']
+        end
+
+        def to_s
+          "#{@parent_identifier} BucketEncryption"
+        end
+      end
+    end
+  end
+end

libraries/google/storage/property/bucket_retention_policy.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Storage
+    module Property
+      class BucketRetentionPolicy
+        attr_reader :effective_time
+
+        attr_reader :is_locked
+
+        attr_reader :retention_period
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @effective_time = parse_time_string(args['effectiveTime'])
+          @is_locked = args['isLocked']
+          @retention_period = args['retentionPeriod']
+        end
+
+        def to_s
+          "#{@parent_identifier} BucketRetentionPolicy"
+        end
+
+        # Handles parsing RFC3339 time string
+        def parse_time_string(time_string)
+          time_string ? Time.parse(time_string) : nil
+        end
+      end
+    end
+  end
+end

libraries/google_storage_bucket.rb

@@ -17,10 +17,12 @@
 require 'google/storage/property/bucket_acl'
 require 'google/storage/property/bucket_cors'
 require 'google/storage/property/bucket_default_object_acl'
+require 'google/storage/property/bucket_encryption'
 require 'google/storage/property/bucket_lifecycle'
 require 'google/storage/property/bucket_lifecycle_rule'
 require 'google/storage/property/bucket_logging'
 require 'google/storage/property/bucket_owner'
+require 'google/storage/property/bucket_retention_policy'
 require 'google/storage/property/bucket_versioning'
 require 'google/storage/property/bucket_website'
 
@@ -48,9 +50,11 @@ class StorageBucket < GcpResourceBase
   attr_reader :updated
   attr_reader :versioning
   attr_reader :website
+  attr_reader :labels
+  attr_reader :encryption
+  attr_reader :retention_policy
   attr_reader :project
   attr_reader :predefined_default_object_acl
-  attr_reader :labels
 
   def initialize(params)
     super(params.merge({ use_http_transport: true }))
@@ -77,9 +81,11 @@ def parse
     @updated = parse_time_string(@fetched['updated'])
     @versioning = GoogleInSpec::Storage::Property::BucketVersioning.new(@fetched['versioning'], to_s)
     @website = GoogleInSpec::Storage::Property::BucketWebsite.new(@fetched['website'], to_s)
+    @labels = @fetched['labels']
+    @encryption = GoogleInSpec::Storage::Property::BucketEncryption.new(@fetched['encryption'], to_s)
+    @retention_policy = GoogleInSpec::Storage::Property::BucketRetentionPolicy.new(@fetched['retentionPolicy'], to_s)
     @project = @fetched['project']
     @predefined_default_object_acl = @fetched['predefinedDefaultObjectAcl']
-    @labels = @fetched['labels']
   end
 
   # Handles parsing RFC3339 time string

libraries/google_storage_buckets.rb

@@ -40,9 +40,11 @@ class StorageBuckets < GcpResourceBase
   filter_table_config.add(:updateds, field: :updated)
   filter_table_config.add(:versionings, field: :versioning)
   filter_table_config.add(:websites, field: :website)
+  filter_table_config.add(:labels, field: :labels)
+  filter_table_config.add(:encryptions, field: :encryption)
+  filter_table_config.add(:retention_policies, field: :retention_policy)
   filter_table_config.add(:projects, field: :project)
   filter_table_config.add(:predefined_default_object_acls, field: :predefined_default_object_acl)
-  filter_table_config.add(:labels, field: :labels)
 
   filter_table_config.connect(self, :table)
 
@@ -99,9 +101,11 @@ def transformers
       'updated' => ->(obj) { return :updated, parse_time_string(obj['updated']) },
       'versioning' => ->(obj) { return :versioning, GoogleInSpec::Storage::Property::BucketVersioning.new(obj['versioning'], to_s) },
       'website' => ->(obj) { return :website, GoogleInSpec::Storage::Property::BucketWebsite.new(obj['website'], to_s) },
+      'labels' => ->(obj) { return :labels, obj['labels'] },
+      'encryption' => ->(obj) { return :encryption, GoogleInSpec::Storage::Property::BucketEncryption.new(obj['encryption'], to_s) },
+      'retentionPolicy' => ->(obj) { return :retention_policy, GoogleInSpec::Storage::Property::BucketRetentionPolicy.new(obj['retentionPolicy'], to_s) },
       'project' => ->(obj) { return :project, obj['project'] },
       'predefinedDefaultObjectAcl' => ->(obj) { return :predefined_default_object_acl, obj['predefinedDefaultObjectAcl'] },
-      'labels' => ->(obj) { return :labels, obj['labels'] },
     }
   end
 

test/integration/build/gcp-mm.tf

@@ -656,6 +656,10 @@ resource "google_storage_bucket" "bucket" {
   labels = {
     "key" = "value"
   }
+
+  retention_policy {
+    retention_period = 1000
+  }
 }
 
 resource "google_storage_bucket_object" "object" {

test/integration/verify/controls/google_storage_bucket.rb

@@ -26,6 +26,7 @@
 
     its('storage_class') { should eq "STANDARD" }
     its('labels') { should include("key" => "value") }
+    its('retention_policy.retention_period') { should cmp 1000 }
   end
 
   describe google_storage_bucket(name: "nonexistent") do