diff --git a/Makefile b/Makefile index 7ee844f..3516730 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.4 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.11 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd diff --git a/README.md b/README.md index 635e79f..adf7a70 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ Functional examples are included in the | encrypters | List of comma-separated owners for each key declared in set\_encrypters\_for. | `list(string)` | `[]` | no | | key\_algorithm | The algorithm to use when creating a version based on this template. See the https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm for possible inputs. | `string` | `"GOOGLE_SYMMETRIC_ENCRYPTION"` | no | | key\_protection\_level | The protection level to use when creating a version based on this template. Default value: "SOFTWARE" Possible values: ["SOFTWARE", "HSM"] | `string` | `"SOFTWARE"` | no | -| key\_rotation\_period | n/a | `string` | `"100000s"` | no | +| key\_rotation\_period | Generate a new key every time this period passes. | `string` | `"100000s"` | no | | keyring | Keyring name. | `string` | n/a | yes | | keys | Key names. | `list(string)` | `[]` | no | | labels | Labels, provided as a map | `map(string)` | `{}` | no | diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 19bd76a..3e3bec9 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -37,4 +37,4 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.4' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.11' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index 7437fd5..e7ce466 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -21,4 +21,4 @@ tags: - 'lint' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.4' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.11' diff --git a/examples/simple_example/main.tf b/examples/simple_example/main.tf index d5a44ec..1df2df8 100644 --- a/examples/simple_example/main.tf +++ b/examples/simple_example/main.tf @@ -18,7 +18,7 @@ module "kms" { source = "../.." project_id = var.project_id keyring = var.keyring - location = "global" + location = var.location keys = var.keys # keys can be destroyed by Terraform prevent_destroy = false diff --git a/test/fixtures/simple_example/main.tf b/test/fixtures/simple_example/main.tf index 47f6a8b..6f3bc1f 100644 --- a/test/fixtures/simple_example/main.tf +++ b/test/fixtures/simple_example/main.tf @@ -14,10 +14,6 @@ * limitations under the License. */ -provider "random" { - version = "~> 3.0" -} - resource "random_pet" "main" { length = 1 prefix = "simple-example" diff --git a/test/fixtures/simple_example/versions.tf b/test/fixtures/simple_example/versions.tf new file mode 100644 index 0000000..9e88bde --- /dev/null +++ b/test/fixtures/simple_example/versions.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2023 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13" + required_providers { + random = { + source = "hashicorp/random" + version = ">= 3.0" + } + } +} diff --git a/variables.tf b/variables.tf index 038ea73..495c53e 100644 --- a/variables.tf +++ b/variables.tf @@ -38,6 +38,7 @@ variable "keys" { variable "prevent_destroy" { description = "Set the prevent_destroy lifecycle attribute on keys." + type = bool default = true } @@ -84,8 +85,9 @@ variable "decrypters" { } variable "key_rotation_period" { - type = string - default = "100000s" + description = "Generate a new key every time this period passes." + type = string + default = "100000s" } variable "key_algorithm" {