feat: expose purpose field (#59)

README.md

@@ -56,6 +56,7 @@ Functional examples are included in the
 | owners | List of comma-separated owners for each key declared in set\_owners\_for. | `list(string)` | `[]` | no |
 | prevent\_destroy | Set the prevent\_destroy lifecycle attribute on keys. | `bool` | `true` | no |
 | project\_id | Project id where the keyring will be created. | `string` | n/a | yes |
+| purpose | The immutable purpose of the CryptoKey. Possible values are ENCRYPT\_DECRYPT, ASYMMETRIC\_SIGN, and ASYMMETRIC\_DECRYPT. | `string` | `"ENCRYPT_DECRYPT"` | no |
 | set\_decrypters\_for | Name of keys for which decrypters will be set. | `list(string)` | `[]` | no |
 | set\_encrypters\_for | Name of keys for which encrypters will be set. | `list(string)` | `[]` | no |
 | set\_owners\_for | Name of keys for which owners will be set. | `list(string)` | `[]` | no |

main.tf

@@ -29,6 +29,7 @@ resource "google_kms_crypto_key" "key" {
   name            = var.keys[count.index]
   key_ring        = google_kms_key_ring.key_ring.id
   rotation_period = var.key_rotation_period
+  purpose         = var.purpose
 
   lifecycle {
     prevent_destroy = true

test/integration/simple_example/inspec.yml

@@ -16,7 +16,7 @@ name: simple_example
 depends:
   - name: inspec-gcp
     git: https://github.com/inspec/inspec-gcp.git
-    tag: v1.8.8
+    tag: v1.10.27
 attributes:
   - name: project_id
     required: true

variables.tf

@@ -41,6 +41,12 @@ variable "prevent_destroy" {
   default     = true
 }
 
+variable "purpose" {
+  type        = string
+  description = "The immutable purpose of the CryptoKey. Possible values are ENCRYPT_DECRYPT, ASYMMETRIC_SIGN, and ASYMMETRIC_DECRYPT."
+  default     = "ENCRYPT_DECRYPT"
+}
+
 variable "set_owners_for" {
   description = "Name of keys for which owners will be set."
   type        = list(string)