Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP KMS for Key Provider for Encryption #1392

Merged
merged 8 commits into from
Mar 18, 2024
Merged

GCP KMS for Key Provider for Encryption #1392

merged 8 commits into from
Mar 18, 2024

Conversation

cam72cam
Copy link
Contributor

@cam72cam cam72cam commented Mar 13, 2024
edited

Initial manual testing performed, unit tests required, potential storage of AAD in metadata.

Resolves #1173

Example:

terraform {
        encryption {
                key_provider "gcp_kms" "basic" {
                        kms_encryption_key = "projects/local-vehicle-redacted/locations/global/keyRings/opentofu-test/cryptoKeys/opentofu-keytest"
                        credentials = "/path/to/creds.json"
                        key_size = 32
                }
                method "aes_gcm" "example" {
                        keys = key_provider.gcp_kms.basic
                }
                state {
                        method = method.aes_gcm.example
                }
        }
}

resource "tfcoremock_simple_resource" "simple" {
        string = "helloworld changes! 5"
}

Target Release

1.7.0

@cam72cam
Initial GCP KMS prototype
2dec9d5 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam cam72cam requested a review from a team as a code owner March 13, 2024 20:21
@github-actions GitHub Actions
Copy link

Reminder for the PR assignee: If this is a user-visible change, please update the changelog as part of the PR.

cube2222
cube2222 reviewed Mar 14, 2024
View reviewed changes
Copy link
Collaborator

@cube2222 cube2222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, lgtm!

@cam72cam
Add compliance tests for GCP key provider
218ebde 
TF_ACC=1 TF_GCP_KMS_KEY="projects/local-vehicle-id/locations/global/keyRings/ringname/cryptoKeys/keyname" GOOGLE_CREDENTIALS=./creds.json go test ./internal/encryption/keyprovider/gcp_kms/

Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam
Add additional test cases
eb22e5b 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam
Allow gcp_kms to be mocked for compliance tests
bdd992f 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
janosdebugs
janosdebugs reviewed Mar 18, 2024
View reviewed changes
Copy link
Contributor

@janosdebugs janosdebugs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one minor nitpick

internal/encryption/keyprovider/gcp_kms/config.go Outdated Show resolved Hide resolved
@cam72cam
Split type from kmc init
69ee787 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam
mod tidy
811e020 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
janosdebugs
janosdebugs previously approved these changes Mar 18, 2024
View reviewed changes
@cam72cam
Rename key_size -> key_length per review comments
908e99a 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam cam72cam changed the title Initial GCP KMS prototype GCP KMS for Key Provider for Encryption Mar 18, 2024
@cam72cam
Fix comment of ReadPathOrContents
10a5021 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam cam72cam merged commit 230fc89 into main Mar 18, 2024
8 checks passed
@cam72cam cam72cam deleted the gcp_kms_prototype branch March 18, 2024 19:54
IgnorantSapient pushed a commit to IgnorantSapient/opentofu that referenced this pull request Apr 1, 2024
@cam72cam @IgnorantSapient
GCP KMS for Key Provider for Encryption (opentofu#1392)
98ebd91 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Signed-off-by: Ashwin Annamalai <4549937+IgnorantSapient@users.noreply.github.com>
hrboyceiii pushed a commit to thedotworks/opentofu that referenced this pull request Apr 6, 2024
@cam72cam @hrboyceiii
GCP KMS for Key Provider for Encryption (opentofu#1392)
72da9ae 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cube2222 cube2222 cube2222 left review comments

@Yantrio Yantrio Yantrio approved these changes

@janosdebugs janosdebugs janosdebugs left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[State Encryption] Key providers (Google Cloud KMS)
4 participants
@cam72cam @Yantrio @cube2222 @janosdebugs