From 392b4b3f2c3cb400a392e7d01dadd18b691a812c Mon Sep 17 00:00:00 2001
From: Modular Magician <magic-modules@google.com>
Date: Mon, 23 Dec 2024 18:22:10 +0000
Subject: [PATCH] Update tests to use bootstrapped KMS keys (#12609)

[upstream:0974a52691872c92d017186d92f29420f2b3bdf1]

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 dataproc_metastore_service_cmek_test/main.tf | 18 +++---------------
 kmsConfig_create/main.tf                     | 13 +------------
 secure_source_manager_instance_cmek/main.tf  | 14 ++------------
 3 files changed, 6 insertions(+), 39 deletions(-)

diff --git a/dataproc_metastore_service_cmek_test/main.tf b/dataproc_metastore_service_cmek_test/main.tf
index 7af3a4dd..40893c05 100644
--- a/dataproc_metastore_service_cmek_test/main.tf
+++ b/dataproc_metastore_service_cmek_test/main.tf
@@ -8,7 +8,7 @@ resource "google_dataproc_metastore_service" "default" {
   location   = "us-central1"
 
   encryption_config {
-    kms_key = google_kms_crypto_key.crypto_key.id
+    kms_key = "acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-bootstrap-metastore-service-key1").CryptoKey.Name-${local.name_suffix}"
   }
 
   hive_metastore_config {
@@ -21,27 +21,15 @@ resource "google_dataproc_metastore_service" "default" {
   ]
 }
 
-resource "google_kms_crypto_key" "crypto_key" {
-  name     = "example-key-${local.name_suffix}"
-  key_ring = google_kms_key_ring.key_ring.id
-
-  purpose  = "ENCRYPT_DECRYPT"
-}
-
-resource "google_kms_key_ring" "key_ring" {
-  name     = "example-keyring-${local.name_suffix}"
-  location = "us-central1"
-}
-
 resource "google_kms_crypto_key_iam_member" "crypto_key_member_1" {
-  crypto_key_id = google_kms_crypto_key.crypto_key.id
+  crypto_key_id = "acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-bootstrap-metastore-service-key1").CryptoKey.Name-${local.name_suffix}"
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
   member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-metastore.iam.gserviceaccount.com"
 }
 
 resource "google_kms_crypto_key_iam_member" "crypto_key_member_2" {
-  crypto_key_id = google_kms_crypto_key.crypto_key.id
+  crypto_key_id = "acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-bootstrap-metastore-service-key1").CryptoKey.Name-${local.name_suffix}"
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
   member = "serviceAccount:${data.google_storage_project_service_account.gcs_account.email_address}"
diff --git a/kmsConfig_create/main.tf b/kmsConfig_create/main.tf
index 25446f08..f2090df2 100644
--- a/kmsConfig_create/main.tf
+++ b/kmsConfig_create/main.tf
@@ -1,17 +1,6 @@
-resource "google_kms_key_ring" "keyring" {
-  name     = "key-ring-${local.name_suffix}"
-  location = "us-central1"
-}
-
-resource "google_kms_crypto_key" "crypto_key" {
-  name            = "crypto-name-${local.name_suffix}"
-  key_ring        = google_kms_key_ring.keyring.id
-  # rotation_period = "7776000s"
-}
-
 resource "google_netapp_kmsconfig" "kmsConfig" {
   name = "kms-test-${local.name_suffix}"
   description="this is a test description"
-  crypto_key_name=google_kms_crypto_key.crypto_key.id
+  crypto_key_name="crypto-name-${local.name_suffix}"
   location="us-central1"
 }
diff --git a/secure_source_manager_instance_cmek/main.tf b/secure_source_manager_instance_cmek/main.tf
index 2aabd5cf..d33b782d 100644
--- a/secure_source_manager_instance_cmek/main.tf
+++ b/secure_source_manager_instance_cmek/main.tf
@@ -1,15 +1,5 @@
-resource "google_kms_key_ring" "key_ring" {
-  name     = "my-keyring-${local.name_suffix}"
-  location = "us-central1"
-}
-
-resource "google_kms_crypto_key" "crypto_key" {
-  name     = "my-key-${local.name_suffix}"
-  key_ring = google_kms_key_ring.key_ring.id
-}
-
 resource "google_kms_crypto_key_iam_member" "crypto_key_binding" {
-  crypto_key_id = google_kms_crypto_key.crypto_key.id
+  crypto_key_id = "my-key-${local.name_suffix}"
   role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
 
   member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-sourcemanager.iam.gserviceaccount.com"
@@ -18,7 +8,7 @@ resource "google_kms_crypto_key_iam_member" "crypto_key_binding" {
 resource "google_secure_source_manager_instance" "default" {
     location = "us-central1"
     instance_id = "my-instance-${local.name_suffix}"
-    kms_key = google_kms_crypto_key.crypto_key.id
+    kms_key = "my-key-${local.name_suffix}"
 
     depends_on = [
       google_kms_crypto_key_iam_member.crypto_key_binding