GoogleCloudPlatform
Add kmskeyname to datastore
Fixes https://github.com/hashicorp/terraform-provider-google/issues/19041
Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.
discoveryengine: added `kms_key_name` field to `google_discovery_engine_data_store` resource
Hello! I am a robot. Tests will require approval from a repository maintainer to run.
Googlers: For automatic test runs see go/terraform-auto-test-runs.
@roaks3, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.
You can help make sure that review is quick by doing a self-review and by running impacted tests locally.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 110 insertions(+))
google-beta provider: Diff ( 4 files changed, 110 insertions(+))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Tests analytics
Total tests: 16 Passed tests: 15 Skipped tests: 0 Affected tests: 1
Click here to see the affected service packages
- discoveryengine
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
- TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
Get to know how VCR tests work
🔴 Tests failed during RECORDING mode:
TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample [Error message] [Debug log]
🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.
View the build log or the debug log for each test
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 110 insertions(+))
google-beta provider: Diff ( 4 files changed, 110 insertions(+))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Tests analytics
Total tests: 16 Passed tests: 15 Skipped tests: 0 Affected tests: 1
Click here to see the affected service packages
- discoveryengine
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
- TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
Get to know how VCR tests work
🔴 Tests failed during RECORDING mode:
TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample [Error message] [Debug log]
🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.
View the build log or the debug log for each test
Checked the [Error message],
- Resource
google_kms_key_ringexists:- https://screenshot.googleplex.com/4ZCC4dChUWhxGr3
"projects/ci-test-project-188019/locations/us/keyRings/tftest-shared-keyring-1"
- Resource
google_kms_crypto_keyandgoogle_kms_crypto_key_versionexist:- https://screenshot.googleplex.com/8ckQiCigB5GTRpL
"projects/ci-test-project-188019/locations/us/keyRings/tftest-shared-keyring-1/cryptoKeys/tftest-shared-key-1""projects/ci-test-project-188019/locations/us/keyRings/tftest-shared-keyring-1/cryptoKeys/tftest-shared-key-1/cryptoKeyVersions/1"
- Error was generated while creating target resource
google_discovery_engine_data_store: https://screenshot.googleplex.com/5344TXzxec5Bztn- Code pointer
- Error reason: there is no corresponding CmekConfig: https://screenshot.googleplex.com/9zkvmVSp8kvqbLU
- Solution: Manually create CmekConfig https://screenshot.googleplex.com/8WAUBqF8n5bxUuf but failed for permission issue https://screenshot.googleplex.com/BPpBzJixCEp5fuV
@roaks3 This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.
@GoogleCloudPlatform/terraform-team @roaks3 This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.
@jialei-chen could you clarify the state of this PR? The code looks sufficient, and the bootstrapped key appears to be hooked up correctly, but the API is not handling it. Does that imply a bug with the API, or that more needs to be done client side for this behavior to work?
Hi @roaks3, thanks for your review. Yes, it's a small PR, where the code and bootstrapped key look good. Checked the error message, I think the API is failing for some reason. And I've reached out to our API owner for the fix: b/422249102. Once this ticket is closed, I will verify locally and re-trigger the VCR-test.
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 110 insertions(+))
google-beta provider: Diff ( 4 files changed, 110 insertions(+))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Hi @roaks3, the bug with API was fixed b/359238429#comment28. I re-retriggered the auto tests by "Sync fork -> Update branch", but got timeout. Do you know what happened or do I need to retry?
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 110 insertions(+))
google-beta provider: Diff ( 4 files changed, 110 insertions(+))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Tests analytics
Total tests: 16 Passed tests: 15 Skipped tests: 0 Affected tests: 1
Click here to see the affected service packages
- discoveryengine
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
- TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
Get to know how VCR tests work
🔴 Tests failed during RECORDING mode:
TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample [Error message] [Debug log]
🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.
View the build log or the debug log for each test
Hi reviewer, I checked Debug log above. The error seems to be impacted by "legacy plugin SDK" and I don't think it can be fixed on my side. Specifically,
- [Expected] Create DataStore operation finished successfully with bootstrapped KMS key. https://screenshot.googleplex.com/9Rjjfgf3gWsfqVv
- [Expected] Get DataStore operation finished successfully. https://screenshot.googleplex.com/4xQmTrptKSNz2mr
- [Unexpected] Warning of an unexpected new value for KMS key name https://screenshot.googleplex.com/4CzyQTF24oPYqe8
Provider "provider[\"registry.terraform.io/hashicorp/google\"]" produced an unexpected new value for google_discovery_engine_data_store.kms_key_name, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .kms_key_name: was cty.StringVal("projects/ci-test-project-188019/locations/us/keyRings/tftest-shared-keyring-1/cryptoKeys/tftest-shared-key-1"), but now cty.StringVal("")
This warning causes the following ~ update in-place error for this PR.
error=
| After applying this test step, the plan was not empty.
| stdout:
|
|
| Terraform used the selected providers to generate the following execution
| plan. Resource actions are indicated with the following symbols:
| ~ update in-place
|
| Terraform will perform the following actions:
|
| # google_discovery_engine_data_store.kms_key_name will be updated in-place
| ~ resource "google_discovery_engine_data_store" "kms_key_name" {
| id = "projects/ci-test-project-188019/locations/us/collections/default_collection/dataStores/tf-test-data-store-id6botvp678c"
| + kms_key_name = "projects/ci-test-project-188019/locations/us/keyRings/tftest-shared-keyring-1/cryptoKeys/tftest-shared-key-1"
| name = "projects/1067888929963/locations/us/collections/default_collection/dataStores/tf-test-data-store-id6botvp678c"
| # (11 unchanged attributes hidden)
| }
|
| Plan: 0 to add, 1 to change, 0 to destroy.
- [Expected] Deleted DataStore operation finished successfully. https://screenshot.googleplex.com/8StCQkXJJEYo7DR
@roaks3 This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.
Hmm, I think we should be able to resolve this in the PR. If you look at the POST request made for the datastore, it sends the
kmsKeyNamecorrectly, but then the response appears to be missing the field, instead including acmekConfig.kmsKey. I think we can model this in TF, but it is a bit strange. Is there any option to make the request/response field consistent here?
I don't understand why it's needed to keep request/response field consistent. If it's need, I think we need to change API implementation. Let me discuss with the API owner within our team, because this change will introduce duplicated info in the response.
@roaks3 This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.
@GoogleCloudPlatform/terraform-team @roaks3 This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 110 insertions(+))
google-beta provider: Diff ( 4 files changed, 110 insertions(+))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Tests analytics
Total tests: 16 Passed tests: 15 Skipped tests: 0 Affected tests: 1
Click here to see the affected service packages
- discoveryengine
Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
- TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample
Get to know how VCR tests work
🟢 Tests passed during RECORDING mode:
TestAccDiscoveryEngineDataStore_discoveryengineDatastoreKmsKeyNameExample [Debug log]
🟢 No issues found for passed tests after REPLAYING rerun.
🟢 All tests passed!
View the build log or the debug log for each test
Hi there, I'm the Modular magician. I've detected the following information about your changes:
Diff report
Your PR generated some diffs in downstreams - here they are.
google provider: Diff ( 4 files changed, 108 insertions(+), 5 deletions(-))
google-beta provider: Diff ( 4 files changed, 108 insertions(+), 5 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 10 insertions(+))
Open in Cloud Shell: Diff ( 4 files changed, 112 insertions(+))
Tests analytics
Total tests: 16 Passed tests: 16 Skipped tests: 0 Affected tests: 0
Click here to see the affected service packages
- discoveryengine
View the build log