Add FIPS enablement option to Looker (#11488) (#8206)

[upstream:26f76d1f8696c05035abca733de01ae42610168b]

Signed-off-by: Modular Magician <[email protected]>

.changelog/11488.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+looker: added field `fips_enabled` to resource `google_looker_instance`
+```

google-beta/services/looker/resource_looker_instance.go

@@ -248,6 +248,11 @@ a year.`,
 					},
 				},
 			},
+			"fips_enabled": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: `FIPS 140-2 Encryption enablement for Looker (Google Cloud Core).`,
+			},
 			"maintenance_window": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -482,6 +487,12 @@ func resourceLookerInstanceCreate(d *schema.ResourceData, meta interface{}) erro
 	} else if v, ok := d.GetOkExists("encryption_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(encryptionConfigProp)) && (ok || !reflect.DeepEqual(v, encryptionConfigProp)) {
 		obj["encryptionConfig"] = encryptionConfigProp
 	}
+	fipsEnabledProp, err := expandLookerInstanceFipsEnabled(d.Get("fips_enabled"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("fips_enabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(fipsEnabledProp)) && (ok || !reflect.DeepEqual(v, fipsEnabledProp)) {
+		obj["fipsEnabled"] = fipsEnabledProp
+	}
 	maintenanceWindowProp, err := expandLookerInstanceMaintenanceWindow(d.Get("maintenance_window"), d, config)
 	if err != nil {
 		return err
@@ -659,6 +670,9 @@ func resourceLookerInstanceRead(d *schema.ResourceData, meta interface{}) error
 	if err := d.Set("encryption_config", flattenLookerInstanceEncryptionConfig(res["encryptionConfig"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
+	if err := d.Set("fips_enabled", flattenLookerInstanceFipsEnabled(res["fipsEnabled"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Instance: %s", err)
+	}
 	if err := d.Set("ingress_private_ip", flattenLookerInstanceIngressPrivateIp(res["ingressPrivateIp"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
@@ -739,6 +753,12 @@ func resourceLookerInstanceUpdate(d *schema.ResourceData, meta interface{}) erro
 	} else if v, ok := d.GetOkExists("encryption_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, encryptionConfigProp)) {
 		obj["encryptionConfig"] = encryptionConfigProp
 	}
+	fipsEnabledProp, err := expandLookerInstanceFipsEnabled(d.Get("fips_enabled"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("fips_enabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, fipsEnabledProp)) {
+		obj["fipsEnabled"] = fipsEnabledProp
+	}
 	maintenanceWindowProp, err := expandLookerInstanceMaintenanceWindow(d.Get("maintenance_window"), d, config)
 	if err != nil {
 		return err
@@ -807,6 +827,10 @@ func resourceLookerInstanceUpdate(d *schema.ResourceData, meta interface{}) erro
 		updateMask = append(updateMask, "encryptionConfig")
 	}
 
+	if d.HasChange("fips_enabled") {
+		updateMask = append(updateMask, "fipsEnabled")
+	}
+
 	if d.HasChange("maintenance_window") {
 		updateMask = append(updateMask, "maintenanceWindow")
 	}
@@ -1254,6 +1278,10 @@ func flattenLookerInstanceEncryptionConfigKmsKeyNameVersion(v interface{}, d *sc
 	return v
 }
 
+func flattenLookerInstanceFipsEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenLookerInstanceIngressPrivateIp(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1738,6 +1766,10 @@ func expandLookerInstanceEncryptionConfigKmsKeyNameVersion(v interface{}, d tpgr
 	return v, nil
 }
 
+func expandLookerInstanceFipsEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandLookerInstanceMaintenanceWindow(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

google-beta/services/looker/resource_looker_instance_generated_test.go

@@ -139,6 +139,47 @@ resource "google_looker_instance" "looker-instance" {
 `, context)
 }
 
+func TestAccLookerInstance_lookerInstanceFipsExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckLookerInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccLookerInstance_lookerInstanceFipsExample(context),
+			},
+			{
+				ResourceName:            "google_looker_instance.looker-instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "oauth_config", "region"},
+			},
+		},
+	})
+}
+
+func testAccLookerInstance_lookerInstanceFipsExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_looker_instance" "looker-instance" {
+  name               = "tf-test-my-instance-fips%{random_suffix}"
+  platform_edition   = "LOOKER_CORE_ENTERPRISE_ANNUAL"
+  region             = "us-central1"
+  public_ip_enabled  = true
+  fips_enabled = true
+  oauth_config {
+    client_id = "tf-test-my-client-id%{random_suffix}"
+    client_secret = "tf-test-my-client-secret%{random_suffix}"
+  }  
+}
+`, context)
+}
+
 func TestAccLookerInstance_lookerInstanceEnterpriseFullTestExample(t *testing.T) {
 	t.Parallel()
 

website/docs/r/looker_instance.html.markdown

@@ -98,6 +98,27 @@ resource "google_looker_instance" "looker-instance" {
   }  
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.jparrowsec.cn%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=looker_instance_fips&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Looker Instance Fips
+
+
+```hcl
+resource "google_looker_instance" "looker-instance" {
+  name               = "my-instance-fips"
+  platform_edition   = "LOOKER_CORE_ENTERPRISE_ANNUAL"
+  region             = "us-central1"
+  public_ip_enabled  = true
+  fips_enabled = true
+  oauth_config {
+    client_id = "my-client-id"
+    client_secret = "my-client-secret"
+  }  
+}
+```
 ## Example Usage - Looker Instance Enterprise Full
 
 
@@ -239,6 +260,10 @@ The following arguments are supported:
   Looker instance encryption settings.
   Structure is [documented below](#nested_encryption_config).
 
+* `fips_enabled` -
+  (Optional)
+  FIPS 140-2 Encryption enablement for Looker (Google Cloud Core).
+
 * `maintenance_window` -
   (Optional)
   Maintenance window for an instance.