# Copyright 2017 Google Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. resources: - name: keyRing type: gcp-types/cloudkms-v1:projects.locations.keyRings properties: parent: projects/{{ env["project"] }}/locations/{{ properties["region"] }} keyRingId: test-keyRing - name: cryptoKey type: gcp-types/cloudkms-v1:projects.locations.keyRings.cryptoKeys properties: parent: $(ref.keyRing.name) cryptoKeyId: {{ env["deployment"] }}-cryptoKey purpose: ENCRYPT_DECRYPT labels: foo: {{ env["deployment"] }} accessControl: gcpIamPolicy: bindings: - role: roles/cloudkms.admin members: - "user:{{ properties["user"] }}" {% if properties["create_crypto_key_version"] %} - name: crypto-key-version type: gcp-types/cloudkms-v1:projects.locations.keyRings.cryptoKeys.cryptoKeyVersions properties: parent: $(ref.cryptoKey.name) {% endif %}