From 15657f852e8474411d5644c1e4c6c57ff5859361 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Tue, 20 Apr 2021 18:34:37 -0700
Subject: [PATCH] Add cmek to spanner database (#4699) (#407)

* Add cmek to spanner database

* Update timeout

* Bump default timeout

* Mark test as beta

* Move to handwritten test

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 plugins/modules/gcp_spanner_database.py      | 61 +++++++++++++++++++-
 plugins/modules/gcp_spanner_database_info.py | 12 ++++
 2 files changed, 70 insertions(+), 3 deletions(-)

diff --git a/plugins/modules/gcp_spanner_database.py b/plugins/modules/gcp_spanner_database.py
index 7e0ffea..f2f8ccd 100644
--- a/plugins/modules/gcp_spanner_database.py
+++ b/plugins/modules/gcp_spanner_database.py
@@ -62,6 +62,18 @@ options:
     elements: str
     required: false
     type: list
+  encryption_config:
+    description:
+    - Encryption configuration for the database .
+    required: false
+    type: dict
+    suboptions:
+      kms_key_name:
+        description:
+        - Fully qualified name of the KMS key to use to encrypt this database. This
+          key must exist in the same location as the Spanner Database.
+        required: true
+        type: str
   instance:
     description:
     - The instance to create the database on.
@@ -165,6 +177,18 @@ extraStatements:
     database is not created.'
   returned: success
   type: list
+encryptionConfig:
+  description:
+  - Encryption configuration for the database .
+  returned: success
+  type: complex
+  contains:
+    kmsKeyName:
+      description:
+      - Fully qualified name of the KMS key to use to encrypt this database. This
+        key must exist in the same location as the Spanner Database.
+      returned: success
+      type: str
 instance:
   description:
   - The instance to create the database on.
@@ -176,7 +200,14 @@ instance:
 # Imports
 ################################################################################
 
-from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict
+from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import (
+    navigate_hash,
+    GcpSession,
+    GcpModule,
+    GcpRequest,
+    remove_nones_from_dict,
+    replace_resource_dict,
+)
 import json
 import time
 
@@ -193,6 +224,7 @@ def main():
             state=dict(default='present', choices=['present', 'absent'], type='str'),
             name=dict(required=True, type='str'),
             extra_statements=dict(type='list', elements='str'),
+            encryption_config=dict(type='dict', options=dict(kms_key_name=dict(required=True, type='str'))),
             instance=dict(required=True, type='dict'),
         )
     )
@@ -258,7 +290,11 @@ def delete(module, link):
 
 
 def resource_to_request(module):
-    request = {u'name': module.params.get('name'), u'extraStatements': module.params.get('extra_statements')}
+    request = {
+        u'name': module.params.get('name'),
+        u'extraStatements': module.params.get('extra_statements'),
+        u'encryptionConfig': DatabaseEncryptionconfig(module.params.get('encryption_config', {}), module).to_request(),
+    }
     request = encode_request(request, module)
     return_vals = {}
     for k, v in request.items():
@@ -328,7 +364,11 @@ def is_different(module, response):
 # Remove unnecessary properties from the response.
 # This is for doing comparisons with Ansible's current parameters.
 def response_to_hash(module, response):
-    return {u'name': module.params.get('name'), u'extraStatements': response.get(u'extraStatements')}
+    return {
+        u'name': module.params.get('name'),
+        u'extraStatements': response.get(u'extraStatements'),
+        u'encryptionConfig': DatabaseEncryptionconfig(response.get(u'encryptionConfig', {}), module).from_response(),
+    }
 
 
 def async_op_url(module, extra_data=None):
@@ -387,5 +427,20 @@ def encode_request(request, module):
     return request
 
 
+class DatabaseEncryptionconfig(object):
+    def __init__(self, request, module):
+        self.module = module
+        if request:
+            self.request = request
+        else:
+            self.request = {}
+
+    def to_request(self):
+        return remove_nones_from_dict({u'kmsKeyName': self.request.get('kms_key_name')})
+
+    def from_response(self):
+        return remove_nones_from_dict({u'kmsKeyName': self.request.get(u'kmsKeyName')})
+
+
 if __name__ == '__main__':
     main()
diff --git a/plugins/modules/gcp_spanner_database_info.py b/plugins/modules/gcp_spanner_database_info.py
index fd6b760..4697c26 100644
--- a/plugins/modules/gcp_spanner_database_info.py
+++ b/plugins/modules/gcp_spanner_database_info.py
@@ -129,6 +129,18 @@ resources:
         the database is not created.'
       returned: success
       type: list
+    encryptionConfig:
+      description:
+      - Encryption configuration for the database .
+      returned: success
+      type: complex
+      contains:
+        kmsKeyName:
+          description:
+          - Fully qualified name of the KMS key to use to encrypt this database. This
+            key must exist in the same location as the Spanner Database.
+          returned: success
+          type: str
     instance:
       description:
       - The instance to create the database on.