Promote boot_disk_kms_key of google_container_node_pool to GA

mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb

@@ -1015,21 +1015,21 @@ func TestAccContainerCluster_withSandboxConfig(t *testing.T) {
 		},
 	})
 }
+<% end -%>
 
 func TestAccContainerCluster_withBootDiskKmsKey(t *testing.T) {
-	// KMS key has calculated next rotation time
-	skipIfVcr(t)
 	t.Parallel()
 
 	clusterName := fmt.Sprintf("tf-test-cluster-%s", randString(t, 10))
+	kms := BootstrapKMSKeyInLocation(t, "us-central1")
 
 	vcrTest(t, resource.TestCase{
 		PreCheck:	  func() { testAccPreCheck(t) },
 		Providers:	  testAccProviders,
 		CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccContainerCluster_withBootDiskKmsKey(getTestProjectFromEnv(), clusterName),
+				Config: testAccContainerCluster_withBootDiskKmsKey(getTestProjectFromEnv(), clusterName, kms.CryptoKey.Name),
 			},
 			{
 				ResourceName:            "google_container_cluster.with_boot_disk_kms_key",
@@ -1040,7 +1040,6 @@ func TestAccContainerCluster_withBootDiskKmsKey(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func TestAccContainerCluster_network(t *testing.T) {
 	t.Parallel()
@@ -3343,13 +3342,10 @@ resource "google_container_cluster" "with_sandbox_config" {
 }
 `, clusterName)
 }
+<% end -%>
 
-func testAccContainerCluster_withBootDiskKmsKey(project, clusterName string) string {
+func testAccContainerCluster_withBootDiskKmsKey(project, clusterName, kmsKeyName string) string {
 	return fmt.Sprintf(`
-data "google_container_engine_versions" "central1a" {
-  location = "us-central1-a"
-}
-
 data "google_project" "project" {
   project_id = "%s"
 }
@@ -3360,37 +3356,25 @@ resource "google_project_iam_member" "kms-project-binding" {
   member  = "serviceAccount:service-${data.google_project.project.number}@compute-system.iam.gserviceaccount.com"
 }
 
-resource "google_kms_key_ring" "keyring" {
-  name     = "%s-kms-key-ring"
-  location = "us-central1"
-}
-
-resource "google_kms_crypto_key" "example-key" {
-  name            = "%s-kms-key"
-  key_ring        = google_kms_key_ring.keyring.id
-  rotation_period = "100000s"
-}
-
 resource "google_container_cluster" "with_boot_disk_kms_key" {
   name               = "%s"
   location           = "us-central1-a"
   initial_node_count = 1
-  min_master_version = data.google_container_engine_versions.central1a.latest_master_version
-
+  release_channel {
+    channel = "RAPID"
+  }
   node_config {
     oauth_scopes = [
-      "https://www.googleapis.com/auth/logging.write",
-      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/cloud-platform",
     ]
 
     image_type = "COS_CONTAINERD"
 
-    boot_disk_kms_key = google_kms_crypto_key.example-key.id
+    boot_disk_kms_key = "%s"
   }
 }
-`, project, clusterName, clusterName, clusterName)
+`, project, clusterName, kmsKeyName)
 }
-<% end -%>
 
 func testAccContainerCluster_networkRef(cluster, network string) string {
 	return fmt.Sprintf(`

mmv1/third_party/terraform/utils/node_config.go.erb

@@ -331,14 +331,13 @@ func schemaNodeConfig() *schema.Schema {
 						},
 					},
 				},
-
+	<% end -%>
 				"boot_disk_kms_key": {
 					Type:       schema.TypeString,
 					Optional:   true,
 					ForceNew:   true,
 					Description: `The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.`,
 				},
-	<% end -%>
 	<% unless version == 'ga' -%>
 				// Note that AtLeastOneOf can't be set because this schema is reused by
 				// two different resources.
@@ -542,12 +541,11 @@ func expandNodeConfig(v interface{}) *container.NodeConfig {
 			SandboxType: conf["sandbox_type"].(string),
 		}
 	}
-
+<% end -%>
 	if v, ok := nodeConfig["boot_disk_kms_key"]; ok {
 		nc.BootDiskKmsKey = v.(string)
 	}
 
-<% end -%>
 <% unless version == 'ga' -%>
 	if v, ok := nodeConfig["kubelet_config"]; ok {
 		nc.KubeletConfig = expandKubeletConfig(v)
@@ -660,8 +658,8 @@ func flattenNodeConfig(c *container.NodeConfig) []map[string]interface{} {
 		"workload_metadata_config": flattenWorkloadMetadataConfig(c.WorkloadMetadataConfig),
 <% unless version == 'ga' -%>
 		"sandbox_config": 			flattenSandboxConfig(c.SandboxConfig),
-		"boot_disk_kms_key": 		c.BootDiskKmsKey,
 <% end -%>
+		"boot_disk_kms_key": 		c.BootDiskKmsKey,
 <% unless version == 'ga' -%>
 		"kubelet_config":           flattenKubeletConfig(c.KubeletConfig),
 		"linux_node_config":        flattenLinuxNodeConfig(c.LinuxNodeConfig),

mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown

@@ -685,7 +685,7 @@ gcfs_config {
 * `sandbox_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) [GKE Sandbox](https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods) configuration. When enabling this feature you must specify `image_type = "COS_CONTAINERD"` and `node_version = "1.12.7-gke.17"` or later to use it.
     Structure is [documented below](#nested_sandbox_config).
 
-* `boot_disk_kms_key` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
+* `boot_disk_kms_key` - (Optional) The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption
 
 * `service_account` - (Optional) The service account to be used by the Node VMs.
     If not specified, the "default" service account is used.