# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: core.cnrm.cloud.google.com/v1alpha1
kind: ServiceMapping
metadata:
  name: kms.cnrm.cloud.google.com
  namespace: cnrm-system
spec:
  name: KMS
  version: v1beta1
  serviceHostName: kms.googleapis.com
  resources:
    - name: google_kms_crypto_key
      kind: KMSCryptoKey
      autoGenerated: true
      idTemplate: "{{key_ring}}/cryptoKeys/{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: name
        labels: labels
      resourceID:
        targetField: name
    - name: google_kms_crypto_key_version
      kind: KMSCryptoKeyVersion
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      serverGeneratedIDField: name
      resourceID:
        targetField: name
        valueTemplate: "{{crypto_key}}/cryptoKeyVersions/{{value}}"
    - name: google_kms_key_ring
      kind: KMSKeyRing
      autoGenerated: true
      idTemplate: "projects/{{project}}/locations/{{location}}/keyRings/{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      metadataMapping:
        name: name
      resourceID:
        targetField: name
      hierarchicalReferences:
        - type: project
          key: projectRef
      resourceReferences:
        - tfField: project
          key: projectRef
          description: |-
            The project that this resource belongs to.
          gvk:
            kind: Project
            version: v1beta1
            group: resourcemanager.cnrm.cloud.google.com
    - name: google_kms_key_ring_import_job
      kind: KMSKeyRingImportJob
      autoGenerated: true
      idTemplate: "{{name}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      serverGeneratedIDField: name
      resourceID:
        targetField: name
        valueTemplate: "{{key_ring}}/importJobs/{{value}}"
    - name: google_kms_secret_ciphertext
      kind: KMSSecretCiphertext
      autoGenerated: true
      idTemplate: "{{crypto_key}}/{{ciphertext}}"
      idTemplateCanBeUsedToMatchResourceName: false
      resourceAvailableInAssetInventory: false
      serverGeneratedIDField: ciphertext
      resourceID:
        targetField: ciphertext