From 31dd911ccb7b590af834166195c61690653037ac Mon Sep 17 00:00:00 2001
From: abhishek kumar tiwari <abhiwa@google.com>
Date: Wed, 22 Jan 2025 18:36:51 +0000
Subject: [PATCH] fix: update description for encryption input variable of
 simple-bucket (#380)

Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
---
 metadata.display.yaml                       | 2 +-
 modules/simple_bucket/README.md             | 2 +-
 modules/simple_bucket/metadata.display.yaml | 9 ++++++---
 modules/simple_bucket/metadata.yaml         | 2 +-
 modules/simple_bucket/variables.tf          | 2 +-
 5 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/metadata.display.yaml b/metadata.display.yaml
index 48eae9a0..f292871a 100644
--- a/metadata.display.yaml
+++ b/metadata.display.yaml
@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/modules/simple_bucket/README.md b/modules/simple_bucket/README.md
index e7239f06..756173d5 100644
--- a/modules/simple_bucket/README.md
+++ b/modules/simple_bucket/README.md
@@ -42,7 +42,7 @@ Functional examples are included in the
 | bucket\_policy\_only | Enables Bucket Policy Only access to a bucket. | `bool` | `true` | no |
 | cors | Configuration of CORS for bucket with structure as defined in https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#cors. | `any` | `[]` | no |
 | custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
-| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`. | <pre>object({<br>    default_kms_key_name = string<br>  })</pre> | `null` | no |
+| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable. | <pre>object({<br>    default_kms_key_name = string<br>  })</pre> | `null` | no |
 | force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no |
 | iam\_members | The list of IAM members to grant permissions on the bucket. | <pre>list(object({<br>    role   = string<br>    member = string<br>  }))</pre> | `[]` | no |
 | internal\_encryption\_config | Configuration for the creation of an internal Google Cloud Key Management Service (KMS) Key for use as Customer-managed encryption key (CMEK) for the GCS Bucket<br>  instead of creating one in advance and providing the key in the variable `encryption.default_kms_key_name`.<br>  create\_encryption\_key: If `true` a Google Cloud Key Management Service (KMS) KeyRing and a Key will be created<br>  prevent\_destroy: Set the prevent\_destroy lifecycle attribute on keys.<br>  key\_destroy\_scheduled\_duration: Set the period of time that versions of keys spend in the `DESTROY_SCHEDULED` state before transitioning to `DESTROYED`.<br>  key\_rotation\_period: Generate a new key every time this period passes. | <pre>object({<br>    create_encryption_key          = optional(bool, false)<br>    prevent_destroy                = optional(bool, false)<br>    key_destroy_scheduled_duration = optional(string, null)<br>    key_rotation_period            = optional(string, "7776000s")<br>  })</pre> | `{}` | no |
diff --git a/modules/simple_bucket/metadata.display.yaml b/modules/simple_bucket/metadata.display.yaml
index 7e6d0c1b..c3d92ccf 100644
--- a/modules/simple_bucket/metadata.display.yaml
+++ b/modules/simple_bucket/metadata.display.yaml
@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -49,10 +49,13 @@ spec:
         force_destroy:
           name: force_destroy
           title: Force Destroy
-          invisible: false
         iam_members:
           name: iam_members
           title: Iam Members
+        internal_encryption_config:
+          name: internal_encryption_config
+          title: Internal Encryption Config
+          level: 1
         labels:
           name: labels
           title: Labels
@@ -90,7 +93,6 @@ spec:
         storage_class:
           name: storage_class
           title: Storage Class
-          level: 1
           enumValueLabels:
             - label: STANDARD
               value: STANDARD
@@ -104,6 +106,7 @@ spec:
               value: COLDLINE
             - label: ARCHIVE
               value: ARCHIVE
+          level: 1
           altDefaults:
             - type: ALTERNATE_TYPE_DC
               value: STANDARD
diff --git a/modules/simple_bucket/metadata.yaml b/modules/simple_bucket/metadata.yaml
index 38999ccd..ca9047c7 100644
--- a/modules/simple_bucket/metadata.yaml
+++ b/modules/simple_bucket/metadata.yaml
@@ -109,7 +109,7 @@ spec:
         varType: any
         defaultValue: []
       - name: encryption
-        description: A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`.
+        description: A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable.
         varType: |-
           object({
               default_kms_key_name = string
diff --git a/modules/simple_bucket/variables.tf b/modules/simple_bucket/variables.tf
index 5a574e97..6299bdfb 100644
--- a/modules/simple_bucket/variables.tf
+++ b/modules/simple_bucket/variables.tf
@@ -99,7 +99,7 @@ variable "cors" {
 }
 
 variable "encryption" {
-  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`."
+  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable."
   type = object({
     default_kms_key_name = string
   })