added import job support for kms module

modules/kms/README.md

@@ -5,13 +5,15 @@ This module allows creating and managing KMS crypto keys and IAM bindings at bot
 When using an existing keyring be mindful about applying IAM bindings, as all bindings used by this module are authoritative, and you might inadvertently override bindings managed by the keyring creator.
 
 <!-- BEGIN TOC -->
-- [Protecting against destroy](#protecting-against-destroy)
-- [Examples](#examples)
-  - [Using an existing keyring](#using-an-existing-keyring)
-  - [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
-  - [Crypto key purpose](#crypto-key-purpose)
-- [Variables](#variables)
-- [Outputs](#outputs)
+- [Google KMS Module](#google-kms-module)
+  - [Protecting against destroy](#protecting-against-destroy)
+  - [Examples](#examples)
+    - [Using an existing keyring](#using-an-existing-keyring)
+    - [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
+    - [Crypto key purpose](#crypto-key-purpose)
+    - [Import job](#import-job)
+  - [Variables](#variables)
+  - [Outputs](#outputs)
 <!-- END TOC -->
 
 ## Protecting against destroy
@@ -94,6 +96,27 @@ module "kms" {
 }
 # tftest modules=1 resources=2 inventory=purpose.yaml
 ```
+
+### Import job
+
+```hcl
+module "kms" {
+  source     = "./fabric/modules/kms"
+  project_id = "my-project"
+  iam = {
+    "roles/cloudkms.admin" = ["user:user1@example.com"]
+  }
+  keyring = {
+    location = "europe-west1"
+    name     = "test"
+  }
+  import_job = {
+    id               = "my-import-job"
+    import_method    = "RSA_OAEP_3072_SHA1_AES_256"
+    protection_level = "SOFTWARE"
+  }
+}
+```
 <!-- BEGIN TFDOC -->
 ## Variables
 

modules/kms/main.tf

@@ -53,3 +53,10 @@ resource "google_kms_crypto_key" "default" {
     }
   }
 }
+
+resource "google_kms_key_ring_import_job" "default" {
+  key_ring         = local.keyring.id
+  import_job_id    = var.import_job.id
+  import_method    = var.import_job.import_method
+  protection_level = var.import_job.protection_level
+}

modules/kms/outputs.tf

@@ -23,6 +23,15 @@ output "id" {
   ]
 }
 
+output "import_job" {
+  description = "Keyring import job resources."
+  value       = google_kms_key_ring_import_job.default
+  depends_on = [
+    google_kms_key_ring_iam_binding.authoritative,
+    google_kms_key_ring_iam_binding.bindings
+  ]
+}
+
 output "key_ids" {
   description = "Fully qualified key ids."
   value = {

modules/kms/variables.tf

@@ -51,6 +51,15 @@ variable "iam_bindings_additive" {
   default  = {}
 }
 
+variable "import_job" {
+  description = "Keyring import job attributes."
+  type = object({
+    id               = string
+    import_method    = string
+    protection_level = string
+  })
+}
+
 variable "keyring" {
   description = "Keyring attributes."
   type = object({