Add support for Bigtable CMEK

[rileykarson]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Support the https://cloud.google.com/bigtable/docs/reference/admin/rest/v2/projects.instances.clusters#EncryptionConfig block

New or Affected Resource(s)

• google_bigtable_instance

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

References

• b/122704067

[upodroid]

cloud.google.com/go/bigtable doesn't support CMEK yet. Is it worth rewriting that resource to use google.golang.org/api/bigtableadmin/v2 instead?

[rileykarson]

Yeah, we should move the bigtable resources onto the REST client libs eventually. Mechanically we'd want to do it in two parts, shifting to REST but supporting the same stuff & then adding new functionality like EncryptionConfig.

[rameshdharan]

cloud.google.com/go/bigtable doesn't support CMEK yet.

FYI cloud.google.com/go/bigtable CMEK support is in progress and almost ready:
googleapis/google-cloud-go#3899

Is it worth rewriting that resource to use google.golang.org/api/bigtableadmin/v2 instead?

I would say no per above.

(h/t @kolea2 who supervises Cloud Bigtable's client integrations)

[upodroid]

@rameshdharan I see that PR has been merged now. Do you know when that team will cut a new release?

One of the reasons I want to rewrite it with the autogen library is that it is using gRPC to communicate which is troublesome (#8221) as we can't log requests in terraform.

https://github.com/googleapis/google-cloud-go/blob/master/bigtable/admin.go#L632

I did some reading when I looked at 8221 and some gRPC interceptors needs to be used which looks pretty complicated.

[rameshdharan]

@rameshdharan I see that PR has been merged now. Do you know when that team will cut a new release?

Release has been cut (two recent ones actually):
https://pkg.go.dev/cloud.google.com/go/bigtable@v1.10.0

One of the reasons I want to rewrite it with the autogen library is that it is using gRPC to communicate which is troublesome (#8221) as we can't log requests in terraform.

Understood, however note that while I can see how request logging can be useful FWIW I haven’t heard it raised from any of our existing Bigtable+Terraform users as a blocking concern.

We do meanwhile have a customer blocked and eagerly awaiting the ability to use Terraform to create Bigtable CMEK-protected clusters, hence we are correspondingly eager to help move this along.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.