fix: update description for encryption input variable of simple-bucket (#380)

Co-authored-by: Andrew Peabody <[email protected]>

Author: q2w

metadata.display.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

modules/simple_bucket/README.md

@@ -42,7 +42,7 @@ Functional examples are included in the
 | bucket\_policy\_only | Enables Bucket Policy Only access to a bucket. | `bool` | `true` | no |
 | cors | Configuration of CORS for bucket with structure as defined in https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#cors. | `any` | `[]` | no |
 | custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
-| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`. | <pre>object({<br>    default_kms_key_name = string<br>  })</pre> | `null` | no |
+| encryption | A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable. | <pre>object({<br>    default_kms_key_name = string<br>  })</pre> | `null` | no |
 | force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no |
 | iam\_members | The list of IAM members to grant permissions on the bucket. | <pre>list(object({<br>    role   = string<br>    member = string<br>  }))</pre> | `[]` | no |
 | internal\_encryption\_config | Configuration for the creation of an internal Google Cloud Key Management Service (KMS) Key for use as Customer-managed encryption key (CMEK) for the GCS Bucket<br>  instead of creating one in advance and providing the key in the variable `encryption.default_kms_key_name`.<br>  create\_encryption\_key: If `true` a Google Cloud Key Management Service (KMS) KeyRing and a Key will be created<br>  prevent\_destroy: Set the prevent\_destroy lifecycle attribute on keys.<br>  key\_destroy\_scheduled\_duration: Set the period of time that versions of keys spend in the `DESTROY_SCHEDULED` state before transitioning to `DESTROYED`.<br>  key\_rotation\_period: Generate a new key every time this period passes. | <pre>object({<br>    create_encryption_key          = optional(bool, false)<br>    prevent_destroy                = optional(bool, false)<br>    key_destroy_scheduled_duration = optional(string, null)<br>    key_rotation_period            = optional(string, "7776000s")<br>  })</pre> | `{}` | no |

modules/simple_bucket/metadata.display.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -49,10 +49,13 @@ spec:
         force_destroy:
           name: force_destroy
           title: Force Destroy
-          invisible: false
         iam_members:
           name: iam_members
           title: Iam Members
+        internal_encryption_config:
+          name: internal_encryption_config
+          title: Internal Encryption Config
+          level: 1
         labels:
           name: labels
           title: Labels
@@ -90,7 +93,6 @@ spec:
         storage_class:
           name: storage_class
           title: Storage Class
-          level: 1
           enumValueLabels:
             - label: STANDARD
               value: STANDARD
@@ -104,6 +106,7 @@ spec:
               value: COLDLINE
             - label: ARCHIVE
               value: ARCHIVE
+          level: 1
           altDefaults:
             - type: ALTERNATE_TYPE_DC
               value: STANDARD

modules/simple_bucket/metadata.yaml

@@ -109,7 +109,7 @@ spec:
         varType: any
         defaultValue: []
       - name: encryption
-        description: A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`.
+        description: A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable.
         varType: |-
           object({
               default_kms_key_name = string

modules/simple_bucket/variables.tf

@@ -99,7 +99,7 @@ variable "cors" {
 }
 
 variable "encryption" {
-  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket. To use a Cloud KMS key automatically created by the module use `internal_encryption_config`."
+  description = "A Cloud KMS key that will be used to encrypt objects inserted into this bucket. The key name should follow the format of `projects/<project-name>/locations/<location-name>/keyRings/<keyring-name>/cryptoKeys/<key-name>`. To use a Cloud KMS key automatically created by this module use the `internal_encryption_config` input variable."
   type = object({
     default_kms_key_name = string
   })