From e93d2ca838f3738cec73c8ee2bbb89ff3f740561 Mon Sep 17 00:00:00 2001 From: Harshit Gupta Date: Fri, 23 Apr 2021 16:20:34 +0530 Subject: [PATCH 1/6] Limit Feature for Keys --- ibm/data_source_ibm_kms_key.go | 102 +++++++++++++++++++--- ibm/data_source_ibm_kms_key_test.go | 74 ++++++++++++++-- ibm/data_source_ibm_kms_keys.go | 121 +++++++++++++++++++++----- ibm/data_source_ibm_kms_keys_test.go | 70 +++++++++++++-- website/docs/d/kms_key.html.markdown | 18 +++- website/docs/d/kms_keys.html.markdown | 4 + 6 files changed, 341 insertions(+), 48 deletions(-) diff --git a/ibm/data_source_ibm_kms_key.go b/ibm/data_source_ibm_kms_key.go index bedd3d7afed..4ef50626faf 100644 --- a/ibm/data_source_ibm_kms_key.go +++ b/ibm/data_source_ibm_kms_key.go @@ -24,17 +24,27 @@ func dataSourceIBMKMSkey() *schema.Resource { Required: true, Description: "Key protect or hpcs instance GUID", }, + "limit": { + Type: schema.TypeInt, + Optional: true, + Description: "Limit till the keys to be fetched", + }, + "key_id": { + Type: schema.TypeString, + Optional: true, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, + }, "key_name": { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ExactlyOneOf: []string{"alias", "key_name"}, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, }, "alias": { Type: schema.TypeString, Optional: true, Description: "The alias associated with the key", - ExactlyOneOf: []string{"alias", "key_name"}, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, }, "endpoint_type": { Type: schema.TypeString, @@ -211,30 +221,72 @@ func dataSourceIBMKMSKeyRead(d *schema.ResourceData, meta interface{}) error { } api.Config.InstanceID = instanceID + var totalKeys []kp.Key if v, ok := d.GetOk("key_name"); ok { - keys, err := api.GetKeys(context.Background(), 0, 0) - if err != nil { - return fmt.Errorf( - "Get Keys failed with error: %s", err) + limit := d.Get("limit") + limitVal := limit.(int) + offset := 0 + //default page size of API is 200 as stated + pageSize := 200 + + // when the limit is not passed, the api works in default way to avoid backward compatibility issues + + if limitVal == 0 { + keys, err := api.GetKeys(context.Background(), 0, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + } else { + // when the limit is passed by the user + for { + if offset < limitVal { + if (limitVal - offset) < pageSize { + keys, err := api.GetKeys(context.Background(), (limitVal - offset), offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + break + } else { + keys, err := api.GetKeys(context.Background(), pageSize, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + numOfKeysFetched := keys.Metadata.NumberOfKeys + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + if numOfKeysFetched < pageSize || offset+pageSize == limitVal { + break + } + + offset = offset + pageSize + } + } + } } - retreivedKeys := keys.Keys - if len(retreivedKeys) == 0 { + + if len(totalKeys) == 0 { return fmt.Errorf("No keys in instance %s", instanceID) } var keyName string var matchKeys []kp.Key if v.(string) != "" { keyName = v.(string) - for _, keyData := range retreivedKeys { + for _, keyData := range totalKeys { if keyData.Name == keyName { matchKeys = append(matchKeys, keyData) } } } else { - matchKeys = retreivedKeys + matchKeys = totalKeys } - if len(matchKeys) == 0 { return fmt.Errorf("No keys with name %s in instance %s", keyName, instanceID) } @@ -261,6 +313,34 @@ func dataSourceIBMKMSKeyRead(d *schema.ResourceData, meta interface{}) error { keyMap = append(keyMap, keyInstance) } + d.SetId(instanceID) + d.Set("keys", keyMap) + d.Set("instance_id", instanceID) + } else if v, ok := d.GetOk("key_id"); ok { + key, err := api.GetKey(context.Background(), v.(string)) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + policies, err := api.GetPolicies(context.Background(), key.ID) + if err != nil { + return fmt.Errorf("Failed to read policies: %s", err) + } + if len(policies) == 0 { + log.Printf("No Policy Configurations read\n") + } else { + keyInstance["policies"] = flattenKeyPolicies(policies) + } + keyMap = append(keyMap, keyInstance) + d.SetId(instanceID) d.Set("keys", keyMap) d.Set("instance_id", instanceID) diff --git a/ibm/data_source_ibm_kms_key_test.go b/ibm/data_source_ibm_kms_key_test.go index d2df80d3c77..6bc3cda510d 100644 --- a/ibm/data_source_ibm_kms_key_test.go +++ b/ibm/data_source_ibm_kms_key_test.go @@ -29,6 +29,28 @@ func TestAccIBMKMSKeyDataSource_basic(t *testing.T) { }, }) } + +func TestAccIBMKMSKeyDataSource_Key(t *testing.T) { + instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) + // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) + keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMKmsKeyDataSourceKeyConfig(instanceName, keyName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_kms_key.test", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.1.name", keyName), + ), + }, + }, + }) +} + func TestAccIBMKMSKeyDataSourceHPCS_basic(t *testing.T) { // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) @@ -69,6 +91,44 @@ func TestAccIBMKmsDataSourceKeyPolicy_basic(t *testing.T) { }) } +func testAccCheckIBMKmsKeyDataSourceKeyConfig(instanceName, keyName string) string { + return fmt.Sprintf(` + resource "ibm_resource_instance" "kms_instance" { + name = "%s" + service = "kms" + plan = "tiered-pricing" + location = "us-south" + } + resource "ibm_kms_key" "test" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "%s" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test2" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test3" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + data "ibm_kms_key" "test" { + instance_id = "${ibm_kms_key.test3.instance_id}" + key_id = "${ibm_kms_key.test.key_id}" + } + data "ibm_kms_key" "test2" { + instance_id = "${ibm_kms_key.test3.instance_id}" + limit = 2 + key_name = "${ibm_kms_key.test.key_name}" + } +`, instanceName, keyName) +} + func testAccCheckIBMKmsKeyDataSourceConfig(instanceName, keyName string) string { return fmt.Sprintf(` resource "ibm_resource_instance" "kms_instance" { @@ -84,8 +144,8 @@ func testAccCheckIBMKmsKeyDataSourceConfig(instanceName, keyName string) string force_delete = true } data "ibm_kms_key" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + instance_id = "${ibm_kms_key.test.instance_id}" + key_name = "${ibm_kms_key.test.key_name}" } `, instanceName, keyName) } @@ -99,10 +159,10 @@ func testAccCheckIBMKmsKeyDataSourceHpcsConfig(hpcsInstanceID, KeyName string) s force_delete = true } data "ibm_kms_key" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + instance_id = "${ibm_kms_key.test.instance_id}" + key_name = "${ibm_kms_key.test.key_name}" } - + `, hpcsInstanceID, KeyName) } @@ -114,7 +174,7 @@ func testAccCheckIBMKmsDataSourceKeyPolicyConfig(instanceName, keyName string, i plan = "tiered-pricing" location = "us-south" } - + resource "ibm_kms_key" "test" { instance_id = ibm_resource_instance.kp_instance.guid key_name = "%s" @@ -130,7 +190,7 @@ func testAccCheckIBMKmsDataSourceKeyPolicyConfig(instanceName, keyName string, i } data "ibm_kms_key" "test" { instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + key_name = "${ibm_kms_key.test.key_name}" } `, instanceName, keyName, interval_month, enabled) } diff --git a/ibm/data_source_ibm_kms_keys.go b/ibm/data_source_ibm_kms_keys.go index ef2f658b278..34d0a726978 100644 --- a/ibm/data_source_ibm_kms_keys.go +++ b/ibm/data_source_ibm_kms_keys.go @@ -6,6 +6,7 @@ package ibm import ( "context" "fmt" + "log" "net/url" "strings" @@ -27,13 +28,23 @@ func dataSourceIBMKMSkeys() *schema.Resource { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ConflictsWith: []string{"alias"}, + ConflictsWith: []string{"alias", "key_id"}, + }, + "limit": { + Type: schema.TypeInt, + Optional: true, + Description: "Limit till the keys to be fetched", }, "alias": { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ConflictsWith: []string{"key_name"}, + ConflictsWith: []string{"key_name", "key_id"}, + }, + "key_id": { + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"alias", "key_name"}, }, "endpoint_type": { Type: schema.TypeString, @@ -211,46 +222,114 @@ func dataSourceIBMKMSKeysRead(d *schema.ResourceData, meta interface{}) error { } api.Config.InstanceID = instanceID + var totalKeys []kp.Key if v, ok := d.GetOk("alias"); ok { aliasName := v.(string) key, err := api.GetKey(context.Background(), aliasName) if err != nil { return fmt.Errorf( "Get Keys failed with error: %s", err) - } else { - keyMap := make([]map[string]interface{}, 0, 1) - keyInstance := make(map[string]interface{}) - keyInstance["id"] = key.ID - keyInstance["name"] = key.Name - keyInstance["crn"] = key.CRN - keyInstance["standard_key"] = key.Extractable - keyInstance["aliases"] = key.Aliases - keyInstance["key_ring_id"] = key.KeyRingID - keyMap = append(keyMap, keyInstance) - d.Set("keys", keyMap) - } - } else { - keys, err := api.GetKeys(context.Background(), 100, 0) + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + keyMap = append(keyMap, keyInstance) + d.Set("keys", keyMap) + + } else if v, ok := d.GetOk("key_id"); ok { + key, err := api.GetKey(context.Background(), v.(string)) if err != nil { return fmt.Errorf( "Get Keys failed with error: %s", err) } - retreivedKeys := keys.Keys - if len(retreivedKeys) == 0 { - return fmt.Errorf("No keys in instance %s", instanceID) + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + policies, err := api.GetPolicies(context.Background(), key.ID) + if err != nil { + return fmt.Errorf("Failed to read policies: %s", err) + } + if len(policies) == 0 { + log.Printf("No Policy Configurations read\n") + } else { + keyInstance["policies"] = flattenKeyPolicies(policies) + } + keyMap = append(keyMap, keyInstance) + + d.SetId(instanceID) + d.Set("keys", keyMap) + d.Set("instance_id", instanceID) + } else { + limit := d.Get("limit") + limitVal := limit.(int) + offset := 0 + //default page size of API is 200 as stated + pageSize := 200 + + // when the limit is not passed, the api works in default way to avoid backward compatibility issues + + if limitVal == 0 { + { + keys, err := api.GetKeys(context.Background(), 0, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + } + } else { + // when the limit is passed by the user + for { + if offset < limitVal { + if (limitVal - offset) < pageSize { + keys, err := api.GetKeys(context.Background(), (limitVal - offset), offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + break + } else { + keys, err := api.GetKeys(context.Background(), pageSize, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + numOfKeysFetched := keys.Metadata.NumberOfKeys + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + if numOfKeysFetched < pageSize || offset+pageSize == limitVal { + break + } + + offset = offset + pageSize + } + } + } } var keyName string var matchKeys []kp.Key if v, ok := d.GetOk("key_name"); ok { keyName = v.(string) - for _, keyData := range retreivedKeys { + for _, keyData := range totalKeys { if keyData.Name == keyName { matchKeys = append(matchKeys, keyData) } } } else { - matchKeys = retreivedKeys + matchKeys = totalKeys } if len(matchKeys) == 0 { diff --git a/ibm/data_source_ibm_kms_keys_test.go b/ibm/data_source_ibm_kms_keys_test.go index 30759ab4ea2..7128c63cad8 100644 --- a/ibm/data_source_ibm_kms_keys_test.go +++ b/ibm/data_source_ibm_kms_keys_test.go @@ -48,6 +48,27 @@ func TestAccIBMKMSHPCSDataSource_basic(t *testing.T) { }) } +func TestAccIBMKMSKeyDataSource_Keys(t *testing.T) { + instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) + // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) + keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMKmsKeyDataSourceKeysConfig(instanceName, keyName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_kms_key.test", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.1.name", keyName), + ), + }, + }, + }) +} + func TestAccIBMKmsDataSourceKeysPolicy_basic(t *testing.T) { instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) @@ -69,6 +90,45 @@ func TestAccIBMKmsDataSourceKeysPolicy_basic(t *testing.T) { }, }) } + +func testAccCheckIBMKmsKeyDataSourceKeysConfig(instanceName, keyName string) string { + return fmt.Sprintf(` + resource "ibm_resource_instance" "kms_instance" { + name = "%s" + service = "kms" + plan = "tiered-pricing" + location = "us-south" + } + resource "ibm_kms_key" "test" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "%s" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test2" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test3" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + data "ibm_kms_key" "test" { + instance_id = "${ibm_kms_key.test3.instance_id}" + key_id = "${ibm_kms_key.test.key_id}" + } + data "ibm_kms_key" "test2" { + instance_id = "${ibm_kms_key.test3.instance_id}" + limit = 2 + key_name = "${ibm_kms_key.test.key_name}" + } +`, instanceName, keyName) +} + func testAccCheckIBMKmsDataSourceConfig(instanceName, keyName string) string { return fmt.Sprintf(` resource "ibm_resource_instance" "kms_instance" { @@ -84,7 +144,7 @@ func testAccCheckIBMKmsDataSourceConfig(instanceName, keyName string) string { force_delete = true } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } `, instanceName, keyName) } @@ -98,9 +158,9 @@ func testAccCheckIBMKmsDataSourceHpcsConfig(hpcsInstanceID, KeyName string) stri force_delete = true } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } - + `, hpcsInstanceID, KeyName) } @@ -112,7 +172,7 @@ func testAccCheckIBMKmsDataSourceKeysPolicyConfig(instanceName, keyName string, plan = "tiered-pricing" location = "us-south" } - + resource "ibm_kms_key" "test" { instance_id = ibm_resource_instance.kp_instance.guid key_name = "%s" @@ -127,7 +187,7 @@ func testAccCheckIBMKmsDataSourceKeysPolicyConfig(instanceName, keyName string, } } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } `, instanceName, keyName, interval_month, enabled) } diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 01a7bf24a1f..afe87eb8e96 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -22,6 +22,12 @@ data "ibm_kms_key" "test" { instance_id = "guid-of-keyprotect-or hs-crypto-instance" alias = "alias_name" } +OR +data "ibm_kms_key" "test" { + instance_id = "guid-of-keyprotect-or hs-crypto-instance" + limit = 100 + key_name = "name-of-key" +} resource "ibm_cos_bucket" "flex-us-south" { bucket_name = "atest-bucket" resource_instance_id = "cos-instance-id" @@ -31,20 +37,24 @@ resource "ibm_cos_bucket" "flex-us-south" { } ``` -**NOTE : Data of the key can be retrieved either using a key name or an alias name (if created for the key or keys) . +**NOTE : +1) Data of the key can be retrieved either using a key name or an alias name (if created for the key or keys) . +2) limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. ## Argument Reference The following arguments are supported: * `instance_id` - (Required, string) The keyprotect instance guid. -* `key_name` - (Required, In conflict with alias_name, string) The name of the key. Only the keys with matching name will be retreived. -* `alias` - (Required, In conflict with key_name, string) The alias name associated with the key. Only the key with matching alias name will be retreived. +* `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. +* `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. +* `key_name` - (Required, In conflict with alias_name,key_id string) The name of the key. Only the keys with matching name will be retreived. +* `alias` - (Required, In conflict with key_name,key_id string) The alias name associated with the key. Only the key with matching alias name will be retreived. * `endpoint_type` - (Optional, string) The type of the endpoint (public or private) to be used for fetching keys. ## Attribute Reference -In addition to all arguments above, the following attributes are exported: +The following attributes are exported: * `keys` - List of all Keys in the IBM hs-crypto or Key-protect instance. * `name` - The name for the key. diff --git a/website/docs/d/kms_keys.html.markdown b/website/docs/d/kms_keys.html.markdown index 84bb0929c66..2fdded3fb45 100644 --- a/website/docs/d/kms_keys.html.markdown +++ b/website/docs/d/kms_keys.html.markdown @@ -31,9 +31,13 @@ The following arguments are supported: * `instance_id` - (Required, string) The keyprotect instance guid. * `key_name` - (Optional, string) The name of the key. Only the keys with matching name will be retreived. +* `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. +* `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. * `alias` - (Optional, string) The alias name associated with the key. Only the key with matching alias name will be retreived. * `endpoint_type` - (Optional, string) The type of the endpoint (public or private) to be used for fetching keys. +**NOTE: limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. + ## Attribute Reference In addition to all arguments above, the following attributes are exported: From 45f39d8bd2156bd5de013ca31ee6fbdf7c646253 Mon Sep 17 00:00:00 2001 From: Harshit Gupta Date: Fri, 23 Apr 2021 16:20:34 +0530 Subject: [PATCH 2/6] Limit Feature for Keys --- ibm/data_source_ibm_kms_key.go | 102 +++++++++++++++++++--- ibm/data_source_ibm_kms_key_test.go | 74 ++++++++++++++-- ibm/data_source_ibm_kms_keys.go | 121 +++++++++++++++++++++----- ibm/data_source_ibm_kms_keys_test.go | 70 +++++++++++++-- website/docs/d/kms_key.html.markdown | 80 ++++++++++------- website/docs/d/kms_keys.html.markdown | 4 + 6 files changed, 377 insertions(+), 74 deletions(-) diff --git a/ibm/data_source_ibm_kms_key.go b/ibm/data_source_ibm_kms_key.go index bedd3d7afed..4ef50626faf 100644 --- a/ibm/data_source_ibm_kms_key.go +++ b/ibm/data_source_ibm_kms_key.go @@ -24,17 +24,27 @@ func dataSourceIBMKMSkey() *schema.Resource { Required: true, Description: "Key protect or hpcs instance GUID", }, + "limit": { + Type: schema.TypeInt, + Optional: true, + Description: "Limit till the keys to be fetched", + }, + "key_id": { + Type: schema.TypeString, + Optional: true, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, + }, "key_name": { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ExactlyOneOf: []string{"alias", "key_name"}, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, }, "alias": { Type: schema.TypeString, Optional: true, Description: "The alias associated with the key", - ExactlyOneOf: []string{"alias", "key_name"}, + ExactlyOneOf: []string{"alias", "key_name", "key_id"}, }, "endpoint_type": { Type: schema.TypeString, @@ -211,30 +221,72 @@ func dataSourceIBMKMSKeyRead(d *schema.ResourceData, meta interface{}) error { } api.Config.InstanceID = instanceID + var totalKeys []kp.Key if v, ok := d.GetOk("key_name"); ok { - keys, err := api.GetKeys(context.Background(), 0, 0) - if err != nil { - return fmt.Errorf( - "Get Keys failed with error: %s", err) + limit := d.Get("limit") + limitVal := limit.(int) + offset := 0 + //default page size of API is 200 as stated + pageSize := 200 + + // when the limit is not passed, the api works in default way to avoid backward compatibility issues + + if limitVal == 0 { + keys, err := api.GetKeys(context.Background(), 0, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + } else { + // when the limit is passed by the user + for { + if offset < limitVal { + if (limitVal - offset) < pageSize { + keys, err := api.GetKeys(context.Background(), (limitVal - offset), offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + break + } else { + keys, err := api.GetKeys(context.Background(), pageSize, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + numOfKeysFetched := keys.Metadata.NumberOfKeys + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + if numOfKeysFetched < pageSize || offset+pageSize == limitVal { + break + } + + offset = offset + pageSize + } + } + } } - retreivedKeys := keys.Keys - if len(retreivedKeys) == 0 { + + if len(totalKeys) == 0 { return fmt.Errorf("No keys in instance %s", instanceID) } var keyName string var matchKeys []kp.Key if v.(string) != "" { keyName = v.(string) - for _, keyData := range retreivedKeys { + for _, keyData := range totalKeys { if keyData.Name == keyName { matchKeys = append(matchKeys, keyData) } } } else { - matchKeys = retreivedKeys + matchKeys = totalKeys } - if len(matchKeys) == 0 { return fmt.Errorf("No keys with name %s in instance %s", keyName, instanceID) } @@ -261,6 +313,34 @@ func dataSourceIBMKMSKeyRead(d *schema.ResourceData, meta interface{}) error { keyMap = append(keyMap, keyInstance) } + d.SetId(instanceID) + d.Set("keys", keyMap) + d.Set("instance_id", instanceID) + } else if v, ok := d.GetOk("key_id"); ok { + key, err := api.GetKey(context.Background(), v.(string)) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + policies, err := api.GetPolicies(context.Background(), key.ID) + if err != nil { + return fmt.Errorf("Failed to read policies: %s", err) + } + if len(policies) == 0 { + log.Printf("No Policy Configurations read\n") + } else { + keyInstance["policies"] = flattenKeyPolicies(policies) + } + keyMap = append(keyMap, keyInstance) + d.SetId(instanceID) d.Set("keys", keyMap) d.Set("instance_id", instanceID) diff --git a/ibm/data_source_ibm_kms_key_test.go b/ibm/data_source_ibm_kms_key_test.go index d2df80d3c77..6bc3cda510d 100644 --- a/ibm/data_source_ibm_kms_key_test.go +++ b/ibm/data_source_ibm_kms_key_test.go @@ -29,6 +29,28 @@ func TestAccIBMKMSKeyDataSource_basic(t *testing.T) { }, }) } + +func TestAccIBMKMSKeyDataSource_Key(t *testing.T) { + instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) + // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) + keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMKmsKeyDataSourceKeyConfig(instanceName, keyName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_kms_key.test", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.1.name", keyName), + ), + }, + }, + }) +} + func TestAccIBMKMSKeyDataSourceHPCS_basic(t *testing.T) { // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) @@ -69,6 +91,44 @@ func TestAccIBMKmsDataSourceKeyPolicy_basic(t *testing.T) { }) } +func testAccCheckIBMKmsKeyDataSourceKeyConfig(instanceName, keyName string) string { + return fmt.Sprintf(` + resource "ibm_resource_instance" "kms_instance" { + name = "%s" + service = "kms" + plan = "tiered-pricing" + location = "us-south" + } + resource "ibm_kms_key" "test" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "%s" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test2" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test3" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + data "ibm_kms_key" "test" { + instance_id = "${ibm_kms_key.test3.instance_id}" + key_id = "${ibm_kms_key.test.key_id}" + } + data "ibm_kms_key" "test2" { + instance_id = "${ibm_kms_key.test3.instance_id}" + limit = 2 + key_name = "${ibm_kms_key.test.key_name}" + } +`, instanceName, keyName) +} + func testAccCheckIBMKmsKeyDataSourceConfig(instanceName, keyName string) string { return fmt.Sprintf(` resource "ibm_resource_instance" "kms_instance" { @@ -84,8 +144,8 @@ func testAccCheckIBMKmsKeyDataSourceConfig(instanceName, keyName string) string force_delete = true } data "ibm_kms_key" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + instance_id = "${ibm_kms_key.test.instance_id}" + key_name = "${ibm_kms_key.test.key_name}" } `, instanceName, keyName) } @@ -99,10 +159,10 @@ func testAccCheckIBMKmsKeyDataSourceHpcsConfig(hpcsInstanceID, KeyName string) s force_delete = true } data "ibm_kms_key" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + instance_id = "${ibm_kms_key.test.instance_id}" + key_name = "${ibm_kms_key.test.key_name}" } - + `, hpcsInstanceID, KeyName) } @@ -114,7 +174,7 @@ func testAccCheckIBMKmsDataSourceKeyPolicyConfig(instanceName, keyName string, i plan = "tiered-pricing" location = "us-south" } - + resource "ibm_kms_key" "test" { instance_id = ibm_resource_instance.kp_instance.guid key_name = "%s" @@ -130,7 +190,7 @@ func testAccCheckIBMKmsDataSourceKeyPolicyConfig(instanceName, keyName string, i } data "ibm_kms_key" "test" { instance_id = "${ibm_kms_key.test.instance_id}" - key_name = "${ibm_kms_key.test.key_name}" + key_name = "${ibm_kms_key.test.key_name}" } `, instanceName, keyName, interval_month, enabled) } diff --git a/ibm/data_source_ibm_kms_keys.go b/ibm/data_source_ibm_kms_keys.go index ef2f658b278..34d0a726978 100644 --- a/ibm/data_source_ibm_kms_keys.go +++ b/ibm/data_source_ibm_kms_keys.go @@ -6,6 +6,7 @@ package ibm import ( "context" "fmt" + "log" "net/url" "strings" @@ -27,13 +28,23 @@ func dataSourceIBMKMSkeys() *schema.Resource { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ConflictsWith: []string{"alias"}, + ConflictsWith: []string{"alias", "key_id"}, + }, + "limit": { + Type: schema.TypeInt, + Optional: true, + Description: "Limit till the keys to be fetched", }, "alias": { Type: schema.TypeString, Optional: true, Description: "The name of the key to be fetched", - ConflictsWith: []string{"key_name"}, + ConflictsWith: []string{"key_name", "key_id"}, + }, + "key_id": { + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"alias", "key_name"}, }, "endpoint_type": { Type: schema.TypeString, @@ -211,46 +222,114 @@ func dataSourceIBMKMSKeysRead(d *schema.ResourceData, meta interface{}) error { } api.Config.InstanceID = instanceID + var totalKeys []kp.Key if v, ok := d.GetOk("alias"); ok { aliasName := v.(string) key, err := api.GetKey(context.Background(), aliasName) if err != nil { return fmt.Errorf( "Get Keys failed with error: %s", err) - } else { - keyMap := make([]map[string]interface{}, 0, 1) - keyInstance := make(map[string]interface{}) - keyInstance["id"] = key.ID - keyInstance["name"] = key.Name - keyInstance["crn"] = key.CRN - keyInstance["standard_key"] = key.Extractable - keyInstance["aliases"] = key.Aliases - keyInstance["key_ring_id"] = key.KeyRingID - keyMap = append(keyMap, keyInstance) - d.Set("keys", keyMap) - } - } else { - keys, err := api.GetKeys(context.Background(), 100, 0) + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + keyMap = append(keyMap, keyInstance) + d.Set("keys", keyMap) + + } else if v, ok := d.GetOk("key_id"); ok { + key, err := api.GetKey(context.Background(), v.(string)) if err != nil { return fmt.Errorf( "Get Keys failed with error: %s", err) } - retreivedKeys := keys.Keys - if len(retreivedKeys) == 0 { - return fmt.Errorf("No keys in instance %s", instanceID) + keyMap := make([]map[string]interface{}, 0, 1) + keyInstance := make(map[string]interface{}) + keyInstance["id"] = key.ID + keyInstance["name"] = key.Name + keyInstance["crn"] = key.CRN + keyInstance["standard_key"] = key.Extractable + keyInstance["aliases"] = key.Aliases + keyInstance["key_ring_id"] = key.KeyRingID + policies, err := api.GetPolicies(context.Background(), key.ID) + if err != nil { + return fmt.Errorf("Failed to read policies: %s", err) + } + if len(policies) == 0 { + log.Printf("No Policy Configurations read\n") + } else { + keyInstance["policies"] = flattenKeyPolicies(policies) + } + keyMap = append(keyMap, keyInstance) + + d.SetId(instanceID) + d.Set("keys", keyMap) + d.Set("instance_id", instanceID) + } else { + limit := d.Get("limit") + limitVal := limit.(int) + offset := 0 + //default page size of API is 200 as stated + pageSize := 200 + + // when the limit is not passed, the api works in default way to avoid backward compatibility issues + + if limitVal == 0 { + { + keys, err := api.GetKeys(context.Background(), 0, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + } + } else { + // when the limit is passed by the user + for { + if offset < limitVal { + if (limitVal - offset) < pageSize { + keys, err := api.GetKeys(context.Background(), (limitVal - offset), offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + break + } else { + keys, err := api.GetKeys(context.Background(), pageSize, offset) + if err != nil { + return fmt.Errorf( + "Get Keys failed with error: %s", err) + } + numOfKeysFetched := keys.Metadata.NumberOfKeys + retreivedKeys := keys.Keys + totalKeys = append(totalKeys, retreivedKeys...) + if numOfKeysFetched < pageSize || offset+pageSize == limitVal { + break + } + + offset = offset + pageSize + } + } + } } var keyName string var matchKeys []kp.Key if v, ok := d.GetOk("key_name"); ok { keyName = v.(string) - for _, keyData := range retreivedKeys { + for _, keyData := range totalKeys { if keyData.Name == keyName { matchKeys = append(matchKeys, keyData) } } } else { - matchKeys = retreivedKeys + matchKeys = totalKeys } if len(matchKeys) == 0 { diff --git a/ibm/data_source_ibm_kms_keys_test.go b/ibm/data_source_ibm_kms_keys_test.go index 30759ab4ea2..7128c63cad8 100644 --- a/ibm/data_source_ibm_kms_keys_test.go +++ b/ibm/data_source_ibm_kms_keys_test.go @@ -48,6 +48,27 @@ func TestAccIBMKMSHPCSDataSource_basic(t *testing.T) { }) } +func TestAccIBMKMSKeyDataSource_Keys(t *testing.T) { + instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) + // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) + keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMKmsKeyDataSourceKeysConfig(instanceName, keyName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_kms_key.test", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.0.name", keyName), + resource.TestCheckResourceAttr("data.ibm_kms_key.test2", "keys.1.name", keyName), + ), + }, + }, + }) +} + func TestAccIBMKmsDataSourceKeysPolicy_basic(t *testing.T) { instanceName := fmt.Sprintf("kms_%d", acctest.RandIntRange(10, 100)) // bucketName := fmt.Sprintf("bucket", acctest.RandIntRange(10, 100)) @@ -69,6 +90,45 @@ func TestAccIBMKmsDataSourceKeysPolicy_basic(t *testing.T) { }, }) } + +func testAccCheckIBMKmsKeyDataSourceKeysConfig(instanceName, keyName string) string { + return fmt.Sprintf(` + resource "ibm_resource_instance" "kms_instance" { + name = "%s" + service = "kms" + plan = "tiered-pricing" + location = "us-south" + } + resource "ibm_kms_key" "test" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "%s" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test2" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + resource "ibm_kms_key" "test3" { + instance_id = "${ibm_resource_instance.kms_instance.guid}" + key_name = "${ibm_kms_key.test.key_name}" + standard_key = true + force_delete = true + } + data "ibm_kms_key" "test" { + instance_id = "${ibm_kms_key.test3.instance_id}" + key_id = "${ibm_kms_key.test.key_id}" + } + data "ibm_kms_key" "test2" { + instance_id = "${ibm_kms_key.test3.instance_id}" + limit = 2 + key_name = "${ibm_kms_key.test.key_name}" + } +`, instanceName, keyName) +} + func testAccCheckIBMKmsDataSourceConfig(instanceName, keyName string) string { return fmt.Sprintf(` resource "ibm_resource_instance" "kms_instance" { @@ -84,7 +144,7 @@ func testAccCheckIBMKmsDataSourceConfig(instanceName, keyName string) string { force_delete = true } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } `, instanceName, keyName) } @@ -98,9 +158,9 @@ func testAccCheckIBMKmsDataSourceHpcsConfig(hpcsInstanceID, KeyName string) stri force_delete = true } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } - + `, hpcsInstanceID, KeyName) } @@ -112,7 +172,7 @@ func testAccCheckIBMKmsDataSourceKeysPolicyConfig(instanceName, keyName string, plan = "tiered-pricing" location = "us-south" } - + resource "ibm_kms_key" "test" { instance_id = ibm_resource_instance.kp_instance.guid key_name = "%s" @@ -127,7 +187,7 @@ func testAccCheckIBMKmsDataSourceKeysPolicyConfig(instanceName, keyName string, } } data "ibm_kms_keys" "test" { - instance_id = "${ibm_kms_key.test.instance_id}" + instance_id = "${ibm_kms_key.test.instance_id}" } `, instanceName, keyName, interval_month, enabled) } diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 01a7bf24a1f..3592ac612e8 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -8,7 +8,7 @@ description: |- # ibm\_kms_key -Import the details of existing hs-crypto or key-protect keys as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of keys from the hs-crypto or key-protect instance for the provided key name or alias name (if created for the key). Configuration of an ibm_kms_key datasource requires that the region parameter is set for the IBM provider in the provider block to be the same as the target key protect instance location/region. If not specified it will default to us-south. A terraform apply will fail if the key protect instance location is set differently. +Import the details of existing hs-crypto or key-protect keys as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of keys from the hs-crypto or key-protect instance for the provided key name or an alias name. Configuration of an ibm_kms_key datasource requires that the region parameter is set for the IBM provider in the provider block to be the same as the target key protect instance location/region. If not specified it will default to us-south. A terraform apply will fail if the key protect instance location is set differently. ## Example Usage @@ -22,6 +22,12 @@ data "ibm_kms_key" "test" { instance_id = "guid-of-keyprotect-or hs-crypto-instance" alias = "alias_name" } +OR +data "ibm_kms_key" "test" { + instance_id = "guid-of-keyprotect-or hs-crypto-instance" + limit = 100 + key_name = "name-of-key" +} resource "ibm_cos_bucket" "flex-us-south" { bucket_name = "atest-bucket" resource_instance_id = "cos-instance-id" @@ -31,41 +37,55 @@ resource "ibm_cos_bucket" "flex-us-south" { } ``` -**NOTE : Data of the key can be retrieved either using a key name or an alias name (if created for the key or keys) . +**NOTE : +1) Data of the key can be retrieved either using a key name or an alias name (if created for the key or keys) . +2) limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. ## Argument Reference The following arguments are supported: -* `instance_id` - (Required, string) The keyprotect instance guid. -* `key_name` - (Required, In conflict with alias_name, string) The name of the key. Only the keys with matching name will be retreived. -* `alias` - (Required, In conflict with key_name, string) The alias name associated with the key. Only the key with matching alias name will be retreived. -* `endpoint_type` - (Optional, string) The type of the endpoint (public or private) to be used for fetching keys. + +- `alias` - (Optional, String) The alias of the key. If you want to retrieve the key by using the key name, use the `key_name` option. You must provide either the `key_name` or `alias`. +- `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. +- `instance_id` - (Required, String) The key-protect instance ID. +- `key_name` - (Optional, String) The name of the key. If you want to retrieve the key by using the key alias, use the `alias` option. You must provide either the `key_name` or `alias`. +- `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. +- `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. ## Attribute Reference -In addition to all arguments above, the following attributes are exported: - -* `keys` - List of all Keys in the IBM hs-crypto or Key-protect instance. - * `name` - The name for the key. - * `aliases` - List of all the alias associated with the keys. - * `id` - The unique identifier for this key - * `key_ring_id` - The key ring id for the key. - * `crn` - The crn of the key. - * `standard_key` - This flag is true in case of standard key, else false for root key. - * `policy` - The policies associated with the key. - * `rotation` - The key rotation time interval in months, with a minimum of 1, and a maximum of 12. - * `created_by` - The unique identifier for the resource that created the policy. - * `creation_date` - The date the policy was created. The date format follows RFC 3339. - * `id` - The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. - * `interval_month` - The key rotation time interval in months. - * `last_update_date` - The date when the policy was last replaced or modified. The date format follows RFC 3339. - * `updated_by` - The unique identifier for the resource that updated the policy. - * `dual_auth_delete` - The data associated with the dual authorization delete policy. - * `created_by` - The unique identifier for the resource that created the policy. - * `creation_date` - The date the policy was created. The date format follows RFC 3339. - * `id` - The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. - * `enabled` - If set to true, Key Protect enables a dual authorization policy on the key. - * `last_update_date` - The date when the policy was last replaced or modified. The date format follows RFC 3339. - * `updated_by` - The unique identifier for the resource that updated the policy. +The following attributes are exported: + +In addition to all argument reference list, you can access the following attribute references after your data source is created. + +- `keys` - (String) Lists the Keys of HPCS or Key-protect instance. + + Nested scheme for `keys`: + - `aliases` - (String) A list of alias names that are assigned to the key. + - `crn` - (String) The CRN of the key. + - `id` - (String) The unique ID for the key. + - `key_ring_id` - (String) The ID of the key ring that the key belongs to. + - `name` - (String) The name for the key. + - `policy` - (String) The policies associated with the key. + + Nested scheme for `policy`: + - `dual_auth_delete` - (String) The data associated with the dual authorization delete policy. + + Nested scheme for `dual_auth_delete`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `enabled` - (String) If set to **true**, Key Protect enables a dual authorization policy on the key. + - `id` - (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `rotation` - (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12. + Nested scheme for `rotation`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `id` - (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. + - `interval_month` - (String) The key rotation time interval in months. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `standard_key` - (String) Set the flag **true** for standard key, and **false** for root key. Default value is **false**. diff --git a/website/docs/d/kms_keys.html.markdown b/website/docs/d/kms_keys.html.markdown index 84bb0929c66..2fdded3fb45 100644 --- a/website/docs/d/kms_keys.html.markdown +++ b/website/docs/d/kms_keys.html.markdown @@ -31,9 +31,13 @@ The following arguments are supported: * `instance_id` - (Required, string) The keyprotect instance guid. * `key_name` - (Optional, string) The name of the key. Only the keys with matching name will be retreived. +* `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. +* `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. * `alias` - (Optional, string) The alias name associated with the key. Only the key with matching alias name will be retreived. * `endpoint_type` - (Optional, string) The type of the endpoint (public or private) to be used for fetching keys. +**NOTE: limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. + ## Attribute Reference In addition to all arguments above, the following attributes are exported: From bc84283f734ba49d146c95e35ad72f80dd3cf29e Mon Sep 17 00:00:00 2001 From: harshit777 Date: Mon, 26 Jul 2021 18:15:19 +0530 Subject: [PATCH 3/6] Docs Chnages --- website/docs/d/kms_key.html.markdown | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 3592ac612e8..4152851019d 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -6,9 +6,8 @@ description: |- Manages an IBM hs-crypto or key-protect key. --- -# ibm\_kms_key - -Import the details of existing hs-crypto or key-protect keys as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of keys from the hs-crypto or key-protect instance for the provided key name or an alias name. Configuration of an ibm_kms_key datasource requires that the region parameter is set for the IBM provider in the provider block to be the same as the target key protect instance location/region. If not specified it will default to us-south. A terraform apply will fail if the key protect instance location is set differently. +# ibm_kms_key +Retrieves the list of keys from the Hyper Protect Crypto Services (HPCS) and Key Protect services by using the key name or alias. The region parameter in the `provider.tf` file must be set. If region parameter is not specified, `us-south` is used by default. If the region in the `provider.tf` file is different from the Key Protect instance, the instance cannot be retrieved by Terraform and the Terraform action fails. For more information, about hs-crypto or key-protect keys, see [getting started tutorial](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial). ## Example Usage @@ -43,7 +42,7 @@ resource "ibm_cos_bucket" "flex-us-south" { ## Argument Reference -The following arguments are supported: +Review the argument references that you can specify for your data source. - `alias` - (Optional, String) The alias of the key. If you want to retrieve the key by using the key name, use the `key_name` option. You must provide either the `key_name` or `alias`. @@ -54,9 +53,6 @@ The following arguments are supported: - `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. ## Attribute Reference - -The following attributes are exported: - In addition to all argument reference list, you can access the following attribute references after your data source is created. - `keys` - (String) Lists the Keys of HPCS or Key-protect instance. From 12928f145800b9bbbae69dd6265592ffa5e85b34 Mon Sep 17 00:00:00 2001 From: harshit777 Date: Mon, 26 Jul 2021 18:15:19 +0530 Subject: [PATCH 4/6] Docs Chnages --- website/docs/d/kms_keys.html.markdown | 76 ++++++++++++++------------- 1 file changed, 39 insertions(+), 37 deletions(-) diff --git a/website/docs/d/kms_keys.html.markdown b/website/docs/d/kms_keys.html.markdown index 2fdded3fb45..650e261e32e 100644 --- a/website/docs/d/kms_keys.html.markdown +++ b/website/docs/d/kms_keys.html.markdown @@ -6,13 +6,13 @@ description: |- Manages IBM hs-crypto or key-protect keys. --- -# ibm\_kms_key +# ibm_kms_keys -Import the details of existing hs-crypto or key-protect keys as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of keys from the hs-crypto or key-protect instance. Configuration of an ibm_kms_keys datasource requires that the region parameter is set for the IBM provider in the provider block to be the same as the target key protect instance location/region. If not specified it will default to us-south. A terraform apply will fail if the key protect instance location is set differently. +Retrieves the list of keys from the Hyper Protect Crypto Services (HPCS) and Key Protect services for the given key name. The region parameter in the `provider.tf` file must be set. If region parameter is not specified, `us-south` is used by default. If the region in the `provider.tf` file is different from the Key Protect instance, the instance cannot be retrieved by Terraform and the Terraform action fails. For more information, about hs-crypto or key-protect keys, see [getting started tutorial](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial). -## Example Usage +## Example usage -```hcl +```terraform data "ibm_kms_keys" "test" { instance_id = "guid-of-keyprotect-or hs-crypto-instance" } @@ -25,42 +25,44 @@ resource "ibm_cos_bucket" "flex-us-south" { } ``` -## Argument Reference +## Argument reference +Review the argument references that you can specify for your resource. -The following arguments are supported: +- `alias` - (Optional, String) The alias of the key. +- `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. +- `instance_id` - (Required, String) The key-protect instance ID. +- `key_name` - (Optional, String) The name of the key. Only matching name of the keys are retrieved. -* `instance_id` - (Required, string) The keyprotect instance guid. -* `key_name` - (Optional, string) The name of the key. Only the keys with matching name will be retreived. -* `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. -* `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. -* `alias` - (Optional, string) The alias name associated with the key. Only the key with matching alias name will be retreived. -* `endpoint_type` - (Optional, string) The type of the endpoint (public or private) to be used for fetching keys. +## Attribute reference +In addition to all argument reference list, you can access the following attribute references after your data source is created. -**NOTE: limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. +- `keys` - (String) Lists the Keys of HPCS or Key-protect instance. -## Attribute Reference + Nested scheme for `keys`: + - `aliases` - (String) A list of alias names that are assigned to the key. + - `crn` - (String) The CRN of the key. + - `id` - (String) The unique ID for the key. + - `key_ring_id` - (String) The ID of the key ring that the key belongs to. + - `name` - (String) The name for the key. + - `policy` - (String) The policies associated with the key. -In addition to all arguments above, the following attributes are exported: + Nested scheme for `policy`: + - `rotation` - (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12. -* `keys` - List of all Keys in the IBM hs-crypto or Key-protect instance. - * `name` - The name for the key. - * `aliases` - List of all the alias associated with the keys. - * `key_ring_id` - The key ring id for the key. - * `id` - The unique identifier for this key - * `crn` - The crn of the key. - * `standard_key` - This flag is true in case of standard key, else false for root key. - * `policy` - The policies associated with the key. - * `rotation` - The key rotation time interval in months, with a minimum of 1, and a maximum of 12. - * `created_by` - The unique identifier for the resource that created the policy. - * `creation_date` - The date the policy was created. The date format follows RFC 3339. - * `id` - The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. - * `interval_month` - The key rotation time interval in months. - * `last_update_date` - The date when the policy was last replaced or modified. The date format follows RFC 3339. - * `updated_by` - The unique identifier for the resource that updated the policy. - * `dual_auth_delete` - The data associated with the dual authorization delete policy. - * `created_by` - The unique identifier for the resource that created the policy. - * `creation_date` - The date the policy was created. The date format follows RFC 3339. - * `id` - The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. - * `enabled` - If set to true, Key Protect enables a dual authorization policy on the key. - * `last_update_date` - The date when the policy was last replaced or modified. The date format follows RFC 3339. - * `updated_by` - The unique identifier for the resource that updated the policy. + Nested scheme for `rotation`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `id` - (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. + - `interval_month` - (String) The key rotation time interval in months. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `dual_auth_delete` - (String) The data associated with the dual authorization delete policy. + + Nested scheme for `dual_auth_delete`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `enabled` - (String) If set to **true**, Key Protect enables a dual authorization policy on the key. + - `id` - (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `standard_key` - (String) Set the flag **true** for standard key, and **false** for root key. Default value is **false**. From 9bf350d44cdf8989afea0d0ba0cb65b16d3010c5 Mon Sep 17 00:00:00 2001 From: harshit777 Date: Mon, 26 Jul 2021 18:15:19 +0530 Subject: [PATCH 5/6] Docs Chnages --- website/docs/d/kms_key.html.markdown | 57 ++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 4152851019d..3702550bd3b 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -9,7 +9,7 @@ description: |- # ibm_kms_key Retrieves the list of keys from the Hyper Protect Crypto Services (HPCS) and Key Protect services by using the key name or alias. The region parameter in the `provider.tf` file must be set. If region parameter is not specified, `us-south` is used by default. If the region in the `provider.tf` file is different from the Key Protect instance, the instance cannot be retrieved by Terraform and the Terraform action fails. For more information, about hs-crypto or key-protect keys, see [getting started tutorial](https://cloud.ibm.com/docs/key-protect?topic=key-protect-getting-started-tutorial). -## Example Usage +## Example usage ```hcl data "ibm_kms_key" "test" { @@ -36,10 +36,60 @@ resource "ibm_cos_bucket" "flex-us-south" { } ``` -**NOTE : +**Note** 1) Data of the key can be retrieved either using a key name or an alias name (if created for the key or keys) . 2) limit is an optional parameter used with the keyname, which iterates and fetches the key till the limit given. When the limit is not passed then the first 2000 keys are fetched according to SDK default behaviour. +## Argument reference +Review the argument references that you can specify for your data source. + +- `alias` - (Optional, String) The alias of the key. If you want to retrieve the key by using the key name, use the `key_name` option. You must provide either the `key_name` or `alias`. +- `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. +- `instance_id` - (Required, String) The key-protect instance ID. +- `key_name` - (Optional, String) The name of the key. If you want to retrieve the key by using the key alias, use the `alias` option. You must provide either the `key_name` or `alias`. +- `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. +- `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. + +## Attribute reference +In addition to all argument reference list, you can access the following attribute references after your data source is created. + +- `keys` - (String) Lists the Keys of HPCS or Key-protect instance. + + Nested scheme for `keys`: + - `aliases` - (String) A list of alias names that are assigned to the key. + - `crn` - (String) The CRN of the key. + - `id` - (String) The unique ID for the key. + - `key_ring_id` - (String) The ID of the key ring that the key belongs to. + - `name` - (String) The name for the key. + - `policy` - (String) The policies associated with the key. + + Nested scheme for `policy`: + - `dual_auth_delete` - (String) The data associated with the dual authorization delete policy. + + Nested scheme for `dual_auth_delete`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `enabled` - (String) If set to **true**, Key Protect enables a dual authorization policy on the key. + - `id` - (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `rotation` - (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12. + + Nested scheme for `rotation`: + - `created_by` - (String) The unique ID for the resource that created the policy. + - `creation_date` - (Timestamp) The date the policy was created. The date format follows RFC 3339. + - `id` - (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122. + - `interval_month` - (String) The key rotation time interval in months. + - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. + - `updated_by` - (String) The unique ID for the resource that updated the policy. + - `standard_key` - (String) Set the flag **true** for standard key, and **false** for root key. Default value is **false**. + + + + + + + ## Argument Reference Review the argument references that you can specify for your data source. @@ -49,8 +99,7 @@ Review the argument references that you can specify for your data source. - `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. - `instance_id` - (Required, String) The key-protect instance ID. - `key_name` - (Optional, String) The name of the key. If you want to retrieve the key by using the key alias, use the `alias` option. You must provide either the `key_name` or `alias`. -- `key_id` - (Required, In conflict with alias_name,key_name, string) The keyID of the key to be fetched. -- `limit` - (Optional, int) The limit till the keys need to be fetched in the instance. + ## Attribute Reference In addition to all argument reference list, you can access the following attribute references after your data source is created. From 067a32b1c91e09648e1c104c71e6ef591679c687 Mon Sep 17 00:00:00 2001 From: harshit777 Date: Mon, 26 Jul 2021 18:15:19 +0530 Subject: [PATCH 6/6] Docs Chnages --- website/docs/d/kms_key.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 3702550bd3b..4a3ed35f558 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -11,7 +11,7 @@ Retrieves the list of keys from the Hyper Protect Crypto Services (HPCS) and Key ## Example usage -```hcl +```terraform data "ibm_kms_key" "test" { instance_id = "guid-of-keyprotect-or hs-crypto-instance" key_name = "name-of-key"