-
Notifications
You must be signed in to change notification settings - Fork 9.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #24787 from ZeePal/main
Added custom key stores for aws_kms_key & custom key store data source
- Loading branch information
Showing
10 changed files
with
223 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
```release-note:new-data-source | ||
aws_kms_custom_key_store | ||
``` | ||
|
||
```release-note:enhancement | ||
resource/aws_kms_key: Add `custom_key_store_id` attribute | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
package kms | ||
|
||
import ( | ||
"context" | ||
"time" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/kms" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-provider-aws/internal/conns" | ||
"github.com/hashicorp/terraform-provider-aws/internal/create" | ||
"github.com/hashicorp/terraform-provider-aws/names" | ||
) | ||
|
||
func DataSourceCustomKeyStore() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadContext: dataSourceCustomKeyStoreRead, | ||
Schema: map[string]*schema.Schema{ | ||
"custom_key_store_id": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Computed: true, | ||
ConflictsWith: []string{"custom_key_store_name"}, | ||
}, | ||
"custom_key_store_name": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Computed: true, | ||
ConflictsWith: []string{"custom_key_store_id"}, | ||
}, | ||
"cloud_hsm_cluster_id": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"connection_state": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"creation_date": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"trust_anchor_certificate": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
const ( | ||
DSNameCustomKeyStore = "Custom Key Store" | ||
) | ||
|
||
func dataSourceCustomKeyStoreRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
conn := meta.(*conns.AWSClient).KMSConn | ||
|
||
input := &kms.DescribeCustomKeyStoresInput{} | ||
|
||
var ksID string | ||
if v, ok := d.GetOk("custom_key_store_id"); ok { | ||
input.CustomKeyStoreId = aws.String(v.(string)) | ||
ksID = v.(string) | ||
} | ||
if v, ok := d.GetOk("custom_key_store_name"); ok { | ||
input.CustomKeyStoreName = aws.String(v.(string)) | ||
ksID = v.(string) | ||
} | ||
|
||
keyStore, err := FindCustomKeyStoreByID(ctx, conn, input) | ||
|
||
if err != nil { | ||
return create.DiagError(names.KMS, create.ErrActionReading, DSNameCustomKeyStore, ksID, err) | ||
} | ||
|
||
d.SetId(aws.StringValue(keyStore.CustomKeyStoreId)) | ||
d.Set("custom_key_store_name", keyStore.CustomKeyStoreName) | ||
d.Set("custom_key_store_id", keyStore.CustomKeyStoreId) | ||
d.Set("cloud_hsm_cluster_id", keyStore.CloudHsmClusterId) | ||
d.Set("connection_state", keyStore.ConnectionState) | ||
d.Set("creation_date", keyStore.CreationDate.Format(time.RFC3339)) | ||
d.Set("trust_anchor_certificate", keyStore.TrustAnchorCertificate) | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
package kms_test | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
"testing" | ||
|
||
"github.com/aws/aws-sdk-go/service/kms" | ||
sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-provider-aws/internal/acctest" | ||
) | ||
|
||
func TestAccKMSCustomKeyStoreDataSource_basic(t *testing.T) { | ||
if os.Getenv("CLOUD_HSM_CLUSTER_ID") == "" { | ||
t.Skip("CLOUD_HSM_CLUSTER_ID environment variable not set") | ||
} | ||
|
||
if os.Getenv("TRUST_ANCHOR_CERTIFICATE") == "" { | ||
t.Skip("TRUST_ANCHOR_CERTIFICATE environment variable not set") | ||
} | ||
|
||
resourceName := "aws_kms_custom_key_store.test" | ||
dataSourceName := "data.aws_kms_custom_key_store.test" | ||
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) | ||
clusterId := os.Getenv("CLOUD_HSM_CLUSTER_ID") | ||
trustAnchorCertificate := os.Getenv("TRUST_ANCHOR_CERTIFICATE") | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { acctest.PreCheck(t) }, | ||
ErrorCheck: acctest.ErrorCheck(t, kms.EndpointsID), | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccCustomKeyStoreDataSourceConfig_basic(rName, clusterId, trustAnchorCertificate), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttrPair(dataSourceName, "custom_key_store_name", resourceName, "custom_key_store_name"), | ||
resource.TestCheckResourceAttrPair(dataSourceName, "custom_key_store_id", resourceName, "id"), | ||
resource.TestCheckResourceAttrPair(dataSourceName, "trust_anchor_certificate", resourceName, "trust_anchor_certificate"), | ||
resource.TestCheckResourceAttrPair(dataSourceName, "cloud_hsm_cluster_id", resourceName, "cloud_hsm_cluster_id"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccCustomKeyStoreDataSourceConfig_basic(rName, clusterId, anchorCertificate string) string { | ||
return fmt.Sprintf(` | ||
resource "aws_kms_custom_key_store" "test" { | ||
cloud_hsm_cluster_id = %[2]q | ||
custom_key_store_name = %[1]q | ||
key_store_password = "noplaintextpasswords1" | ||
trust_anchor_certificate = file(%[3]q) | ||
} | ||
data "aws_kms_custom_key_store" "test" { | ||
custom_key_store_id = aws_kms_custom_key_store.test.id | ||
} | ||
`, rName, clusterId, anchorCertificate) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
--- | ||
subcategory: "KMS (Key Management)" | ||
layout: "aws" | ||
page_title: "AWS: aws_kms_custom_key_store" | ||
description: |- | ||
Get information on a AWS Key Management Service (KMS) Custom Key Store | ||
--- | ||
|
||
# Data Source: aws_kms_custom_key_store | ||
|
||
Use this data source to get the metadata KMS custom key store. | ||
By using this data source, you can reference KMS custom key store | ||
without having to hard code the ID as input. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "aws_kms_custom_key_store" "keystore" { | ||
custom_key_store_name = "my_cloudhsm" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
* `custom_key_store_id` - (Optional) The ID for the custom key store. | ||
* `custom_key_store_name` - (Optional) The user-specified friendly name for the custom key store. | ||
|
||
## Attributes Reference | ||
|
||
* `id` - The ID for the custom key store. | ||
* `cloudhsm_cluster_id` - ID for the CloudHSM cluster that is associated with the custom key store. | ||
* `connection_state` - Indicates whether the custom key store is connected to its CloudHSM cluster. | ||
* `creation_date` - The date and time when the custom key store was created. | ||
* `trust_anchor_certificate` - The trust anchor certificate of the associated CloudHSM cluster. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters