From 09ec03a23e7cd0c619d967d499f3f3b9c5314bbe Mon Sep 17 00:00:00 2001 From: Tim Date: Sun, 24 Mar 2024 09:40:35 -0500 Subject: [PATCH] KP: Adding attribute registrations for resource instance key and attribute endpoint_type for key policies (#5221) * feat: Adding registrations for the instance key and endpoint_type * adding the logging for registration * adding documentation --------- Co-authored-by: Timothy-Yao --- .../kms/resource_ibm_kms_instance_policies.go | 7 +++ ibm/service/kms/resource_ibm_kms_key.go | 58 ++++++++++++++++++- .../r/kms_instance_policies.html.markdown | 2 + website/docs/r/kms_key.html.markdown | 8 +++ 4 files changed, 73 insertions(+), 2 deletions(-) diff --git a/ibm/service/kms/resource_ibm_kms_instance_policies.go b/ibm/service/kms/resource_ibm_kms_instance_policies.go index 108f4adf45e..de31c2dad35 100644 --- a/ibm/service/kms/resource_ibm_kms_instance_policies.go +++ b/ibm/service/kms/resource_ibm_kms_instance_policies.go @@ -36,6 +36,13 @@ func ResourceIBMKmsInstancePolicy() *schema.Resource { Description: "Key protect or hpcs instance GUID or CRN", DiffSuppressFunc: suppressKMSInstanceIDDiff, }, + "endpoint_type": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validate.ValidateAllowedStringValues([]string{"public", "private"}), + Description: "public or private", + }, "dual_auth_delete": { Type: schema.TypeList, Optional: true, diff --git a/ibm/service/kms/resource_ibm_kms_key.go b/ibm/service/kms/resource_ibm_kms_key.go index 16a048c8b33..51313a41eb8 100644 --- a/ibm/service/kms/resource_ibm_kms_key.go +++ b/ibm/service/kms/resource_ibm_kms_key.go @@ -139,6 +139,31 @@ func ResourceIBMKmskey() *schema.Resource { Computed: true, Description: "Key protect or hpcs instance CRN", }, + + "registrations": { + Type: schema.TypeList, + Computed: true, + Description: "Registrations of the key across different services", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "key_id": { + Type: schema.TypeString, + Computed: true, + Description: "The id of the key being used in the registration", + }, + "resource_crn": { + Type: schema.TypeString, + Computed: true, + Description: "The CRN of the resource tied to the key registration", + }, + "prevent_key_deletion": { + Type: schema.TypeBool, + Computed: true, + Description: "Determines if the registration of the key prevents a deletion.", + }, + }, + }, + }, flex.ResourceName: { Type: schema.TypeString, Computed: true, @@ -225,7 +250,17 @@ func resourceIBMKmsKeyDelete(d *schema.ResourceData, meta interface{}) error { _, err1 := kpAPI.DeleteKey(context.Background(), keyid, kp.ReturnRepresentation, f) if err1 != nil { - return fmt.Errorf("[ERROR] Error while deleting: %s", err1) + registrations := d.Get("registrations").([]interface{}) + var registrationLog error + if registrations != nil && len(registrations) > 0 { + resourceCrns := make([]string, 0) + for _, registration := range registrations { + r := registration.(map[string]interface{}) + resourceCrns = append(resourceCrns, r["resource_crn"].(string)) + } + registrationLog = fmt.Errorf(". The key has the following active registrations which may interfere with deletion: %v", resourceCrns) + } + return fmt.Errorf("[ERROR] Error while deleting: %s%s", err1, registrationLog) } d.SetId("") return nil @@ -327,6 +362,23 @@ func setKeyDetails(d *schema.ResourceData, meta interface{}, instanceID string, d.Set(flex.ResourceControllerURL, rcontroller+"/services/kms/"+url.QueryEscape(crn1)+"%3A%3A") + // Get the Registration of the key + registrations, err := kpAPI.ListRegistrations(context.Background(), key.ID, "") + if err != nil { + return err + } + // making a map[string]interface{} for terraform key.registration Attribute + rSlice := make([]map[string]interface{}, 0) + for _, r := range registrations.Registrations { + registration := map[string]interface{}{ + "key_id": r.KeyID, + "resource_crn": r.ResourceCrn, + "prevent_key_deletion": r.PreventKeyDeletion, + } + rSlice = append(rSlice, registration) + } + d.Set("registrations", rSlice) + return nil } @@ -396,7 +448,8 @@ func populateSchemaData(d *schema.ResourceData, meta interface{}) (*kp.Client, e return nil, err } // keyid := d.Id() - key, err := kpAPI.GetKey(context.Background(), keyid) + ctx := context.Background() + key, err := kpAPI.GetKey(ctx, keyid) if err != nil { kpError := err.(*kp.Error) if kpError.StatusCode == 404 || kpError.StatusCode == 409 { @@ -413,5 +466,6 @@ func populateSchemaData(d *schema.ResourceData, meta interface{}) (*kp.Client, e if err != nil { return nil, err } + return kpAPI, nil } diff --git a/website/docs/r/kms_instance_policies.html.markdown b/website/docs/r/kms_instance_policies.html.markdown index bd52f0836f5..277edfea42e 100644 --- a/website/docs/r/kms_instance_policies.html.markdown +++ b/website/docs/r/kms_instance_policies.html.markdown @@ -57,6 +57,8 @@ The following arguments are supported: - `instance_id` - (Required, String) The key-protect instance ID for creating policies. +- `endpoint_type` - (Optional, String) The type of the public endpoint, or private endpoint to be used for creating keys. + - `rotation` - (Optional,list) The Instance rotation time interval in months, with a minimum of 1, and a maximum of 12. Nested scheme for `rotation`: diff --git a/website/docs/r/kms_key.html.markdown b/website/docs/r/kms_key.html.markdown index d04445aee7a..8d6f87149e8 100644 --- a/website/docs/r/kms_key.html.markdown +++ b/website/docs/r/kms_key.html.markdown @@ -131,6 +131,13 @@ In addition to all argument reference list, you can access the following attribu - `key_id` - (String) The ID of the key. - `key_ring_id` - (String) The ID of the key ring that your Key Protect key belongs to. - `type` - (String) The type of the key KMS or HPCS. +- `registrations` - (List) The registrations associated with the key. + + Nested scheme for `registrations`: + - `key_id` - (String) The id of the key associated with the association. + - `resource_crn` - (String) The CRN of the resource that has a registration to the key. + - `prevent_key_deletion` - (Boolean) Determines if the resource prevents the key deletion. + - `policy` - (String) The policies associated with the key. Nested scheme for `policy`: @@ -155,6 +162,7 @@ In addition to all argument reference list, you can access the following attribu - `last_update_date` - (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339. - `updated_by` - (String) The unique ID for the resource that updated the policy. + ## Import The `ibm_kms_key` can be imported by using the `id` and `crn`.