Skip to content

Commit 0afb2a2

Browse files
authored
Merge pull request #593 from ChrisdeR/master
KMS feature support
2 parents 16d18df + e7962da commit 0afb2a2

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

59 files changed

+14587
-202
lines changed

CHANGELOG.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
1-
## 1.53.10 (Unreleased)
1+
## 1.54.0 (Unreleased)
2+
3+
FEATURES:
4+
5+
* **New Resource**: `tencentcloud_kms_key`
6+
* **New Resource**: `tencentcloud_kms_external_key`
7+
* **New Data Source**: `tencentcloud_kms_keys`
8+
29
## 1.53.9 (March 19, 2021)
310

411
ENHANCEMENTS:

examples/tencentcloud-kms/main.tf

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
provider "tencentcloud" {
2+
region = "ap-guangzhou"
3+
}
4+
5+
resource "tencentcloud_kms_external_key" "external_key" {
6+
alias = "tf-kms-external-key"
7+
description = "create a CMK and import key_material_base64."
8+
wrapping_algorithm = "RSAES_PKCS1_V1_5"
9+
key_material_base64 = "MTIzMTIzMTIzMTIzMTIzQQ=="
10+
is_enabled = false
11+
12+
tags = {
13+
"test-tag":"test"
14+
}
15+
}
16+
17+
resource "tencentcloud_kms_key" "key" {
18+
alias = "tf-kms-key"
19+
description = "create a CMK generated by KMS."
20+
key_rotation_enabled = false
21+
is_enabled = true
22+
23+
tags = {
24+
"test-tag":"test"
25+
}
26+
}
27+
28+
data "tencentcloud_kms_keys" "keys" {
29+
key_usage = "ALL"
30+
origin = "EXTERNAL"
31+
}

examples/tencentcloud-kms/version.tf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
terraform {
2+
required_version = ">= 0.12"
3+
}

tencentcloud/connectivity/client.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ import (
2626
dc "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dc/v20180410"
2727
es "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/es/v20180416"
2828
gaap "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap/v20180529"
29+
kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
2930
mongodb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/mongodb/v20190725"
3031
monitor "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/monitor/v20180724"
3132
postgre "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/postgres/v20170312"
@@ -82,6 +83,7 @@ type TencentCloudClient struct {
8283
vodConn *vod.Client
8384
apiGatewayConn *apigateway.Client
8485
sslCertificateConn *sslCertificate.Client
86+
kmsConn *kms.Client
8587
}
8688

8789
// NewClientProfile returns a new ClientProfile
@@ -533,3 +535,15 @@ func (me *TencentCloudClient) UseSSLCertificateClient() *sslCertificate.Client {
533535

534536
return me.sslCertificateConn
535537
}
538+
539+
func (me *TencentCloudClient) UseKmsClient() *kms.Client {
540+
if me.kmsConn != nil {
541+
return me.kmsConn
542+
}
543+
544+
cpf := me.NewClientProfile(300)
545+
me.kmsConn, _ = kms.NewClient(me.Credential, me.Region, cpf)
546+
me.kmsConn.WithHttpTransport(&LogRoundTripper{})
547+
548+
return me.kmsConn
549+
}
Lines changed: 232 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,232 @@
1+
/*
2+
Use this data source to query detailed information of KMS key
3+
4+
Example Usage
5+
6+
```hcl
7+
data "tencentcloud_kms_keys" "foo" {
8+
search_key_alias = "test"
9+
key_state = 0
10+
origin = "TENCENT_KMS"
11+
key_usage = "ALL"
12+
}
13+
```
14+
*/
15+
package tencentcloud
16+
17+
import (
18+
"context"
19+
"log"
20+
21+
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
22+
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
23+
kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
24+
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
25+
)
26+
27+
func dataSourceTencentCloudKmsKeys() *schema.Resource {
28+
return &schema.Resource{
29+
Read: dataSourceTencentCloudKmsKeysRead,
30+
Schema: map[string]*schema.Schema{
31+
"role": {
32+
Type: schema.TypeInt,
33+
Optional: true,
34+
Default: 0,
35+
Description: "Filter by role of the CMK creator. `0` - created by user, `1` - created by cloud product. Default value is `0`.",
36+
},
37+
"order_type": {
38+
Type: schema.TypeInt,
39+
Optional: true,
40+
Default: 0,
41+
Description: "Order to sort the CMK create time. `0` - desc, `1` - asc. Default value is `0`.",
42+
},
43+
"key_state": {
44+
Type: schema.TypeInt,
45+
Optional: true,
46+
Default: 0,
47+
Description: "Filter by state of CMK. `0` - all CMKs are queried, `1` - only Enabled CMKs are queried, `2` - only Disabled CMKs are queried, `3` - only PendingDelete CMKs are queried, `4` - only PendingImport CMKs are queried, `5` - only Archived CMKs are queried.",
48+
},
49+
"search_key_alias": {
50+
Type: schema.TypeString,
51+
Optional: true,
52+
Description: "Words used to match the results, and the words can be: key_id and alias.",
53+
},
54+
"origin": {
55+
Type: schema.TypeString,
56+
Optional: true,
57+
Default: KMS_ORIGIN_ALL,
58+
Description: "Filter by origin of CMK. `TENCENT_KMS` - CMK created by KMS, `EXTERNAL` - CMK imported by user, `ALL` - all CMKs. Default value is `ALL`.",
59+
},
60+
"key_usage": {
61+
Type: schema.TypeString,
62+
Optional: true,
63+
Default: KMS_KEY_USAGE_ENCRYPT_DECRYPT,
64+
Description: "Filter by usage of CMK. Available values include `ALL`, `ENCRYPT_DECRYPT`, `ASYMMETRIC_DECRYPT_RSA_2048`, `ASYMMETRIC_DECRYPT_SM2`, `ASYMMETRIC_SIGN_VERIFY_SM2`, `ASYMMETRIC_SIGN_VERIFY_RSA_2048`, `ASYMMETRIC_SIGN_VERIFY_ECC`. Default value is `ENCRYPT_DECRYPT`.",
65+
},
66+
"tags": {
67+
Type: schema.TypeMap,
68+
Optional: true,
69+
Description: "Tags to filter CMK.",
70+
},
71+
"result_output_file": {
72+
Type: schema.TypeString,
73+
Optional: true,
74+
Description: "Used to save results.",
75+
},
76+
"key_list": {
77+
Type: schema.TypeList,
78+
Computed: true,
79+
Description: "A list of KMS keys.",
80+
Elem: &schema.Resource{
81+
Schema: map[string]*schema.Schema{
82+
"key_id": {
83+
Type: schema.TypeString,
84+
Computed: true,
85+
Description: "ID of CMK.",
86+
},
87+
"alias": {
88+
Type: schema.TypeString,
89+
Computed: true,
90+
Description: "Name of CMK.",
91+
},
92+
"create_time": {
93+
Type: schema.TypeInt,
94+
Computed: true,
95+
Description: "Create time of CMK.",
96+
},
97+
"description": {
98+
Type: schema.TypeString,
99+
Computed: true,
100+
Description: "Description of CMK.",
101+
},
102+
"key_state": {
103+
Type: schema.TypeString,
104+
Computed: true,
105+
Description: "State of CMK.",
106+
},
107+
"key_usage": {
108+
Type: schema.TypeString,
109+
Computed: true,
110+
Description: "Usage of CMK.",
111+
},
112+
"creator_uin": {
113+
Type: schema.TypeInt,
114+
Computed: true,
115+
Description: "Uin of CMK Creator.",
116+
},
117+
"key_rotation_enabled": {
118+
Type: schema.TypeBool,
119+
Computed: true,
120+
Description: "Specify whether to enable key rotation.",
121+
},
122+
"owner": {
123+
Type: schema.TypeString,
124+
Computed: true,
125+
Description: "Creator of CMK.",
126+
},
127+
"next_rotate_time": {
128+
Type: schema.TypeInt,
129+
Computed: true,
130+
Description: "Next rotate time of CMK when key_rotation_enabled is true.",
131+
},
132+
"deletion_date": {
133+
Type: schema.TypeInt,
134+
Computed: true,
135+
Description: "Delete time of CMK.",
136+
},
137+
"origin": {
138+
Type: schema.TypeString,
139+
Computed: true,
140+
Description: "Origin of CMK. `TENCENT_KMS` - CMK created by KMS, `EXTERNAL` - CMK imported by user.",
141+
},
142+
"valid_to": {
143+
Type: schema.TypeInt,
144+
Computed: true,
145+
Description: "Valid when origin is `EXTERNAL`, it means the effective date of the key material.",
146+
},
147+
},
148+
},
149+
},
150+
},
151+
}
152+
}
153+
154+
func dataSourceTencentCloudKmsKeysRead(d *schema.ResourceData, meta interface{}) error {
155+
defer logElapsed("data_source.tencentcloud_kms_keys.read")()
156+
157+
logId := getLogId(contextNil)
158+
ctx := context.WithValue(context.TODO(), logIdKey, logId)
159+
160+
param := make(map[string]interface{})
161+
if v, ok := d.GetOk("role"); ok {
162+
param["role"] = v.(int)
163+
}
164+
if v, ok := d.GetOk("order_type"); ok {
165+
param["order_type"] = v.(int)
166+
}
167+
if v, ok := d.GetOk("key_state"); ok {
168+
keyState := v.(int)
169+
param["key_state"] = uint64(keyState)
170+
}
171+
if v, ok := d.GetOk("search_key_alias"); ok {
172+
param["search_key_alias"] = v.(string)
173+
}
174+
if v, ok := d.GetOk("origin"); ok {
175+
param["origin"] = v.(string)
176+
}
177+
if v, ok := d.GetOk("key_usage"); ok {
178+
param["key_usage"] = v.(string)
179+
}
180+
if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
181+
param["tag_filter"] = tags
182+
}
183+
184+
kmsService := KmsService{
185+
client: meta.(*TencentCloudClient).apiV3Conn,
186+
}
187+
var keys []*kms.KeyMetadata
188+
err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
189+
results, e := kmsService.DescribeKeysByFilter(ctx, param)
190+
if e != nil {
191+
return retryError(e)
192+
}
193+
keys = results
194+
return nil
195+
})
196+
if err != nil {
197+
log.Printf("[CRITAL]%s read KMS keys failed, reason:%+v", logId, err)
198+
return err
199+
}
200+
keyList := make([]map[string]interface{}, 0, len(keys))
201+
ids := make([]string, 0, len(keys))
202+
for _, key := range keys {
203+
mapping := map[string]interface{}{
204+
"key_id": key.KeyId,
205+
"alias": key.Alias,
206+
"create_time": key.CreateTime,
207+
"description": key.Description,
208+
"key_state": key.KeyState,
209+
"key_usage": key.KeyUsage,
210+
"creator_uin": key.CreatorUin,
211+
"key_rotation_enabled": key.KeyRotationEnabled,
212+
"owner": key.Owner,
213+
"next_rotate_time": key.NextRotateTime,
214+
"deletion_date": key.DeletionDate,
215+
"origin": key.Origin,
216+
"valid_to": key.ValidTo,
217+
}
218+
219+
keyList = append(keyList, mapping)
220+
ids = append(ids, *key.KeyId)
221+
}
222+
223+
d.SetId(helper.DataResourceIdsHash(ids))
224+
if e := d.Set("key_list", keyList); e != nil {
225+
log.Printf("[CRITAL]%s provider set KMS key list fail, reason:%+v", logId, e)
226+
return e
227+
}
228+
if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
229+
return writeToFile(output.(string), keyList)
230+
}
231+
return nil
232+
}
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
package tencentcloud
2+
3+
import (
4+
"fmt"
5+
"testing"
6+
7+
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
8+
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
9+
)
10+
11+
func TestAccTencentCloudKmsKeyDataSource(t *testing.T) {
12+
dataSourceName := "data.tencentcloud_kms_keys.test"
13+
rName := fmt.Sprintf("tf-testacc-kms-key-%s", acctest.RandString(13))
14+
15+
resource.Test(t, resource.TestCase{
16+
PreCheck: func() { testAccPreCheck(t) },
17+
Providers: testAccProviders,
18+
Steps: []resource.TestStep{
19+
{
20+
Config: testAccDataSourceKmsKeyConfig(rName),
21+
Check: resource.ComposeTestCheckFunc(
22+
testAccCheckTencentCloudDataSourceID(dataSourceName),
23+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.key_id"),
24+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.create_time"),
25+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.description"),
26+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.key_state"),
27+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.key_usage"),
28+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.creator_uin"),
29+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.key_rotation_enabled"),
30+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.owner"),
31+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.next_rotate_time"),
32+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.origin"),
33+
resource.TestCheckResourceAttrSet(dataSourceName, "key_list.0.valid_to"),
34+
),
35+
},
36+
},
37+
})
38+
}
39+
40+
func testAccDataSourceKmsKeyConfig(rName string) string {
41+
return fmt.Sprintf(`
42+
resource "tencentcloud_kms_key" "test" {
43+
alias = %[1]q
44+
description = %[1]q
45+
is_enabled = false
46+
key_rotation_enabled = true
47+
}
48+
data "tencentcloud_kms_keys" "test" {
49+
search_key_alias = tencentcloud_kms_key.test.alias
50+
}
51+
`, rName)
52+
}

0 commit comments

Comments
 (0)