feat/kms (#2171)

* feat/kms * feat/kms
tencentcloudstack · Oct 8, 2023 · f2e1fb2 · f2e1fb2
1 parent d8c42e1
commit f2e1fb2
Show file tree

Hide file tree

Showing 17 changed files with 1,454 additions and 0 deletions.
diff --git a/.changelog/2171.txt b/.changelog/2171.txt
@@ -0,0 +1,15 @@
+```release-note:new-resource
+tencentcloud_kms_white_box_key
+```
+
+```release-note:new-data-source
+tencentcloud_kms_describe_keys
+```
+
+```release-note:new-data-source
+tencentcloud_kms_white_box_key_details
+```
+
+```release-note:new-data-source
+tencentcloud_kms_list_keys
+```
diff --git a/tencentcloud/data_source_tc_kms_describe_keys.go b/tencentcloud/data_source_tc_kms_describe_keys.go
@@ -0,0 +1,187 @@
+/*
+Use this data source to query detailed information of kms key_lists
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_describe_keys" "example" {
+  key_ids = [
+    "9ffacc8b-6461-11ee-a54e-525400dd8a7d",
+    "bffae4ed-6465-11ee-90b2-5254000ef00e"
+  ]
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsDescribeKeys() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudKmsDescribeKeysRead,
+		Schema: map[string]*schema.Schema{
+			"key_ids": {
+				Required:    true,
+				Type:        schema.TypeSet,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Query the ID list of CMK, batch query supports up to 100 KeyIds at a time.",
+			},
+			"key_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of KMS keys.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ID of CMK.",
+						},
+						"alias": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of CMK.",
+						},
+						"create_time": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Create time of CMK.",
+						},
+						"description": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Description of CMK.",
+						},
+						"key_state": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "State of CMK.",
+						},
+						"key_usage": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Usage of CMK.",
+						},
+						"creator_uin": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Uin of CMK Creator.",
+						},
+						"key_rotation_enabled": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Specify whether to enable key rotation.",
+						},
+						"owner": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Creator of CMK.",
+						},
+						"next_rotate_time": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Next rotate time of CMK when key_rotation_enabled is true.",
+						},
+						"deletion_date": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Delete time of CMK.",
+						},
+						"origin": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Origin of CMK. `TENCENT_KMS` - CMK created by KMS, `EXTERNAL` - CMK imported by user.",
+						},
+						"valid_to": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Valid when origin is `EXTERNAL`, it means the effective date of the key material.",
+						},
+					},
+				},
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudKmsDescribeKeysRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_kms_describe_keys.read")()
+	defer inconsistentCheck(d, meta)()
+
+	var (
+		logId       = getLogId(contextNil)
+		ctx         = context.WithValue(context.TODO(), logIdKey, logId)
+		service     = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+		keyMetadata []*kms.KeyMetadata
+	)
+
+	paramMap := make(map[string]interface{})
+	if v, ok := d.GetOk("key_ids"); ok {
+		keyIdsSet := v.(*schema.Set).List()
+		paramMap["KeyIds"] = helper.InterfacesStringsPoint(keyIdsSet)
+	}
+
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := service.DescribeKmsKeyListsByFilter(ctx, paramMap)
+		if e != nil {
+			return retryError(e)
+		}
+
+		keyMetadata = result
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	ids := make([]string, 0, len(keyMetadata))
+	tmpList := make([]map[string]interface{}, 0, len(keyMetadata))
+
+	if keyMetadata != nil {
+		for _, key := range keyMetadata {
+			mapping := map[string]interface{}{
+				"key_id":               key.KeyId,
+				"alias":                key.Alias,
+				"create_time":          key.CreateTime,
+				"description":          key.Description,
+				"key_state":            key.KeyState,
+				"key_usage":            key.KeyUsage,
+				"creator_uin":          key.CreatorUin,
+				"key_rotation_enabled": key.KeyRotationEnabled,
+				"owner":                key.Owner,
+				"next_rotate_time":     key.NextRotateTime,
+				"deletion_date":        key.DeletionDate,
+				"origin":               key.Origin,
+				"valid_to":             key.ValidTo,
+			}
+
+			tmpList = append(tmpList, mapping)
+			ids = append(ids, *key.KeyId)
+		}
+
+		_ = d.Set("key_list", tmpList)
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), tmpList); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_describe_keys_test.go b/tencentcloud/data_source_tc_kms_describe_keys_test.go
@@ -0,0 +1,45 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsDescribeKeysDataSource_basic -v
+func TestAccTencentCloudKmsDescribeKeysDataSource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKmsKeyListsDataSource,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_describe_keys.example"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_id"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.create_time"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.description"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_state"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_usage"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.creator_uin"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_rotation_enabled"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.owner"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.next_rotate_time"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.origin"),
+					resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.valid_to"),
+				),
+			},
+		},
+	})
+}
+
+const testAccKmsKeyListsDataSource = `
+data "tencentcloud_kms_describe_keys" "example" {
+  key_ids = [
+    "72688f39-1fe8-11ee-9f1a-525400cf25a4"
+  ]
+}
+`
diff --git a/tencentcloud/data_source_tc_kms_list_keys.go b/tencentcloud/data_source_tc_kms_list_keys.go
@@ -0,0 +1,119 @@
+/*
+Use this data source to query detailed information of kms list_keys
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_list_keys" "example" {
+  role = 1
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsListKeys() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudKmsListKeysRead,
+		Schema: map[string]*schema.Schema{
+			"role": {
+				Optional:    true,
+				Type:        schema.TypeInt,
+				Description: "Filter based on the creator role. The default value is 0, which indicates the cmk created by the user himself, and 1, which indicates the cmk automatically created by authorizing other cloud products.",
+			},
+			"hsm_cluster_id": {
+				Optional:    true,
+				Type:        schema.TypeString,
+				Description: "HSM cluster ID (only valid for KMS exclusive/managed service instances).",
+			},
+			"keys": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of KMS keys.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "ID of CMK.",
+						},
+					},
+				},
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudKmsListKeysRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_kms_list_keys.read")()
+	defer inconsistentCheck(d, meta)()
+
+	var (
+		logId    = getLogId(contextNil)
+		ctx      = context.WithValue(context.TODO(), logIdKey, logId)
+		service  = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+		listKeys []*kms.Key
+	)
+
+	paramMap := make(map[string]interface{})
+	if v, _ := d.GetOk("role"); v != nil {
+		paramMap["Role"] = helper.IntUint64(v.(int))
+	}
+
+	if v, ok := d.GetOk("hsm_cluster_id"); ok {
+		paramMap["HsmClusterId"] = helper.String(v.(string))
+	}
+
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := service.DescribeKmsListKeysByFilter(ctx, paramMap)
+		if e != nil {
+			return retryError(e)
+		}
+
+		listKeys = result
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	ids := make([]string, 0, len(listKeys))
+	tmpList := make([]map[string]interface{}, 0, len(listKeys))
+
+	if listKeys != nil {
+		for _, key := range listKeys {
+			mapping := map[string]interface{}{
+				"key_id": key.KeyId,
+			}
+
+			tmpList = append(tmpList, mapping)
+			ids = append(ids, *key.KeyId)
+		}
+
+		_ = d.Set("keys", tmpList)
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), tmpList); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}