From f2e1fb23d8336a06d22c5122f71ccc86dc78e05a Mon Sep 17 00:00:00 2001
From: SevenEarth <45937856+SevenEarth@users.noreply.github.com>
Date: Sun, 8 Oct 2023 07:32:13 -0500
Subject: [PATCH] feat/kms (#2171)
* feat/kms
* feat/kms
---
.changelog/2171.txt | 15 +
.../data_source_tc_kms_describe_keys.go | 187 +++++++++++
.../data_source_tc_kms_describe_keys_test.go | 45 +++
tencentcloud/data_source_tc_kms_list_keys.go | 119 +++++++
.../data_source_tc_kms_list_keys_test.go | 33 ++
...ata_source_tc_kms_white_box_key_details.go | 211 ++++++++++++
...ource_tc_kms_white_box_key_details_test.go | 44 +++
tencentcloud/extension_kms.go | 20 ++
tencentcloud/provider.go | 8 +
tencentcloud/resource_tc_kms_white_box_key.go | 307 ++++++++++++++++++
.../resource_tc_kms_white_box_key_test.go | 69 ++++
tencentcloud/service_tencentcloud_kms.go | 196 +++++++++++
.../docs/d/kms_describe_keys.html.markdown | 51 +++
website/docs/d/kms_list_keys.html.markdown | 37 +++
.../d/kms_white_box_key_details.html.markdown | 47 +++
.../docs/r/kms_white_box_key.html.markdown | 53 +++
website/tencentcloud.erb | 12 +
17 files changed, 1454 insertions(+)
create mode 100644 .changelog/2171.txt
create mode 100644 tencentcloud/data_source_tc_kms_describe_keys.go
create mode 100644 tencentcloud/data_source_tc_kms_describe_keys_test.go
create mode 100644 tencentcloud/data_source_tc_kms_list_keys.go
create mode 100644 tencentcloud/data_source_tc_kms_list_keys_test.go
create mode 100644 tencentcloud/data_source_tc_kms_white_box_key_details.go
create mode 100644 tencentcloud/data_source_tc_kms_white_box_key_details_test.go
create mode 100644 tencentcloud/resource_tc_kms_white_box_key.go
create mode 100644 tencentcloud/resource_tc_kms_white_box_key_test.go
create mode 100644 website/docs/d/kms_describe_keys.html.markdown
create mode 100644 website/docs/d/kms_list_keys.html.markdown
create mode 100644 website/docs/d/kms_white_box_key_details.html.markdown
create mode 100644 website/docs/r/kms_white_box_key.html.markdown
diff --git a/.changelog/2171.txt b/.changelog/2171.txt
new file mode 100644
index 0000000000..c2ed54d1ca
--- /dev/null
+++ b/.changelog/2171.txt
@@ -0,0 +1,15 @@
+```release-note:new-resource
+tencentcloud_kms_white_box_key
+```
+
+```release-note:new-data-source
+tencentcloud_kms_describe_keys
+```
+
+```release-note:new-data-source
+tencentcloud_kms_white_box_key_details
+```
+
+```release-note:new-data-source
+tencentcloud_kms_list_keys
+```
diff --git a/tencentcloud/data_source_tc_kms_describe_keys.go b/tencentcloud/data_source_tc_kms_describe_keys.go
new file mode 100644
index 0000000000..6437513c2e
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_describe_keys.go
@@ -0,0 +1,187 @@
+/*
+Use this data source to query detailed information of kms key_lists
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_describe_keys" "example" {
+ key_ids = [
+ "9ffacc8b-6461-11ee-a54e-525400dd8a7d",
+ "bffae4ed-6465-11ee-90b2-5254000ef00e"
+ ]
+}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsDescribeKeys() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsDescribeKeysRead,
+ Schema: map[string]*schema.Schema{
+ "key_ids": {
+ Required: true,
+ Type: schema.TypeSet,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Description: "Query the ID list of CMK, batch query supports up to 100 KeyIds at a time.",
+ },
+ "key_list": {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "A list of KMS keys.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "ID of CMK.",
+ },
+ "alias": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Name of CMK.",
+ },
+ "create_time": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Create time of CMK.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Description of CMK.",
+ },
+ "key_state": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "State of CMK.",
+ },
+ "key_usage": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Usage of CMK.",
+ },
+ "creator_uin": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Uin of CMK Creator.",
+ },
+ "key_rotation_enabled": {
+ Type: schema.TypeBool,
+ Computed: true,
+ Description: "Specify whether to enable key rotation.",
+ },
+ "owner": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Creator of CMK.",
+ },
+ "next_rotate_time": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Next rotate time of CMK when key_rotation_enabled is true.",
+ },
+ "deletion_date": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Delete time of CMK.",
+ },
+ "origin": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Origin of CMK. `TENCENT_KMS` - CMK created by KMS, `EXTERNAL` - CMK imported by user.",
+ },
+ "valid_to": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Valid when origin is `EXTERNAL`, it means the effective date of the key material.",
+ },
+ },
+ },
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsDescribeKeysRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_describe_keys.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ keyMetadata []*kms.KeyMetadata
+ )
+
+ paramMap := make(map[string]interface{})
+ if v, ok := d.GetOk("key_ids"); ok {
+ keyIdsSet := v.(*schema.Set).List()
+ paramMap["KeyIds"] = helper.InterfacesStringsPoint(keyIdsSet)
+ }
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsKeyListsByFilter(ctx, paramMap)
+ if e != nil {
+ return retryError(e)
+ }
+
+ keyMetadata = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ ids := make([]string, 0, len(keyMetadata))
+ tmpList := make([]map[string]interface{}, 0, len(keyMetadata))
+
+ if keyMetadata != nil {
+ for _, key := range keyMetadata {
+ mapping := map[string]interface{}{
+ "key_id": key.KeyId,
+ "alias": key.Alias,
+ "create_time": key.CreateTime,
+ "description": key.Description,
+ "key_state": key.KeyState,
+ "key_usage": key.KeyUsage,
+ "creator_uin": key.CreatorUin,
+ "key_rotation_enabled": key.KeyRotationEnabled,
+ "owner": key.Owner,
+ "next_rotate_time": key.NextRotateTime,
+ "deletion_date": key.DeletionDate,
+ "origin": key.Origin,
+ "valid_to": key.ValidTo,
+ }
+
+ tmpList = append(tmpList, mapping)
+ ids = append(ids, *key.KeyId)
+ }
+
+ _ = d.Set("key_list", tmpList)
+ }
+
+ d.SetId(helper.DataResourceIdsHash(ids))
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), tmpList); e != nil {
+ return e
+ }
+ }
+
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_describe_keys_test.go b/tencentcloud/data_source_tc_kms_describe_keys_test.go
new file mode 100644
index 0000000000..8d30866e88
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_describe_keys_test.go
@@ -0,0 +1,45 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsDescribeKeysDataSource_basic -v
+func TestAccTencentCloudKmsDescribeKeysDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsKeyListsDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_describe_keys.example"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_id"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.create_time"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.description"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_state"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_usage"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.creator_uin"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.key_rotation_enabled"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.owner"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.next_rotate_time"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.origin"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_describe_keys.example", "key_list.0.valid_to"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsKeyListsDataSource = `
+data "tencentcloud_kms_describe_keys" "example" {
+ key_ids = [
+ "72688f39-1fe8-11ee-9f1a-525400cf25a4"
+ ]
+}
+`
diff --git a/tencentcloud/data_source_tc_kms_list_keys.go b/tencentcloud/data_source_tc_kms_list_keys.go
new file mode 100644
index 0000000000..af83d0750d
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_list_keys.go
@@ -0,0 +1,119 @@
+/*
+Use this data source to query detailed information of kms list_keys
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_list_keys" "example" {
+ role = 1
+}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsListKeys() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsListKeysRead,
+ Schema: map[string]*schema.Schema{
+ "role": {
+ Optional: true,
+ Type: schema.TypeInt,
+ Description: "Filter based on the creator role. The default value is 0, which indicates the cmk created by the user himself, and 1, which indicates the cmk automatically created by authorizing other cloud products.",
+ },
+ "hsm_cluster_id": {
+ Optional: true,
+ Type: schema.TypeString,
+ Description: "HSM cluster ID (only valid for KMS exclusive/managed service instances).",
+ },
+ "keys": {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "A list of KMS keys.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "key_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "ID of CMK.",
+ },
+ },
+ },
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsListKeysRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_list_keys.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ listKeys []*kms.Key
+ )
+
+ paramMap := make(map[string]interface{})
+ if v, _ := d.GetOk("role"); v != nil {
+ paramMap["Role"] = helper.IntUint64(v.(int))
+ }
+
+ if v, ok := d.GetOk("hsm_cluster_id"); ok {
+ paramMap["HsmClusterId"] = helper.String(v.(string))
+ }
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsListKeysByFilter(ctx, paramMap)
+ if e != nil {
+ return retryError(e)
+ }
+
+ listKeys = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ ids := make([]string, 0, len(listKeys))
+ tmpList := make([]map[string]interface{}, 0, len(listKeys))
+
+ if listKeys != nil {
+ for _, key := range listKeys {
+ mapping := map[string]interface{}{
+ "key_id": key.KeyId,
+ }
+
+ tmpList = append(tmpList, mapping)
+ ids = append(ids, *key.KeyId)
+ }
+
+ _ = d.Set("keys", tmpList)
+ }
+
+ d.SetId(helper.DataResourceIdsHash(ids))
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), tmpList); e != nil {
+ return e
+ }
+ }
+
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_list_keys_test.go b/tencentcloud/data_source_tc_kms_list_keys_test.go
new file mode 100644
index 0000000000..837fb012e8
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_list_keys_test.go
@@ -0,0 +1,33 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsListKeysDataSource_basic -v
+func TestAccTencentCloudKmsListKeysDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsListKeysDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_list_keys.example"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_list_keys.example", "keys.0.key_id"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsListKeysDataSource = `
+data "tencentcloud_kms_list_keys" "example" {
+ role = 1
+}
+`
diff --git a/tencentcloud/data_source_tc_kms_white_box_key_details.go b/tencentcloud/data_source_tc_kms_white_box_key_details.go
new file mode 100644
index 0000000000..cf143662c5
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_key_details.go
@@ -0,0 +1,211 @@
+/*
+Use this data source to query detailed information of kms white_box_key_details
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_key_details" "example" {
+ key_status = 0
+}
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsWhiteBoxKeyDetails() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceTencentCloudKmsWhiteBoxKeyDetailsRead,
+ Schema: map[string]*schema.Schema{
+ "key_status": {
+ Optional: true,
+ Type: schema.TypeInt,
+ Description: "Filter condition: status of the key, 0: disabled, 1: enabled.",
+ },
+ "key_infos": {
+ Computed: true,
+ Type: schema.TypeList,
+ Description: "List of white box key information.",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "algorithm": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "The type of algorithm used by the key.",
+ },
+ "create_time": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Key creation time, Unix timestamp.",
+ },
+ "decrypt_key": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "White box decryption key, base64 encoded.",
+ },
+ "resource_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Resource ID, format: creatorUin/$creatorUin/$keyId.",
+ },
+ "key_id": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Globally unique identifier for the white box key.",
+ },
+ "creator_uin": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Creator.",
+ },
+ "alias": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "As an alias for a key that is easier to identify and easier to understand, it cannot be empty and is a combination of 1-60 alphanumeric characters - _. The first character must be a letter or number. It cannot be repeated.",
+ },
+ "description": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "Description of the key.",
+ },
+ "encrypt_key": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "White box encryption key, base64 encoded.",
+ },
+ "owner_uin": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Description: "Creator.",
+ },
+ "status": {
+ Type: schema.TypeString,
+ Computed: true,
+ Description: "The status of the white box key, the value is: Enabled | Disabled.",
+ },
+ "device_fingerprint_bind": {
+ Type: schema.TypeBool,
+ Computed: true,
+ Description: "Is there a device fingerprint bound to the current key?.",
+ },
+ },
+ },
+ },
+ "result_output_file": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: "Used to save results.",
+ },
+ },
+ }
+}
+
+func dataSourceTencentCloudKmsWhiteBoxKeyDetailsRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("data_source.tencentcloud_kms_white_box_key_details.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ whiteBoxKeyInfo []*kms.WhiteboxKeyInfo
+ )
+
+ paramMap := make(map[string]interface{})
+ if v, _ := d.GetOk("key_status"); v != nil {
+ paramMap["KeyStatus"] = helper.IntInt64(v.(int))
+ }
+
+ err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+ result, e := service.DescribeKmsWhiteBoxKeyDetailsByFilter(ctx, paramMap)
+ if e != nil {
+ return retryError(e)
+ }
+
+ whiteBoxKeyInfo = result
+ return nil
+ })
+
+ if err != nil {
+ return err
+ }
+
+ ids := make([]string, 0, len(whiteBoxKeyInfo))
+ tmpList := make([]map[string]interface{}, 0, len(whiteBoxKeyInfo))
+
+ if whiteBoxKeyInfo != nil {
+ for _, whiteBoxKey := range whiteBoxKeyInfo {
+ whiteBoxKeyInfoMap := map[string]interface{}{}
+
+ if whiteBoxKey.Algorithm != nil {
+ whiteBoxKeyInfoMap["algorithm"] = whiteBoxKey.Algorithm
+ }
+
+ if whiteBoxKey.CreateTime != nil {
+ whiteBoxKeyInfoMap["create_time"] = whiteBoxKey.CreateTime
+ }
+
+ if whiteBoxKey.DecryptKey != nil {
+ whiteBoxKeyInfoMap["decrypt_key"] = whiteBoxKey.DecryptKey
+ }
+
+ if whiteBoxKey.ResourceId != nil {
+ whiteBoxKeyInfoMap["resource_id"] = whiteBoxKey.ResourceId
+ }
+
+ if whiteBoxKey.KeyId != nil {
+ whiteBoxKeyInfoMap["key_id"] = whiteBoxKey.KeyId
+ }
+
+ if whiteBoxKey.CreatorUin != nil {
+ whiteBoxKeyInfoMap["creator_uin"] = whiteBoxKey.CreatorUin
+ }
+
+ if whiteBoxKey.Alias != nil {
+ whiteBoxKeyInfoMap["alias"] = whiteBoxKey.Alias
+ }
+
+ if whiteBoxKey.Description != nil {
+ whiteBoxKeyInfoMap["description"] = whiteBoxKey.Description
+ }
+
+ if whiteBoxKey.EncryptKey != nil {
+ whiteBoxKeyInfoMap["encrypt_key"] = whiteBoxKey.EncryptKey
+ }
+
+ if whiteBoxKey.OwnerUin != nil {
+ whiteBoxKeyInfoMap["owner_uin"] = whiteBoxKey.OwnerUin
+ }
+
+ if whiteBoxKey.Status != nil {
+ whiteBoxKeyInfoMap["status"] = whiteBoxKey.Status
+ }
+
+ if whiteBoxKey.DeviceFingerprintBind != nil {
+ whiteBoxKeyInfoMap["device_fingerprint_bind"] = whiteBoxKey.DeviceFingerprintBind
+ }
+
+ ids = append(ids, *whiteBoxKey.KeyId)
+ tmpList = append(tmpList, whiteBoxKeyInfoMap)
+ }
+
+ _ = d.Set("key_infos", tmpList)
+ }
+
+ d.SetId(helper.DataResourceIdsHash(ids))
+ output, ok := d.GetOk("result_output_file")
+ if ok && output.(string) != "" {
+ if e := writeToFile(output.(string), tmpList); e != nil {
+ return e
+ }
+ }
+
+ return nil
+}
diff --git a/tencentcloud/data_source_tc_kms_white_box_key_details_test.go b/tencentcloud/data_source_tc_kms_white_box_key_details_test.go
new file mode 100644
index 0000000000..67e8455f29
--- /dev/null
+++ b/tencentcloud/data_source_tc_kms_white_box_key_details_test.go
@@ -0,0 +1,44 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudNeedFixKmsWhiteBoxKeyDetailsDataSource_basic -v
+func TestAccTencentCloudNeedFixKmsWhiteBoxKeyDetailsDataSource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsWhiteBoxKeyDetailsDataSource,
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_white_box_key_details.example"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.algorithm"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.create_time"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.decrypt_key"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.resource_id"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.key_id"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.creator_uin"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.alias"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.description"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.encrypt_key"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.owner_uin"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.status"),
+ resource.TestCheckResourceAttrSet("data.tencentcloud_kms_white_box_key_details.example", "key_infos.0.device_fingerprint_bind"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsWhiteBoxKeyDetailsDataSource = `
+data "tencentcloud_kms_white_box_key_details" "example" {
+ key_status = 0
+}
+`
diff --git a/tencentcloud/extension_kms.go b/tencentcloud/extension_kms.go
index a94c1a0009..6b8fe526bd 100644
--- a/tencentcloud/extension_kms.go
+++ b/tencentcloud/extension_kms.go
@@ -49,3 +49,23 @@ var KMS_RETRYABLE_ERROR = []string{
"ClientError.NetworkError",
"ClientError.HttpStatusCodeError",
}
+
+const (
+ WHITE_BOX_KEY_ALGORITHM_AES_256 = "AES_256"
+ WHITE_BOX_KEY_ALGORITHM_SM4 = "SM4"
+)
+
+var WHITE_BOX_KEY_ALGORITHM = []string{
+ WHITE_BOX_KEY_ALGORITHM_AES_256,
+ WHITE_BOX_KEY_ALGORITHM_SM4,
+}
+
+const (
+ WHITE_BOX_KEY_STATUS_ENABLED = "Enabled"
+ WHITE_BOX_KEY_STATUS_DISABLED = "Disabled"
+)
+
+var WHITE_BOX_KEY_STATUS = []string{
+ WHITE_BOX_KEY_STATUS_ENABLED,
+ WHITE_BOX_KEY_STATUS_DISABLED,
+}
diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go
index 2aac1eb6f2..ca2a5ba2e8 100644
--- a/tencentcloud/provider.go
+++ b/tencentcloud/provider.go
@@ -545,10 +545,14 @@ Key Management Service(KMS)
tencentcloud_kms_keys
tencentcloud_kms_public_key
tencentcloud_kms_get_parameters_for_import
+ tencentcloud_kms_describe_keys
+ tencentcloud_kms_white_box_key_details
+ tencentcloud_kms_list_keys
Resource
tencentcloud_kms_key
tencentcloud_kms_external_key
+ tencentcloud_kms_white_box_key
Tencent Kubernetes Engine(TKE)
Data Source
@@ -2156,6 +2160,9 @@ func Provider() *schema.Provider {
"tencentcloud_kms_keys": dataSourceTencentCloudKmsKeys(),
"tencentcloud_kms_public_key": dataSourceTencentCloudKmsPublicKey(),
"tencentcloud_kms_get_parameters_for_import": dataSourceTencentCloudKmsGetParametersForImport(),
+ "tencentcloud_kms_describe_keys": dataSourceTencentCloudKmsDescribeKeys(),
+ "tencentcloud_kms_white_box_key_details": dataSourceTencentCloudKmsWhiteBoxKeyDetails(),
+ "tencentcloud_kms_list_keys": dataSourceTencentCloudKmsListKeys(),
"tencentcloud_ssm_products": dataSourceTencentCloudSsmProducts(),
"tencentcloud_ssm_secrets": dataSourceTencentCloudSsmSecrets(),
"tencentcloud_ssm_secret_versions": dataSourceTencentCloudSsmSecretVersions(),
@@ -2846,6 +2853,7 @@ func Provider() *schema.Provider {
"tencentcloud_protocol_template_group": resourceTencentCloudProtocolTemplateGroup(),
"tencentcloud_kms_key": resourceTencentCloudKmsKey(),
"tencentcloud_kms_external_key": resourceTencentCloudKmsExternalKey(),
+ "tencentcloud_kms_white_box_key": resourceTencentCloudKmsWhiteBoxKey(),
"tencentcloud_ssm_secret": resourceTencentCloudSsmSecret(),
"tencentcloud_ssm_ssh_key_pair_secret": resourceTencentCloudSsmSshKeyPairSecret(),
"tencentcloud_ssm_product_secret": resourceTencentCloudSsmProductSecret(),
diff --git a/tencentcloud/resource_tc_kms_white_box_key.go b/tencentcloud/resource_tc_kms_white_box_key.go
new file mode 100644
index 0000000000..e4efd1aecf
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_white_box_key.go
@@ -0,0 +1,307 @@
+/*
+Provides a resource to create a kms white_box_key
+
+Example Usage
+
+```hcl
+resource "tencentcloud_kms_white_box_key" "example" {
+ alias = "tf_example"
+ description = "test desc."
+ algorithm = "SM4"
+ status = "Enabled"
+ tags = {
+ "createdBy" = "terraform"
+ }
+}
+```
+
+Import
+
+kms white_box_key can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kms_white_box_key.example 244dab8c-6dad-11ea-80c6-5254006d0810
+```
+*/
+package tencentcloud
+
+import (
+ "context"
+ "fmt"
+ "log"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+ kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+ "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func resourceTencentCloudKmsWhiteBoxKey() *schema.Resource {
+ return &schema.Resource{
+ Create: resourceTencentCloudKmsWhiteBoxKeyCreate,
+ Read: resourceTencentCloudKmsWhiteBoxKeyRead,
+ Update: resourceTencentCloudKmsWhiteBoxKeyUpdate,
+ Delete: resourceTencentCloudKmsWhiteBoxKeyDelete,
+ Importer: &schema.ResourceImporter{
+ State: schema.ImportStatePassthrough,
+ },
+ Schema: map[string]*schema.Schema{
+ "alias": {
+ Required: true,
+ Type: schema.TypeString,
+ Description: "As an alias for the key to be easier to identify and easier to understand, it cannot be empty and is a combination of 1-60 alphanumeric characters - _. The first character must be a letter or number. Alias are not repeatable.",
+ },
+ "description": {
+ Optional: true,
+ Type: schema.TypeString,
+ Description: "Description of the key, up to 1024 bytes.",
+ },
+ "algorithm": {
+ Required: true,
+ Type: schema.TypeString,
+ ValidateFunc: validateAllowedStringValue(WHITE_BOX_KEY_ALGORITHM),
+ Description: "All algorithm types for creating keys, supported values: AES_256, SM4.",
+ },
+ "status": {
+ Optional: true,
+ Type: schema.TypeString,
+ Default: WHITE_BOX_KEY_STATUS_ENABLED,
+ ValidateFunc: validateAllowedStringValue(WHITE_BOX_KEY_STATUS),
+ Description: "Whether to enable the key. Enabled or Disabled. Default is Enabled.",
+ },
+ "tags": {
+ Type: schema.TypeMap,
+ Optional: true,
+ Description: "The tags of Key.",
+ },
+ },
+ }
+}
+
+func resourceTencentCloudKmsWhiteBoxKeyCreate(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_white_box_key.create")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ request = kms.NewCreateWhiteBoxKeyRequest()
+ response = kms.NewCreateWhiteBoxKeyResponse()
+ keyId string
+ )
+
+ if v, ok := d.GetOk("alias"); ok {
+ request.Alias = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("description"); ok {
+ request.Description = helper.String(v.(string))
+ }
+
+ if v, ok := d.GetOk("algorithm"); ok {
+ request.Algorithm = helper.String(v.(string))
+ }
+
+ err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().CreateWhiteBoxKey(request)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+
+ if result == nil {
+ e = fmt.Errorf("kms whiteBoxKey not exists")
+ return resource.NonRetryableError(e)
+ }
+
+ response = result
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s create kms whiteBoxKey failed, reason:%+v", logId, err)
+ return err
+ }
+
+ keyId = *response.Response.KeyId
+ d.SetId(keyId)
+
+ if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+ tagService := TagService{client: meta.(*TencentCloudClient).apiV3Conn}
+ region := meta.(*TencentCloudClient).apiV3Conn.Region
+ resourceName := fmt.Sprintf("qcs::kms:%s:uin/:key/%s", region, d.Id())
+ if err = tagService.ModifyTags(ctx, resourceName, tags, nil); err != nil {
+ return err
+ }
+ }
+
+ if v, ok := d.GetOk("status"); ok {
+ status := v.(string)
+ if status == WHITE_BOX_KEY_STATUS_DISABLED {
+ disableWhiteBoxKeyRequest := kms.NewDisableWhiteBoxKeyRequest()
+ disableWhiteBoxKeyRequest.KeyId = &keyId
+
+ err = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().DisableWhiteBoxKey(disableWhiteBoxKeyRequest)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s disable kms whiteBoxKey failed, reason:%+v", logId, err)
+ return err
+ }
+ }
+ }
+
+ return resourceTencentCloudKmsWhiteBoxKeyRead(d, meta)
+}
+
+func resourceTencentCloudKmsWhiteBoxKeyRead(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_white_box_key.read")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ keyId = d.Id()
+ )
+
+ whiteBoxKey, err := service.DescribeKmsWhiteBoxKeyById(ctx, keyId)
+ if err != nil {
+ return err
+ }
+
+ if whiteBoxKey == nil {
+ d.SetId("")
+ log.Printf("[WARN]%s resource `KmsWhiteBoxKey` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+ return nil
+ }
+
+ if whiteBoxKey.Alias != nil {
+ _ = d.Set("alias", whiteBoxKey.Alias)
+ }
+
+ if whiteBoxKey.Description != nil {
+ _ = d.Set("description", whiteBoxKey.Description)
+ }
+
+ if whiteBoxKey.Algorithm != nil {
+ _ = d.Set("algorithm", whiteBoxKey.Algorithm)
+ }
+
+ if whiteBoxKey.Status != nil {
+ _ = d.Set("status", whiteBoxKey.Status)
+ }
+
+ tcClient := meta.(*TencentCloudClient).apiV3Conn
+ tagService := &TagService{client: tcClient}
+ tags, err := tagService.DescribeResourceTags(ctx, "kms", "key", tcClient.Region, d.Id())
+ if err != nil {
+ return err
+ }
+
+ _ = d.Set("tags", tags)
+
+ return nil
+}
+
+func resourceTencentCloudKmsWhiteBoxKeyUpdate(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_white_box_key.update")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ enableWhiteBoxKeyRequest = kms.NewEnableWhiteBoxKeyRequest()
+ disableWhiteBoxKeyRequest = kms.NewDisableWhiteBoxKeyRequest()
+ keyId = d.Id()
+ )
+
+ immutableArgs := []string{"alias", "description", "algorithm"}
+
+ for _, v := range immutableArgs {
+ if d.HasChange(v) {
+ return fmt.Errorf("argument `%s` cannot be changed", v)
+ }
+ }
+
+ if d.HasChange("status") {
+ if v, ok := d.GetOk("status"); ok {
+ status := v.(string)
+ if status == WHITE_BOX_KEY_STATUS_DISABLED {
+ disableWhiteBoxKeyRequest.KeyId = &keyId
+ err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().DisableWhiteBoxKey(disableWhiteBoxKeyRequest)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, disableWhiteBoxKeyRequest.GetAction(), disableWhiteBoxKeyRequest.ToJsonString(), result.ToJsonString())
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s disable kms whiteBoxKey failed, reason:%+v", logId, err)
+ return err
+ }
+ } else {
+ enableWhiteBoxKeyRequest.KeyId = &keyId
+ err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+ result, e := meta.(*TencentCloudClient).apiV3Conn.UseKmsClient().EnableWhiteBoxKey(enableWhiteBoxKeyRequest)
+ if e != nil {
+ return retryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, enableWhiteBoxKeyRequest.GetAction(), enableWhiteBoxKeyRequest.ToJsonString(), result.ToJsonString())
+ }
+
+ return nil
+ })
+
+ if err != nil {
+ log.Printf("[CRITAL]%s enable kms whiteBoxKey failed, reason:%+v", logId, err)
+ return err
+ }
+ }
+ }
+ }
+
+ if d.HasChange("tags") {
+ ctx := context.WithValue(context.TODO(), logIdKey, logId)
+ tcClient := meta.(*TencentCloudClient).apiV3Conn
+ tagService := &TagService{client: tcClient}
+ oldTags, newTags := d.GetChange("tags")
+ replaceTags, deleteTags := diffTags(oldTags.(map[string]interface{}), newTags.(map[string]interface{}))
+ resourceName := BuildTagResourceName("kms", "key", tcClient.Region, d.Id())
+ if err := tagService.ModifyTags(ctx, resourceName, replaceTags, deleteTags); err != nil {
+ return err
+ }
+ }
+
+ return resourceTencentCloudKmsWhiteBoxKeyRead(d, meta)
+}
+
+func resourceTencentCloudKmsWhiteBoxKeyDelete(d *schema.ResourceData, meta interface{}) error {
+ defer logElapsed("resource.tencentcloud_kms_white_box_key.delete")()
+ defer inconsistentCheck(d, meta)()
+
+ var (
+ logId = getLogId(contextNil)
+ ctx = context.WithValue(context.TODO(), logIdKey, logId)
+ service = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+ keyId = d.Id()
+ )
+
+ if err := service.DeleteKmsWhiteBoxKeyById(ctx, keyId); err != nil {
+ return err
+ }
+
+ return nil
+}
diff --git a/tencentcloud/resource_tc_kms_white_box_key_test.go b/tencentcloud/resource_tc_kms_white_box_key_test.go
new file mode 100644
index 0000000000..375d20f16e
--- /dev/null
+++ b/tencentcloud/resource_tc_kms_white_box_key_test.go
@@ -0,0 +1,69 @@
+package tencentcloud
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudNeedFixKmsWhiteBoxKeyResource_basic -v
+func TestAccTencentCloudNeedFixKmsWhiteBoxKeyResource_basic(t *testing.T) {
+ t.Parallel()
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() {
+ testAccPreCheck(t)
+ },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccKmsWhiteBoxKey,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_white_box_key.example", "id"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "alias", "tf_example"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "description", "test desc."),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "algorithm", "SM4"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "status", "Disabled"),
+ ),
+ },
+ {
+ ResourceName: "tencentcloud_kms_white_box_key.example",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ {
+ Config: testAccKmsWhiteBoxKeyUpdate,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrSet("tencentcloud_kms_white_box_key.example", "id"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "alias", "tf_example"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "description", "test desc."),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "algorithm", "SM4"),
+ resource.TestCheckResourceAttr("tencentcloud_kms_white_box_key.example", "status", "Enabled"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccKmsWhiteBoxKey = `
+resource "tencentcloud_kms_white_box_key" "example" {
+ alias = "tf_example"
+ description = "test desc."
+ algorithm = "SM4"
+ status = "Disabled"
+ tags = {
+ "createdBy" = "terraform"
+ }
+}
+`
+
+const testAccKmsWhiteBoxKeyUpdate = `
+resource "tencentcloud_kms_white_box_key" "example" {
+ alias = "tf_example"
+ description = "test desc."
+ algorithm = "SM4"
+ status = "Enabled"
+ tags = {
+ "createdByUpdate" = "terraformUpdate"
+ }
+}
+`
diff --git a/tencentcloud/service_tencentcloud_kms.go b/tencentcloud/service_tencentcloud_kms.go
index 3934225275..d47b8d8905 100644
--- a/tencentcloud/service_tencentcloud_kms.go
+++ b/tencentcloud/service_tencentcloud_kms.go
@@ -484,3 +484,199 @@ func (me *KmsService) DescribeKmsGetParametersForImportByFilter(ctx context.Cont
getParametersForImport = response.Response
return
}
+
+func (me *KmsService) DescribeKmsKeyListsByFilter(ctx context.Context, param map[string]interface{}) (KeyLists []*kms.KeyMetadata, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewDescribeKeysRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ for k, v := range param {
+ if k == "KeyIds" {
+ request.KeyIds = v.([]*string)
+ }
+ }
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DescribeKeys(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil || len(response.Response.KeyMetadatas) < 1 {
+ return
+ }
+
+ KeyLists = response.Response.KeyMetadatas
+
+ return
+}
+
+func (me *KmsService) DescribeKmsWhiteBoxKeyDetailsByFilter(ctx context.Context, param map[string]interface{}) (whiteBoxKeyInfo []*kms.WhiteboxKeyInfo, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewDescribeWhiteBoxKeyDetailsRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ for k, v := range param {
+ if k == "KeyStatus" {
+ request.KeyStatus = v.(*int64)
+ }
+ }
+
+ ratelimit.Check(request.GetAction())
+
+ var (
+ offset uint64 = 0
+ limit uint64 = 20
+ )
+ for {
+ request.Offset = &offset
+ request.Limit = &limit
+ response, err := me.client.UseKmsClient().DescribeWhiteBoxKeyDetails(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil || len(response.Response.KeyInfos) < 1 {
+ break
+ }
+
+ whiteBoxKeyInfo = append(whiteBoxKeyInfo, response.Response.KeyInfos...)
+ if len(response.Response.KeyInfos) < int(limit) {
+ break
+ }
+
+ offset += limit
+ }
+
+ return
+}
+
+func (me *KmsService) DescribeKmsListKeysByFilter(ctx context.Context, param map[string]interface{}) (listKeys []*kms.Key, errRet error) {
+ var (
+ logId = getLogId(ctx)
+ request = kms.NewListKeysRequest()
+ )
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ for k, v := range param {
+ if k == "Role" {
+ request.Role = v.(*uint64)
+ }
+
+ if k == "HsmClusterId" {
+ request.HsmClusterId = v.(*string)
+ }
+ }
+
+ ratelimit.Check(request.GetAction())
+
+ var (
+ offset uint64 = 0
+ limit uint64 = 20
+ )
+ for {
+ request.Offset = &offset
+ request.Limit = &limit
+ response, err := me.client.UseKmsClient().ListKeys(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response == nil || len(response.Response.Keys) < 1 {
+ break
+ }
+
+ listKeys = append(listKeys, response.Response.Keys...)
+ if len(response.Response.Keys) < int(limit) {
+ break
+ }
+
+ offset += limit
+ }
+
+ return
+}
+
+func (me *KmsService) DescribeKmsWhiteBoxKeyById(ctx context.Context, keyId string) (whiteBoxKey *kms.WhiteboxKeyInfo, errRet error) {
+ logId := getLogId(ctx)
+
+ request := kms.NewDescribeWhiteBoxKeyRequest()
+ request.KeyId = &keyId
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DescribeWhiteBoxKey(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ if response.Response.KeyInfo == nil {
+ return
+ }
+
+ whiteBoxKey = response.Response.KeyInfo
+ return
+}
+
+func (me *KmsService) DeleteKmsWhiteBoxKeyById(ctx context.Context, keyId string) (errRet error) {
+ logId := getLogId(ctx)
+
+ request := kms.NewDeleteWhiteBoxKeyRequest()
+ request.KeyId = &keyId
+
+ defer func() {
+ if errRet != nil {
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+ }
+ }()
+
+ ratelimit.Check(request.GetAction())
+
+ response, err := me.client.UseKmsClient().DeleteWhiteBoxKey(request)
+ if err != nil {
+ errRet = err
+ return
+ }
+
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+ return
+}
diff --git a/website/docs/d/kms_describe_keys.html.markdown b/website/docs/d/kms_describe_keys.html.markdown
new file mode 100644
index 0000000000..cfda85c302
--- /dev/null
+++ b/website/docs/d/kms_describe_keys.html.markdown
@@ -0,0 +1,51 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_describe_keys"
+sidebar_current: "docs-tencentcloud-datasource-kms_describe_keys"
+description: |-
+ Use this data source to query detailed information of kms key_lists
+---
+
+# tencentcloud_kms_describe_keys
+
+Use this data source to query detailed information of kms key_lists
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_describe_keys" "example" {
+ key_ids = [
+ "9ffacc8b-6461-11ee-a54e-525400dd8a7d",
+ "bffae4ed-6465-11ee-90b2-5254000ef00e"
+ ]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_ids` - (Required, Set: [`String`]) Query the ID list of CMK, batch query supports up to 100 KeyIds at a time.
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `key_list` - A list of KMS keys.
+ * `alias` - Name of CMK.
+ * `create_time` - Create time of CMK.
+ * `creator_uin` - Uin of CMK Creator.
+ * `deletion_date` - Delete time of CMK.
+ * `description` - Description of CMK.
+ * `key_id` - ID of CMK.
+ * `key_rotation_enabled` - Specify whether to enable key rotation.
+ * `key_state` - State of CMK.
+ * `key_usage` - Usage of CMK.
+ * `next_rotate_time` - Next rotate time of CMK when key_rotation_enabled is true.
+ * `origin` - Origin of CMK. `TENCENT_KMS` - CMK created by KMS, `EXTERNAL` - CMK imported by user.
+ * `owner` - Creator of CMK.
+ * `valid_to` - Valid when origin is `EXTERNAL`, it means the effective date of the key material.
+
+
diff --git a/website/docs/d/kms_list_keys.html.markdown b/website/docs/d/kms_list_keys.html.markdown
new file mode 100644
index 0000000000..5881c4cff1
--- /dev/null
+++ b/website/docs/d/kms_list_keys.html.markdown
@@ -0,0 +1,37 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_list_keys"
+sidebar_current: "docs-tencentcloud-datasource-kms_list_keys"
+description: |-
+ Use this data source to query detailed information of kms list_keys
+---
+
+# tencentcloud_kms_list_keys
+
+Use this data source to query detailed information of kms list_keys
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_list_keys" "example" {
+ role = 1
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `hsm_cluster_id` - (Optional, String) HSM cluster ID (only valid for KMS exclusive/managed service instances).
+* `result_output_file` - (Optional, String) Used to save results.
+* `role` - (Optional, Int) Filter based on the creator role. The default value is 0, which indicates the cmk created by the user himself, and 1, which indicates the cmk automatically created by authorizing other cloud products.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `keys` - A list of KMS keys.
+ * `key_id` - ID of CMK.
+
+
diff --git a/website/docs/d/kms_white_box_key_details.html.markdown b/website/docs/d/kms_white_box_key_details.html.markdown
new file mode 100644
index 0000000000..5a6d3d9397
--- /dev/null
+++ b/website/docs/d/kms_white_box_key_details.html.markdown
@@ -0,0 +1,47 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_white_box_key_details"
+sidebar_current: "docs-tencentcloud-datasource-kms_white_box_key_details"
+description: |-
+ Use this data source to query detailed information of kms white_box_key_details
+---
+
+# tencentcloud_kms_white_box_key_details
+
+Use this data source to query detailed information of kms white_box_key_details
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_white_box_key_details" "example" {
+ key_status = 0
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_status` - (Optional, Int) Filter condition: status of the key, 0: disabled, 1: enabled.
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `key_infos` - List of white box key information.
+ * `algorithm` - The type of algorithm used by the key.
+ * `alias` - As an alias for a key that is easier to identify and easier to understand, it cannot be empty and is a combination of 1-60 alphanumeric characters - _. The first character must be a letter or number. It cannot be repeated.
+ * `create_time` - Key creation time, Unix timestamp.
+ * `creator_uin` - Creator.
+ * `decrypt_key` - White box decryption key, base64 encoded.
+ * `description` - Description of the key.
+ * `device_fingerprint_bind` - Is there a device fingerprint bound to the current key?.
+ * `encrypt_key` - White box encryption key, base64 encoded.
+ * `key_id` - Globally unique identifier for the white box key.
+ * `owner_uin` - Creator.
+ * `resource_id` - Resource ID, format: creatorUin/$creatorUin/$keyId.
+ * `status` - The status of the white box key, the value is: Enabled | Disabled.
+
+
diff --git a/website/docs/r/kms_white_box_key.html.markdown b/website/docs/r/kms_white_box_key.html.markdown
new file mode 100644
index 0000000000..456904b25f
--- /dev/null
+++ b/website/docs/r/kms_white_box_key.html.markdown
@@ -0,0 +1,53 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_white_box_key"
+sidebar_current: "docs-tencentcloud-resource-kms_white_box_key"
+description: |-
+ Provides a resource to create a kms white_box_key
+---
+
+# tencentcloud_kms_white_box_key
+
+Provides a resource to create a kms white_box_key
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_kms_white_box_key" "example" {
+ alias = "tf_example"
+ description = "test desc."
+ algorithm = "SM4"
+ status = "Enabled"
+ tags = {
+ "createdBy" = "terraform"
+ }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `algorithm` - (Required, String) All algorithm types for creating keys, supported values: AES_256, SM4.
+* `alias` - (Required, String) As an alias for the key to be easier to identify and easier to understand, it cannot be empty and is a combination of 1-60 alphanumeric characters - _. The first character must be a letter or number. Alias are not repeatable.
+* `description` - (Optional, String) Description of the key, up to 1024 bytes.
+* `status` - (Optional, String) Whether to enable the key. Enabled or Disabled. Default is Enabled.
+* `tags` - (Optional, Map) The tags of Key.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+kms white_box_key can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_kms_white_box_key.example 244dab8c-6dad-11ea-80c6-5254006d0810
+```
+
diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb
index f31d226d38..ebefc79b2e 100644
--- a/website/tencentcloud.erb
+++ b/website/tencentcloud.erb
@@ -1975,15 +1975,24 @@
Data Sources
@@ -1995,6 +2004,9 @@
tencentcloud_kms_key
+
+ tencentcloud_kms_white_box_key
+