Alias support for Key Policies #3768
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
harshit777
force-pushed
the
AliasExtension
branch
4 times, most recently
from
8dab582 to
c245bbc
Compare
dinesh-venkatraman-g
suggested changes
May 18, 2022
| @@ -160,6 +167,7 @@ func dataSourceIBMKMSKeyPoliciesRead(context context.Context, d *schema.Resource | |||
| instanceID = CrnInstanceID[len(CrnInstanceID)-3] | |||
| } | |||
| endpointType := d.Get("endpoint_type").(string) | |||
| alias := d.Get("alias").(string) | |||
There was a problem hiding this comment.
- when we use ExactlyOneOf , can we still provide both the params in the input? (ie) both key_id and alias in our case
- If yes, if I provide a incorrect combination, say exiting key_id but an incorrect alias name in the Datasource, what is the current behaviour?
There was a problem hiding this comment.
Nope, both the params are not allowed (Exactly one of) require either of the input from the user and will output error if both are used. for ex.
- Invalid combination of arguments: "key_id": only one of
alias,key_idcan be specified, butalias,key_idwere specified. - Invalid combination of arguments: "alias": only one of
alias,key_idcan be specified, butalias,key_idwere specified.
2022/05/19 11:20:40 [ERROR] : eval: *terraform.EvalSequence, err: 2 problems:
This comes as an output error when used in combination of both the inputs
resource "ibm_kms_key_policies" "root" {
instance_id = ibm_resource_instance.kms_instance.id
key_id = ibm_kms_key.root.key_id
alias = ibm_kms_key_alias.alias.alias
rotation {
interval_month = 3
}
dual_auth_delete {
enabled = false
}
}
| } else { | ||
| id = alias | ||
| } | ||
| key, err := api.GetKey(context, id) |
There was a problem hiding this comment.
GetKey need only when the key_id is empty
| resource.TestCheckResourceAttr("ibm_kms_key.test", "key_name", keyName), | ||
| resource.TestCheckResourceAttr("ibm_kms_key_alias.testAlias", "alias", aliasName), | ||
| resource.TestCheckResourceAttr("ibm_kms_key_alias.testAlias2", "existing_alias", aliasName), | ||
| resource.TestCheckResourceAttr("ibm_kms_key_alias.testAlias2", "alias", aliasName2), |
There was a problem hiding this comment.
the attribute name ibm_kms_key_alias.testAlias2 is repeating
There was a problem hiding this comment.
The two attributes are testing two different variables existing_alias and alias
| @@ -26,13 +31,15 @@ The following arguments are supported: | |||
|
|
|||
| - `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. | |||
| - `instance_id` - (Required, string) The keyprotect instance guid. | |||
| - `key_id` - (Required, string) The id of the key. | |||
| - `key_id` - (Required - If the alias is not provided, String) The id of the key. | |||
There was a problem hiding this comment.
Suggested change
| - `key_id` - (Required - If the alias is not provided, String) The id of the key. | |
| - `key_id` - (Required - if the alias is not provided, String) The id of the key. |
| @@ -26,13 +31,15 @@ The following arguments are supported: | |||
|
|
|||
| - `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching keys. | |||
| - `instance_id` - (Required, string) The keyprotect instance guid. | |||
| - `key_id` - (Required, string) The id of the key. | |||
| - `key_id` - (Required - If the alias is not provided, String) The id of the key. | |||
| - `alias` - (Required - If the key_id is not provided, String) The alias of the key. | |||
There was a problem hiding this comment.
Suggested change
| - `alias` - (Required - If the key_id is not provided, String) The alias of the key. | |
| - `alias` - (Required - if the key_id is not provided, String) The alias of the key. |
|
|
||
| - `alias` - (Required, Forces new resource, String) The alias name of the key. | ||
| - `endpoint_type` - (Optional, Forces new resource, String) The type of the public endpoint, or private endpoint to be used for creating keys. | ||
| - `instance_id` - (Required, Forces new resource, String) The hs-crypto or key protect instance GUID. | ||
| - `key_id` - (Required, String) The key ID for which alias has to be created. | ||
| - `existing_alias` - (Required, If the key_id is not provided, String) Existing Alias of the key. |
There was a problem hiding this comment.
Suggested change
| - `existing_alias` - (Required, If the key_id is not provided, String) Existing Alias of the key. | |
| - `existing_alias` - (Required - if the key_id is not provided, String) Existing Alias of the key. |
|
|
||
| - `alias` - (Required, Forces new resource, String) The alias name of the key. | ||
| - `endpoint_type` - (Optional, Forces new resource, String) The type of the public endpoint, or private endpoint to be used for creating keys. | ||
| - `instance_id` - (Required, Forces new resource, String) The hs-crypto or key protect instance GUID. | ||
| - `key_id` - (Required, String) The key ID for which alias has to be created. | ||
| - `existing_alias` - (Required, If the key_id is not provided, String) Existing Alias of the key. | ||
| - `key_id` - (Required, If the alias is not provided, String) The key ID for which alias has to be created. |
There was a problem hiding this comment.
Suggested change
| - `key_id` - (Required, If the alias is not provided, String) The key ID for which alias has to be created. | |
| - `key_id` - (Required - if the alias is not provided, String) The key ID for which alias has to be created. |
| ``` | ||
|
|
||
| ## Argument reference | ||
|
|
||
| The following arguments are supported: | ||
|
|
||
| - `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching policies. | ||
| - `key_id` - (Required - If the alias is not provided, String) The ID of the key. |
There was a problem hiding this comment.
Suggested change
| - `key_id` - (Required - If the alias is not provided, String) The ID of the key. | |
| - `key_id` - (Required - if the alias is not provided, String) The ID of the key. |
| ``` | ||
|
|
||
| ## Argument reference | ||
|
|
||
| The following arguments are supported: | ||
|
|
||
| - `endpoint_type` - (Optional, String) The type of the public or private endpoint to be used for fetching policies. | ||
| - `key_id` - (Required - If the alias is not provided, String) The ID of the key. | ||
| - `alias` - (Required - If the key_id is not provided, String) The alias created for the key. |
There was a problem hiding this comment.
Suggested change
| - `alias` - (Required - If the key_id is not provided, String) The alias created for the key. | |
| - `alias` - (Required - if the key_id is not provided, String) The alias created for the key. |
harshit777
force-pushed
the
AliasExtension
branch
from
c245bbc to
c7a3c0e
Compare
|
|
|
|
dinesh-venkatraman-g
approved these changes
May 23, 2022
|
And share the testcases results of the reosurces and datasources |
hkantare
reviewed
May 25, 2022
| @@ -160,6 +167,7 @@ func dataSourceIBMKMSKeyPoliciesRead(context context.Context, d *schema.Resource | |||
| instanceID = CrnInstanceID[len(CrnInstanceID)-3] | |||
| } | |||
| endpointType := d.Get("endpoint_type").(string) | |||
| alias := d.Get("alias").(string) | |||
There was a problem hiding this comment.
Can we use d.GetOK for both key_id and alias
var id string
if v, ok := d.GetOk("key_id");ok {
id =v.(string)
}
if v, ok := d.GetOk("alias");ok {
id = v.(string)
key, err := api.GetKey(context, id)
if err != nil {
return diag.Errorf("Failed to get Key: %s", err)
}
d.Set("key_id", key.ID)
}
```
| @@ -86,7 +94,14 @@ func resourceIBMKmsKeyAliasCreate(d *schema.ResourceData, meta interface{}) erro | |||
|
|
|||
| aliasName := d.Get("alias").(string) | |||
| keyID := d.Get("key_id").(string) | |||
| stkey, err := kpAPI.CreateKeyAlias(context.Background(), aliasName, keyID) | |||
| aliasID := d.Get("existing_alias").(string) | |||
| var id string | |||
There was a problem hiding this comment.
use the same concept of d.GetOk for optional fields in all files
harshit777
force-pushed
the
AliasExtension
branch
from
c7a3c0e to
9872b87
Compare
SunithaGudisagarIBM
pushed a commit
to ibm-vpc/terraform-provider-ibm
that referenced
this pull request
Sep 14, 2022
SunithaGudisagarIBM
pushed a commit
to ibm-vpc/terraform-provider-ibm
that referenced
this pull request
Sep 14, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added alias support for KeyPolicies management