Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KP: Adding attribute registrations for resource instance key and attribute endpoint_type for key policies #5221

Merged
merged 3 commits into from
Mar 24, 2024

Conversation

tyao117
Copy link
Contributor

@tyao117 tyao117 commented Mar 20, 2024

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

terraform-ibm-modules/terraform-ibm-landing-zone#738
Closes #5154

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccXXX'

...

@william8siew
Copy link
Contributor

Test results for instance policy endpoint type

wsiew@cloudshell:~$ terraform apply --auto-approve 2>&1

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # ibm_kms_instance_policies.instance_policy will be created
  + resource "ibm_kms_instance_policies" "instance_policy" {
      + endpoint_type = "private"
      + id            = (known after apply)
      + instance_id   = (known after apply)

      + dual_auth_delete {
          + created_by    = (known after apply)
          + creation_date = (known after apply)
          + enabled       = false
          + last_updated  = (known after apply)
          + updated_by    = (known after apply)
        }

      + key_create_import_access {
          + create_root_key     = true
          + create_standard_key = true
          + created_by          = (known after apply)
          + creation_date       = (known after apply)
          + enabled             = true
          + enforce_token       = false
          + import_root_key     = true
          + import_standard_key = true
          + last_updated        = (known after apply)
          + updated_by          = (known after apply)
        }

      + metrics {
          + created_by    = (known after apply)
          + creation_date = (known after apply)
          + enabled       = true
          + last_updated  = (known after apply)
          + updated_by    = (known after apply)
        }

      + rotation {
          + created_by     = (known after apply)
          + creation_date  = (known after apply)
          + enabled        = true
          + interval_month = 3
          + last_updated   = (known after apply)
          + updated_by     = (known after apply)
        }
    }

  # ibm_kms_key.key_part_of_key_ring will be created
  + resource "ibm_kms_key" "key_part_of_key_ring" {
      + crn                     = (known after apply)
      + description             = "I am description of keyring1"
      + endpoint_type           = "private"
      + expiration_date         = "2024-12-01T23:20:50Z"
      + force_delete            = false
      + id                      = (known after apply)
      + instance_crn            = (known after apply)
      + instance_id             = (known after apply)
      + key_id                  = (known after apply)
      + key_name                = "key_part_of_key_ring"
      + key_ring_id             = "key-ring-id"
      + payload                 = (sensitive value)
      + registrations           = (known after apply)
      + resource_controller_url = (known after apply)
      + resource_crn            = (known after apply)
      + resource_group_name     = (known after apply)
      + resource_name           = (known after apply)
      + resource_status         = (known after apply)
      + standard_key            = false
      + type                    = (known after apply)
    }

  # ibm_kms_key_rings.key_ring will be created
  + resource "ibm_kms_key_rings" "key_ring" {
      + endpoint_type = "private"
      + force_delete  = false
      + id            = (known after apply)
      + instance_id   = (known after apply)
      + key_ring_id   = "key-ring-id"
    }

  # ibm_resource_instance.kp_instance will be created
  + resource "ibm_resource_instance" "kp_instance" {
      + account_id              = (known after apply)
      + allow_cleanup           = (known after apply)
      + created_at              = (known after apply)
      + created_by              = (known after apply)
      + crn                     = (known after apply)
      + dashboard_url           = (known after apply)
      + deleted_at              = (known after apply)
      + deleted_by              = (known after apply)
      + extensions              = (known after apply)
      + guid                    = (known after apply)
      + id                      = (known after apply)
      + last_operation          = (known after apply)
      + location                = "us-south"
      + locked                  = (known after apply)
      + name                    = "wsiew-2024-mar"
      + parameters              = {
          + "allowed_network" = "private-only"
        }
      + plan                    = "tiered-pricing"
      + plan_history            = (known after apply)
      + resource_aliases_url    = (known after apply)
      + resource_bindings_url   = (known after apply)
      + resource_controller_url = (known after apply)
      + resource_crn            = (known after apply)
      + resource_group_crn      = (known after apply)
      + resource_group_id       = (known after apply)
      + resource_group_name     = (known after apply)
      + resource_id             = (known after apply)
      + resource_keys_url       = (known after apply)
      + resource_name           = (known after apply)
      + resource_plan_id        = (known after apply)
      + resource_status         = (known after apply)
      + restored_at             = (known after apply)
      + restored_by             = (known after apply)
      + scheduled_reclaim_at    = (known after apply)
      + scheduled_reclaim_by    = (known after apply)
      + service                 = "kms"
      + service_endpoints       = (known after apply)
      + state                   = (known after apply)
      + status                  = (known after apply)
      + sub_type                = (known after apply)
      + tags                    = (known after apply)
      + target_crn              = (known after apply)
      + type                    = (known after apply)
      + update_at               = (known after apply)
      + update_by               = (known after apply)
    }

Plan: 4 to add, 0 to change, 0 to destroy.
ibm_resource_instance.kp_instance: Creating...
ibm_resource_instance.kp_instance: Still creating... [10s elapsed]
ibm_resource_instance.kp_instance: Creation complete after 14s [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_key_rings.key_ring: Creating...
ibm_kms_instance_policies.instance_policy: Creating...
ibm_kms_instance_policies.instance_policy: Creation complete after 2s [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_key_rings.key_ring: Creation complete after 3s [id=key-ring-id:keyRing:crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_key.key_part_of_key_ring: Creating...
ibm_kms_key.key_part_of_key_ring: Creation complete after 2s [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf:key:8fb8f69f-e9a4-46aa-9e65-2d6a733e876a]

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
wsiew@cloudshell:~$ terraform apply --auto-approve 2>&1
ibm_resource_instance.kp_instance: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
Killed
wsiew@cloudshell:~$ terraform apply --auto-approve 2>&1
Killed
wsiew@cloudshell:~$ terraform apply --auto-approve 2>&1
ibm_resource_instance.kp_instance: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_key_rings.key_ring: Refreshing state... [id=key-ring-id:keyRing:crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_instance_policies.instance_policy: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf::]
ibm_kms_key.key_part_of_key_ring: Refreshing state... [id=crn:v1:bluemix:public:kms:us-south:a/eba0f7b1166e441ab74ac94e564c72ec:7c539e87-0448-4bcf-914f-b558adb6f1cf:key:8fb8f69f-e9a4-46aa-9e65-2d6a733e876a]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
wsiew@cloudshell:~$ 

@tyao117 tyao117 changed the title feat: Adding attribute registrations for resource instance key and attribute endpoint_type for key policies KP: Adding attribute registrations for resource instance key and attribute endpoint_type for key policies Mar 20, 2024
@tyao117
Copy link
Contributor Author

tyao117 commented Mar 20, 2024

new change from a delete:

image

@tyao117 tyao117 marked this pull request as ready for review March 20, 2024 23:39
@hkantare
Copy link
Collaborator

Can you update documentaion for "registrations" in docs website/docs/r folder

@tyao117
Copy link
Contributor Author

tyao117 commented Mar 21, 2024

@hkantare added.

@hkantare hkantare merged commit 09ec03a into IBM-Cloud:master Mar 24, 2024
1 check passed
ismirlia pushed a commit to powervs-ibm/terraform-provider-ibm that referenced this pull request Apr 11, 2024
…ibute endpoint_type for key policies (IBM-Cloud#5221)

* feat: Adding registrations for the instance key and endpoint_type

* adding the logging for registration

* adding documentation

---------

Co-authored-by: Timothy-Yao <[email protected]>
@william8siew
Copy link
Contributor

Unit tests weren't run for kms. This has caused tests to panic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

ibm_kms_instance_policies fails when trying to communicate with a private only enabled Key Protect instance
3 participants