Restore from file support for key and vault

Author: srishtipmishra

CHANGELOG.md

@@ -13,6 +13,7 @@
 - Support resource discovery for `oda` resources
 - Support resource discovery for `datascience` resources
 - Support resource discovery for `oci_objectstorage_object`, `oci_objectstorage_object_lifecycle_policy`, `oci_objectstorage_preauthrequest` resources
+- Support restore from file for `kms` resources
 
 ### Fixed
 - Fixed plan failure in case of missing required attributes in resource discovery. Placeholder values will be added for missing required attributes and the attributes will be added to `lifecycle ignore_changes`

examples/kms/data_sources.tf

@@ -13,7 +13,7 @@ data "oci_kms_vault" "test_vault" {
 }
 
 /*
-//if want to create a new vault
+//create a new vault
 resource "oci_kms_vault" "test_vault" {
 	#Required
 	compartment_id = "${var.compartment_id}"

examples/kms/key.tf

@@ -13,22 +13,32 @@ resource "oci_kms_key" "test_key" {
     length    = "${var.key_key_shape_length}"
   }
 
-  //If using bucket to restore a key use below
+  //If using object to restore a key use below
   /*restore_from_object_store {
     bucket      = "${data.oci_objectstorage_object.key_backup_object.bucket}"
     destination = "${var.destination[0]}"
     namespace   = "${data.oci_objectstorage_object.key_backup_object.namespace}"
     object      = "${data.oci_objectstorage_object.key_backup_object.object}"
   }*/
 
-
   //If using Pre-authenticated-request to restore a key use below
   /*restore_from_object_store {
     destination = "${var.destination[1]}"
     uri         = "${data.oci_objectstorage_preauthrequest.key_backup_preauthenticated_request}"
   }*/
 
-  restore_trigger = "${var.key_restore_trigger}"
+  //If using file stored in object storage to restore a key use below
+  /*restore_from_file {
+    //Required
+    restore_key_from_file_details = "${data.oci_objectstorage_object.key_backup_object.content}"
+    content_length                = "${data.oci_objectstorage_object.key_backup_object.content_length}"
+
+    //Optional
+    content_md5                   = "${data.oci_objectstorage_object.key_backup_object.content_md5}"
+  }*/
+
+  //Flip the trigger when restore operation on key needs to be performed
+  //restore_trigger = "${var.key_restore_trigger}"
 }
 
 resource "oci_kms_key_version" "test_key_version" {

examples/kms/vault.tf

@@ -3,20 +3,32 @@ resource "oci_kms_vault" "private-vault-kms" {
 
   /*restore_from_object_store {
     bucket      = "${data.oci_objectstorage_object.vault_backup_object.bucket}"
-    destination = "${var.destination.bucket}"
+    destination = "${var.destination[0]}"
     namespace   = "${data.oci_objectstorage_object.vault_backup_object.namespace}"
     object      = "${data.oci_objectstorage_object.vault_backup_object.object}"
   }*/
 
   //If restoring using a pre-authenticated-uri use the config below
 
   /*restore_from_object_store {
-    destination = "${var.destination[1]}"
-    uri         = "${data.oci_objectstorage_preauthrequest.vault_backup_preauthenticated_request}"
+          destination = "${var.destination[1]}"
+          uri         = "${data.oci_objectstorage_preauthrequest.vault_backup_preauthenticated_request}"
+        }*/
+
+  //If restoring using object in object storage use the config below
+  /*restore_from_file {
+    restore_vault_from_file_details = "${data.oci_objectstorage_object.vault_backup_object.content}"
+    content_length                = "${data.oci_objectstorage_object.vault_backup_object.content_length}"
+
+    //Optional
+    content_md5                   = "${data.oci_objectstorage_object.vault_backup_object.content_md5}"
   }*/
+  
+  compartment_id = "${var.compartment_id}"
+
+  display_name = "${var.vault_display_name}"
+  vault_type   = "${var.vault_type[1]}"
 
-  compartment_id  = "${var.compartment_id}"
-  display_name    = "${var.vault_display_name}"
-  vault_type      = "${var.vault_type[1]}"
-  restore_trigger = "${var.vault_restore_trigger}"
+  //Flip the trigger when restore operation on vault needs to be performed
+  //restore_trigger = "${var.vault_restore_trigger}"
 }

oci/kms_key_resource.go

@@ -4,9 +4,13 @@
 package oci
 
 import (
+	"bytes"
 	"context"
+	"encoding/base64"
 	"fmt"
+	"io/ioutil"
 	"log"
+	"strconv"
 	"time"
 
 	"github.com/hashicorp/terraform/helper/schema"
@@ -104,34 +108,12 @@ func KmsKeyResource() *schema.Resource {
 				Computed: true,
 				Optional: true,
 			},
-
-			// Computed
-			"current_key_version": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-			"restored_from_key_id": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-			"state": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-			"time_created": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-			"vault_id": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
-
 			"restore_from_object_store": {
-				Type:     schema.TypeList,
-				Optional: true,
-				MaxItems: 1,
-				MinItems: 1,
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				MinItems:      1,
+				ConflictsWith: []string{"restore_from_file"},
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						// Required
@@ -167,10 +149,62 @@ func KmsKeyResource() *schema.Resource {
 					},
 				},
 			},
+			"restore_from_file": {
+				Type:          schema.TypeList,
+				Optional:      true,
+				MaxItems:      1,
+				MinItems:      1,
+				ConflictsWith: []string{"restore_from_object_store"},
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						// Required
+						"restore_key_from_file_details": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"content_length": {
+							Type:             schema.TypeString,
+							Required:         true,
+							ValidateFunc:     validateInt64TypeString,
+							DiffSuppressFunc: int64StringDiffSuppressFunction,
+						},
+
+						// Optional
+						"content_md5": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+
+						// Computed
+					},
+				},
+			},
 			"restore_trigger": {
 				Type:     schema.TypeBool,
 				Optional: true,
 			},
+
+			// Computed
+			"current_key_version": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"restored_from_key_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"state": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"time_created": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"vault_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -316,7 +350,15 @@ func (s *KmsKeyResourceCrud) UpdatedTarget() []string {
 }
 
 func (s *KmsKeyResourceCrud) Create() error {
-	if _, ok := s.D.GetOkExists("restore_from_object_store"); ok {
+	if _, ok := s.D.GetOk("restore_from_file"); ok {
+		err := s.RestoreKeyFromFile()
+		if err != nil {
+			return err
+		}
+		s.D.SetId(s.ID())
+		return s.UpdateKeyDetails()
+	}
+	if _, ok := s.D.GetOk("restore_from_object_store"); ok {
 		err := s.RestoreKeyFromObjectStore()
 		if err != nil {
 			return err
@@ -394,7 +436,14 @@ func (s *KmsKeyResourceCrud) Get() error {
 }
 
 func (s *KmsKeyResourceCrud) Update() error {
-	if _, ok := s.D.GetOkExists("restore_from_object_store"); ok && s.D.HasChange("restore_trigger") {
+	if _, ok := s.D.GetOk("restore_from_file"); ok && s.D.HasChange("restore_trigger") {
+		err := s.RestoreKeyFromFile()
+		if err != nil {
+			return err
+		}
+		s.D.SetId(s.ID())
+	}
+	if _, ok := s.D.GetOk("restore_from_object_store"); ok && s.D.HasChange("restore_trigger") {
 		err := s.RestoreKeyFromObjectStore()
 		if err != nil {
 			return err
@@ -611,6 +660,40 @@ func (s *KmsKeyResourceCrud) RestoreKeyFromObjectStore() error {
 	return nil
 }
 
+func (s *KmsKeyResourceCrud) RestoreKeyFromFile() error {
+	request := oci_kms.RestoreKeyFromFileRequest{}
+	if restoreKeyFromFileDetails, ok := s.D.GetOk("restore_from_file.0.restore_key_from_file_details"); ok {
+		decodedFileContent, _ := base64.StdEncoding.DecodeString(restoreKeyFromFileDetails.(string))
+		request.RestoreKeyFromFileDetails = ioutil.NopCloser(bytes.NewBuffer(decodedFileContent))
+	} else {
+		request.RestoreKeyFromFileDetails = ioutil.NopCloser(bytes.NewBuffer([]byte{}))
+	}
+
+	if contentLength, ok := s.D.GetOk("restore_from_file.0.content_length"); ok {
+		tmp := contentLength.(string)
+		tmpInt64, err := strconv.ParseInt(tmp, 10, 64)
+		if err != nil {
+			return fmt.Errorf("unable to convert content-length string: %s to an int64 and encountered error: %v", tmp, err)
+		}
+		request.ContentLength = &tmpInt64
+	}
+
+	if contentMd5, ok := s.D.GetOk("restore_from_file.0.content_md5"); ok {
+		tmp := contentMd5.(string)
+		request.ContentMd5 = &tmp
+	}
+
+	request.RequestMetadata.RetryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "kms")
+
+	response, err := s.Client.RestoreKeyFromFile(context.Background(), request)
+	if err != nil {
+		return err
+	}
+
+	s.Res = &response.Key
+	return nil
+}
+
 func (s *KmsKeyResourceCrud) mapToBackupLocation(fieldKeyFormat string) (oci_kms.BackupLocation, error) {
 	var baseObject oci_kms.BackupLocation
 	//discriminator