KMS Tagging

Author: afedorch

CHANGELOG.md

@@ -14,6 +14,7 @@ Enable regional Subnets by making Availability Domain optional when creating a S
 - Support for Health Check Service
 - Adding database connection information to the `oci_database_database` and `oci_database_databases` data sources
 - Adding support for Steering Policies in DNS
+- Support for the tagging of applicable KMS resources
 
 ## 3.14.1 (February 05, 2019)
 

oci/kms_key_data_source.go

@@ -32,10 +32,20 @@ func KmsKeyDataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"defined_tags": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"display_name": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"freeform_tags": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"key_shape": {
 				Type:     schema.TypeList,
 				Computed: true,

oci/kms_key_resource.go

@@ -68,7 +68,21 @@ func KmsKeyResource() *schema.Resource {
 				Required: true,
 				ForceNew: true,
 			},
+
 			// Optional
+			"defined_tags": {
+				Type:             schema.TypeMap,
+				Optional:         true,
+				Computed:         true,
+				DiffSuppressFunc: definedTagsDiffSuppressFunction,
+				Elem:             schema.TypeString,
+			},
+			"freeform_tags": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"desired_state": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -228,11 +242,23 @@ func (s *KmsKeyResourceCrud) Create() error {
 		request.CompartmentId = &tmp
 	}
 
+	if definedTags, ok := s.D.GetOkExists("defined_tags"); ok {
+		convertedDefinedTags, err := mapToDefinedTags(definedTags.(map[string]interface{}))
+		if err != nil {
+			return err
+		}
+		request.DefinedTags = convertedDefinedTags
+	}
+
 	if displayName, ok := s.D.GetOkExists("display_name"); ok {
 		tmp := displayName.(string)
 		request.DisplayName = &tmp
 	}
 
+	if freeformTags, ok := s.D.GetOkExists("freeform_tags"); ok {
+		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
+	}
+
 	if keyShape, ok := s.D.GetOkExists("key_shape"); ok {
 		if tmpList := keyShape.([]interface{}); len(tmpList) > 0 {
 			fieldKeyFormat := fmt.Sprintf("%s.%d.%%s", "key_shape", 0)
@@ -275,11 +301,23 @@ func (s *KmsKeyResourceCrud) Get() error {
 func (s *KmsKeyResourceCrud) Update() error {
 	request := oci_kms.UpdateKeyRequest{}
 
+	if definedTags, ok := s.D.GetOkExists("defined_tags"); ok {
+		convertedDefinedTags, err := mapToDefinedTags(definedTags.(map[string]interface{}))
+		if err != nil {
+			return err
+		}
+		request.DefinedTags = convertedDefinedTags
+	}
+
 	if displayName, ok := s.D.GetOkExists("display_name"); ok {
 		tmp := displayName.(string)
 		request.DisplayName = &tmp
 	}
 
+	if freeformTags, ok := s.D.GetOkExists("freeform_tags"); ok {
+		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
+	}
+
 	tmp := s.D.Id()
 	request.KeyId = &tmp
 
@@ -289,6 +327,7 @@ func (s *KmsKeyResourceCrud) Update() error {
 	if err != nil {
 		return err
 	}
+
 	s.Res = &response.Key
 
 	// Handle activation/deactivation here
@@ -332,10 +371,16 @@ func (s *KmsKeyResourceCrud) SetData() error {
 		s.D.Set("current_key_version", *s.Res.CurrentKeyVersion)
 	}
 
+	if s.Res.DefinedTags != nil {
+		s.D.Set("defined_tags", definedTagsToMap(s.Res.DefinedTags))
+	}
+
 	if s.Res.DisplayName != nil {
 		s.D.Set("display_name", *s.Res.DisplayName)
 	}
 
+	s.D.Set("freeform_tags", s.Res.FreeformTags)
+
 	s.D.Set("desired_state", s.Res.LifecycleState)
 
 	if s.Res.KeyShape != nil {

oci/kms_key_test.go

@@ -11,9 +11,12 @@ import (
 )
 
 var (
-	KeyResourceConfig = KeyResourceDependencies +
+	KeyRequiredOnlyResource = KeyResourceDependencies +
 		generateResourceFromRepresentationMap("oci_kms_key", "test_key", Required, Create, keyRepresentation)
 
+	KeyResourceConfig = KeyResourceDependencies +
+		generateResourceFromRepresentationMap("oci_kms_key", "test_key", Optional, Update, keyRepresentation)
+
 	keySingularDataSourceRepresentation = map[string]interface{}{
 		"key_id":              Representation{repType: Required, create: `${oci_kms_key.test_key.id}`},
 		"management_endpoint": Representation{repType: Required, create: `${data.oci_kms_vault.test_vault.management_endpoint}`},
@@ -34,6 +37,8 @@ var (
 		"key_shape":           RepresentationGroup{Required, keyKeyShapeRepresentation},
 		"management_endpoint": Representation{repType: Required, create: `${data.oci_kms_vault.test_vault.management_endpoint}`},
 		"desired_state":       Representation{repType: Optional, create: `ENABLED`, update: `DISABLED`},
+		"defined_tags":        Representation{repType: Optional, create: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "value")}`, update: `${map("${oci_identity_tag_namespace.tag-namespace1.name}.${oci_identity_tag.tag1.name}", "updatedValue")}`},
+		"freeform_tags":       Representation{repType: Optional, create: map[string]string{"bar-key": "value"}, update: map[string]string{"Department": "Accounting"}},
 	}
 	keyKeyShapeRepresentation = map[string]interface{}{
 		"algorithm": Representation{repType: Required, create: `AES`},
@@ -88,7 +93,7 @@ func TestKmsKeyResource_basic(t *testing.T) {
 		Steps: []resource.TestStep{
 			// verify create
 			{
-				Config: config + compartmentIdVariableStr + KeyResourceDependencies +
+				Config: config + compartmentIdVariableStr + KeyResourceDependencies + DefinedTagsDependencies +
 					generateResourceFromRepresentationMap("oci_kms_key", "test_key", Required, Create, keyRepresentation),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", tenancyId),
@@ -104,14 +109,46 @@ func TestKmsKeyResource_basic(t *testing.T) {
 				),
 			},
 
+			// delete before next create
+			{
+				Config: config + compartmentIdVariableStr + KeyResourceDependencies,
+			},
+			// verify create with optionals
+			{
+				Config: config + compartmentIdVariableStr + KeyResourceDependencies + DefinedTagsDependencies +
+					generateResourceFromRepresentationMap("oci_kms_key", "test_key", Optional, Create, keyRepresentation),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "compartment_id", tenancyId),
+					resource.TestCheckResourceAttrSet(resourceName, "current_key_version"),
+					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "display_name", "Key C"),
+					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
+					resource.TestCheckResourceAttrSet(resourceName, "id"),
+					resource.TestCheckResourceAttr(resourceName, "key_shape.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "key_shape.0.algorithm", "AES"),
+					resource.TestCheckResourceAttr(resourceName, "key_shape.0.length", "16"),
+					resource.TestCheckResourceAttrSet(resourceName, "management_endpoint"),
+					resource.TestCheckResourceAttrSet(resourceName, "state"),
+					resource.TestCheckResourceAttrSet(resourceName, "time_created"),
+					resource.TestCheckResourceAttrSet(resourceName, "vault_id"),
+
+					func(s *terraform.State) (err error) {
+						resId, err = fromInstanceState(s, resourceName, "id")
+						return err
+					},
+				),
+			},
+
 			// verify updates to updatable parameters
 			{
-				Config: config + compartmentIdVariableStr + KeyResourceDependencies +
+				Config: config + compartmentIdVariableStr + KeyResourceDependencies + DefinedTagsDependencies +
 					generateResourceFromRepresentationMap("oci_kms_key", "test_key", Optional, Update, keyRepresentation),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "compartment_id", tenancyId),
 					resource.TestCheckResourceAttrSet(resourceName, "current_key_version"),
+					resource.TestCheckResourceAttr(resourceName, "defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "display_name", "displayName2"),
+					resource.TestCheckResourceAttr(resourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "key_shape.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "key_shape.0.algorithm", "AES"),
@@ -133,14 +170,16 @@ func TestKmsKeyResource_basic(t *testing.T) {
 			{
 				Config: config +
 					generateDataSourceFromRepresentationMap("oci_kms_keys", "test_keys", Optional, Update, keyDataSourceRepresentation) +
-					compartmentIdVariableStr + KeyResourceDependencies +
+					compartmentIdVariableStr + KeyResourceDependencies + DefinedTagsDependencies +
 					generateResourceFromRepresentationMap("oci_kms_key", "test_key", Optional, Update, keyRepresentation),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(datasourceName, "compartment_id", tenancyId),
 
 					resource.TestCheckResourceAttr(datasourceName, "keys.#", "1"),
 					resource.TestCheckResourceAttr(datasourceName, "keys.0.compartment_id", tenancyId),
+					resource.TestCheckResourceAttr(datasourceName, "keys.0.defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(datasourceName, "keys.0.display_name", "displayName2"),
+					resource.TestCheckResourceAttr(datasourceName, "keys.0.freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(datasourceName, "keys.0.id"),
 					resource.TestCheckResourceAttrSet(datasourceName, "keys.0.state"),
 					resource.TestCheckResourceAttrSet(datasourceName, "keys.0.time_created"),
@@ -151,13 +190,15 @@ func TestKmsKeyResource_basic(t *testing.T) {
 			{
 				Config: config +
 					generateDataSourceFromRepresentationMap("oci_kms_key", "test_key", Required, Create, keySingularDataSourceRepresentation) +
-					compartmentIdVariableStr + KeyResourceConfig,
+					compartmentIdVariableStr + KeyResourceConfig + DefinedTagsDependencies,
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "key_id"),
 
 					resource.TestCheckResourceAttr(singularDatasourceName, "compartment_id", tenancyId),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "current_key_version"),
+					resource.TestCheckResourceAttr(singularDatasourceName, "defined_tags.%", "1"),
 					resource.TestCheckResourceAttr(singularDatasourceName, "display_name", "displayName2"),
+					resource.TestCheckResourceAttr(singularDatasourceName, "freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(singularDatasourceName, "id"),
 					resource.TestCheckResourceAttr(singularDatasourceName, "key_shape.#", "1"),
 					resource.TestCheckResourceAttr(singularDatasourceName, "key_shape.0.algorithm", "AES"),
@@ -169,11 +210,11 @@ func TestKmsKeyResource_basic(t *testing.T) {
 			},
 			// remove singular datasource from previous step so that it doesn't conflict with import tests
 			{
-				Config: config + compartmentIdVariableStr + KeyResourceConfig,
+				Config: config + compartmentIdVariableStr + KeyResourceConfig + DefinedTagsDependencies,
 			},
 			// revert the updates
 			{
-				Config: config + compartmentIdVariableStr + KeyResourceDependencies +
+				Config: config + compartmentIdVariableStr + KeyResourceDependencies + DefinedTagsDependencies +
 					generateResourceFromRepresentationMap("oci_kms_key", "test_key", Optional, Create, keyRepresentation),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, "display_name", "Key C"),

oci/kms_keys_data_source.go

@@ -103,10 +103,16 @@ func (s *KmsKeysDataSourceCrud) SetData() error {
 			"compartment_id": *r.CompartmentId,
 		}
 
+		if r.DefinedTags != nil {
+			key["defined_tags"] = definedTagsToMap(r.DefinedTags)
+		}
+
 		if r.DisplayName != nil {
 			key["display_name"] = *r.DisplayName
 		}
 
+		key["freeform_tags"] = r.FreeformTags
+
 		if r.Id != nil {
 			key["id"] = *r.Id
 		}

oci/kms_vault_data_source.go

@@ -26,10 +26,20 @@ func KmsVaultDataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"defined_tags": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"display_name": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"freeform_tags": {
+				Type:     schema.TypeMap,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"management_endpoint": {
 				Type:     schema.TypeString,
 				Computed: true,

oci/kms_vault_resource.go

@@ -38,6 +38,19 @@ func KmsVaultResource() *schema.Resource {
 			},
 
 			// Optional
+			"defined_tags": {
+				Type:             schema.TypeMap,
+				Optional:         true,
+				Computed:         true,
+				DiffSuppressFunc: definedTagsDiffSuppressFunction,
+				Elem:             schema.TypeString,
+			},
+			"freeform_tags": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 
 			// Computed
 			"crypto_endpoint": {
@@ -141,11 +154,23 @@ func (s *KmsVaultResourceCrud) Create() error {
 		request.CompartmentId = &tmp
 	}
 
+	if definedTags, ok := s.D.GetOkExists("defined_tags"); ok {
+		convertedDefinedTags, err := mapToDefinedTags(definedTags.(map[string]interface{}))
+		if err != nil {
+			return err
+		}
+		request.DefinedTags = convertedDefinedTags
+	}
+
 	if displayName, ok := s.D.GetOkExists("display_name"); ok {
 		tmp := displayName.(string)
 		request.DisplayName = &tmp
 	}
 
+	if freeformTags, ok := s.D.GetOkExists("freeform_tags"); ok {
+		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
+	}
+
 	if vaultType, ok := s.D.GetOkExists("vault_type"); ok {
 		request.VaultType = oci_kms.CreateVaultDetailsVaultTypeEnum(vaultType.(string))
 	}
@@ -181,11 +206,23 @@ func (s *KmsVaultResourceCrud) Get() error {
 func (s *KmsVaultResourceCrud) Update() error {
 	request := oci_kms.UpdateVaultRequest{}
 
+	if definedTags, ok := s.D.GetOkExists("defined_tags"); ok {
+		convertedDefinedTags, err := mapToDefinedTags(definedTags.(map[string]interface{}))
+		if err != nil {
+			return err
+		}
+		request.DefinedTags = convertedDefinedTags
+	}
+
 	if displayName, ok := s.D.GetOkExists("display_name"); ok {
 		tmp := displayName.(string)
 		request.DisplayName = &tmp
 	}
 
+	if freeformTags, ok := s.D.GetOkExists("freeform_tags"); ok {
+		request.FreeformTags = objectMapToStringMap(freeformTags.(map[string]interface{}))
+	}
+
 	tmp := s.D.Id()
 	request.VaultId = &tmp
 
@@ -221,10 +258,16 @@ func (s *KmsVaultResourceCrud) SetData() error {
 		s.D.Set("crypto_endpoint", *s.Res.CryptoEndpoint)
 	}
 
+	if s.Res.DefinedTags != nil {
+		s.D.Set("defined_tags", definedTagsToMap(s.Res.DefinedTags))
+	}
+
 	if s.Res.DisplayName != nil {
 		s.D.Set("display_name", *s.Res.DisplayName)
 	}
 
+	s.D.Set("freeform_tags", s.Res.FreeformTags)
+
 	if s.Res.ManagementEndpoint != nil {
 		s.D.Set("management_endpoint", *s.Res.ManagementEndpoint)
 	}