Support resource discovery for kms resources

Author: ksmulpuri

oci/export_compartment.go

@@ -200,20 +200,21 @@ func getExportConfig(d *schema.ResourceData) (interface{}, error) {
 		return nil, err
 	}
 	exportConfigProvider = sdkConfigProvider
-	// beware: global variable `configureClient` set here--used elsewhere outside this execution path
-	configureClient, err := buildConfigureClientFn(sdkConfigProvider, httpClient)
+
+	configureClientLocal, err := buildConfigureClientFn(sdkConfigProvider, httpClient)
 	if err != nil {
 		return nil, err
 	}
 
 	configureClientWithUserAgent := func(client *oci_common.BaseClient) error {
-		if err := configureClient(client); err != nil {
+		if err := configureClientLocal(client); err != nil {
 			return err
 		}
 		client.UserAgent = userAgentString
 		return nil
 	}
-
+	// beware: global variable `configureClient` set here--used elsewhere outside this execution path
+	configureClient = configureClientWithUserAgent
 	err = createSDKClients(clients, sdkConfigProvider, configureClientWithUserAgent)
 	if err != nil {
 		return nil, err

oci/export_definitions.go

@@ -17,6 +17,7 @@ import (
 	oci_file_storage "github.com/oracle/oci-go-sdk/filestorage"
 	oci_functions "github.com/oracle/oci-go-sdk/functions"
 	oci_identity "github.com/oracle/oci-go-sdk/identity"
+	oci_kms "github.com/oracle/oci-go-sdk/keymanagement"
 	oci_limits "github.com/oracle/oci-go-sdk/limits"
 	oci_load_balancer "github.com/oracle/oci-go-sdk/loadbalancer"
 	oci_monitoring "github.com/oracle/oci-go-sdk/monitoring"
@@ -949,6 +950,37 @@ var exportIdentityTagHints = &TerraformResourceHints{
 	},
 }
 
+var exportKmsKeyHints = &TerraformResourceHints{
+	resourceClass:          "oci_kms_key",
+	datasourceClass:        "oci_kms_keys",
+	datasourceItemsAttr:    "keys",
+	resourceAbbreviation:   "key",
+	requireResourceRefresh: true,
+	discoverableLifecycleStates: []string{
+		string(oci_kms.KeyLifecycleStateEnabled),
+	},
+}
+
+var exportKmsKeyVersionHints = &TerraformResourceHints{
+	resourceClass:        "oci_kms_key_version",
+	datasourceClass:      "oci_kms_key_versions",
+	datasourceItemsAttr:  "key_versions",
+	resourceAbbreviation: "key_version",
+	discoverableLifecycleStates: []string{
+		string(oci_kms.KeyVersionLifecycleStateEnabled),
+	},
+}
+
+var exportKmsVaultHints = &TerraformResourceHints{
+	resourceClass:        "oci_kms_vault",
+	datasourceClass:      "oci_kms_vaults",
+	datasourceItemsAttr:  "vaults",
+	resourceAbbreviation: "vault",
+	discoverableLifecycleStates: []string{
+		string(oci_kms.VaultLifecycleStateActive),
+	},
+}
+
 var exportIdentityNetworkSourceHints = &TerraformResourceHints{
 	resourceClass:          "oci_identity_network_source",
 	datasourceClass:        "oci_identity_network_sources",

oci/export_graphs.go

@@ -60,6 +60,7 @@ var compartmentResourceGraphs = map[string]TerraformResourceGraph{
 	"file_storage":        fileStorageResourceGraph,
 	"functions":           functionsResourceGraph,
 	"health_checks":       healthChecksResourceGraph,
+	"kms":                 kmsResourceGraph,
 	"load_balancer":       loadBalancerResourceGraph,
 	"monitoring":          monitoringResourceGraph,
 	"nosql":               nosqlResourceGraph,
@@ -423,6 +424,29 @@ var identityResourceGraph = TerraformResourceGraph{
 	},
 }
 
+var kmsResourceGraph = TerraformResourceGraph{
+	"oci_identity_compartment": {
+		{TerraformResourceHints: exportKmsVaultHints},
+	},
+	"oci_kms_key": {
+		{
+			TerraformResourceHints: exportKmsKeyVersionHints,
+			datasourceQueryParams: map[string]string{
+				"key_id":              "id",
+				"management_endpoint": "management_endpoint",
+			},
+		},
+	},
+	"oci_kms_vault": {
+		{
+			TerraformResourceHints: exportKmsKeyHints,
+			datasourceQueryParams: map[string]string{
+				"management_endpoint": "management_endpoint",
+			},
+		},
+	},
+}
+
 var limitsResourceGraph = TerraformResourceGraph{
 	"oci_identity_tenancy": {
 		{TerraformResourceHints: exportLimitsQuotaHints},

oci/export_resource_helpers.go

@@ -9,6 +9,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/hashicorp/terraform/helper/schema"
+
 	oci_core "github.com/oracle/oci-go-sdk/core"
 	oci_identity "github.com/oracle/oci-go-sdk/identity"
 	oci_load_balancer "github.com/oracle/oci-go-sdk/loadbalancer"
@@ -132,6 +134,11 @@ func init() {
 	exportIdentitySmtpCredentialHints.getIdFn = getIdentitySmtpCredentialId
 
 	exportIdentitySwiftPasswordHints.getIdFn = getIdentitySwiftPasswordId
+
+	exportKmsKeyHints.getIdFn = getKmsKeyId
+	exportKmsKeyHints.processDiscoveredResourcesFn = processKmsKey
+
+	exportKmsKeyVersionHints.getIdFn = getKmsKeyVersionId
 }
 
 // Custom functions to alter behavior of resource discovery and resource HCL representation
@@ -240,6 +247,47 @@ func getNosqlIndexId(resource *OCIResource) (string, error) {
 	return getIndexCompositeId(name, tableNameOrId), nil
 }
 
+func processKmsKey(clients *OracleClients, resources []*OCIResource) ([]*OCIResource, error) {
+	for _, resource := range resources {
+		resource.sourceAttributes["management_endpoint"] = resource.parent.sourceAttributes["management_endpoint"].(string)
+		var resourceSchema *schema.ResourceData = resource.rawResource.(*schema.ResourceData)
+		resource.sourceAttributes["id"] = resourceSchema.Id()
+	}
+	return resources, nil
+}
+
+func getKmsKeyId(resource *OCIResource) (string, error) {
+	managementEndpoint, ok := resource.parent.sourceAttributes["management_endpoint"].(string)
+	if !ok {
+		return "", fmt.Errorf("[ERROR] unable to find management_endpoint for Index id")
+	}
+	var keyId string
+	// observed that Id is not always available in sourceAttributes - refer export_compartment.go->findResourcesGeneric() to visualize below docs
+	// resource.sourceAttributes has the id in the cases where getKmsKeyId is called with LIST data source response, because list SetData() sets the Id, but this is only done temporarily to populate compositeID
+	// When getKmsKeyId is called for resource, resource.sourceAttributes is not set yet,(so far we used LIST response to get composite Id) but we can get the real ocid after Read because Id was set in the method kms_key_resource.go->readKmsKey()
+	switch resource.rawResource.(type) {
+	case *schema.ResourceData:
+		// 	rawResource from resource read response
+		var resourceSchema *schema.ResourceData = resource.rawResource.(*schema.ResourceData)
+		keyId = resourceSchema.Id()
+	case map[string]interface{}:
+		// 	rawResource from LIST data source read response
+		var resourceMap map[string]interface{} = resource.rawResource.(map[string]interface{})
+		keyId = resourceMap["id"].(string)
+	}
+	return getCompositeKeyId(managementEndpoint, keyId), nil
+}
+
+func getKmsKeyVersionId(resource *OCIResource) (string, error) {
+	managementEndpoint, ok := resource.parent.sourceAttributes["management_endpoint"].(string)
+	if !ok {
+		return "", fmt.Errorf("[ERROR] unable to find management_endpoint for Index id")
+	}
+	keyId := resource.parent.sourceAttributes["id"].(string)
+	keyVersionId := resource.sourceAttributes["key_version_id"].(string)
+	return getCompositeKeyVersionId(managementEndpoint, keyId, keyVersionId), nil
+}
+
 // Custom functions to alter behavior of resource discovery and resource HCL representation
 
 func getBudgetAlertRuleId(resource *OCIResource) (string, error) {

oci/kms_key_resource.go

@@ -250,6 +250,14 @@ func deleteKmsKey(d *schema.ResourceData, m interface{}) error {
 	return DeleteResource(d, sync)
 }
 
+// existing Id is key OCID and it is not the format that readKmsKey expects managementEndpoint/{managementEndpoint}/keys/{keyId}
+// getCompositeKeyId is only used for resource discovery and it returns the Id as expected by readKmsKey method
+// terraform import oci_kms_key.test_key "managementEndpoint/{managementEndpoint}/keys/{keyId}"
+func getCompositeKeyId(managementEndpoint string, keyId string) string {
+	compositeId := "managementEndpoint/" + managementEndpoint + "/keys/" + keyId
+	return compositeId
+}
+
 type KmsKeyResourceCrud struct {
 	BaseCrud
 	Client                 *oci_kms.KmsManagementClient

oci/kms_key_version_resource.go

@@ -148,6 +148,15 @@ func deleteKmsKeyVersion(d *schema.ResourceData, m interface{}) error {
 	return DeleteResource(d, sync)
 }
 
+// existing ID() returned by getKeyVersionCompositeId method is of format keys/(.*)/keyVersions/(.*) and
+// that is not the format that readKmsKeyVersion expects managementEndpoint/{managementEndpoint}/keys/{keyId}/keyVersions/{keyVersionId}
+// getCompositeKeyVersionId is only used for resource discovery and it returns the Id as expected by readKmsKeyVersion
+// terraform import oci_kms_key_version.test_key_version "managementEndpoint/{managementEndpoint}/keys/{keyId}/keyVersions/{keyVersionId}"
+func getCompositeKeyVersionId(managementEndpoint string, keyId string, keyVersionId string) string {
+	compositeId := "managementEndpoint/" + managementEndpoint + "/keys/" + keyId + "/keyVersions/" + keyVersionId
+	return compositeId
+}
+
 type KmsKeyVersionResourceCrud struct {
 	BaseCrud
 	Client                 *oci_kms.KmsManagementClient

oci/kms_key_version_test.go

@@ -6,6 +6,7 @@ package oci
 import (
 	"fmt"
 	"os"
+	"strconv"
 	"testing"
 	"time"
 
@@ -61,6 +62,8 @@ func TestKmsKeyVersionResource_basic(t *testing.T) {
 	datasourceName := "data.oci_kms_key_versions.test_key_versions"
 	singularDatasourceName := "data.oci_kms_key_version.test_key_version"
 
+	var resId string
+
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() { testAccPreCheck(t) },
 		Providers: map[string]terraform.ResourceProvider{
@@ -74,6 +77,16 @@ func TestKmsKeyVersionResource_basic(t *testing.T) {
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrSet(resourceName, "key_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "management_endpoint"),
+
+					func(s *terraform.State) (err error) {
+						resId, err = fromInstanceState(s, resourceName, "id")
+						if isEnableExportCompartment, _ := strconv.ParseBool(getEnvSettingWithDefault("enable_export_compartment", "false")); isEnableExportCompartment {
+							if errExport := testExportCompartmentWithResourceName(&resId, &compartmentId, resourceName); errExport != nil {
+								return errExport
+							}
+						}
+						return err
+					},
 				),
 			},
 

oci/kms_key_versions_data_source.go

@@ -5,6 +5,7 @@ package oci
 
 import (
 	"context"
+	"regexp"
 
 	"fmt"
 
@@ -67,10 +68,7 @@ func (s *KmsKeyVersionsDataSourceCrud) VoidState() {
 func (s *KmsKeyVersionsDataSourceCrud) Get() error {
 	request := oci_kms.ListKeyVersionsRequest{}
 
-	if keyId, ok := s.D.GetOkExists("key_id"); ok {
-		tmp := keyId.(string)
-		request.KeyId = &tmp
-	}
+	request.KeyId = getKeyID(s)
 
 	request.RequestMetadata.RetryPolicy = getRetryPolicy(false, "kms")
 
@@ -95,6 +93,24 @@ func (s *KmsKeyVersionsDataSourceCrud) Get() error {
 	return nil
 }
 
+// with resource discovery s.D.GetOkExists("key_id") can return one of the two things
+// 1) keyId (key ocid) (or)
+// 2) managementEndpoint/{managementEndpoint}/keys/{keyId}
+// getKeyID method handles both and will return the key OCID
+func getKeyID(s *KmsKeyVersionsDataSourceCrud) *string {
+	var finalKeyId string
+	if keyId, ok := s.D.GetOkExists("key_id"); ok {
+		regex, _ := regexp.Compile("^managementEndpoint/(.*)/keys/(.*)$")
+		tokens := regex.FindStringSubmatch(keyId.(string))
+		if len(tokens) == 3 {
+			finalKeyId = tokens[2]
+		} else {
+			finalKeyId = keyId.(string)
+		}
+	}
+	return &finalKeyId
+}
+
 func (s *KmsKeyVersionsDataSourceCrud) SetData() error {
 	if s.Res == nil {
 		return nil

website/docs/guides/resource_discovery.html.markdown

@@ -106,6 +106,7 @@ The generated `.tf` files contain the Terraform configuration with the resources
     * `functions` - Discovers functions resources within the specified compartment
     * `health_checks` - Discovers health_checks resources within the specified compartment
     * `identity` - Discovers identity resources across the entire tenancy
+    * `kms` - Discovers kms resources within the specified compartment
     * `limits` - Discovers limits resources across the entire tenancy
     * `load_balancer` - Discovers load balancer resources within the specified compartment
     * `monitoring` - Discovers monitoring resources within the specified compartment
@@ -330,6 +331,12 @@ identity
 * oci\_identity\_user
 * oci\_identity\_network\_source
 
+kms
+    
+* oci\_kms\_key
+* oci\_kms\_key\_version
+* oci\_kms\_vault
+
 limits
 
 * oci\_limits\_quota