Support: KMS Modules

Author: kavya498

.gitignore

@@ -0,0 +1,5 @@
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfplan
+.terraform.tfstate.lock.info
+.terraform

CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+Extending the adopted spec, each change should have a link to its
+corresponding pull request appended.
+
+## [1.0.0] - 2020-02-10
+
+This is the initial release of the module, with support for IBM-Cloud Key Management services

CONTRIBUTING.md

@@ -0,0 +1,29 @@
+# Contributing
+
+This document provides guidelines for contributing to the module. When contributing to this repository, please first discuss the change you wish to make via issue, email, or any other method with the owners of this repository before making a change.
+
+## File structure
+
+The project has the following folders and files:
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+ ```
+├── README.md
+├── modules/
+│   ├── nestedA/
+│   │   ├── README.md
+│   │   ├── variables.tf
+│   │   ├── main.tf
+│   │   ├── outputs.tf
+│   ├── nestedB/
+│   ├── .../
+├── examples/
+│   ├── exampleA/
+│   │   ├── main.tf
+│   ├── exampleB/
+│   ├── .../
+
+```
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+Please make sure you are changes are inline with directory structure mentined as above.

README.md

@@ -1,2 +1,66 @@
 # terraform-ibm-kms
 Terraform modules to create and work with IBM Key Management Service
+
+The supported modules are 
+* [Provisioning Key protect Instance](./modules/instance)
+* [Creating or Importing Key Protect Key](./modules/key)
+
+## Example Usage
+```
+data "ibm_resource_group" "resource_group" {
+  name = var.resource_group
+}
+
+module "kms_instance" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/instance"
+  resource_group_id      = data.ibm_resource_group.resource_group.id
+  service_name           = var.service_name
+  location               = var.location
+  plan                   = "tiered-pricing"
+  tags                   = var.tags
+  allowed_network_policy = var.allowed_network_policy
+}
+
+module "kms_key" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/key"
+  kms_instance_guid      = module.kms_instance.kms_instance-guid
+  name                   = var.name
+  standard_key_type      = var.standard_key_type
+  force_delete           = var.force_delete
+  network_access_allowed = var.network_access_allowed
+}
+
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+| Name                     | Description                                                    | Type   |Default  |Required |
+|--------------------------|----------------------------------------------------------------|:-------|:--------|:--------|
+| resource\_group          | Name of the resource group                                     |`string`| n/a     | yes     |
+| service_name             | A descriptive name used to identify the resource instance      |`string`| n/a     | yes     |
+| location                 | Target location or environment to create the resource instance |`string`| n/a     | yes     |
+| tags                     | Tags for the KMS Instance                                      |`set`   | n/a     | no      |
+| allowed_network_policy   | Types of the service endpoints.                                |`string`| n/a     | no      |
+| kms_instance_guid        | GUID of the Instance                                           |`string`| n/a     | yes     |
+| name                     | Name of the Key                                                |`string`| n/a     | yes     |
+| standard_key_type        | Determines if it has to be a standard key or root key          |`bool`  | false   | no      |
+| force_delete             | Determines if it has to be force deleted                       |`bool`  | false   | no      |
+| network_access_allowed   | public or private                                              |`string`| `public`| no      |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan 
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+ ## Note:
+* All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values.
+ * Provide `version` attribute in terraform block in versions.tf file to use specific version of terraform provider

examples/import-key/README.md

@@ -0,0 +1,63 @@
+# KMS instance KMS Key Example
+
+This example is used to create a standard or root key on KMS Instance
+## Example Usage
+```
+data "ibm_resource_group" "resource_group" {
+  name = var.resource_group
+}
+
+module "kms_instance" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/instance"
+  resource_group_id      = data.ibm_resource_group.resource_group.id
+  service_name           = var.service_name
+  location               = var.location
+  plan                   = "tiered-pricing"
+  tags                   = var.tags
+  allowed_network_policy = var.allowed_network_policy
+}
+
+module "kms_key" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/key"
+  kms_instance_guid      = module.kms_instance.kms_instance-guid
+  name                   = var.name
+  standard_key_type      = var.standard_key_type
+  force_delete           = var.force_delete
+  network_access_allowed = var.network_access_allowed
+}
+
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+| Name                     | Description                                                    | Type   |Default  |Required |
+|--------------------------|----------------------------------------------------------------|:-------|:--------|:--------|
+| resource\_group          | Name of the resource group                                     |`string`| n/a     | yes     |
+| service_name             | A descriptive name used to identify the resource instance      |`string`| n/a     | yes     |
+| location                 | Target location or environment to create the resource instance |`string`| n/a     | yes     |
+| tags                     | Tags for the KMS Instance                                      |`set`   | n/a     | no      |
+| allowed_network_policy   | Types of the service endpoints.                                |`string`| n/a     | no      |
+| kms_instance_guid        | GUID of the Instance                                           |`string`| n/a     | yes     |
+| name                     | Name of the Key                                                |`string`| n/a     | yes     |
+| standard_key_type        | Determines if it has to be a standard key or root key          |`bool`  | false   | no      |
+| force_delete             | Determines if it has to be force deleted                       |`bool`  | false   | no      |
+| network_access_allowed   | public or private                                              |`string`| `public`| no      |
+| key_material             | Key Payload.                                                   |`string`| n/a     | yes     |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan 
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+ ## Note:
+* All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values.
+ * Provide `version` attribute in terraform block in versions.tf file to use specific version of terraform provider

examples/import-key/main.tf

@@ -0,0 +1,27 @@
+#########################################################################################
+# IBM Cloud Key Management Services Provisioning and Managing Keys
+# Copyright 2021 IBM
+#########################################################################################
+data "ibm_resource_group" "resource_group" {
+  name = var.resource_group
+}
+
+module "kms_instance" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/instance"
+  resource_group_id      = data.ibm_resource_group.resource_group.id
+  service_name           = var.service_name
+  location               = var.location
+  plan                   = "tiered-pricing"
+  tags                   = var.tags
+  allowed_network_policy = var.allowed_network_policy
+}
+
+module "kms_key" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/key"
+  kms_instance_guid      = module.kms_instance.kms_instance-guid
+  name                   = var.name
+  standard_key_type      = var.standard_key_type
+  force_delete           = var.force_delete
+  network_access_allowed = var.network_access_allowed
+  key_material           = var.key_material
+}

examples/import-key/outputs.tf

@@ -0,0 +1,7 @@
+#########################################################################################
+# IBM Cloud Key Management Services Provisioning and Managing Keys
+# Copyright 2021 IBM
+#########################################################################################
+output "kms-key_ouput" {
+  value = module.kms_key
+}

examples/import-key/variables.tf

@@ -0,0 +1,50 @@
+#########################################################################################
+# IBM Cloud Key Management Services Provisioning and Managing Keys
+# Copyright 2021 IBM
+#########################################################################################
+
+variable "resource_group" {
+  type        = string
+  description = "Resource group of instance"
+}
+variable "service_name" {
+  type        = string
+  description = "Name of KMS Instance"
+}
+variable "location" {
+  type        = string
+  description = "Location of KMS Instance"
+}
+variable "allowed_network_policy" {
+  default     = null
+  type        = string
+  description = "Types of the service endpoints. Possible values are 'private', 'public-and-private'."
+}
+variable "tags" {
+  default     = null
+  type        = set(string)
+  description = "Tags for the cms"
+}
+variable "name" {
+  description = "Name of the Key"
+  type        = string
+}
+variable "network_access_allowed" {
+  description = "Endpoint type of the Key"
+  type        = string
+  default     = null
+}
+variable "standard_key_type" {
+  description = "Determines if it is a standard key or not"
+  default     = null
+  type        = bool
+}
+variable "force_delete" {
+  description = "Determines if it has to be force deleted"
+  default     = null
+  type        = bool
+}
+variable "key_material" {
+  description = "key_material of the Key"
+  type        = string
+}

examples/import-key/versions.tf

@@ -0,0 +1,11 @@
+#########################################################################################
+# IBM Cloud Key Management Services Provisioning and Managing Keys
+# Copyright 2021 IBM
+#########################################################################################
+terraform {
+  required_providers {
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+    }
+  }
+}

examples/instance/README.md

@@ -0,0 +1,48 @@
+# KMS instance KMS Key Example
+
+This example is used to create a KMS Instance
+## Example Usage
+```
+data "ibm_resource_group" "resource_group" {
+  name = var.resource_group
+}
+
+module "kms_instance" {
+  source                 = "terraform-ibm-modules/kms/ibm//modules/instance"
+  resource_group_id      = data.ibm_resource_group.resource_group.id
+  service_name           = var.service_name
+  location               = var.location
+  plan                   = "tiered-pricing"
+  tags                   = var.tags
+  allowed_network_policy = var.allowed_network_policy
+}
+
+```
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+| Name                     | Description                                                    | Type   |Default  |Required |
+|--------------------------|----------------------------------------------------------------|:-------|:--------|:--------|
+| resource\_group          | Name of the resource group                                     |`string`| n/a     | yes     |
+| service_name             | A descriptive name used to identify the resource instance      |`string`| n/a     | yes     |
+| location                 | Target location or environment to create the resource instance |`string`| n/a     | yes     |
+| tags                     | Tags for the KMS Instance                                      |`set`   | n/a     | no      |
+| allowed_network_policy   | Types of the service endpoints.                                |`string`| n/a     | no      |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan 
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+ ## Note:
+* All optional fields are given value `null` in varaible.tf file. User can configure the same by overwriting with appropriate values.
+ * Provide `version` attribute in terraform block in versions.tf file to use specific version of terraform provider