diff --git a/.secrets.baseline b/.secrets.baseline index 036376d..f98d103 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-06-10T00:13:05Z", + "generated_at": "2023-11-22T11:03:19Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -86,6 +86,16 @@ "type": "Secret Keyword", "verified_result": null } + ], + "ibm_catalog.json": [ + { + "hashed_secret": "2a66dd6b2184e0722c4f448eaac79a1897987a30", + "is_secret": false, + "is_verified": false, + "line_number": 21, + "type": "Secret Keyword", + "verified_result": null + } ] }, "version": "0.13.1+ibm.61.dss", diff --git a/README.md b/README.md index f7af5de..bf4f2a9 100644 --- a/README.md +++ b/README.md @@ -41,8 +41,8 @@ You need the following permissions to run this module. ## Examples -- [ End to end example with default values](examples/default) -- [ An example that uses existing KMS](examples/existing-kms) +- [ Basic example](examples/basic) +- [ Complete example](examples/complete) ### Requirements diff --git a/cra-config.yaml b/cra-config.yaml index f7cb101..cfc390f 100644 --- a/cra-config.yaml +++ b/cra-config.yaml @@ -1,6 +1,6 @@ # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml version: "v1" CRA_TARGETS: - - CRA_TARGET: "examples/default" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. + - CRA_TARGET: "examples/complete" # Target directory for CRA scan. If not provided, the CRA Scan will not be run. CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json` PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile). diff --git a/examples/basic/README.md b/examples/basic/README.md new file mode 100644 index 0000000..90e4653 --- /dev/null +++ b/examples/basic/README.md @@ -0,0 +1,6 @@ +# Basic example + +A simple example that shows how to create a key ring in an existing IBM Key Management Service (KMS) instance. + +The following resources are provisioned by this example: +- A key ring in an existing Key Management Service (KMS) instance. diff --git a/examples/basic/catalogValidationValues.json.template b/examples/basic/catalogValidationValues.json.template new file mode 100644 index 0000000..55d5589 --- /dev/null +++ b/examples/basic/catalogValidationValues.json.template @@ -0,0 +1,5 @@ +{ + "ibmcloud_api_key": $VALIDATION_APIKEY, + "existing_kms_instance_guid": $HPCS_US_SOUTH_GUID, + "prefix": $PREFIX +} diff --git a/examples/existing-kms/main.tf b/examples/basic/main.tf similarity index 99% rename from examples/existing-kms/main.tf rename to examples/basic/main.tf index bf89e03..5649d5a 100644 --- a/examples/existing-kms/main.tf +++ b/examples/basic/main.tf @@ -1,5 +1,3 @@ - - ############################################################################## # Key Ring module ############################################################################## diff --git a/examples/existing-kms/outputs.tf b/examples/basic/outputs.tf similarity index 100% rename from examples/existing-kms/outputs.tf rename to examples/basic/outputs.tf diff --git a/examples/existing-kms/provider.tf b/examples/basic/provider.tf similarity index 100% rename from examples/existing-kms/provider.tf rename to examples/basic/provider.tf diff --git a/examples/existing-kms/variables.tf b/examples/basic/variables.tf similarity index 100% rename from examples/existing-kms/variables.tf rename to examples/basic/variables.tf diff --git a/examples/existing-kms/version.tf b/examples/basic/version.tf similarity index 100% rename from examples/existing-kms/version.tf rename to examples/basic/version.tf diff --git a/examples/complete/README.md b/examples/complete/README.md new file mode 100644 index 0000000..972aff9 --- /dev/null +++ b/examples/complete/README.md @@ -0,0 +1,9 @@ +# Complete example + +A complete example showing how to provision a Key Protect instance, a new key ring, and a new key. + +The following resources are provisioned by this example: + - A new resource group, if an existing one is not passed in. + - An IBM Key Protect instance. + - A key ring in the IBM Key Protect instance. + - A key within the key ring. diff --git a/examples/complete/catalogValidationValues.json.template b/examples/complete/catalogValidationValues.json.template new file mode 100644 index 0000000..d761afa --- /dev/null +++ b/examples/complete/catalogValidationValues.json.template @@ -0,0 +1,6 @@ +{ + "ibmcloud_api_key": $VALIDATION_APIKEY, + "region": "us-south", + "resource_tags": $TAGS, + "prefix": $PREFIX +} diff --git a/examples/default/main.tf b/examples/complete/main.tf similarity index 100% rename from examples/default/main.tf rename to examples/complete/main.tf diff --git a/examples/default/outputs.tf b/examples/complete/outputs.tf similarity index 100% rename from examples/default/outputs.tf rename to examples/complete/outputs.tf diff --git a/examples/default/provider.tf b/examples/complete/provider.tf similarity index 100% rename from examples/default/provider.tf rename to examples/complete/provider.tf diff --git a/examples/default/variables.tf b/examples/complete/variables.tf similarity index 100% rename from examples/default/variables.tf rename to examples/complete/variables.tf diff --git a/examples/default/version.tf b/examples/complete/version.tf similarity index 100% rename from examples/default/version.tf rename to examples/complete/version.tf diff --git a/examples/default/README.md b/examples/default/README.md deleted file mode 100644 index 542aae5..0000000 --- a/examples/default/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# End to end example with default values - -An end-to-end example that uses the module's default variable values. -This example will: - - Create a new resource group (if existing one is not passed in). - - Create a new KMS (Key Protect) instance in the region and resource group provided. - - Create a Key Ring within the KMS Instance. - - Create a Key within the KMS Key Ring and Instance. diff --git a/examples/existing-kms/README.md b/examples/existing-kms/README.md deleted file mode 100644 index dbc8045..0000000 --- a/examples/existing-kms/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# An example that uses existing KMS - -An example that uses the existing KMS and create a Key Ring within the provided KMS Instance. diff --git a/ibm_catalog.json b/ibm_catalog.json new file mode 100644 index 0000000..f0372d7 --- /dev/null +++ b/ibm_catalog.json @@ -0,0 +1,68 @@ +{ + "products": [ + { + "name": "terraform-ibm-kms-key-ring", + "label": "KMS Key Ring module", + "product_kind": "module", + "tags": [ + "dev_ops", + "target_terraform", + "terraform", + "module" + ], + "keywords": [ + "terraform", + "key protect", + "hpcs", + "key ring", + "encryption" + ], + "short_description": "Terraform module to create a key ring in an IBM Key Management Service", + "long_description": "Use this module to create a key ring to help organize keys in an IBM Key Management Services (KMS) instance. The KMS can be IBM Key Protect or IBM Cloud Hyper Protect Crypto Services(HPCS) instance. For more information, about key rings, see [creating key rings in Key Protect](https://cloud.ibm.com/docs/key-protect?topic=key-protect-grouping-keys#create-key-ring-api) and [managing key rings in HPCS](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-managing-key-rings&interface=ui).\n\n### Usage\n```hcl\nprovider \"ibm\" {\n ibmcloud_api_key = \"XXXXXXXXXX\"\n # Must be the same region the KMS instance is in\n region = \"us-south\"\n}\n\nmodule \"kms_key_ring\" {\n # Replace \"X.X.X\" with a release version to lock into a specific release\n source = \"https://cm.globalcatalog.cloud.ibm.com/api/v1-beta/offering/source?archive=tgz&kind=terraform&name=terraform-ibm-kms-key-ring&version=X.X.X\"\n instance_id = \"XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx\"\n key_ring_id = \"my-key-ring\"\n}\n```", + "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-key-protect/blob/main/README.md", + "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/key_protect_icon.svg", + "features": [ + { + "title": "Create a KMS key ring", + "description": "Create a key ring in an IBM Key Management Service (KMS) instance." + } + ], + "flavors": [ + { + "label": "Basic", + "name": "basic", + "working_directory": "examples/basic", + "architecture": { + "diagrams": [ + { + "diagram": { + "caption": "Basic example", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/ModuleExampleDiagram.svg", + "type": "image/svg+xml" + }, + "description": "A simple example that shows how to create a key ring in an existing IBM Hyper Protect Crypto Service (HPCS) instance." + } + ] + } + }, + { + "label": "Complete", + "name": "complete", + "working_directory": "examples/complete", + "architecture": { + "diagrams": [ + { + "diagram": { + "caption": "Complete example", + "url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/ModuleExampleDiagram.svg", + "type": "image/svg+xml" + }, + "description": "A complete example showing how to provision a Key Protect instance, a new key ring, and a new key." + } + ] + } + } + ] + } + ] +} diff --git a/tests/pr_test.go b/tests/pr_test.go index c6a08b6..65a495a 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -13,8 +13,8 @@ import ( // Use existing resource group for tests const resourceGroup = "geretain-test-key-protect-key-ring" -const defaultExampleTerraformDir = "examples/default" -const existingKmsExampleTerraformDir = "examples/existing-kms" +const completeExampleTerraformDir = "examples/complete" +const basicExampleTerraformDir = "examples/basic" // Define a struct with fields that match the structure of the YAML data const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml" @@ -36,7 +36,7 @@ func TestMain(m *testing.M) { func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions { options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ Testing: t, - TerraformDir: defaultExampleTerraformDir, + TerraformDir: completeExampleTerraformDir, Prefix: prefix, ResourceGroup: resourceGroup, }) @@ -44,7 +44,7 @@ func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions { return options } -func TestRunDefaultExample(t *testing.T) { +func TestRunCompleteExample(t *testing.T) { t.Parallel() options := setupOptions(t, "kms-key-ring") @@ -53,12 +53,12 @@ func TestRunDefaultExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunExistingKMSExample(t *testing.T) { +func TestRunBasicExample(t *testing.T) { t.Parallel() options := testhelper.TestOptionsDefault(&testhelper.TestOptions{ Testing: t, - TerraformDir: existingKmsExampleTerraformDir, + TerraformDir: basicExampleTerraformDir, Prefix: "hpcs", TerraformVars: map[string]interface{}{ "existing_kms_instance_guid": permanentResources["hpcs_south"], @@ -70,7 +70,7 @@ func TestRunExistingKMSExample(t *testing.T) { assert.NotNil(t, output, "Expected some output") } -func TestRunUpgrade(t *testing.T) { +func TestRunCompleteExampleUpgrade(t *testing.T) { t.Parallel() options := setupOptions(t, "kms-key-ring-upg")