ci: onboarding module to ibm registery

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-06-07T10:48:18Z",
+  "generated_at": "2023-11-22T17:09:56Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -86,6 +86,16 @@
         "type": "Secret Keyword",
         "verified_result": null
       }
+    ],
+    "ibm_catalog.json": [
+      {
+        "hashed_secret": "2a66dd6b2184e0722c4f448eaac79a1897987a30",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 22,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
     ]
   },
   "version": "0.13.1+ibm.61.dss",

README.md

@@ -19,19 +19,19 @@ provider "ibm" {
 
 # KMS root key
 module "kms_root_key" {
-  source  = "terraform-ibm-modules/kms-key/ibm"
-  version = "latest" # Replace "latest" with a release version to lock into a specific release
-  kms_instance_id = ibm_resource_instance.kms_instance.guid
-  key_name                = "my-root-key"
+  source          = "terraform-ibm-modules/kms-key/ibm"
+  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"
+  key_name        = "my-root-key"
 }
 
 # KMS standard key
 module "kms_standard_key" {
-  source  = "terraform-ibm-modules/kms-key/ibm"
-  version = "latest" # Replace "latest" with a release version to lock into a specific release
-  kms_instance_id = ibm_resource_instance.kms_instance.guid
-  key_name                = "my-standard-key"
-  standard_key            = true
+  source          = "terraform-ibm-modules/kms-key/ibm"
+  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
+  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"
+  key_name        = "my-standard-key"
+  standard_key    = true
 }
 ```
 
@@ -49,8 +49,8 @@ You need the following permissions to run this module.
 <!-- BEGIN EXAMPLES HOOK -->
 ## Examples
 
-- [ End to end example with default values](examples/default)
-- [ Example that uses existing KMS instance](examples/existing-kms)
+- [ Basic example](examples/basic)
+- [ Complete example](examples/complete)
 <!-- END EXAMPLES HOOK -->
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ### Requirements

cra-config.yaml

@@ -1,7 +1,7 @@
 # More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
 version: "v1"
 CRA_TARGETS:
-  - CRA_TARGET: "examples/default" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+  - CRA_TARGET: "examples/complete" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
     # SCC_INSTANCE_ID: "" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.

examples/basic/README.md

@@ -0,0 +1,7 @@
+# Basic example
+
+A simple example that shows how to create a standard and a root key in an existing IBM Key Management Service (KMS) instance.
+
+The following resources are provisioned by this example:
+ - Create a root key in the existing KMS instance.
+ - Create a standard key in the existing KMS instance.

examples/basic/catalogValidationValues.json.template

@@ -0,0 +1,5 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "existing_kms_instance_guid": $HPCS_US_SOUTH_GUID,
+  "prefix": $PREFIX
+}

examples/complete/README.md

@@ -0,0 +1,9 @@
+# Complete example
+
+A complete example showing how to provision a Key Protect instance, a root key and a standard key.
+
+The following resources are provisioned by this example:
+ - A new resource group, if an existing one is not passed in.
+ - An IBM Key Protect instance.
+ - A Root Key in the KMS instance.
+ - A Standard Key in the KMS instance.

examples/complete/catalogValidationValues.json.template

@@ -0,0 +1,6 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "region": "us-south",
+  "resource_tags": $TAGS,
+  "prefix": $PREFIX
+}

ibm_catalog.json

@@ -0,0 +1,73 @@
+{
+  "products": [
+    {
+      "name": "terraform-ibm-kms-key",
+      "label": "KMS Key module",
+      "product_kind": "module",
+      "tags": [
+        "dev_ops",
+        "target_terraform",
+        "terraform",
+        "module"
+      ],
+      "keywords": [
+        "terraform",
+        "key protect",
+        "hpcs",
+        "keys",
+        "encryption",
+        "kms"
+      ],
+      "short_description": "Terraform module to create a standard or root key in an IBM Key Management Service (KMS).",
+      "long_description": "Use this module to create a standard or root key in an existing key ring and IBM Key Management Services (KMS) instance. The KMS can be IBM Key Protect or IBM Cloud Hyper Protect Crypto Services(HPCS) instance. You can specify rotation and deletion policies for the keys.\n\n### Usage\n```hcl\nprovider \"ibm\" {\n  ibmcloud_api_key = \"XXXXXXXXXX\"\n  # Must be the same region the KMS instance is in\n  region           = \"us-south\"\n}\n\n# KMS root key\nmodule \"kms_root_key\" {\n  # Replace \"X.X.X\" with a release version to lock into a specific release\n  source.         = \"https://cm.globalcatalog.cloud.ibm.com/api/v1-beta/offering/source?archive=tgz&kind=terraform&name=terraform-ibm-kms-key&version=X.X.X\"\n  kms_instance_id = \"XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx\"\n  key_name        = \"my-root-key\"\n}\n\n# KMS standard key\nmodule \"kms_standard_key\" {\n  # Replace \"X.X.X\" with a release version to lock into a specific release\n  source.         = \"https://cm.globalcatalog.cloud.ibm.com/api/v1-beta/offering/source?archive=tgz&kind=terraform&name=terraform-ibm-kms-key&version=X.X.X\"\n  kms_instance_id = \"XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx\"\n  key_name        = \"my-standard-key\"\n  standard_key    = true\n}\n```",
+      "offering_docs_url": "https://github.com/terraform-ibm-modules/terraform-ibm-kms-key/blob/main/README.md",
+      "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/key_protect_icon.svg",
+      "features": [
+        {
+          "title": "Create a KMS key",
+          "description": "Create a standard or root key in an existing IBM KMS instance key ring."
+        },
+        {
+          "title": "Create a KMS key policy",
+          "description": "Create a key policy for a standard or root key in an IBM KMS instance."
+        }
+      ],
+      "flavors": [
+        {
+          "label": "Basic",
+          "name": "basic",
+          "working_directory": "examples/basic",
+          "architecture": {
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Basic example",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/ModuleExampleDiagram.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "A simple example that shows how to create a standard and a root key in an existing IBM Key Management Service (KMS) instance."
+              }
+            ]
+          }
+        },
+        {
+          "label": "Complete",
+          "name": "complete",
+          "working_directory": "examples/complete",
+          "architecture": {
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Complete example",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/documentation/main/icons/ModuleExampleDiagram.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "A complete example that shows how to provision a Key Protect instance, a root key and a standard key."
+              }
+            ]
+          }
+        }
+      ]
+    }
+  ]
+}

tests/pr_test.go

@@ -13,8 +13,8 @@ import (
 
 // Use existing resource group for tests
 const resourceGroup = "geretain-test-key-protect-key"
-const defaultExampleTerraformDir = "examples/default"
-const existingKmsExampleTerraformDir = "examples/existing-kms"
+const completeExampleTerraformDir = "examples/complete"
+const basicExampleTerraformDir = "examples/basic"
 
 // Define a struct with fields that match the structure of the YAML data
 const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-resources.yaml"
@@ -36,15 +36,15 @@ func TestMain(m *testing.M) {
 func setupOptions(t *testing.T, prefix string) *testhelper.TestOptions {
 	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
 		Testing:       t,
-		TerraformDir:  defaultExampleTerraformDir,
+		TerraformDir:  completeExampleTerraformDir,
 		Prefix:        prefix,
 		ResourceGroup: resourceGroup,
 	})
 
 	return options
 }
 
-func TestRunDefaultExample(t *testing.T) {
+func TestRunCompleteExample(t *testing.T) {
 	t.Parallel()
 
 	options := setupOptions(t, "kms-key")
@@ -53,12 +53,12 @@ func TestRunDefaultExample(t *testing.T) {
 	assert.NotNil(t, output, "Expected some output")
 }
 
-func TestRunExistingKMSExample(t *testing.T) {
+func TestRunBasicExample(t *testing.T) {
 	t.Parallel()
 
 	options := testhelper.TestOptionsDefault(&testhelper.TestOptions{
 		Testing:      t,
-		TerraformDir: existingKmsExampleTerraformDir,
+		TerraformDir: basicExampleTerraformDir,
 		Prefix:       "hpcs",
 		TerraformVars: map[string]interface{}{
 			"existing_kms_instance_guid": permanentResources["hpcs_south"],
@@ -70,7 +70,7 @@ func TestRunExistingKMSExample(t *testing.T) {
 	assert.NotNil(t, output, "Expected some output")
 }
 
-func TestRunUpgrade(t *testing.T) {
+func TestRunCompleteUpgrade(t *testing.T) {
 	t.Parallel()
 
 	options := setupOptions(t, "kms-key-upg")