add field key_state and set is_enabled, is_archived based on key_state

ChrisdeR · ChrisdeR · commit 360a8bfefb82 · 2021-03-16T11:33:10.000+08:00
diff --git a/tencentcloud/resource_tc_kms_external_key.go b/tencentcloud/resource_tc_kms_external_key.go
@@ -10,6 +10,7 @@ resource "tencentcloud_kms_external_key" "foo" {
 	wrapping_algorithm = "RSAES_PKCS1_V1_5"
 	key_material_base64 = "MTIzMTIzMTIzMTIzMTIzQQ=="
 	valid_to = 2147443200
+	is_enabled = true
 }
 ```
 
@@ -124,33 +125,33 @@ func resourceTencentCloudKmsExternalKeyCreate(d *schema.ResourceData, meta inter
 			log.Printf("[CRITAL]%s Create KMS external key failed, reason:%+v", logId, err)
 			return err
 		}
-	}
 
-	if isEnabled := d.Get("is_enabled").(bool); !isEnabled {
-		err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-			e := kmsService.DisableKey(ctx, d.Id())
-			if e != nil {
-				return retryError(e)
+		if isEnabled := d.Get("is_enabled").(bool); !isEnabled {
+			err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+				e := kmsService.DisableKey(ctx, d.Id())
+				if e != nil {
+					return retryError(e)
+				}
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
+				return err
 			}
-			return nil
-		})
-		if err != nil {
-			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
-			return err
 		}
-	}
 
-	if isArchived := d.Get("is_archived").(bool); isArchived {
-		err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-			e := kmsService.ArchiveKey(ctx, d.Id())
-			if e != nil {
-				return retryError(e)
+		if isArchived := d.Get("is_archived").(bool); isArchived {
+			err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+				e := kmsService.ArchiveKey(ctx, d.Id())
+				if e != nil {
+					return retryError(e)
+				}
+				return nil
+			})
+			if err != nil {
+				log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
+				return err
 			}
-			return nil
-		})
-		if err != nil {
-			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
-			return err
 		}
 	}
 
@@ -202,6 +203,10 @@ func resourceTencentCloudKmsExternalKeyRead(d *schema.ResourceData, meta interfa
 
 	_ = d.Set("alias", key.Alias)
 	_ = d.Set("description", key.Description)
+	_ = d.Set("valid_to", key.ValidTo)
+	_ = d.Set("key_state", key.KeyState)
+	transformKeyState(d)
+
 	tcClient := meta.(*TencentCloudClient).apiV3Conn
 	tagService := &TagService{client: tcClient}
 	tags, err := tagService.DescribeResourceTags(ctx, "kms", "key", tcClient.Region, *key.ResourceId)
@@ -269,24 +274,21 @@ func resourceTencentCloudKmsExternalKeyUpdate(d *schema.ResourceData, meta inter
 		}
 	}
 
-	if d.HasChange("is_enabled") {
-		isEnabled := d.Get("is_enabled").(bool)
-		err := updateIsEnabled(ctx, kmsService, keyId, isEnabled)
+	if isArchived, ok := d.GetOk("is_archived"); ok {
+		err := updateIsArchived(ctx, kmsService, keyId, isArchived.(bool))
 		if err != nil {
 			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
 			return err
 		}
-		d.SetPartial("is_enabled")
-	}
-
-	if d.HasChange("is_archived") {
-		isArchived := d.Get("is_archived").(bool)
-		err := updateIsArchived(ctx, kmsService, keyId, isArchived)
+		d.SetPartial("is_archived")
+	} else {
+		isEnabled := d.Get("is_enabled").(bool)
+		err := updateIsEnabled(ctx, kmsService, keyId, isEnabled)
 		if err != nil {
 			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
 			return err
 		}
-		d.SetPartial("is_archived")
+		d.SetPartial("is_enabled")
 	}
 
 	if d.HasChange("tags") {
diff --git a/tencentcloud/resource_tc_kms_external_key_test.go b/tencentcloud/resource_tc_kms_external_key_test.go
@@ -49,6 +49,7 @@ resource "tencentcloud_kms_external_key" "test" {
 	description = %[1]q
 	wrapping_algorithm = "RSAES_PKCS1_V1_5"
 	key_material_base64 = "MTIzMTIzMTIzMTIzMTIzQQ=="
+	is_enabled = true
 
 	tags = {
     "test-tag" = "unit-test"
diff --git a/tencentcloud/resource_tc_kms_key.go b/tencentcloud/resource_tc_kms_key.go
@@ -8,6 +8,7 @@ resource "tencentcloud_kms_key" "foo" {
 	alias = "test"
 	description = "describe key test message."
 	key_rotation_enabled = true
+	is_enabled = true
 
 	tags = {
 		"test-tag":"key-test"
@@ -49,16 +50,16 @@ func TencentKmsBasicInfo() map[string]*schema.Schema {
 			Description: "Description of CMK. The maximum is 1024 bytes.",
 		},
 		"is_enabled": {
-			Type:        schema.TypeBool,
-			Optional:    true,
-			Default:     true,
-			Description: "Specify whether to enable key. Default value is `true`.",
+			Type:          schema.TypeBool,
+			Optional:      true,
+			ConflictsWith: []string{"is_archived"},
+			Description:   "Specify whether to enable key. Default value is `false`.",
 		},
 		"is_archived": {
-			Type:        schema.TypeBool,
-			Optional:    true,
-			Default:     false,
-			Description: "Specify whether to archive key. Default value is `false`.",
+			Type:          schema.TypeBool,
+			Optional:      true,
+			ConflictsWith: []string{"is_enabled"},
+			Description:   "Specify whether to archive key. Default value is `false`.",
 		},
 		"pending_delete_window_in_days": {
 			Type:        schema.TypeInt,
@@ -71,6 +72,11 @@ func TencentKmsBasicInfo() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "Tags of CMK.",
 		},
+		"key_state": {
+			Type:        schema.TypeString,
+			Computed:    true,
+			Description: "State of CMK.",
+		},
 	}
 }
 
@@ -235,8 +241,10 @@ func resourceTencentCloudKmsKeyRead(d *schema.ResourceData, meta interface{}) er
 
 	_ = d.Set("alias", key.Alias)
 	_ = d.Set("description", key.Description)
+	_ = d.Set("key_state", key.KeyState)
 	_ = d.Set("key_usage", key.KeyUsage)
 	_ = d.Set("key_rotation_enabled", key.KeyRotationEnabled)
+	transformKeyState(d)
 
 	tcClient := meta.(*TencentCloudClient).apiV3Conn
 	tagService := &TagService{client: tcClient}
@@ -291,24 +299,21 @@ func resourceTencentCloudKmsKeyUpdate(d *schema.ResourceData, meta interface{})
 		d.SetPartial("alias")
 	}
 
-	if d.HasChange("is_enabled") {
-		isEnabled := d.Get("is_enabled").(bool)
-		err := updateIsEnabled(ctx, kmsService, keyId, isEnabled)
+	if isArchived, ok := d.GetOk("is_archived"); ok {
+		err := updateIsArchived(ctx, kmsService, keyId, isArchived.(bool))
 		if err != nil {
 			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
 			return err
 		}
-		d.SetPartial("is_enabled")
-	}
-
-	if d.HasChange("is_archived") {
-		isArchived := d.Get("is_archived").(bool)
-		err := updateIsArchived(ctx, kmsService, keyId, isArchived)
+		d.SetPartial("is_archived")
+	} else {
+		isEnabled := d.Get("is_enabled").(bool)
+		err := updateIsEnabled(ctx, kmsService, keyId, isEnabled)
 		if err != nil {
 			log.Printf("[CRITAL]%s modify key state failed, reason:%+v", logId, err)
 			return err
 		}
-		d.SetPartial("is_archived")
+		d.SetPartial("is_enabled")
 	}
 
 	if d.HasChange("key_rotation_enabled") {
@@ -458,3 +463,15 @@ func updateIsArchived(ctx context.Context, kmsService KmsService, keyId string,
 	}
 	return err
 }
+
+func transformKeyState(d *schema.ResourceData) {
+	keyState := d.Get("key_state").(string)
+	switch keyState {
+	case KMS_KEY_STATE_ENABLED:
+		_ = d.Set("is_enabled", true)
+	case KMS_KEY_STATE_DISABLED:
+		_ = d.Set("is_enabled", false)
+	case KMS_KEY_STATE_ARCHIVED:
+		_ = d.Set("is_archived", true)
+	}
+}
diff --git a/tencentcloud/resource_tc_kms_key_test.go b/tencentcloud/resource_tc_kms_key_test.go
@@ -172,6 +172,7 @@ resource "tencentcloud_kms_key" "test" {
 	alias = %[1]q
 	description = %[1]q
   	key_rotation_enabled = true
+	is_enabled = true
 
 	tags = {
     "test-tag" = "unit-test"
diff --git a/website/docs/r/kms_external_key.html.markdown b/website/docs/r/kms_external_key.html.markdown
@@ -20,6 +20,7 @@ resource "tencentcloud_kms_external_key" "foo" {
   wrapping_algorithm  = "RSAES_PKCS1_V1_5"
   key_material_base64 = "MTIzMTIzMTIzMTIzMTIzQQ=="
   valid_to            = 2147443200
+  is_enabled          = true
 }
 ```
 
@@ -30,7 +31,7 @@ The following arguments are supported:
 * `alias` - (Required) Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
 * `description` - (Optional) Description of CMK. The maximum is 1024 bytes.
 * `is_archived` - (Optional) Specify whether to archive key. Default value is `false`.
-* `is_enabled` - (Optional) Specify whether to enable key. Default value is `true`.
+* `is_enabled` - (Optional) Specify whether to enable key. Default value is `false`.
 * `key_material_base64` - (Optional) The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
 * `pending_delete_window_in_days` - (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
 * `tags` - (Optional) Tags of CMK.
@@ -42,7 +43,7 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 * `id` - ID of the resource.
-
+* `key_state` - State of CMK.
 
 
 ## Import
diff --git a/website/docs/r/kms_key.html.markdown b/website/docs/r/kms_key.html.markdown
@@ -18,6 +18,7 @@ resource "tencentcloud_kms_key" "foo" {
   alias                = "test"
   description          = "describe key test message."
   key_rotation_enabled = true
+  is_enabled           = true
 
   tags = {
     "test-tag" : "key-test"
@@ -32,7 +33,7 @@ The following arguments are supported:
 * `alias` - (Required) Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
 * `description` - (Optional) Description of CMK. The maximum is 1024 bytes.
 * `is_archived` - (Optional) Specify whether to archive key. Default value is `false`.
-* `is_enabled` - (Optional) Specify whether to enable key. Default value is `true`.
+* `is_enabled` - (Optional) Specify whether to enable key. Default value is `false`.
 * `key_rotation_enabled` - (Optional) Specify whether to enable key rotation, valid when key_usage is `ENCRYPT_DECRYPT`. Default value is `false`.
 * `key_usage` - (Optional, ForceNew) Usage of CMK. Available values include `ENCRYPT_DECRYPT`, `ASYMMETRIC_DECRYPT_RSA_2048`, `ASYMMETRIC_DECRYPT_SM2`, `ASYMMETRIC_SIGN_VERIFY_SM2`, `ASYMMETRIC_SIGN_VERIFY_RSA_2048`, `ASYMMETRIC_SIGN_VERIFY_ECC`. Default value is `ENCRYPT_DECRYPT`.
 * `pending_delete_window_in_days` - (Optional) Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
@@ -43,7 +44,7 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 * `id` - ID of the resource.
-
+* `key_state` - State of CMK.
 
 
 ## Import
