Merge pull request #2093 from tencentcloudstack/feat/kms

Feat/kms

Author: andrew-tx

.changelog/2093.txt

@@ -0,0 +1,3 @@
+```release-note:new-data-source
+tencentcloud_kms_public_key
+```

tencentcloud/data_source_tc_kms_public_key.go

@@ -0,0 +1,112 @@
+/*
+Use this data source to query detailed information of kms public_key
+
+Example Usage
+
+```hcl
+data "tencentcloud_kms_public_key" "example" {
+  key_id = tencentcloud_kms_key.example.id
+}
+
+resource "tencentcloud_kms_key" "example" {
+  alias                         = "tf-example-kms-key"
+  description                   = "example of kms key"
+  key_usage                     = "ASYMMETRIC_DECRYPT_RSA_2048"
+  is_enabled                    = true
+  pending_delete_window_in_days = 7
+}
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudKmsPublicKey() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudKmsPublicKeyRead,
+		Schema: map[string]*schema.Schema{
+			"key_id": {
+				Required:    true,
+				Type:        schema.TypeString,
+				Description: "CMK unique identifier.",
+			},
+			"public_key": {
+				Computed:    true,
+				Type:        schema.TypeString,
+				Description: "Base64-encoded public key content.",
+			},
+			"public_key_pem": {
+				Computed:    true,
+				Type:        schema.TypeString,
+				Description: "Public key content in PEM format.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudKmsPublicKeyRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_kms_public_key.read")()
+	defer inconsistentCheck(d, meta)()
+
+	var (
+		logId     = getLogId(contextNil)
+		ctx       = context.WithValue(context.TODO(), logIdKey, logId)
+		service   = KmsService{client: meta.(*TencentCloudClient).apiV3Conn}
+		publicKey *kms.GetPublicKeyResponseParams
+		keyId     string
+	)
+
+	paramMap := make(map[string]interface{})
+	if v, ok := d.GetOk("key_id"); ok {
+		paramMap["KeyId"] = helper.String(v.(string))
+		keyId = v.(string)
+	}
+
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := service.DescribeKmsPublicKeyByFilter(ctx, paramMap)
+		if e != nil {
+			return retryError(e)
+		}
+
+		publicKey = result
+		return nil
+	})
+
+	if err != nil {
+		return err
+	}
+
+	if publicKey.KeyId != nil {
+		_ = d.Set("key_id", publicKey.KeyId)
+	}
+
+	if publicKey.PublicKey != nil {
+		_ = d.Set("public_key", publicKey.PublicKey)
+	}
+
+	if publicKey.PublicKeyPem != nil {
+		_ = d.Set("public_key_pem", publicKey.PublicKeyPem)
+	}
+
+	d.SetId(keyId)
+	output, ok := d.GetOk("result_output_file")
+	if ok && output.(string) != "" {
+		if e := writeToFile(output.(string), d); e != nil {
+			return e
+		}
+	}
+
+	return nil
+}

tencentcloud/data_source_tc_kms_public_key_test.go

@@ -0,0 +1,42 @@
+package tencentcloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+// go test -i; go test -test.run TestAccTencentCloudKmsPublicKeyDataSource_basic -v
+func TestAccTencentCloudKmsPublicKeyDataSource_basic(t *testing.T) {
+	t.Parallel()
+	rName := fmt.Sprintf("tf-testacc-kms-key-%s", acctest.RandString(13))
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(testAccKmsPublicKeyDataSource, rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudDataSourceID("data.tencentcloud_kms_public_key.example"),
+				),
+			},
+		},
+	})
+}
+
+const testAccKmsPublicKeyDataSource = `
+data "tencentcloud_kms_public_key" "example" {
+  key_id = tencentcloud_kms_key.example.id
+}
+
+resource "tencentcloud_kms_key" "example" {
+  alias                         = "%s"
+  description                   = "example of kms key"
+  key_usage                     = "ASYMMETRIC_DECRYPT_RSA_2048"
+  is_enabled                    = true
+}
+`

tencentcloud/provider.go

@@ -536,6 +536,7 @@ Global Application Acceleration(GAAP)
 Key Management Service(KMS)
   Data Source
     tencentcloud_kms_keys
+    tencentcloud_kms_public_key
 
   Resource
     tencentcloud_kms_key
@@ -2043,6 +2044,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_protocol_templates":                        dataSourceTencentCloudProtocolTemplates(),
 			"tencentcloud_protocol_template_groups":                  dataSourceTencentCloudProtocolTemplateGroups(),
 			"tencentcloud_kms_keys":                                  dataSourceTencentCloudKmsKeys(),
+			"tencentcloud_kms_public_key":                            dataSourceTencentCloudKmsPublicKey(),
 			"tencentcloud_ssm_products":                              dataSourceTencentCloudSsmProducts(),
 			"tencentcloud_ssm_secrets":                               dataSourceTencentCloudSsmSecrets(),
 			"tencentcloud_ssm_secret_versions":                       dataSourceTencentCloudSsmSecretVersions(),

tencentcloud/service_tencentcloud_kms.go

@@ -404,3 +404,39 @@ func (me *KmsService) DeleteImportKeyMaterial(ctx context.Context, keyId string)
 
 	return nil
 }
+
+func (me *KmsService) DescribeKmsPublicKeyByFilter(ctx context.Context, param map[string]interface{}) (publicKey *kms.GetPublicKeyResponseParams, errRet error) {
+	var (
+		logId   = getLogId(ctx)
+		request = kms.NewGetPublicKeyRequest()
+	)
+
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), errRet.Error())
+		}
+	}()
+
+	for k, v := range param {
+		if k == "KeyId" {
+			request.KeyId = v.(*string)
+		}
+	}
+
+	ratelimit.Check(request.GetAction())
+
+	response, err := me.client.UseKmsClient().GetPublicKey(request)
+	if err != nil {
+		errRet = err
+		return
+	}
+
+	log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+	if response == nil {
+		return
+	}
+
+	publicKey = response.Response
+	return
+}

website/docs/d/kms_public_key.html.markdown

@@ -0,0 +1,44 @@
+---
+subcategory: "Key Management Service(KMS)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_kms_public_key"
+sidebar_current: "docs-tencentcloud-datasource-kms_public_key"
+description: |-
+  Use this data source to query detailed information of kms public_key
+---
+
+# tencentcloud_kms_public_key
+
+Use this data source to query detailed information of kms public_key
+
+## Example Usage
+
+```hcl
+data "tencentcloud_kms_public_key" "example" {
+  key_id = tencentcloud_kms_key.example.id
+}
+
+resource "tencentcloud_kms_key" "example" {
+  alias                         = "tf-example-kms-key"
+  description                   = "example of kms key"
+  key_usage                     = "ASYMMETRIC_DECRYPT_RSA_2048"
+  is_enabled                    = true
+  pending_delete_window_in_days = 7
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `key_id` - (Required, String) CMK unique identifier.
+* `result_output_file` - (Optional, String) Used to save results.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `public_key_pem` - Public key content in PEM format.
+* `public_key` - Base64-encoded public key content.
+
+

website/tencentcloud.erb

@@ -1863,6 +1863,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/d/kms_keys.html">tencentcloud_kms_keys</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/d/kms_public_key.html">tencentcloud_kms_public_key</a>
+                                </li>
                             </ul>
                         </li>
                         <li>