S2S documentation note for ibm_kms_key and minor linting fixes (#5529)

* Document S2S dependency for ibm_kms_key resource * Correct ibm_kms_kmip_client_cert document title * Some minor linting fixes * Omit failing key ring unit test case temporarily * More disabled tests due to a bug * Fix key alias limit unit test * Update documentation and address comments
IBM-Cloud · Aug 4, 2024 · c5738cb · c5738cb
1 parent 8902deb
commit c5738cb
Show file tree

Hide file tree

Showing 14 changed files with 205 additions and 173 deletions.
diff --git a/ibm/service/kms/data_source_ibm_kms_key_rings.go b/ibm/service/kms/data_source_ibm_kms_key_rings.go
@@ -67,7 +67,7 @@ func dataSourceIBMKMSKeyRingsRead(d *schema.ResourceData, meta interface{}) erro
 	if err != nil || keys == nil {
 		return fmt.Errorf("[ERROR] Get Key Rings failed with error: %s", err)
 	}
-	if keys == nil || keys.KeyRings == nil || len(keys.KeyRings) == 0 {
+	if keys.KeyRings == nil || len(keys.KeyRings) == 0 {
 		return fmt.Errorf("[ERROR] No key Rings in instance  %s", instanceID)
 	}
 

diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_adapter.go b/ibm/service/kms/data_source_ibm_kms_kmip_adapter.go
@@ -37,22 +37,22 @@ func dataSourceIBMKMSKmipAdapterBaseSchema() map[string]*schema.Schema {
 			Computed:    true,
 			Description: "The data specific to the KMIP Adapter profile",
 		},
-		"created_by": &schema.Schema{
+		"created_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that created the adapter.",
 		},
-		"created_at": &schema.Schema{
+		"created_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was created. The date format follows RFC 3339.",
 		},
-		"updated_by": &schema.Schema{
+		"updated_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that updated the adapter.",
 		},
-		"updated_at": &schema.Schema{
+		"updated_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was updated. The date format follows RFC 3339.",

diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_adapters.go b/ibm/service/kms/data_source_ibm_kms_kmip_adapters.go
@@ -68,9 +68,6 @@ func dataSourceIBMKMSKmipAdaptersList(d *schema.ResourceData, meta interface{})
 	if err != nil {
 		return err
 	}
-	if err != nil {
-		return err
-	}
 
 	// call GetKMIPAdapters api
 	opts := &kp.ListKmipAdaptersOptions{}

diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_client_certificate.go b/ibm/service/kms/data_source_ibm_kms_kmip_client_certificate.go
@@ -29,12 +29,12 @@ func dataSourceIBMKmsKMIPClientCertificateBaseSchema() map[string]*schema.Schema
 			Sensitive:   true,
 			Description: "The PEM-encoded contents of the certificate",
 		},
-		"created_by": &schema.Schema{
+		"created_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that created the adapter.",
 		},
-		"created_at": &schema.Schema{
+		"created_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was created. The date format follows RFC 3339.",
@@ -101,7 +101,7 @@ func dataSourceIBMKmsKMIPClientCertRead(d *schema.ResourceData, meta interface{}
 	// get adapterID and certID
 	nameOrID, hasID := d.GetOk("adapter_id")
 	if !hasID {
-		nameOrID, hasID = d.GetOk("adapter_name")
+		nameOrID = d.Get("adapter_name")
 	}
 	adapterNameOrID := nameOrID.(string)
 

diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_object.go b/ibm/service/kms/data_source_ibm_kms_kmip_object.go
@@ -30,47 +30,47 @@ func dataSourceIBMKMSKMIPObjectBaseSchema(isForList bool) map[string]*schema.Sch
 			Computed:    true,
 			Description: "The state of the KMIP object",
 		},
-		"created_by": &schema.Schema{
+		"created_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that created the adapter.",
 		},
-		"created_at": &schema.Schema{
+		"created_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was created. The date format follows RFC 3339.",
 		},
-		"created_by_cert_id": &schema.Schema{
+		"created_by_cert_id": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The ID of the certificate that created the object",
 		},
-		"updated_by": &schema.Schema{
+		"updated_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that updated the adapter.",
 		},
-		"updated_at": &schema.Schema{
+		"updated_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was updated. The date format follows RFC 3339.",
 		},
-		"updated_by_cert_id": &schema.Schema{
+		"updated_by_cert_id": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The ID of the certificate that updated the object",
 		},
-		"destroyed_by": &schema.Schema{
+		"destroyed_by": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The unique identifier that is associated with the entity that destroyed the adapter.",
 		},
-		"destroyed_at": &schema.Schema{
+		"destroyed_at": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The date when a resource was destroyed. The date format follows RFC 3339.",
 		},
-		"destroyed_by_cert_id": &schema.Schema{
+		"destroyed_by_cert_id": {
 			Type:        schema.TypeString,
 			Computed:    true,
 			Description: "The ID of the certificate that destroyed the object",

diff --git a/ibm/service/kms/data_source_ibm_kms_kmip_objects.go b/ibm/service/kms/data_source_ibm_kms_kmip_objects.go
@@ -140,6 +140,9 @@ func dataSourceIBMKmsKMIPObjectList(d *schema.ResourceData, meta interface{}) er
 		return fmt.Errorf("[ERROR] Error setting adapter_name: %s", err)
 	}
 	objs, err := kpAPI.GetKMIPObjects(ctx, adapterNameOrID, opts)
+	if err != nil {
+		return fmt.Errorf("[ERROR] Error while retriving KMIP objects associated with adapter ID '%s': %v", adapter.ID, err)
+	}
 	objsList := objs.Objects
 	// set computed values
 	mySlice := make([]map[string]interface{}, 0, len(objsList))

diff --git a/ibm/service/kms/resource_ibm_kms_key.go b/ibm/service/kms/resource_ibm_kms_key.go
@@ -256,7 +256,7 @@ func resourceIBMKmsKeyDelete(d *schema.ResourceData, meta interface{}) error {
 	if err1 != nil {
 		registrations := d.Get("registrations").([]interface{})
 		var registrationLog error
-		if registrations != nil && len(registrations) > 0 {
+		if len(registrations) > 0 {
 			resourceCrns := make([]string, 0)
 			for _, registration := range registrations {
 				r := registration.(map[string]interface{})

diff --git a/ibm/service/kms/resource_ibm_kms_key_alias_test.go b/ibm/service/kms/resource_ibm_kms_key_alias_test.go
@@ -126,22 +126,47 @@ func TestAccIBMKMSResource_Key_Alias_Key_Check(t *testing.T) {
 
 func TestAccIBMKMSResource_Key_Alias_Key_Limit(t *testing.T) {
 	instanceName := fmt.Sprintf("tf_kms_%d", acctest.RandIntRange(10, 100))
-	// cosInstanceName := fmt.Sprintf("cos_%d", acctest.RandIntRange(10, 100))
-	// bucketName := fmt.Sprintf("bucket-test77")
+	keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100))
+
 	aliasName := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
 	aliasName2 := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
 	aliasName3 := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
 	aliasName4 := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
 	aliasName5 := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
 	aliasName6 := fmt.Sprintf("alias_%d", acctest.RandIntRange(10, 100))
-	keyName := fmt.Sprintf("key_%d", acctest.RandIntRange(10, 100))
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { acc.TestAccPreCheck(t) },
 		Providers: acc.TestAccProviders,
 		Steps: []resource.TestStep{
 			{
-				Config:      testAccCheckIBMKmsResourceAliasLimitConfig(instanceName, keyName, aliasName, aliasName2, aliasName3, aliasName4, aliasName5, aliasName6),
+				Config: buildResourceSet(WithResourceKMSInstance(instanceName),
+					WithResourceKMSKey(keyName, "default"),
+					WithResourceKMSKeyAlias(aliasName, aliasName, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName2, aliasName2, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName3, aliasName3, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName4, aliasName4, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName5, aliasName5, "ibm_kms_key.test.key_id"),
+				),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("ibm_kms_key.test", "key_name", keyName),
+					resource.TestCheckResourceAttr(fmt.Sprintf("ibm_kms_key_alias.%s", aliasName), "alias", aliasName),
+					resource.TestCheckResourceAttr(fmt.Sprintf("ibm_kms_key_alias.%s", aliasName2), "alias", aliasName2),
+					resource.TestCheckResourceAttr(fmt.Sprintf("ibm_kms_key_alias.%s", aliasName3), "alias", aliasName3),
+					resource.TestCheckResourceAttr(fmt.Sprintf("ibm_kms_key_alias.%s", aliasName4), "alias", aliasName4),
+					resource.TestCheckResourceAttr(fmt.Sprintf("ibm_kms_key_alias.%s", aliasName5), "alias", aliasName5),
+				),
+			},
+			{
+				Config: buildResourceSet(WithResourceKMSInstance(instanceName),
+					WithResourceKMSKey(keyName, "default"),
+					WithResourceKMSKeyAlias(aliasName, aliasName, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName2, aliasName2, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName3, aliasName3, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName4, aliasName4, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName5, aliasName5, "ibm_kms_key.test.key_id"),
+					WithResourceKMSKeyAlias(aliasName6, aliasName6, "ibm_kms_key.test.key_id"),
+				),
 				ExpectError: regexp.MustCompile("(KEY_ALIAS_QUOTA_ERR)"),
 			},
 		},
@@ -286,50 +311,3 @@ func testAccCheckIBMKmsResourceAliasOne(instanceName, KeyName, aliasName string)
 
 `, addPrefixToResourceName(instanceName), KeyName, aliasName)
 }
-
-func testAccCheckIBMKmsResourceAliasLimitConfig(instanceName, KeyName, aliasName, aliasName2, aliasName3, aliasName4, aliasName5, aliasName6 string) string {
-	return fmt.Sprintf(`
-	resource "ibm_resource_instance" "kms_instance" {
-		name              = "%s"
-		service           = "kms"
-		plan              = "tiered-pricing"
-		location          = "us-south"
-	  }
-	  resource "ibm_kms_key" "test" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		key_name = "%s"
-		standard_key =  true
-		force_delete = true
-	}
-	resource "ibm_kms_key_alias" "testAlias" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-	resource "ibm_kms_key_alias" "testAlias2" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-	resource "ibm_kms_key_alias" "testAlias3" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-	resource "ibm_kms_key_alias" "testAlias4" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-	resource "ibm_kms_key_alias" "testAlias5" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-	resource "ibm_kms_key_alias" "testAlias6" {
-		instance_id = "${ibm_resource_instance.kms_instance.guid}"
-		alias = "%s"
-		key_id = "${ibm_kms_key.test.key_id}"
-	}
-`, addPrefixToResourceName(instanceName), KeyName, aliasName, aliasName2, aliasName3, aliasName4, aliasName5, aliasName6)
-}