added tfdoc changes
This commit is contained in:
parent
795342569e
commit
2b80f477b7
|
@ -5,15 +5,14 @@ This module allows creating and managing KMS crypto keys and IAM bindings at bot
|
||||||
When using an existing keyring be mindful about applying IAM bindings, as all bindings used by this module are authoritative, and you might inadvertently override bindings managed by the keyring creator.
|
When using an existing keyring be mindful about applying IAM bindings, as all bindings used by this module are authoritative, and you might inadvertently override bindings managed by the keyring creator.
|
||||||
|
|
||||||
<!-- BEGIN TOC -->
|
<!-- BEGIN TOC -->
|
||||||
- [Google KMS Module](#google-kms-module)
|
- [Protecting against destroy](#protecting-against-destroy)
|
||||||
- [Protecting against destroy](#protecting-against-destroy)
|
- [Examples](#examples)
|
||||||
- [Examples](#examples)
|
- [Using an existing keyring](#using-an-existing-keyring)
|
||||||
- [Using an existing keyring](#using-an-existing-keyring)
|
- [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
|
||||||
- [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
|
- [Crypto key purpose](#crypto-key-purpose)
|
||||||
- [Crypto key purpose](#crypto-key-purpose)
|
- [Import job](#import-job)
|
||||||
- [Import job](#import-job)
|
- [Variables](#variables)
|
||||||
- [Variables](#variables)
|
- [Outputs](#outputs)
|
||||||
- [Outputs](#outputs)
|
|
||||||
<!-- END TOC -->
|
<!-- END TOC -->
|
||||||
|
|
||||||
## Protecting against destroy
|
## Protecting against destroy
|
||||||
|
@ -110,6 +109,7 @@ module "kms" {
|
||||||
location = "europe-west1"
|
location = "europe-west1"
|
||||||
name = "test"
|
name = "test"
|
||||||
}
|
}
|
||||||
|
import_job_create = true
|
||||||
import_job = {
|
import_job = {
|
||||||
id = "my-import-job"
|
id = "my-import-job"
|
||||||
import_method = "RSA_OAEP_3072_SHA1_AES_256"
|
import_method = "RSA_OAEP_3072_SHA1_AES_256"
|
||||||
|
@ -122,23 +122,26 @@ module "kms" {
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|---|---|:---:|:---:|:---:|
|
|---|---|:---:|:---:|:---:|
|
||||||
| [keyring](variables.tf#L54) | Keyring attributes. | <code title="object({ location = string name = string })">object({…})</code> | ✓ | |
|
| [keyring](variables.tf#L70) | Keyring attributes. | <code title="object({ location = string name = string })">object({…})</code> | ✓ | |
|
||||||
| [project_id](variables.tf#L103) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
| [project_id](variables.tf#L119) | Project id where the keyring will be created. | <code>string</code> | ✓ | |
|
||||||
| [iam](variables.tf#L17) | Keyring IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
| [iam](variables.tf#L17) | Keyring IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>{}</code> |
|
||||||
| [iam_bindings](variables.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [iam_bindings](variables.tf#L24) | Authoritative IAM bindings in {KEY => {role = ROLE, members = [], condition = {}}}. Keys are arbitrary. | <code title="map(object({ members = list(string) role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [iam_bindings_additive](variables.tf#L39) | Keyring individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [iam_bindings_additive](variables.tf#L39) | Keyring individual additive IAM bindings. Keys are arbitrary. | <code title="map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
| [keyring_create](variables.tf#L62) | Set to false to manage keys and IAM bindings in an existing keyring. | <code>bool</code> | | <code>true</code> |
|
| [import_job](variables.tf#L54) | Keyring import job attributes. | <code title="object({ id = string import_method = string protection_level = string })">object({…})</code> | | <code>null</code> |
|
||||||
| [keys](variables.tf#L68) | Key names and base attributes. Set attributes to null if not needed. | <code title="map(object({ rotation_period = optional(string) labels = optional(map(string)) purpose = optional(string, "ENCRYPT_DECRYPT") skip_initial_version_creation = optional(bool, false) version_template = optional(object({ algorithm = string protection_level = optional(string, "SOFTWARE") })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
| [import_job_create](variables.tf#L64) | Set to true to create an import job for a keyring. | <code>bool</code> | | <code>false</code> |
|
||||||
| [tag_bindings](variables.tf#L108) | Tag bindings for this keyring, in key => tag value id format. | <code>map(string)</code> | | <code>{}</code> |
|
| [keyring_create](variables.tf#L78) | Set to false to manage keys and IAM bindings in an existing keyring. | <code>bool</code> | | <code>true</code> |
|
||||||
|
| [keys](variables.tf#L84) | Key names and base attributes. Set attributes to null if not needed. | <code title="map(object({ rotation_period = optional(string) labels = optional(map(string)) purpose = optional(string, "ENCRYPT_DECRYPT") skip_initial_version_creation = optional(bool, false) version_template = optional(object({ algorithm = string protection_level = optional(string, "SOFTWARE") })) iam = optional(map(list(string)), {}) iam_bindings = optional(map(object({ members = list(string) condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) iam_bindings_additive = optional(map(object({ member = string role = string condition = optional(object({ expression = string title = string description = optional(string) })) })), {}) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||||
|
| [tag_bindings](variables.tf#L124) | Tag bindings for this keyring, in key => tag value id format. | <code>map(string)</code> | | <code>{}</code> |
|
||||||
|
|
||||||
## Outputs
|
## Outputs
|
||||||
|
|
||||||
| name | description | sensitive |
|
| name | description | sensitive |
|
||||||
|---|---|:---:|
|
|---|---|:---:|
|
||||||
| [id](outputs.tf#L17) | Fully qualified keyring id. | |
|
| [id](outputs.tf#L17) | Fully qualified keyring id. | |
|
||||||
| [key_ids](outputs.tf#L26) | Fully qualified key ids. | |
|
| [import_job](outputs.tf#L26) | Keyring import job resources. | |
|
||||||
| [keyring](outputs.tf#L38) | Keyring resource. | |
|
| [key_ids](outputs.tf#L35) | Fully qualified key ids. | |
|
||||||
| [keys](outputs.tf#L47) | Key resources. | |
|
| [keyring](outputs.tf#L47) | Keyring resource. | |
|
||||||
| [location](outputs.tf#L56) | Keyring location. | |
|
| [keys](outputs.tf#L56) | Key resources. | |
|
||||||
| [name](outputs.tf#L65) | Keyring name. | |
|
| [location](outputs.tf#L65) | Keyring location. | |
|
||||||
|
| [name](outputs.tf#L74) | Keyring name. | |
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
@ -55,6 +55,7 @@ resource "google_kms_crypto_key" "default" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_kms_key_ring_import_job" "default" {
|
resource "google_kms_key_ring_import_job" "default" {
|
||||||
|
count = var.import_job_create ? 1 : 0
|
||||||
key_ring = local.keyring.id
|
key_ring = local.keyring.id
|
||||||
import_job_id = var.import_job.id
|
import_job_id = var.import_job.id
|
||||||
import_method = var.import_job.import_method
|
import_method = var.import_job.import_method
|
||||||
|
|
|
@ -58,6 +58,13 @@ variable "import_job" {
|
||||||
import_method = string
|
import_method = string
|
||||||
protection_level = string
|
protection_level = string
|
||||||
})
|
})
|
||||||
|
default = null
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "import_job_create" {
|
||||||
|
description = "Set to true to create an import job for a keyring."
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "keyring" {
|
variable "keyring" {
|
||||||
|
|
Loading…
Reference in New Issue