added import job support for kms module
This commit is contained in:
parent
0ac7bc838f
commit
795342569e
|
@ -5,13 +5,15 @@ This module allows creating and managing KMS crypto keys and IAM bindings at bot
|
||||||
When using an existing keyring be mindful about applying IAM bindings, as all bindings used by this module are authoritative, and you might inadvertently override bindings managed by the keyring creator.
|
When using an existing keyring be mindful about applying IAM bindings, as all bindings used by this module are authoritative, and you might inadvertently override bindings managed by the keyring creator.
|
||||||
|
|
||||||
<!-- BEGIN TOC -->
|
<!-- BEGIN TOC -->
|
||||||
- [Protecting against destroy](#protecting-against-destroy)
|
- [Google KMS Module](#google-kms-module)
|
||||||
- [Examples](#examples)
|
- [Protecting against destroy](#protecting-against-destroy)
|
||||||
|
- [Examples](#examples)
|
||||||
- [Using an existing keyring](#using-an-existing-keyring)
|
- [Using an existing keyring](#using-an-existing-keyring)
|
||||||
- [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
|
- [Keyring creation and crypto key rotation and IAM roles](#keyring-creation-and-crypto-key-rotation-and-iam-roles)
|
||||||
- [Crypto key purpose](#crypto-key-purpose)
|
- [Crypto key purpose](#crypto-key-purpose)
|
||||||
- [Variables](#variables)
|
- [Import job](#import-job)
|
||||||
- [Outputs](#outputs)
|
- [Variables](#variables)
|
||||||
|
- [Outputs](#outputs)
|
||||||
<!-- END TOC -->
|
<!-- END TOC -->
|
||||||
|
|
||||||
## Protecting against destroy
|
## Protecting against destroy
|
||||||
|
@ -94,6 +96,27 @@ module "kms" {
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=2 inventory=purpose.yaml
|
# tftest modules=1 resources=2 inventory=purpose.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Import job
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
module "kms" {
|
||||||
|
source = "./fabric/modules/kms"
|
||||||
|
project_id = "my-project"
|
||||||
|
iam = {
|
||||||
|
"roles/cloudkms.admin" = ["user:user1@example.com"]
|
||||||
|
}
|
||||||
|
keyring = {
|
||||||
|
location = "europe-west1"
|
||||||
|
name = "test"
|
||||||
|
}
|
||||||
|
import_job = {
|
||||||
|
id = "my-import-job"
|
||||||
|
import_method = "RSA_OAEP_3072_SHA1_AES_256"
|
||||||
|
protection_level = "SOFTWARE"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
|
|
|
@ -53,3 +53,10 @@ resource "google_kms_crypto_key" "default" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "google_kms_key_ring_import_job" "default" {
|
||||||
|
key_ring = local.keyring.id
|
||||||
|
import_job_id = var.import_job.id
|
||||||
|
import_method = var.import_job.import_method
|
||||||
|
protection_level = var.import_job.protection_level
|
||||||
|
}
|
|
@ -23,6 +23,15 @@ output "id" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "import_job" {
|
||||||
|
description = "Keyring import job resources."
|
||||||
|
value = google_kms_key_ring_import_job.default
|
||||||
|
depends_on = [
|
||||||
|
google_kms_key_ring_iam_binding.authoritative,
|
||||||
|
google_kms_key_ring_iam_binding.bindings
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
output "key_ids" {
|
output "key_ids" {
|
||||||
description = "Fully qualified key ids."
|
description = "Fully qualified key ids."
|
||||||
value = {
|
value = {
|
||||||
|
|
|
@ -51,6 +51,15 @@ variable "iam_bindings_additive" {
|
||||||
default = {}
|
default = {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "import_job" {
|
||||||
|
description = "Keyring import job attributes."
|
||||||
|
type = object({
|
||||||
|
id = string
|
||||||
|
import_method = string
|
||||||
|
protection_level = string
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
variable "keyring" {
|
variable "keyring" {
|
||||||
description = "Keyring attributes."
|
description = "Keyring attributes."
|
||||||
type = object({
|
type = object({
|
||||||
|
|
Loading…
Reference in New Issue