Skip to content

Commit 059fd22

Browse files
authored
feat(dew): add a datasource to query KMS custom keys by tags (#7024)
1 parent 6d2fb89 commit 059fd22

File tree

4 files changed

+854
-9
lines changed

4 files changed

+854
-9
lines changed
Lines changed: 146 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,146 @@
1+
---
2+
subcategory: "Data Encryption Workshop (DEW)"
3+
layout: "huaweicloud"
4+
page_title: "HuaweiCloud: huaweicloud_kms_custom_keys_by_tags"
5+
description: |-
6+
Use this data source to query KMS custom keys by tags.
7+
---
8+
9+
# huaweicloud_kms_custom_keys_by_tags
10+
11+
Use this data source to query KMS custom keys by tags.
12+
13+
## Example Usage
14+
15+
```hcl
16+
variable "action" {}
17+
18+
data "huaweicloud_kms_custom_keys_by_tags" "test" {
19+
action = var.action
20+
}
21+
```
22+
23+
## Argument Reference
24+
25+
The following arguments are supported:
26+
27+
* `region` - (Optional, String) Specifies the region in which to query the resource.
28+
If omitted, the provider-level region will be used.
29+
30+
* `action` - (Required, String) Specifies the operation type. The valid values are as follows:
31+
+ **filter**: Indicates querying all information of records by tags.
32+
+ **count**: Indicates querying the total number of records by tags.
33+
34+
* `tags` - (Optional, List) Specifies the tag list, which is a collection of key-value pairs.
35+
The [tags](#tags_struct) structure is documented below.
36+
37+
* `matches` - (Optional, List) Specifies the field to be matched.
38+
The [matches](#matches_struct) structure is documented below.
39+
40+
* `sequence` - (Optional, String) Specifies the sequence number of the request message, `36` bytes.
41+
For example: **919c82d4-8046-4722-9094-35c3c6524cff**.
42+
43+
<a name="tags_struct"></a>
44+
The `tags` block supports:
45+
46+
* `key` - (Optional, String) Specifies the tag key. A CMK can have a maximum of `10` keys, and each of them is unique and
47+
cannot be empty. A key cannot have duplicate values. It consists of up to `36` characters.
48+
49+
* `values` - (Optional, List) Specifies the tag value set.
50+
51+
<a name="matches_struct"></a>
52+
The `matches` block supports:
53+
54+
* `key` - (Optional, String) Specifies the field to be matched, for example, **resource_name**.
55+
56+
* `value` - (Optional, String) Specifies the value to be matched. It contains a maximum of `255` characters and
57+
cannot be empty.
58+
59+
## Attribute Reference
60+
61+
In addition to all arguments above, the following attributes are exported:
62+
63+
* `id` - The data source ID.
64+
65+
* `total_count` - The total number of records.
66+
67+
* `resources` - The list of key resources.
68+
The [resources](#resources_struct) structure is documented below.
69+
70+
<a name="resources_struct"></a>
71+
The `resources` block supports:
72+
73+
* `resource_id` - The resource ID.
74+
75+
* `resource_detail` - The key details.
76+
The [resource_detail](#resource_detail_struct) structure is documented below.
77+
78+
* `resource_name` - The resource name. This parameter is an empty string by default.
79+
80+
* `tags` - The tag list. If there is no tag in the list, an empty array is returned.
81+
The [tags](#resource_tags_struct) structure is documented below.
82+
83+
<a name="resource_detail_struct"></a>
84+
The `resource_detail` block supports:
85+
86+
* `key_id` - The CMK ID.
87+
88+
* `domain_id` - The user domain ID.
89+
90+
* `key_alias` - The key alias.
91+
92+
* `realm` - The key realm.
93+
94+
* `key_spec` - The key generation algorithm. The values can be **AES_256**, **SM4**, **RSA_2048**, **RSA_3072**,
95+
**RSA_4096**, **EC_P256**, **EC_P384**, **SM2**.
96+
97+
* `key_usage` - The CMK usage. The value can be **ENCRYPT_DECRYPT**, **SIGN_VERIFY**.
98+
99+
* `key_description` - The key description.
100+
101+
* `creation_date` - The time when the key was created. The timestamp indicates the total seconds past the start of
102+
the epoch date (January 1, 1970).
103+
104+
* `scheduled_deletion_date` - The time when the key was scheduled to be deleted. The timestamp indicates the total
105+
seconds past the start of the epoch date **(January 1, 1970)**.
106+
107+
* `key_state` - The key status, which matches the regular expression **^[1-5]{1}$**. The valid values are as follows:
108+
+ **1**: Indicates to be activated.
109+
+ **2**: Indicates enabled.
110+
+ **3**: Indicates disabled.
111+
+ **4**: Indicates pending deletion.
112+
+ **5**: Indicates pending import.
113+
114+
* `default_key_flag` - The master key identifier. The valid values are as follows:
115+
+ **1**: Indicates default master keys.
116+
+ **2**: Indicates non-default master keys.
117+
118+
* `key_type` - The key type.
119+
120+
* `expiration_time` - The time when the key material expires. The timestamp indicates the total seconds past the start of
121+
the epoch date **(January 1, 1970)**.
122+
123+
* `origin` - The key source. The valid values are as follows:
124+
+ **kms**: Indicates the key material was generated by KMS.
125+
+ **external**: Indicates the key material was imported.
126+
127+
* `key_rotation_enabled` - The key rotation status. The default value is **false**, indicating that key rotation is disabled.
128+
129+
* `sys_enterprise_project_id` - The enterprise project ID. Its default value is **0**.
130+
For users who have enabled the enterprise project function, this value indicates that resources are in the default
131+
enterprise project. For users who have not enabled the enterprise project function, this value indicates that resources
132+
are not in the default enterprise project.
133+
134+
* `keystore_id` - The keystore ID.
135+
136+
* `key_label` - The key label in the encryption machine.
137+
138+
* `partition_type` - The partition type, enumerated as follows:
139+
+ **1**: Indicates professional version.
140+
141+
<a name="resource_tags_struct"></a>
142+
The `tags` block supports:
143+
144+
* `key` - The tag key.
145+
146+
* `value` - The tag value.

huaweicloud/provider.go

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1071,15 +1071,16 @@ func Provider() *schema.Provider {
10711071
"huaweicloud_ims_quotas": ims.DataSourceImsQuotas(),
10721072
"huaweicloud_ims_tags": ims.DataSourceTags(),
10731073

1074-
"huaweicloud_kms_data_key": dew.DataSourceKmsDataKeyV1(),
1075-
"huaweicloud_kms_grants": dew.DataSourceKmsGrants(),
1076-
"huaweicloud_kms_key": dew.DataSourceKmsKey(),
1077-
"huaweicloud_kms_keys": dew.DataSourceKmsKeys(),
1078-
"huaweicloud_kms_quotas": dew.DataSourceKMSQuotas(),
1079-
"huaweicloud_kms_public_key": dew.DataSourceKmsPublicKey(),
1080-
"huaweicloud_kps_failed_tasks": dew.DataSourceDewKpsFailedTasks(),
1081-
"huaweicloud_kps_running_tasks": dew.DataSourceDewKpsRunningTasks(),
1082-
"huaweicloud_kps_keypairs": dew.DataSourceKeypairs(),
1074+
"huaweicloud_kms_data_key": dew.DataSourceKmsDataKeyV1(),
1075+
"huaweicloud_kms_grants": dew.DataSourceKmsGrants(),
1076+
"huaweicloud_kms_key": dew.DataSourceKmsKey(),
1077+
"huaweicloud_kms_keys": dew.DataSourceKmsKeys(),
1078+
"huaweicloud_kms_quotas": dew.DataSourceKMSQuotas(),
1079+
"huaweicloud_kms_public_key": dew.DataSourceKmsPublicKey(),
1080+
"huaweicloud_kms_custom_keys_by_tags": dew.DataSourceKmsCustomKeysByTags(),
1081+
"huaweicloud_kps_failed_tasks": dew.DataSourceDewKpsFailedTasks(),
1082+
"huaweicloud_kps_running_tasks": dew.DataSourceDewKpsRunningTasks(),
1083+
"huaweicloud_kps_keypairs": dew.DataSourceKeypairs(),
10831084

10841085
"huaweicloud_iotda_device_messages": iotda.DataSourceDeviceMessages(),
10851086
"huaweicloud_iotda_device_proxies": iotda.DataSourceDeviceProxies(),

0 commit comments

Comments
 (0)