feat: renamed module to terraform-ibm-kms-key as official support added for HPCS (#398)

Author: maheshwarishikha

.github/settings.yml

@@ -15,12 +15,12 @@ repository:
   # By changing this field, you rename the repository.
 
   # Uncomment this name property and set the name to the current repo name.
-  name: "terraform-ibm-key-protect-key"
+  name: "terraform-ibm-kms-key"
 
   # The description is displayed under the repository name on the
   # organization page and in the 'About' section of the repository.
 
   # Uncomment this description property
   # and update the description to the current repo description.
-  description: "Module for creation of Key Protect keys"
-  topics: core-team, terraform, ibm-cloud, terraform-module, key-protect, kms
+  description: "Module for creation of KMS keys"
+  topics: core-team, terraform, ibm-cloud, terraform-module, key-protect, kms, hpcs

README.md

@@ -1,35 +1,35 @@
-# Key Protect key module
+# KMS key module
 
 [![Stable (With quality checks)](https://img.shields.io/badge/Status-Stable%20(With%20quality%20checks)-green?style=plastic)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
-[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-key-protect-key?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-key-protect-key/releases/latest)
+[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-kms-key?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-kms-key/releases/latest)
 [![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)
 
-This module supports creating a standard or root key in an existing key ring and Key Protect instance. You can specify rotation and deletion policies.
+This module supports creating a standard or root key in an existing key ring and KMS instance. KMS can be Key Protect or Hyper Protect Crypto Services(HPCS) instance. You can specify rotation and deletion policies for the keys.
 
 ## Usage
 
 ```hcl
 provider "ibm" {
   ibmcloud_api_key = "XXXXXXXXXX"
-  # Must be the same region the Key Protect instance is in
+  # Must be the same region the KMS instance is in
   region           = "us-south"
 }
 
-# Key Protect root key
-module "key_protect_root_key" {
-  source  = "terraform-ibm-modules/key-protect-key/ibm"
+# KMS root key
+module "kms_root_key" {
+  source  = "terraform-ibm-modules/kms-key/ibm"
   version = "latest" # Replace "latest" with a release version to lock into a specific release
-  key_protect_instance_id = ibm_resource_instance.key_protect_instance.guid
+  kms_instance_id = ibm_resource_instance.kms_instance.guid
   key_name                = "my-root-key"
 }
 
-# Key Protect standard key
-module "key_protect_standard_key" {
-  source  = "terraform-ibm-modules/key-protect-key/ibm"
+# KMS standard key
+module "kms_standard_key" {
+  source  = "terraform-ibm-modules/kms-key/ibm"
   version = "latest" # Replace "latest" with a release version to lock into a specific release
-  key_protect_instance_id = ibm_resource_instance.key_protect_instance.guid
+  kms_instance_id = ibm_resource_instance.kms_instance.guid
   key_name                = "my-standard-key"
   standard_key            = true
 }
@@ -42,7 +42,7 @@ You need the following permissions to run this module.
     - **Resource Group** service
         - `Viewer` platform access
 - IAM Services
-    - **Key Protect** service
+    - **KMS** service
         - `Viewer` platform access
         - `Manager` service access
 
@@ -76,12 +76,12 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_dual_auth_delete_enabled"></a> [dual\_auth\_delete\_enabled](#input\_dual\_auth\_delete\_enabled) | If set to true, Key Protect enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform. | `bool` | `false` | no |
+| <a name="input_dual_auth_delete_enabled"></a> [dual\_auth\_delete\_enabled](#input\_dual\_auth\_delete\_enabled) | If set to true, KMS enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform. | `bool` | `false` | no |
 | <a name="input_endpoint_type"></a> [endpoint\_type](#input\_endpoint\_type) | Endpoint to use when creating the Key | `string` | `"public"` | no |
 | <a name="input_force_delete"></a> [force\_delete](#input\_force\_delete) | Set as true to enable forcing deletion even if key is in use | `bool` | `false` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | Name to give the key | `string` | n/a | yes |
-| <a name="input_key_protect_instance_id"></a> [key\_protect\_instance\_id](#input\_key\_protect\_instance\_id) | ID or GUID of Key Protect Instance | `string` | n/a | yes |
-| <a name="input_key_protect_key_ring_id"></a> [key\_protect\_key\_ring\_id](#input\_key\_protect\_key\_ring\_id) | The ID of the key ring where you want to add your Key Protect key | `string` | `"default"` | no |
+| <a name="input_kms_instance_id"></a> [kms\_instance\_id](#input\_kms\_instance\_id) | ID or GUID of KMS Instance | `string` | n/a | yes |
+| <a name="input_kms_key_ring_id"></a> [kms\_key\_ring\_id](#input\_kms\_key\_ring\_id) | The ID of the key ring where you want to add your KMS key | `string` | `"default"` | no |
 | <a name="input_rotation_interval_month"></a> [rotation\_interval\_month](#input\_rotation\_interval\_month) | The key rotation time interval in months. Rotation policy cannot be set for standard key, so value is ignored if var.standard\_key is true | `number` | `1` | no |
 | <a name="input_standard_key"></a> [standard\_key](#input\_standard\_key) | Set as true for Standard Key, false for Root Key | `bool` | `false` | no |
 

examples/default/README.md

@@ -3,6 +3,6 @@
 An end-to-end example that uses the module's default variable values.
 This example will:
  - Create a new resource group (if existing one is not passed in).
- - Create a new Key Protect instance in the region and resource group provided.
- - Create a new Root Key in the Key Protect instance.
- - Create a new Standard Key in the Key Protect instance.
+ - Create a new KMS (Key Protect) instance in the region and resource group provided.
+ - Create a new Root Key in the KMS instance.
+ - Create a new Standard Key in the KMS instance.

examples/default/main.tf

@@ -11,7 +11,7 @@ module "resource_group" {
 }
 
 ##############################################################################
-# Key Protect instance
+# KMS (Key Protect) instance
 ##############################################################################
 
 resource "ibm_resource_instance" "key_protect_instance" {
@@ -24,22 +24,22 @@ resource "ibm_resource_instance" "key_protect_instance" {
 }
 
 ##############################################################################
-# Key Protect root key
+# KMS root key
 ##############################################################################
 
-module "key_protect_root_key" {
-  source                  = "../.."
-  key_protect_instance_id = ibm_resource_instance.key_protect_instance.guid
-  key_name                = "${var.prefix}-root-key"
+module "kms_root_key" {
+  source          = "../.."
+  kms_instance_id = ibm_resource_instance.key_protect_instance.guid
+  key_name        = "${var.prefix}-root-key"
 }
 
 ##############################################################################
-# Key Protect standard key
+# KMS standard key
 ##############################################################################
 
-module "key_protect_standard_key" {
-  source                  = "../.."
-  key_protect_instance_id = ibm_resource_instance.key_protect_instance.guid
-  key_name                = "${var.prefix}-standard-key"
-  standard_key            = true
+module "kms_standard_key" {
+  source          = "../.."
+  kms_instance_id = ibm_resource_instance.key_protect_instance.guid
+  key_name        = "${var.prefix}-standard-key"
+  standard_key    = true
 }

examples/default/outputs.tf

@@ -13,33 +13,33 @@ output "instance_guid" {
 }
 
 output "root_key_id" {
-  description = "Key Protect Key ID"
-  value       = module.key_protect_root_key.key_id
+  description = "Key Protect Root Key ID"
+  value       = module.kms_root_key.key_id
 }
 
 output "root_key_rotation_interval_month" {
-  description = "Month Interval for Rotation"
-  value       = module.key_protect_root_key.rotation_interval_month
+  description = "Month Interval for Rotation of Root Key"
+  value       = module.kms_root_key.rotation_interval_month
 }
 
 output "root_key_dual_auth_delete_enabled" {
   description = "Is Dual Auth Delete Enabled"
-  value       = module.key_protect_root_key.dual_auth_delete
+  value       = module.kms_root_key.dual_auth_delete
 }
 
 output "standard_key_id" {
-  description = "Key Protect Key ID"
-  value       = module.key_protect_standard_key.key_id
+  description = "Key Protect Standard Key ID"
+  value       = module.kms_standard_key.key_id
 }
 
 output "standard_key_rotation_interval_month" {
-  description = "Month Interval for Rotation"
-  value       = module.key_protect_standard_key.rotation_interval_month
+  description = "Month Interval for Rotation of Standard Key"
+  value       = module.kms_standard_key.rotation_interval_month
 }
 
 output "standard_key_dual_auth_delete_enabled" {
   description = "Is Dual Auth Delete Enabled"
-  value       = module.key_protect_standard_key.dual_auth_delete
+  value       = module.kms_standard_key.dual_auth_delete
 }
 
 output "resource_group_name" {

examples/default/variables.tf

@@ -13,7 +13,7 @@ variable "region" {
 variable "prefix" {
   type        = string
   description = "Prefix to append to all resources created by this example"
-  default     = "kp-key"
+  default     = "kms-key"
 }
 
 variable "resource_group" {

examples/existing-kms/main.tf

@@ -3,18 +3,18 @@
 ##############################################################################
 
 module "kms_root_key" {
-  source                  = "../.."
-  key_protect_instance_id = var.existing_kms_instance_guid
-  key_name                = "${var.prefix}-root-key"
+  source          = "../.."
+  kms_instance_id = var.existing_kms_instance_guid
+  key_name        = "${var.prefix}-root-key"
 }
 
 ##############################################################################
 # KMS standard key
 ##############################################################################
 
 module "kms_standard_key" {
-  source                  = "../.."
-  key_protect_instance_id = var.existing_kms_instance_guid
-  key_name                = "${var.prefix}-standard-key"
-  standard_key            = true
+  source          = "../.."
+  kms_instance_id = var.existing_kms_instance_guid
+  key_name        = "${var.prefix}-standard-key"
+  standard_key    = true
 }

examples/existing-kms/outputs.tf

@@ -3,7 +3,7 @@
 ##############################################################################
 
 output "root_key_id" {
-  description = "Key Protect Key ID"
+  description = "KMS Root Key ID"
   value       = module.kms_root_key.key_id
 }
 
@@ -18,7 +18,7 @@ output "root_key_dual_auth_delete_enabled" {
 }
 
 output "standard_key_id" {
-  description = "Key Protect Key ID"
+  description = "KMS Standard Key ID"
   value       = module.kms_standard_key.key_id
 }
 

main.tf

@@ -1,11 +1,11 @@
 ##############################################################################
-# Key Protect Key module
+# KMS Key module
 ##############################################################################
 
 resource "ibm_kms_key" "key" {
-  instance_id   = var.key_protect_instance_id
+  instance_id   = var.kms_instance_id
   key_name      = var.key_name
-  key_ring_id   = var.key_protect_key_ring_id
+  key_ring_id   = var.kms_key_ring_id
   standard_key  = var.standard_key
   endpoint_type = var.endpoint_type
   force_delete  = var.force_delete
@@ -14,7 +14,7 @@ resource "ibm_kms_key" "key" {
 resource "ibm_kms_key_policies" "root_key_policy" {
   count         = var.standard_key ? 0 : 1
   endpoint_type = var.endpoint_type
-  instance_id   = var.key_protect_instance_id
+  instance_id   = var.kms_instance_id
   key_id        = ibm_kms_key.key.key_id
   rotation {
     interval_month = var.rotation_interval_month
@@ -27,7 +27,7 @@ resource "ibm_kms_key_policies" "root_key_policy" {
 resource "ibm_kms_key_policies" "standard_key_policy" {
   count         = var.standard_key ? 1 : 0
   endpoint_type = var.endpoint_type
-  instance_id   = var.key_protect_instance_id
+  instance_id   = var.kms_instance_id
   key_id        = ibm_kms_key.key.key_id
   dual_auth_delete {
     enabled = var.dual_auth_delete_enabled

module-metadata.json

@@ -4,7 +4,7 @@
     "dual_auth_delete_enabled": {
       "name": "dual_auth_delete_enabled",
       "type": "bool",
-      "description": "If set to true, Key Protect enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform.",
+      "description": "If set to true, KMS enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform.",
       "default": false,
       "pos": {
         "filename": "variables.tf",
@@ -55,10 +55,10 @@
       },
       "immutable": true
     },
-    "key_protect_instance_id": {
-      "name": "key_protect_instance_id",
+    "kms_instance_id": {
+      "name": "kms_instance_id",
       "type": "string",
-      "description": "ID or GUID of Key Protect Instance",
+      "description": "ID or GUID of KMS Instance",
       "required": true,
       "source": [
         "ibm_kms_key.key.instance_id",
@@ -75,10 +75,10 @@
         "service:kms|hs-crypto"
       ]
     },
-    "key_protect_key_ring_id": {
-      "name": "key_protect_key_ring_id",
+    "kms_key_ring_id": {
+      "name": "kms_key_ring_id",
       "type": "string",
-      "description": "The ID of the key ring where you want to add your Key Protect key",
+      "description": "The ID of the key ring where you want to add your KMS key",
       "default": "default",
       "source": [
         "ibm_kms_key.key.key_ring_id"
@@ -174,9 +174,9 @@
       "attributes": {
         "endpoint_type": "endpoint_type",
         "force_delete": "force_delete",
-        "instance_id": "key_protect_instance_id",
+        "instance_id": "kms_instance_id",
         "key_name": "key_name",
-        "key_ring_id": "key_protect_key_ring_id",
+        "key_ring_id": "kms_key_ring_id",
         "standard_key": "standard_key"
       },
       "provider": {
@@ -194,7 +194,7 @@
       "attributes": {
         "count": "standard_key",
         "endpoint_type": "endpoint_type",
-        "instance_id": "key_protect_instance_id"
+        "instance_id": "kms_instance_id"
       },
       "provider": {
         "name": "ibm"
@@ -211,7 +211,7 @@
       "attributes": {
         "count": "standard_key",
         "endpoint_type": "endpoint_type",
-        "instance_id": "key_protect_instance_id"
+        "instance_id": "kms_instance_id"
       },
       "provider": {
         "name": "ibm"