Skip to content

Commit

Permalink
#1761 Support "backup_encryption_key_crn" parameter for provisioning …
Browse files Browse the repository at this point in the history 
…icd.
  • Loading branch information
@kavya498 @hkantare
kavya498 authored and hkantare committed Aug 11, 2020
1 parent ee41397 commit 21d3efe
Show file tree
Hide file tree
Showing 4 changed files with 120 additions and 12 deletions.
33 changes: 33 additions & 0 deletions examples/ibm-database/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,36 @@ resource "ibm_database" "test_acc" {
}
}

# // Key Protect Integration
# resource "ibm_resource_instance" "kp_instance" {
# name = "test"
# service = "kms"
# plan = "tiered-pricing"
# location = "us-south"
# }
# resource "ibm_kp_key" "test" {
# key_protect_id = ibm_resource_instance.kp_instance.guid
# key_name = "testkey"
# }
# //Using the Key Protect Key for disk encryption
# resource "ibm_database" "redis" {
# resource_group_id = data.ibm_resource_group.group.id
# name = "redis-test"
# service = "databases-for-redis"
# plan = "standard"
# location = "us-south"
# service_endpoints = "private"
# key_protect_instance = ibm_resource_instance.kp_instance.guid
# key_protect_key = ibm_kp_key.test.id
# }
# //Using the Key Protect Key to encrypt disk that holds deployment backups
# resource "ibm_database" "redistest" {
# resource_group_id = data.ibm_resource_group.test_acc.id
# name = "redis-test-key"
# service = "databases-for-redis"
# plan = "standard"
# location = "us-south"
# service_endpoints = "private"
# backup_encryption_key_crn = ibm_kp_key.test.id

# }
32 changes: 21 additions & 11 deletions ibm/resource_ibm_database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,12 @@ func resourceIBMDatabaseInstance() *schema.Resource {
Optional: true,
ForceNew: true,
},
"backup_encryption_key_crn": {
Description: "The Backup Encryption Key CRN",
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
"tags": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -480,17 +486,18 @@ func resourceIBMDatabaseInstance() *schema.Resource {
}

type Params struct {
Version string `json:"version,omitempty"`
KeyProtectKey string `json:"key_protect_key,omitempty"`
Memory int `json:"members_memory_allocation_mb,omitempty"`
Disk int `json:"members_disk_allocation_mb,omitempty"`
CPU int `json:"members_cpu_allocation_count,omitempty"`
KeyProtectInstance string `json:"key_protect_instance,omitempty"`
ServiceEndpoints string `json:"service-endpoints,omitempty"`
BackupID string `json:"backup-id,omitempty"`
RemoteLeaderID string `json:"remote_leader_id,omitempty"`
PITRDeploymentID string `json:"point_in_time_recovery_deployment_id,omitempty"`
PITRTimeStamp string `json:"point_in_time_recovery_time,omitempty"`
Version string `json:"version,omitempty"`
KeyProtectKey string `json:"key_protect_key,omitempty"`
BackUpEncryptionCRN string `json:"backup_encryption_key_crn,omitempty"`
Memory int `json:"members_memory_allocation_mb,omitempty"`
Disk int `json:"members_disk_allocation_mb,omitempty"`
CPU int `json:"members_cpu_allocation_count,omitempty"`
KeyProtectInstance string `json:"key_protect_instance,omitempty"`
ServiceEndpoints string `json:"service-endpoints,omitempty"`
BackupID string `json:"backup-id,omitempty"`
RemoteLeaderID string `json:"remote_leader_id,omitempty"`
PITRDeploymentID string `json:"point_in_time_recovery_deployment_id,omitempty"`
PITRTimeStamp string `json:"point_in_time_recovery_time,omitempty"`
}

// Replace with func wrapper for resourceIBMResourceInstanceCreate specifying serviceName := "database......."
Expand Down Expand Up @@ -584,6 +591,9 @@ func resourceIBMDatabaseInstanceCreate(d *schema.ResourceData, meta interface{})
if backupID, ok := d.GetOk("backup_id"); ok {
params.BackupID = backupID.(string)
}
if backUpEncryptionKey, ok := d.GetOk("backup_encryption_key_crn"); ok {
params.BackUpEncryptionCRN = backUpEncryptionKey.(string)
}
if remoteLeader, ok := d.GetOk("remote_leader_id"); ok {
params.RemoteLeaderID = remoteLeader.(string)
}
Expand Down
64 changes: 64 additions & 0 deletions ibm/resource_ibm_database_redis_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,36 @@ func TestAccIBMDatabaseInstance_Redis_import(t *testing.T) {
})
}

func TestAccIBMDatabaseInstance_Redis_KP_Encrypt(t *testing.T) {
t.Parallel()
databaseResourceGroup := "Default"
var databaseInstanceOne string
rnd := fmt.Sprintf("tf_test_acc_%d", acctest.RandIntRange(10, 100))
testName := rnd
kpInstanceName := fmt.Sprintf("tf_kp_instance_%d", acctest.RandIntRange(10, 100))
kpKeyName := fmt.Sprintf("tf_kp_key_%d", acctest.RandIntRange(10, 100))
kpByokName := fmt.Sprintf("tf_kp_byok_key_%d", acctest.RandIntRange(10, 100))
// name := "ibm_database." + testName

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckIBMDatabaseInstanceDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccCheckIBMDatabaseInstance_Redis_KPEncrypt(databaseResourceGroup, kpInstanceName, kpKeyName, kpByokName, testName),
Check: resource.ComposeAggregateTestCheckFunc(
testAccCheckIBMDatabaseInstanceExists("ibm_database.database", &databaseInstanceOne),
resource.TestCheckResourceAttr("ibm_database.database", "name", testName),
resource.TestCheckResourceAttr("ibm_database.database", "service", "databases-for-redis"),
resource.TestCheckResourceAttrSet("ibm_database.database", "key_protect_key"),
resource.TestCheckResourceAttrSet("ibm_database.database", "backup_encryption_key_crn"),
),
},
},
})
}

// func testAccCheckIBMDatabaseInstanceDestroy(s *terraform.State) etc in resource_ibm_database_postgresql_test.go

func testAccCheckIBMDatabaseInstance_Redis_basic(databaseResourceGroup string, name string) string {
Expand Down Expand Up @@ -194,3 +224,37 @@ func testAccCheckIBMDatabaseInstance_Redis_import(databaseResourceGroup string,
}
`, databaseResourceGroup, name)
}
func testAccCheckIBMDatabaseInstance_Redis_KPEncrypt(databaseResourceGroup string, kpInstanceName, kpKeyName, kpByokName, name string) string {
return fmt.Sprintf(`
data "ibm_resource_group" "test_acc" {
is_default = true
# name = "%s"
}
resource "ibm_resource_instance" "kp_instance" {
name = "%s"
service = "kms"
plan = "tiered-pricing"
location = "us-south"
}
resource "ibm_kp_key" "test" {
key_protect_id = ibm_resource_instance.kp_instance.guid
key_name = "%s"
force_delete = true
}
resource "ibm_kp_key" "test1" {
key_protect_id = ibm_resource_instance.kp_instance.guid
key_name = "%s"
force_delete = true
}
resource "ibm_database" "database" {
resource_group_id = data.ibm_resource_group.test_acc.id
name = "%s"
service = "databases-for-redis"
plan = "standard"
location = "us-south"
key_protect_instance = ibm_resource_instance.kp_instance.guid
key_protect_key = ibm_kp_key.test.id
backup_encryption_key_crn = ibm_kp_key.test1.id
}
`, databaseResourceGroup, kpInstanceName, kpKeyName, kpByokName, name)
}
3 changes: 2 additions & 1 deletion website/docs/r/database.html.markdown
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,8 @@ The following arguments are supported:
* `members_cpu_allocation_count` - (Optional, int) Enables and allocates the number of specified dedicated cores to your deployment.
* `backup_id` - (Optional, string) A CRN of a backup resource to restore from. The backup must have been created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<...>:backup:<uuid>. If omitted, the database is provisioned empty.
* `remote_leader_id` - (Optional, string) A CRN of the leader database to make the replica(read-only) deployment. The leader database must have been created by a database deployment with the same service ID. A read-only replica is set up to replicate all of your data from the leader deployment to the replica deployment using asynchronous replication. See the documentation related to Read-only Replicas here. https://cloud.ibm.com/docs/services/databases-for-postgresql?topic=databases-for-postgresql-read-only-replicas
* `key_protect_key` - (Optional, Force new resource, string) The CRN of a Key Protect key, which is then used for disk encryption. A key protect CRN is in the format crn:v1:<...>:key:<id>. No update support available. `key_protect_key` can be added only at the time of creation.
* `key_protect_key` - (Optional, Force new resource, string) The CRN of a Key Protect key, which is then used for disk encryption. A key protect CRN is in the format crn:v1:<...>:key:<id>. No update support available. `key_protect_key` can be added only at the time of creation. See the documentation related to Disk encryption here.https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect#using-the-key-protect-key
* `backup_encryption_key_crn` - (Optional, Force new resource, string) The CRN of a Key Protect key, which is then used to encrypt disk that holds deployment backups. A key protect CRN is in the format crn:v1:<...>:key:<id>. No update support available. `backup_encryption_key_crn` can be added only at the time of creation.
* `key_protect_instance` - (Optional, Force new resource, string) The CRN of a Key Protect instance, which is then used for disk encryption. A key protect CRN is in the format crn:v1:<...>::.No update support available. `key_protect_instance` can be added only at the time of creation.
* `point_in_time_recovery_deployment_id` - (Optional, string) The source deployment's ID.
* `point_in_time_recovery_time` - (Optional, string) The timestamp in UTC you want to restore to. PITR time stamp can be retrieved using [`ibmcloud cdb postgresql earliest-pitr-timestamp <deployment name or CRN>`] For more info on how to get PITR time refer [point-in-time-recovery-docs](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-pitr)
Expand Down

0 comments on commit 21d3efe

Please sign in to comment.