kms: add support for external key store #40557

bschaatsbergen · 2024-12-13T11:30:08Z

Closes #28092

Adds XKS (External Key Store) arguments to the aws_kms_custom_key_store resource
Changes CloudHSM related arguments from Required to Optional.
Updates documentation with CloudHSM and XKS (public and private) examples.

github-actions · 2024-12-13T11:30:22Z

Community Note

Voting for Prioritization

Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

…put fields

…aform-provider-aws into f/external-kms-store

Rather than setting a provider default we'll rely on AWS to set the value default to `AWS_CLOUDHSM` and store it as computed. Changing the type will still trigger a forced re-creation.

This argument is now only required if `custom_key_store_type` is `AWS_CLOUDHSM`.

internal/service/kms/custom_key_store.go

…al` flattener Removes the flattener for `xks_proxy_authentication_credential` given only one of the two nested arguments is returned from the AWS API. This was done as a precaution to eliminate potential failure modes in writing the returned value given we cannot acceptance test these changes. If drift detection on the nested `access_key_id` argument is desired by the community, it will be added in a future release.

jar-b

LGTM 🚀

Community Note: Due to the dependency on an external key store, we are unable to acceptance test the changes made in this pull request. Any community feedback in testing these new arguments would be greatly appreciated!

jar-b · 2025-01-13T19:44:25Z

Thanks for your contribution, @bschaatsbergen! 👍

github-actions · 2025-01-16T19:51:54Z

This functionality has been released in v5.84.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

github-actions · 2025-02-16T02:19:13Z

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

kms: add support for external key store

e0db82a

github-actions bot added service/kms Issues and PRs that pertain to the kms service. needs-triage Waiting for first response or review from a maintainer. external-maintainer Contribution from a trusted external contributor. labels Dec 13, 2024

bschaatsbergen added 7 commits December 13, 2024 12:36

kms: refactor to remove 'cloud_hsm_cluster_id' from required UpdateIn…

9f8bf0f

…put fields

kms: refactor to remove cloud_hsm_cluster_id from required UpdateIn…

0a5bcaf

…put fields

kms: update custom key store documentation to reflect XKS arguments

59e8dbf

Merge branch 'f/external-kms-store' of github.com:bschaatsbergen/terr…

e4d1d28

…aform-provider-aws into f/external-kms-store

kms: add XKS changelog

16f6e04

kms: remove unnecessary enum wrapper

e0a0781

kms: terrafmt docs

268f087

github-actions bot added the documentation Introduces or discusses updates to documentation. label Dec 13, 2024

bschaatsbergen marked this pull request as ready for review December 13, 2024 12:23

bschaatsbergen requested a review from a team as a code owner December 13, 2024 12:23

bschaatsbergen removed the external-maintainer Contribution from a trusted external contributor. label Dec 13, 2024

bschaatsbergen added 2 commits December 13, 2024 15:33

kms: refactor flatten to read the access_key_id

f21dbc9

kms: add xks_proxy_authentication_credential block in docs

dc45631

justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Dec 13, 2024

github-actions bot added the external-maintainer Contribution from a trusted external contributor. label Dec 13, 2024

kms: add note to changelog

69302e7

jar-b self-assigned this Jan 10, 2025

github-actions bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jan 10, 2025

jar-b added 6 commits January 10, 2025 15:31

Merge branch 'main' into f/external-kms-store

94ff4b1

r/aws_kms_custom_key_store: rm default for custom_key_store_type

68c1499

Rather than setting a provider default we'll rely on AWS to set the value default to `AWS_CLOUDHSM` and store it as computed. Changing the type will still trigger a forced re-creation.

chore: tidy changelog

0385103

docs: document missing acceptance testing env vars

549ff18

r/aws_kms_custom_key_store: tidy flex functions

6a9b8f0

r/aws_kms_custom_key_store(doc): adjust optional argument format

e722168

r/aws_kms_custom_key_store: trust_anchor_certificate is now optional

069e6ea

This argument is now only required if `custom_key_store_type` is `AWS_CLOUDHSM`.

jar-b reviewed Jan 10, 2025

View reviewed changes

internal/service/kms/custom_key_store.go Outdated Show resolved Hide resolved

jar-b added 4 commits January 13, 2025 10:05

r/aws_kms_custom_key_store(test): tidy serial test structure

a80b55e

Merge branch 'main' into f/external-kms-store

2f3d6a8

chore: make fix-constants

53bce24

YakDriver approved these changes Jan 13, 2025

View reviewed changes

jar-b approved these changes Jan 13, 2025

View reviewed changes

jar-b merged commit 243256b into hashicorp:main Jan 13, 2025
47 checks passed

github-actions bot added this to the v5.84.0 milestone Jan 13, 2025

bschaatsbergen deleted the f/external-kms-store branch January 13, 2025 20:48

github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jan 16, 2025

github-actions bot locked as resolved and limited conversation to collaborators Feb 16, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

kms: add support for external key store #40557

kms: add support for external key store #40557

bschaatsbergen commented Dec 13, 2024 •

edited

Loading

github-actions bot commented Dec 13, 2024

jar-b left a comment

jar-b commented Jan 13, 2025

github-actions bot commented Jan 16, 2025

github-actions bot commented Feb 16, 2025

kms: add support for external key store #40557

kms: add support for external key store #40557

Conversation

bschaatsbergen commented Dec 13, 2024 • edited Loading

github-actions bot commented Dec 13, 2024

Community Note

jar-b left a comment

Choose a reason for hiding this comment

jar-b commented Jan 13, 2025

github-actions bot commented Jan 16, 2025

github-actions bot commented Feb 16, 2025

bschaatsbergen commented Dec 13, 2024 •

edited

Loading