From 946056ccc160a35f860adf3383e621d69410d045 Mon Sep 17 00:00:00 2001
From: theprashantyadav <theprashantyadav7@gmail.com>
Date: Tue, 13 Jun 2023 15:57:33 +0530
Subject: [PATCH] feat: added external key resource

---
 _example/example.tf | 18 ++++++++++---
 _example/outputs.tf | 38 +++++++++++++--------------
 main.tf             | 24 ++++++++++--------
 outputs.tf          | 62 ++++++++++++++++++++++-----------------------
 variables.tf        | 29 +++++++++++++++++++++
 5 files changed, 106 insertions(+), 65 deletions(-)

diff --git a/_example/example.tf b/_example/example.tf
index 1e3ee8b..9a8e87d 100644
--- a/_example/example.tf
+++ b/_example/example.tf
@@ -1,21 +1,31 @@
+####----------------------------------------------------------------------------------
+## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
+####----------------------------------------------------------------------------------
+
+
 provider "aws" {
-  region = "eu-central-1"
+  region = "us-east-1"
 }
 
+####----------------------------------------------------------------------------------
+## AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data.
+####----------------------------------------------------------------------------------
 module "kms_key" {
+
   source = "./../"
 
   name        = "kms"
   environment = "test"
   label_order = ["name", "environment"]
 
-  deletion_window_in_days         = 15
+  deletion_window_in_days         = 7
   alias                           = "alias/cloudtrail_Name"
   enabled                         = true
-  multi_region                    = false
+  kms_key_enabled                 = true
+  multi_region                    = true
   create_replica_external_enabled = false
   create_replica_enabled          = false
-  create_external_enabled         = false
+  create_external_enabled         = true
   valid_to                        = "2023-11-21T23:20:50Z"
   key_material_base64             = "Wblj06fduthWggmsT0cLVoIMOkeLbc2kVfMud77i/JY="
 }
\ No newline at end of file
diff --git a/_example/outputs.tf b/_example/outputs.tf
index 6a1f266..e9dd5d0 100644
--- a/_example/outputs.tf
+++ b/_example/outputs.tf
@@ -1,19 +1,19 @@
-output "key_arn" {
-  value       = module.kms_key.key_arn
-  description = "Key ARN."
-}
-
-output "tags" {
-  value       = module.kms_key.tags
-  description = "A mapping of tags to assign to the KMS."
-}
-
-output "key_id" {
-  value       = module.kms_key.key_id
-  description = "The globally unique identifier for the key."
-}
-
-output "target_key_id" {
-  value       = module.kms_key.target_key_id
-  description = "Identifier for the key for which the alias is for, can be either an ARN or key_id."
-}
\ No newline at end of file
+#output "key_arn" {
+#  value       = module.kms_key.key_arn
+#  description = "Key ARN."
+#}
+#
+#output "tags" {
+#  value       = module.kms_key.tags
+#  description = "A mapping of tags to assign to the KMS."
+#}
+#
+#output "key_id" {
+#  value       = module.kms_key.key_id
+#  description = "The globally unique identifier for the key."
+#}
+#
+#output "target_key_id" {
+#  value       = module.kms_key.target_key_id
+#  description = "Identifier for the key for which the alias is for, can be either an ARN or key_id."
+#}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index c363dd7..8a1293c 100644
--- a/main.tf
+++ b/main.tf
@@ -1,11 +1,10 @@
-## Managed By : CloudDrove
-# Description : This Script is used to create KMS on AWS.
-## Copyright @ CloudDrove. All Right Reserved.
-
-#Module      : labels
-#Description : This terraform module is designed to generate consistent label names and tags
-#              for resources. You can use terraform-labels to implement a strict naming
-#              convention.
+provider "aws" {
+  alias  = "primary"
+  region = "us-east-1"
+}
+##----------------------------------------------------------------------------------
+## Labels module callled that will be used for naming and tags.
+##----------------------------------------------------------------------------------
 module "labels" {
   source      = "clouddrove/labels/aws"
   version     = "1.3.0"
@@ -21,10 +20,10 @@ data "aws_caller_identity" "current" {}
 data "aws_partition" "current" {}
 
 ####----------------------------------------------------------------------------------
-## This terraform module creates a KMS Customer Master Key (CMK) and its alias..
+## This terraform resource creates a KMS Customer Master Key (CMK) and its alias.
 ####----------------------------------------------------------------------------------
 resource "aws_kms_key" "default" {
-  count = var.enabled ? 1 : 0
+  count = var.enabled && var.kms_key_enabled ? 1 : 0
 
   description              = var.description
   key_usage                = var.key_usage
@@ -37,6 +36,9 @@ resource "aws_kms_key" "default" {
   tags                     = module.labels.tags
 }
 
+####----------------------------------------------------------------------------------
+## Create KMS keys in an external key store backed by your cryptographic keys outside of AWS.
+####----------------------------------------------------------------------------------
 resource "aws_kms_external_key" "external" {
   count = var.enabled && var.create_external_enabled ? 1 : 0
 
@@ -58,7 +60,7 @@ resource "aws_kms_replica_key" "replica-key" {
   bypass_policy_lockout_safety_check = var.bypass_policy_lockout_safety_check
   deletion_window_in_days            = var.deletion_window_in_days
   description                        = var.description
-  primary_key_arn                    = join("", aws_kms_key.default.*.arn)
+  primary_key_arn                    = var.primary_key_arn == "" ? join("", aws_kms_key.default.*.arn) : var.primary_key_arn
   enabled                            = var.is_enabled
   policy                             = data.aws_iam_policy_document.default.json
 
diff --git a/outputs.tf b/outputs.tf
index c208b48..773fe02 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,31 +1,31 @@
-# Module      : KMS KEY
-# Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias.
-output "key_arn" {
-  value       = join("", aws_kms_key.default.*.arn)
-  description = "Key ARN."
-}
-
-output "key_id" {
-  value       = join("", aws_kms_key.default.*.key_id)
-  description = "Key ID."
-}
-
-output "alias_arn" {
-  value       = join("", aws_kms_alias.default.*.arn)
-  description = "Alias ARN."
-}
-
-output "alias_name" {
-  value       = join("", aws_kms_alias.default.*.name)
-  description = "Alias name."
-}
-
-output "tags" {
-  value       = module.labels.tags
-  description = "A mapping of tags to assign to the resource."
-}
-
-output "target_key_id" {
-  value       = join("", aws_kms_alias.default.*.target_key_id)
-  description = "Identifier for the key for which the alias is for, can be either an ARN or key_id."
-}
\ No newline at end of file
+## Module      : KMS KEY
+## Description : This terraform module creates a KMS Customer Master Key (CMK) and its alias.
+#output "key_arn" {
+#  value       = join("", aws_kms_key.default.*.arn)
+#  description = "Key ARN."
+#}
+#
+#output "key_id" {
+#  value       = join("", aws_kms_key.default.*.key_id)
+#  description = "Key ID."
+#}
+#
+#output "alias_arn" {
+#  value       = join("", aws_kms_alias.default.*.arn)
+#  description = "Alias ARN."
+#}
+#
+#output "alias_name" {
+#  value       = join("", aws_kms_alias.default.*.name)
+#  description = "Alias name."
+#}
+#
+#output "tags" {
+#  value       = module.labels.tags
+#  description = "A mapping of tags to assign to the resource."
+#}
+#
+#output "target_key_id" {
+#  value       = join("", aws_kms_alias.default.*.target_key_id)
+#  description = "Identifier for the key for which the alias is for, can be either an ARN or key_id."
+#}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index a14b9a5..7c84db5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -67,6 +67,11 @@ variable "enabled" {
   default     = true
   description = "Specifies whether the kms is enabled or disabled."
 }
+variable "kms_key_enabled" {
+  type        = bool
+  default     = true
+  description = "Specifies whether the kms is enabled or disabled."
+}
 
 
 variable "key_usage" {
@@ -141,4 +146,28 @@ variable "primary_external_key_arn" {
   type        = string
   default     = null
   description = "The primary external key arn of a multi-region replica external key"
+}
+
+variable "primary_key_arn" {
+  type        = string
+  default     = ""
+  description = "The primary key arn of a multi-region replica key"
+}
+
+variable "policy" {
+  type        = string
+  default     = null
+  description = "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws_iam_policy_document`, in the form that designates a principal, can be used"
+}
+
+variable "computed_aliases" {
+  description = "A map of aliases to create. Values provided via the `name` key of the map can be computed from upstream resources"
+  type        = any
+  default     = {}
+}
+
+variable "aliases_use_name_prefix" {
+  description = "Determines whether the alias name is used as a prefix"
+  type        = bool
+  default     = false
 }
\ No newline at end of file