first steps for kms key-ring resource and datasource

docs/data-sources/kms_key.md

@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_key Data Source - stackit"
+subcategory: ""
+description: |-
+  KMS Key resource schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_kms_key (Data Source)
+
+KMS Key resource schema. Must have a `region` specified in the provider configuration.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `algorithm` (String) The encryption algorithm that the key will use to encrypt data
+- `display_name` (String) The display name to distinguish multiple keys
+- `import_only` (Boolean) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".
+- `key_id` (String)
+- `key_ring_id` (String) The ID of the associated key ring
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+- `protection` (String) The underlying system that is responsible for protecting the key material. Currently only software is accepted.
+- `purpose` (String) The purpose for which the key will be used
+
+### Optional
+
+- `access_scope` (String) The access scope of the key. Default is PUBLIC.
+- `description` (String) A user chosen description to distinguish multiple keys
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".

docs/data-sources/kms_key_ring.md

@@ -0,0 +1,28 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_key_ring Data Source - stackit"
+subcategory: ""
+description: |-
+  KMS Key Ring resource schema.
+---
+
+# stackit_kms_key_ring (Data Source)
+
+KMS Key Ring resource schema.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key_ring_id` (String) An auto generated unique id which identifies the key ring.
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+
+### Read-Only
+
+- `description` (String) A user chosen description to distinguish multiple key rings.
+- `display_name` (String) A user chosen description to distinguish multiple key rings.
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".
+- `region` (String) The resource region. If not defined, the provider region is used.

docs/data-sources/kms_wrapping_key.md

@@ -0,0 +1,36 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_wrapping_key Data Source - stackit"
+subcategory: ""
+description: |-
+  KMS Key resource schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_kms_wrapping_key (Data Source)
+
+KMS Key resource schema. Must have a `region` specified in the provider configuration.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `algorithm` (String) The encryption algorithm that the key will use to encrypt data
+- `display_name` (String) The display name to distinguish multiple keys
+- `key_ring_id` (String) The ID of the associated key ring
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+- `protection` (String) The underlying system that is responsible for protecting the key material. Currently only software is accepted.
+- `purpose` (String) The purpose for which the key will be used
+- `wrapping_key_id` (String)
+
+### Optional
+
+- `access_scope` (String) The access scope of the key. Default is PUBLIC.
+- `description` (String) A user chosen description to distinguish multiple keys
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".

docs/index.md

@@ -162,6 +162,7 @@ Note: AWS specific checks must be skipped as they do not work on STACKIT. For de
 - `experiments` (List of String) Enables experiments. These are unstable features without official support. More information can be found in the README. Available Experiments: iam, routing-tables, network
 - `git_custom_endpoint` (String) Custom endpoint for the Git service
 - `iaas_custom_endpoint` (String) Custom endpoint for the IaaS service
+- `kms_custom_endpoint` (String) Custom endpoint for the KMS service
 - `loadbalancer_custom_endpoint` (String) Custom endpoint for the Load Balancer service
 - `logme_custom_endpoint` (String) Custom endpoint for the LogMe service
 - `mariadb_custom_endpoint` (String) Custom endpoint for the MariaDB service

docs/resources/kms_key.md

@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_key Resource - stackit"
+subcategory: ""
+description: |-
+  KMS Key resource schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_kms_key (Resource)
+
+KMS Key resource schema. Must have a `region` specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+resource "stackit_kms_key" "name" {
+  algorithm    = "example algorithm"
+  backend      = "software"
+  description  = "new descr"
+  display_name = "example name"
+  import_only  = false
+  key_ring_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  purpose      = "example purpose"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `algorithm` (String) The encryption algorithm that the key will use to encrypt data
+- `display_name` (String) The display name to distinguish multiple keys
+- `key_ring_id` (String) The ID of the associated key ring
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+- `protection` (String) The underlying system that is responsible for protecting the key material. Currently only software is accepted.
+- `purpose` (String) The purpose for which the key will be used
+
+### Optional
+
+- `access_scope` (String) The access scope of the key. Default is PUBLIC.
+- `description` (String) A user chosen description to distinguish multiple keys
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".
+- `import_only` (Boolean) Specifies if the the key should be import_only
+- `key_id` (String) The ID of the key

docs/resources/kms_key_ring.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_key_ring Resource - stackit"
+subcategory: ""
+description: |-
+  KMS Key Ring resource schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_kms_key_ring (Resource)
+
+KMS Key Ring resource schema. Must have a `region` specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+resource "stackit_kms_key_ring" "example" {
+  description  = "example description"
+  display_name = "example name"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region_id    = "eu01"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `display_name` (String) A user chosen description to distinguish multiple key rings.
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+
+### Optional
+
+- `description` (String) A user chosen description to distinguish multiple key rings.
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`key_ring_id`".
+- `key_ring_id` (String) An auto generated unique id which identifies the key ring.

docs/resources/kms_wrapping_key.md

@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_wrapping_key Resource - stackit"
+subcategory: ""
+description: |-
+  KMS Key resource schema. Must have a region specified in the provider configuration.
+---
+
+# stackit_kms_wrapping_key (Resource)
+
+KMS Key resource schema. Must have a `region` specified in the provider configuration.
+
+## Example Usage
+
+```terraform
+resource "stackit_kms_wrapping_key" "name" {
+  algorithm    = "example algorithm"
+  backend      = "software"
+  description  = "new descr"
+  display_name = "example name"
+  key_ring_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  purpose      = "example purpose"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `algorithm` (String) The encryption algorithm that the key will use to encrypt data
+- `display_name` (String) The display name to distinguish multiple keys
+- `key_ring_id` (String) The ID of the associated key ring
+- `project_id` (String) STACKIT project ID to which the key ring is associated.
+- `protection` (String) The underlying system that is responsible for protecting the key material. Currently only software is accepted.
+- `purpose` (String) The purpose for which the key will be used
+
+### Optional
+
+- `access_scope` (String) The access scope of the key. Default is PUBLIC.
+- `description` (String) A user chosen description to distinguish multiple keys
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`instance_id`".
+- `import_only` (Boolean)
+- `wrapping_key_id` (String) The ID of the wrapping key

examples/resources/stackit_kms_key/resource.tf

@@ -0,0 +1,10 @@
+resource "stackit_kms_key" "name" {
+  algorithm    = "example algorithm"
+  backend      = "software"
+  description  = "new descr"
+  display_name = "example name"
+  import_only  = false
+  key_ring_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  purpose      = "example purpose"
+}

examples/resources/stackit_kms_key_ring/resource.tf

@@ -0,0 +1,6 @@
+resource "stackit_kms_key_ring" "example" {
+  description  = "example description"
+  display_name = "example name"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region_id    = "eu01"
+}

examples/resources/stackit_kms_wrapping_key/resource.tf

@@ -0,0 +1,9 @@
+resource "stackit_kms_wrapping_key" "name" {
+  algorithm    = "example algorithm"
+  backend      = "software"
+  description  = "new descr"
+  display_name = "example name"
+  key_ring_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  purpose      = "example purpose"
+}

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/git v0.8.0
 	github.com/stackitcloud/stackit-sdk-go/services/iaas v0.31.0
 	github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha
+	github.com/stackitcloud/stackit-sdk-go/services/kms v1.0.0
 	github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.6.0
 	github.com/stackitcloud/stackit-sdk-go/services/logme v0.25.1
 	github.com/stackitcloud/stackit-sdk-go/services/mariadb v0.25.1
@@ -80,7 +81,7 @@ require (
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/oklog/run v1.1.0 // indirect
+	github.com/oklog/run v1.2.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/stackitcloud/stackit-sdk-go/services/authorization v0.9.0
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect

go.sum

@@ -137,8 +137,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
 github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
-github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
+github.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E=
+github.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk=
 github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
 github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -166,6 +166,8 @@ github.com/stackitcloud/stackit-sdk-go/services/iaas v0.31.0 h1:dnEjyapuv8WwRN5v
 github.com/stackitcloud/stackit-sdk-go/services/iaas v0.31.0/go.mod h1:854gnLR92NvAbJAA1xZEumrtNh1DoBP1FXTMvhwYA6w=
 github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha h1:m1jq6a8dbUe+suFuUNdHmM/cSehpGLUtDbK1CqLqydg=
 github.com/stackitcloud/stackit-sdk-go/services/iaasalpha v0.1.21-alpha/go.mod h1:Nu1b5Phsv8plgZ51+fkxPVsU91ZJ5Ayz+cthilxdmQ8=
+github.com/stackitcloud/stackit-sdk-go/services/kms v1.0.0 h1:zxoOv7Fu+FmdsvTKiKkbmLItrMKfL+QoVtz9ReEF30E=
+github.com/stackitcloud/stackit-sdk-go/services/kms v1.0.0/go.mod h1:KEPVoO21pC4bjy5l0nyhjUJ0+uVwVWb+k2TYrzJ8xYw=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.6.0 h1:q33ZaCBVEBUsnMDxYyuJKtJvGcE5nKgvuPed3s8zXNI=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.6.0/go.mod h1:20QOZ3rBC9wTGgzXzLz9M6YheX0VaxWE0/JI+s8On7k=
 github.com/stackitcloud/stackit-sdk-go/services/logme v0.25.1 h1:hv5WrRU9rN6Jx4OwdOGJRyaQrfA9p1tzEoQK6/CDyoA=

stackit/internal/core/core.go

@@ -33,6 +33,7 @@ type ProviderData struct {
 	DnsCustomEndpoint               string
 	GitCustomEndpoint               string
 	IaaSCustomEndpoint              string
+	KMSCustomEndpoint               string
 	LoadBalancerCustomEndpoint      string
 	LogMeCustomEndpoint             string
 	MariaDBCustomEndpoint           string