From d7c66d4057ce22a559b2861c4c5b73aebf6e15e3 Mon Sep 17 00:00:00 2001
From: Leonardo Romanini <97033241+romanini-ciandt@users.noreply.github.com>
Date: Sat, 18 May 2024 12:37:29 -0300
Subject: [PATCH] chore: Include producer example (#28)

---
 .../main.tf                                   | 24 ++++++++++++++++-
 .../testing_only_dek.bin.index                |  1 +
 .../variables.tf                              |  0
 .../consumer/1-key-import/README.md           |  5 ++++
 .../consumer/1-key-import/main.tf             | 19 +-------------
 .../consumer/1-key-import/variables.tf        | 26 +++++++++++++++++++
 6 files changed, 56 insertions(+), 19 deletions(-)
 rename examples/{share_encrypted_data_with_partners_bootstrap => share_encrypted_data_with_partners}/main.tf (56%)
 create mode 100644 examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
 rename examples/{share_encrypted_data_with_partners_bootstrap => share_encrypted_data_with_partners}/variables.tf (100%)

diff --git a/examples/share_encrypted_data_with_partners_bootstrap/main.tf b/examples/share_encrypted_data_with_partners/main.tf
similarity index 56%
rename from examples/share_encrypted_data_with_partners_bootstrap/main.tf
rename to examples/share_encrypted_data_with_partners/main.tf
index a2999af2..8215250c 100644
--- a/examples/share_encrypted_data_with_partners_bootstrap/main.tf
+++ b/examples/share_encrypted_data_with_partners/main.tf
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-module "bootstrap" {
+module "consumer_bootstrap" {
   source = "../../share-encrypted-data-with-partners/consumer/0-bootstrap"
 
   project_id                 = var.project_id
@@ -23,3 +23,25 @@ module "bootstrap" {
   import_job_public_key_path = "./wrapping-key.pem"
   prevent_destroy            = false
 }
+
+module "producer_key_wrap" {
+  source = "../../share-encrypted-data-with-partners/producer/"
+
+  key_encryption_key_path  = "./wrapping-key.pem"
+  data_encryption_key_path = "./testing_only_dek.bin.index"
+  wrapped_key_path         = "./wrapped-key"
+
+  depends_on = [module.consumer_bootstrap]
+}
+
+module "consumer_key_import" {
+  source = "../../share-encrypted-data-with-partners/consumer/1-key-import"
+
+  project_id       = var.project_id
+  keyring          = module.consumer_bootstrap.keyring
+  key              = module.consumer_bootstrap.key
+  wrapped_key_path = "./wrapped-key"
+  import_job_id    = module.consumer_bootstrap.import_job_id
+
+  depends_on = [module.producer_key_wrap]
+}
diff --git a/examples/share_encrypted_data_with_partners/testing_only_dek.bin.index b/examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
new file mode 100644
index 00000000..2fd8e52f
--- /dev/null
+++ b/examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
@@ -0,0 +1 @@
+��5�iu��?HS�E����B�J�xi%Ϙ
\ No newline at end of file
diff --git a/examples/share_encrypted_data_with_partners_bootstrap/variables.tf b/examples/share_encrypted_data_with_partners/variables.tf
similarity index 100%
rename from examples/share_encrypted_data_with_partners_bootstrap/variables.tf
rename to examples/share_encrypted_data_with_partners/variables.tf
diff --git a/share-encrypted-data-with-partners/consumer/1-key-import/README.md b/share-encrypted-data-with-partners/consumer/1-key-import/README.md
index bd9e2b7d..cb50d6d2 100644
--- a/share-encrypted-data-with-partners/consumer/1-key-import/README.md
+++ b/share-encrypted-data-with-partners/consumer/1-key-import/README.md
@@ -37,6 +37,11 @@ This module provides the key import process for an existing import job and raw e
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | crypto\_key\_algorithm\_import | Algorithm to use when creating a crypto key version through import. See more: https://cloud.google.com/sdk/gcloud/reference/kms/keys/versions/import. | `string` | `"aes-256-gcm"` | no |
+| import\_job\_id | ID of the import job created in 0-bootstrap module | `string` | n/a | yes |
+| key | Name of the key to be created. | `string` | n/a | yes |
+| keyring | Name of the keyring to be created. | `string` | n/a | yes |
+| location | Location for the keyring. For available KMS locations see: https://cloud.google.com/kms/docs/locations. | `string` | `"us-central1"` | no |
+| project\_id | GCP project ID to use for the creation of resources. | `string` | n/a | yes |
 | wrapped\_key\_path | Path to the wrapped key file. | `string` | n/a | yes |
 
 ## Outputs
diff --git a/share-encrypted-data-with-partners/consumer/1-key-import/main.tf b/share-encrypted-data-with-partners/consumer/1-key-import/main.tf
index 715a080f..bbaf3d1f 100644
--- a/share-encrypted-data-with-partners/consumer/1-key-import/main.tf
+++ b/share-encrypted-data-with-partners/consumer/1-key-import/main.tf
@@ -14,27 +14,10 @@
  * limitations under the License.
  */
 
-data "terraform_remote_state" "bootstrap" {
-  backend = "local"
-
-  config = {
-    path = "../0-bootstrap/terraform.tfstate"
-  }
-}
-
-locals {
-  project_id    = data.terraform_remote_state.bootstrap.outputs.project_id
-  import_job_id = data.terraform_remote_state.bootstrap.outputs.import_job_id
-  keyring       = data.terraform_remote_state.bootstrap.outputs.keyring
-  key           = data.terraform_remote_state.bootstrap.outputs.key
-  location      = data.terraform_remote_state.bootstrap.outputs.location
-}
-
-
 // Import wrapped key into the existing import job in Cloud KMS
 resource "null_resource" "gcloud-import-wrapped-key-into-an-existing-job" {
 
   provisioner "local-exec" {
-    command = "gcloud kms keys versions import --import-job ${local.import_job_id} --location ${local.location} --keyring ${local.keyring} --key ${local.key} --algorithm ${var.crypto_key_algorithm_import} --wrapped-key-file ${var.wrapped_key_path} --project ${local.project_id}"
+    command = "gcloud kms keys versions import --import-job ${var.import_job_id} --location ${var.location} --keyring ${var.keyring} --key ${var.key} --algorithm ${var.crypto_key_algorithm_import} --wrapped-key-file ${var.wrapped_key_path} --project ${var.project_id}"
   }
 }
diff --git a/share-encrypted-data-with-partners/consumer/1-key-import/variables.tf b/share-encrypted-data-with-partners/consumer/1-key-import/variables.tf
index b069b3b6..b6df0fdb 100644
--- a/share-encrypted-data-with-partners/consumer/1-key-import/variables.tf
+++ b/share-encrypted-data-with-partners/consumer/1-key-import/variables.tf
@@ -24,3 +24,29 @@ variable "crypto_key_algorithm_import" {
   type        = string
   default     = "aes-256-gcm"
 }
+
+variable "project_id" {
+  description = "GCP project ID to use for the creation of resources."
+  type        = string
+}
+
+variable "location" {
+  description = "Location for the keyring. For available KMS locations see: https://cloud.google.com/kms/docs/locations."
+  type        = string
+  default     = "us-central1"
+}
+
+variable "keyring" {
+  description = "Name of the keyring to be created."
+  type        = string
+}
+
+variable "key" {
+  description = "Name of the key to be created."
+  type        = string
+}
+
+variable "import_job_id" {
+  description = "ID of the import job created in 0-bootstrap module"
+  type        = string
+}