-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bb982c1
commit c86fb30
Showing
4 changed files
with
197 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # IBM Cloud Ansible: IBM KEY PROTECT | ||
|
|
||
| This example shows how to Create a Key protect instance, generate a key and integrate that key with cos-bucket | ||
|
|
||
| This sample configuration will create the key protect instance, cos-bucket instance, root key, and integrate the key with a cos bucket after creating the bucket. | ||
|
|
||
| ## Configuration Parameters | ||
|
|
||
| The following parameters can be set by the user: | ||
|
|
||
| | Name | Description | Type | Required | | ||
| |------|-------------|------|---------| | ||
| | kp\_plan | The key protect plan to provision| `string` | yes | | ||
| | kp\_name_ | The name of the keyprotect instance| `string` | yes | | ||
| | key\_name | The name of the kp key. | `string` | yes | | ||
| | standard\_key | Set to true to create a standard key, to create a root key set this flag to false. Default: `false` . | `bool` | no | | ||
| | plan | The cos instance plan to provision| `string` | yes | | ||
| | kp\_location | The location where key protect instance will be created| `string` | yes | | ||
| | location | The location where cos instance will be created| `string` | yes | | ||
| | cos\_name | The name of the cos instance to be provisioned| `string` | yes | | ||
| | cos\_bucket_name | The name of the cos ibucket| `string` | yes | | ||
|
|
||
| ## Running | ||
|
|
||
| ### Set API Key and Region | ||
|
|
||
| 1. [Obtain an IBM Cloud API key]. | ||
|
|
||
| 2. Export your API key to the `IC_API_KEY` environment variable: | ||
|
|
||
| ``` | ||
| export IC_API_KEY=<YOUR_API_KEY_HERE> | ||
| ``` | ||
| Note: Modules also support the 'ibmcloud_api_key' parameter, but it is | ||
| recommended to only use this when encrypting your API key value. | ||
| ### Create | ||
| 1. To create all resources, run the | ||
| 'create' playbook: | ||
| ``` | ||
| ansible-playbook create.yml | ||
| ``` | ||
| ### Destroy | ||
| 1. To destroy all resources run the 'destroy' playbook: | ||
| ``` | ||
| ansible-playbook destroy.yml | ||
| ``` | ||
| [Obtain an IBM Cloud API key]:https://cloud.ibm.com/docs/iam?topic=iam-userapikey |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| --- | ||
| - name: Create key protect encryption for a cos bucket | ||
| hosts: localhost | ||
| collections: | ||
| - ibm.cloudcollection | ||
| tasks: | ||
| - name: Fetch the variables from var file | ||
| include_vars: | ||
| file: vars.yml | ||
|
|
||
| - name: provision COS instance | ||
| ibm_resource_instance: | ||
| name: "{{ cos_name }}" | ||
| location: "{{ location }}" | ||
| service: "cloud-object-storage" | ||
| plan: "{{ plan }}" | ||
| register: cos_resource_instance_output | ||
|
|
||
| - name: Save cos resource instance as fact | ||
| set_fact: | ||
| cacheable: True | ||
| cos_instance: "{{ cos_resource_instance_output.resource }}" | ||
| when: cos_resource_instance_output.rc==0 | ||
|
|
||
| - name: provision key protect instance | ||
| ibm_resource_instance: | ||
| name: "{{ kp_name }}" | ||
| location: "{{ kp_location }}" | ||
| service: "kms" | ||
| plan: "{{ kp_plan }}" | ||
| register: kp_resource_instance_output | ||
|
|
||
| - name: Save key protect resource instance as fact | ||
| set_fact: | ||
| cacheable: True | ||
| kp_instance: "{{ kp_resource_instance_output.resource }}" | ||
| when: kp_resource_instance_output.rc==0 | ||
|
|
||
| - name: provision key protect key | ||
| ibm_kp_key: | ||
| key_protect_id: "{{ kp_instance.guid }}" | ||
| key_name: "{{ key_name }}" | ||
| standard_key: "{{ standard_key }}" | ||
| register: kp_key_output | ||
|
|
||
| - name: Save key protect key resource as fact | ||
| set_fact: | ||
| cacheable: True | ||
| kp_key: "{{ kp_key_output.resource }}" | ||
| when: kp_key_output.rc==0 | ||
|
|
||
| - name: provision cos bucket with key protect encryption | ||
| ibm_cos_bucket: | ||
| bucket_name: "{{ bucket_name }}" | ||
| resource_instance_id: "{{ cos_instance.id }}" | ||
| region_location: "us-south" | ||
| storage_class: "flex" | ||
| key_protect: "{{ kp_key.id }}" | ||
| register: cos_bucket_output | ||
| when: policy is defined | ||
|
|
||
| - name: Save cos bucket resource as fact | ||
| set_fact: | ||
| cacheable: True | ||
| cos_bucket: "{{ cos_bucket_output.resource }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| --- | ||
| - name: Destroy cos, kp, authorization policy and kp key instances | ||
| hosts: localhost | ||
| collections: | ||
| - ibm.cloudcollection | ||
| tasks: | ||
| - name: Fetch the variables from var file | ||
| include_vars: | ||
| file: vars.yml | ||
|
|
||
| - name: Remove cos bucket | ||
| ibm_cos_bucket: | ||
| state: absent | ||
| id: "{{ cos_bucket }}" | ||
| when: cos_bucket is defined | ||
|
|
||
| - name: Remove IAM authorization policy | ||
| ibm_iam_authorization_policy: | ||
| state: absent | ||
| id: "{{ policy }}" | ||
| when: policy is defined | ||
|
|
||
| - name: Remove Key protect key | ||
| ibm_kp_key: | ||
| state: absent | ||
| id: "{{ kp_key }}" | ||
| when: kp_key is defined | ||
|
|
||
| - name: Get kp Resource id details | ||
| ibm_resource_instance_info: | ||
| name: "{{ kp_name }}" | ||
| register: kp_resource_info | ||
|
|
||
| - name: Get kp resource | ||
| set_fact: | ||
| cacheable: True | ||
| kp_resource: "{{ kp_resource_info.resource }}" | ||
|
|
||
| - name: destroy key protect resource instance | ||
| ibm_resource_instance: | ||
| name: "{{ kp_name }}" | ||
| location: "{{ kp_location }}" | ||
| service: "kms" | ||
| plan: "{{ kp_plan }}" | ||
| id: "{{ kp_resource.id }}" | ||
| state: absent | ||
| register: kp_resource_output | ||
|
|
||
| - name: Get cos Resource id details | ||
| ibm_resource_instance_info: | ||
| name: "{{ cos_name }}" | ||
| register: cos_resource_info | ||
|
|
||
| - name: Get cos resource | ||
| set_fact: | ||
| cacheable: True | ||
| cos_resource: "{{ cos_resource_info.resource }}" | ||
|
|
||
| - name: destroy cos resource instance | ||
| ibm_resource_instance: | ||
| name: "{{ cos_name }}" | ||
| location: "{{ location }}" | ||
| service: "cloud-object-storage" | ||
| plan: "{{ plan }}" | ||
| id: "{{ cos_resource.id }}" | ||
| state: absent | ||
| register: cos_resource_output |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| --- | ||
| region: "us-south" | ||
| cos_name: "test_cos" | ||
| plan: "standard" | ||
| location: "global" | ||
| kp_name: "test_kp" | ||
| kp_plan: "tiered-pricing" | ||
| kp_location: "us-south" | ||
| key_name: "test_key" | ||
| standard_key: False | ||
| bucket_name: "test_bucket" |