updated docs

ThalesGroup · Sep 27, 2024 · 12ac1ba · 12ac1ba
1 parent 781df82
commit 12ac1ba
Show file tree

Hide file tree

Showing 151 changed files with 2,532 additions and 117 deletions.
diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,52 @@
+# 0.10.6-beta
+
+## New Resources
+
+    ciphertrust_ldap_connection
+        Resource for creating a ldap connection on Ciphertrust Manager.
+
+    ciphertrust_oidc_connection
+        Resource for creating a oidc connection on Ciphertrust Manager.
+
+    ciphertrust_smb_connection
+        Resource for creating a smb connection on Ciphertrust Manager.
+
+    ciphertrust_cte_profile
+        A profile contains the CipherTrust Manager logging criteria for CTE clients.
+
+    ciphertrust_cte_clientgroup
+        A client group is used to group one or more clients to simplify configuration and administration. 
+
+    ciphertrust_cte_registration_token
+        This resource is used to create a CTE Registration Token used to register a CTE client with Ciphertrust Manager.
+
+    ciphertrust_cte_csigroup
+        An CSI storage group communication service contains a group of Kubernetes CTE clients that can communicate with each other.
+
+    ciphertrust_cte_ldtgroupcomms
+        An LDT group communication service contains a group of LDT-enabled CTE clients that can communicate with each other.
+
+    ciphertrust_cte_resourcegroup
+        A resource is a combination of a directory, a file, and patterns or special variables. A resource set is a named collection of directories, files, or both, that a user or process will be permitted or denied access to.
+
+    ciphertrust_cte_user_set
+        A user set is a collection of users and user groups that you want to grant or deny access to GuardPoints. User sets are configured in policies. Policies can be applied to user sets, not to individual users.
+
+    ciphertrust_cte_process_set
+        A process set is a collection of processes (executables) that you want to grant or deny access to GuardPoints.
+
+    ciphertrust_cte_sig_set
+        A signature set is a collection of hashes of processes and executables that you want to grant or deny access to GuardPoints.
+
+## Updated Resources
+    ciphertrust_cm_key
+        remove_from_state_on_destroy - This parameter allows a ciphertrust_cm_key resource to be destroyed even if 'undeleteable' is true. 
+        If remove_from_state_on_destroy is false, 'undeleteable' will have to be updated to false before it can be destroyed.
+        Default is false.
+
+    ciphertrust_cte_policies
+        Added support for force_restrict_update flag for policy modifications.
+
 # 0.10.5-beta
 
 ## New Resources

diff --git a/docs/resources/cm_key.md b/docs/resources/cm_key.md
@@ -12,6 +12,8 @@ CipherTrust Manager keys are primarily used to create the following:
 - [ciphertrust_aws_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_key) resources
 - [ciphertrust_azure_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_key) resources
 - [ciphertrust_gcp_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/gcp_key) resources
+- [ciphertrust_oci_external_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/oci_external_key) resources
+- [ciphertrust_oci_external_key_version](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/oci_external_key_version) resources
 
 This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
 
@@ -50,6 +52,27 @@ resource "ciphertrust_cm_key" "cm_ec_key" {
   algorithm = "EC"
   curve  = "curve25519"
 }
+
+# Create a 2048 bit HYOK RSA key
+# To allow it to be destroyed including deleting in CipherTrust Manager 'undeletable' must be udpated to 'false'.
+# To allow it to be destroyed but not deleted from CipherTrust Manager update 'remove_from_state_on_destroy' to 'true'.
+resource "ciphertrust_cm_key" "cm_rsa_key" {
+  name         = "key-name"
+  algorithm    = "RSA"
+  key_size     = 2048
+  undeletable  = true
+  unexportable = true
+}
+
+# Create a 2048 bit HYOK RSA key and allow it to be removed from terraform state on destroy but retained in CipherTrust Manager.
+resource "ciphertrust_cm_key" "cm_rsa_key" {
+  name         = "key-name"
+  algorithm    = "RSA"
+  key_size     = 2048
+  undeletable  = true
+  unexportable = true
+  remove_from_state_on_destroy = true
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -64,7 +87,8 @@ resource "ciphertrust_cm_key" "cm_ec_key" {
 
 - `curve` (String) Curve for an EC key. Options: secp224k1, secp224r1, secp256k1, secp384r1, secp521r1, prime256v1, brainpoolP224r1, brainpoolP224t1, brainpoolP256r1, brainpoolP256t1, brainpoolP384r1, brainpoolP384t1, brainpoolP512r1, brainpoolP512t1 and curve25519. Default is secp384r1.
 - `key_size` (Number) Required for RSA keys. Optional for AES keys. Defaults to 256 for AES keys. Options are: 128, 192, 256 for AES keys and 1024, 2048, 3072, 4096 for RSA keys.
-- `undeletable` (Boolean) (Updateable) Parameter to indicate if CM key is undeletable. Must be set to false before this key and any linked keys can be destroyed. Default is false.
+- `remove_from_state_on_destroy` (Boolean) (Updateable) This parameter only applies to keys that are 'undeleteable'. If this parameter is true the key will be removed from terraform state during the terraform destroy process. It can not be deleted from CipherTrust Manager while 'undeleteable' is true. Default is 'false'.
+- `undeletable` (Boolean) (Updateable) Parameter to indicate if CM key is undeletable. If 'remove_from_state_on_destroy' is false 'undeleteable' must first be set to 'false' before this key and any linked keys can be destroyed. Default is false.
 - `unexportable` (Boolean) (Updateable) Parameter to indicate if CM key is unexportable.
 - `usage_mask` (Number) Cryptographic usage mask. Add the usage masks to allow certain usages. Sign (1), Verify (2), Encrypt (4), Decrypt (8), Wrap Key (16), Unwrap Key (32), Export (64), MAC Generate (128), MAC Verify (256), Derive Key (512), Content Commitment (1024), Key Agreement (2048), Certificate Sign (4096), CRL Sign (8192), Generate Cryptogram (16384), Validate Cryptogram (32768), Translate Encrypt (65536), Translate Decrypt (131072), Translate Wrap (262144), Translate Unwrap (524288), FPE Encrypt (1048576), FPE Decrypt (2097152). Add the usage mask values to allow the usages. To set all usage mask bits, use 4194303. Equivalent usageMask values for deprecated usages 'fpe' (FPE Encrypt + FPE Decrypt = 3145728), 'blob' (Encrypt + Decrypt = 12), 'hmac' (MAC Generate + MAC Verify = 384), 'encrypt' (Encrypt + Decrypt = 12), 'sign' (Sign + Verify = 3), 'any' (4194303 - all usage masks).
 
@@ -81,5 +105,3 @@ Read-Only:
 
 - `key_id` (String)
 - `key_type` (String)
-
-
diff --git a/docs/resources/cte_client.md b/docs/resources/cte_client.md
@@ -18,21 +18,19 @@ This resource is applicable to CipherTrust Manager only.
 ### Required
 
 - `name` (String) Name to uniquely identify the client. This name will be visible on the CipherTrust Manager.
-- `password_creation_method` (String) Password creation method for the client. Valid values are MANUAL and GENERATE. The default value is GENERATE.
+- `password_creation_method` (String) (Updateable) Password creation method for the client. Valid values are MANUAL and GENERATE. The default value is GENERATE.
 
 ### Optional
 
-- `client_locked` (Boolean) Whether the CTE client is locked. The default value is false. Enable this option to lock the configuration of the CTE Agent on the client.
+- `client_locked` (Boolean) (Updateable) Whether the CTE client is locked. The default value is false. Enable this option to lock the configuration of the CTE Agent on the client.
 - `client_type` (String) Type of CTE Client. The default value is FS. Valid values are CTE-U and FS.
-- `communication_enabled` (Boolean) Whether communication with the client is enabled.
-- `description` (String) Description of client
-- `password` (String) Password for the client. Required when password_creation_method is MANUAL.
-- `profile_identifier` (String) Identifier of the Client Profile to be associated with the client. If not provided, the default profile will be linked.
-- `registration_allowed` (Boolean) Whether client's registration with the CipherTrust Manager is allowed. The default value is false. Set to true to allow registration.
-- `system_locked` (Boolean) Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.
+- `communication_enabled` (Boolean) (Updateable) Whether communication with the client is enabled.
+- `description` (String) (Updateable) Description of client
+- `password` (String) (Updateable) Password for the client. Required when password_creation_method is MANUAL.
+- `profile_identifier` (String) (Updateable) Identifier of the Client Profile to be associated with the client. If not provided, the default profile will be linked.
+- `registration_allowed` (Boolean) (Updateable) Whether client's registration with the CipherTrust Manager is allowed. The default value is false. Set to true to allow registration.
+- `system_locked` (Boolean) (Updateable) Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client.
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/cte_clientgroup.md b/docs/resources/cte_clientgroup.md
@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ciphertrust_cte_clientgroup Resource - terraform-provider-ciphertrust"
+subcategory: ""
+description: |-
+  
+---
+
+# ciphertrust_cte_clientgroup (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `cluster_type` (String)  Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS.
+- `name` (String) This is the name of the client group.
+- `password_creation_method` (String) (Updateable) Type of  Password generation method
+
+### Optional
+
+- `communication_enabled` (Boolean) (Updateable) Comm enabled for client group
+- `description` (String) (Updateable) This is the description of the  client group.
+- `password` (String) (Updateable) Password of the client group
+- `profile_id` (String) (Updateable) ID of client profile
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/docs/resources/cte_csigroup.md b/docs/resources/cte_csigroup.md
@@ -0,0 +1,31 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ciphertrust_cte_csigroup Resource - terraform-provider-ciphertrust"
+subcategory: ""
+description: |-
+  
+---
+
+# ciphertrust_cte_csigroup (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `k8s_namespace` (String) K8sNamespace
+- `k8s_storage_class` (String) K8sStorageClass.
+- `name` (String) Name of CSIGroup.
+
+### Optional
+
+- `client_profile` (String) ClientProfile
+- `description` (String) (Updateable) CSIGroup description.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/docs/resources/cte_guardpoint.md b/docs/resources/cte_guardpoint.md
@@ -22,26 +22,24 @@ This resource is applicable to CipherTrust Manager only.
 
 - `client_id` (String) IP Address/hostname/ID of client.
 - `gp_type` (String) Type of Guardpoint.
-- `guard_enabled` (Boolean) Guard Enabled
+- `guard_enabled` (Boolean) (Updateable) Guard Enabled
 - `guard_paths` (List of String) List of GP paths
 - `policy_id` (String) ID of the policy applied with this GuardPoint.
 
 ### Optional
 
 - `automount_enabled` (Boolean) Whether automount is enabled with the GuardPoint. Supported for Standard and LDT policies.
 - `cifs_enabled` (Boolean) Whether to enable CIFS. Available on LDT enabled windows clients only. The default value is false. If you enable the setting, it cannot be disabled.
-- `data_classification_enabled` (Boolean) Whether data classification (tagging) is enabled.
-- `data_lineage_enabled` (Boolean) Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies.
+- `data_classification_enabled` (Boolean) (Updateable) Whether data classification (tagging) is enabled.
+- `data_lineage_enabled` (Boolean) (Updateable) Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies.
 - `disk_group_name` (String) Name of the disk group if the selected raw partition is a member of an Oracle ASM disk group.
 - `disk_name` (String) Name of the disk if the selected raw partition is a member of an Oracle ASM disk group.
 - `docker_cont_id` (String) Docker container ID
 - `docker_img_id` (String) Docker image ID
 - `is_esg_capable_device` (Boolean) Whether the device where GuardPoint is applied is ESG capable or not.
 - `is_idt_capable_device` (Boolean) Whether the device where GuardPoint is applied is IDT capable or not. Supported for IDT policies.
-- `mfa_enabled` (Boolean) MFA enabled
+- `mfa_enabled` (Boolean) (Updateable) MFA enabled
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-
diff --git a/docs/resources/cte_ldtgroupcomms.md b/docs/resources/cte_ldtgroupcomms.md
@@ -0,0 +1,29 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ciphertrust_cte_ldtgroupcomms Resource - terraform-provider-ciphertrust"
+subcategory: ""
+description: |-
+  
+---
+
+# ciphertrust_cte_ldtgroupcomms (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of LDTGroupCommService.
+
+### Optional
+
+- `client_list` (String) (Updateable) LDTGroupCommService type
+- `description` (String) (Updateable) LDTGroupCommService description.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
diff --git a/docs/resources/cte_policies.md b/docs/resources/cte_policies.md
@@ -42,21 +42,23 @@ Types of Policies:
 
 ### Required
 
-- `description` (String) Description of policy
+- `description` (String) (Updateable) Description of policy
 - `name` (String) This is the name of the policy.
 - `type` (String) Type of policy
 
 ### Optional
 
 - `data_transform_rules` (Block List) Policy data transform rules (see [below for nested schema](#nestedblock--data_transform_rules))
+- `restrict_update` (Boolean) restrict_update
 - `idt_key_rules` (Block List) Policy IDT key rules (see [below for nested schema](#nestedblock--idt_key_rules))
 - `key_combine_algorithm` (String) Key combine algorithm
 - `key_rules` (Block List) Policy key rules (see [below for nested schema](#nestedblock--key_rules))
 - `ldt_key_rules` (Block List) Policy LDT key rules (see [below for nested schema](#nestedblock--ldt_key_rules))
-- `never_deny` (Boolean) Never deny
+- `never_deny` (Boolean) (Updateable) Never deny
 - `permit_combine_algorithm` (String) Permit combine algorithm
 - `policy_key_version` (Number) Policy key version
 - `policy_version` (Number) Policy Version
+- `restrict_update` (Boolean) (Updateable) Restrict_update flag toggler
 - `schema_version` (Number) Schema version
 - `security_rules` (Block List) Policy security rules (see [below for nested schema](#nestedblock--security_rules))
 - `updated_by` (String) Updated By
@@ -106,11 +108,11 @@ Optional:
 
 Optional:
 
-- `current_key` (Block List) Current key (see [below for nested schema](#nestedblock--ldt_key_rules--current_key))
+- `current_key` (Block List) (Updateable) Current key (see [below for nested schema](#nestedblock--ldt_key_rules--current_key))
 - `is_exclusion_rule` (Boolean)
 - `order_number` (Number)
 - `resource_set_id` (String)
-- `transformation_key` (Block List) Transformation key (see [below for nested schema](#nestedblock--ldt_key_rules--transformation_key))
+- `transformation_key` (Block List) (Updateable) Transformation key (see [below for nested schema](#nestedblock--ldt_key_rules--transformation_key))
 
 <a id="nestedblock--ldt_key_rules--current_key"></a>
 ### Nested Schema for `ldt_key_rules.current_key`
@@ -149,5 +151,3 @@ Optional:
 - `process_signed` (String)
 - `resource_set_id` (String)
 - `user_set_id` (String)
-
-
diff --git a/docs/resources/cte_process_set.md b/docs/resources/cte_process_set.md
@@ -0,0 +1,38 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ciphertrust_cte_process_set Resource - terraform-provider-ciphertrust"
+subcategory: ""
+description: |-
+  
+---
+
+# ciphertrust_cte_process_set (Resource)
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) This is the name of the process set.
+
+### Optional
+
+- `description` (String) (Updateable) Description of process set
+- `processes` (Block List) Process set list. (see [below for nested schema](#nestedblock--processes))
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--processes"></a>
+### Nested Schema for `processes`
+
+Optional:
+
+- `directory` (String) (Updateable) ProcessDirectory of the process to be added to the process set.
+- `file` (String) (Updateable) File name of the process to be added to the process set.
+- `signature` (String) (Updateable) ID of the signature set to link to the process set.