updated docs

changelog.md

@@ -1,3 +1,11 @@
+# 0.10.2-beta
+
+    Changed provider parameter `domain`'s default value from `root` to the empty string.
+        The login behavior is unchanged because the appliance's backend uses `root` when the domain is not specified.
+
+    Introduced provider parameter `auth_domain`
+        CipherTrust authentication domain of the user. This is the domain where the user was created.
+
 # 0.10.1-beta
 
     Documentation update.

docs/index.md

@@ -35,57 +35,82 @@ CipherTrust address and authentication parameters can be provided as environment
 
 The following table illustrates which parameters can be provided as environment variables or in the configuration file.
 
-| Provider Parameter   | Environment Variable | Config File | Required  | Default Value |
-|:---------------------|:---------------------|:------------|:----------|:--------------|
-| address              | CM_ADDRESS           | address     | Yes       | N/A           |
-| username             | CM_USERNAME          | username    | Yes       | N/A           |
-| password             | CM_PASSWORD          | password    | Yes       | N/A           |
-| domain               | CM_DOMAIN            | domain      | No        | root          |
-| remaining parameters | no                   | yes         | No        | N/A           |
-
-The order of precedence when determining the value of a parameter: 
+| Provider Parameter   | Environment Variable | Config File | Required  | Default Value              |
+|:---------------------|:---------------------|:------------|:----------|:---------------------------|
+| address              | CM_ADDRESS           | address     | Yes       | N/A                        |
+| username             | CM_USERNAME          | username    | Yes       | N/A                        |
+| password             | CM_PASSWORD          | password    | Yes       | N/A                        |
+| domain               | CM_DOMAIN            | domain      | No        | Empty string (root domain) |
+| auth_domain          | CM_AUTH_DOMAIN       | auth_domain | No        | Empty string (root domain) |
+| remaining parameters | no                   | yes         | No        | N/A                        |
+
+The order of precedence when determining the value of a provider parameter: 
 1. Provider Block
 2. Environment Variable
 3. Configuration File
 
 ## Provider Block 
 
+To authenticate to and log in to the root domain:
 ```terraform
 provider "ciphertrust" {
-  address  = "cm-address"
-  username = "cm-username"
-  password = "cm-password"
-  domain   = "cm-domain"
+  address      = "cm-address"
+  username     = "cm-username"
+  password     = "cm-password"
+}
+
+```
+To authenticate to and log in to a domain other than root: 
+
+```terraform
+provider "ciphertrust" {
+  address      = "cm-address"
+  username     = "cm-username"
+  password     = "cm-password"
+  auth_domain  = "users-auth-domain" 
+}
+```
+
+To authenticate to a domain but log in to a different domain:
+
+```terraform
+provider "ciphertrust" {
+  address      = "cm-address"
+  username     = "cm-username"
+  password     = "cm-password"
+  auth_domain  = "users-auth-domain"
+  domain       = "a-different-domain"
 }
 ```
 ## Configuration File
 
 All provider parameters can be read from the configuration file.
 
-The configuration file is ~/.ciphertrust/config. 
+The configuration file is ~/.ciphertrust/config. For example:
 
 ```terraform
   address = cm-address
   username = cm-username
   password = cm-password
 ```
-If the above values exist in the configuration file the provider block can be:
+If authentication values exist in the configuration file the provider block can be:
 
 ```terraform
 provider "ciphertrust" {}
  ```
 
 ### Environment variables
 
-Some provider parameters can be specified in environment variables.
+Some provider parameters can be specified in environment variables. For example:
 
 ```bash
 export CM_USERNAME=cm-username
 export CM_PASSWORD=cm-password
+export CM_AUTH_DOMAIN=cm-auth-domain
 export CM_DOMAIN=cm-domain
 ```
 
-If the above environment variables exist the provider block can be:
+If environment variables required for authentication exist the provider block can be:
 
 ```terraform
 provider "ciphertrust" {}
@@ -102,9 +127,10 @@ provider "ciphertrust" {}
 ### Optional
 
 - `address` (String) HTTPS URL of the CipherTrust instance. An address need not be provided when creating a cluster of CipherTrust instances. address can be set in the provider block, via the CM_ADDRESS environment variable or in ~/.ciphertrust/config
+- `auth_domain` (String) CipherTrust authentication domain of the user. This is the domain where the user was created. auth_domain can be set in the provider block, via the CM_AUTH_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the empty string (root domain).
 - `aws_operation_timeout` (Number) Some AWS key operations, for example, replication, can take some time to complete. This specifies how long to wait for an operation to complete in seconds. aws_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 480.
 - `azure_operation_timeout` (Number) Azure key operations can take time to complete. This specifies how long to wait for an operation to complete in seconds. azure_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 240.
-- `domain` (String) CipherTrust domain of the user. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is root.
+- `domain` (String) CipherTrust domain to log in to. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the empty string (root domain).
 - `gcp_operation_timeout` (Number) Some Google Cloud operations, for example, schedule destroy, are not synchronous. This specifies how long to wait for an operation to complete in seconds. gcp_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 120.
 - `hsm_operation_timeout` (Number) HSM connection operations are not synchronous. This specifies how long to wait for an operation to complete in seconds. hsm_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 120.
 - `log_file` (String) Log file name. log_file can be set in the provider block or in ~/.ciphertrust/config. Default is ctp.log.

docs/resources/cm_key.md

@@ -47,7 +47,7 @@ resource "ciphertrust_cm_key" "cm_aes_key" {
 
 ### Optional
 
-- `curve` (String) Curve for an EC key. Options: secp256k1, secp384r1, secp521r1 and prime256v1. Default is secp384r1.
+- `curve` (String) Curve for an EC key. Options: secp256k1, secp384r1, secp521r1, curve25519 and prime256v1. Default is secp384r1.
 - `key_size` (Number) Required for RSA keys. Optional for AES keys. Defaults to 256 for AES keys. Options are: 1024, 2048, 3072, 4096.
 - `undeletable` (Boolean) (Updateable) Parameter to indicate if CM key is undeletable. Must be set to false before this key and any linked keys can be destroyed. Default is false.
 - `unexportable` (Boolean) (Updateable) Parameter to indicate if CM key is unexportable.

examples/provider/provider.tf

@@ -2,6 +2,5 @@ provider "ciphertrust" {
   address           = "https://ip_or_hostname_of_cm"
   username          = "username"
   password          = "password"
-  domain            = "domain"
+  auth_domain       = "authentication-domain"
 }
-

examples/resources/ciphertrust_cm_key/resource.tf

@@ -16,3 +16,10 @@ resource "ciphertrust_cm_key" "cm_aes_key" {
   name      = "key-name"
   algorithm = "AES"
 }
+
+# Create a curve25519 EC key
+resource "ciphertrust_cm_key" "cm_ec_key" {
+  name      = "key-name"
+  algorithm = "EC"
+  curve  = "curve25519"
+}

sample-scripts/aws-cloudhsm-keys/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/create-native/ec/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/create-native/rsa/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/create-native/symmetric/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/import/ciphertrust/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/import/dsm/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/import/hsm-luna/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/key-rotation/ciphertrust/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/key-rotation/dsm/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/key-rotation/hsm-luna/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/key-synchronization/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/policy-templates/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/upload/ciphertrust/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/upload/dsm/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-keys/upload/hsm-luna/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-xks/cm-as-key-source/linked-key/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-xks/cm-as-key-source/unlinked-key/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-xks/luna-as-key-source/linked-key/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/aws-xks/luna-as-key-source/unlinked-key/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/create-native/ec/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/create-native/hsm/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/create-native/rsa/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/key-rotation/ciphertrust/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/key-rotation/dsm/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/key-rotation/hsm-luna/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/key-rotation/native/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }

sample-scripts/azure-keys/key-synchronization/main.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     ciphertrust = {
       source  = "ThalesGroup/ciphertrust"
-      version = ".10.1-beta"
+      version = ".10.2-beta"
     }
   }
 }