updated docs

README.md

@@ -3,7 +3,7 @@
 page_title: "CipherTrust Provider"
 subcategory: ""
 description: |-
-  The CipherTrust provider can be used configure a CipherTrust instance or cluster and subsequently manage cloud resources.
+  The CipherTrust provider can be used configure a CipherTrust instance or cluster or a CipherTrust Data Security Platform as a Service (CDSPaaS) and subsequently manage cloud resources.
 ---
 
 # CipherTrust Provider
@@ -37,6 +37,7 @@ To deploy a Virtual CipherTrust Manager from AWS, you must supply the Amazon Mac
 
 ## Thales Devices
 The following devices can be used to create keys for the above public clouds.
+- CipherTrust Manager
 - DSM
 - HSM Luna
 
@@ -50,41 +51,78 @@ CipherTrust authentication parameters can also be provided as environment variab
 
 The following table illustrates which parameters can be provided as environment variables or in the configuration file.
 
-| Provider Parameter   | Environment Variable | Config File | Required  | Default Value |
-|:---------------------|:---------------------|:------------|:----------|:--------------|
-| address              | CM_ADDRESS           | address     | Yes       | N/A           |
-| username             | CM_USERNAME          | username    | Yes       | N/A           |
-| password             | CM_PASSWORD          | password    | Yes       | N/A           |
-| domain               | CM_DOMAIN            | domain      | No        | root          |
-| remaining parameters | no                   | yes         | No        | N/A           |
+| Provider Parameter   | Environment Variable | Config File | Required  | Default Value              |
+|:---------------------|:---------------------|:------------|:----------|:---------------------------|
+| address              | CM_ADDRESS           | address     | Yes       | N/A                        |
+| username             | CM_USERNAME          | username    | Yes       | N/A                        |
+| password             | CM_PASSWORD          | password    | Yes       | N/A                        |
+| domain               | CM_DOMAIN            | domain      | No        | Empty string (root domain) |
+| auth_domain          | CM_AUTH_DOMAIN       | auth_domain | No        | Empty string (root domain) |
+| remaining parameters | no                   | yes         | No        | N/A                        |
 
-The order of precedence when determining the value of a parameter: 
+The order of precedence when determining the value of a provider parameter: 
 1. Provider Block
 2. Environment Variable
 3. Configuration File
 
 ## Provider Block 
 
+### For CipherTrust Manager
+
+To authenticate to and log in to the root domain:
 ```terraform
 provider "ciphertrust" {
   address  = "cm-address"
   username = "cm-username"
   password = "cm-password"
-  domain   = "cm-domain"
+}
+
+```
+To authenticate to and log in to a domain other than root: 
+
+```terraform
+provider "ciphertrust" {
+  address      = "cm-address"
+  username     = "cm-username"
+  password     = "cm-password"
+  auth_domain  = "users-auth-domain" 
+}
+```
+
+To authenticate to a domain but log in to a different domain:
+
+```terraform
+provider "ciphertrust" {
+  address      = "cm-address"
+  username     = "cm-username"
+  password     = "cm-password"
+  auth_domain  = "users-auth-domain"
+  domain       = "a-different-domain"
+}
+```
+
+### For CipherTrust Data Security Platform as a Service (CDSPaaS)
+
+```terraform
+provider "ciphertrust" {
+  address     = "cdsp-address"
+  username    = "cdsp-tenant-username"
+  password    = "cdsp-tenant-password"
+  auth_domain = "cdsp-tenant-name"
 }
 ```
 ## Configuration File
 
 All provider parameters can be read from the configuration file.
 
-The configuration file is ~/.ciphertrust/config. 
+The configuration file is ~/.ciphertrust/config. For example:
 
 ```terraform
   address = cm-address
   username = cm-username
   password = cm-password
 ```
-If the above values exist in the configuration file the provider block can be:
+If authentication values exist in the configuration file the provider block can be:
 
 ```terraform
 provider "ciphertrust" {}
@@ -97,10 +135,11 @@ Some provider parameters can be specified in environment variables.
 ```bash
 export CM_USERNAME=cm-username
 export CM_PASSWORD=cm-password
+export CM_AUTH_DOMAIN=cm-auth-domain
 export CM_DOMAIN=cm-domain
 ```
 
-If the above environment variables exist the provider block can be:
+If environment variables required for authentication exist the provider block can be:
 
 ```terraform
 provider "ciphertrust" {}
@@ -117,12 +156,64 @@ provider "ciphertrust" {}
 ### Optional
 
 - **address** (String) HTTPS URL of the CipherTrust instance. address can be set in the provider block, via the CM_ADDRESS environment variable or in ~/.ciphertrust/config. An address need not be provided when creating a cluster of CipherTrust instances.
+- **auth_domain** (String) CipherTrust authentication domain of the user. This is the domain where the user was created. auth_domain can be set in the provider block, via the CM_AUTH_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the empty string (root domain).
 - **aws_operation_timeout** (Number) Some AWS key operations, for example, replication, can take some time to complete. This specifies how long to wait for an operation to complete in seconds. aws_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 480.
 - **azure_operation_timeout** (Number) Azure key operations can take time to complete. This specifies how long to wait for an operation to complete in seconds. azure_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 240.
-- **domain** (String) CipherTrust domain of the user. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the root domain.
+- **domain** (String) CipherTrust domain to log in to. domain can be set in the provider block, via the CM_DOMAIN environment variable or in ~/.ciphertrust/config. Default is the root domain.
 - **gcp_operation_timeout** (Number) Some Google Cloud operations, for example, schedule destroy, are not synchronous. This specifies how long to wait for an operation to complete in seconds. gcp_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 120.
 - **hsm_operation_timeout** (Number) HSM connection operations are not synchronous. This specifies how long to wait for an operation to complete in seconds. hsm_operation_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60.
 - **log_file** (String) Log file name. log_file can be set in the provider block or in ~/.ciphertrust/config. Default is ctp.log.
 - **log_level** (String) Logging level. log_level can be set in the provider block or in ~/.ciphertrust/config. Default is info. Options: debug, info, warning or error.
 - **no_ssl_verify** (Boolean) Set to false to verify the server's certificate chain and host name. no_ssl_verify can be set in the provider block or in ~/.ciphertrust/config. Default is true.
 - **rest_api_timeout** (Number) CipherTrust rest api timeout in seconds. rest_api_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60.
+
+## Supported resource types
+
+The following table illustrates which resource types are supported in CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+| Resource Type                    | CipherTrust Manager | CDSPaaS |
+|:---------------------------------|:--------------------|:--------|
+| ciphertrust_aws_cloudhsm_key     | yes                 | yes     |
+| ciphertrust_aws_connection       | yes                 | yes     |
+| ciphertrust_aws_custom_keystore  | yes                 | yes     |
+| ciphertrust_aws_key              | yes                 | yes     |
+| ciphertrust_aws_kms              | yes                 | yes     |
+| ciphertrust_aws_policy_template  | yes                 | yes     |
+| ciphertrust_aws_xks_key          | yes                 | yes     |
+| ciphertrust_azure_connection     | yes                 | yes     |
+| ciphertrust_azure_key            | yes                 | yes     |
+| ciphertrust_azure_vault          | yes                 | yes     |
+| ciphertrust_cluster              | yes                 | no      |
+| ciphertrust_cm_key               | yes                 | yes     |
+| ciphertrust_cte_client           | yes                 | no      |
+| ciphertrust_cte_guardpoint       | yes                 | no      |
+| ciphertrust_cte_policies         | yes                 | no      |
+| ciphertrust_domain               | yes                 | no      |
+| ciphertrust_dsm_connection       | yes                 | no      |
+| ciphertrust_dsm_domain           | yes                 | no      |
+| ciphertrust_dsm_key              | yes                 | no      |
+| ciphertrust_ekm_endpoint         | yes                 | yes     |
+| ciphertrust_gcp_acl              | yes                 | yes     |
+| ciphertrust_gcp_connection       | yes                 | yes     |
+| ciphertrust_gcp_key              | yes                 | yes     |
+| ciphertrust_gcp_keyring          | yes                 | yes     |
+| ciphertrust_google_project       | yes                 | yes     |
+| ciphertrust_groups               | yes                 | yes     |
+| ciphertrust_gwcse_endpoint       | yes                 | yes     |
+| ciphertrust_gwcse_identity       | yes                 | yes     |
+| ciphertrust_hsm_connection       | yes                 | no      |
+| ciphertrust_hsm_key              | yes                 | no      |
+| ciphertrust_hsm_partition        | yes                 | no      |
+| ciphertrust_hsm_server           | yes                 | no      |
+| ciphertrust_interface            | yes                 | no      |
+| ciphertrust_license              | yes                 | no      |
+| ciphertrust_log_forwarder        | yes                 | no      |
+| ciphertrust_ntp                  | yes                 | no      |
+| ciphertrust_password_policy      | yes                 | no      |
+| ciphertrust_policies             | yes                 | no      |
+| ciphertrust_policy_attachments   | yes                 | no      |
+| ciphertrust_property             | yes                 | no      |
+| ciphertrust_proxy                | yes                 | no      |
+| ciphertrust_scheduler            | yes                 | yes     |
+| ciphertrust_syslog               | yes                 | no      |
+| ciphertrust_user                 | yes                 | yes     |
+| ciphertrust_virtual_key          | yes                 | no      |

changelog.md

@@ -1,3 +1,14 @@
+# 0.10.3-beta
+
+## New Data Source
+    Added the ciphertrust_scheduler data source.
+
+## Fixes
+    ciphertrust_cm_key key_size will accept 128, 192 and 256 for AES keys.
+
+## Documentation
+    Added documentation for CipherTrust Data Security Platform as a Service (CDSPaaS).
+
 # 0.10.2-beta
 
     Changed provider parameter `domain`'s default value from `root` to the empty string.

docs/data-sources/scheduler.md

@@ -0,0 +1,70 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ciphertrust_scheduler Data Source - terraform-provider-ciphertrust"
+subcategory: ""
+description: |-
+  
+---
+
+# ciphertrust_scheduler (Data Source)
+
+This data-source retrieves details of a [ciphertrust_scheduler](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/scheduler) resource.
+
+It's possible to identify the scheduler using the scheduler's name or ID.
+
+
+## Example Usage
+
+```terraform
+# Retrieve details using the scheduler's name
+data "ciphertrust_scheduler" "scheduler_by_name" {
+  name = "Rotation Scheduler"
+}
+
+# Retrieve details using the ID of the scheduler
+data "ciphertrust_aws_key" "scheduler_by_id" {
+  id = "77b4acd3-80e4-4270-81b5-11bb13b8053a"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `id` (String) Job configuration ID.
+- `name` (String) Name of the job configuration.
+
+### Read-Only
+
+- `cckm_key_rotation_params` (List of Object) Specifies key rotation parameters (see [below for nested schema](#nestedatt--cckm_key_rotation_params))
+- `cckm_synchronization_params` (List of Object) Specifies key synchronization parameters (see [below for nested schema](#nestedatt--cckm_synchronization_params))
+- `description` (String) Description of the job configuration.
+- `disabled` (Boolean) Indicates if the the job configuration is disabled.
+- `end_date` (String) Date the job configuration becomes inactive.
+- `operation` (String) Type of operation.
+- `run_at` (String) Cron expression indicating when the job will run.
+- `run_on` (String) Node on which the job will run.
+- `start_date` (String) Date the job configuration becomes active.
+
+<a id="nestedatt--cckm_key_rotation_params"></a>
+### Nested Schema for `cckm_key_rotation_params`
+
+Read-Only:
+
+- `aws_retain_alias` (Boolean)
+- `cloud_name` (String)
+- `expiration` (String)
+- `expire_in` (String)
+
+
+<a id="nestedatt--cckm_synchronization_params"></a>
+### Nested Schema for `cckm_synchronization_params`
+
+Read-Only:
+
+- `cloud_name` (String)
+- `key_rings` (Set of String)
+- `key_vaults` (Set of String)
+- `kms` (Set of String)
+- `synchronize_all` (Boolean)

docs/index.md

@@ -51,6 +51,8 @@ The order of precedence when determining the value of a provider parameter:
 
 ## Provider Block 
 
+### For CipherTrust Manager
+
 To authenticate to and log in to the root domain:
 ```terraform
 provider "ciphertrust" {
@@ -82,6 +84,17 @@ provider "ciphertrust" {
   domain       = "a-different-domain"
 }
 ```
+
+### For CipherTrust Data Security Platform as a Service (CDSPaaS)
+
+```terraform
+provider "ciphertrust" {
+  address     = "cdsp-address"
+  username    = "cdsp-tenant-username"
+  password    = "cdsp-tenant-password"
+  auth_domain = "cdsp-tenant-name"
+}
+```
 ## Configuration File
 
 All provider parameters can be read from the configuration file.
@@ -136,6 +149,4 @@ provider "ciphertrust" {}
 - `log_file` (String) Log file name. log_file can be set in the provider block or in ~/.ciphertrust/config. Default is ctp.log.
 - `log_level` (String) Logging level. log_level can be set in the provider block or in ~/.ciphertrust/config. Default is info. Options: debug, info, warning or error.
 - `no_ssl_verify` (Boolean) Set to false to verify the server's certificate chain and host name. no_ssl_verify can be set in the provider block or in ~/.ciphertrust/config. Default is true.
-- `password` (String, Sensitive) Password of a CipherTrust user. password can be set in the provider block, via the CM_PASSWORD environment variable or in ~/.ciphertrust/config
 - `rest_api_timeout` (Number) CipherTrust rest api timeout in seconds. rest_api_timeout can be set in the provider block or in ~/.ciphertrust/config. Default is 60.
-- `username` (String) Username of a CipherTrust user. username can be set in the provider block, via the CM_USERNAME environment variable or in ~/.ciphertrust/config

docs/resources/aws_cloudhsm_key.md

@@ -15,6 +15,8 @@ Primary uses of the ciphertrust_aws_cloudhsm_key resource include:
 - Creating an AWS key in custom key store of type AWS_CLOUDHSM
 - Updating attributes of an linked AWS HYOK key (description, tags, alias, policy, enable/disable)
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Prerequisites
 - CloudHSM cluster setup on AWS is required before creating custom key store of type AWS_CLOUDHSM (refer AWS CloudHSM documentation including the AWS Key Management Service Developer Guide and AWS CloudHSM User Guide.)
 - For CloudHSM key, CloudHSM Key Store needs to be in `Connected` state before creating CloudHSM key. It takes upto 30 minutes for Connect/Disconnect operations.

docs/resources/aws_connection.md

@@ -14,6 +14,8 @@ A connection is required before operations can be performed on the AWS cloud.
 
 [ciphertrust_aws_kms](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_kms) resources are dependent on this resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Optional Use of Environment Variables 
 
 | Parameter          | Environment Variable  |

docs/resources/aws_custom_keystore.md

@@ -25,6 +25,8 @@ Primary uses of the ciphertrust_aws_custom_keystore resource include:
 - Perform following operations on a custom keystore of type AWS_CLOUDHSM:
   - connect/disconnect
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Prerequisites
 ### External Key Store
 - External Key Store can be in either linked or Unlinked state. Linked keystore is automatically created in AWS too. 

docs/resources/aws_key.md

@@ -29,6 +29,7 @@ Scheduling key rotation requires a [ciphertrust_scheduler](https://registry.terr
 
 This resource is dependent on a [ciphertrust_aws_kms](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_kms) resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
 
 ## Example Usage
 

docs/resources/aws_kms.md

@@ -14,6 +14,7 @@ This resource is dependent on a [ciphertrust_aws_connection](https://registry.te
 
 [ciphertrust_aws_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/aws_key) resources are dependent on this resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
 
 ## Example Usage
 

docs/resources/aws_policy_template.md

@@ -12,6 +12,8 @@ A ciphertrust_aws_policy_template can be used to add the key policy for [ciphert
 
 If the policy json is provided no other fields can be specified.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Example Usage
 
 ```terraform

docs/resources/aws_xks_key.md

@@ -16,6 +16,8 @@ Primary uses of the ciphertrust_aws_xks_key resource include:
     - block/unblock
     - link an unlinked key  
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Prerequisites
 - Creation of AWS HYOK key is supported for locally hosted External Key Store.
 - HYOK Keys can be backed by Luna HSM as key source or by Ciphertrust Manager as key source.  

docs/resources/azure_connection.md

@@ -14,6 +14,8 @@ A connection is required before operations can be performed on the Azure cloud.
 
 [ciphertrust_azure_vault](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_vault) resources are dependent on this resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Optional Use of Environment Variables
 
 | Parameter        | Environment Variable  |

docs/resources/azure_key.md

@@ -28,6 +28,7 @@ Scheduling key rotation requires a [ciphertrust_scheduler](https://registry.terr
 
 This resource is dependent on a [ciphertrust_azure_vault](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_vault) resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
 
 ## Example Usage
 

docs/resources/azure_vault.md

@@ -16,6 +16,8 @@ This resource is dependent on a [ciphertrust_azure_connection](https://registry.
 
 [ciphertrust_azure_key](https://registry.terraform.io/providers/ThalesGroup/ciphertrust/latest/docs/resources/azure_key) resources are dependent on this resource.
 
+This resource is applicable to CipherTrust Manager and CipherTrust Data Security Platform as a Service(CDSPaaS).
+
 ## Optional Use of Environment Variables
 
 | Parameter       | Environment Variable |