feat(kms): add wrapping key resource and datasource

relates to STACKITTPR-416

Author: rubenhoenle

docs/data-sources/kms_wrapping_key.md

@@ -0,0 +1,45 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_wrapping_key Data Source - stackit"
+subcategory: ""
+description: |-
+  KMS wrapping key datasource schema.
+---
+
+# stackit_kms_wrapping_key (Data Source)
+
+KMS wrapping key datasource schema.
+
+## Example Usage
+
+```terraform
+data "stackit_kms_wrapping_key" "example" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  keyring_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  wrapping_key_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `keyring_id` (String) The ID of the associated keyring
+- `project_id` (String) STACKIT project ID to which the keyring is associated.
+- `wrapping_key_id` (String) The ID of the wrapping key
+
+### Optional
+
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
+- `algorithm` (String) The wrapping algorithm used to wrap the key to import. Possible values are: `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `rsa_2048_oaep_sha256_aes_256_key_wrap`, `rsa_3072_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha512_aes_256_key_wrap`.
+- `description` (String) A user chosen description to distinguish multiple wrapping keys.
+- `display_name` (String) The display name to distinguish multiple wrapping keys.
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`wrapping_key_id`".
+- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
+- `public_key` (String) The public key of the wrapping key.
+- `purpose` (String) The purpose for which the key will be used. Possible values are: `wrap_symmetric_key`, `wrap_asymmetric_key`.

docs/resources/kms_keyring.md

@@ -18,7 +18,7 @@ KMS Keyring resource schema. Uses the `default_region` specified in the provider
 ```terraform
 resource "stackit_kms_keyring" "example" {
   project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-  display_name = "example name"
+  display_name = "example-name"
   description  = "example description"
 }
 ```

docs/resources/kms_wrapping_key.md

@@ -0,0 +1,48 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_kms_wrapping_key Resource - stackit"
+subcategory: ""
+description: |-
+  KMS wrapping key resource schema.
+---
+
+# stackit_kms_wrapping_key (Resource)
+
+KMS wrapping key resource schema.
+
+## Example Usage
+
+```terraform
+resource "stackit_kms_wrapping_key" "example" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  keyring_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  display_name = "example-name"
+  protection   = "software"
+  algorithm    = "rsa_2048_oaep_sha256"
+  purpose      = "wrap_symmetric_key"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `algorithm` (String) The wrapping algorithm used to wrap the key to import. Possible values are: `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `rsa_2048_oaep_sha256_aes_256_key_wrap`, `rsa_3072_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha512_aes_256_key_wrap`.
+- `display_name` (String) The display name to distinguish multiple wrapping keys.
+- `keyring_id` (String) The ID of the associated keyring
+- `project_id` (String) STACKIT project ID to which the keyring is associated.
+- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
+- `purpose` (String) The purpose for which the key will be used. Possible values are: `wrap_symmetric_key`, `wrap_asymmetric_key`.
+
+### Optional
+
+- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
+- `description` (String) A user chosen description to distinguish multiple wrapping keys.
+- `region` (String) The resource region. If not defined, the provider region is used.
+
+### Read-Only
+
+- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`wrapping_key_id`".
+- `public_key` (String) The public key of the wrapping key.
+- `wrapping_key_id` (String) The ID of the wrapping key

examples/data-sources/stackit_kms_wrapping_key/data-source.tf

@@ -0,0 +1,5 @@
+data "stackit_kms_wrapping_key" "example" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  keyring_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  wrapping_key_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}

examples/resources/stackit_kms_keyring/resource.tf

@@ -1,5 +1,5 @@
 resource "stackit_kms_keyring" "example" {
   project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-  display_name = "example name"
+  display_name = "example-name"
   description  = "example description"
 }

examples/resources/stackit_kms_wrapping_key/resource.tf

@@ -0,0 +1,8 @@
+resource "stackit_kms_wrapping_key" "example" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  keyring_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  display_name = "example-name"
+  protection   = "software"
+  algorithm    = "rsa_2048_oaep_sha256"
+  purpose      = "wrap_symmetric_key"
+}