feat(iam): add iam ssh key resource (#1340)

Co-authored-by: Rémy Léone <[email protected]>

Author: yfodil

scaleway/data_source_iam_ssh_key.go

@@ -0,0 +1,74 @@
+package scaleway
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func dataSourceScalewayIamSSHKey() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasourceSchemaFromResourceSchema(resourceScalewayIamSSKKey().Schema)
+	addOptionalFieldsToSchema(dsSchema, "name")
+
+	dsSchema["name"].ConflictsWith = []string{"ssh_key_id"}
+	dsSchema["ssh_key_id"] = &schema.Schema{
+		Type:         schema.TypeString,
+		Optional:     true,
+		Description:  "The ID of the SSH key",
+		ValidateFunc: validationUUID(),
+	}
+
+	return &schema.Resource{
+		ReadContext: dataSourceScalewayIamSSHKeyRead,
+		Schema:      dsSchema,
+	}
+}
+
+func dataSourceScalewayIamSSHKeyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+
+	sshKeyID, sshKeyIDExists := d.GetOk("ssh_key_id")
+	if !sshKeyIDExists {
+		res, err := iamAPI.ListSSHKeys(&iam.ListSSHKeysRequest{
+			Name:      expandStringPtr(d.Get("name")),
+			ProjectID: expandStringPtr(d.Get("project_id")),
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		for _, sshKey := range res.SSHKeys {
+			if sshKey.Name == d.Get("name").(string) {
+				if sshKeyID != "" {
+					return diag.FromErr(fmt.Errorf("more than 1 SSH Key found with the same name %s", d.Get("name")))
+				}
+				sshKeyID = sshKey.ID
+			}
+		}
+		if sshKeyID == "" {
+			return diag.FromErr(fmt.Errorf("no SSH Key found with the name %s", d.Get("name")))
+		}
+	}
+
+	d.SetId(sshKeyID.(string))
+
+	err := d.Set("ssh_key_id", sshKeyID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	diags := resourceScalewayIamSSHKeyRead(ctx, d, meta)
+	if diags != nil {
+		return append(diags, diag.Errorf("failed to read iam ssh key state")...)
+	}
+
+	if d.Id() == "" {
+		return diag.Errorf("iam ssh key (%s) not found", sshKeyID)
+	}
+
+	return nil
+}

scaleway/data_source_iam_ssh_key_test.go

@@ -0,0 +1,54 @@
+package scaleway
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccScalewayDataSourceIamSSHKey_Basic(t *testing.T) {
+	SkipBetaTest(t)
+	dataSourceIamSSHKey := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHy/M5FVm5ydLGcal3e5LNcfTalbeN7QL/ZGCvDEdqJ [email protected]"
+	sshKeyName := "TestAccScalewayDataSourceIamSSHKey_Basic"
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayIamSSHKeyDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_ssh_key" "main" {
+						name 	   = "%s"
+						public_key = "%s"
+					}
+					`, sshKeyName, dataSourceIamSSHKey),
+			},
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_ssh_key" "main" {
+						name 	   = "%s"
+						public_key = "%s"
+					}
+					
+					data "scaleway_iam_ssh_key" "prod" {
+						name = "${scaleway_iam_ssh_key.main.name}"
+					}
+					
+					data "scaleway_iam_ssh_key" "stg" {
+						ssh_key_id = "${scaleway_iam_ssh_key.main.id}"
+					}`, sshKeyName, dataSourceIamSSHKey),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayIamSSHKeyExists(tt, "data.scaleway_iam_ssh_key.prod"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_ssh_key.prod", "name", sshKeyName),
+					resource.TestCheckResourceAttr("data.scaleway_iam_ssh_key.prod", "public_key", dataSourceIamSSHKey),
+					testAccCheckScalewayIamSSHKeyExists(tt, "data.scaleway_iam_ssh_key.stg"),
+					resource.TestCheckResourceAttr("data.scaleway_iam_ssh_key.stg", "name", sshKeyName),
+					resource.TestCheckResourceAttr("data.scaleway_iam_ssh_key.stg", "public_key", dataSourceIamSSHKey),
+				),
+			},
+		},
+	})
+}

scaleway/provider.go

@@ -32,10 +32,12 @@ func addBetaResources(provider *schema.Provider) {
 		return
 	}
 	betaResources := map[string]*schema.Resource{
-		"scaleway_iam_application": resourceScalewayIamApplication(),
 		"scaleway_iam_api_key":     resourceScalewayIamAPIKey(),
+		"scaleway_iam_application": resourceScalewayIamApplication(),
+		"scaleway_iam_ssh_key":     resourceScalewayIamSSKKey(),
 	}
 	betaDataSources := map[string]*schema.Resource{
+		"scaleway_iam_ssh_key":     dataSourceScalewayIamSSHKey(),
 		"scaleway_iam_application": dataSourceScalewayIamApplication(),
 		"scaleway_iam_user":        dataSourceScalewayIamUser(),
 	}

scaleway/resource_iam_ssh_key.go

@@ -0,0 +1,175 @@
+package scaleway
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func resourceScalewayIamSSKKey() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceScalewayIamSSKKeyCreate,
+		ReadContext:   resourceScalewayIamSSHKeyRead,
+		UpdateContext: resourceScalewayIamSSKKeyUpdate,
+		DeleteContext: resourceScalewayIamSSKKeyDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		SchemaVersion: 0,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Optional:    true,
+				Description: "The name of the iam SSH key",
+			},
+			"public_key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The public SSH key",
+				// We don't consider trailing \n as diff
+				DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool {
+					return strings.Trim(oldValue, "\n") == strings.Trim(newValue, "\n")
+				},
+			},
+			"fingerprint": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The fingerprint of the iam SSH key",
+			},
+			"created_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The date and time of the creation of the iam SSH Key",
+			},
+			"updated_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The date and time of the last update of the iam SSH Key",
+			},
+			"organization_id": organizationIDSchema(),
+			"project_id":      projectIDSchema(),
+			"disabled": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: "The SSH key status",
+			},
+		},
+	}
+}
+
+func resourceScalewayIamSSKKeyCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+
+	res, err := iamAPI.CreateSSHKey(&iam.CreateSSHKeyRequest{
+		Name:      d.Get("name").(string),
+		PublicKey: strings.Trim(d.Get("public_key").(string), "\n"),
+		ProjectID: (d.Get("project_id")).(string),
+	}, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	if _, disabledExists := d.GetOk("disabled"); disabledExists {
+		_, err = iamAPI.UpdateSSHKey(&iam.UpdateSSHKeyRequest{
+			SSHKeyID: d.Id(),
+			Disabled: expandBoolPtr(getBool(d, "disabled")),
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	d.SetId(res.ID)
+
+	return resourceScalewayIamSSHKeyRead(ctx, d, meta)
+}
+
+func resourceScalewayIamSSHKeyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+
+	res, err := iamAPI.GetSSHKey(&iam.GetSSHKeyRequest{
+		SSHKeyID: d.Id(),
+	}, scw.WithContext(ctx))
+	if err != nil {
+		if is404Error(err) {
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(err)
+	}
+
+	_ = d.Set("name", res.Name)
+	_ = d.Set("public_key", res.PublicKey)
+	_ = d.Set("fingerprint", res.Fingerprint)
+	_ = d.Set("created_at", flattenTime(res.CreatedAt))
+	_ = d.Set("updated_at", flattenTime(res.UpdatedAt))
+	_ = d.Set("organization_id", res.OrganizationID)
+	_ = d.Set("project_id", res.ProjectID)
+	_ = d.Set("disabled", res.Disabled)
+
+	return nil
+}
+
+func resourceScalewayIamSSKKeyUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+
+	req := &iam.UpdateSSHKeyRequest{
+		SSHKeyID: d.Id(),
+	}
+
+	hasUpdated := false
+
+	if d.HasChange("name") {
+		req.Name = expandStringPtr(d.Get("name"))
+		hasUpdated = true
+	}
+
+	if d.HasChange("disabled") {
+		if _, disabledExists := d.GetOk("disabled"); !disabledExists {
+			_, err := iamAPI.UpdateSSHKey(&iam.UpdateSSHKeyRequest{
+				SSHKeyID: d.Id(),
+				Disabled: expandBoolPtr(false),
+			})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+		} else {
+			_, err := iamAPI.UpdateSSHKey(&iam.UpdateSSHKeyRequest{
+				SSHKeyID: d.Id(),
+				Disabled: expandBoolPtr(getBool(d, "disabled")),
+			})
+			if err != nil {
+				return diag.FromErr(err)
+			}
+		}
+	}
+
+	if hasUpdated {
+		_, err := iamAPI.UpdateSSHKey(req, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	return resourceScalewayIamSSHKeyRead(ctx, d, meta)
+}
+
+func resourceScalewayIamSSKKeyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamAPI := iamAPI(meta)
+
+	err := iamAPI.DeleteSSHKey(&iam.DeleteSSHKeyRequest{
+		SSHKeyID: d.Id(),
+	}, scw.WithContext(ctx))
+	if err != nil && !is404Error(err) {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}