stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(access-token): add ephemeral access-token resource (#1068)

Browse source 
* feat(access-token): add ephemeral access-token resource

Signed-off-by: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
This commit is contained in:
Mauritz Uphoff 2025-12-03 10:13:28 +01:00 committed by GitHub
parent 368b8d55be
commit 0e9b97a513
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 733 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

73
docs/ephemeral-resources/access_token.md Normal file
View file

@ -0,0 +1,73 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_access_token Ephemeral Resource - stackit"
subcategory: ""
description: |-
Ephemeral resource that generates a short-lived STACKIT access token (JWT) using a service account key. A new token is generated each time the resource is evaluated, and it remains consistent for the duration of a Terraform operation. If a private key is not explicitly provided, the provider attempts to extract it from the service account key instead. Access tokens generated from service account keys expire after 60 minutes.
~> Service account key credentials must be configured either in the STACKIT provider configuration or via environment variables (see example below). If any other authentication method is configured, this ephemeral resource will fail with an error.
~> This ephemeral-resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
---
# stackit_access_token (Ephemeral Resource)
Ephemeral resource that generates a short-lived STACKIT access token (JWT) using a service account key. A new token is generated each time the resource is evaluated, and it remains consistent for the duration of a Terraform operation. If a private key is not explicitly provided, the provider attempts to extract it from the service account key instead. Access tokens generated from service account keys expire after 60 minutes.
~> Service account key credentials must be configured either in the STACKIT provider configuration or via environment variables (see example below). If any other authentication method is configured, this ephemeral resource will fail with an error.
~> This ephemeral-resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
## Example Usage
```terraform
provider "stackit" {
default_region = "eu01"
service_account_key_path = "/path/to/sa_key.json"
enable_beta_resources = true
}
ephemeral "stackit_access_token" "example" {}
locals {
stackit_api_base_url = "https://iaas.api.stackit.cloud"
public_ip_path = "/v2/projects/${var.project_id}/regions/${var.region}/public-ips"
public_ip_payload = {
labels = {
key = "value"
}
}
}
# Docs: https://registry.terraform.io/providers/Mastercard/restapi/latest
provider "restapi" {
uri = local.stackit_api_base_url
write_returns_object = true
headers = {
Authorization = "Bearer ${ephemeral.stackit_access_token.example.access_token}"
Content-Type = "application/json"
}
create_method = "POST"
update_method = "PATCH"
destroy_method = "DELETE"
}
resource "restapi_object" "public_ip_restapi" {
path = local.public_ip_path
data = jsonencode(local.public_ip_payload)
id_attribute = "id"
read_method = "GET"
create_method = "POST"
update_method = "PATCH"
destroy_method = "DELETE"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Read-Only
- `access_token` (String, Sensitive) JWT access token for STACKIT API authentication.