stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
terraform-provider-stackitp.../stackit/internal/services/objectstorage/credential/datasource.go
Marcel Jacek 24b7387db9
feat: add logging for trace id (#1061) 
relates to STACKITTPR-290
2025-11-27 10:06:18 +00:00

226 lines
7.9 KiB
Go
Raw Blame History

package objectstorage
import (
"context"
"fmt"
"net/http"
"time"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
objectstorageUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/objectstorage/utils"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/utils"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/stackitcloud/stackit-sdk-go/services/objectstorage"
)
// Ensure the implementation satisfies the expected interfaces.
var (
_ datasource.DataSource = &credentialDataSource{}
)
type DataSourceModel struct {
Id types.String `tfsdk:"id"` // needed by TF
CredentialId types.String `tfsdk:"credential_id"`
CredentialsGroupId types.String `tfsdk:"credentials_group_id"`
ProjectId types.String `tfsdk:"project_id"`
Name types.String `tfsdk:"name"`
ExpirationTimestamp types.String `tfsdk:"expiration_timestamp"`
Region types.String `tfsdk:"region"`
}
// NewCredentialDataSource is a helper function to simplify the provider implementation.
func NewCredentialDataSource() datasource.DataSource {
return &credentialDataSource{}
}
// credentialDataSource is the resource implementation.
type credentialDataSource struct {
client *objectstorage.APIClient
providerData core.ProviderData
}
// Metadata returns the resource type name.
func (r *credentialDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_objectstorage_credential"
}
// Configure adds the provider configured client to the datasource.
func (r *credentialDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
var ok bool
r.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
if !ok {
return
}
apiClient := objectstorageUtils.ConfigureClient(ctx, &r.providerData, &resp.Diagnostics)
if resp.Diagnostics.HasError() {
return
}
r.client = apiClient
tflog.Info(ctx, "ObjectStorage credential client configured")
}
// Schema defines the schema for the datasource.
func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
descriptions := map[string]string{
"main": "ObjectStorage credential data source schema. Must have a `region` specified in the provider configuration.",
"id": "Terraform's internal resource identifier. It is structured as \"`project_id`,`region`,`credentials_group_id`,`credential_id`\".",
"credential_id": "The credential ID.",
"credentials_group_id": "The credential group ID.",
"project_id": "STACKIT Project ID to which the credential group is associated.",
"region": "The resource region. If not defined, the provider region is used.",
}
resp.Schema = schema.Schema{
Description: descriptions["main"],
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
Description: descriptions["id"],
Computed: true,
},
"credential_id": schema.StringAttribute{
Description: descriptions["credential_id"],
Required: true,
},
"credentials_group_id": schema.StringAttribute{
Description: descriptions["credentials_group_id"],
Required: true,
},
"project_id": schema.StringAttribute{
Description: descriptions["project_id"],
Required: true,
},
"name": schema.StringAttribute{
Computed: true,
},
"expiration_timestamp": schema.StringAttribute{
Computed: true,
},
"region": schema.StringAttribute{
// the region cannot be found automatically, so it has to be passed
Optional: true,
Description: descriptions["region"],
},
},
}
}
// Read refreshes the Terraform state with the latest data.
func (r *credentialDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
var model DataSourceModel
diags := req.Config.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
ctx = core.InitProviderContext(ctx)
projectId := model.ProjectId.ValueString()
credentialsGroupId := model.CredentialsGroupId.ValueString()
credentialId := model.CredentialId.ValueString()
region := r.providerData.GetRegionWithOverride(model.Region)
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "credentials_group_id", credentialsGroupId)
ctx = tflog.SetField(ctx, "credential_id", credentialId)
ctx = tflog.SetField(ctx, "region", region)
credentialsGroupResp, err := r.client.ListAccessKeys(ctx, projectId, region).CredentialsGroup(credentialsGroupId).Execute()
if err != nil {
utils.LogError(
ctx,
&resp.Diagnostics,
err,
"Reading credential",
fmt.Sprintf("Credential group with ID %q does not exist in project %q.", credentialsGroupId, projectId),
map[int]string{
http.StatusForbidden: fmt.Sprintf("Project with ID %q not found or forbidden access", projectId),
},
)
resp.State.RemoveResource(ctx)
return
}
ctx = core.LogResponse(ctx)
if credentialsGroupResp == nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Reading credentials", fmt.Sprintf("Response is nil: %v", err))
return
}
credential := findCredential(*credentialsGroupResp, credentialId)
if credential == nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Reading credential", fmt.Sprintf("Credential with ID %q not found in credentials group %q", credentialId, credentialsGroupId))
return
}
err = mapDataSourceFields(credential, &model, region)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading credential", fmt.Sprintf("Processing API payload: %v", err))
return
}
// Set refreshed state
diags = resp.State.Set(ctx, model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
tflog.Info(ctx, "ObjectStorage credential read")
}
func mapDataSourceFields(credentialResp *objectstorage.AccessKey, model *DataSourceModel, region string) error {
if credentialResp == nil {
return fmt.Errorf("response input is nil")
}
if model == nil {
return fmt.Errorf("model input is nil")
}
var credentialId string
if model.CredentialId.ValueString() != "" {
credentialId = model.CredentialId.ValueString()
} else if credentialResp.KeyId != nil {
credentialId = *credentialResp.KeyId
} else {
return fmt.Errorf("credential id not present")
}
if credentialResp.Expires == nil {
model.ExpirationTimestamp = types.StringNull()
} else {
// Harmonize the timestamp format
// Eg. "2027-01-02T03:04:05.000Z" = "2027-01-02T03:04:05Z"
expirationTimestamp, err := time.Parse(time.RFC3339, *credentialResp.Expires)
if err != nil {
return fmt.Errorf("unable to parse payload expiration timestamp '%v': %w", *credentialResp.Expires, err)
}
model.ExpirationTimestamp = types.StringValue(expirationTimestamp.Format(time.RFC3339))
}
model.Id = utils.BuildInternalTerraformId(
model.ProjectId.ValueString(), region, model.CredentialsGroupId.ValueString(), credentialId,
)
model.CredentialId = types.StringValue(credentialId)
model.Name = types.StringPointerValue(credentialResp.DisplayName)
model.Region = types.StringValue(region)
return nil
}
// Returns the access key if found otherwise nil
func findCredential(credentialsGroupResp objectstorage.ListAccessKeysResponse, credentialId string) *objectstorage.AccessKey {
for _, credential := range *credentialsGroupResp.AccessKeys {
if credential.KeyId == nil || *credential.KeyId != credentialId {
continue
}
return &credential
}
return nil
}
Reference in a new issue View git blame Copy permalink