feat(okms): add resource for kms service keys

Author: rcatolino

ovh/provider_new.go

@@ -202,6 +202,12 @@ func (p *OvhProvider) DataSources(_ context.Context) []func() datasource.DataSou
 		NewIpFirewallDataSource,
 		NewIpFirewallRuleDataSource,
 		NewIpMitigationDataSource,
+		NewOkmsCredentialDataSource,
+		NewOkmsCredentialsDataSource,
+		NewOkmsResourceDataSource,
+		NewOkmsServiceKeysDataSource,
+		NewOkmsServiceKeyDataSource,
+		NewOkmsServiceKeyJwkDataSource,
 	}
 }
 
@@ -216,6 +222,9 @@ func (p *OvhProvider) Resources(_ context.Context) []func() resource.Resource {
 		NewIpFirewallRuleResource,
 		NewIploadbalancingUdpFrontendResource,
 		NewIpMitigationResource,
+		NewOkmsResource,
+		NewOkmsCredentialResource,
+		NewOkmsServiceKeyResource,
 		NewVpsResource,
 	}
 }

ovh/resource_okms_service_key.go

@@ -0,0 +1,165 @@
+package ovh
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	ovhtypes "github.com/ovh/terraform-provider-ovh/ovh/types"
+)
+
+var _ resource.ResourceWithConfigure = (*okmsServiceKeyResource)(nil)
+
+func NewOkmsServiceKeyResource() resource.Resource {
+	return &okmsServiceKeyResource{}
+}
+
+type okmsServiceKeyResource struct {
+	config *Config
+}
+
+func (r *okmsServiceKeyResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_okms_service_key"
+}
+
+func (d *okmsServiceKeyResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	config, ok := req.ProviderData.(*Config)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Resource Configure Type",
+			fmt.Sprintf("Expected *Config, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+
+	d.config = config
+}
+
+func (d *okmsServiceKeyResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = OkmsServiceKeyResourceSchema(ctx)
+}
+
+func (r *okmsServiceKeyResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var data, responseData OkmsServiceKeyResourceModel
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	endpoint := "/v2/okms/resource/" + url.PathEscape(data.OkmsId.ValueString()) + "/serviceKey"
+	if err := r.config.OVHClient.Post(endpoint, data.ToCreate(), &responseData); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error calling Post %s", endpoint),
+			err.Error(),
+		)
+		return
+	}
+
+	responseData.MergeWith(&data)
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &responseData)...)
+}
+
+func (r *okmsServiceKeyResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data, responseData OkmsServiceKeyResourceModel
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	endpoint := "/v2/okms/resource/" + url.PathEscape(data.OkmsId.ValueString()) + "/serviceKey/" + url.PathEscape(data.Id.ValueString())
+
+	if err := r.config.OVHClient.Get(endpoint, &responseData); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error calling Get %s", endpoint),
+			err.Error(),
+		)
+		return
+	}
+
+	data.MergeWith(&responseData)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
+func (r *okmsServiceKeyResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var data, planData, responseData OkmsServiceKeyResourceModel
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &planData)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Update resource
+	endpoint := "/v2/okms/resource/" + url.PathEscape(data.OkmsId.ValueString()) + "/serviceKey/" + url.PathEscape(data.Id.ValueString())
+	if err := r.config.OVHClient.Put(endpoint, planData.ToUpdate(), nil); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error calling Put %s", endpoint),
+			err.Error(),
+		)
+		return
+	}
+
+	// Read updated resource
+	if err := r.config.OVHClient.Get(endpoint, &responseData); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error calling Get %s", endpoint),
+			err.Error(),
+		)
+		return
+	}
+
+	responseData.MergeWith(&planData)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &responseData)...)
+}
+
+func (r *okmsServiceKeyResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var data OkmsServiceKeyResourceModel
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	data.State = ovhtypes.NewTfStringValue("DEACTIVATED")
+	data.DeactivationReason = ovhtypes.NewTfStringValue("UNSPECIFIED")
+	// Deactivate key first
+	endpoint := "/v2/okms/resource/" + url.PathEscape(data.OkmsId.ValueString()) + "/serviceKey/" + url.PathEscape(data.Id.ValueString())
+	if err := r.config.OVHClient.Put(endpoint, data.ToUpdate(), nil); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error deactivating key %s", endpoint),
+			err.Error(),
+		)
+		return
+	}
+
+	// Delete API call logic
+	if err := r.config.OVHClient.Delete(endpoint, nil); err != nil {
+		resp.Diagnostics.AddError(
+			fmt.Sprintf("Error calling Delete %s", endpoint),
+			err.Error(),
+		)
+	}
+}

ovh/resource_okms_service_key_gen.go

@@ -0,0 +1,286 @@
+package ovh
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/int64validator"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/listplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	ovhtypes "github.com/ovh/terraform-provider-ovh/ovh/types"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+)
+
+func OkmsServiceKeyResourceSchema(ctx context.Context) schema.Schema {
+	attrs := map[string]schema.Attribute{
+		"context": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Optional:            true,
+			Computed:            true,
+			Description:         "Context of the key",
+			MarkdownDescription: "Context of the key",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.RequiresReplaceIfConfigured(),
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
+		"created_at": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Computed:            true,
+			Description:         "Creation time of the key",
+			MarkdownDescription: "Creation time of the key",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
+		"curve": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Optional:            true,
+			Computed:            true,
+			Description:         "Curve type for Elliptic Curve (EC) keys",
+			MarkdownDescription: "Curve type for Elliptic Curve (EC) keys",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.RequiresReplaceIfConfigured(),
+				stringplanmodifier.UseStateForUnknown(),
+			},
+			Validators: []validator.String{
+				stringvalidator.OneOf(
+					"P-256",
+					"P-384",
+					"P-521",
+				),
+			},
+		},
+		"deactivation_reason": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Computed:            true,
+			Description:         "Key deactivation reason",
+			MarkdownDescription: "Key deactivation reason",
+			Validators: []validator.String{
+				stringvalidator.OneOf(
+					"AFFILIATION_CHANGED",
+					"CA_COMPROMISE",
+					"CESSATION_OF_OPERATION",
+					"KEY_COMPROMISE",
+					"PRIVILEGE_WITHDRAWN",
+					"SUPERSEDED",
+					"UNSPECIFIED",
+				),
+			},
+		},
+		"id": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Computed:            true,
+			Description:         "Key ID",
+			MarkdownDescription: "Key ID",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
+		"name": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Required:            true,
+			Description:         "Key name",
+			MarkdownDescription: "Key name",
+		},
+		"okms_id": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Required:            true,
+			Description:         "Okms ID",
+			MarkdownDescription: "Okms ID",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.RequiresReplace(),
+				stringplanmodifier.UseStateForUnknown(),
+			},
+		},
+		"operations": schema.ListAttribute{
+			CustomType:          ovhtypes.NewTfListNestedType[ovhtypes.TfStringValue](ctx),
+			Required:            true,
+			Description:         "The operations for which the key is intended to be used",
+			MarkdownDescription: "The operations for which the key is intended to be used",
+			PlanModifiers: []planmodifier.List{
+				listplanmodifier.RequiresReplace(),
+				listplanmodifier.UseStateForUnknown(),
+			},
+		},
+		"size": schema.Int64Attribute{
+			CustomType:          ovhtypes.TfInt64Type{},
+			Optional:            true,
+			Computed:            true,
+			Description:         "Size of the key to be created",
+			MarkdownDescription: "Size of the key to be created",
+			PlanModifiers: []planmodifier.Int64{
+				int64planmodifier.RequiresReplaceIfConfigured(),
+				int64planmodifier.UseStateForUnknown(),
+			},
+			Validators: []validator.Int64{
+				int64validator.OneOf(
+					128,
+					192,
+					256,
+					2048,
+					3072,
+					4096,
+				),
+			},
+		},
+		"state": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Computed:            true,
+			Description:         "State of the key",
+			MarkdownDescription: "State of the key",
+			Validators: []validator.String{
+				stringvalidator.OneOf(
+					"ACTIVE",
+					"COMPROMISED",
+					"DEACTIVATED",
+				),
+			},
+		},
+		"type": schema.StringAttribute{
+			CustomType:          ovhtypes.TfStringType{},
+			Required:            true,
+			Description:         "Type of the key to be created",
+			MarkdownDescription: "Type of the key to be created",
+			PlanModifiers: []planmodifier.String{
+				stringplanmodifier.RequiresReplace(),
+				stringplanmodifier.UseStateForUnknown(),
+			},
+			Validators: []validator.String{
+				stringvalidator.OneOf(
+					"EC",
+					"RSA",
+					"oct",
+				),
+			},
+		},
+	}
+
+	return schema.Schema{
+		Attributes: attrs,
+	}
+}
+
+type OkmsServiceKeyResourceModel struct {
+	Context            ovhtypes.TfStringValue                             `tfsdk:"context" json:"context"`
+	CreatedAt          ovhtypes.TfStringValue                             `tfsdk:"created_at" json:"createdAt"`
+	Curve              ovhtypes.TfStringValue                             `tfsdk:"curve" json:"curve"`
+	DeactivationReason ovhtypes.TfStringValue                             `tfsdk:"deactivation_reason" json:"deactivationReason"`
+	Id                 ovhtypes.TfStringValue                             `tfsdk:"id" json:"id"`
+	Name               ovhtypes.TfStringValue                             `tfsdk:"name" json:"name"`
+	OkmsId             ovhtypes.TfStringValue                             `tfsdk:"okms_id" json:"okmsId"`
+	Operations         ovhtypes.TfListNestedValue[ovhtypes.TfStringValue] `tfsdk:"operations" json:"operations"`
+	Size               ovhtypes.TfInt64Value                              `tfsdk:"size" json:"size"`
+	State              ovhtypes.TfStringValue                             `tfsdk:"state" json:"state"`
+	Type               ovhtypes.TfStringValue                             `tfsdk:"type" json:"type"`
+}
+
+func (v *OkmsServiceKeyResourceModel) MergeWith(other *OkmsServiceKeyResourceModel) {
+
+	if (v.Context.IsUnknown() || v.Context.IsNull()) && !other.Context.IsUnknown() {
+		v.Context = other.Context
+	}
+
+	if (v.CreatedAt.IsUnknown() || v.CreatedAt.IsNull()) && !other.CreatedAt.IsUnknown() {
+		v.CreatedAt = other.CreatedAt
+	}
+
+	if (v.Curve.IsUnknown() || v.Curve.IsNull()) && !other.Curve.IsUnknown() {
+		v.Curve = other.Curve
+	}
+
+	if (v.DeactivationReason.IsUnknown() || v.DeactivationReason.IsNull()) && !other.DeactivationReason.IsUnknown() {
+		v.DeactivationReason = other.DeactivationReason
+	}
+
+	if (v.Id.IsUnknown() || v.Id.IsNull()) && !other.Id.IsUnknown() {
+		v.Id = other.Id
+	}
+
+	if (v.Name.IsUnknown() || v.Name.IsNull()) && !other.Name.IsUnknown() {
+		v.Name = other.Name
+	}
+
+	if (v.OkmsId.IsUnknown() || v.OkmsId.IsNull()) && !other.OkmsId.IsUnknown() {
+		v.OkmsId = other.OkmsId
+	}
+
+	if (v.Operations.IsUnknown() || v.Operations.IsNull()) && !other.Operations.IsUnknown() {
+		v.Operations = other.Operations
+	}
+
+	if (v.Size.IsUnknown() || v.Size.IsNull()) && !other.Size.IsUnknown() {
+		v.Size = other.Size
+	}
+
+	if (v.State.IsUnknown() || v.State.IsNull()) && !other.State.IsUnknown() {
+		v.State = other.State
+	}
+
+	if (v.Type.IsUnknown() || v.Type.IsNull()) && !other.Type.IsUnknown() {
+		v.Type = other.Type
+	}
+}
+
+type OkmsServiceKeyWritableModel struct {
+	Context            *ovhtypes.TfStringValue                             `tfsdk:"context" json:"context,omitempty"`
+	Curve              *ovhtypes.TfStringValue                             `tfsdk:"curve" json:"curve,omitempty"`
+	DeactivationReason *ovhtypes.TfStringValue                             `tfsdk:"deactivation_reason" json:"deactivationReason,omitempty"`
+	Name               *ovhtypes.TfStringValue                             `tfsdk:"name" json:"name,omitempty"`
+	Operations         *ovhtypes.TfListNestedValue[ovhtypes.TfStringValue] `tfsdk:"operations" json:"operations,omitempty"`
+	Size               *ovhtypes.TfInt64Value                              `tfsdk:"size" json:"size,omitempty"`
+	State              *ovhtypes.TfStringValue                             `tfsdk:"state" json:"state,omitempty"`
+	Type               *ovhtypes.TfStringValue                             `tfsdk:"type" json:"type,omitempty"`
+}
+
+func (v OkmsServiceKeyResourceModel) ToCreate() *OkmsServiceKeyWritableModel {
+	res := &OkmsServiceKeyWritableModel{}
+
+	if !v.Context.IsUnknown() {
+		res.Context = &v.Context
+	}
+
+	if !v.Curve.IsUnknown() {
+		res.Curve = &v.Curve
+	}
+
+	if !v.Name.IsUnknown() {
+		res.Name = &v.Name
+	}
+
+	if !v.Operations.IsUnknown() {
+		res.Operations = &v.Operations
+	}
+
+	if !v.Size.IsUnknown() {
+		res.Size = &v.Size
+	}
+
+	if !v.Type.IsUnknown() {
+		res.Type = &v.Type
+	}
+
+	return res
+}
+
+func (v OkmsServiceKeyResourceModel) ToUpdate() *OkmsServiceKeyWritableModel {
+	res := &OkmsServiceKeyWritableModel{}
+
+	if !v.DeactivationReason.IsUnknown() {
+		res.DeactivationReason = &v.DeactivationReason
+	}
+
+	if !v.Name.IsUnknown() {
+		res.Name = &v.Name
+	}
+
+	if !v.State.IsUnknown() {
+		res.State = &v.State
+	}
+
+	return res
+}