Merge pull request #291 from celest-io/ovh_cloud_project_user_s3_credential

Add S3 Credential datasource and resource

Author: scraly

ovh/data_cloud_project_user_s3_credential.go

@@ -0,0 +1,70 @@
+package ovh
+
+import (
+	"fmt"
+	"log"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/ovh/terraform-provider-ovh/ovh/helpers"
+)
+
+func dataCloudProjectUserS3Credential() *schema.Resource {
+	return &schema.Resource{
+		Read: dataCloudProjectUserS3CredentialRead,
+		Schema: map[string]*schema.Schema{
+			"service_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil),
+				Description: "Service name of the resource representing the ID of the cloud project.",
+			},
+			"user_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The user ID",
+			},
+			"access_key_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The access key",
+			},
+
+			//Computed
+			"secret_access_key": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+		},
+	}
+}
+
+func dataCloudProjectUserS3CredentialRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	serviceName := d.Get("service_name").(string)
+	userID := d.Get("user_id").(string)
+	accessKey := d.Get("access_key_id").(string)
+
+	log.Printf("[DEBUG] Will read public cloud secret access key for access key %s user %s on project: %s", accessKey, userID, serviceName)
+
+	endpoint := fmt.Sprintf(
+		"/cloud/project/%s/user/%s/s3Credentials/%s",
+		url.PathEscape(serviceName),
+		url.PathEscape(userID),
+		url.PathEscape(accessKey),
+	)
+
+	s3Credential := &CloudProjectUserS3Credential{}
+	if err := config.OVHClient.Get(endpoint, &s3Credential); err != nil {
+		return helpers.CheckDeleted(d, err, endpoint)
+	}
+
+	d.SetId(serviceName)
+	d.Set("secret_access_key", s3Credential.Secret)
+
+	return nil
+}

ovh/data_cloud_project_user_s3_credential_test.go

@@ -0,0 +1,80 @@
+package ovh
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+const testAccDataCloudProjectUserS3CredentialConfig_basic = `
+resource "ovh_cloud_project_user" "user" {
+ service_name = "%s"
+ description  = "my user for acceptance tests"
+}
+
+resource "ovh_cloud_project_user_s3_credential" "s3_cred_1" {
+ service_name = ovh_cloud_project_user.user.service_name
+ user_id      = ovh_cloud_project_user.user.id
+}
+
+resource "ovh_cloud_project_user_s3_credential" "s3_cred_2" {
+ service_name = ovh_cloud_project_user.user.service_name
+ user_id      = ovh_cloud_project_user.user.id
+}
+
+data "ovh_cloud_project_user_s3_credential" "s3_cred_key_2" {
+ service_name  = ovh_cloud_project_user.user.service_name
+ user_id       = ovh_cloud_project_user.user.id
+ access_key_id = ovh_cloud_project_user_s3_credential.s3_cred_2.access_key_id
+ depends_on    = [ovh_cloud_project_user_s3_credential.s3_cred_1, ovh_cloud_project_user_s3_credential.s3_cred_2]
+}
+
+data "ovh_cloud_project_user_s3_credential" "s3_cred_key_1" {
+ service_name  = ovh_cloud_project_user.user.service_name
+ user_id       = ovh_cloud_project_user.user.id
+ access_key_id = ovh_cloud_project_user_s3_credential.s3_cred_1.access_key_id
+ depends_on    = [ovh_cloud_project_user_s3_credential.s3_cred_1, ovh_cloud_project_user_s3_credential.s3_cred_2]
+}
+
+output "same_secret_key_cred_1" {
+    value = data.ovh_cloud_project_user_s3_credential.s3_cred_key_1.secret_access_key == ovh_cloud_project_user_s3_credential.s3_cred_1.secret_access_key
+    sensitive=true
+}
+
+output "same_secret_key_cred_2" {
+    value = data.ovh_cloud_project_user_s3_credential.s3_cred_key_2.secret_access_key == ovh_cloud_project_user_s3_credential.s3_cred_2.secret_access_key
+    sensitive=true
+}
+`
+
+func TestAccDataCloudProjectUserS3Credential_basic(t *testing.T) {
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+
+	config := fmt.Sprintf(testAccDataCloudProjectUserS3CredentialConfig_basic, serviceName)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheckCredentials(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(
+						"data.ovh_cloud_project_user_s3_credential.s3_cred_key_1",
+						"secret_access_key",
+					),
+					resource.TestCheckResourceAttrSet(
+						"data.ovh_cloud_project_user_s3_credential.s3_cred_key_2",
+						"secret_access_key",
+					),
+					resource.TestCheckOutput(
+						"same_secret_key_cred_1", "true"),
+					resource.TestCheckOutput(
+						"same_secret_key_cred_2", "true"),
+				),
+			},
+		},
+	})
+}

ovh/data_cloud_project_user_s3_credentials.go

@@ -0,0 +1,67 @@
+package ovh
+
+import (
+	"fmt"
+	"log"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataCloudProjectUserS3Credentials() *schema.Resource {
+	return &schema.Resource{
+		Read: dataCloudProjectUserS3CredentialsRead,
+		Schema: map[string]*schema.Schema{
+			"service_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil),
+				Description: "Service name of the resource representing the ID of the cloud project.",
+			},
+			"user_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The user ID",
+			},
+			"access_key_ids": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataCloudProjectUserS3CredentialsRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	serviceName := d.Get("service_name").(string)
+	userID := d.Get("user_id").(string)
+
+	log.Printf("[DEBUG] Will read public cloud access key ids for user %s on project: %s", userID, serviceName)
+
+	endpoint := fmt.Sprintf(
+		"/cloud/project/%s/user/%s/s3Credentials",
+		url.PathEscape(serviceName),
+		url.PathEscape(userID),
+	)
+
+	credentials := make([]CloudProjectUserS3Credential, 0)
+	if err := config.OVHClient.Get(endpoint, &credentials); err != nil {
+		return fmt.Errorf("Error calling %s:\n\t %q", endpoint, err)
+	}
+
+	accessKeys := make([]string, 0, len(credentials))
+
+	for _, key := range credentials {
+		accessKeys = append(accessKeys, key.Access)
+	}
+
+	d.SetId(fmt.Sprintf("%s/%s", serviceName, userID))
+	d.Set("access_key_ids", accessKeys)
+
+	return nil
+}

ovh/data_cloud_project_user_s3_credentials_test.go

@@ -0,0 +1,55 @@
+package ovh
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+const testAccDataCloudProjectUserS3CredentialsConfig_basic = `
+resource "ovh_cloud_project_user" "user" {
+ service_name = "%s"
+ description  = "my user for acceptance tests"
+}
+
+resource "ovh_cloud_project_user_s3_credential" "s3_cred" {
+ service_name = ovh_cloud_project_user.user.service_name
+ user_id      = ovh_cloud_project_user.user.id
+}
+
+data "ovh_cloud_project_user_s3_credentials" "keys" {
+ service_name = ovh_cloud_project_user.user.service_name
+ user_id      = ovh_cloud_project_user.user.id
+ depends_on   = [ovh_cloud_project_user_s3_credential.s3_cred]
+}
+
+output "access_key_ids_count" {
+    value = length(data.ovh_cloud_project_user_s3_credentials.keys.access_key_ids)
+}
+`
+
+func TestAccDataCloudProjectUserS3Credentials_basic(t *testing.T) {
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+
+	config := fmt.Sprintf(testAccDataCloudProjectUserS3CredentialsConfig_basic, serviceName)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheckCredentials(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(
+						"data.ovh_cloud_project_user_s3_credentials.keys",
+						"access_key_ids.#",
+					),
+					resource.TestCheckOutput(
+						"access_key_ids_count", "1"),
+				),
+			},
+		},
+	})
+}

ovh/provider.go

@@ -60,6 +60,8 @@ func Provider() *schema.Provider {
 			"ovh_cloud_project_kube_nodepool":                         dataSourceCloudProjectKubeNodepool(),
 			"ovh_cloud_project_region":                                dataSourceCloudProjectRegion(),
 			"ovh_cloud_project_regions":                               dataSourceCloudProjectRegions(),
+			"ovh_cloud_project_user_s3_credential":                    dataCloudProjectUserS3Credential(),
+			"ovh_cloud_project_user_s3_credentials":                   dataCloudProjectUserS3Credentials(),
 			"ovh_dbaas_logs_input_engine":                             dataSourceDbaasLogsInputEngine(),
 			"ovh_dbaas_logs_output_graylog_stream":                    dataSourceDbaasLogsOutputGraylogStream(),
 			"ovh_dedicated_ceph":                                      dataSourceDedicatedCeph(),
@@ -110,6 +112,7 @@ func Provider() *schema.Provider {
 			"ovh_cloud_project_network_private":                           resourceCloudProjectNetworkPrivate(),
 			"ovh_cloud_project_network_private_subnet":                    resourceCloudProjectNetworkPrivateSubnet(),
 			"ovh_cloud_project_user":                                      resourceCloudProjectUser(),
+			"ovh_cloud_project_user_s3_credential":                        resourceCloudProjectUserS3Credential(),
 			"ovh_dbaas_logs_input":                                        resourceDbaasLogsInput(),
 			"ovh_dbaas_logs_output_graylog_stream":                        resourceDbaasLogsOutputGraylogStream(),
 			"ovh_dedicated_ceph_acl":                                      resourceDedicatedCephACL(),