feat(keymanager): add key datasource (#3524)

Author: estellesoulard

.github/workflows/acceptance-tests.yaml

@@ -28,12 +28,13 @@ jobs:
           - flexibleip
           - function
           - iam
-          - instance
           - inference
+          - instance
           - iot
           - ipam
           - jobs
           - k8s
+          - keymanager
           - lb
           - marketplace
           - mnq
@@ -186,12 +187,13 @@ jobs:
           - flexibleip
           - function
           - iam
-          - instance
           - inference
+          - instance
           - iot
           - ipam
           - jobs
           - k8s
+          - keymanager
           - lb
           - marketplace
           - mnq

.github/workflows/nightly.yml

@@ -37,6 +37,7 @@ jobs:
           - ipam
           - jobs
           - k8s
+          - keymanager
           - lb
           - marketplace
           - mnq

docs/data-sources/key_manager_key.md

@@ -0,0 +1,50 @@
+---
+subcategory: "Key Manager"
+page_title: "Scaleway: scaleway_key_manager_key"
+---
+
+# scaleway_key_manager_key
+
+Gets information about a Key Manager Key. For more information, refer to the [Key Manager API documentation](https://www.scaleway.com/en/developers/api/key-manager/#path-keys-get-key-metadata).
+
+## Example Usage
+
+### Create a key and get its information
+
+The following commands allow you to:
+
+- create a key named `my-kms-key`
+- retrieve the key's information using the key's ID
+
+```hcl
+// Create a key
+resource "scaleway_key_manager_key" "symmetric" {
+  name        = "my-kms-key"
+  region      = "fr-par"
+  project_id  = "your-project-id" # optional, will use provider default if omitted
+  usage       = "symmetric_encryption"
+  algorithm   = "aes_256_gcm"
+  description = "Key for encrypting secrets"
+  tags        = ["env:prod", "kms"]
+  unprotected = true
+
+  rotation_policy {
+    rotation_period = "720h" # 30 days
+  }
+}
+
+// Get the key information by its ID
+data "scaleway_key_manager_key" "byID" {
+  key_id = "11111111-1111-1111-1111-111111111111"
+}
+```
+
+## Argument Reference
+
+- `key_id` -  ID of the key to target. Can be a plain UUID or a [regional](../guides/regions_and_zones.md#resource-ids) ID.
+
+- `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions) in which the key was created.
+
+## Attributes Reference
+
+Exported attributes are the ones from `scaleway_key_manager_key` [resource](../resources/key_manager_key.md)

internal/acctest/acctest.go

@@ -38,6 +38,7 @@ var foldersUsingVCRv4 = []string{
 	"iam",
 	"instance",
 	"k8s",
+	"keymanager",
 	"marketplace",
 	"secret",
 }

internal/services/keymanager/key_data_source.go

@@ -0,0 +1,61 @@
+package keymanager
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/datasource"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/meta"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/verify"
+)
+
+func DataSourceKey() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceKeyRead,
+		SchemaFunc:  dataSourceKeySchema,
+	}
+}
+
+func dataSourceKeySchema() map[string]*schema.Schema {
+	dsSchema := datasource.SchemaFromResourceSchema(ResourceKeyManagerKey().SchemaFunc())
+
+	datasource.AddOptionalFieldsToSchema(dsSchema, "region")
+
+	dsSchema["key_id"] = &schema.Schema{
+		Type:             schema.TypeString,
+		Required:         true,
+		Description:      "The ID of the key",
+		ValidateDiagFunc: verify.IsUUIDorUUIDWithLocality(),
+	}
+
+	return dsSchema
+}
+
+func dataSourceKeyRead(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
+	keyID := d.Get("key_id")
+
+	fallbackRegion, err := meta.ExtractRegion(d, m)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	regionalID := datasource.NewRegionalID(keyID, fallbackRegion)
+	d.SetId(regionalID)
+
+	err = d.Set("key_id", regionalID)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	diags := resourceKeyManagerKeyRead(ctx, d, m)
+	if diags != nil {
+		return append(diags, diag.Errorf("failed to read key")...)
+	}
+
+	if d.Id() == "" {
+		return diag.Errorf("key (%s) not found", regionalID)
+	}
+
+	return nil
+}

internal/services/keymanager/key_data_source_test.go

@@ -0,0 +1,46 @@
+package keymanager_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/acctest"
+)
+
+func TestAccDataSourceKey_Basic(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	resource.ParallelTest(t, resource.TestCase{
+		ProtoV6ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:             IsKeyManagerKeyDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+				resource "scaleway_key_manager_key" "main" {
+				  name        = "tf-test-kms-key-unprotected-a"
+				  region      = "fr-par"
+				  usage       = "symmetric_encryption"
+				  algorithm   = "aes_256_gcm"
+				  description = "Test key"
+				  tags        = ["tf", "test"]
+				  unprotected = true
+				}
+
+				data "scaleway_key_manager_key" "by_id" {
+				  key_id = scaleway_key_manager_key.main.id
+				}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "name", "tf-test-kms-key-unprotected-a"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "region", "fr-par"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "usage", "symmetric_encryption"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "algorithm", "aes_256_gcm"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "description", "Test key"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "tags.0", "tf"),
+					resource.TestCheckResourceAttr("data.scaleway_key_manager_key.by_id", "tags.1", "test"),
+				),
+			},
+		},
+	})
+}