fix(team-service-account): api key not set (#428)

* fix api_key not set

* fix field other than name cannot be updated

* updated doc

Author: Shadow649

sysdig/resource_sysdig_team_service_account.go

@@ -34,19 +34,23 @@ func resourceSysdigTeamServiceAccount() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				Default:  "ROLE_TEAM_READ",
+				ForceNew: true,
 			},
 			SchemaExpirationDateKey: {
 				Type:     schema.TypeInt,
 				Required: true,
+				ForceNew: true,
 			},
 			SchemaTeamIDKey: {
 				Type:     schema.TypeInt,
 				Required: true,
+				ForceNew: true,
 			},
 			SchemaSystemRoleKey: {
 				Type:     schema.TypeString,
 				Optional: true,
 				Default:  "ROLE_SERVICE_ACCOUNT",
+				ForceNew: true,
 			},
 			SchemaCreatedDateKey: {
 				Type:     schema.TypeInt,
@@ -104,6 +108,10 @@ func resourceSysdigTeamServiceAccountCreate(ctx context.Context, d *schema.Resou
 	}
 
 	d.SetId(strconv.Itoa(teamServiceAccount.ID))
+	err = d.Set(SchemaApiKeyKey, teamServiceAccount.ApiKey)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 
 	resourceSysdigTeamServiceAccountRead(ctx, d, m)
 
@@ -189,10 +197,6 @@ func teamServiceAccountToResourceData(teamServiceAccount *v2.TeamServiceAccount,
 	if err != nil {
 		return err
 	}
-	err = d.Set(SchemaApiKeyKey, teamServiceAccount.ApiKey)
-	if err != nil {
-		return err
-	}
 
 	return nil
 }

sysdig/resource_sysdig_team_service_account_test.go

@@ -36,6 +36,33 @@ func TestAccTeamServiceAccount(t *testing.T) {
 						"role",
 						"ROLE_TEAM_READ",
 					),
+					resource.TestCheckResourceAttrSet("sysdig_team_service_account.service-account-monitor",
+						"api_key",
+					),
+					resource.TestCheckResourceAttr("sysdig_team_service_account.service-account-monitor",
+						"expiration_date",
+						"4070908800",
+					),
+				),
+			},
+			{
+				Config: teamServiceAccountMonitorTeamNewExpirationDate(monitorsvc),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("sysdig_team_service_account.service-account-monitor",
+						"name",
+						monitorsvc,
+					),
+					resource.TestCheckResourceAttr("sysdig_team_service_account.service-account-monitor",
+						"role",
+						"ROLE_TEAM_READ",
+					),
+					resource.TestCheckResourceAttrSet("sysdig_team_service_account.service-account-monitor",
+						"api_key",
+					),
+					resource.TestCheckResourceAttr("sysdig_team_service_account.service-account-monitor",
+						"expiration_date",
+						"4070995200",
+					),
 				),
 			},
 			{
@@ -49,6 +76,9 @@ func TestAccTeamServiceAccount(t *testing.T) {
 						"role",
 						"ROLE_TEAM_READ",
 					),
+					resource.TestCheckResourceAttrSet("sysdig_team_service_account.service-account-secure",
+						"api_key",
+					),
 				),
 			},
 		},
@@ -77,6 +107,28 @@ resource "sysdig_team_service_account" "service-account-monitor" {
 `, name, name)
 }
 
+func teamServiceAccountMonitorTeamNewExpirationDate(name string) string {
+	return fmt.Sprintf(`
+resource "time_static" "example" {
+  rfc3339 = "2099-01-02T00:00:00Z"
+}
+
+resource "sysdig_monitor_team" "sample" {
+  name      = "monitor-sample-%s"
+
+  entrypoint {
+	type = "Explore"
+  }
+}
+
+resource "sysdig_team_service_account" "service-account-monitor" {
+  name = "%s"
+  expiration_date = time_static.example.unix
+  team_id = sysdig_monitor_team.sample.id
+}
+`, name, name)
+}
+
 func teamServiceAccountSecureTeam(name string) string {
 	return fmt.Sprintf(`
 resource "time_static" "example" {

website/docs/r/team_service_account.md

@@ -31,7 +31,7 @@ resource "sysdig_team_service_account" "service-account" {
   name = "read only"
   role = "ROLE_TEAM_READ"
   expiration_date = time_static.example.unix
-  team_id = sysdig_monitor_teamt.sample.id
+  team_id = sysdig_monitor_team.devops.id
 }
 
 ```
@@ -64,4 +64,3 @@ Sysdig team service account can be imported using the ID, e.g.
 ```
 $ terraform import sysdig_team_service_account.my_team_service_account 10
 ```
-