Fix #2180 #1860 #1741: support credentials_json in resource_key resou…

…rce and datasource
IBM-Cloud · Dec 15, 2021 · 0a672d5 · 0a672d5
1 parent 45eff95
commit 0a672d5
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 6 deletions.
diff --git a/ibm/data_source_ibm_resource_key.go b/ibm/data_source_ibm_resource_key.go
@@ -4,6 +4,7 @@
 package ibm
 
 import (
+	"encoding/json"
 	"fmt"
 	"sort"
 	"strings"
@@ -58,6 +59,13 @@ func dataSourceIBMResourceKey() *schema.Resource {
 				Computed:    true,
 			},
 
+			"credentials_json": {
+				Description: "Credentials asociated with the key in json string",
+				Type:        schema.TypeString,
+				Sensitive:   true,
+				Computed:    true,
+			},
+
 			"most_recent": &schema.Schema{
 				Description: "If true and multiple entries are found, the most recently created resource key is used. " +
 					"If false, an error is returned",
@@ -133,6 +141,13 @@ func dataSourceIBMResourceKeyRead(d *schema.ResourceData, meta interface{}) erro
 	}
 
 	d.Set("credentials", Flatten(key.Credentials))
+	creds, err := json.Marshal(key.Credentials)
+	if err != nil {
+		return fmt.Errorf("error marshalling resource key credentials: %s", err)
+	}
+	if err = d.Set("credentials_json", string(creds)); err != nil {
+		return fmt.Errorf("error setting the credentials json: %s", err)
+	}
 	d.Set("status", key.State)
 	d.Set("crn", key.Crn.String())
 	return nil

diff --git a/ibm/resource_ibm_resource_key.go b/ibm/resource_ibm_resource_key.go
@@ -77,7 +77,12 @@ func resourceIBMResourceKey() *schema.Resource {
 				Sensitive:   true,
 				Computed:    true,
 			},
-
+			"credentials_json": {
+				Description: "Credentials asociated with the key in json string",
+				Type:        schema.TypeString,
+				Sensitive:   true,
+				Computed:    true,
+			},
 			"status": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -280,6 +285,14 @@ func resourceIBMResourceKeyRead(d *schema.ResourceData, meta interface{}) error
 	cred, _ := json.Marshal(resourceKey.Credentials)
 	json.Unmarshal(cred, &credInterface)
 	d.Set("credentials", Flatten(credInterface))
+
+	creds, err := json.Marshal(resourceKey.Credentials)
+	if err != nil {
+		return fmt.Errorf("error marshalling resource key credentials: %s", err)
+	}
+	if err = d.Set("credentials_json", string(creds)); err != nil {
+		return fmt.Errorf("error setting the credentials json: %s", err)
+	}
 	d.Set("name", *resourceKey.Name)
 	d.Set("status", *resourceKey.State)
 	if resourceKey.Credentials != nil && resourceKey.Credentials.IamRoleCRN != nil {

diff --git a/ibm/resource_ibm_resource_key_test.go b/ibm/resource_ibm_resource_key_test.go
@@ -29,6 +29,7 @@ func TestAccIBMResourceKey_Basic(t *testing.T) {
 					testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"),
 					resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey),
 					resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "7"),
+					resource.TestCheckResourceAttrSet("ibm_resource_key.resourceKey", "credentials_json"),
 					resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", "Reader"),
 				),
 			},

diff --git a/website/docs/d/resource_key.html.markdown b/website/docs/d/resource_key.html.markdown
@@ -19,6 +19,37 @@ data "ibm_resource_key" "resourceKeydata" {
   resource_instance_id  = ibm_resource_instance.resource.id
 }
 ```
+### Example to access resource credentials using credentials:
+
+```terraform
+data "ibm_resource_key" "key" {
+  name                  = "myobjectKey"
+  resource_instance_id  = ibm_resource_instance.resource.id
+}
+output "access_key_id" {
+  value = data.ibm_resource_key.key.credentials["cos_hmac_keys.access_key_id"]
+}
+output "secret_access_key" {
+  value = data.ibm_resource_key.key.credentials["cos_hmac_keys.secret_access_key"]
+}
+```
+### Example to access resource credentials:
+
+```terraform
+data "ibm_resource_key" "key" {
+  name                  = "myobjectKey"
+  resource_instance_id  = ibm_resource_instance.resource.id
+}
+locals {
+  resource_credentials = jsondecode(data.ibm_resource_key.key.credentials_json)
+}
+output "access_key_id" {
+  value = local.resource_credentials.cos_hmac_keys.access_key_id
+}
+output "secret_access_key" {
+  value = local.resource_credentials.cos_hmac_keys.secret_access_key
+}
+```
 
 ## Argument reference
 Review the argument references that you can specify for your data source.
@@ -31,7 +62,9 @@ Review the argument references that you can specify for your data source.
 ## Attribute reference
 In addition to all argument reference list, you can access the following attribute references after your data source is created.
 
-- `credentials` - The credentials associated with the key.
-- `id` - The unique identifier of the resource key.
-- `role` - The user role.
-- `status` - The status of the resource key.  
+- `credentials` - (Map) The credentials associated with the key.
+- `credentials_json` - (String) The credentials associated with the key in json format.
+- `crn` - (String) CRN of resource key.
+- `id` - (String) The unique identifier of the resource key.
+- `role` - (String) The user role.
+- `status` - (String) The status of the resource key.  
diff --git a/website/docs/r/resource_key.html.markdown b/website/docs/r/resource_key.html.markdown
@@ -88,6 +88,40 @@ resource "ibm_resource_key" "resourceKey" {
   role                 = "Manager"
 }
 
+```
+### Example to access resource credentials using credentials:
+
+```terraform
+resource "ibm_resource_key" "key" {
+  name                 = "my-cos-bucket-xx-key"
+  resource_instance_id = ibm_resource_instance.resource_instance.id
+  role                 = "Manager"
+}
+output "access_key_id" {
+  value = ibm_resource_key.key.credentials["cos_hmac_keys.access_key_id"]
+}
+output "secret_access_key" {
+  value = ibm_resource_key.key.credentials["cos_hmac_keys.secret_access_key"]
+}
+```
+
+### Example to access resource credentials using credentials_json:
+
+```terraform
+resource "ibm_resource_key" "key" {
+  name                 = "my-cos-bucket-xx-key"
+  resource_instance_id = ibm_resource_instance.resource_instance.id
+  role                 = "Manager"
+}
+locals {
+  resource_credentials =jsondecode(ibm_resource_key.key.credentials_json)
+}
+output "access_key_id" {
+  value = local.resource_credentials.cos_hmac_keys.access_key_id
+}
+output "secret_access_key" {
+  value = local.resource_credentials.cos_hmac_keys.secret_access_key
+}
 ```
 
 ## Timeouts
@@ -113,7 +147,8 @@ Review the argument references that you can specify for your resource.
 In addition to all argument reference list, you can access the following attribute reference after your resource is created.
 
 - `account_id` - (String) An alpha-numeric value identifying the account ID.
-- `credentials` - (String) The credentials associated with the key.
+- `credentials` - (Map) The credentials associated with the key.
+- `credentials_json` - (String) The credentials associated with the key in json format.
 - `created_at` - (Timestamp) The date when the key was created.
 - `created_by` - (String) The subject who created the key.
 - `crn` - (String) The full Cloud Resource Name (CRN) associated with the key.