diff --git a/ibm/data_source_ibm_resource_key.go b/ibm/data_source_ibm_resource_key.go index c47864e522..f2d9c3d43e 100644 --- a/ibm/data_source_ibm_resource_key.go +++ b/ibm/data_source_ibm_resource_key.go @@ -4,6 +4,7 @@ package ibm import ( + "encoding/json" "fmt" "sort" "strings" @@ -58,6 +59,13 @@ func dataSourceIBMResourceKey() *schema.Resource { Computed: true, }, + "credentials_json": { + Description: "Credentials asociated with the key in json string", + Type: schema.TypeString, + Sensitive: true, + Computed: true, + }, + "most_recent": &schema.Schema{ Description: "If true and multiple entries are found, the most recently created resource key is used. " + "If false, an error is returned", @@ -133,6 +141,13 @@ func dataSourceIBMResourceKeyRead(d *schema.ResourceData, meta interface{}) erro } d.Set("credentials", Flatten(key.Credentials)) + creds, err := json.Marshal(key.Credentials) + if err != nil { + return fmt.Errorf("error marshalling resource key credentials: %s", err) + } + if err = d.Set("credentials_json", string(creds)); err != nil { + return fmt.Errorf("error setting the credentials json: %s", err) + } d.Set("status", key.State) d.Set("crn", key.Crn.String()) return nil diff --git a/ibm/resource_ibm_resource_key.go b/ibm/resource_ibm_resource_key.go index e24a7edf56..5812adc43f 100644 --- a/ibm/resource_ibm_resource_key.go +++ b/ibm/resource_ibm_resource_key.go @@ -77,7 +77,12 @@ func resourceIBMResourceKey() *schema.Resource { Sensitive: true, Computed: true, }, - + "credentials_json": { + Description: "Credentials asociated with the key in json string", + Type: schema.TypeString, + Sensitive: true, + Computed: true, + }, "status": { Type: schema.TypeString, Computed: true, @@ -280,6 +285,14 @@ func resourceIBMResourceKeyRead(d *schema.ResourceData, meta interface{}) error cred, _ := json.Marshal(resourceKey.Credentials) json.Unmarshal(cred, &credInterface) d.Set("credentials", Flatten(credInterface)) + + creds, err := json.Marshal(resourceKey.Credentials) + if err != nil { + return fmt.Errorf("error marshalling resource key credentials: %s", err) + } + if err = d.Set("credentials_json", string(creds)); err != nil { + return fmt.Errorf("error setting the credentials json: %s", err) + } d.Set("name", *resourceKey.Name) d.Set("status", *resourceKey.State) if resourceKey.Credentials != nil && resourceKey.Credentials.IamRoleCRN != nil { diff --git a/ibm/resource_ibm_resource_key_test.go b/ibm/resource_ibm_resource_key_test.go index 2a6a517917..ecea48842e 100644 --- a/ibm/resource_ibm_resource_key_test.go +++ b/ibm/resource_ibm_resource_key_test.go @@ -29,6 +29,7 @@ func TestAccIBMResourceKey_Basic(t *testing.T) { testAccCheckIBMResourceKeyExists("ibm_resource_key.resourceKey"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "name", resourceKey), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "credentials.%", "7"), + resource.TestCheckResourceAttrSet("ibm_resource_key.resourceKey", "credentials_json"), resource.TestCheckResourceAttr("ibm_resource_key.resourceKey", "role", "Reader"), ), }, diff --git a/website/docs/d/resource_key.html.markdown b/website/docs/d/resource_key.html.markdown index fca830b0c5..569b6915f4 100644 --- a/website/docs/d/resource_key.html.markdown +++ b/website/docs/d/resource_key.html.markdown @@ -19,6 +19,37 @@ data "ibm_resource_key" "resourceKeydata" { resource_instance_id = ibm_resource_instance.resource.id } ``` +### Example to access resource credentials using credentials: + +```terraform +data "ibm_resource_key" "key" { + name = "myobjectKey" + resource_instance_id = ibm_resource_instance.resource.id +} +output "access_key_id" { + value = data.ibm_resource_key.key.credentials["cos_hmac_keys.access_key_id"] +} +output "secret_access_key" { + value = data.ibm_resource_key.key.credentials["cos_hmac_keys.secret_access_key"] +} +``` +### Example to access resource credentials: + +```terraform +data "ibm_resource_key" "key" { + name = "myobjectKey" + resource_instance_id = ibm_resource_instance.resource.id +} +locals { + resource_credentials = jsondecode(data.ibm_resource_key.key.credentials_json) +} +output "access_key_id" { + value = local.resource_credentials.cos_hmac_keys.access_key_id +} +output "secret_access_key" { + value = local.resource_credentials.cos_hmac_keys.secret_access_key +} +``` ## Argument reference Review the argument references that you can specify for your data source. @@ -31,7 +62,9 @@ Review the argument references that you can specify for your data source. ## Attribute reference In addition to all argument reference list, you can access the following attribute references after your data source is created. -- `credentials` - The credentials associated with the key. -- `id` - The unique identifier of the resource key. -- `role` - The user role. -- `status` - The status of the resource key. +- `credentials` - (Map) The credentials associated with the key. +- `credentials_json` - (String) The credentials associated with the key in json format. +- `crn` - (String) CRN of resource key. +- `id` - (String) The unique identifier of the resource key. +- `role` - (String) The user role. +- `status` - (String) The status of the resource key. diff --git a/website/docs/r/resource_key.html.markdown b/website/docs/r/resource_key.html.markdown index 66e40ceffe..b3caf16e61 100644 --- a/website/docs/r/resource_key.html.markdown +++ b/website/docs/r/resource_key.html.markdown @@ -88,6 +88,40 @@ resource "ibm_resource_key" "resourceKey" { role = "Manager" } +``` +### Example to access resource credentials using credentials: + +```terraform +resource "ibm_resource_key" "key" { + name = "my-cos-bucket-xx-key" + resource_instance_id = ibm_resource_instance.resource_instance.id + role = "Manager" +} +output "access_key_id" { + value = ibm_resource_key.key.credentials["cos_hmac_keys.access_key_id"] +} +output "secret_access_key" { + value = ibm_resource_key.key.credentials["cos_hmac_keys.secret_access_key"] +} +``` + +### Example to access resource credentials using credentials_json: + +```terraform +resource "ibm_resource_key" "key" { + name = "my-cos-bucket-xx-key" + resource_instance_id = ibm_resource_instance.resource_instance.id + role = "Manager" +} +locals { + resource_credentials =jsondecode(ibm_resource_key.key.credentials_json) +} +output "access_key_id" { + value = local.resource_credentials.cos_hmac_keys.access_key_id +} +output "secret_access_key" { + value = local.resource_credentials.cos_hmac_keys.secret_access_key +} ``` ## Timeouts @@ -113,7 +147,8 @@ Review the argument references that you can specify for your resource. In addition to all argument reference list, you can access the following attribute reference after your resource is created. - `account_id` - (String) An alpha-numeric value identifying the account ID. -- `credentials` - (String) The credentials associated with the key. +- `credentials` - (Map) The credentials associated with the key. +- `credentials_json` - (String) The credentials associated with the key in json format. - `created_at` - (Timestamp) The date when the key was created. - `created_by` - (String) The subject who created the key. - `crn` - (String) The full Cloud Resource Name (CRN) associated with the key.