Implement object storage credential

docs/data-sources/objectstorage_credential.md

@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_objectstorage_credential Data Source - stackit"
+subcategory: ""
+description: |-
+  ObjectStorage credential data source schema.
+---
+
+# stackit_objectstorage_credential (Data Source)
+
+ObjectStorage credential data source schema.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `credential_id` (String) The credential ID.
+- `credentials_group_id` (String) The credential group ID.
+- `expiration_timestamp` (String)
+- `project_id` (String) STACKIT Project ID to which the credential group is associated.
+
+### Read-Only
+
+- `access_key` (String)
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`credentials_group_id`,`credential_id`".
+- `name` (String)
+- `secret_access_key` (String, Sensitive)

docs/resources/objectstorage_credential.md

@@ -0,0 +1,33 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_objectstorage_credential Resource - stackit"
+subcategory: ""
+description: |-
+  ObjectStorage credential resource schema.
+---
+
+# stackit_objectstorage_credential (Resource)
+
+ObjectStorage credential resource schema.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `project_id` (String) STACKIT Project ID to which the credential group is associated.
+
+### Optional
+
+- `expiration_timestamp` (String)
+
+### Read-Only
+
+- `access_key` (String)
+- `credential_id` (String) The credential ID.
+- `credentials_group_id` (String) The credential group ID.
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`credentials_group_id`,`credential_id`".
+- `name` (String)
+- `secret_access_key` (String, Sensitive)

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.1
 	github.com/hashicorp/terraform-plugin-framework v1.4.1
+	github.com/hashicorp/terraform-plugin-framework-timetypes v0.3.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0
 	github.com/hashicorp/terraform-plugin-go v0.19.0
 	github.com/hashicorp/terraform-plugin-log v0.9.0

go.sum

@@ -74,6 +74,8 @@ github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQH
 github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
 github.com/hashicorp/terraform-plugin-framework v1.4.1 h1:ZC29MoB3Nbov6axHdgPbMz7799pT5H8kIrM8YAsaVrs=
 github.com/hashicorp/terraform-plugin-framework v1.4.1/go.mod h1:XC0hPcQbBvlbxwmjxuV/8sn8SbZRg4XwGMs22f+kqV0=
+github.com/hashicorp/terraform-plugin-framework-timetypes v0.3.0 h1:egR4InfakWkgepZNUATWGwkrPhaAYOTEybPfEol+G/I=
+github.com/hashicorp/terraform-plugin-framework-timetypes v0.3.0/go.mod h1:9vjvl36aY1p6KltaA5QCvGC5hdE/9t4YuhGftw6WOgE=
 github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc=
 github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg=
 github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU=

stackit/internal/services/objectstorage/credential/datasource.go

@@ -0,0 +1,149 @@
+package objectstorage
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
+
+	"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/stackitcloud/stackit-sdk-go/core/config"
+	"github.com/stackitcloud/stackit-sdk-go/services/objectstorage"
+)
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ datasource.DataSource = &credentialDataSource{}
+)
+
+// NewCredentialDataSource is a helper function to simplify the provider implementation.
+func NewCredentialDataSource() datasource.DataSource {
+	return &credentialDataSource{}
+}
+
+// credentialDataSource is the resource implementation.
+type credentialDataSource struct {
+	client *objectstorage.APIClient
+}
+
+// Metadata returns the resource type name.
+func (r *credentialDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_objectstorage_credential"
+}
+
+// Configure adds the provider configured client to the datasource.
+func (r *credentialDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	providerData, ok := req.ProviderData.(core.ProviderData)
+	if !ok {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Expected configure type stackit.ProviderData, got %T", req.ProviderData))
+		return
+	}
+
+	var apiClient *objectstorage.APIClient
+	var err error
+	if providerData.PostgreSQLCustomEndpoint != "" {
+		apiClient, err = objectstorage.NewAPIClient(
+			config.WithCustomAuth(providerData.RoundTripper),
+			config.WithEndpoint(providerData.PostgreSQLCustomEndpoint),
+		)
+	} else {
+		apiClient, err = objectstorage.NewAPIClient(
+			config.WithCustomAuth(providerData.RoundTripper),
+			config.WithRegion(providerData.Region),
+		)
+	}
+
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Configuring client: %v", err))
+		return
+	}
+
+	r.client = apiClient
+	tflog.Info(ctx, "ObjectStorage credential client configured")
+}
+
+// Schema defines the schema for the datasource.
+func (r *credentialDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	descriptions := map[string]string{
+		"main":                 "ObjectStorage credential data source schema.",
+		"id":                   "Terraform's internal resource identifier. It is structured as \"`project_id`,`credentials_group_id`,`credential_id`\".",
+		"credential_id":        "The credential ID.",
+		"credentials_group_id": "The credential group ID.",
+		"project_id":           "STACKIT Project ID to which the credential group is associated.",
+	}
+
+	resp.Schema = schema.Schema{
+		Description: descriptions["main"],
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: descriptions["id"],
+				Computed:    true,
+			},
+			"credential_id": schema.StringAttribute{
+				Description: descriptions["credential_id"],
+				Required:    true,
+			},
+			"credentials_group_id": schema.StringAttribute{
+				Description: descriptions["credentials_group_id"],
+				Required:    true,
+			},
+			"project_id": schema.StringAttribute{
+				Description: descriptions["project_id"],
+				Required:    true,
+			},
+			"name": schema.StringAttribute{
+				Computed: true,
+			},
+			"access_key": schema.StringAttribute{
+				Computed: true,
+			},
+			"secret_access_key": schema.StringAttribute{
+				Computed:  true,
+				Sensitive: true,
+			},
+			"expiration_timestamp": schema.StringAttribute{
+				CustomType: timetypes.RFC3339Type{},
+				Required:   true,
+			},
+		},
+	}
+}
+
+// Read refreshes the Terraform state with the latest data.
+func (r *credentialDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
+	var model Model
+	diags := req.Config.Get(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	projectId := model.ProjectId.ValueString()
+	credentialsGroupId := model.CredentialsGroupId.ValueString()
+	credentialId := model.CredentialId.ValueString()
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "credentials_group_id", credentialsGroupId)
+	ctx = tflog.SetField(ctx, "credential_id", credentialId)
+
+	err := readCredentials(ctx, &model, r.client)
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading credential", fmt.Sprintf("Finding credential: %v", err))
+		return
+	}
+
+	// Set refreshed state
+	diags = resp.State.Set(ctx, model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Info(ctx, "ObjectStorage credential read")
+}