aquasecurity
diff --git a/‎DEVELOPMENT.md‎
Lines changed: 1 addition & 1 deletion b/‎DEVELOPMENT.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎GNUmakefile‎
Lines changed: 1 addition & 1 deletion b/‎GNUmakefile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎aquasec/data_aqua_api_key.go‎
Lines changed: 222 additions & 0 deletions b/‎aquasec/data_aqua_api_key.go‎
Lines changed: 222 additions & 0 deletions
diff --git a/‎aquasec/data_aqua_api_key_test.go‎
Lines changed: 110 additions & 0 deletions b/‎aquasec/data_aqua_api_key_test.go‎
Lines changed: 110 additions & 0 deletions
diff --git a/‎aquasec/provider.go‎
Lines changed: 2 additions & 0 deletions b/‎aquasec/provider.go‎
Lines changed: 2 additions & 0 deletions
@@ -32,7 +32,7 @@ git clone https://github.com/aquasecurity/terraform-provider-aquasec.git
 
 cd terraform-provider-aquasec
 
-git checkout v0.8.40
+git checkout v0.8.41
 ```
 
 **Build and install the provider**
 
@@ -6,7 +6,7 @@ HOSTNAME	 := github.com
 NAMESPACE	 := aquasec
 NAME 		 := aquasec
 BINARY		 := terraform-provider-${NAME}
-VERSION      := 0.8.40
+VERSION      := 0.8.41
 OS_ARCH      := $(shell go env GOOS)_$(shell go env GOARCH)
 
 default: build
 
@@ -43,7 +43,7 @@ To quickly get started using the Aquasec provider for Terraform, configure the p
 terraform {
   required_providers {
     aquasec = {
-      version = "0.8.40"
+      version = "0.8.41"
       source  = "aquasecurity/aquasec"
     }
   }
 
@@ -0,0 +1,222 @@
+package aquasec
+
+import (
+	"context"
+	"log"
+	"strconv"
+	"time"
+
+	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAPIKeys() *schema.Resource {
+	return &schema.Resource{
+		Description: "Data source `aquasec_aqua_api_keys` provides all API keys by limit and offset.",
+		ReadContext: dataAPIKeyRead,
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"id", "limit"},
+			},
+			"limit": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ExactlyOneOf: []string{"id", "limit"},
+			},
+			"offset": {
+				Type:     schema.TypeInt,
+				Optional: true,
+			},
+			"apikeys": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"access_key": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"description": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"created": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"open_access": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"scans_per_month": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"account_id": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"enabled": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"roles": {
+							Type:        schema.TypeList,
+							Description: "The roles that will be assigned to the API key.",
+							Computed:    true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"group_id": {
+							Type:        schema.TypeInt,
+							Description: "The group ID that is associated with the API key.",
+							Computed:    true,
+						},
+						"expiration": {
+							Type:        schema.TypeInt,
+							Description: "The date of the API key's expiry",
+							Computed:    true,
+						},
+						"permission_ids": {
+							Type: schema.TypeList,
+							Description: "List of permission IDs for the API key, if empty the API" +
+								"key has global admin permissions.",
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeInt,
+							},
+						},
+						"ip_addresses": {
+							Type:        schema.TypeList,
+							Description: "List of IP addresses the API key can be used from.",
+							Computed:    true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataAPIKeyRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	c := m.(*client.Client)
+	var diags diag.Diagnostics
+
+	if idRaw, ok := d.GetOk("id"); ok {
+		id, err := strconv.Atoi(idRaw.(string))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		key, err := c.GetApiKey(id)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		if key.ID == 0 {
+			return diag.Errorf("API key returned with empty or zero id")
+		}
+
+		created := ""
+		if key.CreatedAt != "" {
+			if t, err := parseWithFallback(key.CreatedAt, time.RFC3339, time.Time{}); err == nil {
+				created = t.Format(time.RFC3339)
+			} else {
+				log.Printf("[WARN] could not parse created %q: %v", key.CreatedAt, err)
+			}
+		}
+
+		item := map[string]interface{}{
+			"id":              key.ID,
+			"access_key":      key.AccessKey,
+			"description":     key.Description,
+			"created":         created,
+			"open_access":     key.OpenAccess,
+			"scans_per_month": key.ScansPerMonth,
+			"account_id":      key.AccountID,
+			"enabled":         key.Enabled,
+			"roles":           key.Roles,
+			"permission_ids":  key.PermissionIDs,
+			"expiration":      key.Expiration,
+			"group_id":        key.GroupID,
+			"ip_addresses":    key.IPAddresses,
+		}
+		if err := d.Set("apikeys", []interface{}{item}); err != nil {
+			return diag.FromErr(err)
+		}
+		d.SetId(strconv.Itoa(id))
+		return diags
+	}
+	if limitRaw, ok := d.GetOk("limit"); ok {
+		limit := limitRaw.(int)
+		offset := d.Get("offset").(int)
+
+		if limit == 0 {
+			return diag.Errorf("`limit` must be greater than 0 when using limit/offset")
+		}
+
+		keys, err := c.GetApiKeys(limit, offset)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		var items []map[string]interface{}
+		for _, k := range keys {
+			if k.ID == 0 {
+				log.Printf("[WARN] skipping API key with empty id")
+				continue
+			}
+
+			created := ""
+			if k.CreatedAt != "" {
+				if t, err := parseWithFallback(k.CreatedAt, time.RFC3339, time.Time{}); err == nil {
+					created = t.Format(time.RFC3339)
+				} else {
+					log.Printf("[WARN] could not parse created %q: %v", k.CreatedAt, err)
+				}
+			}
+
+			items = append(items, map[string]interface{}{
+				"id":              k.ID,
+				"access_key":      k.AccessKey,
+				"description":     k.Description,
+				"created":         created,
+				"open_access":     k.OpenAccess,
+				"scans_per_month": k.ScansPerMonth,
+				"account_id":      k.AccountID,
+				"enabled":         k.Enabled,
+				"roles":           k.Roles,
+				"permission_ids":  k.PermissionIDs,
+				"expiration":      k.Expiration,
+				"group_id":        k.GroupID,
+				"ip_addresses":    k.IPAddresses,
+			})
+		}
+
+		if err := d.Set("apikeys", items); err != nil {
+			return diag.FromErr(err)
+		}
+		d.SetId(strconv.FormatInt(time.Now().Unix(), 10))
+		return diags
+	}
+
+	return diags
+}
+
+func parseWithFallback(s, layout string, fallback time.Time) (time.Time, error) {
+	t, err := time.Parse(layout, s)
+	if err != nil {
+		return fallback, err
+	}
+	return t, nil
+}
@@ -0,0 +1,110 @@
+package aquasec
+
+import (
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/aquasecurity/terraform-provider-aquasec/client"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+func TestAccAquaSecAPIKeysDataSource_byID(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAquaSecAPIKeyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAquaSecAPIKeyAndDataSourceByID(),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAquaSecAPIKeyCreated("aquasec_aqua_api_key.test"),
+					testAccCheckAquaSecAPIKeyDataByID("data.aquasec_aqua_api_keys.apikeys"),
+				),
+			},
+		},
+	})
+}
+
+func testAccAquaSecAPIKeyAndDataSourceByID() string {
+	return `
+	resource "aquasec_aqua_api_key" "test" {
+		description  = "Terraform test key"
+		enabled      = true
+		roles        = ["role1"]
+		ip_addresses = ["127.0.0.1"]
+		expiration   = 30
+	}
+	data "aquasec_aqua_api_keys" "apikeys" {
+		id = aquasec_aqua_api_key.test.id
+	}
+
+	output "first_desc" {
+		value = data.aquasec_aqua_api_keys.apikeys.apikeys[0].description
+	}
+	output "test_api_key_id" {
+		value = data.aquasec_aqua_api_keys.apikeys.apikeys[0].id
+	}
+	`
+}
+
+func testAccCheckAquaSecAPIKeyCreated(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("resource %q not found in state", n)
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("API Key wasn’t created (empty ID)")
+		}
+		return nil
+	}
+}
+
+func testAccCheckAquaSecAPIKeyDataByID(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("data source %q not found in state", n)
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("data source %q has no ID", n)
+		}
+
+		descKey := "apikeys.0.description"
+		if v, ok := rs.Primary.Attributes[descKey]; !ok || v == "" {
+			return fmt.Errorf("attribute %q is empty or not found", descKey)
+		}
+		return nil
+	}
+}
+
+func testAccCheckAquaSecAPIKeyDestroy(s *terraform.State) error {
+	client := testAccProvider.Meta().(*client.Client)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aquasec_aqua_api_key" {
+			continue
+		}
+
+		id := rs.Primary.ID
+		if id == "" {
+			continue
+		}
+
+		// Try fetching the deleted key, expect failure
+		keyID, err := strconv.Atoi(id)
+		if err != nil {
+			return fmt.Errorf("invalid ID %q: %v", id, err)
+		}
+
+		_, err = client.GetApiKey(keyID)
+		if err == nil {
+			return fmt.Errorf("API Key still exists (ID %d)", keyID)
+		}
+	}
+
+	return nil
+}
@@ -101,6 +101,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_role_mapping_saas":       resourceRoleMappingSaas(),
 			"aquasec_permission_set_saas":     resourcePermissionSetSaas(),
 			"aquasec_assurance_custom_script": resourceAssuranceScript(),
+			"aquasec_aqua_api_key":            resourceAPIKey(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"aquasec_users":                       dataSourceUsers(),
@@ -133,6 +134,7 @@ func Provider(v string) *schema.Provider {
 			"aquasec_roles_mapping_saas":      dataSourceRolesMappingSaas(),
 			"aquasec_permissions_sets_saas":   dataSourcePermissionsSetsSaas(),
 			"aquasec_assurance_custom_script": dataSourceAssuranceScript(),
+			"aquasec_aqua_api_keys":           dataSourceAPIKeys(),
 		},
 		ConfigureContextFunc: providerConfigure,
 	}
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ To quickly get started using the Aquasec provider for Terraform, configure the p`
`43`	`43`	`terraform {`
`44`	`44`	`required_providers {`
`45`	`45`	`aquasec = {`
`46`		`- version = "0.8.40"`
	`46`	`+ version = "0.8.41"`
`47`	`47`	`source = "aquasecurity/aquasec"`
`48`	`48`	`}`
`49`	`49`	`}`