feat: add new data source for getting runner token

Added a new data source for retrieving a runner token (an exchange token).
This is used when creating a runner for authentication.

Added as a data source as the API only returns tokens that expire
after 24 hours and does not otherwise manage them.

Author: beekeep

AGENTS.md

@@ -10,7 +10,7 @@ Terraform provider for managing Gitpod resources on ona.com. The provider uses t
 - Provider type name: `ona`
 - Provider configuration: `api_key`, `base_url`, `max_retries`, `request_timeout`
 - Resources: `ona_project`, `ona_runner`, `ona_runner_scm_integration`, `ona_secret`
-- Data sources: `ona_authenticated_identity`, `ona_group`, `ona_groups`, `ona_project`, `ona_runner`, `ona_runner_environment_classes`, `ona_runners`
+- Data sources: `ona_authenticated_identity`, `ona_group`, `ona_groups`, `ona_project`, `ona_runner`, `ona_runner_environment_classes`, `ona_runners`, `ona_runner_token`
 
 ## Build and test commands
 

README.md

@@ -28,6 +28,7 @@ Terraform provider for managing [Gitpod](https://gitpod.io) resources on [ona.co
 - [Groups Data Source Docs](https://github.com/combor/terraform-provider-ona/blob/main/docs/data-sources/groups.md)
 - [Runner Environment Classes Data Source Docs](https://github.com/combor/terraform-provider-ona/blob/main/docs/data-sources/runner_environment_classes.md)
 - [Runners Data Source Docs](https://github.com/combor/terraform-provider-ona/blob/main/docs/data-sources/runners.md)
+- [Runner Token Data Source Docs](https://github.com/combor/terraform-provider-ona/blob/main/docs/data-sources/runner_token.md)
 - [Integration Example](https://github.com/combor/terraform-provider-ona/blob/main/examples/main.tf)
 
 ## Supported Types
@@ -48,6 +49,7 @@ Data sources:
 - `ona_runner`
 - `ona_runner_environment_classes`
 - `ona_runners`
+- `ona_runner_token`
 
 ## Using the Provider
 

docs/data-sources/runner_token.md

@@ -0,0 +1,30 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "ona_runner_token Data Source - terraform-provider-ona"
+subcategory: ""
+description: |-
+  Retrieve a new authentication token for a Gitpod runner.
+---
+
+# ona_runner_token (Data Source)
+
+Retrieve a new authentication token for a Gitpod runner.
+
+## Example Usage
+
+```terraform
+data "ona_runner_token" "example" {
+  runner_id = "<runner-id>"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `runner_id` (String) Runner ID.
+
+### Read-Only
+
+- `exchange_token` (String, Sensitive) A one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours.

examples/data-sources/ona_runner_token/data-source.tf

@@ -0,0 +1,3 @@
+data "ona_runner_token" "example" {
+  runner_id = "<runner-id>"
+}

examples/main.tf

@@ -37,6 +37,10 @@ data "ona_runner" "example" {
   id = ona_runner.example.id
 }
 
+data "ona_runner_token" "example" {
+  runner_id = ona_runner.example.id
+}
+
 data "ona_runner_environment_classes" "example" {
   runner_id = ona_runner.example.id
 }

internal/provider/provider.go

@@ -182,6 +182,7 @@ func (p *onaProvider) DataSources(_ context.Context) []func() datasource.DataSou
 		NewRunnerEnvironmentClassesDataSource,
 		NewRunnerDataSource,
 		NewRunnersDataSource,
+		NewRunnerTokenDataSource,
 	}
 }
 

internal/provider/runner_token_data_source.go

@@ -0,0 +1,94 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	gitpod "github.com/gitpod-io/gitpod-sdk-go"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var _ datasource.DataSource = &runnerTokenDataSource{}
+
+type runnerTokenDataSource struct {
+	client *gitpod.Client
+}
+
+func NewRunnerTokenDataSource() datasource.DataSource {
+	return &runnerTokenDataSource{}
+}
+
+func (d *runnerTokenDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_runner_token"
+}
+
+func (d *runnerTokenDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: "Retrieve a new authentication token for a Gitpod runner.",
+		Attributes: map[string]schema.Attribute{
+			"runner_id": schema.StringAttribute{
+				Required:            true,
+				MarkdownDescription: "Runner ID.",
+			},
+			"exchange_token": schema.StringAttribute{
+				Computed:            true,
+				Sensitive:           true,
+				MarkdownDescription: "A one-time use token that should be exchanged by the runner for an access token, using the IdentityService.ExchangeToken rpc. The token expires after 24 hours.",
+			},
+		},
+	}
+}
+
+func (d *runnerTokenDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	client, ok := clientFromProviderData(req.ProviderData, &resp.Diagnostics)
+	if !ok {
+		return
+	}
+
+	d.client = client
+}
+
+func (d *runnerTokenDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var config runnerTokenDataSourceModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	runnerID := config.RunnerID.ValueString()
+
+	token, err := d.client.Runners.NewRunnerToken(ctx, gitpod.RunnerNewRunnerTokenParams{
+		RunnerID: gitpod.F(runnerID),
+	})
+	if err != nil {
+		if isAPINotFound(err) {
+			resp.Diagnostics.AddError("Runner not found",
+				fmt.Sprintf("No runner found with ID %s", runnerID))
+			return
+		}
+
+		resp.Diagnostics.AddError("Failed to retrieve runner token", err.Error())
+		return
+	}
+
+	state := mapRunnerTokenToDataSourceModel(runnerID, token.ExchangeToken)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &state)...)
+}
+
+func mapRunnerTokenToDataSourceModel(runnerID string, token string) runnerTokenDataSourceModel {
+	return runnerTokenDataSourceModel{
+		RunnerID:      types.StringValue(runnerID),
+		ExchangeToken: types.StringValue(token),
+	}
+}
+
+type runnerTokenDataSourceModel struct {
+	RunnerID      types.String `tfsdk:"runner_id"`
+	ExchangeToken types.String `tfsdk:"exchange_token"`
+}

internal/provider/runner_token_data_source_test.go

@@ -0,0 +1,14 @@
+package provider
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestMapRunnerTokenToDataSourceModel(t *testing.T) {
+	got := mapRunnerTokenToDataSourceModel("runner-123", "abcdefghijklmnopqrstuvwxyz")
+
+	assert.Equal(t, "runner-123", got.RunnerID.ValueString())
+	assert.Equal(t, "abcdefghijklmnopqrstuvwxyz", got.ExchangeToken.ValueString())
+}