New Resource for maxTTL

Author: sana-faraz

internal/provider/data_source_tfe_org_max_token_ttl_policy.go

@@ -0,0 +1,146 @@
+// Copyright IBM Corp. 2018, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	tfe "github.com/hashicorp/go-tfe"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+var _ datasource.DataSource = &dataSourceTFEOrgMaxTokenTTLPolicy{}
+var _ datasource.DataSourceWithConfigure = &dataSourceTFEOrgMaxTokenTTLPolicy{}
+
+func NewOrgMaxTokenTTLPolicyDataSource() datasource.DataSource {
+	return &dataSourceTFEOrgMaxTokenTTLPolicy{}
+}
+
+type dataSourceTFEOrgMaxTokenTTLPolicy struct {
+	config ConfiguredClient
+}
+
+type modelTFEOrgMaxTokenTTLPolicyData struct {
+	Organization            types.String `tfsdk:"organization"`
+	Enabled                 types.Bool   `tfsdk:"enabled"`
+	OrgTokenMaxTTLMs        types.Int64  `tfsdk:"org_token_max_ttl_ms"`
+	TeamTokenMaxTTLMs       types.Int64  `tfsdk:"team_token_max_ttl_ms"`
+	AuditTrailTokenMaxTTLMs types.Int64  `tfsdk:"audit_trail_token_max_ttl_ms"`
+	UserTokenMaxTTLMs       types.Int64  `tfsdk:"user_token_max_ttl_ms"`
+}
+
+func (d *dataSourceTFEOrgMaxTokenTTLPolicy) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_org_max_token_ttl_policy"
+}
+
+func (d *dataSourceTFEOrgMaxTokenTTLPolicy) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Retrieves the maximum time-to-live (TTL) policy for API tokens in an organization. " +
+			"This data source fetches the current TTL limits for organization, team, audit trail, " +
+			"and user tokens from the database.",
+
+		Attributes: map[string]schema.Attribute{
+			"organization": schema.StringAttribute{
+				Description: "Name of the organization.",
+				Required:    true,
+			},
+			"enabled": schema.BoolAttribute{
+				Description: "Indicates whether the maximum TTL token policy is enabled (true) or disabled (false) for the organization.",
+				Computed:    true,
+			},
+			"org_token_max_ttl_ms": schema.Int64Attribute{
+				Description: "Maximum lifespan allowed for organization tokens in milliseconds.",
+				Computed:    true,
+			},
+			"team_token_max_ttl_ms": schema.Int64Attribute{
+				Description: "Maximum lifespan allowed for team tokens in milliseconds.",
+				Computed:    true,
+			},
+			"audit_trail_token_max_ttl_ms": schema.Int64Attribute{
+				Description: "Maximum lifespan allowed for audit trail tokens in milliseconds.",
+				Computed:    true,
+			},
+			"user_token_max_ttl_ms": schema.Int64Attribute{
+				Description: "Maximum lifespan allowed for user tokens in milliseconds.",
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func (d *dataSourceTFEOrgMaxTokenTTLPolicy) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(ConfiguredClient)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected data source Configure type",
+			fmt.Sprintf("Expected tfe.ConfiguredClient, got %T", req.ProviderData),
+		)
+		return
+	}
+	d.config = client
+}
+
+func (d *dataSourceTFEOrgMaxTokenTTLPolicy) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var config modelTFEOrgMaxTokenTTLPolicyData
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &config)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	organization := config.Organization.ValueString()
+
+	tflog.Debug(ctx, fmt.Sprintf("Reading token TTL policies for organization: %s", organization))
+	policyList, err := d.config.Client.OrganizationTokenTTLPolicies.List(ctx, organization, nil)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to read organization token TTL policies", err.Error())
+		return
+	}
+
+	// If no policies exist, treat as disabled with default values
+	enabled := len(policyList.Items) > 0
+
+	// Convert the API response to the data source model
+	result := modelFromTokenTTLPoliciesData(organization, enabled, policyList.Items)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &result)...)
+}
+
+func modelFromTokenTTLPoliciesData(organization string, enabled bool, policies []*tfe.OrganizationTokenTTLPolicy) modelTFEOrgMaxTokenTTLPolicyData {
+	// Default TTL: 2 years in milliseconds
+	defaultTTLMs := int64(63072000000000) // 2 years = 365 * 2 * 24 * 60 * 60 * 1000
+
+	result := modelTFEOrgMaxTokenTTLPolicyData{
+		Organization:            types.StringValue(organization),
+		Enabled:                 types.BoolValue(enabled),
+		OrgTokenMaxTTLMs:        types.Int64Value(defaultTTLMs),
+		TeamTokenMaxTTLMs:       types.Int64Value(defaultTTLMs),
+		AuditTrailTokenMaxTTLMs: types.Int64Value(defaultTTLMs),
+		UserTokenMaxTTLMs:       types.Int64Value(defaultTTLMs),
+	}
+
+	// Set actual values from policies
+	for _, policy := range policies {
+		switch policy.TokenType {
+		case tfe.TokenTypeOrganization:
+			result.OrgTokenMaxTTLMs = types.Int64Value(policy.MaxTTLMs)
+		case tfe.TokenTypeTeam:
+			result.TeamTokenMaxTTLMs = types.Int64Value(policy.MaxTTLMs)
+		case tfe.TokenTypeAuditTrails:
+			result.AuditTrailTokenMaxTTLMs = types.Int64Value(policy.MaxTTLMs)
+		case tfe.TokenTypeUser:
+			result.UserTokenMaxTTLMs = types.Int64Value(policy.MaxTTLMs)
+		}
+	}
+
+	return result
+}

internal/provider/data_source_tfe_org_max_token_ttl_policy_test.go

@@ -0,0 +1,101 @@
+// Copyright IBM Corp. 2018, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"fmt"
+	"math/rand"
+	"testing"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccTFEOrgMaxTokenTTLPolicyDataSource_basic(t *testing.T) {
+	skipUnlessBeta(t)
+	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+	orgName := fmt.Sprintf("tst-terraform-%d", rInt)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccMuxedProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEOrgMaxTokenTTLPolicyDataSourceConfig_basic(orgName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "organization", orgName),
+					resource.TestCheckResourceAttrSet("data.tfe_org_max_token_ttl_policy.test", "enabled"),
+					resource.TestCheckResourceAttrSet("data.tfe_org_max_token_ttl_policy.test", "org_token_max_ttl_ms"),
+					resource.TestCheckResourceAttrSet("data.tfe_org_max_token_ttl_policy.test", "team_token_max_ttl_ms"),
+					resource.TestCheckResourceAttrSet("data.tfe_org_max_token_ttl_policy.test", "audit_trail_token_max_ttl_ms"),
+					resource.TestCheckResourceAttrSet("data.tfe_org_max_token_ttl_policy.test", "user_token_max_ttl_ms"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccTFEOrgMaxTokenTTLPolicyDataSource_withResource(t *testing.T) {
+	skipUnlessBeta(t)
+	rInt := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+	orgName := fmt.Sprintf("tst-terraform-%d", rInt)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccMuxedProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEOrgMaxTokenTTLPolicyDataSourceConfig_withResource(orgName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					// Check resource
+					resource.TestCheckResourceAttr("tfe_org_max_token_ttl_policy.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("tfe_org_max_token_ttl_policy.test", "org_token_max_ttl", "30d"),
+					resource.TestCheckResourceAttr("tfe_org_max_token_ttl_policy.test", "team_token_max_ttl", "7d"),
+					resource.TestCheckResourceAttr("tfe_org_max_token_ttl_policy.test", "user_token_max_ttl", "24h"),
+					resource.TestCheckResourceAttr("tfe_org_max_token_ttl_policy.test", "audit_trail_token_max_ttl", "90d"),
+					// Check data source returns milliseconds
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "enabled", "true"),
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "org_token_max_ttl_ms", "2592000000"),         // 30 days
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "team_token_max_ttl_ms", "604800000"),         // 7 days
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "user_token_max_ttl_ms", "86400000"),          // 24 hours
+					resource.TestCheckResourceAttr("data.tfe_org_max_token_ttl_policy.test", "audit_trail_token_max_ttl_ms", "7776000000"), // 90 days
+				),
+			},
+		},
+	})
+}
+
+func testAccTFEOrgMaxTokenTTLPolicyDataSourceConfig_basic(orgName string) string {
+	return fmt.Sprintf(`
+resource "tfe_organization" "test" {
+  name  = "%s"
+}
+
+data "tfe_org_max_token_ttl_policy" "test" {
+  organization = tfe_organization.test.name
+}
+`, orgName)
+}
+
+func testAccTFEOrgMaxTokenTTLPolicyDataSourceConfig_withResource(orgName string) string {
+	return fmt.Sprintf(`
+resource "tfe_organization" "test" {
+  name  = "%s"
+}
+
+resource "tfe_org_max_token_ttl_policy" "test" {
+  organization              = tfe_organization.test.name
+  enabled                   = true
+  org_token_max_ttl         = "30d"
+  team_token_max_ttl        = "7d"
+  user_token_max_ttl        = "24h"
+  audit_trail_token_max_ttl = "90d"
+}
+
+data "tfe_org_max_token_ttl_policy" "test" {
+  organization = tfe_org_max_token_ttl_policy.test.organization
+  depends_on   = [tfe_org_max_token_ttl_policy.test]
+}
+`, orgName)
+}

internal/provider/provider_next.go

@@ -146,6 +146,7 @@ func (p *frameworkProvider) DataSources(ctx context.Context) []func() datasource
 		NewHYOKCustomerKeyVersionDataSource,
 		NewHYOKEncryptedDataKeyDataSource,
 		NewNoCodeModuleDataSource,
+		NewOrgMaxTokenTTLPolicyDataSource,
 		NewOrganizationAuditConfigurationDataSource,
 		NewOrganizationRunTaskDataSource,
 		NewOrganizationRunTaskGlobalSettingsDataSource,
@@ -167,6 +168,7 @@ func (p *frameworkProvider) Resources(ctx context.Context) []func() resource.Res
 	return []func() resource.Resource{
 		NewAuditTrailTokenResource,
 		NewDataRetentionPolicyResource,
+		NewOrgMaxTokenTTLPolicyResource,
 		NewOrganizationDefaultSettings,
 		NewOrganizationRunTaskGlobalSettingsResource,
 		NewOrganizationRunTaskResource,