Skip to content

feat: add project_id support to ory_json_web_key_set resource#131

Closed
KT-Doan wants to merge 1 commit intomainfrom
KevinTDoan/feat/jwk-project-id
Closed

feat: add project_id support to ory_json_web_key_set resource#131
KT-Doan wants to merge 1 commit intomainfrom
KevinTDoan/feat/jwk-project-id

Conversation

@KT-Doan
Copy link
Copy Markdown
Collaborator

@KT-Doan KT-Doan commented Mar 17, 2026

Description

Add project_id support to the ory_json_web_key_set resource. The resource previously required project_slug and project_api_key on the provider with no way to specify project_id at the resource level, making it unusable for project_id-based workflows.

The resource now accepts an optional project_id attribute that auto-resolves the project slug via the console API, eliminating the need to manually configure project_slug on the provider for JWK operations.

Changes

Client (internal/client/client.go):

  • ResolveProjectSlug(ctx, projectID) -- resolves project ID to slug via console API
  • ProjectClientForProject(ctx, projectID) -- returns a project-scoped client for a given project ID

Resource (internal/resources/jwk/resource.go):

  • Added project_id attribute (optional, computed, requires replace)
  • CRUD operations resolve the project client from project_id
  • Import supports both project_id/set_id and plain set_id formats

Tests, docs, examples updated to demonstrate project_id usage.

Related Issues

Fixes #120

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Checklist

  • I have read the CONTRIBUTING guide
  • My code follows the existing code style
  • I have added tests that prove my fix/feature works
  • I have updated documentation as needed
  • All new and existing tests pass (make test)
  • I have run the linter (make format)

Testing

  • Unit tests (make test-short -- all pass)
  • Acceptance tests (TestAccJWKResource_basic passes with create, read, and composite import)
  • Manual testing

Screenshots/Output

=== RUN   TestAccJWKResource_basic
    acctest.go:132: Using pre-created test project: 3fa274fe-... (slug: sad-moser-..., environment: prod)
--- PASS: TestAccJWKResource_basic (6.27s)

Security scans (make sec && make sec-trivy) -- 0 issues, no leaks.

@KT-Doan
feat: add project_id support to ory_json_web_key_set resource
58d3ba3 
The JWK resource previously required project_slug and project_api_key
on the provider, with no way to specify project_id at the resource
level. This made it impossible to use with project_id-based workflows.

Changes:
- Add optional project_id attribute to ory_json_web_key_set (falls back
  to provider's project_id when not set)
- Add ResolveProjectSlug and ProjectClientForProject methods to the
  client for resolving project_id to slug via the console API
- Support composite import format: project_id/set_id
- Update acceptance tests, examples, and documentation
Copilot AI review requested due to automatic review settings March 17, 2026 05:18
@KT-Doan KT-Doan closed this Mar 17, 2026
@KT-Doan KT-Doan deleted the KevinTDoan/feat/jwk-project-id branch March 17, 2026 05:20
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds project_id support to the ory_json_web_key_set resource, enabling project-ID-based workflows by resolving the project slug via the Console API and improving import ergonomics.

Changes:

  • Added project_id as an optional/computed, replace-triggering attribute for the JWK resource and wired CRUD to use a project-scoped client.
  • Implemented Console API slug resolution and a helper to create a project-scoped client by project_id.
  • Updated docs/examples/tests to demonstrate project_id usage and composite import IDs.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
templates/resources/json_web_key_set.md.tmpl Documentation template updated for project_id immutability and import formats.
internal/resources/jwk/testdata/basic.tf.tmpl Acceptance test config updated to provide project_id.
internal/resources/jwk/resource_test.go Acceptance test updated to assert project_id and use composite import ID.
internal/resources/jwk/resource.go Added project_id attribute, client resolution, and composite import parsing.
internal/client/client.go Added Console-based project slug resolver and project-scoped client helper.
examples/resources/ory_json_web_key_set/resource.tf Examples updated to show provider vs explicit project_id.
docs/resources/json_web_key_set.md Rendered docs updated for project_id and import formats.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

internal/resources/jwk/resource.go
Comment on lines +333 to +335
if !tfProjectID.IsNull() && !tfProjectID.IsUnknown() {
return tfProjectID.ValueString()
}
internal/resources/jwk/resource_test.go
Comment on lines 26 to +37
func TestAccJWKResource_basic(t *testing.T) {
projectID := os.Getenv("ORY_PROJECT_ID")

resource.Test(t, resource.TestCase{
PreCheck: func() { acctest.AccPreCheck(t) },
ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories(),
Steps: []resource.TestStep{
// Create and Read
{
Config: acctest.LoadTestConfig(t, "testdata/basic.tf.tmpl", nil),
Config: acctest.LoadTestConfig(t, "testdata/basic.tf.tmpl", map[string]string{
"ProjectID": projectID,
}),
internal/resources/jwk/resource_test.go
ImportStateId: "tf-test-jwks",
ImportStateIdFunc: importStateJWKID,
ImportStateVerify: true,
},
internal/resources/jwk/resource.go
Comment on lines +107 to +115
"project_id": schema.StringAttribute{
Description: "The project ID. If not set, uses the provider's project_id.",
Optional: true,
Computed: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
stringplanmodifier.RequiresReplace(),
},
},
internal/resources/jwk/resource.go
Comment on lines +339 to 347
// resolveProjectClient returns a client configured for the given project.
// If project_id is provided, it resolves the slug via the console API.
// Otherwise, it falls back to the provider's project credentials.
func (r *JWKResource) resolveProjectClient(ctx context.Context, projectID string) (*client.OryClient, error) {
if projectID != "" {
return r.client.ProjectClientForProject(ctx, projectID)
}
return r.client, nil
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing project-id input for json_web_key_set terraform resource

2 participants

@KT-Doan