resource/gitlab_user_sshkey: add docs, refactor importer, key diffing and general functionality of the resource

Author: timofurrer

docs/resources/user_sshkey.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_user_sshkey Resource - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  This resource allows to manage GitLab user SSH keys.
+  Upstream API: GitLab API docs https://docs.gitlab.com/ee/api/users.html#single-ssh-key
+---
+
+# gitlab_user_sshkey (Resource)
+
+This resource allows to manage GitLab user SSH keys.
+
+**Upstream API**: [GitLab API docs](https://docs.gitlab.com/ee/api/users.html#single-ssh-key)
+
+## Example Usage
+
+```terraform
+data "gitlab_user" "example" {
+  username = "example-user"
+}
+
+resource "gitlab_user_sshkey" "example" {
+  user_id    = data.gitlab_user.id
+  title      = "example-key"
+  key        = "ssh-rsa AAAA..."
+  expires_at = "2016-01-21T00:00:00.000Z"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **key** (String) The ssh key. The SSH key `comment` (trailing part) is optional and ignored for diffing, because GitLab overrides it with the username and GitLab hostname.
+- **title** (String) The title of the ssh key.
+- **user_id** (Number) The ID of the user to add the ssh key to.
+
+### Optional
+
+- **expires_at** (String) The expiration date of the SSH key in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ)
+- **id** (String) The ID of this resource.
+
+### Read-Only
+
+- **created_at** (String) The time when this key was created in GitLab.
+- **key_id** (Number) The ID of the ssh key.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# You can import a user ssh key using an id made up of `{user-id}:{key}`, e.g.
+terraform import gitlab_user_sshkey.example 42:1
+```

examples/resources/gitlab_user_sshkey/import.sh

@@ -0,0 +1,2 @@
+# You can import a user ssh key using an id made up of `{user-id}:{key}`, e.g.
+terraform import gitlab_user_sshkey.example 42:1

examples/resources/gitlab_user_sshkey/resource.tf

@@ -0,0 +1,10 @@
+data "gitlab_user" "example" {
+  username = "example-user"
+}
+
+resource "gitlab_user_sshkey" "example" {
+  user_id    = data.gitlab_user.id
+  title      = "example-key"
+  key        = "ssh-rsa AAAA..."
+  expires_at = "2016-01-21T00:00:00.000Z"
+}

go.mod

@@ -12,6 +12,6 @@ require (
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/onsi/gomega v1.18.1
 	github.com/xanzy/go-gitlab v0.55.1
-	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
+	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
 	google.golang.org/api v0.34.0 // indirect
 )

go.sum

@@ -373,8 +373,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
+golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -443,8 +444,9 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781 h1:DzZ89McO9/gWPsQXS/FVKAlG02ZjaQ6AlZRBimEYOd0=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

internal/provider/resource_gitlab_user_sshkey.go

@@ -3,141 +3,191 @@ package provider
 import (
 	"context"
 	"fmt"
+	"log"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	gitlab "github.com/xanzy/go-gitlab"
 )
 
 var _ = registerResource("gitlab_user_sshkey", func() *schema.Resource {
 	return &schema.Resource{
+		Description: `This resource allows to manage GitLab user SSH keys.
+
+**Upstream API**: [GitLab API docs](https://docs.gitlab.com/ee/api/users.html#single-ssh-key)`,
+
 		CreateContext: resourceGitlabUserSSHKeyCreate,
 		ReadContext:   resourceGitlabUserSSHKeyRead,
-		UpdateContext: resourceGitlabUserSSHKeyUpdate,
 		DeleteContext: resourceGitlabUserSSHKeyDelete,
 		Importer: &schema.ResourceImporter{
-			StateContext: resourceGitlabUserSSHKeyImporter,
+			StateContext: schema.ImportStatePassthroughContext,
 		},
 
 		Schema: map[string]*schema.Schema{
+			"user_id": {
+				Description: "The ID of the user to add the ssh key to.",
+				Type:        schema.TypeInt,
+				ForceNew:    true,
+				Required:    true,
+			},
 			"title": {
 				Description: "The title of the ssh key.",
 				Type:        schema.TypeString,
+				ForceNew:    true,
 				Required:    true,
 			},
 			"key": {
-				Description: "The ssh key.",
+				Description: "The ssh key. The SSH key `comment` (trailing part) is optional and ignored for diffing, because GitLab overrides it with the username and GitLab hostname.",
 				Type:        schema.TypeString,
+				ForceNew:    true,
 				Required:    true,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					// NOTE: the ssh keys consist of three parts: `type`, `data`, `comment`, whereas the `comment` is optional
+					//       and suppressed in the diffing. It's overridden by GitLab with the username and GitLab hostname.
+					newParts := strings.SplitN(new, " ", 3)
+					oldParts := strings.SplitN(old, " ", 3)
+					if len(newParts) < 2 || len(oldParts) < 2 {
+						// NOTE: at least one of the keys doesn't have the required two parts, thus we just compare them
+						return new == old
+					}
+
+					// NOTE: both keys have the required two parts, thus we compare the parts separately, ignoring the rest
+					return newParts[0] == oldParts[0] && newParts[1] == oldParts[1]
+				},
 			},
-			"created_at": {
-				Description: "Create time.",
+			"expires_at": {
+				Description: "The expiration date of the SSH key in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ)",
 				Type:        schema.TypeString,
-				Computed:    true,
+				ForceNew:    true,
+				Optional:    true,
+				// NOTE: since RFC3339 is pretty much a subset of ISO8601 and actually expected by GitLab,
+				//       we use it here to avoid having to parse the string ourselves.
+				ValidateDiagFunc: validation.ToDiagFunc(validation.IsRFC3339Time),
 			},
-			"user_id": {
-				Description: "The id of the user to add the ssh key to.",
+			"key_id": {
+				Description: "The ID of the ssh key.",
 				Type:        schema.TypeInt,
-				ForceNew:    true,
-				Required:    true,
+				Computed:    true,
+			},
+			"created_at": {
+				Description: "The time when this key was created in GitLab.",
+				Type:        schema.TypeString,
+				Computed:    true,
 			},
 		},
 	}
 })
 
-func resourceGitlabUserSSHKeyImporter(ctx context.Context, d *schema.ResourceData, _ interface{}) ([]*schema.ResourceData, error) {
-	s := strings.Split(d.Id(), ":")
-	if len(s) != 2 {
-		d.SetId("")
-		return nil, fmt.Errorf("Invalid SSH Key import format; expected '{user_id}:{key_id}'")
-	}
-
-	userID, err := strconv.Atoi(s[0])
-	if err != nil {
-		return nil, fmt.Errorf("Invalid SSH Key import format; expected '{user_id}:{key_id}'")
-	}
-
-	d.Set("user_id", userID)
-	d.SetId(s[1])
-
-	return []*schema.ResourceData{d}, nil
-}
-
-func resourceGitlabUserSSHKeySetToState(d *schema.ResourceData, key *gitlab.SSHKey) {
-	d.Set("title", key.Title)
-	d.Set("key", key.Key)
-	d.Set("created_at", key.CreatedAt.String())
-}
-
 func resourceGitlabUserSSHKeyCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*gitlab.Client)
-
 	userID := d.Get("user_id").(int)
 
 	options := &gitlab.AddSSHKeyOptions{
 		Title: gitlab.String(d.Get("title").(string)),
 		Key:   gitlab.String(d.Get("key").(string)),
 	}
 
+	if expiresAt, ok := d.GetOk("expires_at"); ok {
+		parsedExpiresAt, err := time.Parse(time.RFC3339, expiresAt.(string))
+		if err != nil {
+			return diag.Errorf("failed to parse created_at: %s. It must be in valid RFC3339 format.", err)
+		}
+		gitlabExpiresAt := gitlab.ISOTime(parsedExpiresAt)
+		options.ExpiresAt = &gitlabExpiresAt
+	}
+
 	key, _, err := client.Users.AddSSHKeyForUser(userID, options, gitlab.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
 	}
 
-	d.SetId(fmt.Sprintf("%d", key.ID))
-
+	userIDForID := fmt.Sprintf("%d", userID)
+	keyIDForID := fmt.Sprintf("%d", key.ID)
+	d.SetId(buildTwoPartID(&userIDForID, &keyIDForID))
 	return resourceGitlabUserSSHKeyRead(ctx, d, meta)
 }
 
 func resourceGitlabUserSSHKeyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*gitlab.Client)
 
-	id, _ := strconv.Atoi(d.Id())
-	userID := d.Get("user_id").(int)
-
-	keys, _, err := client.Users.ListSSHKeysForUser(userID, &gitlab.ListSSHKeysForUserOptions{}, gitlab.WithContext(ctx))
+	userID, keyID, err := resourceGitlabUserSSHKeyParseID(d.Id())
 	if err != nil {
-		return diag.FromErr(err)
+		return diag.Errorf("unable to parse user ssh key resource id: %s: %v", d.Id(), err)
+	}
+
+	options := &gitlab.ListSSHKeysForUserOptions{
+		Page:    1,
+		PerPage: 20,
 	}
 
 	var key *gitlab.SSHKey
+	for options.Page != 0 && key == nil {
+		keys, resp, err := client.Users.ListSSHKeysForUser(userID, options, gitlab.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
 
-	for _, k := range keys {
-		if k.ID == id {
-			key = k
-			break
+		for _, k := range keys {
+			if k.ID == keyID {
+				key = k
+				break
+			}
 		}
+
+		options.Page = resp.NextPage
 	}
 
 	if key == nil {
-		return diag.Errorf("Could not find sshkey %d for user %d", id, userID)
+		log.Printf("Could not find sshkey %d for user %d", keyID, userID)
+		d.SetId("")
+		return nil
 	}
 
-	resourceGitlabUserSSHKeySetToState(d, key)
-	return nil
-}
-
-func resourceGitlabUserSSHKeyUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
-	if d := resourceGitlabUserSSHKeyDelete(ctx, d, meta); d.HasError() {
-		return d
+	d.Set("user_id", userID)
+	d.Set("key_id", keyID)
+	d.Set("title", key.Title)
+	d.Set("key", key.Key)
+	if key.ExpiresAt != nil {
+		d.Set("expires_at", key.ExpiresAt.Format(time.RFC3339))
 	}
-	if d := resourceGitlabUserSSHKeyCreate(ctx, d, meta); d.HasError() {
-		return d
+	if key.CreatedAt != nil {
+		d.Set("created_at", key.CreatedAt.Format(time.RFC3339))
 	}
-	return resourceGitlabUserSSHKeyRead(ctx, d, meta)
+	return nil
 }
 
 func resourceGitlabUserSSHKeyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*gitlab.Client)
 
-	id, _ := strconv.Atoi(d.Id())
-	userID := d.Get("user_id").(int)
+	userID, keyID, err := resourceGitlabUserSSHKeyParseID(d.Id())
+	if err != nil {
+		return diag.Errorf("unable to parse user ssh key resource id: %s: %v", d.Id(), err)
+	}
 
-	if _, err := client.Users.DeleteSSHKeyForUser(userID, id, gitlab.WithContext(ctx)); err != nil {
+	if _, err := client.Users.DeleteSSHKeyForUser(userID, keyID, gitlab.WithContext(ctx)); err != nil {
 		return diag.FromErr(err)
 	}
 
 	return nil
 }
+
+func resourceGitlabUserSSHKeyParseID(id string) (int, int, error) {
+	userIDFromID, keyIDFromID, err := parseTwoPartID(id)
+	if err != nil {
+		return 0, 0, err
+	}
+	userID, err := strconv.Atoi(userIDFromID)
+	if err != nil {
+		return 0, 0, err
+	}
+	keyID, err := strconv.Atoi(keyIDFromID)
+	if err != nil {
+		return 0, 0, err
+	}
+
+	return userID, keyID, nil
+}