feat(vpcgw): add support for triggering ssh keys refresh (scaleway#2567)

* feat(vpcgw): add support for triggering ssh keys refresh

* update cassettes

* improve example

* fix

Author: yfodil

docs/resources/vpc_public_gateway.md

@@ -10,6 +10,8 @@ For more information, see [the documentation](https://www.scaleway.com/en/develo
 
 ## Example Usage
 
+### Basic
+
 ```terraform
 resource "scaleway_vpc_public_gateway" "main" {
     name = "public_gateway_demo"
@@ -18,6 +20,36 @@ resource "scaleway_vpc_public_gateway" "main" {
 }
 ```
 
+### With bastion
+
+```terraform
+resource "scaleway_iam_ssh_key" "key1" {
+  name       = "key1"
+  public_key = file("~/.ssh/id_rsa.pub")
+}
+
+resource "scaleway_iam_ssh_key" "key2" {
+  name       = "key2"
+  public_key = file("~/.ssh/another_key.pub")}
+
+# Use a local variable to compute a hash of the SSH keys
+locals {
+  ssh_keys_hash = sha256(join(",", [
+    scaleway_iam_ssh_key.key1.public_key,
+    scaleway_iam_ssh_key.key2.public_key,
+  ]))
+}
+
+resource "scaleway_vpc_public_gateway" "main" {
+    name             = "public_gateway_demo"
+    type             = "VPC-GW-S"
+    tags             = ["demo", "terraform"]
+    bastion_enabled  = true
+    bastion_port     = 61000
+    refresh_ssh_keys = local.ssh_keys_hash
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -28,10 +60,11 @@ The following arguments are supported:
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the public gateway should be created.
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the public gateway is associated with.
 - `upstream_dns_servers` - (Optional) override the gateway's default recursive DNS servers, if DNS features are enabled.
-- `ip_id` - (Optional) attach an existing flexible IP to the gateway
-- `bastion_enabled` - (Optional) Enable SSH bastion on the gateway
+- `ip_id` - (Optional) attach an existing flexible IP to the gateway.
+- `bastion_enabled` - (Optional) Enable SSH bastion on the gateway.
 - `bastion_port` - (Optional) The port on which the SSH bastion will listen.
-- `enable_smtp` - (Optional) Enable SMTP on the gateway
+- `enable_smtp` - (Optional) Enable SMTP on the gateway.
+- `refresh_ssh_keys` - (Optional) Trigger a refresh of the SSH keys on the public gateway by changing this field's value.
 
 ## Attributes Reference
 

internal/services/vpcgw/public_gateway.go

@@ -87,6 +87,11 @@ func ResourcePublicGateway() *schema.Resource {
 				Optional:    true,
 				Computed:    true,
 			},
+			"refresh_ssh_keys": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Trigger a refresh of the SSH keys for a given Public Gateway by changing this field's value",
+			},
 			"project_id": account.ProjectIDSchema(),
 			"zone":       zonal.Schema(),
 			// Computed elements
@@ -224,6 +229,21 @@ func ResourceVPCPublicGatewayUpdate(ctx context.Context, d *schema.ResourceData,
 		updateRequest.UpstreamDNSServers = types.ExpandUpdatedStringsPtr(d.Get("upstream_dns_servers"))
 	}
 
+	if d.HasChange("refresh_ssh_keys") {
+		_, err := api.RefreshSSHKeys(&vpcgw.RefreshSSHKeysRequest{
+			Zone:      gateway.Zone,
+			GatewayID: gateway.ID,
+		}, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+	}
+
+	_, err = waitForVPCPublicGateway(ctx, api, zone, id, d.Timeout(schema.TimeoutUpdate))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	_, err = api.UpdateGateway(updateRequest, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)