feat(IAM Identity): Identity Preferences

Author: pooraniss-ibm

examples/ibm-iam-identity-preferences/README.md

@@ -0,0 +1,105 @@
+# Examples for IAM Identity Services
+
+These examples illustrate how to use the resources and data sources associated with IAM Identity Services.
+
+The following resources are supported:
+* ibm_iam_identity_preference
+
+The following data sources are supported:
+* ibm_iam_identity_preference
+
+## Usage
+
+To run this example, execute the following commands:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+## IAM Identity Services resources
+
+### Resource: ibm_iam_identity_preference
+
+```hcl
+resource "ibm_iam_identity_preference" "iam_identity_preference_instance" {
+  account_id = var.iam_identity_preference_account_id
+  iam_id = var.iam_identity_preference_iam_id
+  service = var.iam_identity_preference_service
+  preference_id = var.iam_identity_preference_preference_id
+  value_string = var.iam_identity_preference_value_string
+  value_list_of_strings = var.iam_identity_preference_value_list_of_strings
+}
+```
+
+#### Inputs
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| ibmcloud\_api\_key | IBM Cloud API key | `string` | true |
+| account_id | Account id to update preference for. | `string` | true |
+| iam_id | IAM id to update the preference for. | `string` | true |
+| service | Service of the preference to be updated. | `string` | true |
+| preference_id | Identifier of preference to be updated. | `string` | true |
+| value_string | String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present. | `string` | true |
+| value_list_of_strings | List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present. | `list(string)` | false |
+
+#### Outputs
+
+| Name | Description |
+|------|-------------|
+| scope | Scope of the preference, 'global' or 'account'. |
+| preference_id | Unique ID of the preference. |
+
+## IAM Identity Services data sources
+
+### Data source: ibm_iam_identity_preference
+
+```hcl
+data "ibm_iam_identity_preference" "iam_identity_preference_instance" {
+  account_id = var.data_iam_identity_preference_account_id
+  iam_id = var.data_iam_identity_preference_iam_id
+  service = var.data_iam_identity_preference_service
+  preference_id = var.data_iam_identity_preference_preference_id
+}
+```
+
+#### Inputs
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| account_id | Account id to get preference for. | `string` | true |
+| iam_id | IAM id to get the preference for. | `string` | true |
+| service | Service of the preference to be fetched. | `string` | true |
+| preference_id | Identifier of preference to be fetched. | `string` | true |
+
+#### Outputs
+
+| Name | Description |
+|------|-------------|
+| scope | Scope of the preference, 'global' or 'account'. |
+| value_string | String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present. |
+| value_list_of_strings | List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present. |
+
+## Assumptions
+
+1. TODO
+
+## Notes
+
+1. TODO
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | ~> 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| ibm | 1.13.1 |

examples/ibm-iam-identity-preferences/main.tf

@@ -0,0 +1,25 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
+
+// Provision iam_identity_preference resource instance
+resource "ibm_iam_identity_preference" "iam_identity_preference_instance" {
+  account_id = var.iam_identity_preference_account_id
+  iam_id = var.iam_identity_preference_iam_id
+  service = var.iam_identity_preference_service
+  preference_id = var.iam_identity_preference_preference_id
+  value_string = var.iam_identity_preference_value_string
+  value_list_of_strings = var.iam_identity_preference_value_list_of_strings
+}
+
+// Data source is not linked to a resource instance
+// Uncomment if an existing data source instance exists
+/*
+// Create iam_identity_preference data source
+data "ibm_iam_identity_preference" "iam_identity_preference_instance" {
+  account_id = var.data_iam_identity_preference_account_id
+  iam_id = var.data_iam_identity_preference_iam_id
+  service = var.data_iam_identity_preference_service
+  preference_id = var.data_iam_identity_preference_preference_id
+}
+*/

examples/ibm-iam-identity-preferences/outputs.tf

@@ -0,0 +1,6 @@
+// This output allows iam_identity_preference data to be referenced by other resources and the terraform CLI
+// Modify this output if only certain data should be exposed
+output "ibm_iam_identity_preference" {
+  value       = ibm_iam_identity_preference.iam_identity_preference_instance
+  description = "iam_identity_preference resource instance"
+}

examples/ibm-iam-identity-preferences/variables.tf

@@ -0,0 +1,58 @@
+variable "ibmcloud_api_key" {
+  description = "IBM Cloud API key"
+  type        = string
+}
+
+// Resource arguments for iam_identity_preference
+variable "iam_identity_preference_account_id" {
+  description = "Account id to update preference for."
+  type        = string
+  default     = "account_id"
+}
+variable "iam_identity_preference_iam_id" {
+  description = "IAM id to update the preference for."
+  type        = string
+  default     = "iam_id"
+}
+variable "iam_identity_preference_service" {
+  description = "Service of the preference to be updated."
+  type        = string
+  default     = "service"
+}
+variable "iam_identity_preference_preference_id" {
+  description = "Identifier of preference to be updated."
+  type        = string
+  default     = "preference_id"
+}
+variable "iam_identity_preference_value_string" {
+  description = "String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present."
+  type        = string
+  default     = "value_string"
+}
+variable "iam_identity_preference_value_list_of_strings" {
+  description = "List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present."
+  type        = list(string)
+  default     = [ "value_list_of_strings" ]
+}
+
+// Data source arguments for iam_identity_preference
+variable "data_iam_identity_preference_account_id" {
+  description = "Account id to get preference for."
+  type        = string
+  default     = "account_id"
+}
+variable "data_iam_identity_preference_iam_id" {
+  description = "IAM id to get the preference for."
+  type        = string
+  default     = "iam_id"
+}
+variable "data_iam_identity_preference_service" {
+  description = "Service of the preference to be fetched."
+  type        = string
+  default     = "service"
+}
+variable "data_iam_identity_preference_preference_id" {
+  description = "Identifier of preference to be fetched."
+  type        = string
+  default     = "preference_id"
+}

examples/ibm-iam-identity-preferences/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      version = "1.52.0-beta0"
+    }
+  }
+}

ibm/provider/provider.go

@@ -442,6 +442,7 @@ func Provider() *schema.Provider {
 			"ibm_iam_trusted_profile_template":              iamidentity.DataSourceIBMTrustedProfileTemplate(),
 			"ibm_iam_account_settings_template_assignment":  iamidentity.DataSourceIBMAccountSettingsTemplateAssignment(),
 			"ibm_iam_trusted_profile_template_assignment":   iamidentity.DataSourceIBMTrustedProfileTemplateAssignment(),
+			"ibm_iam_identity_preference":                   iamidentity.DataSourceIBMIamIdentityPreference(),
 			"ibm_iam_policy_template":                       iampolicy.DataSourceIBMIAMPolicyTemplate(),
 			"ibm_iam_policy_template_version":               iampolicy.DataSourceIBMIAMPolicyTemplateVersion(),
 			"ibm_iam_policy_assignments":                    iampolicy.DataSourceIBMIAMPolicyAssignments(),
@@ -1290,6 +1291,7 @@ func Provider() *schema.Provider {
 			"ibm_iam_trusted_profile_template":              iamidentity.ResourceIBMTrustedProfileTemplate(),
 			"ibm_iam_account_settings_template_assignment":  iamidentity.ResourceIBMAccountSettingsTemplateAssignment(),
 			"ibm_iam_trusted_profile_template_assignment":   iamidentity.ResourceIBMTrustedProfileTemplateAssignment(),
+			"ibm_iam_identity_preference":                   iamidentity.ResourceIBMIamIdentityPreference(),
 			"ibm_ipsec_vpn":                                 classicinfrastructure.ResourceIBMIPSecVPN(),
 			"ibm_iam_policy_template":                       iampolicy.ResourceIBMIAMPolicyTemplate(),
 			"ibm_iam_policy_template_version":               iampolicy.ResourceIBMIAMPolicyTemplateVersion(),

ibm/service/iamidentity/data_source_ibm_iam_identity_preference.go

@@ -0,0 +1,117 @@
+// Copyright IBM Corp. 2025 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+/*
+ * IBM OpenAPI Terraform Generator Version: 3.106.0-09823488-20250707-071701
+ */
+
+package iamidentity
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceIBMIamIdentityPreference() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceIBMIamIdentityPreferenceRead,
+
+		Schema: map[string]*schema.Schema{
+			"account_id": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Account id to get preference for.",
+			},
+			"iam_id": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "IAM id to get the preference for.",
+			},
+			"service": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Service of the preference to be fetched.",
+			},
+			"preference_id": &schema.Schema{
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Identifier of preference to be fetched.",
+			},
+			"scope": &schema.Schema{
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Scope of the preference, 'global' or 'account'.",
+			},
+			"value_string": &schema.Schema{
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.",
+			},
+			"value_list_of_strings": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceIBMIamIdentityPreferenceRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	iamIdentityClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
+	if err != nil {
+		tfErr := flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_iam_identity_preference", "read", "initialize-client")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	getPreferenceOnScopeAccountOptions := &iamidentityv1.GetPreferencesOnScopeAccountOptions{}
+
+	getPreferenceOnScopeAccountOptions.SetAccountID(d.Get("account_id").(string))
+	getPreferenceOnScopeAccountOptions.SetIamID(d.Get("iam_id").(string))
+	getPreferenceOnScopeAccountOptions.SetService(d.Get("service").(string))
+	getPreferenceOnScopeAccountOptions.SetPreferenceID(d.Get("preference_id").(string))
+
+	identityPreferenceResponse, _, err := iamIdentityClient.GetPreferencesOnScopeAccountWithContext(context, getPreferenceOnScopeAccountOptions)
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetPreferenceOnScopeAccountWithContext failed: %s", err.Error()), "(Data) ibm_iam_identity_preference", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
+	}
+
+	d.SetId(fmt.Sprintf("%s/%s/%s/%s", *getPreferenceOnScopeAccountOptions.AccountID, *getPreferenceOnScopeAccountOptions.IamID, *getPreferenceOnScopeAccountOptions.Service, *getPreferenceOnScopeAccountOptions.PreferenceID))
+
+	if !core.IsNil(identityPreferenceResponse.Scope) {
+		if err = d.Set("scope", identityPreferenceResponse.Scope); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting scope: %s", err), "(Data) ibm_iam_identity_preference", "read", "set-scope").GetDiag()
+		}
+	}
+
+	if !core.IsNil(identityPreferenceResponse.ValueString) {
+		if err = d.Set("value_string", identityPreferenceResponse.ValueString); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting value_string: %s", err), "(Data) ibm_iam_identity_preference", "read", "set-value_string").GetDiag()
+		}
+	}
+
+	if !core.IsNil(identityPreferenceResponse.ValueListOfStrings) {
+		valueListOfStrings := []interface{}{}
+		for _, valueListOfStringsItem := range identityPreferenceResponse.ValueListOfStrings {
+			valueListOfStrings = append(valueListOfStrings, valueListOfStringsItem)
+		}
+		if err = d.Set("value_list_of_strings", valueListOfStrings); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting value_list_of_strings: %s", err), "(Data) ibm_iam_identity_preference", "read", "set-value_list_of_strings").GetDiag()
+		}
+	}
+
+	return nil
+}