Add tfe_registry_gpg_key resource

Manages a public key of the GPG key pair used to sign releases of
private providers in the private registry.

Author: tmatilai

CHANGELOG.md

@@ -13,6 +13,7 @@ FEATURES:
 * `d/tfe_registry_module`: Add `vcs_repo.tags` and `vcs_repo.branch` attributes to allow configuration of `publishing_mechanism`. Add `test_config` to support running tests on `branch`-based registry modules, by @hashimoon [1096](https://github.com/hashicorp/terraform-provider-tfe/pull/1096)
 * **New Resource**: `r/tfe_organization_default_execution_mode` is a new resource to set the `default_execution_mode` and `default_agent_pool_id` for an organization, by @SwiftEngineer [1137](https://github.com/hashicorp/terraform-provider-tfe/pull/1137)'
 * `r/tfe_workspace`: Now uses the organization's `default_execution_mode` and `default_agent_pool_id` as the default `execution_mode`, by @SwiftEngineer [1137](https://github.com/hashicorp/terraform-provider-tfe/pull/1137)'
+* **New Resource**: `r/tfe_registry_gpg_key` is a new resource for managing private registry GPG keys, by @tmatilai
 
 ENHANCEMENTS:
 * `d/tfe_organization`: Make `name` argument optional if configured for the provider, by @tmatilai [1133](https://github.com/hashicorp/terraform-provider-tfe/pull/1133)

internal/provider/attribute_helpers.go

@@ -0,0 +1,41 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// AttrGettable is a small enabler for helper functions that need to read one
+// attribute of a Configuration, Plan, or State.
+type AttrGettable interface {
+	GetAttribute(ctx context.Context, path path.Path, target interface{}) diag.Diagnostics
+}
+
+// dataOrDefaultOrganization returns the value of the "organization" attribute
+// from the Config/Plan/State data, defaulting to the provier configuration.
+// If neither is set, an error is returned.
+func (c *ConfiguredClient) dataOrDefaultOrganization(ctx context.Context, data AttrGettable, target *string) diag.Diagnostics {
+	schemaPath := path.Root("organization")
+
+	var organization types.String
+	diags := data.GetAttribute(ctx, schemaPath, &organization)
+	if diags.HasError() {
+		return diags
+	}
+
+	if !organization.IsNull() && !organization.IsUnknown() {
+		*target = organization.ValueString()
+	} else if c.Organization == "" {
+		diags.AddAttributeError(schemaPath, "No organization was specified on the resource or provider", "")
+	} else {
+		*target = c.Organization
+	}
+
+	return diags
+}

internal/provider/gpg_key.go

@@ -0,0 +1,33 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"time"
+
+	"github.com/hashicorp/go-tfe"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+// modelTFERegistryGPGKey maps the resource or data source schema data to a
+// struct.
+type modelTFERegistryGPGKey struct {
+	ID           types.String `tfsdk:"id"`
+	Organization types.String `tfsdk:"organization"`
+	AsciiArmor   types.String `tfsdk:"ascii_armor"`
+	CreatedAt    types.String `tfsdk:"created_at"`
+	UpdatedAt    types.String `tfsdk:"updated_at"`
+}
+
+// modelFromTFEVGPGKey builds a modelTFERegistryGPGKey struct from a
+// tfe.GPGKey value.
+func modelFromTFEVGPGKey(v *tfe.GPGKey) modelTFERegistryGPGKey {
+	return modelTFERegistryGPGKey{
+		ID:           types.StringValue(v.KeyID),
+		Organization: types.StringValue(v.Namespace),
+		AsciiArmor:   types.StringValue(v.AsciiArmor),
+		CreatedAt:    types.StringValue(v.CreatedAt.Format(time.RFC3339)),
+		UpdatedAt:    types.StringValue(v.UpdatedAt.Format(time.RFC3339)),
+	}
+}

internal/provider/provider_next.go

@@ -119,6 +119,7 @@ func (p *frameworkProvider) DataSources(ctx context.Context) []func() datasource
 
 func (p *frameworkProvider) Resources(ctx context.Context) []func() resource.Resource {
 	return []func() resource.Resource{
+		NewRegistryGPGKeyResource,
 		NewResourceVariable,
 		NewSAMLSettingsResource,
 	}

internal/provider/resource_tfe_registry_gpg_key.go

@@ -0,0 +1,249 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/go-tfe"
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/path"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var _ resource.Resource = &resourceTFERegistryGPGKey{}
+var _ resource.ResourceWithConfigure = &resourceTFERegistryGPGKey{}
+var _ resource.ResourceWithImportState = &resourceTFERegistryGPGKey{}
+
+func NewRegistryGPGKeyResource() resource.Resource {
+	return &resourceTFERegistryGPGKey{}
+}
+
+// resourceTFERegistryGPGKey implements the tfe_registry_gpg_key resource type
+type resourceTFERegistryGPGKey struct {
+	config ConfiguredClient
+}
+
+func (r *resourceTFERegistryGPGKey) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_registry_gpg_key"
+}
+
+func (r *resourceTFERegistryGPGKey) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Manages a public key of the GPG key pair used to sign releases of private providers in the private registry.",
+		Version:     1,
+
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: "ID of the GPG key.",
+				Computed:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+			"organization": schema.StringAttribute{
+				Description: "Name of the organization. If omitted, organization must be defined in the provider config.",
+				Optional:    true,
+				Computed:    true,
+				Validators: []validator.String{
+					stringvalidator.LengthAtLeast(1),
+				},
+			},
+			"ascii_armor": schema.StringAttribute{
+				Description: "ASCII-armored representation of the GPG key.",
+				Required:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.RequiresReplace(),
+				},
+			},
+			"created_at": schema.StringAttribute{
+				Description: "The time when the GPG key was created.",
+				Computed:    true,
+				PlanModifiers: []planmodifier.String{
+					stringplanmodifier.UseStateForUnknown(),
+				},
+			},
+			"updated_at": schema.StringAttribute{
+				Description: "The time when the GPG key was last updated.",
+				Computed:    true,
+			},
+		},
+	}
+}
+
+// Configure implements resource.ResourceWithConfigure
+func (r *resourceTFERegistryGPGKey) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(ConfiguredClient)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected resource Configure type",
+			fmt.Sprintf("Expected tfe.ConfiguredClient, got %T. This is a bug in the tfe provider, so please report it on GitHub.", req.ProviderData),
+		)
+	}
+	r.config = client
+}
+
+func (r *resourceTFERegistryGPGKey) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var plan modelTFERegistryGPGKey
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	var organization string
+	resp.Diagnostics.Append(r.config.dataOrDefaultOrganization(ctx, req.Plan, &organization)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	options := tfe.GPGKeyCreateOptions{
+		Type:       "gpg-keys",
+		Namespace:  organization,
+		AsciiArmor: plan.AsciiArmor.ValueString(),
+	}
+
+	tflog.Debug(ctx, "Creating private registry GPG key")
+	key, err := r.config.Client.GPGKeys.Create(ctx, "private", options)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to create private registry GPG key", err.Error())
+		return
+	}
+
+	result := modelFromTFEVGPGKey(key)
+
+	// Save data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &result)...)
+}
+
+func (r *resourceTFERegistryGPGKey) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var state modelTFERegistryGPGKey
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	var organization string
+	resp.Diagnostics.Append(r.config.dataOrDefaultOrganization(ctx, req.State, &organization)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	keyID := tfe.GPGKeyID{
+		RegistryName: "private",
+		Namespace:    organization,
+		KeyID:        state.ID.ValueString(),
+	}
+
+	tflog.Debug(ctx, "Reading private registry GPG key")
+	key, err := r.config.Client.GPGKeys.Read(ctx, keyID)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to read private registry GPG key", err.Error())
+		return
+	}
+
+	result := modelFromTFEVGPGKey(key)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &result)...)
+}
+
+func (r *resourceTFERegistryGPGKey) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
+	var plan modelTFERegistryGPGKey
+	var state modelTFERegistryGPGKey
+
+	// Read Terraform plan data into the model
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	keyID := tfe.GPGKeyID{
+		RegistryName: "private",
+		Namespace:    state.Organization.ValueString(), // The old namespace
+		KeyID:        plan.ID.ValueString(),
+	}
+	options := tfe.GPGKeyUpdateOptions{
+		Type:      "gpg-keys",
+		Namespace: plan.Organization.ValueString(), // The new namespace
+	}
+
+	tflog.Debug(ctx, "Updating private registry GPG key")
+	key, err := r.config.Client.GPGKeys.Update(ctx, keyID, options)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to update private registry GPG key", err.Error())
+		return
+	}
+
+	result := modelFromTFEVGPGKey(key)
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &result)...)
+}
+
+func (r *resourceTFERegistryGPGKey) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var state modelTFERegistryGPGKey
+
+	// Read Terraform prior state data into the model
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	keyID := tfe.GPGKeyID{
+		RegistryName: "private",
+		Namespace:    state.Organization.ValueString(),
+		KeyID:        state.ID.ValueString(),
+	}
+
+	tflog.Debug(ctx, "Deleting private registry GPG key")
+	err := r.config.Client.GPGKeys.Delete(ctx, keyID)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to delete private registry GPG key", err.Error())
+		return
+	}
+}
+
+func (r *resourceTFERegistryGPGKey) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	s := strings.SplitN(req.ID, "/", 2)
+	if len(s) != 2 {
+		resp.Diagnostics.AddError(
+			"Error importing variable",
+			fmt.Sprintf("Invalid variable import format: %s (expected <ORGANIZATION>/<KEY ID>)", req.ID),
+		)
+		return
+	}
+	org := s[0]
+	id := s[1]
+
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("organization"), org)...)
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("id"), id)...)
+}