feat(identity): added trusted profile identities (IBM-Cloud#6316)

Somchavan · web-flow · commit 39eb269b3252 · 2025-07-31T13:33:36.000+05:30
diff --git a/examples/ibm-iam-identities/README.md b/examples/ibm-iam-identities/README.md
@@ -0,0 +1,85 @@
+# Examples for IAM Identity Services
+
+These examples illustrate how to use the resources and data sources associated with IAM Identity Services.
+
+The following resources are supported:
+* ibm_iam_trusted_profile_identities
+
+The following data sources are supported:
+* ibm_iam_trusted_profile_identities
+
+## Usage
+
+To run this example, execute the following commands:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Run `terraform destroy` when you don't need these resources.
+
+## IAM Identity Services resources
+
+### Resource: ibm_iam_trusted_profile_identities
+
+```hcl
+resource "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
+  profile_id = var.iam_trusted_profile_identities_profile_id
+  if_match = var.iam_trusted_profile_identities_if_match
+  identities = var.iam_trusted_profile_identities_identities
+}
+```
+
+#### Inputs
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| ibmcloud\_api\_key | IBM Cloud API key | `string` | true |
+| profile_id | ID of the trusted profile. | `string` | true |
+| if_match | Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates. | `string` | true |
+| identities | List of identities. | `list()` | false |
+
+## IAM Identity Services data sources
+
+### Data source: ibm_iam_trusted_profile_identities
+
+```hcl
+data "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
+  profile_id = var.data_iam_trusted_profile_identities_profile_id
+}
+```
+
+#### Inputs
+
+| Name | Description | Type | Required |
+|------|-------------|------|---------|
+| profile_id | ID of the trusted profile. | `string` | true |
+
+#### Outputs
+
+| Name | Description |
+|------|-------------|
+| entity_tag | Entity tag of the profile identities response. |
+| identities | List of identities. |
+
+## Assumptions
+
+1. TODO
+
+## Notes
+
+1. TODO
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | ~> 0.12 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| ibm | 1.13.1 |
diff --git a/examples/ibm-iam-identities/main.tf b/examples/ibm-iam-identities/main.tf
@@ -0,0 +1,25 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+}
+
+// Provision iam_trusted_profile_identities resource instance
+resource "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
+  profile_id = var.iam_trusted_profile_identities_profile_id
+
+  dynamic "identities" {
+    for_each = var.iam_trusted_profile_identities
+    content {
+      iam_id      = identities.value.iam_id
+      type        = identities.value.type
+      identifier  = identities.value.identifier
+      accounts    = identities.value.accounts
+      description = identities.value.description
+    }
+  }
+}
+
+// Create iam_trusted_profile_identities data source
+data "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
+  profile_id = var.iam_trusted_profile_identities_profile_id
+}
+
diff --git a/examples/ibm-iam-identities/outputs.tf b/examples/ibm-iam-identities/outputs.tf
@@ -0,0 +1,6 @@
+// This output allows iam_trusted_profile_identities data to be referenced by other resources and the terraform CLI
+// Modify this output if only certain data should be exposed
+output "ibm_iam_trusted_profile_identities" {
+  value       = ibm_iam_trusted_profile_identities.iam_trusted_profile_identities_instance
+  description = "iam_trusted_profile_identities resource instance"
+}
diff --git a/examples/ibm-iam-identities/variables.tf b/examples/ibm-iam-identities/variables.tf
@@ -0,0 +1,43 @@
+variable "ibmcloud_api_key" {
+  description = "IBM Cloud API key"
+  type        = string
+}
+
+// Resource arguments for iam_trusted_profile_identities
+variable "iam_trusted_profile_identities_profile_id" {
+  description = "ID of the trusted profile."
+  type        = string
+  default     = "profile_id"
+}
+variable "iam_trusted_profile_identities_if_match" {
+  description = "Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates."
+  type        = string
+  default     = "if_match"
+}
+variable "iam_trusted_profile_identities" {
+  description = "List of identities for the trusted profile."
+  type = list(object({
+    iam_id      = string
+    type        = string
+    identifier  = string
+    accounts    = list(string)
+    description = string
+  }))
+  default = [
+    {
+      iam_id      = "IBMid-5500082WK4"
+      type        = "user"
+      identifier  = "IBMid-5500082WK4"
+      accounts    = ["86a1004d3f1848a291de32874cb48120"]
+      description = "tf_description_profile identity description"
+    }
+  ]
+}
+
+// Data source arguments for iam_trusted_profile_identities
+variable "data_iam_trusted_profile_identities_profile_id" {
+  description = "ID of the trusted profile."
+  type        = string
+  default     = "profile_id"
+}
+
diff --git a/examples/ibm-iam-identities/versions.tf b/examples/ibm-iam-identities/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+      version = "1.51.0"
+    }
+  }
+}
diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go
@@ -1274,6 +1274,7 @@ func Provider() *schema.Provider {
 			"ibm_iam_api_key":                               iamidentity.ResourceIBMIAMApiKey(),
 			"ibm_iam_trusted_profile":                       iamidentity.ResourceIBMIAMTrustedProfile(),
 			"ibm_iam_trusted_profile_identity":              iamidentity.ResourceIBMIamTrustedProfileIdentity(),
+			"ibm_iam_trusted_profile_identities":            iamidentity.ResourceIBMIamTrustedProfileIdentities(),
 			"ibm_iam_trusted_profile_claim_rule":            iamidentity.ResourceIBMIAMTrustedProfileClaimRule(),
 			"ibm_iam_trusted_profile_link":                  iamidentity.ResourceIBMIAMTrustedProfileLink(),
 			"ibm_iam_trusted_profile_policy":                iampolicy.ResourceIBMIAMTrustedProfilePolicy(),
diff --git a/ibm/service/iamidentity/data_source_ibm_iam_trusted_profile_identities.go b/ibm/service/iamidentity/data_source_ibm_iam_trusted_profile_identities.go
@@ -1,18 +1,23 @@
-// Copyright IBM Corp. 2023 All Rights Reserved.
+// Copyright IBM Corp. 2025 All Rights Reserved.
 // Licensed under the Mozilla Public License v2.0
 
+/*
+ * IBM OpenAPI Terraform Generator Version: 3.103.0-e8b84313-20250402-201816
+ */
+
 package iamidentity
 
 import (
 	"context"
 	"fmt"
 	"log"
-	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
 	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/go-sdk-core/v5/core"
 	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
 )
 
@@ -75,57 +80,57 @@ func DataSourceIBMIamTrustedProfileIdentities() *schema.Resource {
 func dataSourceIBMIamTrustedProfileIdentitiesRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	iamIdentityClient, err := meta.(conns.ClientSession).IAMIdentityV1API()
 	if err != nil {
-		return diag.FromErr(err)
+		tfErr := flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_iam_trusted_profile_identities", "read", "initialize-client")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
 	}
 
 	getProfileIdentitiesOptions := &iamidentityv1.GetProfileIdentitiesOptions{}
 
 	getProfileIdentitiesOptions.SetProfileID(d.Get("profile_id").(string))
 
-	profileIdentitiesResponse, response, err := iamIdentityClient.GetProfileIdentitiesWithContext(context, getProfileIdentitiesOptions)
+	profileIdentitiesResponse, _, err := iamIdentityClient.GetProfileIdentitiesWithContext(context, getProfileIdentitiesOptions)
 	if err != nil {
-		log.Printf("[DEBUG] GetProfileIdentitiesWithContext failed %s\n%s", err, response)
-		return diag.FromErr(fmt.Errorf("GetProfileIdentitiesWithContext failed %s\n%s", err, response))
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetProfileIdentitiesWithContext failed: %s", err.Error()), "(Data) ibm_iam_trusted_profile_identities", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return tfErr.GetDiag()
 	}
 
-	d.SetId(dataSourceIBMIamTrustedProfileIdentitiesID(d))
+	d.SetId(*getProfileIdentitiesOptions.ProfileID)
 
-	if err = d.Set("entity_tag", profileIdentitiesResponse.EntityTag); err != nil {
-		return diag.FromErr(fmt.Errorf("Error setting entity_tag: %s", err))
+	if !core.IsNil(profileIdentitiesResponse.EntityTag) {
+		if err = d.Set("entity_tag", profileIdentitiesResponse.EntityTag); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting entity_tag: %s", err), "(Data) ibm_iam_trusted_profile_identities", "read", "set-entity_tag").GetDiag()
+		}
 	}
 
-	identities := []map[string]interface{}{}
-	if profileIdentitiesResponse.Identities != nil {
-		for _, modelItem := range profileIdentitiesResponse.Identities {
-			modelMap, err := dataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(&modelItem)
+	if !core.IsNil(profileIdentitiesResponse.Identities) {
+		identities := []map[string]interface{}{}
+		for _, identitiesItem := range profileIdentitiesResponse.Identities {
+			identitiesItemMap, err := DataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(&identitiesItem) // #nosec G601
 			if err != nil {
-				return diag.FromErr(err)
+				return flex.DiscriminatedTerraformErrorf(err, err.Error(), "(Data) ibm_iam_trusted_profile_identities", "read", "identities-to-map").GetDiag()
 			}
-			identities = append(identities, modelMap)
+			identities = append(identities, identitiesItemMap)
+		}
+		if err = d.Set("identities", identities); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting identities: %s", err), "(Data) ibm_iam_trusted_profile_identities", "read", "set-identities").GetDiag()
 		}
-	}
-	if err = d.Set("identities", identities); err != nil {
-		return diag.FromErr(fmt.Errorf("Error setting identities %s", err))
 	}
 
 	return nil
 }
 
-// dataSourceIBMIamTrustedProfileIdentitiesID returns a reasonable ID for the list.
-func dataSourceIBMIamTrustedProfileIdentitiesID(d *schema.ResourceData) string {
-	return time.Now().UTC().String()
-}
-
-func dataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(model *iamidentityv1.ProfileIdentityResponse) (map[string]interface{}, error) {
+func DataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(model *iamidentityv1.ProfileIdentityResponse) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
-	modelMap["iam_id"] = model.IamID
-	modelMap["identifier"] = model.Identifier
-	modelMap["type"] = model.Type
+	modelMap["iam_id"] = *model.IamID
+	modelMap["identifier"] = *model.Identifier
+	modelMap["type"] = *model.Type
 	if model.Accounts != nil {
 		modelMap["accounts"] = model.Accounts
 	}
 	if model.Description != nil {
-		modelMap["description"] = model.Description
+		modelMap["description"] = *model.Description
 	}
 	return modelMap, nil
 }
diff --git a/ibm/service/iamidentity/data_source_ibm_iam_trusted_profile_identities_test.go b/ibm/service/iamidentity/data_source_ibm_iam_trusted_profile_identities_test.go
@@ -1,38 +1,88 @@
-// Copyright IBM Corp. 2023 All Rights Reserved.
+// Copyright IBM Corp. 2025 All Rights Reserved.
 // Licensed under the Mozilla Public License v2.0
 
+/*
+ * IBM OpenAPI Terraform Generator Version: 3.103.0-e8b84313-20250402-201816
+ */
+
 package iamidentity_test
 
 import (
 	"fmt"
 	"testing"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 
 	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/iamidentity"
+	"github.com/IBM/go-sdk-core/v5/core"
+	"github.com/IBM/platform-services-go-sdk/iamidentityv1"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAccIBMIamTrustedProfileIdentitiesDataSourceBasic(t *testing.T) {
+	profileIdentitiesResponseProfileID := acc.IAMTrustedProfileID
+	profileIdentitiesResponseIfMatch := fmt.Sprintf("tf_if_match_%d", acctest.RandIntRange(10, 100))
+	ibmID1 := acc.Ibmid1
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:  func() { acc.TestAccPreCheck(t) },
 		Providers: acc.TestAccProviders,
 		Steps: []resource.TestStep{
-			{
-				Config: testAccCheckIBMIamTrustedProfileIdentitiesDataSourceConfigBasic(),
+			resource.TestStep{
+				Config: func() string {
+					var _ string = profileIdentitiesResponseIfMatch
+					return testAccCheckIBMIamTrustedProfileIdentitiesDataSourceConfigBasic(profileIdentitiesResponseProfileID, ibmID1)
+				}(),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttrSet("data.ibm_iam_trusted_profile_identities.iam_trusted_profile_identities", "id"),
-					resource.TestCheckResourceAttrSet("data.ibm_iam_trusted_profile_identities.iam_trusted_profile_identities", "profile_id"),
+					resource.TestCheckResourceAttrSet("data.ibm_iam_trusted_profile_identities.iam_trusted_profile_identities_instance", "id"),
+					resource.TestCheckResourceAttrSet("data.ibm_iam_trusted_profile_identities.iam_trusted_profile_identities_instance", "profile_id"),
 				),
 			},
 		},
 	})
 }
 
-func testAccCheckIBMIamTrustedProfileIdentitiesDataSourceConfigBasic() string {
-	profileID := acc.IAMTrustedProfileID
+func testAccCheckIBMIamTrustedProfileIdentitiesDataSourceConfigBasic(profileIdentitiesResponseProfileID, ibmID1 string) string {
 	return fmt.Sprintf(`
-		data "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities" {
+		resource "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
 			profile_id = "%s"
+		  identities {
+		    iam_id     = "%s"
+			type       = "user"
+			identifier = "%s"
+			accounts = ["86a1004d3f1848a291de32874cb48120"]
+			description = "tf_description_profile identity description"
+			}
 		}
-	`, profileID)
+
+		data "ibm_iam_trusted_profile_identities" "iam_trusted_profile_identities_instance" {
+			profile_id = ibm_iam_trusted_profile_identities.iam_trusted_profile_identities_instance.profile_id
+		}
+	`, profileIdentitiesResponseProfileID, ibmID1, ibmID1)
+}
+
+func TestDataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(t *testing.T) {
+	checkResult := func(result map[string]interface{}) {
+		model := make(map[string]interface{})
+		model["iam_id"] = "testString"
+		model["identifier"] = "testString"
+		model["type"] = "user"
+		model["accounts"] = []string{"testString"}
+		model["description"] = "testString"
+
+		assert.Equal(t, result, model)
+	}
+
+	model := new(iamidentityv1.ProfileIdentityResponse)
+	model.IamID = core.StringPtr("testString")
+	model.Identifier = core.StringPtr("testString")
+	model.Type = core.StringPtr("user")
+	model.Accounts = []string{"testString"}
+	model.Description = core.StringPtr("testString")
+
+	result, err := iamidentity.DataSourceIBMIamTrustedProfileIdentitiesProfileIdentityResponseToMap(model)
+	assert.Nil(t, err)
+	checkResult(result)
 }
diff --git a/ibm/service/iamidentity/resource_ibm_iam_trusted_profile_identities.go b/ibm/service/iamidentity/resource_ibm_iam_trusted_profile_identities.go
diff --git a/ibm/service/iamidentity/resource_ibm_iam_trusted_profile_identities_test.go b/ibm/service/iamidentity/resource_ibm_iam_trusted_profile_identities_test.go
diff --git a/website/docs/d/iam_trusted_profile_identities.html.markdown b/website/docs/d/iam_trusted_profile_identities.html.markdown
diff --git a/website/docs/r/iam_trusted_profile_identities.html.markdown b/website/docs/r/iam_trusted_profile_identities.html.markdown
