uset ListOrgs in getKeyDetails (#3723)

lantoli · web-flow · commit e58a5d3c13c6 · 2025-10-01T11:50:41.000+02:00
diff --git a/internal/service/projectapikey/model_project_api_key.go b/internal/service/projectapikey/model_project_api_key.go
@@ -67,23 +67,24 @@ func sameRoles(roles1, roles2 []string) bool {
 
 // getKeyDetails returns nil error and nil details if not found as it's not considered an error
 func getKeyDetails(ctx context.Context, connV2 *admin.APIClient, apiKeyID string) (*admin.ApiKeyUserDetails, string, error) {
-	root, _, err := connV2.RootApi.GetSystemStatus(ctx).Execute()
+	resp, _, err := connV2.OrganizationsApi.ListOrgs(ctx).Execute()
 	if err != nil {
 		return nil, "", err
 	}
-	for _, role := range root.ApiKey.GetRoles() {
-		if orgID := role.GetOrgId(); orgID != "" {
-			key, _, err := connV2.ProgrammaticAPIKeysApi.GetOrgApiKey(ctx, orgID, apiKeyID).Execute()
-			if err != nil {
-				if admin.IsErrorCode(err, "API_KEY_NOT_FOUND") {
-					return nil, orgID, nil
-				}
-				return nil, orgID, fmt.Errorf("error getting api key information: %s", err)
-			}
-			return key, orgID, nil
+	orgIDs := resp.GetResults()
+	if len(orgIDs) == 0 {
+		return nil, "", fmt.Errorf("no organizations found")
+	}
+	// At present a PAK or SA belongs to exactly one organization. If this changes in the future, this logic will need to be updated.
+	orgID := orgIDs[0].GetId()
+	key, _, err := connV2.ProgrammaticAPIKeysApi.GetOrgApiKey(ctx, orgID, apiKeyID).Execute()
+	if err != nil {
+		if admin.IsErrorCode(err, "API_KEY_NOT_FOUND") {
+			return nil, orgID, nil
 		}
+		return nil, orgID, fmt.Errorf("error getting api key information: %s", err)
 	}
-	return nil, "", nil
+	return key, orgID, nil
 }
 
 func validateUniqueProjectIDs(d *schema.ResourceData) error {
