Add resource for managing HSDP Connect IoT provisioning organization configs (#481)

* Add resource for managing HSDP Connect IoT provisioning organization configurations
* Add data source for Connect IoT Provisioning organization configuration with tests
* Update go-dip-api to v0.93.1

Signed-off-by: Andy Lo-A-Foe <andy.loafoe@gmail.com>
Co-authored-by: Akhil Dhawan <akhil.dhawan@philips.com>

Author: loafoe

docs/data-sources/connect_iot_provisioning_orgconfiguration.md

@@ -0,0 +1,39 @@
+---
+subcategory: "Connect IoT"
+---
+
+# Data Source: hsdp_connect_iot_provisioning_orgconfiguration
+
+Retrieves an existing Connect IoT Provisioning organization configuration.
+
+## Example Usage
+
+```hcl
+data "hsdp_connect_iot_provisioning_orgconfiguration" "myconfig" {
+  organization_guid = var.organization_guid
+}
+
+output "public_key" {
+  value = data.hsdp_connect_iot_provisioning_orgconfiguration.myconfig.public_key
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `organization_guid` - (Required) The organization GUID to look up.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The ID of the organization configuration.
+* `service_account` - Service account configuration block containing:
+  * `client_id` - The service account client ID.
+  * `service_account_key` - (Sensitive) The service account key.
+  * `token_url` - The token URL for the service account.
+* `bootstrap_signature` - Bootstrap signature configuration block containing:
+  * `algorithm` - The signing algorithm used.
+  * `public_key` - The public key for signature verification.
+  * `salt_length` - The salt length for the signature.

docs/resources/connect_iot_provisioning_orgconfiguration.md

@@ -0,0 +1,59 @@
+# hsdp_connect_iot_provisioning_orgconfiguration (Resource)
+
+Provides a resource for managing HSDP Connect IoT provisioning organization configurations. This resource allows you to configure the service account and bootstrap signature settings for an organization in the Connect IoT provisioning service.
+
+## Example Usage
+
+```terraform
+resource "hsdp_connect_iot_provisioning_orgconfiguration" "my-orgconfig" {
+  organization_guid = "1ac2e233-8146-4661-8ec4-dc956aeb5a4b"
+  
+  service_account {
+    service_account_id  = "demo_test_tf.xyz-app.xyz-prop@demo.iot__connect__sandbox.apmplatform.philips-healthsuite.com"
+    service_account_key = "-----BEGIN RSA PRIVATE KEY-----\nMIIEowBlahBlahI1KExUm\n-----END RSA PRIVATE KEY-----"
+  }
+
+  bootstrap_signature {
+    algorithm  = "RSA-SHA256"
+    public_key = "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSBlahBlahBlahMqgzQIDAQAB\n-----END PUBLIC KEY-----"
+    
+    config {
+      type        = "RSA"
+      padding     = "RSA_PKCS1_PSS_PADDING"
+      salt_length = "RSA_PSS_SALTLEN_MAX_SIGN"
+    }
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `organization_guid` - (Required, ForceNew) The GUID of the organization to configure.
+
+* `service_account` - (Required) Service account configuration block containing:
+  * `service_account_id` - (Required) The service account ID for the organization.
+  * `service_account_key` - (Required, Sensitive) The service account private key.
+
+* `bootstrap_signature` - (Required) Bootstrap signature configuration block containing:
+  * `algorithm` - (Required) The signature algorithm to use (e.g., "RSA-SHA256").
+  * `public_key` - (Required) The public key for bootstrap signature verification.
+  * `config` - (Optional) Additional configuration block containing:
+    * `type` - (Optional) The signature type (e.g., "RSA", "ECC", "DSA").
+    * `padding` - (Optional) The padding type (e.g., "RSA_PKCS1_PSS_PADDING").
+    * `salt_length` - (Optional) The salt length configuration (e.g., "RSA_PSS_SALTLEN_MAX_SIGN").
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The unique identifier of the organization configuration.
+
+## Import
+
+Organization configurations can be imported using their ID:
+
+```shell
+terraform import hsdp_connect_iot_provisioning_orgconfiguration.my-orgconfig <id>
+```

hsdp/provider.go

@@ -6,6 +6,7 @@ import (
 	"os"
 
 	"github.com/philips-software/terraform-provider-hsdp/internal/services/connect/dbs"
+	"github.com/philips-software/terraform-provider-hsdp/internal/services/connect/provisioning"
 
 	"github.com/philips-software/terraform-provider-hsdp/internal/services/blr"
 
@@ -294,6 +295,7 @@ func Provider(build string) *schema.Provider {
 			"hsdp_connect_mdm_application":                   mdm.ResourceMDMApplication(),
 			"hsdp_connect_mdm_firmware_component_version":    mdm.ResourceConnectMDMFirmwareComponentVersion(),
 			"hsdp_connect_mdm_firmware_distribution_request": mdm.ResourceConnectMDMFirmwareDistributionRequest(),
+			"hsdp_connect_iot_provisioning_orgconfiguration": provisioning.ResourceConnectIoTProvisioningOrgConfiguration(),
 			"hsdp_iam_group_membership":                      group_membership.ResourceIAMGroupMembership(),
 			"hsdp_iam_role_sharing_policy":                   role_sharing_policy.ResourceRoleSharingPolicy(),
 			"hsdp_iam_device":                                device.ResourceIAMDevice(),
@@ -304,62 +306,63 @@ func Provider(build string) *schema.Provider {
 			"hsdp_tenant_key":                                tenant.ResourceTenantKey(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"hsdp_iam_introspect":                        iam.DataSourceIAMIntrospect(),
-			"hsdp_iam_user":                              user.DataSourceUser(),
-			"hsdp_iam_service":                           service.DataSourceService(),
-			"hsdp_iam_permissions":                       iam.DataSourceIAMPermissions(),
-			"hsdp_iam_org":                               organization.DataSourceIAMOrg(),
-			"hsdp_iam_proposition":                       proposition.DataSourceIAMProposition(),
-			"hsdp_iam_application":                       application.DataSourceIAMApplication(),
-			"hsdp_s3creds_access":                        s3creds.DataSourceS3CredsAccess(),
-			"hsdp_s3creds_policy":                        s3creds.DataSourceS3CredsPolicy(),
-			"hsdp_config":                                configuration.DataSourceConfig(),
-			"hsdp_container_host_subnet_types":           ch.DataSourceContainerHostSubnetTypes(),
-			"hsdp_pki_root":                              pki.DataSourcePKIRoot(),
-			"hsdp_pki_policy":                            pki.DataSourcePKIPolicy(),
-			"hsdp_edge_device":                           edge.DataSourceEdgeDevice(),
-			"hsdp_notification_producers":                notification.DataSourceNotificationProducers(),
-			"hsdp_notification_producer":                 notification.DataSourceNotificationProducer(),
-			"hsdp_notification_topics":                   notification.DataSourceNotificationTopics(),
-			"hsdp_notification_topic":                    notification.DataSourceNotificationTopic(),
-			"hsdp_notification_subscription":             notification.DataSourceNotificationSubscription(),
-			"hsdp_notification_subscriber":               notification.DataSourceNotificationSubscriber(),
-			"hsdp_container_host_instances":              ch.DataSourceContainerHostInstances(),
-			"hsdp_iam_group":                             group.DataSourceIAMGroup(),
-			"hsdp_iam_role":                              role.DataSourceIAMRole(),
-			"hsdp_iam_users":                             user.DataSourceIAMUsers(),
-			"hsdp_docker_namespace":                      namespace.DataSourceDockerNamespace(),
-			"hsdp_docker_namespaces":                     namespace.DataSourceDockerNamespaces(),
-			"hsdp_docker_repository":                     repository.DataSourceDockerRepository(),
-			"hsdp_iam_client":                            client.DataSourceIAMClient(),
-			"hsdp_connect_mdm_proposition":               mdm.DataSourceConnectMDMProposition(),
-			"hsdp_connect_mdm_application":               mdm.DataSourceConnectMDMApplication(),
-			"hsdp_connect_mdm_standard_services":         mdm.DataSourceConnectMDMStandardServices(),
-			"hsdp_connect_mdm_regions":                   mdm.DataSourceConnectMDMRegions(),
-			"hsdp_connect_mdm_oauth_client_scopes":       mdm.DataSourceConnectMDMOauthClientScopes(),
-			"hsdp_connect_mdm_region":                    mdm.DataSourceConnectMDMRegion(),
-			"hsdp_connect_mdm_resource_limits":           mdm.DataSourceResourceLimits(),
-			"hsdp_connect_mdm_subscriber_types":          mdm.DataSourceConnectMDMSubscriberTypes(),
-			"hsdp_connect_mdm_storage_classes":           mdm.DataSourceConnectMDMStorageClasses(),
-			"hsdp_connect_mdm_storage_class":             mdm.DataSourceConnectMDMStorageClass(),
-			"hsdp_connect_mdm_standard_service":          mdm.DataSourceConnectMDMStandardService(),
-			"hsdp_connect_mdm_data_subscribers":          mdm.DataSourceConnectMDMDataSubscribers(),
-			"hsdp_connect_mdm_data_adapters":             mdm.DataSourceConnectMDMDataAdapters(),
-			"hsdp_iam_email_templates":                   email_template.DataSourceIAMEmailTemplates(),
-			"hsdp_connect_mdm_bucket":                    mdm.DataSourceConnectMDMBucket(),
-			"hsdp_connect_mdm_data_type":                 mdm.DataSourceConnectMDMDataType(),
-			"hsdp_container_host_security_groups":        ch.DataSourceContainerHostSecurityGroups(),
-			"hsdp_container_host_security_group_details": ch.DataSourceContainerHostSecurityGroupDetails(),
-			"hsdp_iam_token":                             iam.DataSourceIAMToken(),
-			"hsdp_connect_mdm_service_agent":             mdm.DataSourceConnectMDMServiceAgent(),
-			"hsdp_connect_mdm_service_agents":            mdm.DataSourceConnectMDMServiceAgents(),
-			"hsdp_container_host":                        ch.DataSourceContainerHost(),
-			"hsdp_iam_permission":                        iam.DataSourceIAMPermission(),
-			"hsdp_iam_role_sharing_policies":             role_sharing_policy.DataSourceIAMRoleSharingPolicies(),
-			"hsdp_discovery_service":                     discovery.DataSourceDiscoveryService(),
-			"hsdp_connect_mdm_service_action":            mdm.DataSourceConnectMDMServiceAction(),
-			"hsdp_connect_mdm_service_actions":           mdm.DataSourceConnectMDMServiceActions(),
-			"hsdp_blr_store_policy":                      blr.DataSourceBLRBlobStorePolicyDefinition(),
+			"hsdp_iam_introspect":                            iam.DataSourceIAMIntrospect(),
+			"hsdp_iam_user":                                  user.DataSourceUser(),
+			"hsdp_iam_service":                               service.DataSourceService(),
+			"hsdp_iam_permissions":                           iam.DataSourceIAMPermissions(),
+			"hsdp_iam_org":                                   organization.DataSourceIAMOrg(),
+			"hsdp_iam_proposition":                           proposition.DataSourceIAMProposition(),
+			"hsdp_iam_application":                           application.DataSourceIAMApplication(),
+			"hsdp_s3creds_access":                            s3creds.DataSourceS3CredsAccess(),
+			"hsdp_s3creds_policy":                            s3creds.DataSourceS3CredsPolicy(),
+			"hsdp_config":                                    configuration.DataSourceConfig(),
+			"hsdp_container_host_subnet_types":               ch.DataSourceContainerHostSubnetTypes(),
+			"hsdp_pki_root":                                  pki.DataSourcePKIRoot(),
+			"hsdp_pki_policy":                                pki.DataSourcePKIPolicy(),
+			"hsdp_edge_device":                               edge.DataSourceEdgeDevice(),
+			"hsdp_notification_producers":                    notification.DataSourceNotificationProducers(),
+			"hsdp_notification_producer":                     notification.DataSourceNotificationProducer(),
+			"hsdp_notification_topics":                       notification.DataSourceNotificationTopics(),
+			"hsdp_notification_topic":                        notification.DataSourceNotificationTopic(),
+			"hsdp_notification_subscription":                 notification.DataSourceNotificationSubscription(),
+			"hsdp_notification_subscriber":                   notification.DataSourceNotificationSubscriber(),
+			"hsdp_container_host_instances":                  ch.DataSourceContainerHostInstances(),
+			"hsdp_iam_group":                                 group.DataSourceIAMGroup(),
+			"hsdp_iam_role":                                  role.DataSourceIAMRole(),
+			"hsdp_iam_users":                                 user.DataSourceIAMUsers(),
+			"hsdp_docker_namespace":                          namespace.DataSourceDockerNamespace(),
+			"hsdp_docker_namespaces":                         namespace.DataSourceDockerNamespaces(),
+			"hsdp_docker_repository":                         repository.DataSourceDockerRepository(),
+			"hsdp_iam_client":                                client.DataSourceIAMClient(),
+			"hsdp_connect_mdm_proposition":                   mdm.DataSourceConnectMDMProposition(),
+			"hsdp_connect_mdm_application":                   mdm.DataSourceConnectMDMApplication(),
+			"hsdp_connect_mdm_standard_services":             mdm.DataSourceConnectMDMStandardServices(),
+			"hsdp_connect_mdm_regions":                       mdm.DataSourceConnectMDMRegions(),
+			"hsdp_connect_mdm_oauth_client_scopes":           mdm.DataSourceConnectMDMOauthClientScopes(),
+			"hsdp_connect_mdm_region":                        mdm.DataSourceConnectMDMRegion(),
+			"hsdp_connect_mdm_resource_limits":               mdm.DataSourceResourceLimits(),
+			"hsdp_connect_mdm_subscriber_types":              mdm.DataSourceConnectMDMSubscriberTypes(),
+			"hsdp_connect_mdm_storage_classes":               mdm.DataSourceConnectMDMStorageClasses(),
+			"hsdp_connect_mdm_storage_class":                 mdm.DataSourceConnectMDMStorageClass(),
+			"hsdp_connect_mdm_standard_service":              mdm.DataSourceConnectMDMStandardService(),
+			"hsdp_connect_mdm_data_subscribers":              mdm.DataSourceConnectMDMDataSubscribers(),
+			"hsdp_connect_mdm_data_adapters":                 mdm.DataSourceConnectMDMDataAdapters(),
+			"hsdp_connect_iot_provisioning_orgconfiguration": provisioning.DataSourceConnectIoTProvisioningOrgConfiguration(),
+			"hsdp_iam_email_templates":                       email_template.DataSourceIAMEmailTemplates(),
+			"hsdp_connect_mdm_bucket":                        mdm.DataSourceConnectMDMBucket(),
+			"hsdp_connect_mdm_data_type":                     mdm.DataSourceConnectMDMDataType(),
+			"hsdp_container_host_security_groups":            ch.DataSourceContainerHostSecurityGroups(),
+			"hsdp_container_host_security_group_details":     ch.DataSourceContainerHostSecurityGroupDetails(),
+			"hsdp_iam_token":                                 iam.DataSourceIAMToken(),
+			"hsdp_connect_mdm_service_agent":                 mdm.DataSourceConnectMDMServiceAgent(),
+			"hsdp_connect_mdm_service_agents":                mdm.DataSourceConnectMDMServiceAgents(),
+			"hsdp_container_host":                            ch.DataSourceContainerHost(),
+			"hsdp_iam_permission":                            iam.DataSourceIAMPermission(),
+			"hsdp_iam_role_sharing_policies":                 role_sharing_policy.DataSourceIAMRoleSharingPolicies(),
+			"hsdp_discovery_service":                         discovery.DataSourceDiscoveryService(),
+			"hsdp_connect_mdm_service_action":                mdm.DataSourceConnectMDMServiceAction(),
+			"hsdp_connect_mdm_service_actions":               mdm.DataSourceConnectMDMServiceActions(),
+			"hsdp_blr_store_policy":                          blr.DataSourceBLRBlobStorePolicyDefinition(),
 		},
 		ConfigureContextFunc: providerConfigure(build),
 	}
@@ -458,6 +461,7 @@ func providerConfigure(build string) schema.ConfigureContextFunc {
 		c.SetupDiscoveryClient()
 		c.SetupBLRClient()
 		c.SetupDBSClient()
+		c.SetupProvisioningClient()
 
 		ma, err := jsonformat.NewMarshaller(false, "", "", fhirversion.STU3)
 		if err != nil {

internal/config/config.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"github.com/dip-software/go-dip-api/connect/dbs"
+	"github.com/dip-software/go-dip-api/connect/provisioning"
 
 	"github.com/dip-software/go-dip-api/connect/blr"
 
@@ -66,6 +67,7 @@ type Config struct {
 	mdmClient             *mdm.Client
 	discoveryClient       *discovery.Client
 	dbsClient             *dbs.Client
+	provisioningClient    *provisioning.Client
 	DebugStdErr           bool `json:"debugging"`
 	credsClientErr        error
 	cartelClientErr       error
@@ -78,6 +80,7 @@ type Config struct {
 	discoveryClientErr    error
 	blrClientErr          error
 	dbsClientErr          error
+	provisioningClientErr error
 	TimeZone              string `json:"time_zone"`
 
 	STU3MA *jsonformat.Marshaller   `json:"-"`
@@ -362,6 +365,23 @@ func (c *Config) DBSClient(principal ...*Principal) (*dbs.Client, error) {
 	return c.dbsClient, c.dbsClientErr
 }
 
+func (c *Config) ProvisioningClient(principal ...*Principal) (*provisioning.Client, error) {
+	if len(principal) > 0 && principal[0] != nil && principal[0].HasAuth() {
+		region := principal[0].Region
+		environment := principal[0].Environment
+		iamClient, err := c.IAMClient(principal...)
+		if err != nil {
+			return nil, err
+		}
+		return provisioning.NewClient(iamClient, &provisioning.Config{
+			Region:      region,
+			Environment: environment,
+			DebugLog:    c.DebugWriter,
+		})
+	}
+	return c.provisioningClient, c.provisioningClientErr
+}
+
 // SetupIAMClient sets up an HSDP IAM client
 func (c *Config) SetupIAMClient() {
 	var standardClient *http.Client
@@ -683,3 +703,22 @@ func (c *Config) SetupDBSClient() {
 	c.dbsClient = client
 	c.dbsClientErr = nil
 }
+
+func (c *Config) SetupProvisioningClient() {
+	if c.iamClientErr != nil {
+		c.provisioningClientErr = fmt.Errorf("IAM client error in SetupProvisioningClient: %w", c.iamClientErr)
+		return
+	}
+	client, err := provisioning.NewClient(c.iamClient, &provisioning.Config{
+		Region:      c.Region,
+		Environment: c.Environment,
+		DebugLog:    c.DebugWriter,
+	})
+	if err != nil {
+		c.provisioningClient = nil
+		c.provisioningClientErr = err
+		return
+	}
+	c.provisioningClient = client
+	c.provisioningClientErr = nil
+}