feat(core): data source config reader (#2590)

* poc(config): add a data source that reads user's credentials

* add sources + zone and region

* add tests + respect order

* create separate job for ci test

* rework new job + skip coverage tests

* linter: make it a const

* move test_config.yaml to testfixture dir

Author: Mia-Cross

.github/workflows/acceptance-tests.yaml

@@ -61,3 +61,24 @@ jobs:
           SCW_ACCESS_KEY: "SCWXXXXXXXXXXXXXFAKE"
           SCW_SECRET_KEY: "11111111-1111-1111-1111-111111111111"
           SCW_ENABLE_BETA: true
+  test-scwconfig:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run scwconfig tests
+        run: go test -v ./internal/services/scwconfig -timeout=2m
+        env:
+          TF_LOG: DEBUG
+          TF_ACC: 1
+          TF_UPDATE_CASSETTES: false
+          TF_TEST_DOMAIN: scaleway-terraform.com
+          TF_TEST_DOMAIN_ZONE: tf
+          SCW_DEBUG: 0
+          SCW_ENABLE_BETA: true

internal/meta/meta.go

@@ -13,7 +13,22 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/version"
 )
 
-const appendUserAgentEnvVar = "TF_APPEND_USER_AGENT"
+const (
+	appendUserAgentEnvVar            = "TF_APPEND_USER_AGENT"
+	CredentialsSourceEnvironment     = "Environment variable"
+	CredentialsSourceDefault         = "Default"
+	CredentialsSourceActiveProfile   = "Active Profile in config.yaml"
+	CredentialsSourceProviderProfile = "Profile defined in provider{} block"
+	CredentialsSourceInferred        = "CredentialsSourceInferred from default zone"
+)
+
+type CredentialsSource struct {
+	AccessKey     string
+	SecretKey     string
+	ProjectID     string
+	DefaultZone   string
+	DefaultRegion string
+}
 
 // Meta contains config and SDK clients used by resources.
 //
@@ -25,6 +40,8 @@ type Meta struct {
 	// or it can be a http.Client used to record and replay cassettes which is useful
 	// to replay recorded interactions with APIs locally
 	httpClient *http.Client
+	// credentialsSource stores information about the source (env, profile, etc.) of each credential
+	credentialsSource *CredentialsSource
 }
 
 func (m Meta) ScwClient() *scw.Client {
@@ -35,6 +52,26 @@ func (m Meta) HTTPClient() *http.Client {
 	return m.httpClient
 }
 
+func (m Meta) AccessKeySource() string {
+	return m.credentialsSource.AccessKey
+}
+
+func (m Meta) SecretKeySource() string {
+	return m.credentialsSource.SecretKey
+}
+
+func (m Meta) ProjectIDSource() string {
+	return m.credentialsSource.ProjectID
+}
+
+func (m Meta) RegionSource() string {
+	return m.credentialsSource.DefaultRegion
+}
+
+func (m Meta) ZoneSource() string {
+	return m.credentialsSource.DefaultZone
+}
+
 type Config struct {
 	ProviderSchema      *schema.ResourceData
 	TerraformVersion    string
@@ -46,12 +83,12 @@ type Config struct {
 	HTTPClient          *http.Client
 }
 
-// providerConfigure creates the Meta object containing the SDK client.
+// NewMeta creates the Meta object containing the SDK client.
 func NewMeta(ctx context.Context, config *Config) (*Meta, error) {
 	////
 	// Load Profile
 	////
-	profile, err := loadProfile(ctx, config.ProviderSchema)
+	profile, credentialsSource, err := loadProfile(ctx, config.ProviderSchema)
 	if err != nil {
 		return nil, err
 	}
@@ -98,8 +135,9 @@ func NewMeta(ctx context.Context, config *Config) (*Meta, error) {
 	}
 
 	return &Meta{
-		scwClient:  scwClient,
-		httpClient: httpClient,
+		scwClient:         scwClient,
+		httpClient:        httpClient,
+		credentialsSource: credentialsSource,
 	}, nil
 }
 
@@ -114,13 +152,13 @@ func customizeUserAgent(providerVersion string, terraformVersion string) string
 }
 
 //gocyclo:ignore
-func loadProfile(ctx context.Context, d *schema.ResourceData) (*scw.Profile, error) {
+func loadProfile(ctx context.Context, d *schema.ResourceData) (*scw.Profile, *CredentialsSource, error) {
 	config, err := scw.LoadConfig()
 	// If the config file do not exist, don't return an error as we may find config in ENV or flags.
 	if _, isNotFoundError := err.(*scw.ConfigFileNotFoundError); isNotFoundError {
 		config = &scw.Config{}
 	} else if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
 	// By default we set default zone and region to fr-par
@@ -131,7 +169,7 @@ func loadProfile(ctx context.Context, d *schema.ResourceData) (*scw.Profile, err
 
 	activeProfile, err := config.GetActiveProfile()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	envProfile := scw.LoadEnvProfile()
 
@@ -167,6 +205,7 @@ func loadProfile(ctx context.Context, d *schema.ResourceData) (*scw.Profile, err
 	}
 
 	profile := scw.MergeProfiles(defaultZoneProfile, activeProfile, providerProfile, envProfile)
+	credentialsSource := GetCredentialsSource(defaultZoneProfile, activeProfile, providerProfile, envProfile)
 
 	// If profile have a defaultZone but no defaultRegion we set the defaultRegion
 	// to the one of the defaultZone
@@ -177,9 +216,61 @@ func loadProfile(ctx context.Context, d *schema.ResourceData) (*scw.Profile, err
 		region, err := zone.Region()
 		if err == nil {
 			profile.DefaultRegion = scw.StringPtr(region.String())
+			credentialsSource.DefaultRegion = CredentialsSourceInferred
 		} else {
 			tflog.Debug(ctx, "cannot guess region: "+err.Error())
 		}
 	}
-	return profile, nil
+	return profile, credentialsSource, nil
+}
+
+// GetCredentialsSource infers the source of the credentials based on the priority order of the different profiles
+func GetCredentialsSource(defaultZoneProfile, activeProfile, providerProfile, envProfile *scw.Profile) *CredentialsSource {
+	type SourceProfilePair struct {
+		Source  string
+		Profile *scw.Profile
+	}
+
+	profilesInOrder := []SourceProfilePair{
+		{
+			CredentialsSourceDefault,
+			defaultZoneProfile,
+		},
+		{
+			CredentialsSourceActiveProfile,
+			activeProfile,
+		},
+		{
+			CredentialsSourceProviderProfile,
+			providerProfile,
+		},
+		{
+			CredentialsSourceEnvironment,
+			envProfile,
+		},
+	}
+	credentialsSource := &CredentialsSource{}
+
+	for _, pair := range profilesInOrder {
+		source := pair.Source
+		profile := pair.Profile
+
+		if profile.AccessKey != nil {
+			credentialsSource.AccessKey = source
+		}
+		if profile.SecretKey != nil {
+			credentialsSource.SecretKey = source
+		}
+		if profile.DefaultProjectID != nil {
+			credentialsSource.ProjectID = source
+		}
+		if profile.DefaultRegion != nil {
+			credentialsSource.DefaultRegion = source
+		}
+		if profile.DefaultZone != nil {
+			credentialsSource.DefaultZone = source
+		}
+	}
+
+	return credentialsSource
 }

internal/provider/provider.go

@@ -36,6 +36,7 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/rdb"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/redis"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/registry"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/scwconfig"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/sdb"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/secret"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/tem"
@@ -238,6 +239,7 @@ func Provider(config *Config) plugin.ProviderFunc {
 				"scaleway_block_volume":                        block.DataSourceVolume(),
 				"scaleway_cockpit":                             cockpit.DataSourceCockpit(),
 				"scaleway_cockpit_plan":                        cockpit.DataSourcePlan(),
+				"scaleway_config":                              scwconfig.DataSourceConfig(),
 				"scaleway_container":                           container.DataSourceContainer(),
 				"scaleway_container_namespace":                 container.DataSourceNamespace(),
 				"scaleway_documentdb_database":                 documentdb.DataSourceDatabase(),