feat(instance): add support for admin_password_encryption_ssh_key_id

Author: Mia-Cross

docs/resources/instance_server.md

@@ -260,6 +260,10 @@ attached to the server. Updates to this field will trigger a stop/start of the s
 
 - `protected` - (Optional) Set to true to activate server protection option.
 
+- `admin_password_encryption_ssh_key_id` - (Optional) The ID of the SSH RSA key that will be used to encrypt the initial admin password for OS requiring it. 
+   Mandatory for Windows OS. The public_key value of this key is used to encrypt the admin password. 
+   When set to an empty string, it resets this value and admin_password_encrypted_value to an empty string so a new password may be generated.
+
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the server should be created.
 
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the server is associated with.

internal/services/instance/server.go

@@ -372,6 +372,11 @@ func ResourceServer() *schema.Resource {
 					},
 				},
 			},
+			"admin_password_encryption_ssh_key_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The ID of the IAM SSH key used to encrypt the initial admin password on a Windows server",
+			},
 			"zone":            zonal.Schema(),
 			"organization_id": account.OrganizationIDSchema(),
 			"project_id":      account.ProjectIDSchema(),
@@ -437,6 +442,10 @@ func ResourceInstanceServerCreate(ctx context.Context, d *schema.ResourceData, m
 		req.PlacementGroup = types.ExpandStringPtr(zonal.ExpandID(placementGroupID).ID)
 	}
 
+	if adminPasswordEncryptionSSHKeyID, ok := d.GetOk("admin_password_encryption_key_ssh_id"); ok {
+		req.AdminPasswordEncryptionSSHKeyID = types.ExpandStringPtr(adminPasswordEncryptionSSHKeyID)
+	}
+
 	serverType := getServerType(ctx, api.API, req.Zone, req.CommercialType)
 	if serverType == nil {
 		return diag.Diagnostics{{
@@ -713,6 +722,10 @@ func ResourceInstanceServerRead(ctx context.Context, d *schema.ResourceData, m a
 		_ = d.Set("ipv6_prefix_length", nil)
 	}
 
+	if server.AdminPasswordEncryptionSSHKeyID != nil {
+		_ = d.Set("admin_password_encryption_ssh_key_id", server.AdminPasswordEncryptionSSHKeyID)
+	}
+
 	var additionalVolumesIDs []string
 
 	for i, serverVolume := range sortVolumeServer(server.Volumes) {
@@ -965,6 +978,10 @@ func ResourceInstanceServerUpdate(ctx context.Context, d *schema.ResourceData, m
 		}
 	}
 
+	if d.HasChange("admin_password_encryption_ssh_key_id") {
+		updateRequest.AdminPasswordEncryptionSSHKeyID = types.ExpandUpdatedStringPtr(d.Get("admin_password_encryption_ssh_key_id").(string))
+	}
+
 	////
 	// Update reserved IP
 	////

internal/services/instance/server_test.go

@@ -3,6 +3,7 @@ package instance_test
 import (
 	"errors"
 	"fmt"
+	iamchecks "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/iam/testfuncs"
 	"regexp"
 	"strings"
 	"testing"
@@ -2094,3 +2095,75 @@ func TestAccServer_PrivateNetworkMissingPNIC(t *testing.T) {
 		},
 	})
 }
+
+func TestAccServer_AdminPasswordEncryptionSSHKeyID(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	sshKey := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEEYrzDOZmhItdKaDAEqJQ4ORS2GyBMtBozYsK5kiXXX [email protected]"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy: resource.ComposeTestCheckFunc(
+			instancechecks.IsServerDestroyed(tt),
+			iamchecks.CheckSSHKeyDestroy(tt),
+		),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_ssh_key" "main" {
+						name = "test-acc-admin-pwd-encryption"
+						public_key = %q
+					}
+
+					resource "scaleway_instance_server" "main" {
+						type = "POP2-2C-8G-WIN"
+						image = "windows_server_2022"
+						admin_password_encryption_ssh_key_id = scaleway_iam_ssh_key.main.id
+					}
+					`, sshKey),
+				Check: resource.ComposeTestCheckFunc(
+					iamchecks.CheckSSHKeyExists(tt, "scaleway_iam_ssh_key.main"),
+					resource.TestCheckResourceAttr("scaleway_instance_server.main", "type", "POP2-2C-8G-WIN"),
+					resource.TestCheckResourceAttr("scaleway_instance_server.main", "image", "windows_server_2022"),
+					resource.TestCheckResourceAttrPair("scaleway_instance_server.main", "admin_password_encryption_ssh_key_id", "scaleway_iam_ssh_key.main", "id"),
+				),
+			},
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_ssh_key" "main" {
+						name = "test-acc-admin-pwd-encryption"
+						public_key = %q
+					}
+
+					resource "scaleway_instance_server" "main" {
+						type = "POP2-2C-8G-WIN"
+						image = "windows_server_2022"
+						admin_password_encryption_ssh_key_id = ""
+					}
+					`, sshKey),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("scaleway_instance_server.main", "admin_password_encryption_ssh_key_id", ""),
+				),
+			},
+			{
+				Config: fmt.Sprintf(`
+					resource "scaleway_iam_ssh_key" "main" {
+						name = "test-acc-admin-pwd-encryption"
+						public_key = %q
+					}
+
+					resource "scaleway_instance_server" "main" {
+						type = "POP2-2C-8G-WIN"
+						image = "windows_server_2022"
+						admin_password_encryption_ssh_key_id = scaleway_iam_ssh_key.main.id
+					}
+					`, sshKey),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair("scaleway_instance_server.main", "admin_password_encryption_ssh_key_id", "scaleway_iam_ssh_key.main", "id"),
+				),
+			},
+		},
+	})
+}