Merge pull request #21335 from kamilturek/f-data_source_aws_iam_user_…

…ssh_key d/iam_user_ssh_key - new data source
hashicorp · Oct 20, 2021 · 48f9381 · 48f9381
2 parents 797b734 + a6e01b4
commit 48f9381
Show file tree

Hide file tree

Showing 5 changed files with 181 additions and 0 deletions.
diff --git a/.changelog/21335.txt b/.changelog/21335.txt
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_iam_user_ssh_key
+```
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -472,6 +472,7 @@ func Provider() *schema.Provider {
 			"aws_iam_server_certificate":                     iam.DataSourceServerCertificate(),
 			"aws_iam_session_context":                        iam.DataSourceSessionContext(),
 			"aws_iam_user":                                   iam.DataSourceUser(),
+			"aws_iam_user_ssh_key":                           iam.DataSourceUserSSHKey(),
 			"aws_iam_users":                                  iam.DataSourceUsers(),
 			"aws_identitystore_group":                        identitystore.DataSourceGroup(),
 			"aws_identitystore_user":                         identitystore.DataSourceUser(),

diff --git a/internal/service/iam/user_ssh_key_data_source.go b/internal/service/iam/user_ssh_key_data_source.go
@@ -0,0 +1,79 @@
+package iam
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func DataSourceUserSSHKey() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceUserSSHKeyRead,
+		Schema: map[string]*schema.Schema{
+			"encoding": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					iam.EncodingTypeSsh,
+					iam.EncodingTypePem,
+				}, false),
+			},
+			"fingerprint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"public_key": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"ssh_public_key_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"username": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceUserSSHKeyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).IAMConn
+
+	encoding := d.Get("encoding").(string)
+	sshPublicKeyId := d.Get("ssh_public_key_id").(string)
+	username := d.Get("username").(string)
+
+	request := &iam.GetSSHPublicKeyInput{
+		Encoding:       aws.String(encoding),
+		SSHPublicKeyId: aws.String(sshPublicKeyId),
+		UserName:       aws.String(username),
+	}
+
+	response, err := conn.GetSSHPublicKey(request)
+	if err != nil {
+		return fmt.Errorf("error reading IAM User SSH Key: %w", err)
+	}
+
+	publicKey := response.SSHPublicKey
+	publicKeyBody := publicKey.SSHPublicKeyBody
+	if encoding == iam.EncodingTypeSsh {
+		publicKeyBody = aws.String(cleanSSHKey(aws.StringValue(publicKeyBody)))
+	}
+
+	d.SetId(aws.StringValue(publicKey.SSHPublicKeyId))
+	d.Set("fingerprint", publicKey.Fingerprint)
+	d.Set("public_key", publicKeyBody)
+	d.Set("status", publicKey.Status)
+
+	return nil
+}
diff --git a/internal/service/iam/user_ssh_key_data_source_test.go b/internal/service/iam/user_ssh_key_data_source_test.go
@@ -0,0 +1,63 @@
+package iam_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/iam"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccIAMUserSSHKeyDataSource_basic(t *testing.T) {
+	resourceName := "aws_iam_user_ssh_key.test"
+	dataSourceName := "data.aws_iam_user_ssh_key.test"
+
+	username := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	publicKey, _, err := RandSSHKeyPairSize(2048, acctest.DefaultEmailAddress)
+	if err != nil {
+		t.Fatalf("error generating random SSH key: %s", err)
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { acctest.PreCheck(t) },
+		ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID),
+		Providers:  acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSSHKeyDataSourceConfig(username, publicKey),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "encoding", resourceName, "encoding"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "fingerprint", resourceName, "fingerprint"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "public_key", resourceName, "public_key"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "ssh_public_key_id", resourceName, "ssh_public_key_id"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "status", resourceName, "status"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "username", resourceName, "username"),
+				),
+			},
+		},
+	})
+}
+
+func testAccSSHKeyDataSourceConfig(username, publicKey string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_user" "test" {
+	name = %[1]q
+	path = "/"
+}
+
+resource "aws_iam_user_ssh_key" "test" {
+	username   = aws_iam_user.test.name
+	encoding   = "SSH"
+	public_key = %[2]q
+	status     = "Inactive"
+}
+
+data "aws_iam_user_ssh_key" "test" {
+	username          = aws_iam_user.test.name
+	encoding          = "SSH"
+	ssh_public_key_id = aws_iam_user_ssh_key.test.ssh_public_key_id
+}
+`, username, publicKey)
+}
diff --git a/website/docs/d/iam_user_ssh_key.html.markdown b/website/docs/d/iam_user_ssh_key.html.markdown
@@ -0,0 +1,35 @@
+---
+subcategory: "IAM"
+layout: "aws"
+page_title: "AWS: aws_iam_user_ssh_key"
+description: |-
+  Get information on a SSH public key associated with the specified IAM user.
+---
+
+# Data Source: aws_iam_user_ssh_key
+
+Use this data source to get information about a SSH public key associated with the specified IAM user.
+
+## Example Usage
+
+```terraform
+data "aws_iam_user_ssh_key" "example" {
+  encoding          = "SSH"
+  ssh_public_key_id = "APKARUZ32GUTKIGARLXE"
+  username          = "test-user"
+}
+```
+
+## Argument Reference
+
+* `encoding` - (Required) Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.
+* `ssh_public_key_id` - (Required) The unique identifier for the SSH public key.
+* `username` - (Required) The name of the IAM user associated with the SSH public key.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `fingerprint` - The MD5 message digest of the SSH public key.
+* `public_key` - The SSH public key.
+* `status` - The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.