diff --git a/.changelog/21335.txt b/.changelog/21335.txt new file mode 100644 index 00000000000..36bf10260a3 --- /dev/null +++ b/.changelog/21335.txt @@ -0,0 +1,3 @@ +```release-note:new-data-source +aws_iam_user_ssh_key +``` diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 3fea8dc2ce2..a3a1e04b9ac 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -472,6 +472,7 @@ func Provider() *schema.Provider { "aws_iam_server_certificate": iam.DataSourceServerCertificate(), "aws_iam_session_context": iam.DataSourceSessionContext(), "aws_iam_user": iam.DataSourceUser(), + "aws_iam_user_ssh_key": iam.DataSourceUserSSHKey(), "aws_iam_users": iam.DataSourceUsers(), "aws_identitystore_group": identitystore.DataSourceGroup(), "aws_identitystore_user": identitystore.DataSourceUser(), diff --git a/internal/service/iam/user_ssh_key_data_source.go b/internal/service/iam/user_ssh_key_data_source.go new file mode 100644 index 00000000000..97f4a50e582 --- /dev/null +++ b/internal/service/iam/user_ssh_key_data_source.go @@ -0,0 +1,79 @@ +package iam + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func DataSourceUserSSHKey() *schema.Resource { + return &schema.Resource{ + Read: dataSourceUserSSHKeyRead, + Schema: map[string]*schema.Schema{ + "encoding": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{ + iam.EncodingTypeSsh, + iam.EncodingTypePem, + }, false), + }, + "fingerprint": { + Type: schema.TypeString, + Computed: true, + }, + "public_key": { + Type: schema.TypeString, + Computed: true, + }, + "ssh_public_key_id": { + Type: schema.TypeString, + Required: true, + }, + "status": { + Type: schema.TypeString, + Computed: true, + }, + "username": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func dataSourceUserSSHKeyRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).IAMConn + + encoding := d.Get("encoding").(string) + sshPublicKeyId := d.Get("ssh_public_key_id").(string) + username := d.Get("username").(string) + + request := &iam.GetSSHPublicKeyInput{ + Encoding: aws.String(encoding), + SSHPublicKeyId: aws.String(sshPublicKeyId), + UserName: aws.String(username), + } + + response, err := conn.GetSSHPublicKey(request) + if err != nil { + return fmt.Errorf("error reading IAM User SSH Key: %w", err) + } + + publicKey := response.SSHPublicKey + publicKeyBody := publicKey.SSHPublicKeyBody + if encoding == iam.EncodingTypeSsh { + publicKeyBody = aws.String(cleanSSHKey(aws.StringValue(publicKeyBody))) + } + + d.SetId(aws.StringValue(publicKey.SSHPublicKeyId)) + d.Set("fingerprint", publicKey.Fingerprint) + d.Set("public_key", publicKeyBody) + d.Set("status", publicKey.Status) + + return nil +} diff --git a/internal/service/iam/user_ssh_key_data_source_test.go b/internal/service/iam/user_ssh_key_data_source_test.go new file mode 100644 index 00000000000..22f74f76367 --- /dev/null +++ b/internal/service/iam/user_ssh_key_data_source_test.go @@ -0,0 +1,63 @@ +package iam_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/service/iam" + sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" +) + +func TestAccIAMUserSSHKeyDataSource_basic(t *testing.T) { + resourceName := "aws_iam_user_ssh_key.test" + dataSourceName := "data.aws_iam_user_ssh_key.test" + + username := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + publicKey, _, err := RandSSHKeyPairSize(2048, acctest.DefaultEmailAddress) + if err != nil { + t.Fatalf("error generating random SSH key: %s", err) + } + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), + Providers: acctest.Providers, + Steps: []resource.TestStep{ + { + Config: testAccSSHKeyDataSourceConfig(username, publicKey), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "encoding", resourceName, "encoding"), + resource.TestCheckResourceAttrPair(dataSourceName, "fingerprint", resourceName, "fingerprint"), + resource.TestCheckResourceAttrPair(dataSourceName, "public_key", resourceName, "public_key"), + resource.TestCheckResourceAttrPair(dataSourceName, "ssh_public_key_id", resourceName, "ssh_public_key_id"), + resource.TestCheckResourceAttrPair(dataSourceName, "status", resourceName, "status"), + resource.TestCheckResourceAttrPair(dataSourceName, "username", resourceName, "username"), + ), + }, + }, + }) +} + +func testAccSSHKeyDataSourceConfig(username, publicKey string) string { + return fmt.Sprintf(` +resource "aws_iam_user" "test" { + name = %[1]q + path = "/" +} + +resource "aws_iam_user_ssh_key" "test" { + username = aws_iam_user.test.name + encoding = "SSH" + public_key = %[2]q + status = "Inactive" +} + +data "aws_iam_user_ssh_key" "test" { + username = aws_iam_user.test.name + encoding = "SSH" + ssh_public_key_id = aws_iam_user_ssh_key.test.ssh_public_key_id +} +`, username, publicKey) +} diff --git a/website/docs/d/iam_user_ssh_key.html.markdown b/website/docs/d/iam_user_ssh_key.html.markdown new file mode 100644 index 00000000000..fc04e5d8c36 --- /dev/null +++ b/website/docs/d/iam_user_ssh_key.html.markdown @@ -0,0 +1,35 @@ +--- +subcategory: "IAM" +layout: "aws" +page_title: "AWS: aws_iam_user_ssh_key" +description: |- + Get information on a SSH public key associated with the specified IAM user. +--- + +# Data Source: aws_iam_user_ssh_key + +Use this data source to get information about a SSH public key associated with the specified IAM user. + +## Example Usage + +```terraform +data "aws_iam_user_ssh_key" "example" { + encoding = "SSH" + ssh_public_key_id = "APKARUZ32GUTKIGARLXE" + username = "test-user" +} +``` + +## Argument Reference + +* `encoding` - (Required) Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`. +* `ssh_public_key_id` - (Required) The unique identifier for the SSH public key. +* `username` - (Required) The name of the IAM user associated with the SSH public key. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `fingerprint` - The MD5 message digest of the SSH public key. +* `public_key` - The SSH public key. +* `status` - The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.