From 219c1ff461cb167f50dd4e36105f978263e810c9 Mon Sep 17 00:00:00 2001
From: Kamil Turek <kamil.turek@hotmail.com>
Date: Sat, 16 Oct 2021 14:06:45 +0200
Subject: [PATCH 1/4] Add new data source: aws_iam_user_ssh_key

---
 internal/provider/provider.go                 |  1 +
 .../service/iam/user_ssh_key_data_source.go   | 79 +++++++++++++++++++
 .../iam/user_ssh_key_data_source_test.go      | 63 +++++++++++++++
 3 files changed, 143 insertions(+)
 create mode 100644 internal/service/iam/user_ssh_key_data_source.go
 create mode 100644 internal/service/iam/user_ssh_key_data_source_test.go

diff --git a/internal/provider/provider.go b/internal/provider/provider.go
index 3fea8dc2ce2..a3a1e04b9ac 100644
--- a/internal/provider/provider.go
+++ b/internal/provider/provider.go
@@ -472,6 +472,7 @@ func Provider() *schema.Provider {
 			"aws_iam_server_certificate":                     iam.DataSourceServerCertificate(),
 			"aws_iam_session_context":                        iam.DataSourceSessionContext(),
 			"aws_iam_user":                                   iam.DataSourceUser(),
+			"aws_iam_user_ssh_key":                           iam.DataSourceUserSSHKey(),
 			"aws_iam_users":                                  iam.DataSourceUsers(),
 			"aws_identitystore_group":                        identitystore.DataSourceGroup(),
 			"aws_identitystore_user":                         identitystore.DataSourceUser(),
diff --git a/internal/service/iam/user_ssh_key_data_source.go b/internal/service/iam/user_ssh_key_data_source.go
new file mode 100644
index 00000000000..97f4a50e582
--- /dev/null
+++ b/internal/service/iam/user_ssh_key_data_source.go
@@ -0,0 +1,79 @@
+package iam
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/iam"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+)
+
+func DataSourceUserSSHKey() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceUserSSHKeyRead,
+		Schema: map[string]*schema.Schema{
+			"encoding": {
+				Type:     schema.TypeString,
+				Required: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					iam.EncodingTypeSsh,
+					iam.EncodingTypePem,
+				}, false),
+			},
+			"fingerprint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"public_key": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"ssh_public_key_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"status": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"username": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+		},
+	}
+}
+
+func dataSourceUserSSHKeyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*conns.AWSClient).IAMConn
+
+	encoding := d.Get("encoding").(string)
+	sshPublicKeyId := d.Get("ssh_public_key_id").(string)
+	username := d.Get("username").(string)
+
+	request := &iam.GetSSHPublicKeyInput{
+		Encoding:       aws.String(encoding),
+		SSHPublicKeyId: aws.String(sshPublicKeyId),
+		UserName:       aws.String(username),
+	}
+
+	response, err := conn.GetSSHPublicKey(request)
+	if err != nil {
+		return fmt.Errorf("error reading IAM User SSH Key: %w", err)
+	}
+
+	publicKey := response.SSHPublicKey
+	publicKeyBody := publicKey.SSHPublicKeyBody
+	if encoding == iam.EncodingTypeSsh {
+		publicKeyBody = aws.String(cleanSSHKey(aws.StringValue(publicKeyBody)))
+	}
+
+	d.SetId(aws.StringValue(publicKey.SSHPublicKeyId))
+	d.Set("fingerprint", publicKey.Fingerprint)
+	d.Set("public_key", publicKeyBody)
+	d.Set("status", publicKey.Status)
+
+	return nil
+}
diff --git a/internal/service/iam/user_ssh_key_data_source_test.go b/internal/service/iam/user_ssh_key_data_source_test.go
new file mode 100644
index 00000000000..22f74f76367
--- /dev/null
+++ b/internal/service/iam/user_ssh_key_data_source_test.go
@@ -0,0 +1,63 @@
+package iam_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/iam"
+	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+)
+
+func TestAccIAMUserSSHKeyDataSource_basic(t *testing.T) {
+	resourceName := "aws_iam_user_ssh_key.test"
+	dataSourceName := "data.aws_iam_user_ssh_key.test"
+
+	username := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	publicKey, _, err := RandSSHKeyPairSize(2048, acctest.DefaultEmailAddress)
+	if err != nil {
+		t.Fatalf("error generating random SSH key: %s", err)
+	}
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:   func() { acctest.PreCheck(t) },
+		ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID),
+		Providers:  acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSSHKeyDataSourceConfig(username, publicKey),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "encoding", resourceName, "encoding"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "fingerprint", resourceName, "fingerprint"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "public_key", resourceName, "public_key"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "ssh_public_key_id", resourceName, "ssh_public_key_id"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "status", resourceName, "status"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "username", resourceName, "username"),
+				),
+			},
+		},
+	})
+}
+
+func testAccSSHKeyDataSourceConfig(username, publicKey string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_user" "test" {
+	name = %[1]q
+	path = "/"
+}
+
+resource "aws_iam_user_ssh_key" "test" {
+	username   = aws_iam_user.test.name
+	encoding   = "SSH"
+	public_key = %[2]q
+	status     = "Inactive"
+}
+
+data "aws_iam_user_ssh_key" "test" {
+	username          = aws_iam_user.test.name
+	encoding          = "SSH"
+	ssh_public_key_id = aws_iam_user_ssh_key.test.ssh_public_key_id
+}
+`, username, publicKey)
+}

From 89b91b8ad5eb13d6755b798063da37bc05fb8935 Mon Sep 17 00:00:00 2001
From: Kamil Turek <kamil.turek@hotmail.com>
Date: Sat, 16 Oct 2021 15:07:43 +0200
Subject: [PATCH 2/4] Create documentation file for data source:
 aws_iam_user_ssh_key

---
 website/docs/d/iam_user_ssh_key.html.markdown | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 website/docs/d/iam_user_ssh_key.html.markdown

diff --git a/website/docs/d/iam_user_ssh_key.html.markdown b/website/docs/d/iam_user_ssh_key.html.markdown
new file mode 100644
index 00000000000..77f1bb2a3ad
--- /dev/null
+++ b/website/docs/d/iam_user_ssh_key.html.markdown
@@ -0,0 +1,35 @@
+---
+subcategory: "IAM"
+layout: "aws"
+page_title: "AWS: aws_iam_user_ssh_key"
+description: |-
+  Get information on a SSH public key associated with the specified IAM user.
+---
+
+# Data Source: aws_iam_user_ssh_key
+
+Use this data source to get information about a SSH public key associated with the specified IAM user.
+
+## Example Usage
+
+```terraform
+data "aws_iam_user_ssh_key" "example" {
+  encoding          = "SSH"
+  ssh_public_key_id = "APKARUZ32GUTKIGARLXE"
+  username          = "test-user"
+}
+```
+
+## Argument Reference
+
+* `encoding` - (Required) Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.
+* `ssh_public_key_id` - (Required) The unique identifier for the SSH public key.
+* `username` - (Required) The name of the IAM user assocaited with the SSH public key.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `fingerprint` - The MD5 message digest of the SSH public key.
+* `public_key` - The SSH public key.
+* `status` - The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.

From 902174a6feabc0b63149e91b45bf5d956ca0722e Mon Sep 17 00:00:00 2001
From: Kamil Turek <kamil.turek@hotmail.com>
Date: Sat, 16 Oct 2021 15:08:53 +0200
Subject: [PATCH 3/4] Add changelog entry

---
 .changelog/21335.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/21335.txt

diff --git a/.changelog/21335.txt b/.changelog/21335.txt
new file mode 100644
index 00000000000..36bf10260a3
--- /dev/null
+++ b/.changelog/21335.txt
@@ -0,0 +1,3 @@
+```release-note:new-data-source
+aws_iam_user_ssh_key
+```

From a6e01b42cc4c65d218bb5bfb23bb57fbd2ea73b6 Mon Sep 17 00:00:00 2001
From: Kamil Turek <kamil.turek@hotmail.com>
Date: Sat, 16 Oct 2021 15:14:31 +0200
Subject: [PATCH 4/4] Fix typo

---
 website/docs/d/iam_user_ssh_key.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/d/iam_user_ssh_key.html.markdown b/website/docs/d/iam_user_ssh_key.html.markdown
index 77f1bb2a3ad..fc04e5d8c36 100644
--- a/website/docs/d/iam_user_ssh_key.html.markdown
+++ b/website/docs/d/iam_user_ssh_key.html.markdown
@@ -24,7 +24,7 @@ data "aws_iam_user_ssh_key" "example" {
 
 * `encoding` - (Required) Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.
 * `ssh_public_key_id` - (Required) The unique identifier for the SSH public key.
-* `username` - (Required) The name of the IAM user assocaited with the SSH public key.
+* `username` - (Required) The name of the IAM user associated with the SSH public key.
 
 ## Attributes Reference