package provider import ( "context" "fmt" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/immich-app/terraform-provider-immich/internal/client" ) // Ensure the implementation satisfies the expected interfaces. var _ resource.Resource = &apiKeyResource{} var _ resource.ResourceWithImportState = &apiKeyResource{} func NewApiKeyResource() resource.Resource { return &apiKeyResource{} } // apiKeyResource defines the resource implementation. type apiKeyResource struct { client *client.Client } // apiKeyResourceModel describes the resource data model. type apiKeyResourceModel struct { ID types.String `tfsdk:"id"` Name types.String `tfsdk:"name"` Permissions []types.String `tfsdk:"permissions"` Secret types.String `tfsdk:"secret"` } func (r *apiKeyResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_api_key" } func (r *apiKeyResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "Manages an Immich personal API key. Note that the secret is only available upon creation.", Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ Computed: true, MarkdownDescription: "Unique identifier for the API key.", PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, "name": schema.StringAttribute{ Optional: true, MarkdownDescription: "Display name for the API key.", }, "permissions": schema.ListAttribute{ ElementType: types.StringType, Required: true, MarkdownDescription: "List of permissions granted to this API key (e.g. `asset.read`, `asset.upload`).", }, "secret": schema.StringAttribute{ Computed: true, Sensitive: true, MarkdownDescription: "The generated API key secret. This value is only returned when the key is created.", PlanModifiers: []planmodifier.String{ stringplanmodifier.UseStateForUnknown(), }, }, }, } } func (r *apiKeyResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) { if req.ProviderData == nil { return } client, ok := req.ProviderData.(*client.Client) if !ok { resp.Diagnostics.AddError( "Unexpected Resource Configure Type", fmt.Sprintf("Expected *client.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), ) return } r.client = client } func (r *apiKeyResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var data apiKeyResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } permissions := make([]string, len(data.Permissions)) for i, p := range data.Permissions { permissions[i] = p.ValueString() } createReq := client.ApiKeyCreateRequest{ Name: data.Name.ValueString(), Permissions: permissions, } apiKeyResp, err := r.client.CreateApiKey(createReq) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to create API key, got error: %s", err)) return } data.ID = types.StringValue(apiKeyResp.ApiKey.ID) data.Secret = types.StringValue(apiKeyResp.Secret) resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *apiKeyResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var data apiKeyResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } apiKey, err := r.client.GetApiKey(data.ID.ValueString()) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read API key, got error: %s", err)) return } data.Name = types.StringValue(apiKey.Name) permissions := make([]types.String, len(apiKey.Permissions)) for i, p := range apiKey.Permissions { permissions[i] = types.StringValue(p) } data.Permissions = permissions resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *apiKeyResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var data apiKeyResourceModel resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } permissions := make([]string, len(data.Permissions)) for i, p := range data.Permissions { permissions[i] = p.ValueString() } updateReq := client.ApiKeyUpdateRequest{ Name: data.Name.ValueString(), Permissions: permissions, } _, err := r.client.UpdateApiKey(data.ID.ValueString(), updateReq) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to update API key, got error: %s", err)) return } resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) } func (r *apiKeyResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var data apiKeyResourceModel resp.Diagnostics.Append(req.State.Get(ctx, &data)...) if resp.Diagnostics.HasError() { return } err := r.client.DeleteApiKey(data.ID.ValueString()) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete API key, got error: %s", err)) return } } func (r *apiKeyResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) }