feat(modules): adding module to retrieve api keys using a external gr…

…aphql provider (#2728) Co-authored-by: pranav-new-relic <[email protected]>
newrelic · Sep 3, 2024 · d318c94 · d318c94
1 parent bd4ab81
commit d318c94
Show file tree

Hide file tree

Showing 6 changed files with 247 additions and 0 deletions.
diff --git a/examples/modules/newrelic_api_access_key_extended/README.md b/examples/modules/newrelic_api_access_key_extended/README.md
@@ -0,0 +1,97 @@
+# Module: Create Access Keys and Fetch Access keys:
+
+## Overview
+This module may be used to create a user or ingest key using the `newrelic_api_access_key` resource, and fetch the created key, by performing a NerdGraph query under the hood, using the ID of the key created via the resource to fetch the created key.
+
+### Outputs
+The following output values are provided by the module:
+
+* `key`: The actual API key.
+* `name`: The name of the key.
+* `type`: The type of API key.
+* `ingest_type`: The type of ingest (applicable only for key_type = INGEST).
+
+
+### Example usage #1 (USER)
+```terraform
+module "create_access_keys" {
+  source = "../examples/modules/newrelic_api_access_key_extended"
+
+  create_access_keys_service = {
+    api_key             = "NRAK-XXXXXXXXXX"
+    newrelic_account_id = "12345678"
+    name                = "Access key for DemoApp"
+    key_type            = "USER"
+    user_id             = 12345623445
+  }
+}
+
+output "required_attributes" {
+  value = module.create_access_keys.required_attributes
+}
+```
+### Example usage #2 (INGEST-LICENSE)
+```terraform
+module "create_access_keys" {
+  source = "../examples/modules/newrelic_api_access_key_extended"
+
+  create_access_keys_service = {
+    api_key             = "NRAK-XXXXXXXXXX"
+    newrelic_account_id = "12345678"
+    name                = "DemoApp"
+    key_type            = "USER"
+    ingest_type         = "LICENSE"
+  }
+}
+
+output "required_attributes" {
+  value = module.create_access_keys.required_attributes
+}
+```
+### Example usage #3 (INGEST-BROWSER)
+```terraform
+module "create_access_keys" {
+  source = "../examples/modules/newrelic_api_access_key_extended"
+
+  create_access_keys_service = {
+    api_key             = "NRAK-XXXXXXXXXX"
+    newrelic_account_id = "12345678"
+    name                = "DemoApp"
+    key_type            = "USER"
+    ingest_type         = "BROWSER"
+  }
+}
+
+output "required_attributes" {
+  value = module.create_access_keys.required_attributes
+}
+```
+
+## Overview
+This module may be used to fetch a user or ingest key, using the ID of the key. Note that the ID of a key can be copied from the New Relic One UI, and is also exported by the newrelic_api_access_key resource in the New Relic Terraform Provider, if the key is created using this resource.
+
+### Outputs
+The following output values are provided by the module:
+
+* `key`: The actual API key
+* `name`: The name of the key.
+* `type`: The type of API key
+* `ingest_type`: The type of ingest (applicable only for key_type = INGEST).
+
+
+### Example usage
+```terraform
+module "fetch_access_keys" {
+  source = "../examples/modules/newrelic_api_access_key_extended"
+
+  fetch_access_keys_service = {
+        api_key = "NRAK-XXXXXXXXXXXXXXXX"
+        key_id = "DWEGHFF327532576931786356532327538273"
+        key_type = "INGEST"
+  }
+}
+
+output "required_attributes" {
+  value = module.fetch_access_keys.required_attributes
+}
+```
diff --git a/examples/modules/newrelic_api_access_key_extended/main.tf b/examples/modules/newrelic_api_access_key_extended/main.tf
@@ -0,0 +1,72 @@
+
+provider "graphql" {
+  url = var.fetch_access_keys_service.graphiql_url
+  headers = {
+    "Content-Type" = "application/json"
+    "API-Key" = var.fetch_access_keys_service.api_key != "" ? var.fetch_access_keys_service.api_key : var.create_access_keys_service.api_key
+  }
+}
+
+data "graphql_query" "basic_query" {
+  query_variables = {
+    "id"        = var.fetch_access_keys_service.key_id
+    "key_type"  = var.fetch_access_keys_service.key_type
+  }
+  query = <<EOF
+    query getUser($id: ID!, $key_type: ApiAccessKeyType!) {
+      actor {
+      apiAccess {
+        key(id: $id, keyType: $key_type) {
+        key
+        name
+        type
+        ... on ApiAccessIngestKey {
+          ingestType
+        }
+        }
+      }
+      }
+    }
+    EOF
+  count = local.is_resource_created ? 0 : 1
+}
+
+resource "newrelic_api_access_key" "api_access_key" {
+  count  = var.create_access_keys_service.newrelic_account_id != "" ? 1 : 0
+  account_id  = var.create_access_keys_service.newrelic_account_id
+  key_type    = var.create_access_keys_service.key_type
+  name        = "${var.create_access_keys_service.key_type != "USER" ? "APM " : "" }${var.create_access_keys_service.key_type}${var.create_access_keys_service.key_type != "USER" ? "-" : "" }${var.create_access_keys_service.ingest_type} Key for ${var.create_access_keys_service.name}"
+  notes       = var.create_access_keys_service.notes
+  user_id     = var.create_access_keys_service.key_type == "USER" ? var.create_access_keys_service.user_id : null
+  ingest_type = var.create_access_keys_service.key_type == "INGEST" ? var.create_access_keys_service.ingest_type : null
+}
+
+data "graphql_query" "query_with_id" {
+  query_variables = {
+    "id"        = newrelic_api_access_key.api_access_key[0].id
+    "key_type"  = var.create_access_keys_service.key_type
+  }
+  query = <<EOF
+    query getUser($id: ID!, $key_type: ApiAccessKeyType!) {
+      actor {
+      apiAccess {
+        key(id: $id, keyType: $key_type) {
+        key
+        name
+        type
+        ... on ApiAccessIngestKey {
+          ingestType
+        }
+        }
+      }
+      }
+    }
+    EOF
+  depends_on = [newrelic_api_access_key.api_access_key]
+  count = local.is_resource_created ? 1 : 0
+}
+
+
+
+
+
diff --git a/examples/modules/newrelic_api_access_key_extended/outputs.tf b/examples/modules/newrelic_api_access_key_extended/outputs.tf
@@ -0,0 +1,17 @@
+
+output "required_attributes" {
+  value = {
+    "key": local.key,
+    "name": local.name,
+    "key_type": local.type,
+    "ingest_type": local.ingestType
+  }
+}
+
+output "key_id" {
+  value = length(newrelic_api_access_key.api_access_key) > 0 ? newrelic_api_access_key.api_access_key[0].id : null
+}
+
+output "key" {
+  value = length(newrelic_api_access_key.api_access_key) > 0 ? newrelic_api_access_key.api_access_key[0].key : null
+}
diff --git a/examples/modules/newrelic_api_access_key_extended/providers.tf b/examples/modules/newrelic_api_access_key_extended/providers.tf
@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    newrelic = {
+      source = "newrelic/newrelic"
+    }
+    graphql = {
+      source = "sullivtr/graphql"
+    }
+  }
+}
+
+provider "newrelic" {
+  region = "US" # US or EU
+}
+
+
diff --git a/examples/modules/newrelic_api_access_key_extended/variables.tf b/examples/modules/newrelic_api_access_key_extended/variables.tf
@@ -0,0 +1,41 @@
+locals {
+  response = local.is_resource_created ? jsondecode(data.graphql_query.query_with_id[0].query_response): jsondecode(data.graphql_query.basic_query[0].query_response)
+  key = local.response["data"]["actor"]["apiAccess"]["key"]["key"]
+  name = local.response["data"]["actor"]["apiAccess"]["key"]["name"]
+  type = local.response["data"]["actor"]["apiAccess"]["key"]["type"]
+  ingestType = lookup(local.response["data"]["actor"]["apiAccess"]["key"],"ingestType",null)
+  is_resource_created = var.create_access_keys_service.newrelic_account_id != ""
+}
+
+variable "fetch_access_keys_service" {
+  description = "The service is to get api keys"
+  type = object({
+    api_key                    = string
+    key_id                     = string
+    key_type                   = string
+    graphiql_url               = optional(string,"https://api.newrelic.com/graphql")
+  })
+  default = {
+    api_key  = ""
+    key_id   = "XXXX"
+    key_type = "XXXX"
+  }
+}
+
+variable "create_access_keys_service" {
+  description = "The service is to create api keys"
+  type = object({
+    api_key                    = string
+    newrelic_account_id        = string
+    name                       = optional(string,"New API Key")
+    key_type                   = string
+    ingest_type                = optional(string,"")
+    notes                      = optional(string,"API Key created using the newrelic_api_access_key Terraform resource")
+    user_id                    = optional(string,null)
+  })
+  default = {
+    api_key  = ""
+    newrelic_account_id  = ""
+    key_type             = "INGEST"
+  }
+}
diff --git a/website/docs/r/api_access_key.html.markdown b/website/docs/r/api_access_key.html.markdown
@@ -64,3 +64,7 @@ For example:
 ```
 $ terraform import newrelic_api_access_key.foobar "1234567:INGEST"
 ```
+## Extended Usage
+This module may be used to create a user or ingest key using the `create_access_keys_service` resource, and fetch the created key using `fetch_access_keys_service`, by performing a NerdGraph query under the hood, using the ID of the key created via the resource to fetch the created key.
+Please refer  
+[create access keys and fetch access keys](https://github.com/newrelic/terraform-provider-newrelic/blob/main/examples/modules/golden-signal-alerts-new/README.md) for more info.