Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't import existing api-keys #17

Closed
mallie-su opened this issue May 5, 2022 · 7 comments
Closed

Can't import existing api-keys #17

mallie-su opened this issue May 5, 2022 · 7 comments
Labels
new-feature-request

Comments

@mallie-su
Copy link

Hello,

Switching from confluentcloud 0.5.0 went smoothly! Now I want to add support for api key generation.
The problem is: I don't want to recreate existing API keys, as the users of our clusters are actively using them.

The doc doesn't describe how to import the key in our tfstate.

Is there a way to do it? I suppose that's not possible atm, as the error message while trying to import one key is quiet descriptive:
Error: resource confluent_api_key doesn't support import

Is it possible for you to implement it? Or is it "by-design"?
@mallie-su mallie-su changed the title Can't import existing key Can't import existing api-keys May 5, 2022
@linouk23
Copy link
Collaborator

linouk23 commented May 5, 2022
edited
Loading

@mallie-su thanks for opening an issue! That's very exciting you've proactively migrated to 0.7.0 and it went smoothly for you!

We're thinking about adding an import functionality for confluent_api_key but it's not supported at the moment.

One hacky thing you could do right now is to fake an import (I'll use Kafka API Key as an example) by:

  1. Adding its config to your TF configuration file (main.tf):
# Adjust the variables
resource "confluent_api_key" "app-producer-kafka-api-key" {
  display_name = "app-producer-kafka-api-key"
  description  = "Kafka API Key that is owned by 'app-producer' service account"
  owner {
    id          = confluent_service_account.app-producer.id
    api_version = confluent_service_account.app-producer.api_version
    kind        = confluent_service_account.app-producer.kind
  }

  managed_resource {
    id          = confluent_kafka_cluster.basic.id
    api_version = confluent_kafka_cluster.basic.api_version
    kind        = confluent_kafka_cluster.basic.kind

    environment {
      id = confluent_environment.staging.id
    }
  }
}
  1. Adding it to TF state file (terraform.tfstate):
{
      "mode": "managed",
      "type": "confluent_api_key",
      "name": "app-producer-kafka-api-key",
      "provider": "provider[\"registry.terraform.io/confluentinc/confluent\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "description": "Kafka API Key that is owned by 'app-producer' service account",
            "display_name": "app-producer-kafka-api-key",
            "id": "WI34H6UO111111111",
            "managed_resource": [
              {
                "api_version": "cmk/v2",
                "environment": [
                  {
                    "id": "env-abc-123"
                  }
                ],
                "id": "lkc-xyz123",
                "kind": "Cluster"
              }
            ],
            "owner": [
              {
                "api_version": "iam/v2",
                "id": "sa-abc123",
                "kind": "ServiceAccount"
              }
            ],
            "secret": "***REDACTED***"
          },
          "sensitive_attributes": [],
          "private": "bnVsbA==",
          "dependencies": [
            "confluent_environment.staging",
            "confluent_kafka_cluster.basic",
            "confluent_service_account.app-producer"
          ]
        }
      ]
    },

(update all IDs including secret attribute)

and then run terraform plan that should show no changes to the config 🤞

Let me know if it helps!

@mallie-su
Copy link
Author

The hacky way works like a charm! Not quiet user friendly, espcially with a remote state, but eh, it works!
But I do think that the feature to import the keys would be much easier 😉

Thanks a lot @linouk23!

@linouk23
Copy link
Collaborator

linouk23 commented May 6, 2022

That's great to hear!

But I do think that the feature to import the keys would be much easier 😉

For sure, I'll keep this issue open until we add it.

@sc-alistairdeneys
Copy link

I'd like to +1 this feature request.

I'm in the process of migrating our Confluent configuration to Terraform and it would be great if we could manage all resources, including API keys, in Terraform.

@linouk23
Copy link
Collaborator

@mallie-su @sc-alistairdeneys my team discussed this issue internally and I'm happy to let you know that we'll add this functionality in our upcoming 0.8.0 release.

@linouk23
Copy link
Collaborator

linouk23 commented May 13, 2022
edited
Loading

@mallie-su @sc-alistairdeneys @Talgatele we're happy to let you know that we've implemented import for confluent_api_key resource in our latest 0.8.0 release.

@sc-alistairdeneys
Copy link

Fantastic! Thanks for the notification @linouk23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@linouk23 @sc-alistairdeneys @mallie-su