Remove FF for api keys and create docs (#149)

Removed ff for api key allow list
yugabyte · Jan 27, 2025 · b8d5c8d · b8d5c8d
1 parent 4f4f816
commit b8d5c8d
Show file tree

Hide file tree

Showing 5 changed files with 63 additions and 22 deletions.
diff --git a/docs/resources/api_key.md b/docs/resources/api_key.md
@@ -35,6 +35,30 @@ resource "ybm_api_key" "example_custom_role_api_key" {
 }
 ```
 
+To issue an API key with allow lists associated for IP based restrictions on the key
+
+```terraform
+resource "ybm_allow_list" "external_network_range" {
+  allow_list_name        = "external-range"
+  allow_list_description = "allow a range of external IP addresses"
+  cidr_list              = ["192.168.1.0/24"]
+}
+resource "ybm_allow_list" "external_single_ip" {
+  allow_list_name        = "external-single"
+  allow_list_description = "allow a single external IP address"
+  cidr_list              = ["203.0.113.1/32"]
+}
+
+resource "ybm_api_key" "developer_api_key" {
+  name           = "developer-key"
+  description    = "IP restricted API key for developer access"
+  duration       = 1
+  unit           = "Hours"
+  role_name      = "Developer"
+  allow_list_ids = [ybm_allow_list.external_network_range.allow_list_id, ybm_allow_list.external_single_ip.allow_list_id]
+}
+```
+
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -47,6 +71,7 @@ resource "ybm_api_key" "example_custom_role_api_key" {
 
 ### Optional
 
+- `allow_list_ids` (Set of String) List of IDs of the allow lists assigned to the API Key.
 - `api_key_id` (String) The ID of the API Key. Created automatically when an API Key is created. Use this ID to get a specific API Key.
 - `description` (String) The description of the API Key.
 
@@ -59,4 +84,4 @@ resource "ybm_api_key" "example_custom_role_api_key" {
 - `issuer` (String) The issuer of the API Key.
 - `last_used` (String) The last used time of the API Key.
 - `project_id` (String) The ID of the project this user belongs to.
-- `status` (String) The status of the API Key.
+- `status` (String) The status of the API Key.
diff --git a/examples/resources/ybm_api_key/allow-list-api-key.tf b/examples/resources/ybm_api_key/allow-list-api-key.tf
@@ -0,0 +1,19 @@
+resource "ybm_allow_list" "external_network_range" {
+  allow_list_name        = "external-range"
+  allow_list_description = "allow a range of external IP addresses"
+  cidr_list              = ["192.168.1.0/24"]
+}
+resource "ybm_allow_list" "external_single_ip" {
+  allow_list_name        = "external-single"
+  allow_list_description = "allow a single external IP address"
+  cidr_list              = ["203.0.113.1/32"]
+}
+
+resource "ybm_api_key" "developer_api_key" {
+  name           = "developer-key"
+  description    = "IP restricted API key for developer access"
+  duration       = 1
+  unit           = "Hours"
+  role_name      = "Developer"
+  allow_list_ids = [ybm_allow_list.external_network_range.allow_list_id, ybm_allow_list.external_single_ip.allow_list_id]
+}
diff --git a/managed/fflags/feature_flags.go b/managed/fflags/feature_flags.go
@@ -13,15 +13,13 @@ import (
 type FeatureFlag string
 
 const (
-	CONNECTION_POOLING  FeatureFlag = "CONNECTION_POOLING"
-	DR                  FeatureFlag = "DR"
-	API_KEYS_ALLOW_LIST FeatureFlag = "API_KEYS_ALLOW_LIST"
+	CONNECTION_POOLING FeatureFlag = "CONNECTION_POOLING"
+	DR                 FeatureFlag = "DR"
 )
 
 var flagEnabled = map[FeatureFlag]bool{
-	CONNECTION_POOLING:  false,
-	DR:                  false,
-	API_KEYS_ALLOW_LIST: false,
+	CONNECTION_POOLING: false,
+	DR:                 false,
 }
 
 func (f FeatureFlag) String() string {

diff --git a/managed/resource_api_key.go b/managed/resource_api_key.go
@@ -12,14 +12,13 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
-	"github.com/yugabyte/terraform-provider-ybm/managed/fflags"
 	openapiclient "github.com/yugabyte/yugabytedb-managed-go-client-internal"
 )
 
 type resourceApiKeyType struct{}
 
 func (r resourceApiKeyType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
-	schema := tfsdk.Schema{
+	return tfsdk.Schema{
 		Description: `The resource to issue an API Key in YugabyteDB Aeon.`,
 		Attributes: map[string]tfsdk.Attribute{
 			"account_id": {
@@ -58,6 +57,13 @@ func (r resourceApiKeyType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Dia
 				Type:        types.StringType,
 				Required:    true,
 			},
+			"allow_list_ids": {
+				Description: "List of IDs of the allow lists assigned to the API Key.",
+				Type: types.SetType{
+					ElemType: types.StringType,
+				},
+				Optional: true,
+			},
 			"description": {
 				Description: "The description of the API Key.",
 				Type:        types.StringType,
@@ -96,18 +102,7 @@ func (r resourceApiKeyType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Dia
 				Computed:    true,
 			},
 		},
-	}
-	// Add allow lists if the feature flag is enabled
-	if fflags.IsFeatureFlagEnabled(fflags.API_KEYS_ALLOW_LIST) {
-		schema.Attributes["allow_list_ids"] = tfsdk.Attribute{
-			Description: "List of IDs of the allow lists assigned to the API Key.",
-			Type: types.SetType{
-				ElemType: types.StringType,
-			},
-			Optional: true,
-		}
-	}
-	return schema, nil
+	}, nil
 }
 
 func (r resourceApiKeyType) NewResource(_ context.Context, p tfsdk.Provider) (tfsdk.Resource, diag.Diagnostics) {

diff --git a/templates/resources/api_key.md.tmpl b/templates/resources/api_key.md.tmpl
@@ -19,4 +19,8 @@ To issue an API Key with custom user defined roles
 
 {{ tffile "examples/resources/ybm_api_key/custom-role-api-key.tf" }}
 
-{{ .SchemaMarkdown | trimspace }}
+To issue an API key with allow lists associated for IP based restrictions on the key
+
+{{ tffile "examples/resources/ybm_api_key/allow-list-api-key.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}