feat: add github_user_ssh_signing_key

Author: simonostendorf

github/resource_github_user_ssh_signing_key.go

@@ -0,0 +1,119 @@
+package github
+
+import (
+	"context"
+	"log"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"github.com/google/go-github/v63/github"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceGithubUserSshSigningKey() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGithubUserSshSigningKeyCreate,
+		Read:   resourceGithubUserSshSigningKeyRead,
+		Delete: resourceGithubUserSshSigningKeyDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"title": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "A descriptive name for the new key.",
+			},
+			"key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The public SSH key to add to your GitHub account.",
+				DiffSuppressFunc: func(k, oldV, newV string, d *schema.ResourceData) bool {
+					newTrimmed := strings.TrimSpace(newV)
+					return oldV == newTrimmed
+				},
+			},
+			"etag": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceGithubUserSshSigningKeyCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+
+	title := d.Get("title").(string)
+	key := d.Get("key").(string)
+	ctx := context.Background()
+
+	userKey, _, err := client.Users.CreateSSHSigningKey(ctx, &github.Key{
+		Title: github.String(title),
+		Key:   github.String(key),
+	})
+	if err != nil {
+		return err
+	}
+
+	d.SetId(strconv.FormatInt(*userKey.ID, 10))
+
+	return resourceGithubUserSshSigningKeyRead(d, meta)
+}
+
+func resourceGithubUserSshSigningKeyRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	if err != nil {
+		return unconvertibleIdErr(d.Id(), err)
+	}
+	ctx := context.WithValue(context.Background(), ctxId, d.Id())
+	if !d.IsNewResource() {
+		ctx = context.WithValue(ctx, ctxEtag, d.Get("etag").(string))
+	}
+
+	key, resp, err := client.Users.GetSSHSigningKey(ctx, id)
+	if err != nil {
+		if ghErr, ok := err.(*github.ErrorResponse); ok {
+			if ghErr.Response.StatusCode == http.StatusNotModified {
+				return nil
+			}
+			if ghErr.Response.StatusCode == http.StatusNotFound {
+				log.Printf("[INFO] Removing user SSH key %s from state because it no longer exists in GitHub",
+					d.Id())
+				d.SetId("")
+				return nil
+			}
+		}
+	}
+
+	if err = d.Set("etag", resp.Header.Get("ETag")); err != nil {
+		return err
+	}
+	if err = d.Set("title", key.GetTitle()); err != nil {
+		return err
+	}
+	if err = d.Set("key", key.GetKey()); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceGithubUserSshSigningKeyDelete(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	if err != nil {
+		return unconvertibleIdErr(d.Id(), err)
+	}
+	ctx := context.WithValue(context.Background(), ctxId, d.Id())
+
+	_, err = client.Users.DeleteSSHSigningKey(ctx, id)
+	return err
+}

github/resource_github_user_ssh_signing_key_test.go

@@ -0,0 +1,120 @@
+package github
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"fmt"
+	"regexp"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"golang.org/x/crypto/ssh"
+)
+
+func TestAccGithubUserSshSigningKey(t *testing.T) {
+
+	randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+	testKey := newTestSigningKey()
+
+	t.Run("creates and destroys a user SSH key without error", func(t *testing.T) {
+
+		config := fmt.Sprintf(`
+			resource "github_user_ssh_signing_key" "test" {
+				title = "tf-acc-test-%s"
+				key   = "%s"
+			}
+		`, randomID, testKey)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestMatchResourceAttr(
+				"github_user_ssh_signing_key.test", "title",
+				regexp.MustCompile(randomID),
+			),
+			resource.TestMatchResourceAttr(
+				"github_user_ssh_signing_key.test", "key",
+				regexp.MustCompile("^ssh-rsa "),
+			),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			testCase(t, individual)
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+
+	})
+
+	t.Run("imports an individual account SSH key without error", func(t *testing.T) {
+
+		config := fmt.Sprintf(`
+			resource "github_user_ssh_signing_key" "test" {
+				title = "tf-acc-test-%s"
+				key   = "%s"
+			}
+		`, randomID, testKey)
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttrSet("github_user_ssh_signing_key.test", "title"),
+			resource.TestCheckResourceAttrSet("github_user_ssh_signing_key.test", "key"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  check,
+					},
+					{
+						ResourceName:      "github_user_ssh_signing_key.test",
+						ImportState:       true,
+						ImportStateVerify: true,
+					},
+				},
+			})
+		}
+
+		t.Run("with an anonymous account", func(t *testing.T) {
+			t.Skip("anonymous account not supported for this operation")
+		})
+
+		t.Run("with an individual account", func(t *testing.T) {
+			testCase(t, individual)
+		})
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+
+	})
+}
+
+func newTestSigningKey() string {
+	privateKey, _ := rsa.GenerateKey(rand.Reader, 1024)
+	publicKey, _ := ssh.NewPublicKey(&privateKey.PublicKey)
+	testKey := strings.TrimRight(string(ssh.MarshalAuthorizedKey(publicKey)), "\n")
+	return testKey
+}