review changes 2

h3adex · h3adex · commit 4a17da3888f7 · 2025-03-21T09:15:27.000+01:00
diff --git a/docs/resources/service_account_access_token.md b/docs/resources/service_account_access_token.md
@@ -3,22 +3,22 @@
 page_title: "stackit_service_account_access_token Resource - stackit"
 subcategory: ""
 description: |-
-  Schema for a STACKIT service account access token resource.
+  Service account access token schema.
   ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
   Example Usage
   Automatically rotate access tokens
   
   resource "stackit_service_account" "sa" {
-    project_id = var.stackit_project_id
+    project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
     name       = "sa01"
   }
   
   resource "time_rotating" "rotate" {
     rotation_days = 80
   }
   
-  resource "stackit_service_account_access_token" "sa1" {
-    project_id            = var.stackit_project_id
+  resource "stackit_service_account_access_token" "sa_token" {
+    project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
     service_account_email = stackit_service_account.sa.email
     ttl_days              = 180
   
@@ -30,7 +30,7 @@ description: |-
 
 # stackit_service_account_access_token (Resource)
 
-Schema for a STACKIT service account access token resource.
+Service account access token schema.
 
 ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
 ## Example Usage
@@ -39,16 +39,16 @@ Schema for a STACKIT service account access token resource.
 ### Automatically rotate access tokens
 ```terraform
 resource "stackit_service_account" "sa" {
-  project_id = var.stackit_project_id
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   name       = "sa01"
 }
 
 resource "time_rotating" "rotate" {
   rotation_days = 80
 }
 
-resource "stackit_service_account_access_token" "sa1" {
-  project_id            = var.stackit_project_id
+resource "stackit_service_account_access_token" "sa_token" {
+  project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   service_account_email = stackit_service_account.sa.email
   ttl_days              = 180
 
@@ -79,6 +79,6 @@ resource "stackit_service_account_access_token" "sa1" {
 - `access_token_id` (String) Identifier for the access token linked to the service account.
 - `active` (Boolean) Indicate whether the token is currently active or inactive
 - `created_at` (String) Timestamp indicating when the access token was created.
-- `id` (String) Unique internal resource ID for Terraform, formatted as "`project_id`,`access_token_id`".
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`access_token_id`".
 - `token` (String, Sensitive) JWT access token for API authentication. Prefixed by 'Bearer' and should be stored securely as it is irretrievable once lost.
 - `valid_until` (String) Estimated expiration timestamp of the access token. For precise validity, check the JWT details.
diff --git a/stackit/internal/services/serviceaccount/token/const.go b/stackit/internal/services/serviceaccount/token/const.go
@@ -1,23 +1,21 @@
 package token
 
 const markdownDescription = `
-Schema for a STACKIT service account access token resource.` + "\n" + `
-~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
 ## Example Usage` + "\n" + `
 
 ### Automatically rotate access tokens` + "\n" +
 	"```terraform" + `
 resource "stackit_service_account" "sa" {
-  project_id = var.stackit_project_id
+  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   name       = "sa01"
 }
 
 resource "time_rotating" "rotate" {
   rotation_days = 80
 }
 
-resource "stackit_service_account_access_token" "sa1" {
-  project_id            = var.stackit_project_id
+resource "stackit_service_account_access_token" "sa_token" {
+  project_id            = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   service_account_email = stackit_service_account.sa.email
   ttl_days              = 180
 
diff --git a/stackit/internal/services/serviceaccount/token/resource.go b/stackit/internal/services/serviceaccount/token/resource.go
@@ -119,7 +119,8 @@ func (r *serviceAccountTokenResource) Metadata(_ context.Context, req resource.M
 // Schema defines the resource schema for the service account access token.
 func (r *serviceAccountTokenResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
 	descriptions := map[string]string{
-		"id":                    "Unique internal resource ID for Terraform, formatted as \"`project_id`,`access_token_id`\".",
+		"id":                    "Terraform's internal resource identifier. It is structured as \"`project_id`,`access_token_id`,`service_account_email`\".",
+		"main":                  "Service account access token schema.",
 		"project_id":            "STACKIT project ID associated with the service account token.",
 		"service_account_email": "Email address linked to the service account.",
 		"ttl_days":              "Specifies the token's validity duration in days. If unspecified, defaults to 90 days.",
@@ -130,11 +131,9 @@ func (r *serviceAccountTokenResource) Schema(_ context.Context, _ resource.Schem
 		"created_at":            "Timestamp indicating when the access token was created.",
 		"valid_until":           "Estimated expiration timestamp of the access token. For precise validity, check the JWT details.",
 	}
-
 	resp.Schema = schema.Schema{
-		MarkdownDescription: markdownDescription,
-		Description:         "STACKIT service account access token schema.",
-
+		MarkdownDescription: fmt.Sprintf("%s%s", features.AddBetaDescription(descriptions["main"]), markdownDescription),
+		Description:         descriptions["main"],
 		Attributes: map[string]schema.Attribute{
 			"id": schema.StringAttribute{
 				Description: descriptions["id"],
@@ -382,7 +381,7 @@ func mapCreateResponse(resp *serviceaccount.AccessToken, model *Model) error {
 		validUntil = types.StringValue(validUntilValue.Format(time.RFC3339))
 	}
 
-	idParts := []string{model.ProjectId.ValueString(), *resp.Id}
+	idParts := []string{model.ProjectId.ValueString(), *resp.Id, model.ServiceAccountEmail.ValueString()}
 	model.Id = types.StringValue(strings.Join(idParts, core.Separator))
 	model.AccessTokenId = types.StringPointerValue(resp.Id)
 	model.Token = types.StringPointerValue(resp.Token)
diff --git a/stackit/internal/services/serviceaccount/token/resource_test.go b/stackit/internal/services/serviceaccount/token/resource_test.go
@@ -71,11 +71,12 @@ func TestMapCreateResponse(t *testing.T) {
 				Token: utils.Ptr("token"),
 			},
 			Model{
-				Id:                types.StringValue("pid,aid"),
-				ProjectId:         types.StringValue("pid"),
-				Token:             types.StringValue("token"),
-				AccessTokenId:     types.StringValue("aid"),
-				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
+				Id:                  types.StringValue("pid,aid,email"),
+				ProjectId:           types.StringValue("pid"),
+				ServiceAccountEmail: types.StringValue("email"),
+				Token:               types.StringValue("token"),
+				AccessTokenId:       types.StringValue("aid"),
+				RotateWhenChanged:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -89,14 +90,15 @@ func TestMapCreateResponse(t *testing.T) {
 				Active:     utils.Ptr(true),
 			},
 			Model{
-				Id:                types.StringValue("pid,aid"),
-				ProjectId:         types.StringValue("pid"),
-				Token:             types.StringValue("token"),
-				AccessTokenId:     types.StringValue("aid"),
-				Active:            types.BoolValue(true),
-				CreatedAt:         types.StringValue(time.Now().Format(time.RFC3339)),
-				ValidUntil:        types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)),
-				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
+				Id:                  types.StringValue("pid,aid,email"),
+				ProjectId:           types.StringValue("pid"),
+				ServiceAccountEmail: types.StringValue("email"),
+				Token:               types.StringValue("token"),
+				AccessTokenId:       types.StringValue("aid"),
+				Active:              types.BoolValue(true),
+				CreatedAt:           types.StringValue(time.Now().Format(time.RFC3339)),
+				ValidUntil:          types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)),
+				RotateWhenChanged:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -132,8 +134,9 @@ func TestMapCreateResponse(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
 			model := &Model{
-				ProjectId:         tt.expected.ProjectId,
-				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
+				ProjectId:           tt.expected.ProjectId,
+				ServiceAccountEmail: tt.expected.ServiceAccountEmail,
+				RotateWhenChanged:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			}
 			err := mapCreateResponse(tt.input, model)
 			if !tt.isValid && err == nil {
@@ -167,12 +170,13 @@ func TestMapListResponse(t *testing.T) {
 				ValidUntil: utils.Ptr(time.Now().Add(24 * time.Hour)),
 			},
 			Model{
-				Id:                types.StringValue("pid,aid"),
-				ProjectId:         types.StringValue("pid"),
-				AccessTokenId:     types.StringValue("aid"),
-				CreatedAt:         types.StringValue(time.Now().Format(time.RFC3339)),                     // Adjusted for test setup time
-				ValidUntil:        types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)), // Adjust for format
-				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
+				Id:                  types.StringValue("pid,aid,email"),
+				ProjectId:           types.StringValue("pid"),
+				ServiceAccountEmail: types.StringValue("email"),
+				AccessTokenId:       types.StringValue("aid"),
+				CreatedAt:           types.StringValue(time.Now().Format(time.RFC3339)),                     // Adjusted for test setup time
+				ValidUntil:          types.StringValue(time.Now().Add(24 * time.Hour).Format(time.RFC3339)), // Adjust for format
+				RotateWhenChanged:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			},
 			true,
 		},
@@ -204,8 +208,9 @@ func TestMapListResponse(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
 			model := &Model{
-				ProjectId:         tt.expected.ProjectId,
-				RotateWhenChanged: types.MapValueMust(types.StringType, map[string]attr.Value{}),
+				ProjectId:           tt.expected.ProjectId,
+				ServiceAccountEmail: tt.expected.ServiceAccountEmail,
+				RotateWhenChanged:   types.MapValueMust(types.StringType, map[string]attr.Value{}),
 			}
 			err := mapListResponse(tt.input, model)
 			if !tt.isValid && err == nil {
