stackitcloud
diff --git a/‎go.mod‎
Lines changed: 2 additions & 1 deletion b/‎go.mod‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 4 additions & 2 deletions b/‎go.sum‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎stackit/internal/core/core.go‎
Lines changed: 1 addition & 0 deletions b/‎stackit/internal/core/core.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎stackit/internal/services/albcertificates/certificates/datasource.go‎
Lines changed: 158 additions & 0 deletions b/‎stackit/internal/services/albcertificates/certificates/datasource.go‎
Lines changed: 158 additions & 0 deletions
@@ -11,9 +11,10 @@ require (
 	github.com/hashicorp/terraform-plugin-go v0.30.0
 	github.com/hashicorp/terraform-plugin-log v0.10.0
 	github.com/hashicorp/terraform-plugin-testing v1.14.0
-	github.com/stackitcloud/stackit-sdk-go/core v0.22.0
+	github.com/stackitcloud/stackit-sdk-go/core v0.23.0
 	github.com/stackitcloud/stackit-sdk-go/services/alb v0.9.3
 	github.com/stackitcloud/stackit-sdk-go/services/cdn v1.10.0
+	github.com/stackitcloud/stackit-sdk-go/services/certificates v1.4.1
 	github.com/stackitcloud/stackit-sdk-go/services/dns v0.17.6
 	github.com/stackitcloud/stackit-sdk-go/services/edge v0.4.3
 	github.com/stackitcloud/stackit-sdk-go/services/git v0.10.3
 
@@ -151,14 +151,16 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
 github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
 github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
-github.com/stackitcloud/stackit-sdk-go/core v0.22.0 h1:6rViz7GnNwXSh51Lur5xuDzO8EWSZfN9J0HvEkBKq6c=
-github.com/stackitcloud/stackit-sdk-go/core v0.22.0/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
+github.com/stackitcloud/stackit-sdk-go/core v0.23.0 h1:zPrOhf3Xe47rKRs1fg/AqKYUiJJRYjdcv+3qsS50mEs=
+github.com/stackitcloud/stackit-sdk-go/core v0.23.0/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
 github.com/stackitcloud/stackit-sdk-go/services/alb v0.9.3 h1:X82TZfc6lg8ZoYdckiv5+OsV0d+81Q2TFMJh1TfxGWk=
 github.com/stackitcloud/stackit-sdk-go/services/alb v0.9.3/go.mod h1:V6+MolxM/M2FWyWZA+FRFKEzzUe10MU9eEVfMvxHGi8=
 github.com/stackitcloud/stackit-sdk-go/services/authorization v0.12.0 h1:HxPgBu04j5tj6nfZ2r0l6v4VXC0/tYOGe4sA5Addra8=
 github.com/stackitcloud/stackit-sdk-go/services/authorization v0.12.0/go.mod h1:uYI9pHAA2g84jJN25ejFUxa0/JtfpPZqMDkctQ1BzJk=
 github.com/stackitcloud/stackit-sdk-go/services/cdn v1.10.0 h1:YALzjYAApyQMKyt4C2LKhPRZHa6brmbFeKuuwl+KOTs=
 github.com/stackitcloud/stackit-sdk-go/services/cdn v1.10.0/go.mod h1:915b/lJgDikYFEoRQ8wc8aCtPvUCceYk7gGm9nViJe0=
+github.com/stackitcloud/stackit-sdk-go/services/certificates v1.4.1 h1:RBY/mNR4H8Vd/7z0nky+AQNvoaZ16hvrGSuYi1YLLao=
+github.com/stackitcloud/stackit-sdk-go/services/certificates v1.4.1/go.mod h1:3R/RwYdBc1s6WZNhToWs0rBDropbNRM7okOAdjY3rpU=
 github.com/stackitcloud/stackit-sdk-go/services/dns v0.17.6 h1:GBRb49x5Nax/oQQaaf2F3kKwv8DQQOL0TQOC0C/v/Ew=
 github.com/stackitcloud/stackit-sdk-go/services/dns v0.17.6/go.mod h1:IX9iL3MigDZUmzwswTJMfYvyi118KAHrFMfjJUy5NYk=
 github.com/stackitcloud/stackit-sdk-go/services/edge v0.4.3 h1:TxChb2qbO82JiQEBYClSSD5HZxqKeKJ6dIvkEUCJmbs=
 
@@ -39,6 +39,7 @@ type ProviderData struct {
 	DefaultRegion                   string
 	ALBCustomEndpoint               string
 	AuthorizationCustomEndpoint     string
+	CertificatesCustomEndpoint      string
 	CdnCustomEndpoint               string
 	DnsCustomEndpoint               string
 	EdgeCloudCustomEndpoint         string
 
@@ -0,0 +1,158 @@
+package certificates
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	certSdk "github.com/stackitcloud/stackit-sdk-go/services/certificates"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
+	certUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/albcertificates/utils"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/utils"
+)
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ datasource.DataSource = &certDataSource{}
+)
+
+// NewCertificatesDataSource is a helper function to simplify the provider implementation.
+func NewCertificatesDataSource() datasource.DataSource {
+	return &certDataSource{}
+}
+
+// certDataSource is the data source implementation.
+type certDataSource struct {
+	client       *certSdk.APIClient
+	providerData core.ProviderData
+}
+
+// Metadata returns the data source type name.
+func (r *certDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_certificates"
+}
+
+// Configure adds the provider configured client to the data source.
+func (r *certDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	var ok bool
+	r.providerData, ok = conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
+	if !ok {
+		return
+	}
+
+	apiClient := certUtils.ConfigureClient(ctx, &r.providerData, &resp.Diagnostics)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	r.client = apiClient
+	tflog.Info(ctx, "Certificate client configured")
+}
+
+// Schema defines the schema for the resource.
+func (r *certDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	descriptions := map[string]string{
+		"main":        "Certificates resource schema.",
+		"id":          "Terraform's internal resource ID. It is structured as `project_id`,`region`,`name`.",
+		"project_id":  "STACKIT project ID to which the certificates is associated.",
+		"region":      "The resource region (e.g. eu01). If not defined, the provider region is used.",
+		"cert-id":     "The ID of the certificate.",
+		"name":        "Certificate name.",
+		"private_key": "The PEM encoded private key part",
+		"public_key":  "The PEM encoded public key part",
+	}
+
+	resp.Schema = schema.Schema{
+		Description: descriptions["main"],
+		MarkdownDescription: `
+## Setting up supporting infrastructure` + "\n" + `
+
+The example below creates the supporting infrastructure using the STACKIT Terraform provider, including the network, network interface, a public IP address and server resources.
+`,
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: descriptions["id"],
+				Computed:    true,
+			},
+			"project_id": schema.StringAttribute{
+				Description: descriptions["project_id"],
+				Computed:    true,
+			},
+			"region": schema.StringAttribute{
+				Description: descriptions["region"],
+				Computed:    true,
+			},
+			"name": schema.StringAttribute{
+				Description: descriptions["name"],
+				Computed:    true,
+			},
+			"cert_id": schema.StringAttribute{
+				Description: descriptions["cert-id"],
+				Computed:    true,
+			},
+			"private_key": schema.StringAttribute{
+				Description: descriptions["private_key"],
+				Computed:    true,
+			},
+			"public_key": schema.StringAttribute{
+				Description: descriptions["public_key"],
+				Computed:    true,
+			},
+		},
+	}
+}
+
+// Read refreshes the Terraform state with the latest data.
+func (r *certDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
+	var model Model
+	diags := req.Config.Get(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectId := model.ProjectId.ValueString()
+	certId := model.CertID.ValueString()
+	region := r.providerData.GetRegionWithOverride(model.Region)
+	ctx = tflog.SetField(ctx, "project_id", projectId)
+	ctx = tflog.SetField(ctx, "cert_id", certId)
+	ctx = tflog.SetField(ctx, "region", region)
+
+	certResp, err := r.client.GetCertificate(ctx, projectId, region, certId).Execute()
+	if err != nil {
+		utils.LogError(
+			ctx,
+			&resp.Diagnostics,
+			err,
+			"Reading certificate",
+			fmt.Sprintf("Certificate with ID %q does not exist in project %q.", certId, projectId),
+			map[int]string{
+				http.StatusForbidden: fmt.Sprintf("Project with ID %q not found or forbidden access", projectId),
+			},
+		)
+		resp.State.RemoveResource(ctx)
+		return
+	}
+
+	ctx = core.LogResponse(ctx)
+
+	// Map response body to schema
+	err = mapFields(certResp, &model, region)
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading certificate", fmt.Sprintf("Processing API payload: %v", err))
+		return
+	}
+
+	// Set refreshed state
+	diags = resp.State.Set(ctx, model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Info(ctx, "Certificate read")
+}