allow to adjust token validity for api clients

Author: mlitvinav

.changes/unreleased/Changed-20241127-143527.yaml

@@ -0,0 +1,3 @@
+kind: Changed
+body: '`resource_api_client` add support for setting and managing token validity via Terraform.'
+time: 2024-11-27T14:35:27.885461+01:00

commercetools/resource_api_client.go

@@ -19,7 +19,7 @@ func resourceAPIClient() *schema.Resource {
 		Description: "Create a new API client. Note that Commercetools might return slightly different scopes, " +
 			"resulting in a new API client being created everytime Terraform is run. In this case, " +
 			"fix your scopes accordingly to match what is returned by Commercetools.\n\n" +
-			"Also see the [API client HTTP API documentation](https://docs.commercetools.com//http-api-projects-api-clients).",
+			"Also see the [API client HTTP API documentation](https://docs.commercetools.com/api/projects/api-clients).",
 		CreateContext: resourceAPIClientCreate,
 		ReadContext:   resourceAPIClientRead,
 		DeleteContext: resourceAPIClientDelete,
@@ -34,12 +34,26 @@ func resourceAPIClient() *schema.Resource {
 				ForceNew:    true,
 			},
 			"scope": {
-				Description: "A list of the [OAuth scopes](https://docs.commercetools.com/http-api-authorization.html#scopes)",
+				Description: "A list of the [OAuth scopes](https://docs.commercetools.com/api/scopes)",
 				Type:        schema.TypeSet,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Required:    true,
 				ForceNew:    true,
 			},
+			"accessTokenValiditySeconds": {
+				Description: "Expiration time in seconds for each access token obtained by the APIClient. Only present when set with the APIClientDraft. If not present the default value applies.",
+				Type:        schema.TypeSet,
+				Elem:        &schema.Schema{Type: schema.TypeInt},
+				Required:    false,
+				ForceNew:    true,
+			},
+			"refreshTokenValiditySeconds": {
+				Description: "Inactivity expiration time in seconds for each refresh token obtained by the APIClient. Only present when set with the APIClientDraft. If not present the default value applies.",
+				Type:        schema.TypeSet,
+				Elem:        &schema.Schema{Type: schema.TypeInt},
+				Required:    false,
+				ForceNew:    true,
+			},
 			"secret": {
 				Type:      schema.TypeString,
 				Computed:  true,
@@ -50,7 +64,6 @@ func resourceAPIClient() *schema.Resource {
 }
 
 func resourceAPIClientCreate(ctx context.Context, d *schema.ResourceData, m any) diag.Diagnostics {
-	name := d.Get("name").(string)
 	scopes := d.Get("scope").(*schema.Set).List()
 
 	scopeParts := make([]string, 0)
@@ -59,9 +72,15 @@ func resourceAPIClientCreate(ctx context.Context, d *schema.ResourceData, m any)
 	}
 
 	draft := platform.ApiClientDraft{
-		Name:  name,
+		Name:  d.Get("name").(string),
 		Scope: strings.Join(scopeParts, " "),
 	}
+	if val := d.Get("accessTokenValiditySeconds").(*int); val != nil && *val > 0 {
+		draft.AccessTokenValiditySeconds = val
+	}
+	if val := d.Get("refreshTokenValiditySeconds").(*int); val != nil && *val > 0 {
+		draft.RefreshTokenValiditySeconds = val
+	}
 
 	client := getClient(m)
 
@@ -100,6 +119,8 @@ func resourceAPIClientRead(ctx context.Context, d *schema.ResourceData, m any) d
 	scopes := strings.Split(apiClient.Scope, " ")
 	sort.Strings(scopes)
 	_ = d.Set("scope", scopes)
+	_ = d.Set("accessTokenValiditySeconds", apiClient.AccessTokenValiditySeconds)
+	_ = d.Set("refreshTokenValiditySeconds", apiClient.RefreshTokenValiditySeconds)
 	return nil
 }
 

docs/resources/api_client.md

@@ -4,7 +4,7 @@ page_title: "commercetools_api_client Resource - terraform-provider-commercetool
 subcategory: ""
 description: |-
   Create a new API client. Note that Commercetools might return slightly different scopes, resulting in a new API client being created everytime Terraform is run. In this case, fix your scopes accordingly to match what is returned by Commercetools.
-  Also see the API client HTTP API documentation https://docs.commercetools.com//http-api-projects-api-clients.
+  Also see the API client HTTP API documentation https://docs.commercetools.com/api/projects/api-clients.
 ---
 
 # commercetools_api_client (Resource)
@@ -19,6 +19,8 @@ Also see the [API client HTTP API documentation](https://docs.commercetools.com/
 resource "commercetools_api_client" "my-api-client" {
   name  = "My API Client"
   scope = ["manage_orders:my-ct-project-key", "manage_payments:my-ct-project-key"]
+  accessTokenValiditySeconds = 3600
+  refreshTokenValiditySeconds = 60
 }
 ```
 
@@ -27,8 +29,14 @@ resource "commercetools_api_client" "my-api-client" {
 
 ### Required
 
-- `name` (String) Name of the API client
-- `scope` (Set of String) A list of the [OAuth scopes](https://docs.commercetools.com/http-api-authorization.html#scopes)
+- `name` (String) Name of the API client.
+- `scope` (Set of String) A list of the [OAuth scopes](https://docs.commercetools.com/api/scopes).
+
+
+### Optional
+
+- `accessTokenValiditySeconds` (Int) Expiration time in seconds for each access token obtained by the APIClient. See the latest CommerceTools documentation for [API Clients](https://docs.commercetools.com/api/projects/api-clients) for valid number ranges.
+- `refreshTokenValiditySeconds` (Int) Inactivity expiration time in seconds for each refresh token obtained by the APIClient. See the latest CommerceTools documentation for [API Clients](https://docs.commercetools.com/api/projects/api-clients) for valid number ranges.
 
 ### Read-Only