elastic
diff --git a/‎internal/clients/fleet/fleet.go
Lines changed: 26 additions & 6 deletions b/‎internal/clients/fleet/fleet.go
Lines changed: 26 additions & 6 deletions
diff --git a/‎internal/fleet/enrollment_tokens/data_source.go
Lines changed: 33 additions & 0 deletions b/‎internal/fleet/enrollment_tokens/data_source.go
Lines changed: 33 additions & 0 deletions
diff --git a/‎internal/fleet/enrollment_tokens_data_source_test.go renamed to ‎internal/fleet/enrollment_tokens/data_source_test.go
Lines changed: 33 additions & 1 deletion b/‎internal/fleet/enrollment_tokens_data_source_test.go renamed to ‎internal/fleet/enrollment_tokens/data_source_test.go
Lines changed: 33 additions & 1 deletion
diff --git a/‎internal/fleet/enrollment_tokens/models.go
Lines changed: 41 additions & 0 deletions b/‎internal/fleet/enrollment_tokens/models.go
Lines changed: 41 additions & 0 deletions
diff --git a/‎internal/fleet/enrollment_tokens/read.go
Lines changed: 55 additions & 0 deletions b/‎internal/fleet/enrollment_tokens/read.go
Lines changed: 55 additions & 0 deletions
diff --git a/‎internal/fleet/enrollment_tokens/schema.go
Lines changed: 59 additions & 0 deletions b/‎internal/fleet/enrollment_tokens/schema.go
Lines changed: 59 additions & 0 deletions
@@ -8,6 +8,7 @@ import (
 	"net/http"
 
 	fleetapi "github.com/elastic/terraform-provider-elasticstack/generated/fleet"
+	fwdiag "github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 )
 
@@ -16,20 +17,20 @@ var (
 )
 
 // AllEnrollmentTokens reads all enrollment tokens from the API.
-func AllEnrollmentTokens(ctx context.Context, client *Client) ([]fleetapi.EnrollmentApiKey, diag.Diagnostics) {
+func AllEnrollmentTokens(ctx context.Context, client *Client) ([]fleetapi.EnrollmentApiKey, fwdiag.Diagnostics) {
 	resp, err := client.API.GetEnrollmentApiKeysWithResponse(ctx)
 	if err != nil {
-		return nil, diag.FromErr(err)
+		return nil, fromErr(err)
 	}
 
 	if resp.StatusCode() == http.StatusOK {
 		return resp.JSON200.Items, nil
 	}
-	return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	return nil, reportUnknownErrorFw(resp.StatusCode(), resp.Body)
 }
 
 // GetEnrollmentTokensByPolicy Get enrollment tokens by given policy ID
-func GetEnrollmentTokensByPolicy(ctx context.Context, client *Client, policyID string) ([]fleetapi.EnrollmentApiKey, diag.Diagnostics) {
+func GetEnrollmentTokensByPolicy(ctx context.Context, client *Client, policyID string) ([]fleetapi.EnrollmentApiKey, fwdiag.Diagnostics) {
 	resp, err := client.API.GetEnrollmentApiKeysWithResponse(ctx, func(ctx context.Context, req *http.Request) error {
 		q := req.URL.Query()
 		q.Set("kuery", "policy_id:"+policyID)
@@ -38,13 +39,13 @@ func GetEnrollmentTokensByPolicy(ctx context.Context, client *Client, policyID s
 		return nil
 	})
 	if err != nil {
-		return nil, diag.FromErr(err)
+		return nil, fromErr(err)
 	}
 
 	if resp.StatusCode() == http.StatusOK {
 		return resp.JSON200.Items, nil
 	}
-	return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	return nil, reportUnknownErrorFw(resp.StatusCode(), resp.Body)
 }
 
 // ReadAgentPolicy reads a specific agent policy from the API.
@@ -416,6 +417,16 @@ func AllPackages(ctx context.Context, client *Client, prerelease bool) ([]fleeta
 	}
 }
 
+// fromErr recreates the sdkdiag.FromErr functionality.
+func fromErr(err error) fwdiag.Diagnostics {
+	if err == nil {
+		return nil
+	}
+	return fwdiag.Diagnostics{
+		fwdiag.NewErrorDiagnostic(err.Error(), ""),
+	}
+}
+
 func reportUnknownError(statusCode int, body []byte) diag.Diagnostics {
 	return diag.Diagnostics{
 		diag.Diagnostic{
@@ -425,3 +436,12 @@ func reportUnknownError(statusCode int, body []byte) diag.Diagnostics {
 		},
 	}
 }
+
+func reportUnknownErrorFw(statusCode int, body []byte) fwdiag.Diagnostics {
+	return fwdiag.Diagnostics{
+		fwdiag.NewErrorDiagnostic(
+			fmt.Sprintf("Unexpected status code from server: got HTTP %d", statusCode),
+			string(body),
+		),
+	}
+}
@@ -0,0 +1,33 @@
+package enrollment_tokens
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+)
+
+var (
+	_ datasource.DataSource              = &dataSource{}
+	_ datasource.DataSourceWithConfigure = &dataSource{}
+)
+
+// NewDataSource is a helper function to simplify the provider implementation.
+func NewDataSource() datasource.DataSource {
+	return &dataSource{}
+}
+
+type dataSource struct {
+	client *clients.ApiClient
+}
+
+func (d *dataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = fmt.Sprintf("%s_%s", req.ProviderTypeName, "fleet_enrollment_tokens")
+}
+
+func (d *dataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	client, diags := clients.ConvertProviderData(req.ProviderData)
+	resp.Diagnostics.Append(diags...)
+	d.client = client
+}
@@ -1,12 +1,18 @@
-package fleet_test
+package enrollment_tokens_test
 
 import (
+	"context"
+	"fmt"
 	"testing"
 
 	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/fleet"
+	"github.com/elastic/terraform-provider-elasticstack/internal/utils"
 	"github.com/elastic/terraform-provider-elasticstack/internal/versionutils"
 	"github.com/hashicorp/go-version"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
 var minVersionEnrollmentTokens = version.Must(version.NewVersion("8.6.0"))
@@ -46,3 +52,29 @@ data "elasticstack_fleet_enrollment_tokens" "test" {
   policy_id = elasticstack_fleet_agent_policy.test.policy_id
 }
 `
+
+func checkResourceAgentPolicyDestroy(s *terraform.State) error {
+	client, err := clients.NewAcceptanceTestingClient()
+	if err != nil {
+		return err
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "elasticstack_fleet_agent_policy" {
+			continue
+		}
+
+		fleetClient, err := client.GetFleetClient()
+		if err != nil {
+			return err
+		}
+		policy, diags := fleet.ReadAgentPolicy(context.Background(), fleetClient, rs.Primary.ID)
+		if diags.HasError() {
+			return utils.SdkDiagsAsError(diags)
+		}
+		if policy != nil {
+			return fmt.Errorf("agent policy id=%v still exists, but it should have been removed", rs.Primary.ID)
+		}
+	}
+	return nil
+}
@@ -0,0 +1,41 @@
+package enrollment_tokens
+
+import (
+	fleetapi "github.com/elastic/terraform-provider-elasticstack/generated/fleet"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type enrollmentTokensModel struct {
+	ID       types.String           `tfsdk:"id"`
+	PolicyID types.String           `tfsdk:"policy_id"`
+	Tokens   []enrollmentTokenModel `tfsdk:"tokens"`
+}
+
+type enrollmentTokenModel struct {
+	KeyID     types.String `tfsdk:"key_id"`
+	ApiKey    types.String `tfsdk:"api_key"`
+	ApiKeyID  types.String `tfsdk:"api_key_id"`
+	CreatedAt types.String `tfsdk:"created_at"`
+	Name      types.String `tfsdk:"name"`
+	Active    types.Bool   `tfsdk:"active"`
+	PolicyID  types.String `tfsdk:"policy_id"`
+}
+
+func (model *enrollmentTokensModel) populateFromAPI(data []fleetapi.EnrollmentApiKey) {
+	model.Tokens = make([]enrollmentTokenModel, 0, len(data))
+	for _, token := range data {
+		itemModel := enrollmentTokenModel{}
+		itemModel.populateFromAPI(token)
+		model.Tokens = append(model.Tokens, itemModel)
+	}
+}
+
+func (model *enrollmentTokenModel) populateFromAPI(data fleetapi.EnrollmentApiKey) {
+	model.KeyID = types.StringValue(data.Id)
+	model.Active = types.BoolValue(data.Active)
+	model.ApiKey = types.StringValue(data.ApiKey)
+	model.ApiKeyID = types.StringValue(data.ApiKeyId)
+	model.CreatedAt = types.StringValue(data.CreatedAt)
+	model.Name = types.StringPointerValue(data.Name)
+	model.PolicyID = types.StringPointerValue(data.PolicyId)
+}
@@ -0,0 +1,55 @@
+package enrollment_tokens
+
+import (
+	"context"
+
+	fleetapi "github.com/elastic/terraform-provider-elasticstack/generated/fleet"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/fleet"
+	"github.com/elastic/terraform-provider-elasticstack/internal/utils"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+func (d *dataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var model enrollmentTokensModel
+
+	diags := req.Config.Get(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	client, err := d.client.GetFleetClient()
+	if err != nil {
+		resp.Diagnostics.AddError(err.Error(), "")
+		return
+	}
+
+	var tokens []fleetapi.EnrollmentApiKey
+	policyID := model.PolicyID.ValueString()
+	if policyID == "" {
+		tokens, diags = fleet.AllEnrollmentTokens(ctx, client)
+	} else {
+		tokens, diags = fleet.GetEnrollmentTokensByPolicy(ctx, client, policyID)
+	}
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	if policyID != "" {
+		model.ID = types.StringValue(policyID)
+	} else {
+		hash, err := utils.StringToHash(client.URL)
+		if err != nil {
+			resp.Diagnostics.AddError(err.Error(), "")
+			return
+		}
+		model.ID = types.StringPointerValue(hash)
+	}
+
+	model.populateFromAPI(tokens)
+
+	diags = resp.State.Set(ctx, model)
+	resp.Diagnostics.Append(diags...)
+}
@@ -0,0 +1,59 @@
+package enrollment_tokens
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+)
+
+func (d *dataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema.Description = "Retrieves Elasticsearch API keys used to enroll Elastic Agents in Fleet. See: https://www.elastic.co/guide/en/fleet/current/fleet-enrollment-tokens.html"
+	resp.Schema.Attributes = map[string]schema.Attribute{
+		"id": schema.StringAttribute{
+			Description: "The ID of this resource.",
+			Computed:    true,
+		},
+		"policy_id": schema.StringAttribute{
+			Description: "The identifier of the target agent policy. When provided, only the enrollment tokens associated with this agent policy will be selected. Omit this value to select all enrollment tokens.",
+			Optional:    true,
+		},
+		"tokens": schema.ListNestedAttribute{
+			Description: "A list of enrollment tokens.",
+			Computed:    true,
+			NestedObject: schema.NestedAttributeObject{
+				Attributes: map[string]schema.Attribute{
+					"key_id": schema.StringAttribute{
+						Description: "The unique identifier of the enrollment token.",
+						Computed:    true,
+					},
+					"api_key": schema.StringAttribute{
+						Description: "The API key.",
+						Computed:    true,
+						Sensitive:   true,
+					},
+					"api_key_id": schema.StringAttribute{
+						Description: "The API key identifier.",
+						Computed:    true,
+					},
+					"created_at": schema.StringAttribute{
+						Description: "The time at which the enrollment token was created.",
+						Computed:    true,
+					},
+					"name": schema.StringAttribute{
+						Description: "The name of the enrollment token.",
+						Computed:    true,
+					},
+					"active": schema.BoolAttribute{
+						Description: "Indicates if the enrollment token is active.",
+						Computed:    true,
+					},
+					"policy_id": schema.StringAttribute{
+						Description: "The identifier of the associated agent policy.",
+						Computed:    true,
+					},
+				},
+			},
+		},
+	}
+}