stackitcloud · GokceGK · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_logs_access_token Data Source - stackit"
+subcategory: ""
+description: |-
+  Logs access token data source schema.
+  ~> This datasource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
+---
+
+# stackit_logs_access_token (Data Source)
+
+Logs access token data source schema.
+
+~> This datasource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
+
+## Example Usage
+
+```terraform
+data "stackit_logs_access_token" "accessToken" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region          = "eu01"
+  instance_id     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  access_token_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `access_token_id` (String) The access token ID
+- `instance_id` (String) The Logs instance ID associated with the access token
+- `project_id` (String) STACKIT project ID associated with the Logs access token
+
+### Optional
+
+- `lifetime` (Number) A lifetime period for an access token in days. If unset the token will not expire.
+- `region` (String) STACKIT region name the resource is located in. If not defined, the provider region is used.
+
+### Read-Only
+
+- `access_token` (String, Sensitive) The generated access token
+- `creator` (String) The user who created the access token
+- `description` (String) The description of the access token
+- `display_name` (String) The displayed name of the access token
+- `expires` (Boolean) Indicates if the access token can expire
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`region`,`instance_id`,`access_token_id`".
+- `permissions` (List of String) The access permissions granted to the access token. Possible values: `read`, `write`.
+- `status` (String) The status of the access token, possible values: Possible values are: `active`, `expired`.
+- `valid_until` (String) The date and time until an access token is valid to (inclusively)
@@ -0,0 +1,72 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "stackit_logs_access_token Resource - stackit"
+subcategory: ""
+description: |-
+  Logs access token resource schema.
+  ~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our guide https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources for how to opt-in to use beta resources.
+---
+
+# stackit_logs_access_token (Resource)
+
+Logs access token resource schema.
+
+~> This resource is in beta and may be subject to breaking changes in the future. Use with caution. See our [guide](https://registry.terraform.io/providers/stackitcloud/stackit/latest/docs/guides/opting_into_beta_resources) for how to opt-in to use beta resources.
+
+## Example Usage
+
+```terraform
+resource "stackit_logs_access_token" "accessToken" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region       = "eu01"
+  display_name = "logs-access-token-example"
+  permissions = [
+    "read"
+  ]
+}
+
+resource "stackit_logs_access_token" "accessToken2" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region       = "eu01"
+  display_name = "logs-access-token-example"
+  lifetime     = 30
+  permissions = [
+    "write"
+  ]
+  description = "Example description"
+}
+
+# Only use the import statement, if you want to import an existing logs instance
+import {
+  to = stackit_logs_access_token.import-example
+  id = "${var.project_id},${var.region},${var.logs_instance_id},${var.logs_access_token_id}"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `display_name` (String) The displayed name of the access token
+- `instance_id` (String) The Logs instance ID associated with the access token
+- `permissions` (List of String) The access permissions granted to the access token. Possible values: `read`, `write`.
+- `project_id` (String) STACKIT project ID associated with the Logs access token
+
+### Optional
+
+- `description` (String) The description of the access token
+- `lifetime` (Number) A lifetime period for an access token in days. If unset the token will not expire.
+- `region` (String) STACKIT region name the resource is located in. If not defined, the provider region is used.
+
+### Read-Only
+
+- `access_token` (String, Sensitive) The generated access token
+- `access_token_id` (String) The access token ID
+- `creator` (String) The user who created the access token
+- `expires` (Boolean) Indicates if the access token can expire
+- `id` (String) Terraform's internal resource identifier. It is structured as "`project_id`,`region`,`instance_id`,`access_token_id`".
+- `status` (String) The status of the access token, possible values: Possible values are: `active`, `expired`.
+- `valid_until` (String) The date and time until an access token is valid to (inclusively)
@@ -0,0 +1,6 @@
+data "stackit_logs_access_token" "accessToken" {
+  project_id      = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region          = "eu01"
+  instance_id     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  access_token_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+}
@@ -0,0 +1,27 @@
+resource "stackit_logs_access_token" "accessToken" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region       = "eu01"
+  display_name = "logs-access-token-example"
+  permissions = [
+    "read"
+  ]
+}
+
+resource "stackit_logs_access_token" "accessToken2" {
+  project_id   = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  instance_id  = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+  region       = "eu01"
+  display_name = "logs-access-token-example"
+  lifetime     = 30
+  permissions = [
+    "write"
+  ]
+  description = "Example description"
+}
+
+# Only use the import statement, if you want to import an existing logs instance
+import {
+  to = stackit_logs_access_token.import-example
+  id = "${var.project_id},${var.region},${var.logs_instance_id},${var.logs_access_token_id}"
+}
@@ -0,0 +1,183 @@
+package accesstoken
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/stackitcloud/stackit-sdk-go/core/oapierror"
+	"github.com/stackitcloud/stackit-sdk-go/services/logs"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/features"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/logs/utils"
+	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/validate"
+)
+
+var (
+	_ datasource.DataSource = &logsAccessTokenDataSource{}
+)
+
+func NewLogsAccessTokenDataSource() datasource.DataSource {
+	return &logsAccessTokenDataSource{}
+}
+
+type logsAccessTokenDataSource struct {
+	client       *logs.APIClient
+	providerData core.ProviderData
+}
+
+func (d *logsAccessTokenDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_logs_access_token"
+}
+
+func (d *logsAccessTokenDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	providerData, ok := conversion.ParseProviderData(ctx, req.ProviderData, &resp.Diagnostics)
+	if !ok {
+		return
+	}
+	d.providerData = providerData
+
+	apiClient := utils.ConfigureClient(ctx, &providerData, &resp.Diagnostics)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	d.client = apiClient
+	tflog.Info(ctx, "Logs client configured")
+}
+
+func (d *logsAccessTokenDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: features.AddBetaDescription("Logs access token data source schema.", core.Datasource),
+		Description:         fmt.Sprintf("Logs access token data source schema. %s", core.DatasourceRegionFallbackDocstring),
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: schemaDescriptions["id"],
+				Computed:    true,
+			},
+			"access_token_id": schema.StringAttribute{
+				Description: schemaDescriptions["access_token_id"],
+				Required:    true,
+				Validators: []validator.String{
+					validate.UUID(),
+					validate.NoSeparator(),
+				},
+			},
+			"instance_id": schema.StringAttribute{
+				Description: schemaDescriptions["instance_id"],
+				Required:    true,
+				Validators: []validator.String{
+					validate.UUID(),
+					validate.NoSeparator(),
+				},
+			},
+			"region": schema.StringAttribute{
+				Description: schemaDescriptions["region"],
+				// the region cannot be found, so it has to be passed
+				Optional: true,
+			},
+			"project_id": schema.StringAttribute{
+				Description: schemaDescriptions["project_id"],
+				Required:    true,
+				Validators: []validator.String{
+					validate.UUID(),
+					validate.NoSeparator(),
+				},
+			},
+			"access_token": schema.StringAttribute{
+				Description: schemaDescriptions["access_token"],
+				Computed:    true,
+				Sensitive:   true,
+			},
+			"creator": schema.StringAttribute{
+				Description: schemaDescriptions["creator"],
+				Computed:    true,
+			},
+			"description": schema.StringAttribute{
+				Description: schemaDescriptions["description"],
+				Computed:    true,
+			},
+			"display_name": schema.StringAttribute{
+				Description: schemaDescriptions["display_name"],
+				Computed:    true,
+				Validators:  []validator.String{stringvalidator.LengthAtLeast(1)},
+			},
+			"expires": schema.BoolAttribute{
+				Description: schemaDescriptions["expires"],
+				Computed:    true,
+			},
+			"valid_until": schema.StringAttribute{
+				Description: schemaDescriptions["valid_until"],
+				Computed:    true,
+			},
+			"permissions": schema.ListAttribute{
+				Description: schemaDescriptions["permissions"],
+				ElementType: types.StringType,
+				Computed:    true,
+			},
+			"status": schema.StringAttribute{
+				Description: schemaDescriptions["status"],
+				Computed:    true,
+			},
+			"lifetime": schema.Int64Attribute{
+				Description: schemaDescriptions["lifetime"],
+				Optional:    true,
+			},
+		},
+	}
+}
+
+func (d *logsAccessTokenDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
+	var model Model
+	diags := req.Config.Get(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	ctx = core.InitProviderContext(ctx)
+
+	projectID := model.ProjectID.ValueString()
+	region := d.providerData.GetRegionWithOverride(model.Region)
+	instanceID := model.InstanceID.ValueString()
+	accessTokenID := model.AccessTokenID.ValueString()
+
+	ctx = tflog.SetField(ctx, "project_id", projectID)
+	ctx = tflog.SetField(ctx, "region", region)
+	ctx = tflog.SetField(ctx, "instance_id", instanceID)
+	ctx = tflog.SetField(ctx, "access_token_id", accessTokenID)
+
+	accessTokenResponse, err := d.client.GetAccessToken(ctx, projectID, region, instanceID, accessTokenID).Execute()
+	if err != nil {
+		var oapiErr *oapierror.GenericOpenAPIError
+		ok := errors.As(err, &oapiErr)
+		if ok && oapiErr.StatusCode == http.StatusNotFound {
+			resp.State.RemoveResource(ctx)
+			return
+		}
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading Logs access token", fmt.Sprintf("Calling API: %v", err))
+		return
+	}
+	ctx = core.LogResponse(ctx)
+
+	err = mapFields(ctx, accessTokenResponse, &model)
+	if err != nil {
+		core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading Logs access token", fmt.Sprintf("Processing response: %v", err))
+		return
+	}
+	diags = resp.State.Set(ctx, model)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+	tflog.Info(ctx, "Logs access token read", map[string]interface{}{
+		"access_token_id": accessTokenID,
+	})
+}