Skip to content

feat: add framework for ephemeral resources#3227

Merged
dd-mergequeue[bot] merged 1 commit intomasterfrom
mf/ephemerals-poc
Dec 22, 2025
Merged

feat: add framework for ephemeral resources#3227
dd-mergequeue[bot] merged 1 commit intomasterfrom
mf/ephemerals-poc

Conversation

@LiuVII
Copy link
Copy Markdown
Contributor

@LiuVII LiuVII commented Sep 12, 2025
edited
Loading

This is the initial PR to start implementation of ephemeral resources requested by Github Issue.

Add core infrastructure for ephemeral resources in Terraform Plugin Framework

  • Framework wrapper with schema enrichment
  • Private data utilities for state management between Open/Renew/Close
  • Test coverage for wrapper functionality

This enables secure, stateless access to sensitive resources without
storing secrets in Terraform state files.

LiuVII
LiuVII commented Sep 19, 2025
View reviewed changes
Comment thread datadog/docs/ephemeral-resources/ephemeral_security_guidelines.md Outdated
@LiuVII LiuVII force-pushed the mf/ephemerals-poc branch 2 times, most recently from ae52c9c to 5e961e1 Compare September 25, 2025 12:51
@LiuVII LiuVII changed the title POC: add datadog_api_key ephemeral [APIR-2186] POC - Implement ephemeral datadog_api_key resource Sep 25, 2025
@LiuVII LiuVII changed the title [APIR-2186] POC - Implement ephemeral datadog_api_key resource [APIR-2185] Create ephemeral resource base utilities and helpers Sep 25, 2025
@LiuVII LiuVII changed the title [APIR-2185] Create ephemeral resource base utilities and helpers [APIR-2186] POC - Implement ephemeral datadog_api_key resource Sep 25, 2025
@LiuVII LiuVII changed the title [APIR-2186] POC - Implement ephemeral datadog_api_key resource [datadog_api_key] Implement ephemeral datadog_api_key resource Sep 25, 2025
@LiuVII LiuVII marked this pull request as ready for review September 25, 2025 13:20
@LiuVII LiuVII requested review from a team as code owners September 25, 2025 13:20
@LiuVII LiuVII requested review from emubello and tyjet September 25, 2025 13:20
Supam
Supam approved these changes Sep 25, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@Supam Supam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

domalessi
domalessi approved these changes Sep 25, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@domalessi domalessi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few suggestions but approving so you're not blocked on me!

Comment thread docs/data-sources/api_key.md Outdated
Comment thread docs/data-sources/api_key.md Outdated
Comment thread docs/data-sources/api_key.md Outdated
Comment thread docs/index.md Outdated
tyjet
tyjet reviewed Sep 29, 2025
View reviewed changes
Comment thread datadog/fwprovider/ephemeral_resource_datadog_api_key.go Outdated
@Frogvall
Copy link
Copy Markdown

Frogvall commented Nov 14, 2025
edited
Loading

Hi,

As someone that has been waiting for this for quite some time. What is happening with this pull request? Was it abandoned due to one person not reviewing it? From the outside, that is what it looks like.

@fpighi
Copy link
Copy Markdown
Member

fpighi commented Nov 20, 2025

Hi,

As someone that has been waiting for this for quite some time. What is happening with this pull request? Was it abandoned due to one person not reviewing it? From the outside, that is what it looks like.

Hello @Frogvall ,
It's a problematic feature for us to maintain long term due to some underlying changes to application keys, so we are still discussing but we are leaning towards closing the PR without merging it.
To elaborate a bit more, we could implement an ephemeral resource for API Keys (this PR), but not for App Keys. This is because of a planned change to remove the ability to retrieve application keys after creation. This means ephemeral resources are not a good model that works for both cases, since they wouldn't be working with App Keys.
We are thinking of possible other solutions to this problem, but have no timeline at the moment.

@fpighi fpighi added the stale label Dec 18, 2025
@LiuVII
feat: add ephemeral resources framework infrastructure
21b07d6 
Add core infrastructure for ephemeral resources in Terraform Plugin Framework:
- Framework wrapper with schema enrichment and secure logging
- Private data utilities for state management between Open/Renew/Close
- Security guidelines and patterns for handling sensitive data
- Test coverage for wrapper functionality

This enables secure, stateless access to sensitive resources without
storing secrets in Terraform state files.
@LiuVII LiuVII changed the title [datadog_api_key] Implement ephemeral datadog_api_key resource feat: add framework for ephemeral resources Dec 22, 2025
@LiuVII
Copy link
Copy Markdown
Contributor Author

LiuVII commented Dec 22, 2025

/merge

@dd-devflow-routing-codex
Copy link
Copy Markdown

dd-devflow-routing-codex Bot commented Dec 22, 2025
edited
Loading

View all feedbacks in Devflow UI.

2025-12-22 15:12:26 UTC ℹ️ Start processing command /merge

2025-12-22 15:12:31 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 30m (p90).

2025-12-22 15:42:02 UTC ℹ️ MergeQueue: This merge request was merged

@dd-mergequeue dd-mergequeue Bot merged commit bd949ae into master Dec 22, 2025
24 checks passed
@dd-mergequeue dd-mergequeue Bot deleted the mf/ephemerals-poc branch December 22, 2025 15:42
@LorisFriedel LorisFriedel mentioned this pull request Jan 11, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tyjet tyjet tyjet approved these changes

@Supam Supam Supam approved these changes

@domalessi domalessi domalessi approved these changes

@emubello emubello Awaiting requested review from emubello emubello was automatically assigned from DataDog/credentials-management

Assignees

No one assigned

Labels

changelog/no-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@LiuVII @Frogvall @fpighi @tyjet @Supam @domalessi