[minor_change] Add support for MACsec key with resource aci_macsec_key

Author: akinross

docs/data-sources/macsec_key.md

@@ -0,0 +1,69 @@
+---
+# Documentation generated by "gen/generator.go"; DO NOT EDIT.
+# In order to regenerate this file execute `go generate` from the repository root.
+# More details can be found in the [README](https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/README.md).
+subcategory: "Access Policies"
+layout: "aci"
+page_title: "ACI: aci_macsec_key"
+sidebar_current: "docs-aci-data-source-aci_macsec_key"
+description: |-
+  Data source for ACI MACsec Key
+---
+
+# aci_macsec_key #
+
+Data source for ACI MACsec Key
+
+## API Information ##
+
+* Class: [macsecKeyPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/macsecKeyPol/overview)
+
+* Supported in ACI versions: 3.1(1i) and later.
+
+* Distinguished Name Formats:
+  - `uni/fabric/macsecpcontfab/keychainp-{name}/keyp-{keyName}`
+  - `uni/infra/macsecpcont/keychainp-{name}/keyp-{keyName}`
+
+## GUI Information ##
+
+* Locations:
+  - `Fabric -> Access Policies -> Policies -> Interface -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy`
+  - `Fabric -> Fabric Policies -> Policies -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy`
+
+## Example Usage ##
+
+```hcl
+
+data "aci_macsec_key" "example_macsec_key_chain" {
+  parent_dn = aci_macsec_key_chain.example.id
+  key_name  = "aa"
+}
+
+```
+
+## Schema ##
+
+### Required ###
+
+* `parent_dn` - (string) The distinguished name (DN) of the parent object, possible resources:
+  - [aci_macsec_key_chain](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/macsec_key_chain) ([macsecKeyChainPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/macsecKeyChainPol/overview))
+* `key_name` (keyName) - (string) The key name of the MACsec Key object.
+
+### Read-Only ###
+
+* `id` - (string) The distinguished name (DN) of the MACsec Key object.
+* `annotation` (annotation) - (string) The annotation of the MACsec Key object. This attribute is supported in ACI versions: 3.2(1l) and later.
+* `description` (descr) - (string) The description of the MACsec Key object.
+* `end_time` (endTime) - (string) The end time of the MACsec Key object. The default value cannot be used directly, since APIC will calculate this value to the datetime representation which results in a applied state that does not match the planned state. Do not provide this attribute when APIC should calculate the current datetime ('now'). Furthermore, make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour.
+* `name` (name) - (string) The name of the MACsec Key object.
+* `name_alias` (nameAlias) - (string) The name alias of the MACsec Key object.
+* `owner_key` (ownerKey) - (string) The key for enabling clients to own their data for entity correlation.
+* `owner_tag` (ownerTag) - (string) A tag for enabling clients to add their own data. For example, to indicate who created this object.
+* `pre_shared_key` (preSharedKey) - (string) The  pre-shared key of the MACsec Key object.
+* `start_time` (startTime) - (string) The start time of the MACsec Key object. Please make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour.
+* `annotations` - (list) A list of Annotations (ACI object [tagAnnotation](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagAnnotation/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+    * `key` (key) - (string) The key used to uniquely identify this configuration object.
+    * `value` (value) - (string) The value of the property.
+* `tags` - (list) A list of Tags (ACI object [tagTag](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagTag/overview)). This attribute is supported in ACI versions: 3.2(1l) and later.
+    * `key` (key) - (string) The key used to uniquely identify this configuration object.
+    * `value` (value) - (string) The value of the property.

docs/resources/macsec_key.md

@@ -0,0 +1,136 @@
+---
+# Documentation generated by "gen/generator.go"; DO NOT EDIT.
+# In order to regenerate this file execute `go generate` from the repository root.
+# More details can be found in the [README](https://github.com/CiscoDevNet/terraform-provider-aci/blob/master/README.md).
+subcategory: "Access Policies"
+layout: "aci"
+page_title: "ACI: aci_macsec_key"
+sidebar_current: "docs-aci-resource-aci_macsec_key"
+description: |-
+  Manages ACI MACsec Key
+---
+
+# aci_macsec_key #
+
+Manages ACI MACsec Key
+
+
+
+## API Information ##
+
+* Class: [macsecKeyPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/macsecKeyPol/overview)
+
+* Supported in ACI versions: 3.1(1i) and later.
+
+* Distinguished Name Formats:
+  - `uni/fabric/macsecpcontfab/keychainp-{name}/keyp-{keyName}`
+  - `uni/infra/macsecpcont/keychainp-{name}/keyp-{keyName}`
+
+## GUI Information ##
+
+* Locations:
+  - `Fabric -> Access Policies -> Policies -> Interface -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy`
+  - `Fabric -> Fabric Policies -> Policies -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy`
+
+## Example Usage ##
+
+The configuration snippet below creates a MACsec Key with only required attributes.
+
+```hcl
+
+resource "aci_macsec_key" "example_macsec_key_chain" {
+  parent_dn = aci_macsec_key_chain.example.id
+  key_name  = "aa"
+}
+
+```
+The configuration snippet below shows all possible attributes of the MACsec Key.
+
+!> This example might not be valid configuration and is only used to show all possible attributes.
+
+```hcl
+
+resource "aci_macsec_key" "full_example_macsec_key_chain" {
+  parent_dn      = aci_macsec_key_chain.example.id
+  annotation     = "annotation"
+  description    = "description_1"
+  end_time       = "infinite"
+  key_name       = "aa"
+  name           = "name_1"
+  name_alias     = "name_alias_1"
+  owner_key      = "owner_key_1"
+  owner_tag      = "owner_tag_1"
+  pre_shared_key = "123456789a223456789a323456789abc"
+  start_time     = "2025-11-28T03:12:09.452-08:00"
+  annotations = [
+    {
+      key   = "key_0"
+      value = "value_1"
+    }
+  ]
+  tags = [
+    {
+      key   = "key_0"
+      value = "value_1"
+    }
+  ]
+}
+
+```
+
+All examples for the MACsec Key resource can be found in the [examples](https://github.com/CiscoDevNet/terraform-provider-aci/tree/master/examples/resources/aci_macsec_key) folder.
+
+## Schema ##
+
+### Required ###
+
+* `parent_dn` - (string) The distinguished name (DN) of the parent object, possible resources:
+  - [aci_macsec_key_chain](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/macsec_key_chain) ([macsecKeyChainPol](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/macsecKeyChainPol/overview))
+* `key_name` (keyName) - (string) The key name of the MACsec Key object.
+
+### Read-Only ###
+
+* `id` - (string) The distinguished name (DN) of the MACsec Key object.
+
+### Optional ###
+
+* `annotation` (annotation) - (string) The annotation of the MACsec Key object. This attribute is supported in ACI versions: 3.2(1l) and later.
+  - Default: `"orchestrator:terraform"`
+* `description` (descr) - (string) The description of the MACsec Key object.
+* `end_time` (endTime) - (string) The end time of the MACsec Key object. The default value cannot be used directly, since APIC will calculate this value to the datetime representation which results in a applied state that does not match the planned state. Do not provide this attribute when APIC should calculate the current datetime ('now'). Furthermore, make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour.
+  - Default: `"infinite"`
+* `name` (name) - (string) The name of the MACsec Key object.
+* `name_alias` (nameAlias) - (string) The name alias of the MACsec Key object.
+* `owner_key` (ownerKey) - (string) The key for enabling clients to own their data for entity correlation.
+* `owner_tag` (ownerTag) - (string) A tag for enabling clients to add their own data. For example, to indicate who created this object.
+* `pre_shared_key` (preSharedKey) - (string) The  pre-shared key of the MACsec Key object.
+* `start_time` (startTime) - (string) The start time of the MACsec Key object. Please make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour.
+  - Default: `"now"`
+* `annotations` - (list) A list of Annotations (ACI object [tagAnnotation](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagAnnotation/overview)). Annotations can also be configured using a separate [aci_annotation](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/annotation) resource. This attribute is supported in ACI versions: 3.2(1l) and later.
+  #### Required ####
+  
+    * `key` (key) - (string) The key used to uniquely identify this configuration object.
+    * `value` (value) - (string) The value of the property.
+* `tags` - (list) A list of Tags (ACI object [tagTag](https://pubhub.devnetcloud.com/media/model-doc-latest/docs/app/index.html#/objects/tagTag/overview)). Tags can also be configured using a separate [aci_tag](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/tag) resource. This attribute is supported in ACI versions: 3.2(1l) and later.
+  #### Required ####
+  
+    * `key` (key) - (string) The key used to uniquely identify this configuration object.
+    * `value` (value) - (string) The value of the property.
+
+## Importing
+
+An existing MACsec Key can be [imported](https://www.terraform.io/docs/import/index.html) into this resource with its distinguished name (DN), via the following command:
+
+```
+terraform import aci_macsec_key.example_macsec_key_chain uni/fabric/macsecpcontfab/keychainp-{name}/keyp-{keyName}
+```
+
+Starting in Terraform version 1.5, an existing MACsec Key can be imported
+using [import blocks](https://developer.hashicorp.com/terraform/language/import) via the following configuration:
+
+```
+import {
+  id = "uni/fabric/macsecpcontfab/keychainp-{name}/keyp-{keyName}"
+  to = aci_macsec_key.example_macsec_key_chain
+}
+```

docs/resources/macsec_key_chain.md

@@ -126,3 +126,7 @@ import {
   to = aci_macsec_key_chain.example
 }
 ```
+
+## Child Resources
+  
+  - [aci_macsec_key](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/macsec_key)

examples/data-sources/aci_macsec_key/data-source.tf

@@ -0,0 +1,5 @@
+
+data "aci_macsec_key" "example_macsec_key_chain" {
+  parent_dn = aci_macsec_key_chain.example.id
+  key_name  = "aa"
+}

examples/data-sources/aci_macsec_key/provider.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aci = {
+      source = "ciscodevnet/aci"
+    }
+  }
+}
+
+provider "aci" {
+  username = ""
+  password = ""
+  url      = ""
+  insecure = true
+}

examples/resources/aci_macsec_key/provider.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aci = {
+      source = "ciscodevnet/aci"
+    }
+  }
+}
+
+provider "aci" {
+  username = ""
+  password = ""
+  url      = ""
+  insecure = true
+}

examples/resources/aci_macsec_key/resource-all-attributes.tf

@@ -0,0 +1,26 @@
+
+resource "aci_macsec_key" "full_example_macsec_key_chain" {
+  parent_dn      = aci_macsec_key_chain.example.id
+  annotation     = "annotation"
+  description    = "description_1"
+  end_time       = "infinite"
+  key_name       = "aa"
+  name           = "name_1"
+  name_alias     = "name_alias_1"
+  owner_key      = "owner_key_1"
+  owner_tag      = "owner_tag_1"
+  pre_shared_key = "123456789a223456789a323456789abc"
+  start_time     = "2025-11-28T03:12:09.452-08:00"
+  annotations = [
+    {
+      key   = "key_0"
+      value = "value_1"
+    }
+  ]
+  tags = [
+    {
+      key   = "key_0"
+      value = "value_1"
+    }
+  ]
+}

examples/resources/aci_macsec_key/resource.tf

@@ -0,0 +1,5 @@
+
+resource "aci_macsec_key" "example_macsec_key_chain" {
+  parent_dn = aci_macsec_key_chain.example.id
+  key_name  = "aa"
+}

gen/definitions/classes.yaml

@@ -1290,4 +1290,12 @@ macsecKeyChainPol:
   sub_category: "Access Policies"
   ui_locations:
     - "Fabric -> Access Policies -> Policies -> Interface -> MACSec -> MACSec KeyChain Policies"
-    - "Fabric -> Fabric Policies -> Policies -> MACSec -> MACSec KeyChain Policies"
+    - "Fabric -> Fabric Policies -> Policies -> MACSec -> MACSec KeyChain Policies"
+
+macsecKeyPol:
+  resource_name: "macsec_key"
+  sub_category: "Access Policies"
+  ui_locations:
+    - "Fabric -> Access Policies -> Policies -> Interface -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy"
+    - "Fabric -> Fabric Policies -> Policies -> MACSec -> MACSec KeyChain Policies -> MACSec Key Policy"
+  class_version: "6.0(2h)-"

gen/definitions/properties.yaml

@@ -2923,3 +2923,26 @@ macsecParamPol:
 macsecKeyChainPol:
   default_values:
     parent_dn: "uni/infra/macsecpcont"
+
+macsecKeyPol:
+  remove_valid_values:
+    endTime:
+      - "infinite"
+    startTime:
+      - "now"
+  documentation:
+    keyName:  "The key name of the %s object."
+    endTime: "The end time of the %s object. The default value cannot be used directly, since APIC will calculate this value to the datetime representation which results in a applied state that does not match the planned state. Do not provide this attribute when APIC should calculate the current datetime ('now'). Furthermore, make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour."
+    startTime: "The start time of the %s object. Please make sure that the time-zone part (in the full example this is '-08:00') matches the time-zone configured on APIC. Not doing so will result in unexpected behaviour."
+    preSharedKey: "The  pre-shared key of the %s object."
+  test_values:
+    default:
+      start_time: "2025-11-28T03:12:09.452-08:00"
+    all:
+      start_time: "2025-11-28T03:12:09.452-08:00"
+      pre_shared_key: "123456789a223456789a323456789abc"
+    resource_required:
+      key_name: "aa"
+      start_time: "2025-11-28T03:12:09.452-08:00"
+    datasource_required:
+      key_name: "aa"