scaleway
diff --git a/‎docs/data-sources/audit_trail_event.md‎
Lines changed: 21 additions & 1 deletion b/‎docs/data-sources/audit_trail_event.md‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎internal/services/audittrail/event_data_source.go‎
Lines changed: 107 additions & 13 deletions b/‎internal/services/audittrail/event_data_source.go‎
Lines changed: 107 additions & 13 deletions
@@ -42,6 +42,19 @@ data "scaleway_audit_trail_event" "find_by_product_name" {
   region = "nl-ams"
   product_name = "secret-manager"
 }
+
+# Retrieve audit trail events with various filtering
+data "scaleway_audit_trail_event" "find_with_filters" {
+  region = "fr-par"
+  service_name = "instance"
+  method_name = "CreateServer"
+  principal_id = "11111111-1111-1111-1111-111111111111"
+  source_ip = "192.0.2.1"
+  status = 200
+  recorded_after = "2025-10-01T00:00:00Z"
+  recorded_before = "2025-12-31T23:59:59Z"
+  order_by = "recorded_at_desc"
+}
 ```
 
 ## Argument Reference
@@ -52,6 +65,14 @@ data "scaleway_audit_trail_event" "find_by_product_name" {
 - `resource_type` - (Optional) Type of the scaleway resources associated with the listed events. Possible values are: `secm_secret`, `secm_secret_version`, `kube_cluster`, `kube_pool`, `kube_node`, `kube_acl`, `keym_key`, `iam_user`, `iam_application`, `iam_group`, `iam_policy`, `iam_api_key`, `iam_ssh_key`, `iam_rule`, `iam_saml`, `iam_saml_certificate`, `secret_manager_secret`, `secret_manager_version`, `key_manager_key`, `account_user`, `account_organization`, `account_project`, `instance_server`, `instance_placement_group`, `instance_security_group`, `instance_volume`, `instance_snapshot`, `instance_image`, `apple_silicon_server`, `baremetal_server`, `baremetal_setting`, `ipam_ip`, `sbs_volume`, `sbs_snapshot`, `load_balancer_lb`, `load_balancer_ip`, `load_balancer_frontend`, `load_balancer_backend`, `load_balancer_route`, `load_balancer_acl`, `load_balancer_certificate`, `sfs_filesystem`, or `vpc_private_network`.
 - `resource_id` - (Optional) ID of the Scaleway resource associated with the listed events.
 - `product_name` - (Optional) Name of the Scaleway product in a hyphenated format.
+- `service_name` - (Optional) Name of the service of the API call performed.
+- `method_name` - (Optional) Name of the method of the API call performed.
+- `principal_id` - (Optional) ID of the User or IAM application at the origin of the event.
+- `source_ip` - (Optional) IP address at the origin of the event.
+- `status` - (Optional) HTTP status code of the request.
+- `recorded_after` - (Optional) The `recorded_after` parameter defines the earliest timestamp from which Audit Trail events are retrieved. Returns `one hour ago` by default (Format ISO 8601).
+- `recorded_before` - (Optional) The `recorded_before` parameter defines the latest timestamp up to which Audit Trail events are retrieved. Must be later than recorded_after. Returns `now` by default (Format ISO 8601).
+- `order_by` - (Optional) Defines the order in which events are returned. Possible values are `recorded_at_asc` and `recorded_at_desc`. Default value: `recorded_at_desc`.
 
 
 ## Attributes Reference
@@ -77,4 +98,3 @@ In addition to all arguments above, the following attributes are exported:
     - `request_id` - Unique identifier of the request at the origin of the event. (UUID format)
     - `request_body` - Request at the origin of the event.
     - `status_code` - HTTP status code resulting of the API call.
-
 
@@ -2,12 +2,13 @@ package audittrail
 
 import (
 	"context"
-	"strconv"
+	"fmt"
 
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	audittrailSDK "github.com/scaleway/scaleway-sdk-go/api/audit_trail/v1alpha1"
 	"github.com/scaleway/scaleway-sdk-go/scw"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
@@ -58,6 +59,50 @@ func DataSourceEvent() *schema.Resource {
 				Description: "Scaleway product associated with the listed events in a hyphenated format",
 				Optional:    true,
 			},
+			"service_name": {
+				Type:        schema.TypeString,
+				Description: "Name of the service of the API call performed",
+				Optional:    true,
+			},
+			"method_name": {
+				Type:        schema.TypeString,
+				Description: "Name of the method of the API call performed",
+				Optional:    true,
+			},
+			"principal_id": {
+				Type:        schema.TypeString,
+				Description: "ID of the User or IAM application at the origin of the event",
+				Optional:    true,
+			},
+			"source_ip": {
+				Type:        schema.TypeString,
+				Description: "IP address at the origin of the event",
+				Optional:    true,
+			},
+			"status": {
+				Type:        schema.TypeInt,
+				Description: "HTTP status code of the request",
+				Optional:    true,
+			},
+			"recorded_after": {
+				Type:        schema.TypeString,
+				Description: "The `recorded_after` parameter defines the earliest timestamp from which Audit Trail events are retrieved. Returns `one hour ago` by default (Format ISO 8601)",
+				Optional:    true,
+			},
+			"recorded_before": {
+				Type:        schema.TypeString,
+				Description: "The `recorded_before` parameter defines the latest timestamp up to which Audit Trail events are retrieved. Must be later than recorded_after. Returns `now` by default (Format ISO 8601)",
+				Optional:    true,
+			},
+			"order_by": {
+				Type:        schema.TypeString,
+				Description: "Defines the order in which events are returned. Default value: recorded_at_desc",
+				Optional:    true,
+				ValidateFunc: validation.StringInSlice([]string{
+					string(audittrailSDK.ListAuthenticationEventsRequestOrderByRecordedAtAsc),
+					string(audittrailSDK.ListAuthenticationEventsRequestOrderByRecordedAtDesc),
+				}, true),
+			},
 			"events": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -154,7 +199,7 @@ func DataSourceEvent() *schema.Resource {
 							Computed:    true,
 						},
 						"status_code": {
-							Type:        schema.TypeString,
+							Type:        schema.TypeInt,
 							Description: "HTTP status code resulting of the API call",
 							Computed:    true,
 						},
@@ -176,6 +221,32 @@ func DataSourceEventsRead(ctx context.Context, d *schema.ResourceData, m any) di
 		Region:         region,
 	}
 
+	err = readOptionalData(d, &req)
+
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	res, err := auditTrailAPI.ListEvents(&req, scw.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(uuid.New().String())
+	_ = d.Set("organization_id", orgID)
+	_ = d.Set("region", region)
+
+	flattenedEvents, err := flattenEvents(res.Events)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	_ = d.Set("events", flattenedEvents)
+
+	return nil
+}
+
+func readOptionalData(d *schema.ResourceData, req *audittrailSDK.ListEventsRequest) error {
 	if projectID, ok := d.GetOk("project_id"); ok {
 		req.ProjectID = types.ExpandStringPtr(projectID)
 	}
@@ -192,21 +263,44 @@ func DataSourceEventsRead(ctx context.Context, d *schema.ResourceData, m any) di
 		req.ResourceID = types.ExpandStringPtr(resourceID)
 	}
 
-	res, err := auditTrailAPI.ListEvents(&req, scw.WithContext(ctx))
-	if err != nil {
-		return diag.FromErr(err)
+	if serviceName, ok := d.GetOk("service_name"); ok {
+		req.ServiceName = types.ExpandStringPtr(serviceName)
 	}
 
-	d.SetId(uuid.New().String())
-	_ = d.Set("organization_id", orgID)
-	_ = d.Set("region", region)
+	if methodName, ok := d.GetOk("method_name"); ok {
+		req.MethodName = types.ExpandStringPtr(methodName)
+	}
 
-	flattenedEvents, err := flattenEvents(res.Events)
-	if err != nil {
-		return diag.FromErr(err)
+	if principalID, ok := d.GetOk("principal_id"); ok {
+		req.PrincipalID = types.ExpandStringPtr(principalID)
 	}
 
-	_ = d.Set("events", flattenedEvents)
+	if sourceIP, ok := d.GetOk("source_ip"); ok {
+		req.SourceIP = types.ExpandStringPtr(sourceIP)
+	}
+
+	if status, ok := d.GetOk("status"); ok {
+		req.Status = types.ExpandUint32Ptr(status)
+	}
+
+	if recordedBefore, ok := d.GetOk("recorded_before"); ok {
+		req.RecordedBefore = types.ExpandTimePtr(recordedBefore)
+	}
+
+	if recordedAfter, ok := d.GetOk("recorded_after"); ok {
+		req.RecordedAfter = types.ExpandTimePtr(recordedAfter)
+	}
+
+	if orderBy, ok := d.GetOk("order_by"); ok {
+		switch orderBy.(string) {
+		case "recorded_at_asc":
+			req.OrderBy = audittrailSDK.ListEventsRequestOrderByRecordedAtAsc
+		case "recorded_at_desc":
+			req.OrderBy = audittrailSDK.ListEventsRequestOrderByRecordedAtDesc
+		default:
+			return fmt.Errorf("invalid order_by value: %s, must be 'recorded_at_asc' or 'recorded_at_desc'", orderBy)
+		}
+	}
 
 	return nil
 }
@@ -240,7 +334,7 @@ func flattenEvents(events []*audittrailSDK.Event) ([]map[string]any, error) {
 			"resources":       flattenResources(event.Resources),
 			"request_id":      event.RequestID,
 			"request_body":    requestBody,
-			"status_code":     strconv.FormatUint(uint64(event.StatusCode), 10),
+			"status_code":     event.StatusCode,
 		}
 	}