Add support for regional secret version datasource google_secret_manager_regional_secret_version (GoogleCloudPlatform#11730)

Author: abheda-crest

mmv1/products/secretmanagerregional/RegionalSecret.yaml

@@ -137,19 +137,18 @@ properties:
 
       An object containing a list of "key": value pairs. Example:
       { "name": "wrench", "mass": "1.3kg", "count": "3" }.
-  # TODO : Add versionAliases field support once google_secret_manager_regional_secret_version is added
-  # - !ruby/object:Api::Type::KeyValuePairs
-  #   name: versionAliases
-  #   description: |
-  #     Mapping from version alias to version name.
+  - !ruby/object:Api::Type::KeyValuePairs
+    name: versionAliases
+    description: |
+      Mapping from version alias to version name.
 
-  #     A version alias is a string with a maximum length of 63 characters and can contain
-  #     uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')
-  #     characters. An alias string must start with a letter and cannot be the string
-  #     'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.
+      A version alias is a string with a maximum length of 63 characters and can contain
+      uppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')
+      characters. An alias string must start with a letter and cannot be the string
+      'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.
 
-  #     An object containing a list of "key": value pairs. Example:
-  #     { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+      An object containing a list of "key": value pairs. Example:
+      { "name": "wrench", "mass": "1.3kg", "count": "3" }.
   - !ruby/object:Api::Type::NestedObject
     name: customerManagedEncryption
     description: |

mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb

@@ -180,6 +180,7 @@ var handwrittenDatasources = map[string]*schema.Resource{
 	"google_runtimeconfig_config":                      runtimeconfig.DataSourceGoogleRuntimeconfigConfig(),
 	"google_runtimeconfig_variable":                    runtimeconfig.DataSourceGoogleRuntimeconfigVariable(),
 	<% end -%>
+	"google_secret_manager_regional_secret_version":    secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersion(),
 	"google_secret_manager_regional_secret":            secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecret(),
 	"google_secret_manager_secret":                     secretmanager.DataSourceSecretManagerSecret(),
 	"google_secret_manager_secrets":                    secretmanager.DataSourceSecretManagerSecrets(),

mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go

@@ -0,0 +1,207 @@
+package secretmanagerregional
+
+import (
+	"encoding/base64"
+	"fmt"
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceSecretManagerRegionalRegionalSecretVersion() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceSecretManagerRegionalRegionalSecretVersionRead,
+		Schema: map[string]*schema.Schema{
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"location": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"secret": {
+				Type:             schema.TypeString,
+				Required:         true,
+				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+			},
+			"version": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"create_time": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"destroy_time": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"secret_data": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+			"customer_managed_encryption": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"kms_key_version_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
+	if err != nil {
+		return err
+	}
+
+	secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$")
+	parts := secretRegex.FindStringSubmatch(d.Get("secret").(string))
+
+	var project string
+
+	// if reference of the secret is provided in the secret field
+	if len(parts) == 4 {
+		// Store values of project to set in state
+		project = parts[1]
+		if d.Get("project").(string) != "" && d.Get("project").(string) != parts[1] {
+			return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), parts[1])
+		}
+		if d.Get("location").(string) != "" && d.Get("location").(string) != parts[2] {
+			return fmt.Errorf("The location set on this secret version (%s) is not equal to the location where this secret exists (%s).", d.Get("location").(string), parts[2])
+		}
+		if err := d.Set("location", parts[2]); err != nil {
+			return fmt.Errorf("Error setting location: %s", err)
+		}
+		if err := d.Set("secret", parts[3]); err != nil {
+			return fmt.Errorf("Error setting secret: %s", err)
+		}
+	} else { // if secret name is provided in the secret field
+		// Store values of project to set in state
+		project, err = tpgresource.GetProject(d, config)
+		if err != nil {
+			return fmt.Errorf("Error fetching project for Secret: %s", err)
+		}
+		if d.Get("location").(string) == "" {
+			return fmt.Errorf("Location must be set when providing only secret name")
+		}
+	}
+	if err := d.Set("project", project); err != nil {
+		return fmt.Errorf("Error setting project: %s", err)
+	}
+
+	var url string
+	versionNum := d.Get("version")
+
+	// set version if provided, else set version to latest
+	if versionNum != "" {
+		url, err = tpgresource.ReplaceVars(d, config, "{{SecretManagerRegionalBasePath}}projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}")
+		if err != nil {
+			return err
+		}
+	} else {
+		url, err = tpgresource.ReplaceVars(d, config, "{{SecretManagerRegionalBasePath}}projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/latest")
+		if err != nil {
+			return err
+		}
+	}
+
+	var secretVersion map[string]interface{}
+	secretVersion, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+	})
+
+	if err != nil {
+		return fmt.Errorf("Error retrieving available secret manager regional secret versions: %s", err.Error())
+	}
+
+	secretVersionRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$")
+	parts = secretVersionRegex.FindStringSubmatch(secretVersion["name"].(string))
+
+	if len(parts) != 5 {
+		return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", secretVersion["name"].(string))
+	}
+
+	log.Printf("[DEBUG] Received Google Secret Manager Regional Secret Version: %q", secretVersion)
+
+	if err := d.Set("version", parts[4]); err != nil {
+		return fmt.Errorf("Error setting version: %s", err)
+	}
+
+	url = fmt.Sprintf("%s:access", url)
+	resp, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+		Config:    config,
+		Method:    "GET",
+		Project:   project,
+		RawURL:    url,
+		UserAgent: userAgent,
+	})
+
+	if err != nil {
+		return fmt.Errorf("Error retrieving available secret manager regional secret version access: %s", err.Error())
+	}
+
+	if err := d.Set("customer_managed_encryption", flattenSecretManagerRegionalRegionalSecretVersionCustomerManagedEncryption(secretVersion["customerManagedEncryption"], d, config)); err != nil {
+		return fmt.Errorf("Error setting customer_managed_encryption: %s", err)
+	}
+
+	if err := d.Set("create_time", secretVersion["createTime"].(string)); err != nil {
+		return fmt.Errorf("Error setting create_time: %s", err)
+	}
+
+	if secretVersion["destroyTime"] != nil {
+		if err := d.Set("destroy_time", secretVersion["destroyTime"].(string)); err != nil {
+			return fmt.Errorf("Error setting destroy_time: %s", err)
+		}
+	}
+
+	if err := d.Set("name", secretVersion["name"].(string)); err != nil {
+		return fmt.Errorf("Error setting name: %s", err)
+	}
+
+	if err := d.Set("enabled", true); err != nil {
+		return fmt.Errorf("Error setting enabled: %s", err)
+	}
+
+	data := resp["payload"].(map[string]interface{})
+	secretData, err := base64.StdEncoding.DecodeString(data["data"].(string))
+	if err != nil {
+		return fmt.Errorf("Error decoding secret manager regional secret version data: %s", err.Error())
+	}
+
+	if err := d.Set("secret_data", string(secretData)); err != nil {
+		return fmt.Errorf("Error setting secret_data: %s", err)
+	}
+
+	d.SetId(secretVersion["name"].(string))
+	return nil
+}