Skip to content

Commit dc729fc

Browse files
modular-magicianmodular-magician
authored
Add support for is_secret_data_base64 in secret_version and secret_version_access datasources for global and regional stacks (#11877) (#8394)
[upstream:c7e7579312480fa00371042e7adb3a834431fdc7] Signed-off-by: Modular Magician <[email protected]>
1 parent 8a56f40 commit dc729fc

13 files changed

+344
-40
lines changed

Diff for: .changelog/11877.txt

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
```release-note:enhancement
2+
secretmanager: added `is_secret_data_base64` field to `google_secret_manager_secret_version` and `google_secret_manager_secret_version_access` datasources
3+
```
4+
```release-note:enhancement
5+
secretmanagerregional: added `is_secret_data_base64` field to `google_secret_manager_regional_secret_version` and `google_secret_manager_regional_secret_version_access` datasources
6+
```

Diff for: google-beta/services/secretmanager/data_source_secret_manager_secret_version.go

+15-4
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,11 @@ func DataSourceSecretManagerSecretVersion() *schema.Resource {
5454
Computed: true,
5555
Sensitive: true,
5656
},
57+
"is_secret_data_base64": {
58+
Type: schema.TypeBool,
59+
Optional: true,
60+
Default: false,
61+
},
5762
},
5863
}
5964
}
@@ -149,11 +154,17 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
149154
}
150155

151156
data := resp["payload"].(map[string]interface{})
152-
secretData, err := base64.StdEncoding.DecodeString(data["data"].(string))
153-
if err != nil {
154-
return fmt.Errorf("Error decoding secret manager secret version data: %s", err.Error())
157+
var secretData string
158+
if d.Get("is_secret_data_base64").(bool) {
159+
secretData = data["data"].(string)
160+
} else {
161+
payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
162+
if err != nil {
163+
return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error())
164+
}
165+
secretData = string(payloadData)
155166
}
156-
if err := d.Set("secret_data", string(secretData)); err != nil {
167+
if err := d.Set("secret_data", secretData); err != nil {
157168
return fmt.Errorf("Error setting secret_data: %s", err)
158169
}
159170

Diff for: google-beta/services/secretmanager/data_source_secret_manager_secret_version_access.go

+15-4
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,11 @@ func DataSourceSecretManagerSecretVersionAccess() *schema.Resource {
4242
Computed: true,
4343
Sensitive: true,
4444
},
45+
"is_secret_data_base64": {
46+
Type: schema.TypeBool,
47+
Optional: true,
48+
Default: false,
49+
},
4550
},
4651
}
4752
}
@@ -114,11 +119,17 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
114119
}
115120

116121
data := resp["payload"].(map[string]interface{})
117-
secretData, err := base64.StdEncoding.DecodeString(data["data"].(string))
118-
if err != nil {
119-
return fmt.Errorf("Error decoding secret manager secret version data: %s", err.Error())
122+
var secretData string
123+
if d.Get("is_secret_data_base64").(bool) {
124+
secretData = data["data"].(string)
125+
} else {
126+
payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
127+
if err != nil {
128+
return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error())
129+
}
130+
secretData = string(payloadData)
120131
}
121-
if err := d.Set("secret_data", string(secretData)); err != nil {
132+
if err := d.Set("secret_data", secretData); err != nil {
122133
return fmt.Errorf("Error setting secret_data: %s", err)
123134
}
124135

Diff for: google-beta/services/secretmanager/data_source_secret_manager_secret_version_access_test.go

+47-23
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,12 @@
33
package secretmanager_test
44

55
import (
6-
"errors"
76
"fmt"
87
"testing"
98

109
"github.com/hashicorp/terraform-provider-google-beta/google-beta/acctest"
1110

1211
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
13-
"github.com/hashicorp/terraform-plugin-testing/terraform"
1412
)
1513

1614
func TestAccDatasourceSecretManagerSecretVersionAccess_basic(t *testing.T) {
@@ -26,7 +24,8 @@ func TestAccDatasourceSecretManagerSecretVersionAccess_basic(t *testing.T) {
2624
{
2725
Config: testAccDatasourceSecretManagerSecretVersionAccess_basic(randomString),
2826
Check: resource.ComposeTestCheckFunc(
29-
testAccCheckDatasourceSecretManagerSecretVersionAccess("data.google_secret_manager_secret_version_access.basic", "1"),
27+
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.basic", "1"),
28+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.basic", "google_secret_manager_secret_version.secret-version-basic"),
3029
),
3130
},
3231
},
@@ -46,34 +45,34 @@ func TestAccDatasourceSecretManagerSecretVersionAccess_latest(t *testing.T) {
4645
{
4746
Config: testAccDatasourceSecretManagerSecretVersionAccess_latest(randomString),
4847
Check: resource.ComposeTestCheckFunc(
49-
testAccCheckDatasourceSecretManagerSecretVersionAccess("data.google_secret_manager_secret_version_access.latest", "2"),
48+
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.latest", "2"),
49+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.latest", "google_secret_manager_secret_version.secret-version-basic-2"),
5050
),
5151
},
5252
},
5353
})
5454
}
5555

56-
func testAccCheckDatasourceSecretManagerSecretVersionAccess(n, expected string) resource.TestCheckFunc {
57-
return func(s *terraform.State) error {
58-
rs, ok := s.RootModule().Resources[n]
59-
if !ok {
60-
return fmt.Errorf("Can't find Secret Version data source: %s", n)
61-
}
62-
63-
if rs.Primary.ID == "" {
64-
return errors.New("data source ID not set.")
65-
}
56+
func TestAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(t *testing.T) {
57+
t.Parallel()
6658

67-
version, ok := rs.Primary.Attributes["version"]
68-
if !ok {
69-
return errors.New("can't find 'version' attribute")
70-
}
59+
randomString := acctest.RandString(t, 10)
60+
data := "./test-fixtures/binary-file.pfx"
7161

72-
if version != expected {
73-
return fmt.Errorf("expected %s, got %s, version not found", expected, version)
74-
}
75-
return nil
76-
}
62+
acctest.VcrTest(t, resource.TestCase{
63+
PreCheck: func() { acctest.AccTestPreCheck(t) },
64+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
65+
CheckDestroy: testAccCheckSecretManagerSecretVersionDestroyProducer(t),
66+
Steps: []resource.TestStep{
67+
{
68+
Config: testAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(randomString, data),
69+
Check: resource.ComposeTestCheckFunc(
70+
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.basic-base64", "1"),
71+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.basic-base64", "google_secret_manager_secret_version.secret-version-basic-base64"),
72+
),
73+
},
74+
},
75+
})
7776
}
7877

7978
func testAccDatasourceSecretManagerSecretVersionAccess_latest(randomString string) string {
@@ -129,3 +128,28 @@ data "google_secret_manager_secret_version_access" "basic" {
129128
}
130129
`, randomString, randomString)
131130
}
131+
132+
func testAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(randomString, data string) string {
133+
return fmt.Sprintf(`
134+
resource "google_secret_manager_secret" "secret-basic-base64" {
135+
secret_id = "tf-test-secret-version-%s"
136+
labels = {
137+
label = "my-label"
138+
}
139+
replication {
140+
auto {}
141+
}
142+
}
143+
144+
resource "google_secret_manager_secret_version" "secret-version-basic-base64" {
145+
secret = google_secret_manager_secret.secret-basic-base64.name
146+
is_secret_data_base64 = true
147+
secret_data = filebase64("%s")
148+
}
149+
150+
data "google_secret_manager_secret_version_access" "basic-base64" {
151+
secret = google_secret_manager_secret_version.secret-version-basic-base64.secret
152+
is_secret_data_base64 = true
153+
}
154+
`, randomString, data)
155+
}

Diff for: google-beta/services/secretmanager/data_source_secret_manager_secret_version_test.go

+86
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ func TestAccDatasourceSecretManagerSecretVersion_basic(t *testing.T) {
2727
Config: testAccDatasourceSecretManagerSecretVersion_basic(randomString),
2828
Check: resource.ComposeTestCheckFunc(
2929
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.basic", "1"),
30+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.basic", "google_secret_manager_secret_version.secret-version-basic"),
3031
),
3132
},
3233
},
@@ -47,6 +48,29 @@ func TestAccDatasourceSecretManagerSecretVersion_latest(t *testing.T) {
4748
Config: testAccDatasourceSecretManagerSecretVersion_latest(randomString),
4849
Check: resource.ComposeTestCheckFunc(
4950
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.latest", "2"),
51+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.latest", "google_secret_manager_secret_version.secret-version-basic-2"),
52+
),
53+
},
54+
},
55+
})
56+
}
57+
58+
func TestAccDatasourceSecretManagerSecretVersion_withBase64SecretData(t *testing.T) {
59+
t.Parallel()
60+
61+
randomString := acctest.RandString(t, 10)
62+
data := "./test-fixtures/binary-file.pfx"
63+
64+
acctest.VcrTest(t, resource.TestCase{
65+
PreCheck: func() { acctest.AccTestPreCheck(t) },
66+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
67+
CheckDestroy: testAccCheckSecretManagerSecretVersionDestroyProducer(t),
68+
Steps: []resource.TestStep{
69+
{
70+
Config: testAccDatasourceSecretManagerSecretVersion_withBase64SecretData(randomString, data),
71+
Check: resource.ComposeTestCheckFunc(
72+
testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.basic-base64", "1"),
73+
testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.basic-base64", "google_secret_manager_secret_version.secret-version-basic-base64"),
5074
),
5175
},
5276
},
@@ -76,6 +100,43 @@ func testAccCheckDatasourceSecretManagerSecretVersion(n, expected string) resour
76100
}
77101
}
78102

103+
func testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource(datasource, resource string) resource.TestCheckFunc {
104+
return func(s *terraform.State) error {
105+
rs, ok := s.RootModule().Resources[resource]
106+
if !ok {
107+
return fmt.Errorf("can't find Secret Version resource: %s", resource)
108+
}
109+
110+
ds, ok := s.RootModule().Resources[datasource]
111+
if !ok {
112+
return fmt.Errorf("can't find Secret Version data source: %s", datasource)
113+
}
114+
115+
if rs.Primary.ID == "" {
116+
return errors.New("resource ID not set.")
117+
}
118+
119+
if ds.Primary.ID == "" {
120+
return errors.New("data source ID not set.")
121+
}
122+
123+
resourceSecretData, ok := rs.Primary.Attributes["secret_data"]
124+
if !ok {
125+
return errors.New("can't find 'secret_data' attribute in Secret Version resource")
126+
}
127+
128+
datasourceSecretData, ok := ds.Primary.Attributes["secret_data"]
129+
if !ok {
130+
return errors.New("can't find 'secret_data' attribute in Secret Version data source")
131+
}
132+
133+
if resourceSecretData != datasourceSecretData {
134+
return fmt.Errorf("expected %s, got %s, secret_data doesn't match", resourceSecretData, datasourceSecretData)
135+
}
136+
return nil
137+
}
138+
}
139+
79140
func testAccDatasourceSecretManagerSecretVersion_latest(randomString string) string {
80141
return fmt.Sprintf(`
81142
resource "google_secret_manager_secret" "secret-basic" {
@@ -129,3 +190,28 @@ data "google_secret_manager_secret_version" "basic" {
129190
}
130191
`, randomString, randomString)
131192
}
193+
194+
func testAccDatasourceSecretManagerSecretVersion_withBase64SecretData(randomString, data string) string {
195+
return fmt.Sprintf(`
196+
resource "google_secret_manager_secret" "secret-basic-base64" {
197+
secret_id = "tf-test-secret-version-%s"
198+
labels = {
199+
label = "my-label"
200+
}
201+
replication {
202+
auto {}
203+
}
204+
}
205+
206+
resource "google_secret_manager_secret_version" "secret-version-basic-base64" {
207+
secret = google_secret_manager_secret.secret-basic-base64.name
208+
is_secret_data_base64 = true
209+
secret_data = filebase64("%s")
210+
}
211+
212+
data "google_secret_manager_secret_version" "basic-base64" {
213+
secret = google_secret_manager_secret_version.secret-version-basic-base64.secret
214+
is_secret_data_base64 = true
215+
}
216+
`, randomString, data)
217+
}

Diff for: google-beta/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go

+15-5
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,11 @@ func DataSourceSecretManagerRegionalRegionalSecretVersion() *schema.Resource {
7171
},
7272
},
7373
},
74+
"is_secret_data_base64": {
75+
Type: schema.TypeBool,
76+
Optional: true,
77+
Default: false,
78+
},
7479
},
7580
}
7681
}
@@ -195,12 +200,17 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
195200
}
196201

197202
data := resp["payload"].(map[string]interface{})
198-
secretData, err := base64.StdEncoding.DecodeString(data["data"].(string))
199-
if err != nil {
200-
return fmt.Errorf("Error decoding secret manager regional secret version data: %s", err.Error())
203+
var secretData string
204+
if d.Get("is_secret_data_base64").(bool) {
205+
secretData = data["data"].(string)
206+
} else {
207+
payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
208+
if err != nil {
209+
return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error())
210+
}
211+
secretData = string(payloadData)
201212
}
202-
203-
if err := d.Set("secret_data", string(secretData)); err != nil {
213+
if err := d.Set("secret_data", secretData); err != nil {
204214
return fmt.Errorf("Error setting secret_data: %s", err)
205215
}
206216

Diff for: google-beta/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go

+15-4
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,11 @@ func DataSourceSecretManagerRegionalRegionalSecretVersionAccess() *schema.Resour
4747
Computed: true,
4848
Sensitive: true,
4949
},
50+
"is_secret_data_base64": {
51+
Type: schema.TypeBool,
52+
Optional: true,
53+
Default: false,
54+
},
5055
},
5156
}
5257
}
@@ -150,11 +155,17 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionAccessRead(d *schema.Re
150155
}
151156

152157
data := resp["payload"].(map[string]interface{})
153-
secretData, err := base64.StdEncoding.DecodeString(data["data"].(string))
154-
if err != nil {
155-
return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error())
158+
var secretData string
159+
if d.Get("is_secret_data_base64").(bool) {
160+
secretData = data["data"].(string)
161+
} else {
162+
payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
163+
if err != nil {
164+
return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error())
165+
}
166+
secretData = string(payloadData)
156167
}
157-
if err := d.Set("secret_data", string(secretData)); err != nil {
168+
if err := d.Set("secret_data", secretData); err != nil {
158169
return fmt.Errorf("error setting secret_data: %s", err)
159170
}
160171

0 commit comments

Comments
 (0)