Skip to content

Commit 7a7f28a

Browse files
hcsa73Henrique Santos
hcsa73
and
Henrique Santos
authored
Implement Secrets Manager User, change ACL to Set (#94)
* Implement secrets manager user * Add user tests * Add secrets manager user * Fix typo * Change ACL to set * Fix field name * Change ACLs to set * Fix typo * Fix formatting * Fix update not using existing password * Add repeating ACLs to test case * Fix signature * Add user checks * Reorder list --------- Co-authored-by: Henrique Santos <[email protected]>
1 parent e126557 commit 7a7f28a

File tree

9 files changed

+1159
-45
lines changed

9 files changed

+1159
-45
lines changed

stackit/internal/services/secretsmanager/instance/datasource.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ func (r *instanceDataSource) Schema(_ context.Context, _ datasource.SchemaReques
110110
Description: descriptions["name"],
111111
Computed: true,
112112
},
113-
"acls": schema.ListAttribute{
113+
"acls": schema.SetAttribute{
114114
Description: descriptions["acls"],
115115
ElementType: types.StringType,
116116
Computed: true,

stackit/internal/services/secretsmanager/instance/resource.go

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ import (
55
"fmt"
66
"strings"
77

8-
"github.com/hashicorp/terraform-plugin-framework-validators/listvalidator"
8+
"github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
99
"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
1010
"github.com/hashicorp/terraform-plugin-framework/attr"
1111
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
@@ -36,7 +36,7 @@ type Model struct {
3636
InstanceId types.String `tfsdk:"instance_id"`
3737
ProjectId types.String `tfsdk:"project_id"`
3838
Name types.String `tfsdk:"name"`
39-
ACLs types.List `tfsdk:"acls"`
39+
ACLs types.Set `tfsdk:"acls"`
4040
}
4141

4242
// NewInstanceResource is a helper function to simplify the provider implementation.
@@ -143,13 +143,12 @@ func (r *instanceResource) Schema(_ context.Context, _ resource.SchemaRequest, r
143143
stringvalidator.LengthAtLeast(1),
144144
},
145145
},
146-
"acls": schema.ListAttribute{
146+
"acls": schema.SetAttribute{
147147
Description: descriptions["acls"],
148148
ElementType: types.StringType,
149149
Optional: true,
150-
Validators: []validator.List{
151-
listvalidator.UniqueValues(),
152-
listvalidator.ValueStringsAre(
150+
Validators: []validator.Set{
151+
setvalidator.ValueStringsAre(
153152
validate.CIDR(),
154153
),
155154
},
@@ -397,15 +396,15 @@ func mapACLs(aclList *secretsmanager.AclList, model *Model) error {
397396
return fmt.Errorf("nil ACL list")
398397
}
399398
if aclList.Acls == nil || len(*aclList.Acls) == 0 {
400-
model.ACLs = types.ListNull(types.StringType)
399+
model.ACLs = types.SetNull(types.StringType)
401400
return nil
402401
}
403402

404403
acls := []attr.Value{}
405404
for _, acl := range *aclList.Acls {
406405
acls = append(acls, types.StringValue(*acl.Cidr))
407406
}
408-
aclsList, diags := types.ListValue(types.StringType, acls)
407+
aclsList, diags := types.SetValue(types.StringType, acls)
409408
if diags.HasError() {
410409
return fmt.Errorf("mapping ACLs: %w", core.DiagsToError(diags))
411410
}

stackit/internal/services/secretsmanager/instance/resource_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ func TestMapFields(t *testing.T) {
3636
InstanceId: types.StringValue("iid"),
3737
ProjectId: types.StringValue("pid"),
3838
Name: types.StringNull(),
39-
ACLs: types.ListNull(types.StringType),
39+
ACLs: types.SetNull(types.StringType),
4040
},
4141
true,
4242
},
@@ -66,7 +66,7 @@ func TestMapFields(t *testing.T) {
6666
InstanceId: types.StringValue("iid"),
6767
ProjectId: types.StringValue("pid"),
6868
Name: types.StringValue("name"),
69-
ACLs: types.ListValueMust(types.StringType, []attr.Value{
69+
ACLs: types.SetValueMust(types.StringType, []attr.Value{
7070
types.StringValue("cidr-1"),
7171
types.StringValue("cidr-2"),
7272
types.StringValue("cidr-3"),

stackit/internal/services/secretsmanager/secretsmanager_acc_test.go

Lines changed: 151 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,14 @@ var instanceResource = map[string]string{
2525
"acl-1-updated": "111.222.111.222/22",
2626
}
2727

28-
func resourceConfig(acls *string) string {
28+
// User resource data
29+
var userResource = map[string]string{
30+
"description": testutil.ResourceNameWithDateTime("secretsmanager"),
31+
"write_enabled": "false",
32+
"write_enabled_updated": "true",
33+
}
34+
35+
func resourceConfig(acls *string, writeEnabled string) string {
2936
if acls == nil {
3037
return fmt.Sprintf(`
3138
%s
@@ -34,10 +41,19 @@ func resourceConfig(acls *string) string {
3441
project_id = "%s"
3542
name = "%s"
3643
}
44+
45+
resource "stackit_secretsmanager_user" "user" {
46+
project_id = stackit_secretsmanager_instance.instance.project_id
47+
instance_id = stackit_secretsmanager_instance.instance.instance_id
48+
description = "%s"
49+
write_enabled = %s
50+
}
3751
`,
3852
testutil.SecretsManagerProviderConfig(),
3953
instanceResource["project_id"],
4054
instanceResource["name"],
55+
userResource["description"],
56+
writeEnabled,
4157
)
4258
}
4359

@@ -49,11 +65,20 @@ func resourceConfig(acls *string) string {
4965
name = "%s"
5066
acls = %s
5167
}
68+
69+
resource "stackit_secretsmanager_user" "user" {
70+
project_id = stackit_secretsmanager_instance.instance.project_id
71+
instance_id = stackit_secretsmanager_instance.instance.instance_id
72+
description = "%s"
73+
write_enabled = %s
74+
}
5275
`,
5376
testutil.SecretsManagerProviderConfig(),
5477
instanceResource["project_id"],
5578
instanceResource["name"],
5679
*acls,
80+
userResource["description"],
81+
writeEnabled,
5782
)
5883
}
5984

@@ -65,37 +90,66 @@ func TestAccSecretsManager(t *testing.T) {
6590

6691
// Creation
6792
{
68-
Config: resourceConfig(utils.Ptr(fmt.Sprintf(
69-
"[%q, %q]",
70-
instanceResource["acl-0"],
71-
instanceResource["acl-1"],
72-
))),
93+
Config: resourceConfig(
94+
utils.Ptr(fmt.Sprintf(
95+
"[%q, %q, %q]",
96+
instanceResource["acl-0"],
97+
instanceResource["acl-1"],
98+
instanceResource["acl-1"],
99+
)),
100+
userResource["write_enabled"],
101+
),
73102
Check: resource.ComposeAggregateTestCheckFunc(
74-
// Instance data
103+
// Instance
75104
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
76105
resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
77106
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
78107
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
79108
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
80109
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1"]),
110+
111+
// User
112+
resource.TestCheckResourceAttrPair(
113+
"stackit_secretsmanager_user.user", "project_id",
114+
"stackit_secretsmanager_instance.instance", "project_id",
115+
),
116+
resource.TestCheckResourceAttrPair(
117+
"stackit_secretsmanager_user.user", "instance_id",
118+
"stackit_secretsmanager_instance.instance", "instance_id",
119+
),
120+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
121+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
122+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled"]),
123+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
124+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
81125
),
82126
},
83-
{ // Data source
127+
// Data source
128+
{
84129
Config: fmt.Sprintf(`
85130
%s
86131
87132
data "stackit_secretsmanager_instance" "instance" {
88133
project_id = stackit_secretsmanager_instance.instance.project_id
89134
instance_id = stackit_secretsmanager_instance.instance.instance_id
135+
}
136+
137+
data "stackit_secretsmanager_user" "user" {
138+
project_id = stackit_secretsmanager_user.user.project_id
139+
instance_id = stackit_secretsmanager_user.user.instance_id
140+
user_id = stackit_secretsmanager_user.user.user_id
90141
}`,
91-
resourceConfig(utils.Ptr(fmt.Sprintf(
92-
"[%q, %q]",
93-
instanceResource["acl-0"],
94-
instanceResource["acl-1"],
95-
))),
142+
resourceConfig(
143+
utils.Ptr(fmt.Sprintf(
144+
"[%q, %q]",
145+
instanceResource["acl-0"],
146+
instanceResource["acl-1"],
147+
)),
148+
userResource["write_enabled"],
149+
),
96150
),
97151
Check: resource.ComposeAggregateTestCheckFunc(
98-
// Instance data
152+
// Instance
99153
resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
100154
resource.TestCheckResourceAttrPair(
101155
"stackit_secretsmanager_instance.instance", "instance_id",
@@ -104,6 +158,26 @@ func TestAccSecretsManager(t *testing.T) {
104158
resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
105159
resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
106160
resource.TestCheckResourceAttr("data.stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1"]),
161+
162+
// User
163+
resource.TestCheckResourceAttrPair(
164+
"stackit_secretsmanager_user.user", "project_id",
165+
"data.stackit_secretsmanager_user.user", "project_id",
166+
),
167+
resource.TestCheckResourceAttrPair(
168+
"stackit_secretsmanager_user.user", "instance_id",
169+
"data.stackit_secretsmanager_user.user", "instance_id",
170+
),
171+
resource.TestCheckResourceAttrPair(
172+
"stackit_secretsmanager_user.user", "user_id",
173+
"data.stackit_secretsmanager_user.user", "user_id",
174+
),
175+
resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "description", userResource["description"]),
176+
resource.TestCheckResourceAttr("data.stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled"]),
177+
resource.TestCheckResourceAttrPair(
178+
"stackit_secretsmanager_user.user", "username",
179+
"data.stackit_secretsmanager_user.user", "username",
180+
),
107181
),
108182
},
109183
// Import
@@ -123,32 +197,88 @@ func TestAccSecretsManager(t *testing.T) {
123197
ImportState: true,
124198
ImportStateVerify: true,
125199
},
200+
{
201+
ResourceName: "stackit_secretsmanager_user.user",
202+
ImportStateIdFunc: func(s *terraform.State) (string, error) {
203+
r, ok := s.RootModule().Resources["stackit_secretsmanager_user.user"]
204+
if !ok {
205+
return "", fmt.Errorf("couldn't find resource stackit_secretsmanager_user.user")
206+
}
207+
instanceId, ok := r.Primary.Attributes["instance_id"]
208+
if !ok {
209+
return "", fmt.Errorf("couldn't find attribute instance_id")
210+
}
211+
userId, ok := r.Primary.Attributes["user_id"]
212+
if !ok {
213+
return "", fmt.Errorf("couldn't find attribute user_id")
214+
}
215+
216+
return fmt.Sprintf("%s,%s,%s", testutil.ProjectId, instanceId, userId), nil
217+
},
218+
ImportState: true,
219+
ImportStateVerify: true,
220+
ImportStateVerifyIgnore: []string{"password"},
221+
Check: resource.TestCheckNoResourceAttr("stackit_secretsmanager_user.user", "password"),
222+
},
126223
// Update
127224
{
128-
Config: resourceConfig(utils.Ptr(fmt.Sprintf(
129-
"[%q, %q]",
130-
instanceResource["acl-0"],
131-
instanceResource["acl-1-updated"],
132-
))),
225+
Config: resourceConfig(
226+
utils.Ptr(fmt.Sprintf(
227+
"[%q, %q]",
228+
instanceResource["acl-0"],
229+
instanceResource["acl-1-updated"],
230+
)),
231+
userResource["write_enabled_updated"],
232+
),
133233
Check: resource.ComposeAggregateTestCheckFunc(
134-
// Instance data
234+
// Instance
135235
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
136236
resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
137237
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
138238
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "2"),
139239
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.0", instanceResource["acl-0"]),
140240
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.1", instanceResource["acl-1-updated"]),
241+
242+
// User
243+
resource.TestCheckResourceAttrPair(
244+
"stackit_secretsmanager_user.user", "project_id",
245+
"stackit_secretsmanager_instance.instance", "project_id",
246+
),
247+
resource.TestCheckResourceAttrPair(
248+
"stackit_secretsmanager_user.user", "instance_id",
249+
"stackit_secretsmanager_instance.instance", "instance_id",
250+
),
251+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
252+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
253+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled_updated"]),
254+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
255+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
141256
),
142257
},
143258
// Update, no ACLs
144259
{
145-
Config: resourceConfig(nil),
260+
Config: resourceConfig(nil, userResource["write_enabled_updated"]),
146261
Check: resource.ComposeAggregateTestCheckFunc(
147262
// Instance data
148263
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "project_id", instanceResource["project_id"]),
149264
resource.TestCheckResourceAttrSet("stackit_secretsmanager_instance.instance", "instance_id"),
150265
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "name", instanceResource["name"]),
151266
resource.TestCheckResourceAttr("stackit_secretsmanager_instance.instance", "acls.#", "0"),
267+
268+
// User
269+
resource.TestCheckResourceAttrPair(
270+
"stackit_secretsmanager_user.user", "project_id",
271+
"stackit_secretsmanager_instance.instance", "project_id",
272+
),
273+
resource.TestCheckResourceAttrPair(
274+
"stackit_secretsmanager_user.user", "instance_id",
275+
"stackit_secretsmanager_instance.instance", "instance_id",
276+
),
277+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "user_id"),
278+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "description", userResource["description"]),
279+
resource.TestCheckResourceAttr("stackit_secretsmanager_user.user", "write_enabled", userResource["write_enabled_updated"]),
280+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "username"),
281+
resource.TestCheckResourceAttrSet("stackit_secretsmanager_user.user", "password"),
152282
),
153283
},
154284
// Deletion is done by the framework implicitly

0 commit comments

Comments
 (0)