feat: [PL-58650]: Terraform Changes for Add support for configuring r…

…ecovery duration in AWS Secrets Manager Connector for secret deletion flow

docs/data-sources/platform_connector_aws_secret_manager.md

@@ -46,6 +46,8 @@ data "harness_platform_connector_aws_secret_manager" "example" {
 - `secret_name_prefix` (String) A prefix to be added to all secrets.
 - `tags` (Set of String) Tags to associate with the resource.
 - `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action.
+- `force_delete_without_recovery` (Boolean) Whether to force delete secret value or not.
+- `recovery_window_in_days` (Long)  recovery duration in days in AWS Secrets Manager.
 
 <a id="nestedatt--credentials"></a>
 ### Nested Schema for `credentials`

docs/resources/platform_connector_aws_secret_manager.md

@@ -75,6 +75,49 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
     }
   }
 }
+
+# Force delete true
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  identifier  = "identifier"
+  name        = "name"
+  description = "test"
+  tags        = ["foo:bar"]
+  default     = true
+
+  secret_name_prefix = "test"
+  region             = "us-east-1"
+  delegate_selectors = ["harness-delegate"]
+  force_delete_without_recovery     = true
+  credentials {
+    assume_role {
+      role_arn    = "somerolearn"
+      external_id = "externalid"
+      duration    = 900
+    }
+  }
+}
+
+
+# With recovery duration of 15 days
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  identifier  = "identifier"
+  name        = "name"
+  description = "test"
+  tags        = ["foo:bar"]
+  default     = true
+
+  secret_name_prefix = "test"
+  region             = "us-east-1"
+  delegate_selectors = ["harness-delegate"]
+  recovery_window_in_days     = 15
+  credentials {
+    assume_role {
+      role_arn    = "somerolearn"
+      external_id = "externalid"
+      duration    = 900
+    }
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -97,6 +140,8 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
 - `tags` (Set of String) Tags to associate with the resource.
 - `default` (Boolean) Use as Default Secrets Manager.
 - `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action.
+- `force_delete_without_recovery` (Boolean) Whether to force delete secret value or not.
+- `recovery_window_in_days` (Long)  recovery duration in days in AWS Secrets Manager.
 
 ### Read-Only
 

examples/resources/harness_platform_connector_aws_secret_manager/resource.tf

@@ -53,3 +53,46 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
     }
   }
 }
+
+
+# Force delete true
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  identifier  = "identifier"
+  name        = "name"
+  description = "test"
+  tags        = ["foo:bar"]
+
+  secret_name_prefix = "test"
+  region             = "us-east-1"
+  delegate_selectors = ["harness-delegate"]
+  default            = true
+  force_delete_without_recovery     = true
+  credentials {
+    assume_role {
+      role_arn    = "somerolearn"
+      external_id = "externalid"
+      duration    = 900
+    }
+  }
+}
+
+# With recovery duration of 15 days
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  identifier  = "identifier"
+  name        = "name"
+  description = "test"
+  tags        = ["foo:bar"]
+
+  secret_name_prefix = "test"
+  region             = "us-east-1"
+  delegate_selectors = ["harness-delegate"]
+  default            = true
+  recovery_window_in_days     = 15
+  credentials {
+    assume_role {
+      role_arn    = "somerolearn"
+      external_id = "externalid"
+      duration    = 900
+    }
+  }
+}

internal/service/platform/connector/secretManagers/aws_secret_manager.go

@@ -47,6 +47,16 @@ func ResourceConnectorAwsSM() *schema.Resource {
 				Type:        schema.TypeBool,
 				Optional:    true,
 			},
+			"force_delete_without_recovery": {
+				Description: "Whether to force delete secret value or not.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+			},
+			"recovery_window_in_days": {
+				Description: "Recovery duration in days in AWS Secrets Manager.",
+				Type:        schema.TypeInt,
+				Optional:    true,
+			},
 			"credentials": {
 				Description: "Credentials to connect to AWS.",
 				Type:        schema.TypeList,
@@ -193,6 +203,14 @@ func buildConnectorAwsSM(d *schema.ResourceData) *nextgen.ConnectorInfo {
 		connector.AwsSecretManager.UsePutSecret = attr.(bool)
 	}
 
+	if attr, ok := d.GetOk("recovery_window_in_days"); ok {
+		connector.AwsSecretManager.RecoveryWindowInDays = int64(attr.(int))
+	}
+
+	if attr, ok := d.GetOk("force_delete_without_recovery"); ok {
+		connector.AwsSecretManager.ForceDeleteWithoutRecovery = attr.(bool)
+	}
+
 	if attr, ok := d.GetOk("credentials"); ok {
 		config := attr.([]interface{})[0].(map[string]interface{})
 		connector.AwsSecretManager.Credential = &nextgen.AwsSecretManagerCredential{}
@@ -247,6 +265,9 @@ func readConnectorAwsSM(d *schema.ResourceData, connector *nextgen.ConnectorInfo
 	d.Set("delegate_selectors", connector.AwsSecretManager.DelegateSelectors)
 	d.Set("default", connector.AwsSecretManager.Default_)
 	d.Set("use_put_secret", connector.AwsSecretManager.UsePutSecret)
+	d.Set("recovery_window_in_days", connector.AwsSecretManager.RecoveryWindowInDays)
+	d.Set("force_delete_without_recovery", connector.AwsSecretManager.ForceDeleteWithoutRecovery)
+
 
 	switch connector.AwsSecretManager.Credential.Type_ {
 	case nextgen.AwsSecretManagerAuthTypes.AssumeIAMRole:

internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go

@@ -26,6 +26,16 @@ func DatasourceConnectorAwsSM() *schema.Resource {
 				Type:        schema.TypeBool,
 				Computed:    true,
 			},
+			"force_delete_without_recovery": {
+            	Description: "Whether to force delete secret value or not.",
+            	Type:        schema.TypeBool,
+            	Optional:    true,
+            },
+            "recovery_window_in_days": {
+            	Description: "Recovery duration in days in AWS Secrets Manager.",
+            	Type:        schema.TypeInt,
+            	Optional:    true,
+            },
 			"delegate_selectors": {
 				Description: "Tags to filter delegates for connection.",
 				Type:        schema.TypeSet,

internal/service/platform/connector/secretManagers/aws_secret_manager_test.go

@@ -300,6 +300,140 @@ func TestAccResourceConnectorAwsSM_manualWithUsePutSecretFalse(t *testing.T) {
 	})
 }
 
+func TestAccResourceConnectorAwsSM_manualWithForceDeleteWithoutRecoveryTrue(t *testing.T) {
+
+	id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))
+	name := id
+	updatedName := fmt.Sprintf("%s_updated", name)
+	resourceName := "harness_platform_connector_aws_secret_manager.test"
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.TestAccPreCheck(t) },
+		ProviderFactories: acctest.ProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"time": {},
+		},
+		CheckDestroy: testAccConnectorDestroy(resourceName),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourceConnectorAwsSM_manualWithForceDelete(id, name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", name),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"),
+					resource.TestCheckResourceAttr(resourceName, "force_delete_without_recovery", "true"),
+				),
+			},
+
+			{
+				Config: testAccResourceConnectorAwsSM_manualWithForceDelete(id, updatedName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"),
+					resource.TestCheckResourceAttr(resourceName, "force_delete_without_recovery", "true"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccResourceConnectorAwsSM_manualWithForceDeleteWithoutRecoveryTrue(id, name string) string {
+	return fmt.Sprintf(`
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  id                  = "%s"
+  identifier          = "%s"
+  name                = "%s"
+  description         = "test"
+  tags                = ["test"]
+  delegate_selectors  = ["test"]
+  secret_name_prefix  = "test"
+  use_put_secret      = "false"
+  force_delete_without_recovery        = true
+}
+`, id, id, name)
+}
+
+func TestAccResourceConnectorAwsSM_manualWithRecoveryWindow(t *testing.T) {
+
+	id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))
+	name := id
+	updatedName := fmt.Sprintf("%s_updated", name)
+	resourceName := "harness_platform_connector_aws_secret_manager.test"
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.TestAccPreCheck(t) },
+		ProviderFactories: acctest.ProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"time": {},
+		},
+		CheckDestroy: testAccConnectorDestroy(resourceName),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourceConnectorAwsSM_manualWithForceDeleteWithoutRecoveryAndRecoveryWindow(id, name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", name),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "recovery_window_in_days", "15"),
+				),
+			},
+			{
+				Config: testAccResourceConnectorAwsSM_manualWithForceDeleteWithoutRecoveryAndRecoveryWindow(id, updatedName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "recovery_window_in_days", "15"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccResourceConnectorAwsSM_manualWithRecoveryWindow(id, name string) string {
+	return fmt.Sprintf(`
+resource "harness_platform_connector_aws_secret_manager" "test" {
+  id                          = "%s"
+  identifier                  = "%s"
+  name                        = "%s"
+  description                 = "test"
+  tags                        = ["test"]
+  delegate_selectors          = ["test"]
+  secret_name_prefix          = "test"
+  recovery_window_in_days     = 15
+}
+`, id, id, name)
+}
+
 
 func TestProjectResourceConnectorAwsSM_manual(t *testing.T) {