feat: [PL-58653]: Add support in AWS SM for update based on put secre…

…t flag (#1118)
harness · Dec 24, 2024 · a89c456 · a89c456
1 parent 1f9e4d1
commit a89c456
Show file tree

Hide file tree

Showing 6 changed files with 125 additions and 0 deletions.
diff --git a/docs/data-sources/platform_connector_aws_secret_manager.md b/docs/data-sources/platform_connector_aws_secret_manager.md
@@ -45,6 +45,7 @@ data "harness_platform_connector_aws_secret_manager" "example" {
 - `region` (String) The AWS region where the AWS Secret Manager is.
 - `secret_name_prefix` (String) A prefix to be added to all secrets.
 - `tags` (Set of String) Tags to associate with the resource.
+- `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action.
 
 <a id="nestedatt--credentials"></a>
 ### Nested Schema for `credentials`

diff --git a/docs/resources/platform_connector_aws_secret_manager.md b/docs/resources/platform_connector_aws_secret_manager.md
@@ -29,6 +29,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   secret_name_prefix = "test"
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
+  use_put_secret     = false
   credentials {
     inherit_from_delegate = true
   }
@@ -45,6 +46,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   secret_name_prefix = "test"
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
+  use_put_secret     = false
   credentials {
     manual {
       secret_key_ref = "account.secret_id"
@@ -64,6 +66,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   secret_name_prefix = "test"
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
+  use_put_secret     = false
   credentials {
     assume_role {
       role_arn    = "somerolearn"
@@ -93,6 +96,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
 - `secret_name_prefix` (String) A prefix to be added to all secrets.
 - `tags` (Set of String) Tags to associate with the resource.
 - `default` (Boolean) Use as Default Secrets Manager.
+- `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action.
 
 ### Read-Only
 

diff --git a/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf b/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf
@@ -8,6 +8,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   secret_name_prefix = "test"
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
+  use_put_secret     = false
   credentials {
     inherit_from_delegate = true
   }
@@ -23,6 +24,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   secret_name_prefix = "test"
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
+  use_put_secret     = false
   credentials {
     manual {
       secret_key_ref = "account.secret_id"
@@ -42,6 +44,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" {
   region             = "us-east-1"
   delegate_selectors = ["harness-delegate"]
   default            = true
+  use_put_secret     = false
   credentials {
     assume_role {
       role_arn    = "somerolearn"

diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager.go b/internal/service/platform/connector/secretManagers/aws_secret_manager.go
@@ -42,6 +42,11 @@ func ResourceConnectorAwsSM() *schema.Resource {
 				Type:        schema.TypeBool,
 				Optional:    true,
 			},
+			"use_put_secret": {
+				Description: "Whether to update secret value using putSecretValue action.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+			},
 			"credentials": {
 				Description: "Credentials to connect to AWS.",
 				Type:        schema.TypeList,
@@ -184,6 +189,10 @@ func buildConnectorAwsSM(d *schema.ResourceData) *nextgen.ConnectorInfo {
 		connector.AwsSecretManager.Default_ = attr.(bool)
 	}
 
+	if attr, ok := d.GetOk("use_put_secret"); ok {
+		connector.AwsSecretManager.UsePutSecret = attr.(bool)
+	}
+
 	if attr, ok := d.GetOk("credentials"); ok {
 		config := attr.([]interface{})[0].(map[string]interface{})
 		connector.AwsSecretManager.Credential = &nextgen.AwsSecretManagerCredential{}
@@ -237,6 +246,7 @@ func readConnectorAwsSM(d *schema.ResourceData, connector *nextgen.ConnectorInfo
 	d.Set("region", connector.AwsSecretManager.Region)
 	d.Set("delegate_selectors", connector.AwsSecretManager.DelegateSelectors)
 	d.Set("default", connector.AwsSecretManager.Default_)
+	d.Set("use_put_secret", connector.AwsSecretManager.UsePutSecret)
 
 	switch connector.AwsSecretManager.Credential.Type_ {
 	case nextgen.AwsSecretManagerAuthTypes.AssumeIAMRole:

diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go b/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go
@@ -21,6 +21,11 @@ func DatasourceConnectorAwsSM() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
+			"use_put_secret": {
+				Description: "Whether to update secret value using putSecretValue action.",
+				Type:        schema.TypeBool,
+				Computed:    true,
+			},
 			"delegate_selectors": {
 				Description: "Tags to filter delegates for connection.",
 				Type:        schema.TypeSet,

diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go b/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go
@@ -199,6 +199,108 @@ func TestAccResourceConnectorAwsSM_manual(t *testing.T) {
 		},
 	})
 }
+
+func TestAccResourceConnectorAwsSM_manualWithUsePutSecretTrue(t *testing.T) {
+
+	id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))
+	name := id
+	updatedName := fmt.Sprintf("%s_updated", name)
+	resourceName := "harness_platform_connector_aws_secret_manager.test"
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.TestAccPreCheck(t) },
+		ProviderFactories: acctest.ProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"time": {},
+		},
+		CheckDestroy: testAccConnectorDestroy(resourceName),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourceConnectorAwsSM_manual(id, name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", name),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "true"),
+				),
+			},
+			{
+				Config: testAccResourceConnectorAwsSM_manual(id, updatedName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "true"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccResourceConnectorAwsSM_manualWithUsePutSecretFalse(t *testing.T) {
+
+	id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))
+	name := id
+	updatedName := fmt.Sprintf("%s_updated", name)
+	resourceName := "harness_platform_connector_aws_secret_manager.test"
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.TestAccPreCheck(t) },
+		ProviderFactories: acctest.ProviderFactories,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"time": {},
+		},
+		CheckDestroy: testAccConnectorDestroy(resourceName),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourceConnectorAwsSM_manual(id, name),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", name),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"),
+				),
+			},
+			{
+				Config: testAccResourceConnectorAwsSM_manual(id, updatedName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "id", id),
+					resource.TestCheckResourceAttr(resourceName, "identifier", id),
+					resource.TestCheckResourceAttr(resourceName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceName, "description", "test"),
+					resource.TestCheckResourceAttr(resourceName, "tags.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"),
+					resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+
 func TestProjectResourceConnectorAwsSM_manual(t *testing.T) {
 
 	id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))