diff --git a/docs/data-sources/platform_connector_aws_secret_manager.md b/docs/data-sources/platform_connector_aws_secret_manager.md index bc8f73f21..5c33cce1d 100644 --- a/docs/data-sources/platform_connector_aws_secret_manager.md +++ b/docs/data-sources/platform_connector_aws_secret_manager.md @@ -45,6 +45,7 @@ data "harness_platform_connector_aws_secret_manager" "example" { - `region` (String) The AWS region where the AWS Secret Manager is. - `secret_name_prefix` (String) A prefix to be added to all secrets. - `tags` (Set of String) Tags to associate with the resource. +- `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action. ### Nested Schema for `credentials` diff --git a/docs/resources/platform_connector_aws_secret_manager.md b/docs/resources/platform_connector_aws_secret_manager.md index 5410fb41e..08c4d3841 100644 --- a/docs/resources/platform_connector_aws_secret_manager.md +++ b/docs/resources/platform_connector_aws_secret_manager.md @@ -29,6 +29,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { secret_name_prefix = "test" region = "us-east-1" delegate_selectors = ["harness-delegate"] + use_put_secret = false credentials { inherit_from_delegate = true } @@ -45,6 +46,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { secret_name_prefix = "test" region = "us-east-1" delegate_selectors = ["harness-delegate"] + use_put_secret = false credentials { manual { secret_key_ref = "account.secret_id" @@ -64,6 +66,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { secret_name_prefix = "test" region = "us-east-1" delegate_selectors = ["harness-delegate"] + use_put_secret = false credentials { assume_role { role_arn = "somerolearn" @@ -93,6 +96,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { - `secret_name_prefix` (String) A prefix to be added to all secrets. - `tags` (Set of String) Tags to associate with the resource. - `default` (Boolean) Use as Default Secrets Manager. +- `use_put_secret` (Boolean) Whether to update secret value using putSecretValue action. ### Read-Only diff --git a/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf b/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf index 815c52abf..b17d786c6 100644 --- a/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf +++ b/examples/resources/harness_platform_connector_aws_secret_manager/resource.tf @@ -8,6 +8,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { secret_name_prefix = "test" region = "us-east-1" delegate_selectors = ["harness-delegate"] + use_put_secret = false credentials { inherit_from_delegate = true } @@ -23,6 +24,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { secret_name_prefix = "test" region = "us-east-1" delegate_selectors = ["harness-delegate"] + use_put_secret = false credentials { manual { secret_key_ref = "account.secret_id" @@ -42,6 +44,7 @@ resource "harness_platform_connector_aws_secret_manager" "test" { region = "us-east-1" delegate_selectors = ["harness-delegate"] default = true + use_put_secret = false credentials { assume_role { role_arn = "somerolearn" diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager.go b/internal/service/platform/connector/secretManagers/aws_secret_manager.go index 42f0abac9..3af0a4055 100644 --- a/internal/service/platform/connector/secretManagers/aws_secret_manager.go +++ b/internal/service/platform/connector/secretManagers/aws_secret_manager.go @@ -42,6 +42,11 @@ func ResourceConnectorAwsSM() *schema.Resource { Type: schema.TypeBool, Optional: true, }, + "use_put_secret": { + Description: "Whether to update secret value using putSecretValue action.", + Type: schema.TypeBool, + Optional: true, + }, "credentials": { Description: "Credentials to connect to AWS.", Type: schema.TypeList, @@ -184,6 +189,10 @@ func buildConnectorAwsSM(d *schema.ResourceData) *nextgen.ConnectorInfo { connector.AwsSecretManager.Default_ = attr.(bool) } + if attr, ok := d.GetOk("use_put_secret"); ok { + connector.AwsSecretManager.UsePutSecret = attr.(bool) + } + if attr, ok := d.GetOk("credentials"); ok { config := attr.([]interface{})[0].(map[string]interface{}) connector.AwsSecretManager.Credential = &nextgen.AwsSecretManagerCredential{} @@ -237,6 +246,7 @@ func readConnectorAwsSM(d *schema.ResourceData, connector *nextgen.ConnectorInfo d.Set("region", connector.AwsSecretManager.Region) d.Set("delegate_selectors", connector.AwsSecretManager.DelegateSelectors) d.Set("default", connector.AwsSecretManager.Default_) + d.Set("use_put_secret", connector.AwsSecretManager.UsePutSecret) switch connector.AwsSecretManager.Credential.Type_ { case nextgen.AwsSecretManagerAuthTypes.AssumeIAMRole: diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go b/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go index 65a7d62bb..9ad2b3237 100644 --- a/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go +++ b/internal/service/platform/connector/secretManagers/aws_secret_manager_data_source.go @@ -21,6 +21,11 @@ func DatasourceConnectorAwsSM() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "use_put_secret": { + Description: "Whether to update secret value using putSecretValue action.", + Type: schema.TypeBool, + Computed: true, + }, "delegate_selectors": { Description: "Tags to filter delegates for connection.", Type: schema.TypeSet, diff --git a/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go b/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go index c5fad8ce8..d7204880d 100644 --- a/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go +++ b/internal/service/platform/connector/secretManagers/aws_secret_manager_test.go @@ -199,6 +199,108 @@ func TestAccResourceConnectorAwsSM_manual(t *testing.T) { }, }) } + +func TestAccResourceConnectorAwsSM_manualWithUsePutSecretTrue(t *testing.T) { + + id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5)) + name := id + updatedName := fmt.Sprintf("%s_updated", name) + resourceName := "harness_platform_connector_aws_secret_manager.test" + + resource.UnitTest(t, resource.TestCase{ + PreCheck: func() { acctest.TestAccPreCheck(t) }, + ProviderFactories: acctest.ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "time": {}, + }, + CheckDestroy: testAccConnectorDestroy(resourceName), + Steps: []resource.TestStep{ + { + Config: testAccResourceConnectorAwsSM_manual(id, name), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "id", id), + resource.TestCheckResourceAttr(resourceName, "identifier", id), + resource.TestCheckResourceAttr(resourceName, "name", name), + resource.TestCheckResourceAttr(resourceName, "description", "test"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"), + resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"), + resource.TestCheckResourceAttr(resourceName, "use_put_secret", "true"), + ), + }, + { + Config: testAccResourceConnectorAwsSM_manual(id, updatedName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "id", id), + resource.TestCheckResourceAttr(resourceName, "identifier", id), + resource.TestCheckResourceAttr(resourceName, "name", updatedName), + resource.TestCheckResourceAttr(resourceName, "description", "test"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"), + resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"), + resource.TestCheckResourceAttr(resourceName, "use_put_secret", "true"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccResourceConnectorAwsSM_manualWithUsePutSecretFalse(t *testing.T) { + + id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5)) + name := id + updatedName := fmt.Sprintf("%s_updated", name) + resourceName := "harness_platform_connector_aws_secret_manager.test" + + resource.UnitTest(t, resource.TestCase{ + PreCheck: func() { acctest.TestAccPreCheck(t) }, + ProviderFactories: acctest.ProviderFactories, + ExternalProviders: map[string]resource.ExternalProvider{ + "time": {}, + }, + CheckDestroy: testAccConnectorDestroy(resourceName), + Steps: []resource.TestStep{ + { + Config: testAccResourceConnectorAwsSM_manual(id, name), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "id", id), + resource.TestCheckResourceAttr(resourceName, "identifier", id), + resource.TestCheckResourceAttr(resourceName, "name", name), + resource.TestCheckResourceAttr(resourceName, "description", "test"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"), + resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"), + resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"), + ), + }, + { + Config: testAccResourceConnectorAwsSM_manual(id, updatedName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, "id", id), + resource.TestCheckResourceAttr(resourceName, "identifier", id), + resource.TestCheckResourceAttr(resourceName, "name", updatedName), + resource.TestCheckResourceAttr(resourceName, "description", "test"), + resource.TestCheckResourceAttr(resourceName, "tags.#", "1"), + resource.TestCheckResourceAttr(resourceName, "delegate_selectors.#", "1"), + resource.TestCheckResourceAttr(resourceName, "secret_name_prefix", "test"), + resource.TestCheckResourceAttr(resourceName, "use_put_secret", "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + + func TestProjectResourceConnectorAwsSM_manual(t *testing.T) { id := fmt.Sprintf("%s_%s", t.Name(), utils.RandStringBytes(5))