Skip to content

Commit 22e47a6

Browse files
yonatanyellYonathan-YellinAvi RibchinskyTatyanaBolIdanAdar
authored
SM fixes (#5045)
* SC addition * SC addition * SC addition * update function updated * SC unit tests added * SC unit tests added * d * tests fixes * tests fixes * update sdk * .secrets.baseline update * .secrets.baseline update * .secrets.baseline update * Update sm_service_credentials_secret_metadata.html.markdown * bugs fixes * bugs fixes * bugs fixes * docs bugs fixes * preferred_chain added for public cert lets encrypt configuration * support for creating secret version for username password & version_custom_metadata for all * support for creating secret version for username password & version_custom_metadata for all * support for creating secret version for username password & version_custom_metadata for all * support for creating secret version for username password & version_custom_metadata for all * support for creating secret version for username password & version_custom_metadata for all * support for creating secret version for username password & version_custom_metadata for all --------- Co-authored-by: Yonathan-Yellin <[email protected]> Co-authored-by: Avi Ribchinsky <[email protected]> Co-authored-by: Tatyana <[email protected]> Co-authored-by: Idan Adar <[email protected]>
1 parent d03d3a9 commit 22e47a6

11 files changed

+233
-38
lines changed

.secrets.baseline

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
"files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
44
"lines": null
55
},
6-
"generated_at": "2024-01-17T17:15:00Z",
6+
"generated_at": "2024-01-17T13:22:37Z",
77
"plugins_used": [
88
{
99
"name": "AWSKeyDetector"
@@ -760,23 +760,23 @@
760760
"hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004",
761761
"is_secret": false,
762762
"is_verified": false,
763-
"line_number": 434,
763+
"line_number": 432,
764764
"type": "Secret Keyword",
765765
"verified_result": null
766766
},
767767
{
768768
"hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7",
769769
"is_secret": false,
770770
"is_verified": false,
771-
"line_number": 440,
771+
"line_number": 438,
772772
"type": "Secret Keyword",
773773
"verified_result": null
774774
},
775775
{
776776
"hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6",
777777
"is_secret": false,
778778
"is_verified": false,
779-
"line_number": 1175,
779+
"line_number": 1161,
780780
"type": "Base64 High Entropy String",
781781
"verified_result": null
782782
}
@@ -2964,7 +2964,7 @@
29642964
"hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd",
29652965
"is_secret": false,
29662966
"is_verified": false,
2967-
"line_number": 1107,
2967+
"line_number": 1115,
29682968
"type": "Secret Keyword",
29692969
"verified_result": null
29702970
}
@@ -2992,7 +2992,7 @@
29922992
"hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd",
29932993
"is_secret": false,
29942994
"is_verified": false,
2995-
"line_number": 509,
2995+
"line_number": 513,
29962996
"type": "Secret Keyword",
29972997
"verified_result": null
29982998
}
@@ -3526,23 +3526,23 @@
35263526
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
35273527
"is_secret": false,
35283528
"is_verified": false,
3529-
"line_number": 198,
3529+
"line_number": 197,
35303530
"type": "Secret Keyword",
35313531
"verified_result": null
35323532
},
35333533
{
35343534
"hashed_secret": "108b310facc1a193833fc2971fd83081f775ea0c",
35353535
"is_secret": false,
35363536
"is_verified": false,
3537-
"line_number": 389,
3537+
"line_number": 388,
35383538
"type": "Secret Keyword",
35393539
"verified_result": null
35403540
},
35413541
{
35423542
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
35433543
"is_secret": false,
35443544
"is_verified": false,
3545-
"line_number": 392,
3545+
"line_number": 391,
35463546
"type": "Secret Keyword",
35473547
"verified_result": null
35483548
}
@@ -3562,23 +3562,23 @@
35623562
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
35633563
"is_secret": false,
35643564
"is_verified": false,
3565-
"line_number": 109,
3565+
"line_number": 108,
35663566
"type": "Secret Keyword",
35673567
"verified_result": null
35683568
},
35693569
{
35703570
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
35713571
"is_secret": false,
35723572
"is_verified": false,
3573-
"line_number": 430,
3573+
"line_number": 429,
35743574
"type": "Secret Keyword",
35753575
"verified_result": null
35763576
},
35773577
{
35783578
"hashed_secret": "9beb31de125498074813c6f31c0e4df3e54a5489",
35793579
"is_secret": false,
35803580
"is_verified": false,
3581-
"line_number": 646,
3581+
"line_number": 645,
35823582
"type": "Secret Keyword",
35833583
"verified_result": null
35843584
}
@@ -3606,15 +3606,15 @@
36063606
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
36073607
"is_secret": false,
36083608
"is_verified": false,
3609-
"line_number": 297,
3609+
"line_number": 296,
36103610
"type": "Secret Keyword",
36113611
"verified_result": null
36123612
},
36133613
{
36143614
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
36153615
"is_secret": false,
36163616
"is_verified": false,
3617-
"line_number": 538,
3617+
"line_number": 537,
36183618
"type": "Secret Keyword",
36193619
"verified_result": null
36203620
}
@@ -3660,15 +3660,15 @@
36603660
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
36613661
"is_secret": false,
36623662
"is_verified": false,
3663-
"line_number": 397,
3663+
"line_number": 396,
36643664
"type": "Secret Keyword",
36653665
"verified_result": null
36663666
},
36673667
{
36683668
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
36693669
"is_secret": false,
36703670
"is_verified": false,
3671-
"line_number": 637,
3671+
"line_number": 636,
36723672
"type": "Secret Keyword",
36733673
"verified_result": null
36743674
}
@@ -3688,15 +3688,15 @@
36883688
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
36893689
"is_secret": false,
36903690
"is_verified": false,
3691-
"line_number": 39,
3691+
"line_number": 44,
36923692
"type": "Secret Keyword",
36933693
"verified_result": null
36943694
},
36953695
{
36963696
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
36973697
"is_secret": false,
36983698
"is_verified": false,
3699-
"line_number": 144,
3699+
"line_number": 152,
37003700
"type": "Secret Keyword",
37013701
"verified_result": null
37023702
}
@@ -3788,15 +3788,15 @@
37883788
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
37893789
"is_secret": false,
37903790
"is_verified": false,
3791-
"line_number": 190,
3791+
"line_number": 189,
37923792
"type": "Secret Keyword",
37933793
"verified_result": null
37943794
},
37953795
{
37963796
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
37973797
"is_secret": false,
37983798
"is_verified": false,
3799-
"line_number": 443,
3799+
"line_number": 442,
38003800
"type": "Secret Keyword",
38013801
"verified_result": null
38023802
}
@@ -3806,15 +3806,15 @@
38063806
"hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4",
38073807
"is_secret": false,
38083808
"is_verified": false,
3809-
"line_number": 124,
3809+
"line_number": 123,
38103810
"type": "Secret Keyword",
38113811
"verified_result": null
38123812
},
38133813
{
38143814
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
38153815
"is_secret": false,
38163816
"is_verified": false,
3817-
"line_number": 356,
3817+
"line_number": 354,
38183818
"type": "Secret Keyword",
38193819
"verified_result": null
38203820
}

ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,6 @@ func ResourceIbmSmArbitrarySecret() *schema.Resource {
8484
"version_custom_metadata": &schema.Schema{
8585
Type: schema.TypeMap,
8686
Optional: true,
87-
Computed: true,
8887
Description: "The secret version metadata that a user can customize.",
8988
Elem: &schema.Schema{Type: schema.TypeString},
9089
},
@@ -422,7 +421,7 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou
422421
// Apply change to version_custom_metadata in current version
423422
secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch)
424423
secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{})
425-
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch()
424+
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel)
426425

427426
updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{}
428427
updateSecretVersionOptions.SetSecretID(secretId)

ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,6 @@ func ResourceIbmSmIamCredentialsSecret() *schema.Resource {
126126
"version_custom_metadata": &schema.Schema{
127127
Type: schema.TypeMap,
128128
Optional: true,
129-
ForceNew: true,
130129
Description: "The secret version metadata that a user can customize.",
131130
Elem: &schema.Schema{Type: schema.TypeString},
132131
},
@@ -408,6 +407,24 @@ func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.Re
408407
return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err))
409408
}
410409

410+
// Call get version metadata API to get the current version_custom_metadata
411+
getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{}
412+
getVersionMetdataOptions.SetSecretID(secretId)
413+
getVersionMetdataOptions.SetID("current")
414+
415+
versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions)
416+
if err != nil {
417+
log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response)
418+
return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response))
419+
}
420+
421+
versionMetadata := versionMetadataIntf.(*secretsmanagerv2.IAMCredentialsSecretVersionMetadata)
422+
if versionMetadata.VersionCustomMetadata != nil {
423+
if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil {
424+
return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err))
425+
}
426+
}
427+
411428
return nil
412429
}
413430

@@ -475,6 +492,27 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema.
475492
}
476493
}
477494

495+
if d.HasChange("version_custom_metadata") {
496+
// Apply change to version_custom_metadata in current version
497+
secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch)
498+
secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{})
499+
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel)
500+
501+
updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{}
502+
updateSecretVersionOptions.SetSecretID(secretId)
503+
updateSecretVersionOptions.SetID("current")
504+
updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch)
505+
_, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions)
506+
if err != nil {
507+
if hasChange {
508+
// Call the read function to update the Terraform state with the change already applied to the metadata
509+
resourceIbmSmIamCredentialsSecretRead(context, d, meta)
510+
}
511+
log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)
512+
return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response))
513+
}
514+
}
515+
478516
return resourceIbmSmIamCredentialsSecretRead(context, d, meta)
479517
}
480518

ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,6 @@ func ResourceIbmSmImportedCertificate() *schema.Resource {
7878
"version_custom_metadata": &schema.Schema{
7979
Type: schema.TypeMap,
8080
Optional: true,
81-
Computed: true,
8281
Description: "The secret version metadata that a user can customize.",
8382
Elem: &schema.Schema{Type: schema.TypeString},
8483
},
@@ -537,7 +536,7 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R
537536
// Apply change to version_custom_metadata in current version
538537
secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch)
539538
secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{})
540-
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch()
539+
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel)
541540

542541
updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{}
543542
updateSecretVersionOptions.SetSecretID(secretId)

ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,6 @@ func ResourceIbmSmKvSecret() *schema.Resource {
7575
"version_custom_metadata": &schema.Schema{
7676
Type: schema.TypeMap,
7777
Optional: true,
78-
Computed: true,
7978
Description: "The secret version metadata that a user can customize.",
8079
Elem: &schema.Schema{Type: schema.TypeString},
8180
},
@@ -396,7 +395,7 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData
396395
// Apply change to version_custom_metadata in current version
397396
secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch)
398397
secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{})
399-
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch()
398+
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel)
400399

401400
updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{}
402401
updateSecretVersionOptions.SetSecretID(secretId)

ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,6 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource {
168168
},
169169
"version_custom_metadata": &schema.Schema{
170170
Type: schema.TypeMap,
171-
ForceNew: true,
172171
Optional: true,
173172
Description: "The secret version metadata that a user can customize.",
174173
Elem: &schema.Schema{Type: schema.TypeString},
@@ -545,6 +544,24 @@ func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Reso
545544
return diag.FromErr(fmt.Errorf("Error setting ca_chain: %s", err))
546545
}
547546
}
547+
548+
// Call get version metadata API to get the current version_custom_metadata
549+
getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{}
550+
getVersionMetdataOptions.SetSecretID(secretId)
551+
getVersionMetdataOptions.SetID("current")
552+
553+
versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions)
554+
if err != nil {
555+
log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response)
556+
return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response))
557+
}
558+
559+
versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PrivateCertificateVersionMetadata)
560+
if versionMetadata.VersionCustomMetadata != nil {
561+
if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil {
562+
return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err))
563+
}
564+
}
548565
return nil
549566
}
550567

@@ -608,6 +625,27 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re
608625
}
609626
}
610627

628+
if d.HasChange("version_custom_metadata") {
629+
// Apply change to version_custom_metadata in current version
630+
secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch)
631+
secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{})
632+
secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel)
633+
634+
updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{}
635+
updateSecretVersionOptions.SetSecretID(secretId)
636+
updateSecretVersionOptions.SetID("current")
637+
updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch)
638+
_, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions)
639+
if err != nil {
640+
if hasChange {
641+
// Call the read function to update the Terraform state with the change already applied to the metadata
642+
resourceIbmSmPrivateCertificateRead(context, d, meta)
643+
}
644+
log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)
645+
return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response))
646+
}
647+
}
648+
611649
return resourceIbmSmPrivateCertificateRead(context, d, meta)
612650
}
613651

0 commit comments

Comments
 (0)