Merge branch 'master' into fix/pipeline-github-token

Author: ilia-medvedev-codefresh

.github/workflows/draft-release.yaml

@@ -10,6 +10,9 @@ on:
 jobs:
   update_release_draft:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: release-drafter/release-drafter@v5
         env:

.github/workflows/pull_request.yaml

@@ -13,8 +13,7 @@ jobs:
       - name: Generate Docs
         run: |
           export PATH=$PATH:/home/runner/go/bin
-          make docs-prepare
-          tfplugindocs generate
+          make docs
       - name: Validate No Changes
         run: |
           git diff --exit-code

GNUmakefile

@@ -6,15 +6,9 @@ PKG_NAME=codefresh
 NAMESPACE=app
 BINARY=terraform-provider-${PKG_NAME}
 OS_ARCH=darwin_amd64
-TFPLUGINDOCS_VERSION=v0.14.1
 
 default: build
 
-tools:
-	GO111MODULE=on go install github.com/client9/misspell/cmd/misspell
-	GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint
-	GO111MODULE=on go install github.com/bflad/tfproviderlint/cmd/tfproviderlint
-
 build: fmtcheck
 	go install
 	go build -o ${BINARY}
@@ -31,7 +25,7 @@ fmtcheck:
 
 lint:
 	@echo "==> Checking source code against linters..."
-	golangci-lint run ./...
+	go tool golangci-lint run ./...
 
 test: fmtcheck
 	go test -i $(TEST) || exit 1
@@ -58,13 +52,8 @@ vet:
 		exit 1; \
 	fi
 
-docs-prepare:
-	@echo "==> Setting up tfplugindocs..."
-	go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@${TFPLUGINDOCS_VERSION}
-
-docs: docs-prepare
+docs:
 	@echo "==> Generating Provider Documentation..."
-	tfplugindocs generate
-
-.PHONY: build test testacc vet fmt fmtcheck lint tools test-compile docs docs-prepare
+	go tool tfplugindocs generate
 
+.PHONY: build test testacc vet fmt fmtcheck lint test-compile docs docs-prepare

codefresh.yml

@@ -15,14 +15,14 @@ steps:
   go_fmt:
     title: "Formatting"
     stage: test
-    image: goreleaser/goreleaser:v1.17.0
+    image: golang:1.24.3-alpine3.21
     commands:
       - go fmt
 
   go_test:
     title: "Run tests"
     stage: test
-    image: golang:1.18.10-alpine3.17
+    image: golang:1.24.3-alpine3.21
     environment:
       - TF_ACC="test"
       - CGO_ENABLED=0
@@ -39,7 +39,7 @@ steps:
       # The following will resolve to their latest patch version
       environment:
         - TF_VERSION=1.3.0
-        - TF_VERSION=1.7.0
+        - TF_VERSION=1.11.4
     when:
       condition:
         all:

codefresh/cfclient/account.go

@@ -4,7 +4,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/imdario/mergo"
+	"dario.cat/mergo"
 )
 
 type DockerRegistry struct {

codefresh/cfclient/api_key.go

@@ -245,6 +245,95 @@ func (client *Client) GetApiKeysList() ([]ApiKey, error) {
 	return apiKeys, nil
 }
 
+func (client *Client) GetAPIKeyServiceUser(keyID string, serviceUserId string) (*ApiKey, error) {
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "GET",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var apiKey ApiKey
+
+	err = DecodeResponseInto(resp, &apiKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &apiKey, nil
+}
+
+func (client *Client) DeleteAPIKeyServiceUser(keyID string, serviceUserId string) error {
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "DELETE",
+	}
+
+	resp, err := client.RequestAPI(&opts)
+	if err != nil {
+		fmt.Println(string(resp))
+		return err
+	}
+
+	return nil
+}
+
+func (client *Client) UpdateAPIKeyServiceUser(key *ApiKey, serviceUserId string) error {
+
+	keyID := key.ID
+	if keyID == "" {
+		return errors.New("[ERROR] Key ID is empty")
+	}
+
+	body, err := EncodeToJSON(key)
+	if err != nil {
+		return err
+	}
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s/%s", serviceUserId, keyID),
+		Method: "PATCH",
+		Body:   body,
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		fmt.Println(string(resp))
+		return err
+	}
+
+	return nil
+}
+
+func (client *Client) CreateApiKeyServiceUser(serviceUserId string, apiKey *ApiKey) (string, error) {
+
+	body, err := EncodeToJSON(apiKey)
+	if err != nil {
+		return "", err
+	}
+
+	opts := RequestOptions{
+		Path:   fmt.Sprintf("/auth/key/service-user/%s", serviceUserId),
+		Method: "POST",
+		Body:   body,
+	}
+
+	resp, err := client.RequestAPI(&opts)
+
+	if err != nil {
+		return "", err
+	}
+
+	return string(resp), nil
+}
+
 func (client *Client) createRandomUser(accountId string) (string, error) {
 	// add user
 	userPrefix := acctest.RandString(10)

codefresh/cfclient/client.go

@@ -4,18 +4,19 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 )
 
 // Client token, host, htpp.Client
 type Client struct {
-	Token       string
-	TokenHeader string
-	Host        string
-	HostV2      string
-	Client      *http.Client
+	Token        string
+	TokenHeader  string
+	Host         string
+	HostV2       string
+	featureFlags map[string]bool
+	Client       *http.Client
 }
 
 // RequestOptions  path, method, etc
@@ -35,11 +36,12 @@ func NewClient(hostname string, hostnameV2 string, token string, tokenHeader str
 		tokenHeader = "Authorization"
 	}
 	return &Client{
-		Host:        hostname,
-		HostV2:      hostnameV2,
-		Token:       token,
-		TokenHeader: tokenHeader,
-		Client:      &http.Client{},
+		Host:         hostname,
+		HostV2:       hostnameV2,
+		Token:        token,
+		TokenHeader:  tokenHeader,
+		Client:       &http.Client{},
+		featureFlags: map[string]bool{},
 	}
 
 }
@@ -69,7 +71,7 @@ func (client *Client) RequestAPI(opt *RequestOptions) ([]byte, error) {
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("Failed to read body %v %v", resp.StatusCode, resp.Status)
 	}
@@ -101,7 +103,7 @@ func (client *Client) RequestApiXAccessToken(opt *RequestOptions) ([]byte, error
 	}
 	defer resp.Body.Close()
 
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, fmt.Errorf("Failed to read body %v %v", resp.StatusCode, resp.Status)
 	}
@@ -112,6 +114,25 @@ func (client *Client) RequestApiXAccessToken(opt *RequestOptions) ([]byte, error
 	return body, nil
 }
 
+func (client *Client) isFeatureFlagEnabled(flagName string) (bool, error) {
+
+	if len(client.featureFlags) == 0 {
+		currAcc, err := client.GetCurrentAccount()
+
+		if err != nil {
+			return false, err
+		}
+
+		client.featureFlags = currAcc.FeatureFlags
+	}
+
+	if val, ok := client.featureFlags[flagName]; ok {
+		return val, nil
+	}
+
+	return false, nil
+}
+
 // ToQS add extra parameters to path
 func ToQS(qs map[string]string) string {
 	var arr = []string{}

codefresh/cfclient/context.go

@@ -4,8 +4,16 @@ import (
 	"fmt"
 	"log"
 	"net/url"
+	"slices"
 )
 
+var encryptedContextTypes = []string{
+	"secret",
+	"secret-yaml",
+	"storage.s3",
+	"storage.azuref",
+}
+
 type ContextErrorResponse struct {
 	Status  int    `json:"status,omitempty"`
 	Message string `json:"message,omitempty"`
@@ -17,9 +25,10 @@ type ContextMetadata struct {
 }
 
 type Context struct {
-	Metadata ContextMetadata `json:"metadata,omitempty"`
-	Spec     ContextSpec     `json:"spec,omitempty"`
-	Version  string          `json:"version,omitempty"`
+	Metadata    ContextMetadata `json:"metadata,omitempty"`
+	Spec        ContextSpec     `json:"spec,omitempty"`
+	Version     string          `json:"version,omitempty"`
+	IsEncrypred bool            `json:"isEncrypted,omitempty"`
 }
 
 type ContextSpec struct {
@@ -32,7 +41,18 @@ func (context *Context) GetID() string {
 }
 
 func (client *Client) GetContext(name string) (*Context, error) {
-	fullPath := fmt.Sprintf("/contexts/%s?decrypt=true", url.PathEscape(name))
+	fullPath := fmt.Sprintf("/contexts/%s", url.PathEscape(name))
+
+	forbidDecrypt, err := client.isFeatureFlagEnabled("forbidDecrypt")
+
+	if err != nil {
+		forbidDecrypt = false
+	}
+
+	if !forbidDecrypt {
+		fullPath += "?decrypt=true"
+	}
+
 	opts := RequestOptions{
 		Path:   fullPath,
 		Method: "GET",
@@ -49,8 +69,17 @@ func (client *Client) GetContext(name string) (*Context, error) {
 		return nil, err
 	}
 
-	return &respContext, nil
+	// This is so not to break existing behavior while adding support for forbidDecrypt feature flag
+	// The provider used to always decrypt the contexts, hence we treat all contexts as decrypted unless forbidDecrypt is set
+	isEncryptedType := slices.Contains(encryptedContextTypes, respContext.Spec.Type)
+
+	respContext.IsEncrypred = false
 
+	if forbidDecrypt && isEncryptedType {
+		respContext.IsEncrypred = true
+	}
+
+	return &respContext, nil
 }
 
 func (client *Client) CreateContext(context *Context) (*Context, error) {