Make type assertions more defensive on the secret manager datasources (#11990) (#20255)

[upstream:61269cf1023057d2a5ba80fa6a1b6e408e4d57a1]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/11990.txt

@@ -0,0 +1,2 @@
+```release-note:none
+```

google/services/secretmanager/data_source_secret_manager_secret_version.go

@@ -70,19 +70,27 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		return err
 	}
 
-	fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false)
+	dSecret, ok := d.Get("secret").(string)
+	if !ok {
+		return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
+	}
+
+	fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false)
 	if err != nil {
 		return err
 	}
-	if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project {
-		return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project)
-	}
 	project := fv.Project
+	if dProject, ok := d.Get("project").(string); !ok {
+		return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
+	} else if dProject != "" && dProject != project {
+		return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
+	}
+
 	if err := d.Set("project", project); err != nil {
-		return fmt.Errorf("Error setting project: %s", err)
+		return fmt.Errorf("error setting project: %s", err)
 	}
 	if err := d.Set("secret", fv.Name); err != nil {
-		return fmt.Errorf("Error setting secret: %s", err)
+		return fmt.Errorf("error setting secret: %s", err)
 	}
 
 	var url string
@@ -109,21 +117,26 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		UserAgent: userAgent,
 	})
 	if err != nil {
-		return fmt.Errorf("Error retrieving available secret manager secret versions: %s", err.Error())
+		return fmt.Errorf("error retrieving available secret manager secret versions: %s", err.Error())
 	}
 
 	secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$")
 
-	parts := secretVersionRegex.FindStringSubmatch(version["name"].(string))
+	nameValue, ok := version["name"]
+	if !ok {
+		return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
+	}
+
+	parts := secretVersionRegex.FindStringSubmatch(nameValue.(string))
 	// should return [full string, project number, secret name, version number]
 	if len(parts) != 4 {
-		panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", version["name"].(string)))
+		return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
 	}
 
 	log.Printf("[DEBUG] Received Google SecretManager Version: %q", version)
 
 	if err := d.Set("version", parts[3]); err != nil {
-		return fmt.Errorf("Error setting version: %s", err)
+		return fmt.Errorf("error setting version: %s", err)
 	}
 
 	url = fmt.Sprintf("%s:access", url)
@@ -135,22 +148,22 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		UserAgent: userAgent,
 	})
 	if err != nil {
-		return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error())
+		return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
 	}
 
 	if err := d.Set("create_time", version["createTime"].(string)); err != nil {
-		return fmt.Errorf("Error setting create_time: %s", err)
+		return fmt.Errorf("error setting create_time: %s", err)
 	}
 	if version["destroyTime"] != nil {
 		if err := d.Set("destroy_time", version["destroyTime"].(string)); err != nil {
-			return fmt.Errorf("Error setting destroy_time: %s", err)
+			return fmt.Errorf("error setting destroy_time: %s", err)
 		}
 	}
-	if err := d.Set("name", version["name"].(string)); err != nil {
-		return fmt.Errorf("Error setting name: %s", err)
+	if err := d.Set("name", nameValue.(string)); err != nil {
+		return fmt.Errorf("error setting name: %s", err)
 	}
 	if err := d.Set("enabled", true); err != nil {
-		return fmt.Errorf("Error setting enabled: %s", err)
+		return fmt.Errorf("error setting enabled: %s", err)
 	}
 
 	data := resp["payload"].(map[string]interface{})
@@ -165,9 +178,9 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		secretData = string(payloadData)
 	}
 	if err := d.Set("secret_data", secretData); err != nil {
-		return fmt.Errorf("Error setting secret_data: %s", err)
+		return fmt.Errorf("error setting secret_data: %s", err)
 	}
 
-	d.SetId(version["name"].(string))
+	d.SetId(nameValue.(string))
 	return nil
 }

google/services/secretmanager/data_source_secret_manager_secret_version_access.go

@@ -58,19 +58,28 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
 		return err
 	}
 
-	fv, err := tpgresource.ParseProjectFieldValue("secrets", d.Get("secret").(string), "project", d, config, false)
+	dSecret, ok := d.Get("secret").(string)
+	if !ok {
+		return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
+	}
+
+	fv, err := tpgresource.ParseProjectFieldValue("secrets", dSecret, "project", d, config, false)
 	if err != nil {
 		return err
 	}
-	if d.Get("project").(string) != "" && d.Get("project").(string) != fv.Project {
-		return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), fv.Project)
-	}
+
 	project := fv.Project
+	if dProject, ok := d.Get("project").(string); !ok {
+		return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
+	} else if dProject != "" && dProject != project {
+		return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
+	}
+
 	if err := d.Set("project", project); err != nil {
-		return fmt.Errorf("Error setting project: %s", err)
+		return fmt.Errorf("error setting project: %s", err)
 	}
 	if err := d.Set("secret", fv.Name); err != nil {
-		return fmt.Errorf("Error setting secret: %s", err)
+		return fmt.Errorf("error setting secret: %s", err)
 	}
 
 	var url string
@@ -97,25 +106,29 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
 		UserAgent: userAgent,
 	})
 	if err != nil {
-		return fmt.Errorf("Error retrieving available secret manager secret version access: %s", err.Error())
+		return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
 	}
 
-	if err := d.Set("name", resp["name"].(string)); err != nil {
-		return fmt.Errorf("Error setting name: %s", err)
+	nameValue, ok := resp["name"]
+	if !ok {
+		return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
+	}
+	if err := d.Set("name", nameValue.(string)); err != nil {
+		return fmt.Errorf("error setting name: %s", err)
 	}
 
 	secretVersionRegex := regexp.MustCompile("projects/(.+)/secrets/(.+)/versions/(.+)$")
 
-	parts := secretVersionRegex.FindStringSubmatch(resp["name"].(string))
+	parts := secretVersionRegex.FindStringSubmatch(nameValue.(string))
 	// should return [full string, project number, secret name, version number]
 	if len(parts) != 4 {
-		panic(fmt.Sprintf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", resp["name"].(string)))
+		return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
 	}
 
 	log.Printf("[DEBUG] Received Google SecretManager Version: %q", parts[3])
 
 	if err := d.Set("version", parts[3]); err != nil {
-		return fmt.Errorf("Error setting version: %s", err)
+		return fmt.Errorf("error setting version: %s", err)
 	}
 
 	data := resp["payload"].(map[string]interface{})
@@ -130,9 +143,9 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta
 		secretData = string(payloadData)
 	}
 	if err := d.Set("secret_data", secretData); err != nil {
-		return fmt.Errorf("Error setting secret_data: %s", err)
+		return fmt.Errorf("error setting secret_data: %s", err)
 	}
 
-	d.SetId(resp["name"].(string))
+	d.SetId(nameValue.(string))
 	return nil
 }

google/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go

@@ -88,38 +88,46 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
 	}
 
 	secretRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)$")
-	parts := secretRegex.FindStringSubmatch(d.Get("secret").(string))
+	dSecret, ok := d.Get("secret").(string)
+	if !ok {
+		return fmt.Errorf("wrong type for secret field (%T), expected string", d.Get("secret"))
+	}
+	parts := secretRegex.FindStringSubmatch(dSecret)
 
 	var project string
 
 	// if reference of the secret is provided in the secret field
 	if len(parts) == 4 {
 		// Store values of project to set in state
 		project = parts[1]
-		if d.Get("project").(string) != "" && d.Get("project").(string) != parts[1] {
-			return fmt.Errorf("The project set on this secret version (%s) is not equal to the project where this secret exists (%s).", d.Get("project").(string), parts[1])
+		if dProject, ok := d.Get("project").(string); !ok {
+			return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
+		} else if dProject != "" && dProject != project {
+			return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
 		}
-		if d.Get("location").(string) != "" && d.Get("location").(string) != parts[2] {
-			return fmt.Errorf("The location set on this secret version (%s) is not equal to the location where this secret exists (%s).", d.Get("location").(string), parts[2])
+		if dLocation, ok := d.Get("location").(string); !ok {
+			return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location"))
+		} else if dLocation != "" && dLocation != parts[2] {
+			return fmt.Errorf("location field value (%s) does not match location of secret (%s).", dLocation, parts[2])
 		}
 		if err := d.Set("location", parts[2]); err != nil {
-			return fmt.Errorf("Error setting location: %s", err)
+			return fmt.Errorf("error setting location: %s", err)
 		}
 		if err := d.Set("secret", parts[3]); err != nil {
-			return fmt.Errorf("Error setting secret: %s", err)
+			return fmt.Errorf("error setting secret: %s", err)
 		}
 	} else { // if secret name is provided in the secret field
 		// Store values of project to set in state
 		project, err = tpgresource.GetProject(d, config)
 		if err != nil {
-			return fmt.Errorf("Error fetching project for Secret: %s", err)
+			return fmt.Errorf("error fetching project for Secret: %s", err)
 		}
-		if d.Get("location").(string) == "" {
-			return fmt.Errorf("Location must be set when providing only secret name")
+		if dLocation, ok := d.Get("location").(string); ok && dLocation == "" {
+			return fmt.Errorf("location must be set when providing only secret name")
 		}
 	}
 	if err := d.Set("project", project); err != nil {
-		return fmt.Errorf("Error setting project: %s", err)
+		return fmt.Errorf("error setting project: %s", err)
 	}
 
 	var url string
@@ -148,20 +156,25 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
 	})
 
 	if err != nil {
-		return fmt.Errorf("Error retrieving available secret manager regional secret versions: %s", err.Error())
+		return fmt.Errorf("error retrieving available secret manager regional secret versions: %s", err.Error())
+	}
+
+	nameValue, ok := secretVersion["name"]
+	if !ok {
+		return fmt.Errorf("read response didn't contain critical fields. Read may not have succeeded.")
 	}
 
 	secretVersionRegex := regexp.MustCompile("projects/(.+)/locations/(.+)/secrets/(.+)/versions/(.+)$")
-	parts = secretVersionRegex.FindStringSubmatch(secretVersion["name"].(string))
+	parts = secretVersionRegex.FindStringSubmatch(nameValue.(string))
 
 	if len(parts) != 5 {
-		return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", secretVersion["name"].(string))
+		return fmt.Errorf("secret name, %s, does not match format, projects/{{project}}/locations/{{location}}/secrets/{{secret}}/versions/{{version}}", nameValue.(string))
 	}
 
 	log.Printf("[DEBUG] Received Google Secret Manager Regional Secret Version: %q", secretVersion)
 
 	if err := d.Set("version", parts[4]); err != nil {
-		return fmt.Errorf("Error setting version: %s", err)
+		return fmt.Errorf("error setting version: %s", err)
 	}
 
 	url = fmt.Sprintf("%s:access", url)
@@ -174,29 +187,29 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
 	})
 
 	if err != nil {
-		return fmt.Errorf("Error retrieving available secret manager regional secret version access: %s", err.Error())
+		return fmt.Errorf("error retrieving available secret manager regional secret version access: %s", err.Error())
 	}
 
 	if err := d.Set("customer_managed_encryption", flattenSecretManagerRegionalRegionalSecretVersionCustomerManagedEncryption(secretVersion["customerManagedEncryption"], d, config)); err != nil {
-		return fmt.Errorf("Error setting customer_managed_encryption: %s", err)
+		return fmt.Errorf("error setting customer_managed_encryption: %s", err)
 	}
 
 	if err := d.Set("create_time", secretVersion["createTime"].(string)); err != nil {
-		return fmt.Errorf("Error setting create_time: %s", err)
+		return fmt.Errorf("error setting create_time: %s", err)
 	}
 
 	if secretVersion["destroyTime"] != nil {
 		if err := d.Set("destroy_time", secretVersion["destroyTime"].(string)); err != nil {
-			return fmt.Errorf("Error setting destroy_time: %s", err)
+			return fmt.Errorf("error setting destroy_time: %s", err)
 		}
 	}
 
-	if err := d.Set("name", secretVersion["name"].(string)); err != nil {
-		return fmt.Errorf("Error setting name: %s", err)
+	if err := d.Set("name", nameValue.(string)); err != nil {
+		return fmt.Errorf("error setting name: %s", err)
 	}
 
 	if err := d.Set("enabled", true); err != nil {
-		return fmt.Errorf("Error setting enabled: %s", err)
+		return fmt.Errorf("error setting enabled: %s", err)
 	}
 
 	data := resp["payload"].(map[string]interface{})
@@ -211,9 +224,9 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource
 		secretData = string(payloadData)
 	}
 	if err := d.Set("secret_data", secretData); err != nil {
-		return fmt.Errorf("Error setting secret_data: %s", err)
+		return fmt.Errorf("error setting secret_data: %s", err)
 	}
 
-	d.SetId(secretVersion["name"].(string))
+	d.SetId(nameValue.(string))
 	return nil
 }

google/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go

@@ -78,7 +78,7 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionAccessRead(d *schema.Re
 		if dProject, ok := d.Get("project").(string); !ok {
 			return fmt.Errorf("wrong type for project (%T), expected string", d.Get("project"))
 		} else if dProject != "" && dProject != project {
-			return fmt.Errorf("project field value (%s) does not match project of secret (%s).", d.Get("project").(string), project)
+			return fmt.Errorf("project field value (%s) does not match project of secret (%s).", dProject, project)
 		}
 		if dLocation, ok := d.Get("location").(string); !ok {
 			return fmt.Errorf("wrong type for location (%T), expected string", d.Get("location"))