secretmanager: added fetch_secret_data to google_secret_manager_secret_version to be able to skip fetching the secret data (#14313) (#23471)

[upstream:fec965e9b4658245a3dcb388e94535c638e91a4a]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14313.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+secretmanager: added `fetch_secret_data` to `google_secret_manager_secret_version` to be able to skip fetching the secret data
+```

google/services/secretmanager/data_source_secret_manager_secret_version.go

@@ -73,6 +73,11 @@ func DataSourceSecretManagerSecretVersion() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"fetch_secret_data": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
 		},
 	}
 }
@@ -153,16 +158,32 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		return fmt.Errorf("error setting version: %s", err)
 	}
 
-	url = fmt.Sprintf("%s:access", url)
-	resp, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
-		Config:    config,
-		Method:    "GET",
-		Project:   project,
-		RawURL:    url,
-		UserAgent: userAgent,
-	})
-	if err != nil {
-		return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
+	if d.Get("fetch_secret_data").(bool) {
+		url = fmt.Sprintf("%s:access", url)
+		resp, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+			Config:    config,
+			Method:    "GET",
+			Project:   project,
+			RawURL:    url,
+			UserAgent: userAgent,
+		})
+		if err != nil {
+			return fmt.Errorf("error retrieving available secret manager secret version access: %s", err.Error())
+		}
+		data := resp["payload"].(map[string]interface{})
+		var secretData string
+		if d.Get("is_secret_data_base64").(bool) {
+			secretData = data["data"].(string)
+		} else {
+			payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
+			if err != nil {
+				return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error())
+			}
+			secretData = string(payloadData)
+		}
+		if err := d.Set("secret_data", secretData); err != nil {
+			return fmt.Errorf("error setting secret_data: %s", err)
+		}
 	}
 
 	if err := d.Set("create_time", version["createTime"].(string)); err != nil {
@@ -180,21 +201,6 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter
 		return fmt.Errorf("error setting enabled: %s", err)
 	}
 
-	data := resp["payload"].(map[string]interface{})
-	var secretData string
-	if d.Get("is_secret_data_base64").(bool) {
-		secretData = data["data"].(string)
-	} else {
-		payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string))
-		if err != nil {
-			return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error())
-		}
-		secretData = string(payloadData)
-	}
-	if err := d.Set("secret_data", secretData); err != nil {
-		return fmt.Errorf("error setting secret_data: %s", err)
-	}
-
 	d.SetId(nameValue.(string))
 	return nil
 }

google/services/secretmanager/data_source_secret_manager_secret_version_test.go

@@ -48,6 +48,27 @@ func TestAccDatasourceSecretManagerSecretVersion_basic(t *testing.T) {
 	})
 }
 
+func TestAccDatasourceSecretManagerSecretVersion_fetchSecretDataFalse(t *testing.T) {
+	t.Parallel()
+
+	randomString := acctest.RandString(t, 10)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckSecretManagerSecretVersionDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDatasourceSecretManagerSecretVersion_fetchSecretDataFalse(randomString),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.basic", "1"),
+					resource.TestCheckNoResourceAttr("data.google_secret_manager_secret_version.basic", "secret_data"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccDatasourceSecretManagerSecretVersion_latest(t *testing.T) {
 	t.Parallel()
 
@@ -205,6 +226,31 @@ data "google_secret_manager_secret_version" "basic" {
 `, randomString, randomString)
 }
 
+func testAccDatasourceSecretManagerSecretVersion_fetchSecretDataFalse(randomString string) string {
+	return fmt.Sprintf(`
+resource "google_secret_manager_secret" "secret-basic" {
+  secret_id = "tf-test-secret-version-%s"
+  labels = {
+    label = "my-label"
+  }
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "secret-version-basic" {
+  secret = google_secret_manager_secret.secret-basic.name
+  secret_data = "my-tf-test-secret-%s"
+}
+
+data "google_secret_manager_secret_version" "basic" {
+  secret 			= google_secret_manager_secret_version.secret-version-basic.secret
+  version 			= 1
+  fetch_secret_data = false
+}
+`, randomString, randomString)
+}
+
 func testAccDatasourceSecretManagerSecretVersion_withBase64SecretData(randomString, data string) string {
 	return fmt.Sprintf(`
 resource "google_secret_manager_secret" "secret-basic-base64" {

website/docs/d/secret_manager_secret_version.html.markdown

@@ -42,9 +42,12 @@ The following arguments are supported:
 * `version` - (Optional) The version of the secret to get. If it
     is not provided, the latest version is retrieved.
 
-* `is_secret_data_base64` - (Optional) If set to 'true', the secret data is
+* `is_secret_data_base64` - (Optional) If set to `true`, the secret data is
     expected to be base64-encoded string.
 
+* `fetch_secret_data` - (Optional) If set to `false`, the `secret_data` 
+    will not be fetched. Default is `true`.
+
 ## Attributes Reference
 
 The following attributes are exported: