fix: upstream api changed secret handling

Author: henryde

client/client.go

@@ -111,7 +111,7 @@ func (c *MeshStackProviderClient) login() error {
 	if err != nil {
 		return err
 	} else if res.StatusCode != 200 {
-		return errors.New(fmt.Sprintf("Status %d: %s", res.StatusCode, ERROR_AUTHENTICATION_FAILURE))
+		return fmt.Errorf("Status %d: %s", res.StatusCode, ERROR_AUTHENTICATION_FAILURE)
 	}
 
 	defer res.Body.Close()

client/platform.go

@@ -39,6 +39,11 @@ type MeshPlatformSpec struct {
 	QuotaDefinitions       []QuotaDefinition    `json:"quotaDefinitions" tfsdk:"quota_definitions"`
 }
 
+type SecretEmbedded struct {
+	Plaintext *string `json:"plaintext,omitempty" tfsdk:"plaintext"`
+	// TODO: add Hash field
+}
+
 type QuotaDefinition struct {
 	QuotaKey              string `json:"quotaKey" tfsdk:"quota_key"`
 	MinValue              int    `json:"minValue" tfsdk:"min_value"`

client/platform_config_aks.go

@@ -8,7 +8,7 @@ type AksPlatformConfig struct {
 }
 
 type AksReplicationConfig struct {
-	AccessToken             string                    `json:"accessToken" tfsdk:"access_token"`
+	AccessToken             SecretEmbedded            `json:"accessToken" tfsdk:"access_token"`
 	NamespaceNamePattern    string                    `json:"namespaceNamePattern" tfsdk:"namespace_name_pattern"`
 	GroupNamePattern        string                    `json:"groupNamePattern" tfsdk:"group_name_pattern"`
 	ServicePrincipal        AksServicePrincipalConfig `json:"servicePrincipal" tfsdk:"service_principal"`
@@ -22,11 +22,10 @@ type AksReplicationConfig struct {
 }
 
 type AksServicePrincipalConfig struct {
-	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
-	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
-	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
-	EntraTenant                 string  `json:"entraTenant" tfsdk:"entra_tenant"`
-	ObjectId                    string  `json:"objectId" tfsdk:"object_id"`
+	EntraTenant string          `json:"entraTenant" tfsdk:"entra_tenant"`
+	ObjectId    string          `json:"objectId" tfsdk:"object_id"`
+	ClientId    string          `json:"clientId" tfsdk:"client_id"`
+	Auth        AzureAuthConfig `json:"auth" tfsdk:"auth"`
 }
 
 type AksMeteringConfig struct {

client/platform_config_aws.go

@@ -24,26 +24,31 @@ type AwsReplicationConfig struct {
 }
 
 type AwsAccessConfig struct {
-	OrganizationRootAccountRole       string                     `json:"organizationRootAccountRole" tfsdk:"organization_root_account_role"`
-	OrganizationRootAccountExternalId *string                    `json:"organizationRootAccountExternalId,omitempty" tfsdk:"organization_root_account_external_id"`
-	ServiceUserConfig                 *AwsServiceUserConfig      `json:"serviceUserConfig,omitempty" tfsdk:"service_user_config"`
-	WorkloadIdentityConfig            *AwsWorkloadIdentityConfig `json:"workloadIdentityConfig,omitempty" tfsdk:"workload_identity_config"`
+	OrganizationRootAccountRole       string  `json:"organizationRootAccountRole" tfsdk:"organization_root_account_role"`
+	OrganizationRootAccountExternalId *string `json:"organizationRootAccountExternalId,omitempty" tfsdk:"organization_root_account_external_id"`
+	Auth                              AwsAuth `json:"auth" tfsdk:"auth"`
 }
 
-type AwsServiceUserConfig struct {
-	AccessKey string `json:"accessKey" tfsdk:"access_key"`
-	SecretKey string `json:"secretKey" tfsdk:"secret_key"`
+type AwsAuth struct {
+	Type             string                         `json:"type" tfsdk:"type"`
+	Credential       *AwsServiceUserCredential      `json:"credential,omitempty" tfsdk:"credential"`
+	WorkloadIdentity *AwsWorkloadIdentityCredential `json:"workloadIdentity,omitempty" tfsdk:"workload_identity"`
 }
 
-type AwsWorkloadIdentityConfig struct {
+type AwsServiceUserCredential struct {
+	AccessKey string         `json:"accessKey" tfsdk:"access_key"`
+	SecretKey SecretEmbedded `json:"secretKey" tfsdk:"secret_key"`
+}
+
+type AwsWorkloadIdentityCredential struct {
 	RoleArn string `json:"roleArn" tfsdk:"role_arn"`
 }
 
 type AwsSsoConfig struct {
 	ScimEndpoint     string              `json:"scimEndpoint" tfsdk:"scim_endpoint"`
 	Arn              string              `json:"arn" tfsdk:"arn"`
 	GroupNamePattern string              `json:"groupNamePattern" tfsdk:"group_name_pattern"`
-	SsoAccessToken   string              `json:"ssoAccessToken" tfsdk:"sso_access_token"`
+	SsoAccessToken   SecretEmbedded      `json:"ssoAccessToken" tfsdk:"sso_access_token"`
 	AwsRoleMappings  []AwsSsoRoleMapping `json:"awsRoleMappings" tfsdk:"aws_role_mappings"`
 	SignInUrl        string              `json:"signInUrl" tfsdk:"sign_in_url"`
 }

client/platform_config_azure.go

@@ -23,16 +23,19 @@ type AzureReplicationConfig struct {
 }
 
 type AzureServicePrincipalConfig struct {
-	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
-	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
-	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
-	ObjectId                    string  `json:"objectId" tfsdk:"object_id"`
+	ClientId string          `json:"clientId" tfsdk:"client_id"`
+	ObjectId string          `json:"objectId" tfsdk:"object_id"`
+	Auth     AzureAuthConfig `json:"auth" tfsdk:"auth"`
+}
+
+type AzureAuthConfig struct {
+	Type       string          `json:"type" tfsdk:"type"`
+	Credential *SecretEmbedded `json:"credential,omitempty" tfsdk:"credential"`
 }
 
 type AzureGraphApiCredentials struct {
-	ClientId                    string  `json:"clientId" tfsdk:"client_id"`
-	AuthType                    string  `json:"authType" tfsdk:"auth_type"`
-	CredentialsAuthClientSecret *string `json:"credentialsAuthClientSecret,omitempty" tfsdk:"credentials_auth_client_secret"`
+	ClientId string          `json:"clientId" tfsdk:"client_id"`
+	Auth     AzureAuthConfig `json:"auth" tfsdk:"auth"`
 }
 
 type AzureSubscriptionProvisioningConfig struct {

client/platform_config_gcp.go

@@ -6,7 +6,7 @@ type GcpPlatformConfig struct {
 }
 
 type GcpReplicationConfig struct {
-	ServiceAccountConfig              GcpServiceAccountConfig  `json:"serviceAccountConfig" tfsdk:"service_account_config"`
+	ServiceAccount                    GcpServiceAccountConfig  `json:"serviceAccount" tfsdk:"service_account"`
 	Domain                            string                   `json:"domain" tfsdk:"domain"`
 	CustomerId                        string                   `json:"customerId" tfsdk:"customer_id"`
 	GroupNamePattern                  string                   `json:"groupNamePattern" tfsdk:"group_name_pattern"`
@@ -22,12 +22,9 @@ type GcpReplicationConfig struct {
 }
 
 type GcpServiceAccountConfig struct {
-	ServiceAccountCredentialsConfig      *GcpServiceAccountCredentialsConfig      `json:"serviceAccountCredentialsConfig,omitempty" tfsdk:"service_account_credentials_config"`
-	ServiceAccountWorkloadIdentityConfig *GcpServiceAccountWorkloadIdentityConfig `json:"serviceAccountWorkloadIdentityConfig,omitempty" tfsdk:"service_account_workload_identity_config"`
-}
-
-type GcpServiceAccountCredentialsConfig struct {
-	ServiceAccountCredentialsB64 string `json:"serviceAccountCredentialsB64" tfsdk:"service_account_credentials_b64"`
+	Type             string                                   `json:"type" tfsdk:"type"`
+	Credential       *SecretEmbedded                          `json:"credential,omitempty" tfsdk:"credential"`
+	WorkloadIdentity *GcpServiceAccountWorkloadIdentityConfig `json:"workloadIdentity,omitempty" tfsdk:"workload_identity"`
 }
 
 type GcpServiceAccountWorkloadIdentityConfig struct {
@@ -41,7 +38,7 @@ type GcpPlatformRoleMapping struct {
 }
 
 type GcpMeteringConfig struct {
-	ServiceAccountConfig                    GcpServiceAccountConfig              `json:"serviceAccountConfig" tfsdk:"service_account_config"`
+	ServiceAccount                          GcpServiceAccountConfig              `json:"serviceAccount" tfsdk:"service_account"`
 	BigqueryTable                           string                               `json:"bigqueryTable" tfsdk:"bigquery_table"`
 	BigqueryTableForCarbonFootprint         *string                              `json:"bigqueryTableForCarbonFootprint,omitempty" tfsdk:"bigquery_table_for_carbon_footprint"`
 	CarbonFootprintDataCollectionStartMonth *string                              `json:"carbonFootprintDataCollectionStartMonth,omitempty" tfsdk:"carbon_footprint_data_collection_start_month"`

client/platform_config_kubernetes.go

@@ -13,7 +13,7 @@ type KubernetesReplicationConfig struct {
 }
 
 type KubernetesClientConfig struct {
-	AccessToken string `json:"accessToken" tfsdk:"access_token"`
+	AccessToken SecretEmbedded `json:"accessToken" tfsdk:"access_token"`
 }
 
 type KubernetesMeteringConfig struct {

client/platform_config_openshift.go

@@ -12,7 +12,7 @@ type OpenShiftReplicationConfig struct {
 	WebConsoleUrl               *string                        `json:"webConsoleUrl,omitempty" tfsdk:"web_console_url"`
 	ProjectNamePattern          string                         `json:"projectNamePattern" tfsdk:"project_name_pattern"`
 	EnableTemplateInstantiation bool                           `json:"enableTemplateInstantiation" tfsdk:"enable_template_instantiation"`
-	OpenShiftRoleMappings       []OpenShiftPlatformRoleMapping `json:"openshiftRoleMappings" tfsdk:"openshift_role_mappings"`
+	OpenshiftRoleMappings       []OpenShiftPlatformRoleMapping `json:"openshiftRoleMappings" tfsdk:"openshift_role_mappings"`
 	IdentityProviderName        string                         `json:"identityProviderName" tfsdk:"identity_provider_name"`
 	TenantTags                  *MeshTenantTags                `json:"tenantTags,omitempty" tfsdk:"tenant_tags"`
 }
@@ -24,5 +24,5 @@ type OpenShiftMeteringConfig struct {
 
 type OpenShiftPlatformRoleMapping struct {
 	MeshProjectRoleRef MeshProjectRoleRefV2 `json:"projectRoleRef" tfsdk:"project_role_ref"`
-	OpenShiftRole      string               `json:"openshiftRole" tfsdk:"openshift_role"`
+	OpenshiftRole      string               `json:"openshiftRole" tfsdk:"openshift_role"`
 }