feat(sem): add secret path in terraform (#2425)

* feat(sem): add secret path in terraform

* test(secret): add path tests

* fix(secret): add default value and suppress func to secret path

* test(secret): add golden

* test(secret): add datasource path test

* fix(secret): set datasource path field to optional

* test(secret): add datasource cassette

* doc(secret): add path attribute

---------

Co-authored-by: Mélanie Marques <[email protected]>
Co-authored-by: Jules Casteran <[email protected]>
Co-authored-by: Rémy Léone <[email protected]>

Author: 4 people

docs/data-sources/secret.md

@@ -34,6 +34,9 @@ data "scaleway_secret" "by_name" {
 - `name` - (Optional) The secret name.
   Only one of `name` and `secret_id` should be specified.
 
+- `path` - (Optional) The secret path.
+  Conflicts with `secret_id`.
+
 - `secret_id` - (Optional) The secret id.
   Only one of `name` and `secret_id` should be specified.
 

docs/resources/secret.md

@@ -25,6 +25,7 @@ resource "scaleway_secret" "main" {
 The following arguments are supported:
 
 - `name` - (Required) Name of the secret (e.g. `my-secret`).
+- `path` - (Optional) Path of the secret, defaults to `/`.
 - `description` - (Optional) Description of the secret (e.g. `my-new-description`).
 - `tags` - (Optional) Tags of the secret (e.g. `["tag", "secret"]`).
 - `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions)

scaleway/data_source_secret.go

@@ -14,15 +14,16 @@ func dataSourceScalewaySecret() *schema.Resource {
 	dsSchema := datasourceSchemaFromResourceSchema(resourceScalewaySecret().Schema)
 
 	// Set 'Optional' schema elements
-	addOptionalFieldsToSchema(dsSchema, "name", "region")
+	addOptionalFieldsToSchema(dsSchema, "name", "region", "path")
 
 	dsSchema["name"].ConflictsWith = []string{"secret_id"}
+	dsSchema["path"].ConflictsWith = []string{"secret_id"}
 	dsSchema["secret_id"] = &schema.Schema{
 		Type:          schema.TypeString,
 		Optional:      true,
 		Description:   "The ID of the secret",
 		ValidateFunc:  validationUUIDorUUIDWithLocality(),
-		ConflictsWith: []string{"name"},
+		ConflictsWith: []string{"name", "path"},
 	}
 	dsSchema["organization_id"] = organizationIDOptionalSchema()
 	dsSchema["project_id"] = &schema.Schema{
@@ -52,6 +53,7 @@ func dataSourceScalewaySecretRead(ctx context.Context, d *schema.ResourceData, m
 			Name:           expandStringPtr(secretName),
 			ProjectID:      expandStringPtr(projectID),
 			OrganizationID: expandStringPtr(d.Get("organization_id")),
+			Path:           expandStringPtr(d.Get("path")),
 		}
 
 		res, err := api.ListSecrets(request, scw.WithContext(ctx))

scaleway/data_source_secret_test.go

@@ -59,3 +59,39 @@ func TestAccScalewayDataSourceSecret_Basic(t *testing.T) {
 		},
 	})
 }
+
+func TestAccScalewayDataSourceSecret_Path(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		CheckDestroy:      testAccCheckScalewaySecretDestroy(tt),
+		ProviderFactories: tt.ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource "scaleway_account_project" "project" {
+						name = "tf-tests-secret-ds-path"
+					}
+
+					resource "scaleway_secret" "main" {
+					  name = "test-secret-ds-path"
+					  path = "/test-secret-ds-path-path"
+					  project_id = scaleway_account_project.project.id
+					}
+					
+					data "scaleway_secret" "by_name" {
+					  name = scaleway_secret.main.name
+					  path = "/test-secret-ds-path-path"
+					  project_id = scaleway_account_project.project.id
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretExists(tt, "data.scaleway_secret.by_name"),
+					resource.TestCheckResourceAttr("data.scaleway_secret.by_name", "name", "test-secret-ds-path"),
+				),
+			},
+		},
+	})
+}

scaleway/resource_secret.go

@@ -2,6 +2,7 @@ package scaleway
 
 import (
 	"context"
+	"path/filepath"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -61,6 +62,15 @@ func resourceScalewaySecret() *schema.Resource {
 				Computed:    true,
 				Description: "Date and time of secret's creation (RFC 3339 format)",
 			},
+			"path": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Location of the secret in the directory structure.",
+				Default:     "/",
+				DiffSuppressFunc: func(_, oldValue, newValue string, _ *schema.ResourceData) bool {
+					return filepath.Clean(oldValue) == filepath.Clean(newValue)
+				},
+			},
 			"region":     regionSchema(),
 			"project_id": projectIDSchema(),
 		},
@@ -89,6 +99,11 @@ func resourceScalewaySecretCreate(ctx context.Context, d *schema.ResourceData, m
 		secretCreateRequest.Description = expandStringPtr(rawDescription)
 	}
 
+	rawPath, pathExist := d.GetOk("path")
+	if pathExist {
+		secretCreateRequest.Path = expandStringPtr(rawPath)
+	}
+
 	secretResponse, err := api.CreateSecret(secretCreateRequest, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -129,6 +144,7 @@ func resourceScalewaySecretRead(ctx context.Context, d *schema.ResourceData, met
 	_ = d.Set("version_count", int(secretResponse.VersionCount))
 	_ = d.Set("region", string(region))
 	_ = d.Set("project_id", secretResponse.ProjectID)
+	_ = d.Set("path", secretResponse.Path)
 
 	return nil
 }
@@ -161,6 +177,11 @@ func resourceScalewaySecretUpdate(ctx context.Context, d *schema.ResourceData, m
 		hasChanged = true
 	}
 
+	if d.HasChange("path") {
+		updateRequest.Path = expandUpdatedStringPtr(d.Get("path"))
+		hasChanged = true
+	}
+
 	if hasChanged {
 		_, err := api.UpdateSecret(updateRequest, scw.WithContext(ctx))
 		if err != nil {

scaleway/resource_secret_test.go

@@ -113,6 +113,82 @@ func TestAccScalewaySecret_Basic(t *testing.T) {
 	})
 }
 
+func TestAccScalewaySecret_Path(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewaySecretDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+				resource "scaleway_secret" "main" {
+				  name = "test-secret-path-secret"
+				}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretExists(tt, "scaleway_secret.main"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "name", "test-secret-path-secret"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "path", "/"),
+					testCheckResourceAttrUUID("scaleway_secret.main", "id"),
+				),
+			},
+			{
+				Config: `
+				resource "scaleway_secret" "main" {
+				  name = "test-secret-path-secret"
+                  path = "/test-secret-path"
+				}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretExists(tt, "scaleway_secret.main"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "name", "test-secret-path-secret"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "path", "/test-secret-path"),
+					testCheckResourceAttrUUID("scaleway_secret.main", "id"),
+				),
+			},
+			{
+				Config: `
+				resource "scaleway_secret" "main" {
+				  name = "test-secret-path-secret"
+                  path = "/test-secret-path/"
+				}
+				`,
+				PlanOnly: true,
+			},
+			{
+				Config: `
+				resource "scaleway_secret" "main" {
+				  name = "test-secret-path-secret"
+                  path = "/test-secret-path-change/"
+				}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretExists(tt, "scaleway_secret.main"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "name", "test-secret-path-secret"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "path", "/test-secret-path-change"),
+					testCheckResourceAttrUUID("scaleway_secret.main", "id"),
+				),
+			},
+			{
+				Config: `
+				resource "scaleway_secret" "main" {
+				  name = "test-secret-path-secret"
+				}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretExists(tt, "scaleway_secret.main"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "name", "test-secret-path-secret"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "path", "/"),
+					testCheckResourceAttrUUID("scaleway_secret.main", "id"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckScalewaySecretExists(tt *TestTools, n string) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
 		rs, ok := state.RootModule().Resources[n]