fix(secret_version): data source (#1845)

* fix(secret_version): data source

* docs: secret version

* feat(secret_version): data source

* feat(secret_version): add cassettes

Author: Monitob

docs/data-sources/secret_version.md

@@ -0,0 +1,85 @@
+---
+page_title: "Scaleway: scaleway_secret_version"
+description: |-
+Gets information about an existing Secret version.
+---
+
+# scaleway_secret_version
+
+Gets information about Scaleway a Secret Version.
+For more information, see [the documentation](https://developers.scaleway.com/en/products/secret_manager/api/v1alpha1/#secret-versions-079501).
+
+## Examples
+
+### Basic
+
+```hcl
+resource "scaleway_secret" "main" {
+  name        = "fooii"
+  description = "barr"
+}
+
+resource "scaleway_secret_version" "main" {
+  description = "your description"
+  secret_id   = scaleway_secret.main.id
+  data        = "your_secret"
+}
+
+data "scaleway_secret_version" "data_by_secret_id" {
+  secret_id  = scaleway_secret.main.id
+  revision   = "1"
+  depends_on = [scaleway_secret_version.main]
+}
+
+data "scaleway_secret_version" "data_by_secret_name" {
+  secret_name = scaleway_secret.main.name
+  revision    = "1"
+  depends_on  = [scaleway_secret_version.main]
+}
+
+#Output Sensitive data
+output "scaleway_secret_access_payload" {
+  value = data.scaleway_secret_version.data_by_secret_name.data
+}
+
+#Output Sensitive data
+output "scaleway_secret_access_payload_by_id" {
+  value = data.scaleway_secret_version.data_by_secret_id.data
+}
+```
+
+## Arguments Reference
+
+The following arguments are supported:
+
+- `secret_id` - (Optional) The Secret ID associated wit the secret version.
+  Only one of `secret_id` and `secret_name` should be specified.
+
+- `secret_name` - (Optional) The Name of Secret associated wit the secret version.
+  Only one of `secret_id` and `secret_name` should be specified.
+
+- `revision` - The revision for this Secret Version.
+
+- `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions)
+  in which the resource exists.
+
+## Data
+
+Note: This Data Source give you **access** to the secret payload encoded en base64.
+
+Be aware that this is a sensitive attribute. For more information,
+see [Sensitive Data in State](https://developer.hashicorp.com/terraform/language/state/sensitive-data).
+
+~> **Important:**  This property is sensitive and will not be displayed in the plan.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+- `description` - (Optional) Description of the secret version (e.g. `my-new-description`).
+- `data` - The data payload of the secret version. more on the [data section](#data)
+- `status` - The status of the Secret Version.
+- `created_at` - Date and time of secret version's creation (RFC 3339 format).
+- `updated_at` - Date and time of secret version's last update (RFC 3339 format).
+
+Exported attributes are the ones from `scaleway_secret_version` [resource](../resources/secret_version.md)

docs/resources/secret_version.md

@@ -32,7 +32,7 @@ resource "scaleway_secret_version" "v1" {
 The following arguments are supported:
 
 - `secret_id` - (Required) The Secret ID associated wit the secret version.
-- `data` - (Optional) The data payload of the secret version. Must be no larger than 64KiB. (e.g. `my-secret-version-payload`). more on the [data section](#data)
+- `data` - (Required) The data payload of the secret version. Must be no larger than 64KiB. (e.g. `my-secret-version-payload`). more on the [data section](#data)
 - `description` - (Optional) Description of the secret version (e.g. `my-new-description`).
 - `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions)
   in which the resource exists.
@@ -47,7 +47,6 @@ Be aware that this is a sensitive attribute. For more information, see [Sensitiv
 
 ~> **Important:**  This property is sensitive and will not be displayed in the plan.
 
-
 ## Attributes Reference
 
 In addition to all arguments above, the following attributes are exported:

scaleway/data_source_secret_version.go

@@ -0,0 +1,101 @@
+package scaleway
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	secret "github.com/scaleway/scaleway-sdk-go/api/secret/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func dataSourceScalewaySecretVersion() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasourceSchemaFromResourceSchema(resourceScalewaySecretVersion().Schema)
+
+	// Set 'Optional' schema elements
+	addOptionalFieldsToSchema(dsSchema, "region", "revision")
+	dsSchema["secret_id"] = &schema.Schema{
+		Type:          schema.TypeString,
+		Optional:      true,
+		Description:   "The ID of the secret",
+		ValidateFunc:  validationUUIDorUUIDWithLocality(),
+		ConflictsWith: []string{"secret_name"},
+	}
+	dsSchema["secret_name"] = &schema.Schema{
+		Type:          schema.TypeString,
+		Optional:      true,
+		Description:   "The Name of the secret",
+		ConflictsWith: []string{"secret_id"},
+	}
+	dsSchema["data"] = &schema.Schema{
+		Type:        schema.TypeString,
+		Computed:    true,
+		Description: "The payload of the secret version",
+	}
+
+	return &schema.Resource{
+		ReadContext: datasourceSchemaFromResourceVersionSchema,
+		Schema:      dsSchema,
+	}
+}
+
+func datasourceSchemaFromResourceVersionSchema(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	api, region, err := secretAPIWithRegion(d, meta)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	var secretVersionIDStr string
+	var payloadSecretRaw []byte
+
+	secretID, existSecretID := d.GetOk("secret_id")
+	if !existSecretID {
+		request := &secret.AccessSecretVersionByNameRequest{
+			Region:     region,
+			SecretName: d.Get("secret_name").(string),
+			Revision:   d.Get("revision").(string),
+		}
+
+		res, err := api.AccessSecretVersionByName(request, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		secretVersionIDStr = newRegionalIDString(region, fmt.Sprintf("%s/%d", res.SecretID, res.Revision))
+		_ = d.Set("secret_id", newRegionalIDString(region, res.SecretID))
+		payloadSecretRaw = res.Data
+	} else {
+		request := &secret.AccessSecretVersionRequest{
+			Region:   region,
+			SecretID: expandID(secretID),
+			Revision: d.Get("revision").(string),
+		}
+
+		res, err := api.AccessSecretVersion(request, scw.WithContext(ctx))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		secretVersionIDStr = newRegionalIDString(region, fmt.Sprintf("%s/%d", res.SecretID, res.Revision))
+		payloadSecretRaw = res.Data
+	}
+
+	d.SetId(secretVersionIDStr)
+	err = d.Set("data", base64Encoded(payloadSecretRaw))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	diags := resourceScalewaySecretVersionRead(ctx, d, meta)
+	if diags != nil {
+		return append(diags, diag.Errorf("failed to read secret version")...)
+	}
+
+	if d.Id() == "" {
+		return diag.Errorf("secret version (%s) not found", secretVersionIDStr)
+	}
+
+	return nil
+}

scaleway/data_source_secret_version_test.go

@@ -0,0 +1,159 @@
+package scaleway
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccScalewayDataSourceSecretVersion_Basic(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	const (
+		secretName            = "dataSourceSecretVersionBasic"
+		secretDataDescription = "secret description"
+		secretVersionData     = "my_super_secret"
+		secretVersionDataV2   = "my_super_secret_v2"
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewaySecretVersionDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+				resource "scaleway_secret" "main" {
+				  name        = "%[1]s"
+				  description = "%[2]s"
+				  tags        = ["devtools", "provider", "terraform"]
+				}
+
+				resource "scaleway_secret_version" "v1" {
+				  description = "version1"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[3]s"
+				}
+				`, secretName, secretDataDescription, secretVersionData),
+			},
+			{
+				Config: fmt.Sprintf(`
+				resource "scaleway_secret" "main" {
+				  name        = "%[1]s"
+				  description = "%[2]s"
+				  tags        = ["devtools", "provider", "terraform"]
+				}
+
+				resource "scaleway_secret_version" "v1" {
+				  description = "version1"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[3]s"
+				}
+
+				resource "scaleway_secret_version" "v2" {
+				  description = "version2"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[4]s"
+				}
+				`, secretName, secretDataDescription, secretVersionData, secretVersionDataV2),
+			},
+			{
+				Config: fmt.Sprintf(`
+				resource "scaleway_secret" "main" {
+				  name        = "%[1]s"
+				  description = "%[2]s"
+				  tags        = ["devtools", "provider", "terraform"]
+				}
+
+				resource "scaleway_secret_version" "v1" {
+				  description = "version1"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[3]s"
+				}
+
+				resource "scaleway_secret_version" "v2" {
+				  description = "version2"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[4]s"
+				}
+
+				data "scaleway_secret_version" "data_v1" {
+				  secret_id = scaleway_secret.main.id
+				  revision  = "1"
+				}
+
+				data "scaleway_secret_version" "data_v2" {
+				  secret_id = scaleway_secret.main.id
+				  revision  = "2"
+				}
+				`, secretName, secretDataDescription, secretVersionData, secretVersionDataV2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretVersionExists(tt, "scaleway_secret_version.v1"),
+					resource.TestCheckResourceAttrPair("data.scaleway_secret_version.data_v1", "secret_id", "scaleway_secret.main", "id"),
+					resource.TestCheckResourceAttr("data.scaleway_secret_version.data_v1", "data", base64Encoded([]byte(secretVersionData))),
+					resource.TestCheckResourceAttr("data.scaleway_secret_version.data_v1", "revision", "1"),
+
+					testAccCheckScalewaySecretVersionExists(tt, "scaleway_secret_version.v2"),
+					resource.TestCheckResourceAttrPair("data.scaleway_secret_version.data_v2", "secret_id", "scaleway_secret.main", "id"),
+					resource.TestCheckResourceAttr("data.scaleway_secret_version.data_v2", "data", base64Encoded([]byte(secretVersionDataV2))),
+				),
+			},
+		},
+	})
+}
+
+func TestAccScalewayDataSourceSecretVersion_ByNameSecret(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	secretName := "dataSourceSecretVersionByNameSecret"
+	secretVersionData := "my_super_secret"
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewaySecretVersionDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: fmt.Sprintf(`
+				resource "scaleway_secret" "main" {
+				  name        = "%[1]s"
+				  tags        = ["devtools", "provider", "terraform"]
+				}
+
+				resource "scaleway_secret_version" "main" {
+				  description = "version1"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[2]s"
+				}
+				`, secretName, secretVersionData),
+			},
+			{
+				Config: fmt.Sprintf(`
+				resource "scaleway_secret" "main" {
+				  name = "%[1]s"
+				  tags = ["devtools", "provider", "terraform"]
+				}
+
+				resource "scaleway_secret_version" "main" {
+				  description = "version1"
+				  secret_id   = scaleway_secret.main.id
+				  data        = "%[2]s"
+				}
+
+				data "scaleway_secret_version" "data_by_name" {
+				  secret_name = scaleway_secret.main.name
+				  revision    = "1"
+				}
+				`, secretName, secretVersionData),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewaySecretVersionExists(tt, "scaleway_secret_version.main"),
+					resource.TestCheckResourceAttrPair("data.scaleway_secret_version.data_by_name", "secret_id", "scaleway_secret.main", "id"),
+					resource.TestCheckResourceAttr("data.scaleway_secret_version.data_by_name", "data", base64Encoded([]byte(secretVersionData))),
+					resource.TestCheckResourceAttr("data.scaleway_secret_version.data_by_name", "revision", "1"),
+				),
+			},
+		},
+	})
+}

scaleway/provider.go

@@ -217,6 +217,7 @@ func Provider(config *ProviderConfig) plugin.ProviderFunc {
 				"scaleway_registry_namespace":                  dataSourceScalewayRegistryNamespace(),
 				"scaleway_tem_domain":                          dataSourceScalewayTemDomain(),
 				"scaleway_secret":                              dataSourceScalewaySecret(),
+				"scaleway_secret_version":                      dataSourceScalewaySecretVersion(),
 				"scaleway_registry_image":                      dataSourceScalewayRegistryImage(),
 				"scaleway_vpc_public_gateway":                  dataSourceScalewayVPCPublicGateway(),
 				"scaleway_vpc_gateway_network":                 dataSourceScalewayVPCGatewayNetwork(),