feat(container): add secret environment variables (#1544)

Co-authored-by: Rémy Léone <[email protected]>

Author: Codelax

docs/resources/container.md

@@ -60,6 +60,8 @@ The following arguments are optional:
 
 - `environment_variables` - (Optional) The [environment](https://www.scaleway.com/en/docs/compute/containers/concepts/#environment-variables) variables of the container.
 
+- `secret_environment_variables` - (Optional) The [secret environment](https://www.scaleway.com/en/docs/compute/containers/concepts/#secrets) variables of the container.
+
 - `min_scale` - (Optional) The minimum of running container instances continuously. Defaults to 0.
 
 - `max_scale` - (Optional) The maximum of number of instances this container can scale to. Default to 20.

docs/resources/container_namespace.md

@@ -36,6 +36,8 @@ The following arguments are supported:
 
 - `environment_variables` - The environment variables of the namespace.
 
+- `secret_environment_variables` - The secret environment variables of the namespace.
+
 - `destroy_registry` - (Defaults to false). Destroy linked container registry on deletion.
 
 ## Attributes Reference

scaleway/helpers_container.go

@@ -145,3 +145,17 @@ func waitForContainer(ctx context.Context, api *container.API, containerID strin
 
 	return api.WaitForContainer(&request, scw.WithContext(ctx))
 }
+
+func expandContainerSecrets(secretsRawMap interface{}) []*container.Secret {
+	secretsMap := secretsRawMap.(map[string]interface{})
+	secrets := make([]*container.Secret, 0, len(secretsMap))
+
+	for k, v := range secretsMap {
+		secrets = append(secrets, &container.Secret{
+			Key:   k,
+			Value: expandStringPtr(v),
+		})
+	}
+
+	return secrets
+}

scaleway/resource_container.go

@@ -60,6 +60,17 @@ func resourceScalewayContainer() *schema.Resource {
 				},
 				ValidateDiagFunc: validation.MapKeyLenBetween(0, 100),
 			},
+			"secret_environment_variables": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Sensitive:   true,
+				Description: "The secret environment variables to be injected into your container at runtime.",
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringLenBetween(0, 1000),
+				},
+				ValidateDiagFunc: validation.MapKeyLenBetween(0, 100),
+			},
 			"min_scale": {
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -292,6 +303,10 @@ func resourceScalewayContainerUpdate(ctx context.Context, d *schema.ResourceData
 		req.EnvironmentVariables = expandMapPtrStringString(envVariablesRaw)
 	}
 
+	if d.HasChanges("secret_environment_variables") {
+		req.SecretEnvironmentVariables = expandContainerSecrets(d.Get("secret_environment_variables"))
+	}
+
 	if d.HasChanges("min_scale") {
 		req.MinScale = scw.Uint32Ptr(uint32(d.Get("min_scale").(int)))
 	}

scaleway/resource_container_namespace.go

@@ -51,6 +51,17 @@ func resourceScalewayContainerNamespace() *schema.Resource {
 				},
 				ValidateDiagFunc: validation.MapKeyLenBetween(0, 100),
 			},
+			"secret_environment_variables": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Sensitive:   true,
+				Description: "The secret environment variables of the container namespace",
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringLenBetween(0, 1000),
+				},
+				ValidateDiagFunc: validation.MapKeyLenBetween(0, 100),
+			},
 			"registry_endpoint": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -81,11 +92,12 @@ func resourceScalewayContainerNamespaceCreate(ctx context.Context, d *schema.Res
 	}
 
 	ns, err := api.CreateNamespace(&container.CreateNamespaceRequest{
-		Description:          expandStringPtr(d.Get("description").(string)),
-		EnvironmentVariables: expandMapPtrStringString(d.Get("environment_variables")),
-		Name:                 expandOrGenerateString(d.Get("name").(string), "ns"),
-		ProjectID:            d.Get("project_id").(string),
-		Region:               region,
+		Description:                expandStringPtr(d.Get("description").(string)),
+		EnvironmentVariables:       expandMapPtrStringString(d.Get("environment_variables")),
+		SecretEnvironmentVariables: expandContainerSecrets(d.Get("secret_environment_variables")),
+		Name:                       expandOrGenerateString(d.Get("name").(string), "ns"),
+		ProjectID:                  d.Get("project_id").(string),
+		Region:                     region,
 	}, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -152,6 +164,10 @@ func resourceScalewayContainerNamespaceUpdate(ctx context.Context, d *schema.Res
 		req.EnvironmentVariables = expandMapPtrStringString(d.Get("environment_variables"))
 	}
 
+	if d.HasChange("secret_environment_variables") {
+		req.SecretEnvironmentVariables = expandContainerSecrets(d.Get("secret_environment_variables"))
+	}
+
 	if _, err := api.UpdateNamespace(req, scw.WithContext(ctx)); err != nil {
 		return diag.FromErr(err)
 	}

scaleway/resource_container_namespace_test.go

@@ -88,13 +88,17 @@ func TestAccScalewayContainerNamespace_Basic(t *testing.T) {
 						environment_variables = {
 							"test" = "test"
 						}
+						secret_environment_variables = {
+							"test_secret" = "test_secret"
+						}
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckScalewayContainerNamespaceExists(tt, "scaleway_container_namespace.main"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "description", ""),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "name", "test-cr-ns-01"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "environment_variables.test", "test"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.test_secret", "test_secret"),
 
 					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
 				),
@@ -118,12 +122,16 @@ func TestAccScalewayContainerNamespace_Basic(t *testing.T) {
 						environment_variables = {
 							"test" = "test"
 						}
+						secret_environment_variables = {
+							"test_secret" = "test_secret"
+						}
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckScalewayContainerNamespaceExists(tt, "scaleway_container_namespace.main"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "name", "tf-env-test"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "environment_variables.test", "test"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.test_secret", "test_secret"),
 
 					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
 				),
@@ -135,12 +143,16 @@ func TestAccScalewayContainerNamespace_Basic(t *testing.T) {
 						environment_variables = {
 							"foo" = "bar"
 						}
+						secret_environment_variables = {
+							"foo_secret" = "bar_secret"
+						}
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckScalewayContainerNamespaceExists(tt, "scaleway_container_namespace.main"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "name", "tf-env-test"),
 					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "environment_variables.foo", "bar"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.foo_secret", "bar_secret"),
 
 					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
 				),

scaleway/resource_container_test.go

@@ -171,6 +171,85 @@ func TestAccScalewayContainer_Basic(t *testing.T) {
 	})
 }
 
+func TestAccScalewayContainer_Env(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayContainerDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+					}
+
+					resource scaleway_container main {
+						namespace_id = scaleway_container_namespace.main.id
+						environment_variables = {
+							"test" = "test"
+						}
+						secret_environment_variables = {
+							"test_secret" = "test_secret"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayContainerExists(tt, "scaleway_container.main"),
+					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
+					testCheckResourceAttrUUID("scaleway_container.main", "id"),
+					resource.TestCheckResourceAttr("scaleway_container.main", "environment_variables.test", "test"),
+					resource.TestCheckResourceAttr("scaleway_container.main", "secret_environment_variables.test_secret", "test_secret"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+					}
+
+					resource scaleway_container main {
+						namespace_id = scaleway_container_namespace.main.id
+						environment_variables = {
+							"foo" = "bar"
+						}
+						secret_environment_variables = {
+							"foo_secret" = "bar_secret"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayContainerExists(tt, "scaleway_container.main"),
+					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
+					testCheckResourceAttrUUID("scaleway_container.main", "id"),
+					resource.TestCheckResourceAttr("scaleway_container.main", "environment_variables.foo", "bar"),
+					resource.TestCheckResourceAttr("scaleway_container.main", "secret_environment_variables.foo_secret", "bar_secret"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+					}
+
+					resource scaleway_container main {
+						namespace_id = scaleway_container_namespace.main.id
+						environment_variables = {}
+						secret_environment_variables = {}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayContainerExists(tt, "scaleway_container.main"),
+					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
+					testCheckResourceAttrUUID("scaleway_container.main", "id"),
+					resource.TestCheckNoResourceAttr("scaleway_container.main", "environment_variables.%"),
+					resource.TestCheckNoResourceAttr("scaleway_container.main", "secret_environment_variables.%"),
+					resource.TestCheckNoResourceAttr("scaleway_container.main", "environment_variables.foo"),
+					resource.TestCheckNoResourceAttr("scaleway_container.main", "secret_environment_variables.foo_secret"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccScalewayContainer_WithIMG(t *testing.T) {
 	if !*UpdateCassettes {
 		t.Skip("Skipping Container test with image as this kind of test  can't dump docker pushing process on cassettes")