fix(container): fix secret management container

jremy42 · jremy42 · commit ca18c97e4822 · 2025-03-20T16:06:02.000+01:00
diff --git a/internal/services/container/helpers_container.go b/internal/services/container/helpers_container.go
@@ -3,6 +3,7 @@ package container
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"
 	"time"
 
@@ -302,6 +303,30 @@ func expandContainerSecrets(secretsRawMap interface{}) []*container.Secret {
 	return secrets
 }
 
+func convertToMapStringInterface(raw interface{}) map[string]interface{} {
+	out := make(map[string]interface{})
+	if raw == nil {
+		return out
+	}
+
+	m, ok := raw.(map[interface{}]interface{})
+	if ok {
+		for k, v := range m {
+			stringKey := fmt.Sprintf("%v", k)
+			out[stringKey] = v
+		}
+
+		return out
+	}
+
+	m2, ok := raw.(map[string]interface{})
+	if ok {
+		return m2
+	}
+
+	return out
+}
+
 func isContainerDNSResolveError(err error) bool {
 	responseError := &scw.ResponseError{}
 
diff --git a/internal/services/container/namespace.go b/internal/services/container/namespace.go
@@ -188,8 +188,29 @@ func ResourceContainerNamespaceUpdate(ctx context.Context, d *schema.ResourceDat
 		req.Tags = types.ExpandUpdatedStringsPtr(d.Get("tags"))
 	}
 
-	if d.HasChanges("environment_variables") {
-		req.EnvironmentVariables = types.ExpandMapPtrStringString(d.Get("environment_variables"))
+	if d.HasChange("secret_environment_variables") {
+		oldSecretsRaw, newSecretsRaw := d.GetChange("secret_environment_variables")
+
+		oldSecretsMap := convertToMapStringInterface(oldSecretsRaw)
+		newSecretsMap := convertToMapStringInterface(newSecretsRaw)
+
+		oldSecrets := expandContainerSecrets(oldSecretsMap)
+		newSecrets := expandContainerSecrets(newSecretsMap)
+
+		deletedSecrets := make([]*container.Secret, 0)
+
+		for _, oldSecret := range oldSecrets {
+			if _, exists := newSecretsMap[oldSecret.Key]; !exists {
+				deletedSecrets = append(deletedSecrets, &container.Secret{
+					Key:   oldSecret.Key,
+					Value: nil,
+				})
+			}
+		}
+
+		deletedSecrets = append(deletedSecrets, newSecrets...)
+
+		req.SecretEnvironmentVariables = deletedSecrets
 	}
 
 	if d.HasChange("secret_environment_variables") {
diff --git a/internal/services/container/namespace_test.go b/internal/services/container/namespace_test.go
@@ -172,6 +172,91 @@ func TestAccNamespace_Basic(t *testing.T) {
 	})
 }
 
+func TestAccNamespace_SecretManagement(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      isNamespaceDestroyed(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-secret-ns"
+						secret_environment_variables = {
+							"SECRET_1" = "value1"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isNamespacePresent(tt, "scaleway_container_namespace.main"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_1", "value1"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-secret-ns"
+						secret_environment_variables = {}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isNamespacePresent(tt, "scaleway_container_namespace.main"),
+					resource.TestCheckNoResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_1"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-secret-ns"
+						secret_environment_variables = {
+							"SECRET_1" = "value1"
+							"SECRET_2" = "value2"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isNamespacePresent(tt, "scaleway_container_namespace.main"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_1", "value1"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_2", "value2"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-secret-ns"
+						secret_environment_variables = {
+							"SECRET_2" = "value2"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isNamespacePresent(tt, "scaleway_container_namespace.main"),
+					resource.TestCheckNoResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_1"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_2", "value2"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-secret-ns"
+						secret_environment_variables = {
+							"SECRET_3" = "value3"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					isNamespacePresent(tt, "scaleway_container_namespace.main"),
+					resource.TestCheckNoResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_2"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.SECRET_3", "value3"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccNamespace_DestroyRegistry(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()
diff --git a/internal/services/container/testdata/namespace-secret-management.cassette.yaml b/internal/services/container/testdata/namespace-secret-management.cassette.yaml
