feat(container/function): secret env variables customdiff

Codelax · Codelax · commit d89ccb84708d · 2024-03-04T10:34:23.000+01:00
diff --git a/go.mod b/go.mod
@@ -1,6 +1,7 @@
 module github.com/scaleway/terraform-provider-scaleway/v2
 
 require (
+	github.com/alexedwards/argon2id v1.0.0
 	github.com/aws/aws-sdk-go v1.50.9
 	github.com/dnaeon/go-vcr v1.2.0
 	github.com/docker/docker v25.0.2+incompatible
diff --git a/go.sum b/go.sum
@@ -8,6 +8,8 @@ github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCv
 github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHcQQP0w=
+github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw=
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
@@ -252,6 +254,7 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -271,6 +274,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
 golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -299,13 +303,17 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
 golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -316,6 +324,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
diff --git a/scaleway/helpers_container.go b/scaleway/helpers_container.go
@@ -219,3 +219,12 @@ func retryCreateContainerDomain(ctx context.Context, containerAPI *container.API
 		}
 	}
 }
+
+func flattenContainerSecretEnvironmentVariables(secrets []*container.SecretHashedValue) map[string]any {
+	m := make(map[string]any, len(secrets))
+	for _, s := range secrets {
+		m[s.Key] = s.HashedValue
+	}
+
+	return m
+}
diff --git a/scaleway/resource_container_namespace.go b/scaleway/resource_container_namespace.go
@@ -3,6 +3,7 @@ package scaleway
 import (
 	"context"
 
+	"github.com/alexedwards/argon2id"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -61,6 +62,10 @@ func resourceScalewayContainerNamespace() *schema.Resource {
 					ValidateFunc: validation.StringLenBetween(0, 1000),
 				},
 				ValidateDiagFunc: validation.MapKeyLenBetween(0, 100),
+				DiffSuppressFunc: func(k, oldValue, newValue string, d *schema.ResourceData) bool {
+					match, _ := argon2id.ComparePasswordAndHash(oldValue, newValue)
+					return match
+				},
 			},
 			"registry_endpoint": {
 				Type:        schema.TypeString,
@@ -131,6 +136,7 @@ func resourceScalewayContainerNamespaceRead(ctx context.Context, d *schema.Resou
 
 	_ = d.Set("description", flattenStringPtr(ns.Description))
 	_ = d.Set("environment_variables", ns.EnvironmentVariables)
+	_ = d.Set("secret_environment_variables", flattenContainerSecretEnvironmentVariables(ns.SecretEnvironmentVariables))
 	_ = d.Set("name", ns.Name)
 	_ = d.Set("organization_id", ns.OrganizationID)
 	_ = d.Set("project_id", ns.ProjectID)
diff --git a/scaleway/resource_container_namespace_test.go b/scaleway/resource_container_namespace_test.go
@@ -190,6 +190,78 @@ func TestAccScalewayContainerNamespace_DestroyRegistry(t *testing.T) {
 	})
 }
 
+func TestAccScalewayContainerNamespace_ImportWithSecrets(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy: resource.ComposeTestCheckFunc(
+			testAccCheckScalewayContainerNamespaceDestroy(tt),
+			testAccCheckScalewayContainerRegistryDestroy(tt),
+		),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-cr-ns-import-01"
+						secret_environment_variables = {
+							foo = "bar"
+						}
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayContainerNamespaceExists(tt, "scaleway_container_namespace.main"),
+					testCheckResourceAttrUUID("scaleway_container_namespace.main", "id"),
+					resource.TestCheckResourceAttr("scaleway_container_namespace.main", "secret_environment_variables.foo", "bar"),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-cr-ns-import-01"
+						secret_environment_variables = {
+							foo = "bar"
+						}
+					}
+
+					resource scaleway_container_namespace import {
+						name = "test-cr-ns-import-01"
+						secret_environment_variables = {
+							foo = "bar"
+						}
+					}
+				`,
+				ResourceName:       "scaleway_container_namespace.import",
+				ImportState:        true,
+				ImportStatePersist: true,
+				ImportStateIdFunc: func(state *terraform.State) (string, error) {
+					return state.RootModule().Resources["scaleway_container_namespace.main"].Primary.ID, nil
+				},
+			},
+			{
+				Config: `
+					resource scaleway_container_namespace main {
+						name = "test-cr-ns-import-01"
+						secret_environment_variables = {
+							foo = "bar"
+						}
+					}
+
+					resource scaleway_container_namespace import {
+						name = "test-cr-ns-import-01"
+						secret_environment_variables = {
+							foo = "bar"
+						}
+					}
+				`,
+				PlanOnly: true,
+			},
+		},
+	})
+}
+
 func testAccCheckScalewayContainerNamespaceExists(tt *TestTools, n string) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
 		rs, ok := state.RootModule().Resources[n]

Original file line number	Diff line number	Diff line change
`@@ -219,3 +219,12 @@ func retryCreateContainerDomain(ctx context.Context, containerAPI *container.API`
`219`	`219`	`}`
`220`	`220`	`}`
`221`	`221`	`}`
	`222`	`+`
	`223`	`+func flattenContainerSecretEnvironmentVariables(secrets []*container.SecretHashedValue) map[string]any {`
	`224`	`+ m := make(map[string]any, len(secrets))`
	`225`	`+ for _, s := range secrets {`
	`226`	`+ m[s.Key] = s.HashedValue`
	`227`	`+ }`
	`228`	`+`
	`229`	`+ return m`
	`230`	`+}`