streamnative
diff --git a/‎.github/workflows/acctest.yml‎
Lines changed: 14 additions & 6 deletions b/‎.github/workflows/acctest.yml‎
Lines changed: 14 additions & 6 deletions
diff --git a/‎cloud/data_source_secret.go‎
Lines changed: 111 additions & 0 deletions b/‎cloud/data_source_secret.go‎
Lines changed: 111 additions & 0 deletions
diff --git a/‎cloud/provider.go‎
Lines changed: 6 additions & 0 deletions b/‎cloud/provider.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎cloud/resource_pulsar_cluster.go‎
Lines changed: 4 additions & 0 deletions b/‎cloud/resource_pulsar_cluster.go‎
Lines changed: 4 additions & 0 deletions
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 name: Tests
-on: [ pull_request ]
+on: [pull_request]
 jobs:
   acctest:
     name: Run acceptance tests
@@ -53,11 +53,19 @@ jobs:
           sudo mv terraform-provider-streamnative $HOME/.terraform.d/plugins/linux_amd64/
           echo "The terraform-provider-streamnative location:" `readlink -f $HOME/.terraform.d/plugins/linux_amd64/`
 
-#      - name: Setup tmate session
-#        uses: mxschmitt/action-tmate@v3
+      #      - name: Setup tmate session
+      #        uses: mxschmitt/action-tmate@v3
 
-      - name: Run Acceptance Tests for the Provider
+      - name: Ready the environment
         run: |
           echo $ACC_TEST_SERVICE_ACCOUNT > $HOME/service_account.json
-          export KEY_FILE_PATH=$HOME/service_account.json
-          make testacc
+
+      - name: Run Acceptance Tests for the Provider
+        uses: nick-fields/retry@v2
+        with:
+          timeout_minutes: 120
+          max_attempts: 3
+          retry_on: error
+          command: |
+            export KEY_FILE_PATH=$HOME/service_account.json
+            make testacc
@@ -0,0 +1,111 @@
+// Copyright 2024 StreamNative, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cloud
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func dataSourceSecret() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceSecretRead,
+		Importer: &schema.ResourceImporter{
+			StateContext: func(
+				ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+				parts := strings.Split(d.Id(), "/")
+				if len(parts) != 2 {
+					return nil, fmt.Errorf("invalid import id %q, expected <organization>/<name>", d.Id())
+				}
+				_ = d.Set("organization", parts[0])
+				_ = d.Set("name", parts[1])
+				if diags := dataSourceSecretRead(ctx, d, meta); diags.HasError() {
+					return nil, fmt.Errorf("import %q: %s", d.Id(), diags[0].Summary)
+				}
+				return []*schema.ResourceData{d}, nil
+			},
+		},
+		Schema: map[string]*schema.Schema{
+			"organization": {
+				Type:         schema.TypeString,
+				Required:     true,
+				Description:  descriptions["organization"],
+				ValidateFunc: validateNotBlank,
+			},
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				Description:  descriptions["secret_name"],
+				ValidateFunc: validateNotBlank,
+			},
+			"instance_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["instance_name"],
+			},
+			"location": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["location"],
+			},
+			"pool_member_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["pool_member_name"],
+			},
+			"type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: descriptions["secret_type"],
+			},
+			"data": {
+				Type:        schema.TypeMap,
+				Computed:    true,
+				Sensitive:   true,
+				Description: descriptions["secret_data"],
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceSecretRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	namespace := d.Get("organization").(string)
+	name := d.Get("name").(string)
+
+	clientSet, err := getClientSet(getFactoryFromMeta(meta))
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("ERROR_INIT_CLIENT_ON_READ_SECRET: %w", err))
+	}
+
+	secret, err := clientSet.CloudV1alpha1().Secrets(namespace).Get(ctx, name, metav1.GetOptions{})
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			d.SetId("")
+			return nil
+		}
+		return diag.FromErr(fmt.Errorf("ERROR_READ_SECRET: %w", err))
+	}
+
+	return setSecretState(d, secret)
+}
@@ -65,6 +65,10 @@ func init() {
 		"cluster_display_name":         "The pulsar cluster display name",
 		"admin":                        "Whether the service account is admin",
 		"private_key_data":             "The private key data",
+		"secret_name":                  "The secret name",
+		"secret_data":                  "The secret data map",
+		"secret_string_data":           "Write-only string data that will be stored encrypted by the API server",
+		"secret_type":                  "The Kubernetes secret type",
 		"availability-mode":            "The availability mode, supporting 'zonal' and 'regional'",
 		"pool_name":                    "The infrastructure pool name",
 		"pool_namespace":               "The infrastructure pool namespace",
@@ -249,6 +253,7 @@ func Provider() *schema.Provider {
 			"streamnative_rolebinding":             resourceRoleBinding(),
 			"streamnative_volume":                  resourceVolume(),
 			"streamnative_catalog":                 resourceCatalog(),
+			"streamnative_secret":                  resourceSecret(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"streamnative_service_account":         dataSourceServiceAccount(),
@@ -265,6 +270,7 @@ func Provider() *schema.Provider {
 			"streamnative_rolebinding":             dataSourceRoleBinding(),
 			"streamnative_volume":                  dataSourceVolume(),
 			"streamnative_catalog":                 dataSourceCatalog(),
+			"streamnative_secret":                  dataSourceSecret(),
 		},
 	}
 	provider.ConfigureContextFunc = func(_ context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
 
@@ -67,6 +67,10 @@ func resourcePulsarCluster() *schema.Resource {
 				return []*schema.ResourceData{d}, nil
 			},
 		},
+		Timeouts: &schema.ResourceTimeout{
+			// Pulsar clusters can take time to tear down; allow 30m to avoid spurious test failures.
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
 		Schema: map[string]*schema.Schema{
 			"organization": {
 				Type:         schema.TypeString,