ssm secret resource remove init_secret param

Author: ChrisdeR

examples/tencentcloud-ssm/main.tf

@@ -8,19 +8,14 @@ resource "tencentcloud_ssm_secret" "foo" {
   recovery_window_in_days = 0
   is_enabled = true
 
-  init_secret {
-    version_id = "v1"
-    secret_string = "123456"
-  }
-
   tags = {
     test-tag = "test"
   }
 }
 
-resource "tencentcloud_ssm_secret_version" "v2" {
+resource "tencentcloud_ssm_secret_version" "v1" {
   secret_name = tencentcloud_ssm_secret.foo.secret_name
-  version_id = "v2"
+  version_id = "v1"
   secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
 }
 
@@ -31,6 +26,6 @@ data "tencentcloud_ssm_secrets" "secret_list" {
 }
 
 data "tencentcloud_ssm_secret_versions" "secret_version_list" {
-  secret_name = tencentcloud_ssm_secret_version.v2.secret_name
-  version_id = tencentcloud_ssm_secret_version.v2.version_id
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id = tencentcloud_ssm_secret_version.v1.version_id
 }

tencentcloud/data_source_tc_ssm_secret_versions_test.go

@@ -17,7 +17,7 @@ func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
 				Config: TestAccTencentCloudSsmSecretVersionsDataSourceConfig,
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckTencentCloudDataSourceID(dataSourceName),
-					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.version_id", "v2"),
+					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.version_id", "v1"),
 					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.secret_binary", "MTIzMTIzMTIzMTIzMTIzQQ=="),
 				),
 			},
@@ -29,24 +29,20 @@ const TestAccTencentCloudSsmSecretVersionsDataSourceConfig = `
 resource "tencentcloud_ssm_secret" "secret" {
   secret_name = "unit-test"
   description = "test secret"
-  init_secret {
-    version_id = "v1"
-    secret_string = "123456789"
-  }
 
   tags = {
     test-tag = "test"
   }
 }
 
-resource "tencentcloud_ssm_secret_version" "v2" {
+resource "tencentcloud_ssm_secret_version" "v1" {
   secret_name = tencentcloud_ssm_secret.secret.secret_name
-  version_id = "v2"
+  version_id = "v1"
   secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
 }
 
 data "tencentcloud_ssm_secret_versions" "secret_version" {
-  secret_name = tencentcloud_ssm_secret_version.v2.secret_name
-  version_id = tencentcloud_ssm_secret_version.v2.version_id
+  secret_name = tencentcloud_ssm_secret_version.v1.secret_name
+  version_id = tencentcloud_ssm_secret_version.v1.version_id
 }
 `

tencentcloud/data_source_tc_ssm_secrets_test.go

@@ -33,10 +33,6 @@ const TestAccTencentCloudSsmSecretsDataSourceConfig = `
 resource "tencentcloud_ssm_secret" "secret" {
   secret_name = "unit-test"
   description = "test secret"
-  init_secret {
-    version_id = "v1"
-    secret_string = "123456789"
-  }
 
   tags = {
     test-tag = "test"

tencentcloud/provider.go

@@ -415,7 +415,7 @@ SSL Certificates
 SSM
   Data Source
     tencentcloud_ssm_secrets
-	tencentcloud_ssm_secret_versions
+    tencentcloud_ssm_secret_versions
 
   Resource
     tencentcloud_ssm_secret

tencentcloud/resource_tc_ssm_secret.go

@@ -8,11 +8,6 @@ resource "tencentcloud_ssm_secret" "foo" {
   recovery_window_in_days = 0
   is_enabled = true
 
-  init_secret {
-    version_id = "v1"
-    secret_string = "123456"
-  }
-
   tags = {
     test-tag = "test"
   }
@@ -54,34 +49,6 @@ func resourceTencentCloudSsmSecret() *schema.Resource {
 				Required:    true,
 				Description: "Name of secret which cannot be repeated in the same region. The maximum length is 128 bytes. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.",
 			},
-			"init_secret": {
-				Type:        schema.TypeList,
-				Required:    true,
-				MinItems:    1,
-				MaxItems:    1,
-				Description: "The secret of initial version.",
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"version_id": {
-							Type:        schema.TypeString,
-							Required:    true,
-							Description: "Version of secret. The maximum length is 64 bytes. The version_id can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.",
-						},
-						"secret_binary": {
-							Type:         schema.TypeString,
-							Optional:     true,
-							ExactlyOneOf: []string{"init_secret.0.secret_string"},
-							Description:  "The base64-encoded binary secret. secret_binary and secret_string must be set only one, and the maximum support is 4096 bytes. When secret status is `Disabled`, this field will not update anymore.",
-						},
-						"secret_string": {
-							Type:         schema.TypeString,
-							Optional:     true,
-							ExactlyOneOf: []string{"init_secret.0.secret_binary"},
-							Description:  "The string text of secret. secret_binary and secret_string must be set only one, and the maximum support is 4096 bytes. When secret status is `Disabled`, this field will not update anymore.",
-						},
-					},
-				},
-			},
 			"is_enabled": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -136,16 +103,10 @@ func resourceTencentCloudSsmSecretCreate(d *schema.ResourceData, meta interface{
 	if v, ok := d.GetOk("kms_key_id"); ok {
 		param["kms_key_id"] = v.(string)
 	}
-
-	initSecret := d.Get("init_secret").([]interface{})
-	versionInfo := initSecret[0].(map[string]interface{})
-	param["version_id"] = versionInfo["version_id"].(string)
-	if v, ok := versionInfo["secret_binary"]; ok {
-		param["secret_binary"] = v.(string)
-	}
-	if v, ok := versionInfo["secret_string"]; ok {
-		param["secret_string"] = v.(string)
-	}
+	//use a default version info, after create secret will delete this version
+	//because sdk do not support create secret without version
+	param["version_id"] = "default"
+	param["secret_string"] = "default"
 
 	var outErr, inErr error
 	var secretName string
@@ -161,6 +122,18 @@ func resourceTencentCloudSsmSecretCreate(d *schema.ResourceData, meta interface{
 	}
 	d.SetId(secretName)
 
+	//delete default version info
+	outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		inErr = ssmService.DeleteSecretVersion(ctx, secretName, "default")
+		if inErr != nil {
+			return retryError(inErr)
+		}
+		return nil
+	})
+	if outErr != nil {
+		return outErr
+	}
+
 	if isEnabled := d.Get("is_enabled").(bool); !isEnabled {
 		outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 			inErr = ssmService.DisableSecret(ctx, secretName)
@@ -231,55 +204,6 @@ func resourceTencentCloudSsmSecretRead(d *schema.ResourceData, meta interface{})
 
 	if secretInfo.status == SSM_STATUS_ENABLED {
 		_ = d.Set("is_enabled", true)
-
-		secret := d.Get("init_secret").([]interface{})
-		var versionId string
-
-		// import secret will import the first version as init_secret
-		if len(secret) == 0 {
-			var versionIds []string
-			outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
-				versionIds, inErr = ssmService.DescribeSecretVersionIdsByName(ctx, secretName)
-				if inErr != nil {
-					return retryError(inErr)
-				}
-				return nil
-			})
-			if outErr != nil {
-				log.Printf("[CRITAL]%s read SSM secret versionId list failed, reason:%+v", logId, outErr)
-				return outErr
-			}
-			if len(versionIds) != 0 {
-				versionId = versionIds[0]
-			}
-		} else {
-			versionInfo := secret[0].(map[string]interface{})
-			versionId = versionInfo["version_id"].(string)
-		}
-
-		if versionId != "" {
-			var secretVersionInfo *SecretVersionInfo
-			outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
-				secretVersionInfo, inErr = ssmService.DescribeSecretVersion(ctx, secretName, versionId)
-				if inErr != nil {
-					return retryError(inErr)
-				}
-				return nil
-			})
-			if outErr != nil {
-				return outErr
-			}
-
-			initSecret := make(map[string]interface{})
-			initSecret["version_id"] = secretVersionInfo.versionId
-			if secretVersionInfo.secretBinary != "" {
-				initSecret["secret_binary"] = secretVersionInfo.secretBinary
-			}
-			if secretVersionInfo.secretString != "" {
-				initSecret["secret_string"] = secretVersionInfo.secretString
-			}
-			_ = d.Set("init_secret", []map[string]interface{}{initSecret})
-		}
 	} else {
 		_ = d.Set("is_enabled", false)
 	}
@@ -331,30 +255,6 @@ func resourceTencentCloudSsmSecretUpdate(d *schema.ResourceData, meta interface{
 		d.SetPartial("is_enabled")
 	}
 
-	var outErr, inErr error
-	var secretInfo *SecretInfo
-	outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
-		secretInfo, inErr = ssmService.DescribeSecretByName(ctx, secretName)
-		if inErr != nil {
-			return retryError(inErr)
-		}
-		return nil
-	})
-	if outErr != nil {
-		return outErr
-	}
-
-	if secretInfo.status == SSM_STATUS_ENABLED {
-		err := updateSecretVersionInfo(ctx, d, ssmService)
-		if err != nil {
-			log.Printf("[CRITAL]%s modify SSM secret version failed, reason:%+v", logId, err)
-			return err
-		}
-		d.SetPartial("init_secret.0.version_id")
-		d.SetPartial("init_secret.0.secret_binary")
-		d.SetPartial("init_secret.0.secret_string")
-	}
-
 	if d.HasChange("tags") {
 		tcClient := meta.(*TencentCloudClient).apiV3Conn
 		tagService := &TagService{client: tcClient}
@@ -451,63 +351,3 @@ func updateSecretIsEnabled(ctx context.Context, ssmService SsmService, secretNam
 	}
 	return err
 }
-
-func updateSecretVersionInfo(ctx context.Context, d *schema.ResourceData, ssmService SsmService) error {
-	logId := getLogId(ctx)
-
-	param := make(map[string]interface{})
-	param["secret_name"] = d.Get("secret_name").(string)
-	param["version_id"] = d.Get("init_secret.0.version_id").(string)
-	if v, ok := d.GetOk("init_secret.0.secret_binary"); ok {
-		param["secret_binary"] = v.(string)
-	}
-	if v, ok := d.GetOk("init_secret.0.secret_string"); ok {
-		param["secret_string"] = v.(string)
-	}
-	if d.HasChange("init_secret.0.version_id") {
-		oldVersionId, newVersionId := d.GetChange("init_secret.0.version_id")
-		if oldVersionId.(string) != "" {
-			err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-				e := ssmService.DeleteSecretVersion(ctx, d.Get("secret_name").(string), oldVersionId.(string))
-				if e != nil {
-					return retryError(e)
-				}
-				return nil
-			})
-			if err != nil {
-				log.Printf("[CRITAL]%s delete SSM secret version failed, reason:%+v", logId, err)
-				return err
-			}
-		}
-
-		if newVersionId.(string) != "" {
-			err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-				_, _, e := ssmService.PutSecretValue(ctx, param)
-				if e != nil {
-					return retryError(e)
-				}
-				return nil
-			})
-			if err != nil {
-				log.Printf("[CRITAL]%s add SSM secret version failed, reason:%+v", logId, err)
-				return err
-			}
-		}
-	} else if d.HasChange("init_secret.0.secret_binary") || d.HasChange("init_secret.0.secret_string") {
-		versionId := d.Get("init_secret.0.version_id").(string)
-		if versionId != "" {
-			err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
-				e := ssmService.UpdateSecret(ctx, param)
-				if e != nil {
-					return retryError(e)
-				}
-				return nil
-			})
-			if err != nil {
-				log.Printf("[CRITAL]%s modify SSM secret content failed, reason:%+v", logId, err)
-				return err
-			}
-		}
-	}
-	return nil
-}

tencentcloud/resource_tc_ssm_secret_test.go

@@ -25,8 +25,6 @@ func TestAccTencentCloudSsmSecret_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "secret_name", "unit-test"),
 					resource.TestCheckResourceAttr(resourceName, "is_enabled", "false"),
 					resource.TestCheckResourceAttr(resourceName, "description", "test secret"),
-					resource.TestCheckResourceAttr(resourceName, "init_secret.0.version_id", "v1"),
-					resource.TestCheckResourceAttr(resourceName, "init_secret.0.secret_string", "123456789"),
 					resource.TestCheckResourceAttrSet(resourceName, "kms_key_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "status"),
 				),
@@ -37,8 +35,6 @@ func TestAccTencentCloudSsmSecret_basic(t *testing.T) {
 					testAccCheckSsmSecretExists(resourceName),
 					resource.TestCheckResourceAttr(resourceName, "is_enabled", "true"),
 					resource.TestCheckResourceAttr(resourceName, "description", "test description modify"),
-					resource.TestCheckResourceAttr(resourceName, "init_secret.0.version_id", "v2"),
-					resource.TestCheckResourceAttr(resourceName, "init_secret.0.secret_string", "12345"),
 				),
 			},
 			{
@@ -111,11 +107,6 @@ resource "tencentcloud_ssm_secret" "secret" {
   description = "test secret"
   is_enabled = false
 
-  init_secret {
-    version_id = "v1"
-    secret_string = "123456789"
-  }
-
   tags = {
     test-tag = "test"
   }
@@ -128,11 +119,6 @@ resource "tencentcloud_ssm_secret" "secret" {
   description = "test description modify"
   is_enabled = true
 
-  init_secret {
-    version_id = "v2"
-    secret_string = "12345"
-  }
-
   tags = {
     test-tag = "test"
   }