add data source tencentcloud_ssm_secrets and tencentcloud_ssm_secret_versions

Author: ChrisdeR

tencentcloud/data_source_tc_ssm_secret_versions.go

@@ -0,0 +1,142 @@
+package tencentcloud
+
+import (
+	"context"
+	"log"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudSsmSecretVersions() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudSsmSecretVersionsRead,
+		Schema: map[string]*schema.Schema{
+			"secret_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Secret name used to filter result.",
+			},
+			"version_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "VersionId used to filter result.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+			"secret_version_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of SSM secret versions.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"version_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Version of secret.",
+						},
+						"secret_binary": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The base64-encoded binary secret.",
+						},
+						"secret_string": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The string text of secret.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudSsmSecretVersionsRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_ssm_secret_versions.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	ssmService := SsmService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+
+	secretName := d.Get("secret_name").(string)
+	var outErr, inErr error
+	var secretInfo *SecretInfo
+	outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		secretInfo, inErr = ssmService.DescribeSecretByName(ctx, secretName)
+		if inErr != nil {
+			return retryError(inErr)
+		}
+		return nil
+	})
+	if outErr != nil {
+		log.Printf("[CRITAL]%s read SSM secret failed, reason:%+v", logId, outErr)
+		return outErr
+	}
+	if secretInfo.status != SSM_STATUS_ENABLED {
+		log.Printf("[CRITAL]%s read SSM secret version failed, reason: secret status is not Enabled", logId)
+		return nil
+	}
+	var secretVersionInfos []*SecretVersionInfo
+	var versionIds []string
+	if v, ok := d.GetOk("version_id"); ok {
+		versionIds = append(versionIds, v.(string))
+	} else {
+		outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+			versionIds, inErr = ssmService.DescribeSecretVersionIdsByName(ctx, secretName)
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			return nil
+		})
+		if outErr != nil {
+			log.Printf("[CRITAL]%s read SSM secret versionId list failed, reason:%+v", logId, outErr)
+			return outErr
+		}
+	}
+
+	for _, versionId := range versionIds {
+		outErr = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+			secretVersionInfo, inErr := ssmService.DescribeSecretVersion(ctx, secretName, versionId)
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			secretVersionInfos = append(secretVersionInfos, secretVersionInfo)
+			return nil
+		})
+		if outErr != nil {
+			log.Printf("[CRITAL]%s read SSM secret version failed, reason:%+v", logId, outErr)
+			return outErr
+		}
+	}
+
+	var secretVersionList []map[string]interface{}
+	var ids []string
+	for _, secretVersionInfo := range secretVersionInfos {
+		mapping := map[string]interface{}{
+			"version_id":    secretVersionInfo.versionId,
+			"secret_binary": secretVersionInfo.secretBinary,
+			"secret_string": secretVersionInfo.secretString,
+		}
+
+		secretVersionList = append(secretVersionList, mapping)
+		ids = append(ids, strings.Join([]string{secretVersionInfo.secretName, secretVersionInfo.versionId}, FILED_SP))
+	}
+
+	d.SetId(helper.DataResourceIdsHash(ids))
+	if e := d.Set("secret_version_list", secretVersionList); e != nil {
+		log.Printf("[CRITAL]%s provider set SSM secret version list fail, reason:%+v", logId, e)
+		return e
+	}
+	if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
+		return writeToFile(output.(string), secretVersionList)
+	}
+	return nil
+}

tencentcloud/data_source_tc_ssm_secret_versions_test.go

@@ -0,0 +1,52 @@
+package tencentcloud
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccTencentCloudSsmSecretVersionsDataSource(t *testing.T) {
+	dataSourceName := "data.tencentcloud_ssm_secret_versions.secret_version"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: TestAccTencentCloudSsmSecretVersionsDataSourceConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTencentCloudDataSourceID(dataSourceName),
+					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.version_id", "v2"),
+					resource.TestCheckResourceAttr(dataSourceName, "secret_version_list.0.secret_binary", "MTIzMTIzMTIzMTIzMTIzQQ=="),
+				),
+			},
+		},
+	})
+}
+
+const TestAccTencentCloudSsmSecretVersionsDataSourceConfig = `
+resource "tencentcloud_ssm_secret" "secret" {
+  secret_name = "unit-test"
+  description = "test secret"
+  init_secret {
+    version_id = "v1"
+    secret_string = "123456789"
+  }
+
+  tags = {
+    test-tag = "test"
+  }
+}
+
+resource "tencentcloud_ssm_secret_version" "v2" {
+  secret_name = tencentcloud_ssm_secret.secret.secret_name
+  version_id = "v2"
+  secret_binary = "MTIzMTIzMTIzMTIzMTIzQQ=="
+}
+
+data "tencentcloud_ssm_secret_versions" "secret_version" {
+  secret_name = tencentcloud_ssm_secret_version.v2.secret_name
+  version_id = tencentcloud_ssm_secret_version.v2.version_id
+}
+`

tencentcloud/data_source_tc_ssm_secrets.go

@@ -0,0 +1,154 @@
+package tencentcloud
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	ssm "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssm/v20190923"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func dataSourceTencentCloudSsmSecrets() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceTencentCloudSsmSecretsRead,
+		Schema: map[string]*schema.Schema{
+			"order_type": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Default:     0,
+				Description: "The order to sort the create time of secret. `0` - desc, `1` - asc. Default value is `0`.",
+			},
+			"state": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Default:     0,
+				Description: "Filter by state of secret. `0` - all secrets are queried, `1` - only Enabled secrets are queried, `2` - only Disabled secrets are queried, `3` - only PendingDelete secrets are queried.",
+			},
+			"secret_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Secret name used to filter result.",
+			},
+			"tags": {
+				Type:        schema.TypeMap,
+				Optional:    true,
+				Description: "Tags to filter secret.",
+			},
+			"result_output_file": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Used to save results.",
+			},
+			"secret_list": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of SSM secrets.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"secret_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of secret.",
+						},
+						"description": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Description of secret.",
+						},
+						"kms_key_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "KMS keyId used to encrypt secret.",
+						},
+						"create_uin": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Uin of Creator.",
+						},
+						"status": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Status of secret.",
+						},
+						"delete_time": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Delete time of CMK.",
+						},
+						"create_time": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Create time of secret.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceTencentCloudSsmSecretsRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("data_source.tencentcloud_ssm_secrets.read")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	param := make(map[string]interface{})
+	if v, ok := d.GetOk("order_type"); ok {
+		param["order_type"] = v.(int)
+	}
+	if v, ok := d.GetOk("state"); ok {
+		param["state"] = v.(int)
+	}
+	if v, ok := d.GetOk("secret_name"); ok {
+		param["secret_name"] = v.(string)
+	}
+	if tags := helper.GetTags(d, "tags"); len(tags) > 0 {
+		param["tag_filter"] = tags
+	}
+
+	ssmService := SsmService{
+		client: meta.(*TencentCloudClient).apiV3Conn,
+	}
+	var secrets []*ssm.SecretMetadata
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		results, e := ssmService.DescribeSecretsByFilter(ctx, param)
+		if e != nil {
+			return retryError(e)
+		}
+		secrets = results
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read SSM secrets failed, reason:%+v", logId, err)
+		return err
+	}
+	secretList := make([]map[string]interface{}, 0, len(secrets))
+	secretNames := make([]string, 0, len(secrets))
+	for _, secret := range secrets {
+		mapping := map[string]interface{}{
+			"secret_name": secret.SecretName,
+			"description": secret.Description,
+			"kms_key_id":  secret.KmsKeyId,
+			"create_uin":  secret.CreateUin,
+			"status":      secret.Status,
+			"delete_time": secret.DeleteTime,
+			"create_time": secret.CreateTime,
+		}
+
+		secretList = append(secretList, mapping)
+		secretNames = append(secretNames, *secret.SecretName)
+	}
+
+	d.SetId(helper.DataResourceIdsHash(secretNames))
+	if e := d.Set("secret_list", secretList); e != nil {
+		log.Printf("[CRITAL]%s provider set SSM secret list fail, reason:%+v", logId, e)
+		return e
+	}
+	if output, ok := d.GetOk("result_output_file"); ok && output.(string) != "" {
+		return writeToFile(output.(string), secretList)
+	}
+	return nil
+}