remove default version (#2256)

* remove default version

* add changelog

Author: hellertang

.changelog/2256.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+tencentcloud_ssm_secret: Remove default version while `secret_type` is 0
+```

tencentcloud/resource_tc_ssm_secret.go

@@ -126,7 +126,7 @@ func resourceTencentCloudSsmSecret() *schema.Resource {
 				Type:        schema.TypeInt,
 				Optional:    true,
 				Computed:    true,
-				Description: "Type of secret. `0`: user-defined secret. `4`: redis secret.",
+				Description: "Type of secret. `0`: user-defined secret. `4`: redis secret. Default is `0`.",
 			},
 			"additional_config": {
 				Type:        schema.TypeString,
@@ -171,6 +171,7 @@ func resourceTencentCloudSsmSecretCreate(d *schema.ResourceData, meta interface{
 		secretInfo    *SecretInfo
 		outErr, inErr error
 		secretName    string
+		secretType    int
 	)
 
 	if v, ok := d.GetOk("secret_name"); ok {
@@ -186,14 +187,18 @@ func resourceTencentCloudSsmSecretCreate(d *schema.ResourceData, meta interface{
 	}
 
 	if v, ok := d.GetOkExists("secret_type"); ok {
+		secretType = v.(int)
 		request.SecretType = helper.IntUint64(v.(int))
 	}
 
 	if v, ok := d.GetOk("additional_config"); ok {
 		request.AdditionalConfig = helper.String(v.(string))
 	}
 
-	request.SecretString = helper.String("default")
+	if secretType == 0 {
+		request.VersionId = helper.String("default")
+		request.SecretString = helper.String("default")
+	}
 	outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 		result, e := meta.(*TencentCloudClient).apiV3Conn.UseSsmClient().CreateSecret(request)
 		if e != nil {
@@ -213,6 +218,20 @@ func resourceTencentCloudSsmSecretCreate(d *schema.ResourceData, meta interface{
 	secretName = *response.Response.SecretName
 	d.SetId(secretName)
 
+	//delete default version info
+	if secretType == 0 {
+		outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+			inErr = ssmService.DeleteSecretVersion(ctx, secretName, "default")
+			if inErr != nil {
+				return retryError(inErr)
+			}
+			return nil
+		})
+		if outErr != nil {
+			return outErr
+		}
+	}
+
 	if isEnabled := d.Get("is_enabled").(bool); !isEnabled {
 		outErr = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
 			inErr = ssmService.DisableSecret(ctx, secretName)

website/docs/r/ssm_secret.html.markdown

@@ -91,7 +91,7 @@ The following arguments are supported:
 * `is_enabled` - (Optional, Bool) Specify whether to enable secret. Default value is `true`.
 * `kms_key_id` - (Optional, String, ForceNew) KMS keyId used to encrypt secret. If it is empty, it means that the CMK created by SSM for you by default is used for encryption. You can also specify the KMS CMK created by yourself in the same region for encryption.
 * `recovery_window_in_days` - (Optional, Int) Specify the scheduled deletion date. Default value is `0` that means to delete immediately. 1-30 means the number of days reserved, completely deleted after this date.
-* `secret_type` - (Optional, Int) Type of secret. `0`: user-defined secret. `4`: redis secret.
+* `secret_type` - (Optional, Int) Type of secret. `0`: user-defined secret. `4`: redis secret. Default is `0`.
 * `tags` - (Optional, Map) Tags of secret.
 
 ## Attributes Reference