From 91c34d30978ff5cc6e9600243905b3571556952e Mon Sep 17 00:00:00 2001 From: abheda-crest <105624942+abheda-crest@users.noreply.github.com> Date: Sat, 12 Oct 2024 02:04:03 +0530 Subject: [PATCH] Add support for `is_secret_data_base64` in secret_version and secret_version_access datasources for global and regional stacks (#11877) --- ...ta_source_secret_manager_secret_version.go | 19 +++- ...ce_secret_manager_secret_version_access.go | 19 +++- ...cret_manager_secret_version_access_test.go | 70 ++++++++++----- ...urce_secret_manager_secret_version_test.go | 86 +++++++++++++++++++ ..._secret_manager_regional_secret_version.go | 20 +++-- ..._manager_regional_secret_version_access.go | 19 +++- ...ger_regional_secret_version_access_test.go | 49 +++++++++++ ...et_manager_regional_secret_version_test.go | 86 +++++++++++++++++++ ...ager_regional_secret_version.html.markdown | 3 + ...gional_secret_version_access.html.markdown | 3 + ...ecret_manager_secret_version.html.markdown | 2 + ...anager_secret_version_access.html.markdown | 2 + 12 files changed, 338 insertions(+), 40 deletions(-) diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go index 29f7db23dcbb..70156caf6fc3 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version.go @@ -52,6 +52,11 @@ func DataSourceSecretManagerSecretVersion() *schema.Resource { Computed: true, Sensitive: true, }, + "is_secret_data_base64": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, } } @@ -147,11 +152,17 @@ func dataSourceSecretManagerSecretVersionRead(d *schema.ResourceData, meta inter } data := resp["payload"].(map[string]interface{}) - secretData, err := base64.StdEncoding.DecodeString(data["data"].(string)) - if err != nil { - return fmt.Errorf("Error decoding secret manager secret version data: %s", err.Error()) + var secretData string + if d.Get("is_secret_data_base64").(bool) { + secretData = data["data"].(string) + } else { + payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string)) + if err != nil { + return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error()) + } + secretData = string(payloadData) } - if err := d.Set("secret_data", string(secretData)); err != nil { + if err := d.Set("secret_data", secretData); err != nil { return fmt.Errorf("Error setting secret_data: %s", err) } diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go index 0d51e8060cda..f60707b5ce89 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access.go @@ -40,6 +40,11 @@ func DataSourceSecretManagerSecretVersionAccess() *schema.Resource { Computed: true, Sensitive: true, }, + "is_secret_data_base64": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, } } @@ -112,11 +117,17 @@ func dataSourceSecretManagerSecretVersionAccessRead(d *schema.ResourceData, meta } data := resp["payload"].(map[string]interface{}) - secretData, err := base64.StdEncoding.DecodeString(data["data"].(string)) - if err != nil { - return fmt.Errorf("Error decoding secret manager secret version data: %s", err.Error()) + var secretData string + if d.Get("is_secret_data_base64").(bool) { + secretData = data["data"].(string) + } else { + payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string)) + if err != nil { + return fmt.Errorf("error decoding secret manager secret version data: %s", err.Error()) + } + secretData = string(payloadData) } - if err := d.Set("secret_data", string(secretData)); err != nil { + if err := d.Set("secret_data", secretData); err != nil { return fmt.Errorf("Error setting secret_data: %s", err) } diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access_test.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access_test.go index 23497bcc2046..15c3cee73c0f 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access_test.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_access_test.go @@ -1,14 +1,12 @@ package secretmanager_test import ( - "errors" "fmt" "testing" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" - "github.com/hashicorp/terraform-plugin-testing/terraform" ) func TestAccDatasourceSecretManagerSecretVersionAccess_basic(t *testing.T) { @@ -24,7 +22,8 @@ func TestAccDatasourceSecretManagerSecretVersionAccess_basic(t *testing.T) { { Config: testAccDatasourceSecretManagerSecretVersionAccess_basic(randomString), Check: resource.ComposeTestCheckFunc( - testAccCheckDatasourceSecretManagerSecretVersionAccess("data.google_secret_manager_secret_version_access.basic", "1"), + testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.basic", "1"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.basic", "google_secret_manager_secret_version.secret-version-basic"), ), }, }, @@ -44,34 +43,34 @@ func TestAccDatasourceSecretManagerSecretVersionAccess_latest(t *testing.T) { { Config: testAccDatasourceSecretManagerSecretVersionAccess_latest(randomString), Check: resource.ComposeTestCheckFunc( - testAccCheckDatasourceSecretManagerSecretVersionAccess("data.google_secret_manager_secret_version_access.latest", "2"), + testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.latest", "2"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.latest", "google_secret_manager_secret_version.secret-version-basic-2"), ), }, }, }) } -func testAccCheckDatasourceSecretManagerSecretVersionAccess(n, expected string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - if !ok { - return fmt.Errorf("Can't find Secret Version data source: %s", n) - } - - if rs.Primary.ID == "" { - return errors.New("data source ID not set.") - } +func TestAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(t *testing.T) { + t.Parallel() - version, ok := rs.Primary.Attributes["version"] - if !ok { - return errors.New("can't find 'version' attribute") - } + randomString := acctest.RandString(t, 10) + data := "./test-fixtures/binary-file.pfx" - if version != expected { - return fmt.Errorf("expected %s, got %s, version not found", expected, version) - } - return nil - } + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(randomString, data), + Check: resource.ComposeTestCheckFunc( + testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version_access.basic-base64", "1"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version_access.basic-base64", "google_secret_manager_secret_version.secret-version-basic-base64"), + ), + }, + }, + }) } func testAccDatasourceSecretManagerSecretVersionAccess_latest(randomString string) string { @@ -127,3 +126,28 @@ data "google_secret_manager_secret_version_access" "basic" { } `, randomString, randomString) } + +func testAccDatasourceSecretManagerSecretVersionAccess_withBase64SecretData(randomString, data string) string { + return fmt.Sprintf(` +resource "google_secret_manager_secret" "secret-basic-base64" { + secret_id = "tf-test-secret-version-%s" + labels = { + label = "my-label" + } + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "secret-version-basic-base64" { + secret = google_secret_manager_secret.secret-basic-base64.name + is_secret_data_base64 = true + secret_data = filebase64("%s") +} + +data "google_secret_manager_secret_version_access" "basic-base64" { + secret = google_secret_manager_secret_version.secret-version-basic-base64.secret + is_secret_data_base64 = true +} +`, randomString, data) +} diff --git a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_test.go b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_test.go index 33c7753b56d8..68890cf857d2 100644 --- a/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_test.go +++ b/mmv1/third_party/terraform/services/secretmanager/data_source_secret_manager_secret_version_test.go @@ -25,6 +25,7 @@ func TestAccDatasourceSecretManagerSecretVersion_basic(t *testing.T) { Config: testAccDatasourceSecretManagerSecretVersion_basic(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.basic", "1"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.basic", "google_secret_manager_secret_version.secret-version-basic"), ), }, }, @@ -45,6 +46,29 @@ func TestAccDatasourceSecretManagerSecretVersion_latest(t *testing.T) { Config: testAccDatasourceSecretManagerSecretVersion_latest(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.latest", "2"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.latest", "google_secret_manager_secret_version.secret-version-basic-2"), + ), + }, + }, + }) +} + +func TestAccDatasourceSecretManagerSecretVersion_withBase64SecretData(t *testing.T) { + t.Parallel() + + randomString := acctest.RandString(t, 10) + data := "./test-fixtures/binary-file.pfx" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDatasourceSecretManagerSecretVersion_withBase64SecretData(randomString, data), + Check: resource.ComposeTestCheckFunc( + testAccCheckDatasourceSecretManagerSecretVersion("data.google_secret_manager_secret_version.basic-base64", "1"), + testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_secret_version.basic-base64", "google_secret_manager_secret_version.secret-version-basic-base64"), ), }, }, @@ -74,6 +98,43 @@ func testAccCheckDatasourceSecretManagerSecretVersion(n, expected string) resour } } +func testAccCheckSecretManagerSecretVersionSecretDataDatasourceMatchesResource(datasource, resource string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resource] + if !ok { + return fmt.Errorf("can't find Secret Version resource: %s", resource) + } + + ds, ok := s.RootModule().Resources[datasource] + if !ok { + return fmt.Errorf("can't find Secret Version data source: %s", datasource) + } + + if rs.Primary.ID == "" { + return errors.New("resource ID not set.") + } + + if ds.Primary.ID == "" { + return errors.New("data source ID not set.") + } + + resourceSecretData, ok := rs.Primary.Attributes["secret_data"] + if !ok { + return errors.New("can't find 'secret_data' attribute in Secret Version resource") + } + + datasourceSecretData, ok := ds.Primary.Attributes["secret_data"] + if !ok { + return errors.New("can't find 'secret_data' attribute in Secret Version data source") + } + + if resourceSecretData != datasourceSecretData { + return fmt.Errorf("expected %s, got %s, secret_data doesn't match", resourceSecretData, datasourceSecretData) + } + return nil + } +} + func testAccDatasourceSecretManagerSecretVersion_latest(randomString string) string { return fmt.Sprintf(` resource "google_secret_manager_secret" "secret-basic" { @@ -127,3 +188,28 @@ data "google_secret_manager_secret_version" "basic" { } `, randomString, randomString) } + +func testAccDatasourceSecretManagerSecretVersion_withBase64SecretData(randomString, data string) string { + return fmt.Sprintf(` +resource "google_secret_manager_secret" "secret-basic-base64" { + secret_id = "tf-test-secret-version-%s" + labels = { + label = "my-label" + } + replication { + auto {} + } +} + +resource "google_secret_manager_secret_version" "secret-version-basic-base64" { + secret = google_secret_manager_secret.secret-basic-base64.name + is_secret_data_base64 = true + secret_data = filebase64("%s") +} + +data "google_secret_manager_secret_version" "basic-base64" { + secret = google_secret_manager_secret_version.secret-version-basic-base64.secret + is_secret_data_base64 = true +} +`, randomString, data) +} diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go index b4afe3e1558d..0f7889b54736 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version.go @@ -69,6 +69,11 @@ func DataSourceSecretManagerRegionalRegionalSecretVersion() *schema.Resource { }, }, }, + "is_secret_data_base64": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, } } @@ -193,12 +198,17 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionRead(d *schema.Resource } data := resp["payload"].(map[string]interface{}) - secretData, err := base64.StdEncoding.DecodeString(data["data"].(string)) - if err != nil { - return fmt.Errorf("Error decoding secret manager regional secret version data: %s", err.Error()) + var secretData string + if d.Get("is_secret_data_base64").(bool) { + secretData = data["data"].(string) + } else { + payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string)) + if err != nil { + return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error()) + } + secretData = string(payloadData) } - - if err := d.Set("secret_data", string(secretData)); err != nil { + if err := d.Set("secret_data", secretData); err != nil { return fmt.Errorf("Error setting secret_data: %s", err) } diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go index e4de924c3d90..734173a3b145 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access.go @@ -45,6 +45,11 @@ func DataSourceSecretManagerRegionalRegionalSecretVersionAccess() *schema.Resour Computed: true, Sensitive: true, }, + "is_secret_data_base64": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, }, } } @@ -148,11 +153,17 @@ func dataSourceSecretManagerRegionalRegionalSecretVersionAccessRead(d *schema.Re } data := resp["payload"].(map[string]interface{}) - secretData, err := base64.StdEncoding.DecodeString(data["data"].(string)) - if err != nil { - return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error()) + var secretData string + if d.Get("is_secret_data_base64").(bool) { + secretData = data["data"].(string) + } else { + payloadData, err := base64.StdEncoding.DecodeString(data["data"].(string)) + if err != nil { + return fmt.Errorf("error decoding secret manager regional secret version data: %s", err.Error()) + } + secretData = string(payloadData) } - if err := d.Set("secret_data", string(secretData)); err != nil { + if err := d.Set("secret_data", secretData); err != nil { return fmt.Errorf("error setting secret_data: %s", err) } diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access_test.go index dfd6ab7896bc..b9ba52d542de 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access_test.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_access_test.go @@ -23,6 +23,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_basicWith Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_basicWithResourceReference(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version_access.basic-1", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version_access.basic-1", "google_secret_manager_regional_secret_version.secret-version-basic"), ), }, }, @@ -43,6 +44,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_basicWith Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_basicWithSecretName(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version_access.basic-2", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version_access.basic-2", "google_secret_manager_regional_secret_version.secret-version-basic"), ), }, }, @@ -63,6 +65,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_latest(t Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_latest(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version_access.latest-1", "2"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version_access.latest-1", "google_secret_manager_regional_secret_version.secret-version-basic-2"), ), }, }, @@ -83,6 +86,29 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_versionFi Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_versionField(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version_access.version-access", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version_access.version-access", "google_secret_manager_regional_secret_version.secret-version-basic-1"), + ), + }, + }, + }) +} + +func TestAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_withBase64SecretData(t *testing.T) { + t.Parallel() + + randomString := acctest.RandString(t, 10) + data := "./test-fixtures/binary-file.pfx" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_withBase64SecretData(randomString, data), + Check: resource.ComposeTestCheckFunc( + testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version_access.basic-base64", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version_access.basic-base64", "google_secret_manager_regional_secret_version.secret-version-basic-base64"), ), }, }, @@ -176,3 +202,26 @@ data "google_secret_manager_regional_secret_version_access" "version-access" { } `, randomString) } + +func testAccDataSourceSecretManagerRegionalRegionalSecretVersionAccess_withBase64SecretData(randomString, data string) string { + return fmt.Sprintf(` +resource "google_secret_manager_regional_secret" "secret-basic-base64" { + secret_id = "tf-test-secret-version-%s" + location = "us-central1" + labels = { + label = "my-label" + } +} + +resource "google_secret_manager_regional_secret_version" "secret-version-basic-base64" { + secret = google_secret_manager_regional_secret.secret-basic-base64.name + is_secret_data_base64 = true + secret_data = filebase64("%s") +} + +data "google_secret_manager_regional_secret_version_access" "basic-base64" { + secret = google_secret_manager_regional_secret_version.secret-version-basic-base64.secret + is_secret_data_base64 = true +} +`, randomString, data) +} diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_test.go index 7aa4930e750f..9c03b695ab5a 100644 --- a/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_test.go +++ b/mmv1/third_party/terraform/services/secretmanagerregional/data_source_secret_manager_regional_secret_version_test.go @@ -25,6 +25,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersion_basicWithResour Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersion_basicWithResourceReference(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version.basic-1", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version.basic-1", "google_secret_manager_regional_secret_version.secret-version-basic"), ), }, }, @@ -45,6 +46,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersion_basicWithSecret Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersion_basicWithSecretName(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version.basic-2", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version.basic-2", "google_secret_manager_regional_secret_version.secret-version-basic"), ), }, }, @@ -65,6 +67,7 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersion_latest(t *testi Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersion_latest(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version.latest", "2"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version.latest", "google_secret_manager_regional_secret_version.secret-version-basic-2"), ), }, }, @@ -85,6 +88,29 @@ func TestAccDataSourceSecretManagerRegionalRegionalSecretVersion_versionField(t Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersion_versionField(randomString), Check: resource.ComposeTestCheckFunc( testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version.version", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version.version", "google_secret_manager_regional_secret_version.secret-version-basic-1"), + ), + }, + }, + }) +} + +func TestAccDataSourceSecretManagerRegionalRegionalSecretVersion_withBase64SecretData(t *testing.T) { + t.Parallel() + + randomString := acctest.RandString(t, 10) + data := "./test-fixtures/binary-file.pfx" + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretVersionDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSecretManagerRegionalRegionalSecretVersion_withBase64SecretData(randomString, data), + Check: resource.ComposeTestCheckFunc( + testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion("data.google_secret_manager_regional_secret_version.basic-base64", "1"), + testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource("data.google_secret_manager_regional_secret_version.basic-base64", "google_secret_manager_regional_secret_version.secret-version-basic-base64"), ), }, }, @@ -179,6 +205,29 @@ data "google_secret_manager_regional_secret_version" "version" { `, randomString) } +func testAccDataSourceSecretManagerRegionalRegionalSecretVersion_withBase64SecretData(randomString, data string) string { + return fmt.Sprintf(` +resource "google_secret_manager_regional_secret" "secret-basic-base64" { + secret_id = "tf-test-secret-version-%s" + location = "us-central1" + labels = { + label = "my-label" + } +} + +resource "google_secret_manager_regional_secret_version" "secret-version-basic-base64" { + secret = google_secret_manager_regional_secret.secret-basic-base64.name + is_secret_data_base64 = true + secret_data = filebase64("%s") +} + +data "google_secret_manager_regional_secret_version" "basic-base64" { + secret = google_secret_manager_regional_secret_version.secret-version-basic-base64.secret + is_secret_data_base64 = true +} +`, randomString, data) +} + func testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion(n, expected string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -201,3 +250,40 @@ func testAccCheckDataSourceSecretManagerRegionalRegionalSecretVersion(n, expecte return nil } } + +func testAccCheckSecretManagerRegionalRegionalSecretVersionSecretDataDatasourceMatchesResource(datasource, resource string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resource] + if !ok { + return fmt.Errorf("can't find Regional Secret Version resource: %s", resource) + } + + ds, ok := s.RootModule().Resources[datasource] + if !ok { + return fmt.Errorf("can't find Regional Secret Version data source: %s", datasource) + } + + if rs.Primary.ID == "" { + return errors.New("resource ID not set.") + } + + if ds.Primary.ID == "" { + return errors.New("data source ID not set.") + } + + resourceSecretData, ok := rs.Primary.Attributes["secret_data"] + if !ok { + return errors.New("can't find 'secret_data' attribute in Regional Secret Version resource") + } + + datasourceSecretData, ok := ds.Primary.Attributes["secret_data"] + if !ok { + return errors.New("can't find 'secret_data' attribute in Regional Secret Version data source") + } + + if resourceSecretData != datasourceSecretData { + return fmt.Errorf("expected %s, got %s, secret_data doesn't match", resourceSecretData, datasourceSecretData) + } + return nil + } +} diff --git a/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version.html.markdown b/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version.html.markdown index b93dba8039ae..daf52bad6f9a 100644 --- a/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version.html.markdown @@ -33,6 +33,9 @@ The following arguments are supported: * `version` - (Optional) The version of the regional secret to get. If it is not provided, the latest version is retrieved. +* `is_secret_data_base64` - (Optional) If set to 'true', the secret data is + expected to be base64-encoded string. + ## Attributes Reference The following attributes are exported: diff --git a/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version_access.html.markdown b/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version_access.html.markdown index bfb607fc7dfd..fb60cf2762f1 100644 --- a/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version_access.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/secret_manager_regional_secret_version_access.html.markdown @@ -34,6 +34,9 @@ The following arguments are supported: - `version` - (Optional) The version of the regional secret to get. If it is not provided, the latest version is retrieved. +- `is_secret_data_base64` - (Optional) If set to 'true', the secret data is + expected to be base64-encoded string. + ## Attributes Reference The following attributes are exported: diff --git a/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version.html.markdown b/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version.html.markdown index 35c1bd4499d6..a12499283f5d 100644 --- a/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version.html.markdown @@ -28,6 +28,8 @@ The following arguments are supported: * `version` - (Optional) The version of the secret to get. If it is not provided, the latest version is retrieved. +* `is_secret_data_base64` - (Optional) If set to 'true', the secret data is + expected to be base64-encoded string. ## Attributes Reference diff --git a/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version_access.html.markdown b/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version_access.html.markdown index 44d6088e8b51..cd8546b95a2e 100644 --- a/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version_access.html.markdown +++ b/mmv1/third_party/terraform/website/docs/d/secret_manager_secret_version_access.html.markdown @@ -29,6 +29,8 @@ The following arguments are supported: * `version` - (Optional) The version of the secret to get. If it is not provided, the latest version is retrieved. +* `is_secret_data_base64` - (Optional) If set to 'true', the secret data is + expected to be base64-encoded string. ## Attributes Reference