Fixes the opaque secret update api

Fixes the lint errors Updated the documentation Signed-off-by: AkbaraliShaikh <aashaikh55@gmail.com>
vmware · Mar 19, 2024 · d731693 · d731693
1 parent 69b6883
commit d731693
Show file tree

Hide file tree

Showing 7 changed files with 155 additions and 43 deletions.
diff --git a/docs/data-sources/kubernetes_secret.md b/docs/data-sources/kubernetes_secret.md
@@ -116,6 +116,7 @@ Read-Only:
 Read-Only:
 
 - `docker_config_json` (List of Object) (see [below for nested schema](#nestedobjatt--spec--docker_config_json))
+- `opaque` (Map of String)
 
 <a id="nestedobjatt--spec--docker_config_json"></a>
 ### Nested Schema for `spec.docker_config_json`
@@ -217,6 +218,7 @@ Read-Only:
 Read-Only:
 
 - `docker_config_json` (List of Object) (see [below for nested schema](#nestedobjatt--spec--docker_config_json))
+- `opaque` (Map of String)
 
 <a id="nestedobjatt--spec--docker_config_json"></a>
 ### Nested Schema for `spec.docker_config_json`

diff --git a/docs/resources/kubernetes_secret.md b/docs/resources/kubernetes_secret.md
@@ -36,7 +36,8 @@ Only one scope per resource is allowed.
 
 ```terraform
 # Create Tanzu Mission Control kubernetes secret with attached set as default value.
-resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
+# Example for creating the dockerconfigjson secret
+resource "tanzu-mission-control_kubernetes_secret" "create_dockerconfigjson_secret" {
   name           = "tf-secret"                # Required
   namespace_name = "tf-secret-namespace-name" # Required 
 
@@ -63,6 +64,34 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
     }
   }
 }
+
+# Example for creating the opaque secret
+resource "tanzu-mission-control_kubernetes_secret" "create_opaque_secret" {
+  name           = "tf-secret"                # Required
+  namespace_name = "tf-secret-namespace-name" # Required 
+
+  scope {
+    cluster {
+      name                    = "testcluster" # Required
+      provisioner_name        = "attached"    # Default: attached
+      management_cluster_name = "attached"    # Default: attached
+    }
+  }
+
+  export = false # Default: false
+
+  meta {
+    description = "Create namespace through terraform"
+    labels      = { "key" : "value" }
+  }
+
+  spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -119,9 +148,10 @@ Required:
 <a id="nestedblock--spec"></a>
 ### Nested Schema for `spec`
 
-Required:
+Optional:
 
-- `docker_config_json` (Block List, Min: 1) SecretType definition - SECRET_TYPE_DOCKERCONFIGJSON, Kubernetes secrets type. (see [below for nested schema](#nestedblock--spec--docker_config_json))
+- `docker_config_json` (Block List) SecretType definition - SECRET_TYPE_DOCKERCONFIGJSON, Kubernetes secrets type. (see [below for nested schema](#nestedblock--spec--docker_config_json))
+- `opaque` (Map of String, Sensitive) SecretType definition - SECRET_TYPE_OPAQUE, Kubernetes secrets type.
 
 <a id="nestedblock--spec--docker_config_json"></a>
 ### Nested Schema for `spec.docker_config_json`
@@ -155,7 +185,8 @@ Read-Only:
 
 ```terraform
 # Create Tanzu Mission Control kubernetes secret with attached set as default value.
-resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
+# Example for creating the dockerconfigjson secret
+resource "tanzu-mission-control_kubernetes_secret" "create_dockerconfigjson_secret" {
   name           = "tf-secret"                # Required
   namespace_name = "tf-secret-namespace-name" # Required 
 
@@ -180,6 +211,32 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
     }
   }
 }
+
+# Example for creating the opaque secret
+resource "tanzu-mission-control_kubernetes_secret" "create_opaque_secret" {
+  name           = "tf-secret"                # Required
+  namespace_name = "tf-secret-namespace-name" # Required 
+
+  scope {
+    cluster_group {
+      name = "default" # Required
+    }
+  }
+
+  export = false # Default: false
+
+  meta {
+    description = "Create namespace through terraform"
+    labels      = { "key" : "value" }
+  }
+
+  spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -236,9 +293,10 @@ Required:
 <a id="nestedblock--spec"></a>
 ### Nested Schema for `spec`
 
-Required:
+Optional:
 
-- `docker_config_json` (Block List, Min: 1) SecretType definition - SECRET_TYPE_DOCKERCONFIGJSON, Kubernetes secrets type. (see [below for nested schema](#nestedblock--spec--docker_config_json))
+- `docker_config_json` (Block List) SecretType definition - SECRET_TYPE_DOCKERCONFIGJSON, Kubernetes secrets type. (see [below for nested schema](#nestedblock--spec--docker_config_json))
+- `opaque` (Map of String, Sensitive) SecretType definition - SECRET_TYPE_OPAQUE, Kubernetes secrets type.
 
 <a id="nestedblock--spec--docker_config_json"></a>
 ### Nested Schema for `spec.docker_config_json`

diff --git a/examples/resources/kubernetes_secret/cg_resource.tf b/examples/resources/kubernetes_secret/cg_resource.tf
@@ -1,5 +1,6 @@
 # Create Tanzu Mission Control kubernetes secret with attached set as default value.
-resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
+# Example for creating the dockerconfigjson secret
+resource "tanzu-mission-control_kubernetes_secret" "create_dockerconfigjson_secret" {
   name           = "tf-secret"                # Required
   namespace_name = "tf-secret-namespace-name" # Required 
 
@@ -23,4 +24,30 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
+}
+
+# Example for creating the opaque secret
+resource "tanzu-mission-control_kubernetes_secret" "create_opaque_secret" {
+  name           = "tf-secret"                # Required
+  namespace_name = "tf-secret-namespace-name" # Required 
+
+  scope {
+    cluster_group {
+      name = "default" # Required
+    }
+  }
+
+  export = false # Default: false
+
+  meta {
+    description = "Create namespace through terraform"
+    labels      = { "key" : "value" }
+  }
+
+  spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+  }
+}
diff --git a/examples/resources/kubernetes_secret/resource.tf b/examples/resources/kubernetes_secret/resource.tf
@@ -1,5 +1,6 @@
 # Create Tanzu Mission Control kubernetes secret with attached set as default value.
-resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
+# Example for creating the dockerconfigjson secret
+resource "tanzu-mission-control_kubernetes_secret" "create_dockerconfigjson_secret" {
   name           = "tf-secret"                # Required
   namespace_name = "tf-secret-namespace-name" # Required 
 
@@ -25,4 +26,32 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
+}
+
+# Example for creating the opaque secret
+resource "tanzu-mission-control_kubernetes_secret" "create_opaque_secret" {
+  name           = "tf-secret"                # Required
+  namespace_name = "tf-secret-namespace-name" # Required 
+
+  scope {
+    cluster {
+      name                    = "testcluster" # Required
+      provisioner_name        = "attached"    # Default: attached
+      management_cluster_name = "attached"    # Default: attached
+    }
+  }
+
+  export = false # Default: false
+
+  meta {
+    description = "Create namespace through terraform"
+    labels      = { "key" : "value" }
+  }
+
+  spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+  }
+}
diff --git a/internal/models/kubernetessecret/cluster/secret_spec.go b/internal/models/kubernetessecret/cluster/secret_spec.go
@@ -63,6 +63,7 @@ const (
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON captures enum value "SECRET_TYPE_DOCKERCONFIGJSON".
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_DOCKERCONFIGJSON"
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE captures enum value "SECRET_TYPE_OPAQUE".
+	//nolint:gosec
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_OPAQUE"
 )
 

diff --git a/internal/resources/kubernetessecret/resource_secret.go b/internal/resources/kubernetessecret/resource_secret.go
@@ -280,7 +280,10 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 		return diag.Errorf("updating %v is not possible", spec.ImageRegistryURLKey)
 	}
 
-	if updateCheckForMeta(d, secretDataFromServer.meta) || updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope) {
+	updateRequiredForSepc := updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope)
+	updateRequiredForMeta := updateCheckForMeta(d, secretDataFromServer.meta)
+
+	if updateRequiredForSepc || updateRequiredForMeta {
 		switch scopedFullnameData.Scope {
 		case commonscope.ClusterScope:
 			if scopedFullnameData.FullnameCluster != nil {
@@ -331,14 +334,21 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 
 func updateCheckForSpec(d *schema.ResourceData, atomicSpec *clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretSpec, scope commonscope.Scope) bool {
 	if !(spec.HasSpecChanged(d)) {
-		username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
-		password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
-		url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON) {
+			username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
+			password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
+			url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+
+			secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
 
-		secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
+			atomicSpec.Data = map[string]strfmt.Base64{
+				spec.DockerconfigKey: secretSpecData,
+			}
+		}
 
-		atomicSpec.Data = map[string]strfmt.Base64{
-			spec.DockerconfigKey: secretSpecData,
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE) {
+			kv := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.OpaqueKey))
+			atomicSpec.Data = spec.GetEncodedOpaqueData(kv.(map[string]string))
 		}
 
 		return false

diff --git a/internal/resources/kubernetessecret/spec/cluster_scope.go b/internal/resources/kubernetessecret/spec/cluster_scope.go
@@ -67,9 +67,7 @@ func ConstructSpecForClusterScope(d *schema.ResourceData) (spec *secretmodel.Vmw
 		opaqueData := common.GetTypeStringMapData(v.(map[string]interface{}))
 		if len(opaqueData) != 0 {
 			spec.SecretType = secretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(secretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE)
-
-			encodedData := getEncodedOpaqueData(opaqueData)
-			spec.Data = encodedData
+			spec.Data = GetEncodedOpaqueData(opaqueData)
 		}
 	}
 
@@ -136,6 +134,16 @@ func GetEncodedSpecData(serverURL, username, password string) (strfmt.Base64, er
 	return secretspecdata, nil
 }
 
+func GetEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
+	encoded := make(map[string]strfmt.Base64)
+
+	for k, v := range data {
+		encoded[k] = strfmt.Base64(v)
+	}
+
+	return encoded
+}
+
 func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 	rawData, err := base64.StdEncoding.DecodeString(data.String())
 	if err != nil {
@@ -151,26 +159,3 @@ func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 
 	return dockerConfigJSON, nil
 }
-
-func getEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
-	encoded := make(map[string]strfmt.Base64)
-
-	for k, v := range data {
-		encoded[k] = strfmt.Base64(v)
-	}
-
-	return encoded
-}
-
-// func getDecodedOpaqueData(data map[string]strfmt.Base64) (map[string]string, error) {
-// 	decoded := make(map[string]string)
-// 	for k, v := range data {
-// 		decodedValue, err := base64.StdEncoding.DecodeString(v.String())
-// 		if err != nil {
-// 			return nil, err
-// 		}
-// 		decoded[k] = string(decodedValue)
-// 	}
-
-// 	return decoded, nil
-// }