Fixes the opaque secret update and lint

examples/resources/kubernetes_secret/cg_resource.tf

@@ -17,10 +17,15 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
   }
 
   spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+
     docker_config_json {
       username           = "testusername"         # Required
       password           = "testpassword"         # Required
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
+}

examples/resources/kubernetes_secret/resource.tf

@@ -19,10 +19,15 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
   }
 
   spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+
     docker_config_json {
       username           = "testusername"         # Required
       password           = "testpassword"         # Required
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
+}

internal/models/kubernetessecret/cluster/secret_spec.go

@@ -63,6 +63,7 @@ const (
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON captures enum value "SECRET_TYPE_DOCKERCONFIGJSON".
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_DOCKERCONFIGJSON"
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE captures enum value "SECRET_TYPE_OPAQUE".
+	//nolint:gosec
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_OPAQUE"
 )
 

internal/resources/kubernetessecret/resource_secret.go

@@ -280,7 +280,10 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 		return diag.Errorf("updating %v is not possible", spec.ImageRegistryURLKey)
 	}
 
-	if updateCheckForMeta(d, secretDataFromServer.meta) || updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope) {
+	updateRequiredForSepc := updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope)
+	updateRequiredForMeta := updateCheckForMeta(d, secretDataFromServer.meta)
+
+	if updateRequiredForSepc || updateRequiredForMeta {
 		switch scopedFullnameData.Scope {
 		case commonscope.ClusterScope:
 			if scopedFullnameData.FullnameCluster != nil {
@@ -331,14 +334,21 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 
 func updateCheckForSpec(d *schema.ResourceData, atomicSpec *clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretSpec, scope commonscope.Scope) bool {
 	if !(spec.HasSpecChanged(d)) {
-		username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
-		password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
-		url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON) {
+			username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
+			password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
+			url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+
+			secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
 
-		secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
+			atomicSpec.Data = map[string]strfmt.Base64{
+				spec.DockerconfigKey: secretSpecData,
+			}
+		}
 
-		atomicSpec.Data = map[string]strfmt.Base64{
-			spec.DockerconfigKey: secretSpecData,
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE) {
+			kv := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.OpaqueKey))
+			atomicSpec.Data = spec.GetEncodedOpaqueData(kv.(map[string]string))
 		}
 
 		return false

internal/resources/kubernetessecret/spec/cluster_scope.go

@@ -67,9 +67,7 @@ func ConstructSpecForClusterScope(d *schema.ResourceData) (spec *secretmodel.Vmw
 		opaqueData := common.GetTypeStringMapData(v.(map[string]interface{}))
 		if len(opaqueData) != 0 {
 			spec.SecretType = secretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(secretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE)
-
-			encodedData := getEncodedOpaqueData(opaqueData)
-			spec.Data = encodedData
+			spec.Data = GetEncodedOpaqueData(opaqueData)
 		}
 	}
 
@@ -136,6 +134,16 @@ func GetEncodedSpecData(serverURL, username, password string) (strfmt.Base64, er
 	return secretspecdata, nil
 }
 
+func GetEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
+	encoded := make(map[string]strfmt.Base64)
+
+	for k, v := range data {
+		encoded[k] = strfmt.Base64(v)
+	}
+
+	return encoded
+}
+
 func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 	rawData, err := base64.StdEncoding.DecodeString(data.String())
 	if err != nil {
@@ -151,26 +159,3 @@ func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 
 	return dockerConfigJSON, nil
 }
-
-func getEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
-	encoded := make(map[string]strfmt.Base64)
-
-	for k, v := range data {
-		encoded[k] = strfmt.Base64(v)
-	}
-
-	return encoded
-}
-
-// func getDecodedOpaqueData(data map[string]strfmt.Base64) (map[string]string, error) {
-// 	decoded := make(map[string]string)
-// 	for k, v := range data {
-// 		decodedValue, err := base64.StdEncoding.DecodeString(v.String())
-// 		if err != nil {
-// 			return nil, err
-// 		}
-// 		decoded[k] = string(decodedValue)
-// 	}
-
-// 	return decoded, nil
-// }