From e19a536581db7613c5828f7c97dea7e53110e811 Mon Sep 17 00:00:00 2001
From: Akabarali Shaikh <sakabarali@vmware.com>
Date: Tue, 19 Mar 2024 14:44:50 +0530
Subject: [PATCH] Fixes the opaque secret update and lint

---
 .../kubernetes_secret/cg_resource.tf          |  7 +++-
 .../resources/kubernetes_secret/resource.tf   |  7 +++-
 .../kubernetessecret/cluster/secret_spec.go   |  1 +
 .../kubernetessecret/resource_secret.go       | 24 ++++++++----
 .../kubernetessecret/spec/cluster_scope.go    | 37 ++++++-------------
 5 files changed, 41 insertions(+), 35 deletions(-)

diff --git a/examples/resources/kubernetes_secret/cg_resource.tf b/examples/resources/kubernetes_secret/cg_resource.tf
index a94fa2dd5..5700e681d 100644
--- a/examples/resources/kubernetes_secret/cg_resource.tf
+++ b/examples/resources/kubernetes_secret/cg_resource.tf
@@ -17,10 +17,15 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
   }
 
   spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+
     docker_config_json {
       username           = "testusername"         # Required
       password           = "testpassword"         # Required
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
\ No newline at end of file
+}
diff --git a/examples/resources/kubernetes_secret/resource.tf b/examples/resources/kubernetes_secret/resource.tf
index a82ff0c8e..e2cabfc39 100644
--- a/examples/resources/kubernetes_secret/resource.tf
+++ b/examples/resources/kubernetes_secret/resource.tf
@@ -19,10 +19,15 @@ resource "tanzu-mission-control_kubernetes_secret" "create_secret" {
   }
 
   spec {
+    opaque = {
+      "key1" : "value1"
+      "key2" : "value2"
+    }
+
     docker_config_json {
       username           = "testusername"         # Required
       password           = "testpassword"         # Required
       image_registry_url = "testimageregistryurl" # Required
     }
   }
-}
\ No newline at end of file
+}
diff --git a/internal/models/kubernetessecret/cluster/secret_spec.go b/internal/models/kubernetessecret/cluster/secret_spec.go
index 9c0104eaf..fa67a366b 100644
--- a/internal/models/kubernetessecret/cluster/secret_spec.go
+++ b/internal/models/kubernetessecret/cluster/secret_spec.go
@@ -63,6 +63,7 @@ const (
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON captures enum value "SECRET_TYPE_DOCKERCONFIGJSON".
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_DOCKERCONFIGJSON"
 	// VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE captures enum value "SECRET_TYPE_OPAQUE".
+	//nolint:gosec
 	VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE VmwareTanzuManageV1alpha1ClusterNamespaceSecretType = "SECRET_TYPE_OPAQUE"
 )
 
diff --git a/internal/resources/kubernetessecret/resource_secret.go b/internal/resources/kubernetessecret/resource_secret.go
index 6d99516eb..e70d72009 100644
--- a/internal/resources/kubernetessecret/resource_secret.go
+++ b/internal/resources/kubernetessecret/resource_secret.go
@@ -280,7 +280,10 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 		return diag.Errorf("updating %v is not possible", spec.ImageRegistryURLKey)
 	}
 
-	if updateCheckForMeta(d, secretDataFromServer.meta) || updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope) {
+	updateRequiredForSepc := updateCheckForSpec(d, secretDataFromServer.atomicSpec, scopedFullnameData.Scope)
+	updateRequiredForMeta := updateCheckForMeta(d, secretDataFromServer.meta)
+
+	if updateRequiredForSepc || updateRequiredForMeta {
 		switch scopedFullnameData.Scope {
 		case commonscope.ClusterScope:
 			if scopedFullnameData.FullnameCluster != nil {
@@ -331,14 +334,21 @@ func resourceSecretInPlaceUpdate(ctx context.Context, d *schema.ResourceData, m
 
 func updateCheckForSpec(d *schema.ResourceData, atomicSpec *clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretSpec, scope commonscope.Scope) bool {
 	if !(spec.HasSpecChanged(d)) {
-		username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
-		password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
-		url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEDOCKERCONFIGJSON) {
+			username := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.UsernameKey))
+			password := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.PasswordKey))
+			url := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.DockerConfigjsonKey, spec.ImageRegistryURLKey))
+
+			secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
 
-		secretSpecData, _ := spec.GetEncodedSpecData(url.(string), username.(string), password.(string))
+			atomicSpec.Data = map[string]strfmt.Base64{
+				spec.DockerconfigKey: secretSpecData,
+			}
+		}
 
-		atomicSpec.Data = map[string]strfmt.Base64{
-			spec.DockerconfigKey: secretSpecData,
+		if atomicSpec.SecretType == clustersecretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(clustersecretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE) {
+			kv := d.Get(helper.GetFirstElementOf(spec.SpecKey, spec.OpaqueKey))
+			atomicSpec.Data = spec.GetEncodedOpaqueData(kv.(map[string]string))
 		}
 
 		return false
diff --git a/internal/resources/kubernetessecret/spec/cluster_scope.go b/internal/resources/kubernetessecret/spec/cluster_scope.go
index f345bddf6..6a407ff6d 100644
--- a/internal/resources/kubernetessecret/spec/cluster_scope.go
+++ b/internal/resources/kubernetessecret/spec/cluster_scope.go
@@ -67,9 +67,7 @@ func ConstructSpecForClusterScope(d *schema.ResourceData) (spec *secretmodel.Vmw
 		opaqueData := common.GetTypeStringMapData(v.(map[string]interface{}))
 		if len(opaqueData) != 0 {
 			spec.SecretType = secretmodel.NewVmwareTanzuManageV1alpha1ClusterNamespaceSecretType(secretmodel.VmwareTanzuManageV1alpha1ClusterNamespaceSecretTypeSECRETTYPEOPAQUE)
-
-			encodedData := getEncodedOpaqueData(opaqueData)
-			spec.Data = encodedData
+			spec.Data = GetEncodedOpaqueData(opaqueData)
 		}
 	}
 
@@ -136,6 +134,16 @@ func GetEncodedSpecData(serverURL, username, password string) (strfmt.Base64, er
 	return secretspecdata, nil
 }
 
+func GetEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
+	encoded := make(map[string]strfmt.Base64)
+
+	for k, v := range data {
+		encoded[k] = strfmt.Base64(v)
+	}
+
+	return encoded
+}
+
 func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 	rawData, err := base64.StdEncoding.DecodeString(data.String())
 	if err != nil {
@@ -151,26 +159,3 @@ func getDecodedSpecData(data strfmt.Base64) (*dockerConfigJSON, error) {
 
 	return dockerConfigJSON, nil
 }
-
-func getEncodedOpaqueData(data map[string]string) map[string]strfmt.Base64 {
-	encoded := make(map[string]strfmt.Base64)
-
-	for k, v := range data {
-		encoded[k] = strfmt.Base64(v)
-	}
-
-	return encoded
-}
-
-// func getDecodedOpaqueData(data map[string]strfmt.Base64) (map[string]string, error) {
-// 	decoded := make(map[string]string)
-// 	for k, v := range data {
-// 		decodedValue, err := base64.StdEncoding.DecodeString(v.String())
-// 		if err != nil {
-// 			return nil, err
-// 		}
-// 		decoded[k] = string(decodedValue)
-// 	}
-
-// 	return decoded, nil
-// }