From bcf4531674de374dca2cc659d61236f10dd9600e Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Thu, 2 Sep 2021 18:47:12 +0000 Subject: [PATCH] Add Secret Manager Secret Data Source (#4815) Co-authored-by: upodroid Co-authored-by: Cameron Thornton Signed-off-by: Modular Magician --- .changelog/4815.txt | 3 + google/data_source_secret_manager_secret.go | 28 +++ .../data_source_secret_manager_secret_test.go | 56 ++++++ google/provider.go | 1 + .../d/secret_manager_secret.html.markdown | 32 ++++ .../d/sql_database_instance.html.markdown | 171 +----------------- website/google.erb | 4 + 7 files changed, 128 insertions(+), 167 deletions(-) create mode 100644 .changelog/4815.txt create mode 100644 google/data_source_secret_manager_secret.go create mode 100644 google/data_source_secret_manager_secret_test.go create mode 100644 website/docs/d/secret_manager_secret.html.markdown diff --git a/.changelog/4815.txt b/.changelog/4815.txt new file mode 100644 index 00000000000..de0a2e143fc --- /dev/null +++ b/.changelog/4815.txt @@ -0,0 +1,3 @@ +```release-note:new-datasource +`google_secret_manager_secret` +``` diff --git a/google/data_source_secret_manager_secret.go b/google/data_source_secret_manager_secret.go new file mode 100644 index 00000000000..7944d9a537d --- /dev/null +++ b/google/data_source_secret_manager_secret.go @@ -0,0 +1,28 @@ +package google + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func dataSourceSecretManagerSecret() *schema.Resource { + + dsSchema := datasourceSchemaFromResourceSchema(resourceSecretManagerSecret().Schema) + addRequiredFieldsToSchema(dsSchema, "secret_id") + addOptionalFieldsToSchema(dsSchema, "project") + + return &schema.Resource{ + Read: dataSourceSecretManagerSecretRead, + Schema: dsSchema, + } +} + +func dataSourceSecretManagerSecretRead(d *schema.ResourceData, meta interface{}) error { + id, err := replaceVars(d, meta.(*Config), "projects/{{project}}/secrets/{{secret_id}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + return resourceSecretManagerSecretRead(d, meta) +} diff --git a/google/data_source_secret_manager_secret_test.go b/google/data_source_secret_manager_secret_test.go new file mode 100644 index 00000000000..0be992df62e --- /dev/null +++ b/google/data_source_secret_manager_secret_test.go @@ -0,0 +1,56 @@ +package google + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccDataSourceSecretManagerSecret_basic(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckSecretManagerSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSecretManagerSecret_basic(context), + Check: resource.ComposeTestCheckFunc( + checkDataSourceStateMatchesResourceState("data.google_secret_manager_secret.foo", "google_secret_manager_secret.bar"), + ), + }, + }, + }) +} + +func testAccDataSourceSecretManagerSecret_basic(context map[string]interface{}) string { + return Nprintf(` +resource "google_secret_manager_secret" "bar" { + secret_id = "tf-test-secret-%{random_suffix}" + + labels = { + label = "my-label" + } + + replication { + user_managed { + replicas { + location = "us-central1" + } + replicas { + location = "us-east1" + } + } + } +} + +data "google_secret_manager_secret" "foo" { + secret_id = google_secret_manager_secret.bar.secret_id +} +`, context) +} diff --git a/google/provider.go b/google/provider.go index 3bf75ce7b07..9cf9dc9661d 100644 --- a/google/provider.go +++ b/google/provider.go @@ -780,6 +780,7 @@ func Provider() *schema.Provider { "google_project_organization_policy": dataSourceGoogleProjectOrganizationPolicy(), "google_pubsub_topic": dataSourceGooglePubsubTopic(), "google_runtimeconfig_config": dataSourceGoogleRuntimeconfigConfig(), + "google_secret_manager_secret": dataSourceSecretManagerSecret(), "google_secret_manager_secret_version": dataSourceSecretManagerSecretVersion(), "google_service_account": dataSourceGoogleServiceAccount(), "google_service_account_access_token": dataSourceGoogleServiceAccountAccessToken(), diff --git a/website/docs/d/secret_manager_secret.html.markdown b/website/docs/d/secret_manager_secret.html.markdown new file mode 100644 index 00000000000..da78c78c654 --- /dev/null +++ b/website/docs/d/secret_manager_secret.html.markdown @@ -0,0 +1,32 @@ +--- +subcategory: "Secret Manager" +layout: "google" +page_title: "Google: google_secret_manager_secret" +sidebar_current: "docs-google-datasource-secret-manager-secret" +description: |- + Get information about a Secret Manager Secret +--- + +# google\_secret\_manager\_secret + +Use this data source to get information about a Secret Manager Secret + +## Example Usage + + +```hcl +data "google_secret_manager_secret" "qa" { + secret_id = "foobar" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `secret_id` - (required) The name of the secret. + +* `project` - (optional) The ID of the project in which the resource belongs. + +## Attributes Reference +See [google_secret_manager_secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) resource for details of all the available attributes. diff --git a/website/docs/d/sql_database_instance.html.markdown b/website/docs/d/sql_database_instance.html.markdown index 2ebbd09531a..886a22f3c06 100644 --- a/website/docs/d/sql_database_instance.html.markdown +++ b/website/docs/d/sql_database_instance.html.markdown @@ -4,19 +4,19 @@ layout: "google" page_title: "Google: google_sql_database_instance" sidebar_current: "docs-google-datasource-sql-database-instance" description: |- - Get a SQL database instance in Google Cloud SQL. + Get a SQL database instance in Google Cloud SQL. --- # google\_sql\_database\_instance -Use this data source to get information about a Cloud SQL instance +Use this data source to get information about a Cloud SQL instance. ## Example Usage ```hcl data "google_sql_database_instance" "qa" { - name = "test-sql-instance" + name = "test-sql-instance" } ``` @@ -29,167 +29,4 @@ The following arguments are supported: * `project` - (optional) The ID of the project in which the resource belongs. ## Attributes Reference - -In addition to the arguments listed above, the following attributes are exported: - -* `settings` - The settings to use for the database. The - configuration is detailed below. - -* `database_version` - The MySQL, PostgreSQL or SQL Server (beta) version to use. - -* `master_instance_name` - The name of the existing instance that will act as - the master in the replication setup. - -* `replica_configuration` - The configuration for replication. The - configuration is detailed below. - -* `root_password` - Initial root password. Required for MS SQL Server, ignored by MySQL and PostgreSQL. - -* `encryption_key_name` - [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) - The full path to the encryption key used for the CMEK disk encryption. - -The `settings` block contains: - -* `tier` - The machine type to use. - -* `activation_policy` - This specifies when the instance should be - active. Can be either `ALWAYS` or `NEVER`. - -* `authorized_gae_applications` - (Deprecated) This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see [here](https://cloud.google.com/sql/docs/mysql/upgrade-2nd-gen) - for information on how to upgrade to Second Generation instances. - A list of Google App Engine (GAE) project names that are allowed to access this instance. - -* `availability_type` - The availability type of the Cloud SQL -instance, high availability (`REGIONAL`) or single zone (`ZONAL`). - -* `collation` - The name of server instance collation. - -* `crash_safe_replication` - (Deprecated) This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see [here](https://cloud.google.com/sql/docs/mysql/upgrade-2nd-gen) - -* `disk_autoresize` - Configuration to increase storage size automatically. - -* `disk_autoresize_limit` - The maximum size, in GB, to which storage capacity can be automatically increased. - -* `disk_size` - The size of data disk, in GB. - -* `disk_type` - The type of data disk. - -* `pricing_plan` - Pricing plan for this instance. - -* `replication_type` - This property is only applicable to First Generation instances. - First Generation instances are now deprecated, see [here](https://cloud.google.com/sql/docs/mysql/upgrade-2nd-gen) - -* `user_labels` - A set of key/value user label pairs to assign to the instance. - -The `settings.database_flags` sublist contains: - -* `name` - Name of the flag. - -* `value` - Value of the flag. - -The `settings.backup_configuration` subblock contains: - -* `binary_log_enabled` - True if binary logging is enabled. - -* `enabled` - True if backup configuration is enabled. - -* `start_time` - `HH:MM` format time indicating when backup configuration starts. - -The `settings.ip_configuration` subblock contains: - -* `ipv4_enabled` - Whether this Cloud SQL instance should be assigned a public IPV4 address. - -* `private_network` - The VPC network from which the Cloud SQL instance is accessible for private IP. - -* `require_ssl` - True if mysqld default to `REQUIRE X509` for users connecting over IP. - -The `settings.ip_configuration.authorized_networks[]` sublist contains: - -* `expiration_time` - The [RFC 3339](https://tools.ietf.org/html/rfc3339) - formatted date time string indicating when this whitelist expires. - -* `name` - A name for this whitelist entry. - -* `value` - A CIDR notation IPv4 or IPv6 address that is allowed to access this instance. - -The `settings.location_preference` subblock contains: - -* `follow_gae_application` - A GAE application whose zone to remain in. - -* `zone` - The preferred compute engine. - -The `settings.maintenance_window` subblock for instances declares a one-hour -[maintenance window](https://cloud.google.com/sql/docs/instance-settings?hl=en#maintenance-window-2ndgen) -when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time. It contains: - -* `day` - Day of week (`1-7`), starting on Monday. - -* `hour` - Hour of day (`0-23`), ignored if `day` not set. - -* `update_track` - Receive updates earlier (`canary`) or later (`stable`). - -The `settings.insights_config` subblock for instances declares [Query Insights](https://cloud.google.com/sql/docs/postgres/insights-overview) configuration. It contains: - -* `query_insights_enabled` - True if Query Insights feature is enabled. - -* `query_string_length` - Maximum query length stored in bytes. Between 256 and 4500. Default to 1024. - -* `record_application_tags` - True if Query Insights will record application tags from query when enabled. - -* `record_client_address` - True if Query Insights will record client address when enabled. - -The `replica_configuration` block contains: - -* `ca_certificate` - PEM representation of the trusted CA's x509 certificate. - -* `client_certificate` - PEM representation of the replica's x509 certificate. - -* `client_key` - PEM representation of the replica's private key. - -* `connect_retry_interval` - The number of seconds between connect retries. - -* `dump_file_path` - Path to a SQL file in GCS from which replica instances are created. - -* `failover_target` - Specifies if the replica is the failover target. - -* `master_heartbeat_period` - Time in ms between replication heartbeats. - -* `password` - Password for the replication connection. - -* `sslCipher` - Permissible ciphers for use in SSL encryption. - -* `username` - Username for replication connection. - -* `verify_server_certificate` - True if the master's common name value is checked during the SSL handshake. - -* `self_link` - The URI of the created resource. - -* `connection_name` - The connection name of the instance to be used in connection strings. - -* `service_account_email_address` - The service account email address assigned to the instance. - -* `ip_address.0.ip_address` - The IPv4 address assigned. - -* `ip_address.0.time_to_retire` - The time this IP address will be retired, in RFC 3339 format. - -* `ip_address.0.type` - The type of this IP address. - -* `first_ip_address` - The first IPv4 address of any type assigned. - -* `public_ip_address` - The first public (`PRIMARY`) IPv4 address assigned. - -* `private_ip_address` - The first private (`PRIVATE`) IPv4 address assigned. - -* `settings.version` - Used to make sure changes to the `settings` block are atomic. - -* `server_ca_cert.0.cert` - The CA Certificate used to connect to the SQL Instance via SSL. - -* `server_ca_cert.0.common_name` - The CN valid for the CA Cert. - -* `server_ca_cert.0.create_time` - Creation time of the CA Cert. - -* `server_ca_cert.0.expiration_time` - Expiration time of the CA Cert. - -* `server_ca_cert.0.sha1_fingerprint` - SHA Fingerprint of the CA Cert. +See [google_sql_database_instance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/sql_database_instance) resource for details of all the available attributes. diff --git a/website/google.erb b/website/google.erb index ed191ce9bb2..e4e613c2373 100644 --- a/website/google.erb +++ b/website/google.erb @@ -2884,6 +2884,10 @@ Data Sources