hvs pg rotating secret

.changelog/1130.txt

@@ -0,0 +1,7 @@
+```release-note:feature
+ Add `hcp_vault_secrets_integration_postgres` resource.
+```
+
+```release-note:feature
+ add postgres provider to hcp_vault_secrets_rotating_secret resource
+```

docs/resources/vault_secrets_integration_postgres.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "hcp_vault_secrets_integration_postgres Resource - terraform-provider-hcp"
+subcategory: ""
+description: |-
+  The Vault Secrets Twilio integration resource manages a Twilio integration.
+---
+
+# hcp_vault_secrets_integration_postgres (Resource)
+
+The Vault Secrets Twilio integration resource manages a Twilio integration.
+
+## Example Usage
+
+```terraform
+resource "hcp_vault_secrets_integration_postgres" "example" {
+  name         = "my-postgres-1"
+  capabilities = ["ROTATION"]
+  static_credential_details = {
+    connection_string = "postgres://user:password@localhost:5432/dbname"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `capabilities` (Set of String) Capabilities enabled for the integration. See the Vault Secrets documentation for the list of supported capabilities per provider.
+- `name` (String) The Vault Secrets integration name.
+
+### Optional
+
+- `project_id` (String) HCP project ID that owns the HCP Vault Secrets integration. Inferred from the provider configuration if omitted.
+- `static_credential_details` (Attributes) Postgres connection string (DSN) to the target database. (see [below for nested schema](#nestedatt--static_credential_details))
+
+### Read-Only
+
+- `organization_id` (String) HCP organization ID that owns the HCP Vault Secrets integration.
+- `resource_id` (String) Resource ID used to uniquely identify the integration instance on the HCP platform.
+- `resource_name` (String) Resource name used to uniquely identify the integration instance on the HCP platform.
+
+<a id="nestedatt--static_credential_details"></a>
+### Nested Schema for `static_credential_details`
+
+Required:
+
+- `connection_string` (String, Sensitive) Connection string (DSN) for the Postgres database.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import hcp_vault_secrets_integration_confluent.example my-postgres-1
+```

docs/resources/vault_secrets_rotating_secret.md

@@ -66,6 +66,17 @@ resource "hcp_vault_secrets_rotating_secret" "example_confluent" {
     service_account_id = "<service-account-id>"
   }
 }
+
+resource "hcp_vault_secrets_rotating_secret" "example_postgres" {
+  app_name             = "my-app-1"
+  secret_provider      = "postgres"
+  name                 = "postgres"
+  integration_name     = "my-postgres-1"
+  rotation_policy_name = "built-in:60-days-2-active"
+  postgres_usernames = {
+    usernames = ["user1", "user2"]
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -85,6 +96,7 @@ resource "hcp_vault_secrets_rotating_secret" "example_confluent" {
 - `confluent_service_account` (Attributes) Confluent configuration to manage the cloud api key rotation for the given service account. Required if `secret_provider` is `confluent`. (see [below for nested schema](#nestedatt--confluent_service_account))
 - `gcp_service_account_key` (Attributes) GCP configuration to manage the service account key rotation for the given service account. Required if `secret_provider` is `gcp`. (see [below for nested schema](#nestedatt--gcp_service_account_key))
 - `mongodb_atlas_user` (Attributes) MongoDB Atlas configuration to manage the user password rotation on the given database. Required if `secret_provider` is `mongodb_atlas`. (see [below for nested schema](#nestedatt--mongodb_atlas_user))
+- `postgres_usernames` (Attributes) (see [below for nested schema](#nestedatt--postgres_usernames))
 - `project_id` (String) HCP project ID that owns the HCP Vault Secrets integration. Inferred from the provider configuration if omitted.
 - `twilio_api_key` (Attributes) Twilio configuration to manage the api key rotation on the given account. Required if `secret_provider` is `twilio`. (see [below for nested schema](#nestedatt--twilio_api_key))
 
@@ -126,5 +138,13 @@ Required:
 - `roles` (List of String) MongoDB Atlas roles to assign to the rotating user.
 
 
+<a id="nestedatt--postgres_usernames"></a>
+### Nested Schema for `postgres_usernames`
+
+Required:
+
+- `usernames` (List of String) Postgres usernames to rotate passwords for.
+
+
 <a id="nestedatt--twilio_api_key"></a>
 ### Nested Schema for `twilio_api_key`

examples/resources/hcp_vault_secrets_integration_postgres/import.sh

@@ -0,0 +1 @@
+terraform import hcp_vault_secrets_integration_confluent.example my-postgres-1

examples/resources/hcp_vault_secrets_integration_postgres/resource.tf

@@ -0,0 +1,7 @@
+resource "hcp_vault_secrets_integration_postgres" "example" {
+  name         = "my-postgres-1"
+  capabilities = ["ROTATION"]
+  static_credential_details = {
+    connection_string = "postgres://user:password@localhost:5432/dbname"
+  }
+}

examples/resources/hcp_vault_secrets_rotating_secret/resource.tf

@@ -53,3 +53,14 @@ resource "hcp_vault_secrets_rotating_secret" "example_confluent" {
   }
 }
 
+resource "hcp_vault_secrets_rotating_secret" "example_postgres" {
+  app_name             = "my-app-1"
+  secret_provider      = "postgres"
+  name                 = "postgres"
+  integration_name     = "my-postgres-1"
+  rotation_policy_name = "built-in:60-days-2-active"
+  postgres_usernames = {
+    usernames = ["user1", "user2"]
+  }
+}
+

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.7.0
-	github.com/hashicorp/hcp-sdk-go v0.117.0
+	github.com/hashicorp/hcp-sdk-go v0.121.0
 	github.com/hashicorp/terraform-plugin-docs v0.19.4
 	github.com/hashicorp/terraform-plugin-framework v1.5.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.12.0

go.sum

@@ -122,8 +122,8 @@ github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC16
 github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA=
 github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
 github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
-github.com/hashicorp/hcp-sdk-go v0.117.0 h1:7lJpkinpWdsXtejC+X7MdaE/3zhFMweB9Ym3uJ7qFJw=
-github.com/hashicorp/hcp-sdk-go v0.117.0/go.mod h1:vQ4fzdL1AmhIAbCw+4zmFe5Hbpajj3NvRWkJoVuxmAk=
+github.com/hashicorp/hcp-sdk-go v0.121.0 h1:fDCB0sexSNontS7LLuhF1RJd7eYx1hmFVBFmY4kXU78=
+github.com/hashicorp/hcp-sdk-go v0.121.0/go.mod h1:vQ4fzdL1AmhIAbCw+4zmFe5Hbpajj3NvRWkJoVuxmAk=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ=

internal/provider/provider.go

@@ -159,6 +159,7 @@ func (p *ProviderFramework) Resources(ctx context.Context) []func() resource.Res
 		vaultsecrets.NewVaultSecretsIntegrationMongoDBAtlasResource,
 		vaultsecrets.NewVaultSecretsIntegrationTwilioResource,
 		vaultsecrets.NewVaultSecretsIntegrationsConfluentResource,
+		vaultsecrets.NewVaultSecretsIntegrationPostgresResource,
 		vaultsecrets.NewVaultSecretsDynamicSecretResource,
 		vaultsecrets.NewVaultSecretsRotatingSecretResource,
 		// IAM