From 0b797aef2cbfb5a822dd56ae03fb522468eb6162 Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Thu, 23 May 2024 11:40:05 -0400 Subject: [PATCH 1/5] switch some methods over --- internal/clients/client.go | 78 ++++++++++++----------- internal/clients/vault_secrets.go | 46 ------------- internal/clients/vault_secrets_preview.go | 70 ++++++++++++++++++++ 3 files changed, 111 insertions(+), 83 deletions(-) create mode 100644 internal/clients/vault_secrets_preview.go diff --git a/internal/clients/client.go b/internal/clients/client.go index 3b807d75a..caab8478c 100644 --- a/internal/clients/client.go +++ b/internal/clients/client.go @@ -46,6 +46,8 @@ import ( cloud_vault "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/client" "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-service/stable/2020-11-25/client/vault_service" + cloud_vault_secrets_preview "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/preview/2023-11-28/client" + secret_service_preview "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/preview/2023-11-28/client/secret_service" cloud_vault_secrets "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/stable/2023-06-13/client" "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/stable/2023-06-13/client/secret_service" @@ -66,24 +68,25 @@ import ( type Client struct { Config ClientConfig - Billing billing_account_service.ClientService - Boundary boundary_service.ClientService - Consul consul_service.ClientService - IAM iam_service.ClientService - Network network_service.ClientService - Operation operation_service.ClientService - Organization organization_service.ClientService - Packer packer_service.ClientService - PackerV2 packer_service_v2.ClientService - Project project_service.ClientService - ServicePrincipals service_principals_service.ClientService - Groups groups_service.ClientService - Vault vault_service.ClientService - VaultSecrets secret_service.ClientService - Waypoint waypoint_service.ClientService - Webhook webhook_service.ClientService - LogService log_service.ClientService - ResourceService resource_service.ClientService + Billing billing_account_service.ClientService + Boundary boundary_service.ClientService + Consul consul_service.ClientService + IAM iam_service.ClientService + Network network_service.ClientService + Operation operation_service.ClientService + Organization organization_service.ClientService + Packer packer_service.ClientService + PackerV2 packer_service_v2.ClientService + Project project_service.ClientService + ServicePrincipals service_principals_service.ClientService + Groups groups_service.ClientService + Vault vault_service.ClientService + VaultSecrets secret_service.ClientService + VaultSecretsPreview secret_service_preview.ClientService + Waypoint waypoint_service.ClientService + Webhook webhook_service.ClientService + LogService log_service.ClientService + ResourceService resource_service.ClientService } // ClientConfig specifies configuration for the client that interacts with HCP @@ -158,25 +161,26 @@ func NewClient(config ClientConfig) (*Client, error) { } client := &Client{ - Config: config, - Billing: cloud_billing.New(httpClient, nil).BillingAccountService, - Boundary: cloud_boundary.New(httpClient, nil).BoundaryService, - Consul: cloud_consul.New(httpClient, nil).ConsulService, - IAM: cloud_iam.New(httpClient, nil).IamService, - Network: cloud_network.New(httpClient, nil).NetworkService, - Operation: cloud_operation.New(httpClient, nil).OperationService, - Organization: cloud_resource_manager.New(httpClient, nil).OrganizationService, - Packer: cloud_packer.New(httpClient, nil).PackerService, - PackerV2: cloud_packer_v2.New(httpClient, nil).PackerService, - Project: cloud_resource_manager.New(httpClient, nil).ProjectService, - ServicePrincipals: cloud_iam.New(httpClient, nil).ServicePrincipalsService, - Groups: cloud_iam.New(httpClient, nil).GroupsService, - Vault: cloud_vault.New(httpClient, nil).VaultService, - VaultSecrets: cloud_vault_secrets.New(httpClient, nil).SecretService, - Waypoint: cloud_waypoint.New(httpClient, nil).WaypointService, - LogService: cloud_log_service.New(httpClient, nil).LogService, - Webhook: cloud_webhook.New(httpClient, nil).WebhookService, - ResourceService: cloud_resource_manager.New(httpClient, nil).ResourceService, + Config: config, + Billing: cloud_billing.New(httpClient, nil).BillingAccountService, + Boundary: cloud_boundary.New(httpClient, nil).BoundaryService, + Consul: cloud_consul.New(httpClient, nil).ConsulService, + IAM: cloud_iam.New(httpClient, nil).IamService, + Network: cloud_network.New(httpClient, nil).NetworkService, + Operation: cloud_operation.New(httpClient, nil).OperationService, + Organization: cloud_resource_manager.New(httpClient, nil).OrganizationService, + Packer: cloud_packer.New(httpClient, nil).PackerService, + PackerV2: cloud_packer_v2.New(httpClient, nil).PackerService, + Project: cloud_resource_manager.New(httpClient, nil).ProjectService, + ServicePrincipals: cloud_iam.New(httpClient, nil).ServicePrincipalsService, + Groups: cloud_iam.New(httpClient, nil).GroupsService, + Vault: cloud_vault.New(httpClient, nil).VaultService, + VaultSecrets: cloud_vault_secrets.New(httpClient, nil).SecretService, + VaultSecretsPreview: cloud_vault_secrets_preview.New(httpClient, nil).SecretService, + Waypoint: cloud_waypoint.New(httpClient, nil).WaypointService, + LogService: cloud_log_service.New(httpClient, nil).LogService, + Webhook: cloud_webhook.New(httpClient, nil).WebhookService, + ResourceService: cloud_resource_manager.New(httpClient, nil).ResourceService, } return client, nil diff --git a/internal/clients/vault_secrets.go b/internal/clients/vault_secrets.go index b9fbd2d8d..d46b2fedf 100644 --- a/internal/clients/vault_secrets.go +++ b/internal/clients/vault_secrets.go @@ -69,23 +69,6 @@ func UpdateVaultSecretsApp(ctx context.Context, client *Client, loc *sharedmodel return updateResp.Payload.App, nil } -// ListVaultSecretsAppSecrets will retrieve all app secrets metadata for a Vault Secrets application. -func ListVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20230613Secret, error) { - - listParams := secret_service.NewListAppSecretsParams() - listParams.Context = ctx - listParams.AppName = appName - listParams.LocationOrganizationID = loc.OrganizationID - listParams.LocationProjectID = loc.ProjectID - - listResp, err := client.VaultSecrets.ListAppSecrets(listParams, nil) - if err != nil { - return nil, err - } - - return listResp.Payload.Secrets, nil -} - // DeleteVaultSecretsApp will delete a Vault Secrets application. func DeleteVaultSecretsApp(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) error { @@ -122,35 +105,6 @@ func CreateVaultSecretsAppSecret(ctx context.Context, client *Client, loc *share return createResp.Payload.Secret, nil } -// OpenVaultSecretsAppSecret will retrieve the latest secret for a Vault Secrets app, including it's value. -func OpenVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName, secretName string) (*secretmodels.Secrets20230613OpenSecret, error) { - getParams := secret_service.NewOpenAppSecretParams() - getParams.Context = ctx - getParams.AppName = appName - getParams.SecretName = secretName - getParams.LocationOrganizationID = loc.OrganizationID - getParams.LocationProjectID = loc.ProjectID - - var getResp *secret_service.OpenAppSecretOK - var err error - for attempt := 0; attempt < retryCount; attempt++ { - getResp, err = client.VaultSecrets.OpenAppSecret(getParams, nil) - if err != nil { - serviceErr, ok := err.(*secret_service.OpenAppSecretDefault) - if !ok { - return nil, err - } - - if shouldRetryWithSleep(ctx, serviceErr, attempt, []int{http.StatusTooManyRequests}) { - continue - } - return nil, err - } - break - } - return getResp.Payload.Secret, nil -} - func OpenVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20230613OpenSecret, error) { params := secret_service.NewOpenAppSecretsParams() params.Context = ctx diff --git a/internal/clients/vault_secrets_preview.go b/internal/clients/vault_secrets_preview.go new file mode 100644 index 000000000..e6eb7f19d --- /dev/null +++ b/internal/clients/vault_secrets_preview.go @@ -0,0 +1,70 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package clients + +import ( + "context" + "errors" + "fmt" + "net/http" + "time" + + sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" + "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/preview/2023-11-28/client/secret_service" + secretmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/preview/2023-11-28/models" + "github.com/hashicorp/terraform-plugin-log/tflog" +) + +// ListVaultSecretsAppSecrets will retrieve all app secrets metadata for a Vault Secrets application. +func ListVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20231128Secret, error) { + listParams := secret_service.NewListAppSecretsParams() + listParams.Context = ctx + listParams.AppName = appName + listParams.OrganizationID = loc.OrganizationID + listParams.ProjectID = loc.ProjectID + + listResp, err := client.VaultSecretsPreview.ListAppSecrets(listParams, nil) + if err != nil { + return nil, err + } + return listResp.GetPayload().Secrets, nil +} + +// OpenVaultSecretsAppSecret will retrieve the latest secret for a Vault Secrets app, including it's value. +func OpenVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName, secretName string) (*secretmodels.Secrets20231128OpenSecret, error) { + getParams := secret_service.NewOpenAppSecretParams() + getParams.Context = ctx + getParams.AppName = appName + getParams.SecretName = secretName + getParams.OrganizationID = loc.OrganizationID + getParams.ProjectID = loc.ProjectID + + var getResp *secret_service.OpenAppSecretOK + var err error + for attempt := 0; attempt < retryCount; attempt++ { + getResp, err = client.VaultSecretsPreview.OpenAppSecret(getParams, nil) + if err != nil { + var serviceErr *secret_service.OpenAppSecretDefault + ok := errors.As(err, &serviceErr) + if !ok { + return nil, err + } + + if shouldRetryErrorCode(serviceErr.Code(), []int{http.StatusTooManyRequests}) { + backOffDuration := getAPIBackoffDuration(serviceErr.Error()) + tflog.Debug(ctx, fmt.Sprintf("The api rate limit has been exceeded, retrying in %d seconds, attempt: %d", int64(backOffDuration.Seconds()), (attempt+1))) + time.Sleep(backOffDuration) + continue + } + return nil, err + } + break + } + + if getResp == nil { + return nil, errors.New("unable to get secret") + } + + return getResp.GetPayload().Secret, nil +} From 7aec0759246dcddbce301a199228b13fbc384809 Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Thu, 23 May 2024 12:08:45 -0400 Subject: [PATCH 2/5] update vault_secrets_secret --- internal/clients/vault_secrets_preview.go | 20 +++++++------- .../data_source_vault_secrets_secret.go | 27 ++++++++++++++++--- 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/internal/clients/vault_secrets_preview.go b/internal/clients/vault_secrets_preview.go index e6eb7f19d..42b91b036 100644 --- a/internal/clients/vault_secrets_preview.go +++ b/internal/clients/vault_secrets_preview.go @@ -18,11 +18,10 @@ import ( // ListVaultSecretsAppSecrets will retrieve all app secrets metadata for a Vault Secrets application. func ListVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20231128Secret, error) { - listParams := secret_service.NewListAppSecretsParams() - listParams.Context = ctx - listParams.AppName = appName - listParams.OrganizationID = loc.OrganizationID - listParams.ProjectID = loc.ProjectID + listParams := secret_service.NewListAppSecretsParamsWithContext(ctx). + WithAppName(appName). + WithOrganizationID(loc.OrganizationID). + WithProjectID(loc.ProjectID) listResp, err := client.VaultSecretsPreview.ListAppSecrets(listParams, nil) if err != nil { @@ -33,12 +32,11 @@ func ListVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *shared // OpenVaultSecretsAppSecret will retrieve the latest secret for a Vault Secrets app, including it's value. func OpenVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName, secretName string) (*secretmodels.Secrets20231128OpenSecret, error) { - getParams := secret_service.NewOpenAppSecretParams() - getParams.Context = ctx - getParams.AppName = appName - getParams.SecretName = secretName - getParams.OrganizationID = loc.OrganizationID - getParams.ProjectID = loc.ProjectID + getParams := secret_service.NewOpenAppSecretParamsWithContext(ctx). + WithAppName(appName). + WithSecretName(secretName). + WithOrganizationID(loc.OrganizationID). + WithProjectID(loc.ProjectID) var getResp *secret_service.OpenAppSecretOK var err error diff --git a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go index adf6202e8..c162c4b32 100644 --- a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go +++ b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go @@ -5,6 +5,7 @@ package vaultsecrets import ( "context" + "encoding/json" "fmt" sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models" @@ -31,11 +32,11 @@ func NewVaultSecretsSecretDataSource() datasource.DataSource { return &DataSourceVaultSecretsSecret{} } -func (d *DataSourceVaultSecretsSecret) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { +func (d *DataSourceVaultSecretsSecret) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { resp.TypeName = req.ProviderTypeName + "_vault_secrets_secret" } -func (d *DataSourceVaultSecretsSecret) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { +func (d *DataSourceVaultSecretsSecret) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { resp.Schema = schema.Schema{ MarkdownDescription: "The Vault Secrets secret data source retrieves a singular secret and its latest version.", Attributes: map[string]schema.Attribute{ @@ -107,7 +108,27 @@ func (d *DataSourceVaultSecretsSecret) Read(ctx context.Context, req datasource. resp.Diagnostics.AddError(err.Error(), "Unable to open secret") return } - secretValue := openSecret.Version.Value + + // NOTE: for backwards compatibility purposes, if the secret is not a static secret (aka a string) + // encode the complex secret as a json string + var secretValue string + switch { + case openSecret.StaticVersion != nil: + secretValue = openSecret.StaticVersion.Value + case openSecret.RotatingVersion != nil: + secretData, err := json.Marshal(openSecret.RotatingVersion.Values) + if err != nil { + resp.Diagnostics.AddError(err.Error(), "could not encode rotating secret as json") + return + } + secretValue = string(secretData) + default: + resp.Diagnostics.AddError( + "Unsupported HCP Secret type", + fmt.Sprintf("HCP Secrets secret type %q is not currently supported by terraform-provider-hcp", openSecret.Type), + ) + return + } data.ID = data.AppName data.SecretValue = types.StringValue(secretValue) From 2705021c72996923e631b86cd23a43efd4f690e6 Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Thu, 23 May 2024 13:58:56 -0400 Subject: [PATCH 3/5] rotated secrets to map --- internal/clients/vault_secrets.go | 27 ----------- internal/clients/vault_secrets_preview.go | 45 +++++++++++++------ .../data_source_vault_secrets_app.go | 16 ++++++- .../data_source_vault_secrets_secret.go | 4 ++ .../resource_vault_secrets_secret.go | 4 +- 5 files changed, 52 insertions(+), 44 deletions(-) diff --git a/internal/clients/vault_secrets.go b/internal/clients/vault_secrets.go index d46b2fedf..eac704bf8 100644 --- a/internal/clients/vault_secrets.go +++ b/internal/clients/vault_secrets.go @@ -105,33 +105,6 @@ func CreateVaultSecretsAppSecret(ctx context.Context, client *Client, loc *share return createResp.Payload.Secret, nil } -func OpenVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20230613OpenSecret, error) { - params := secret_service.NewOpenAppSecretsParams() - params.Context = ctx - params.AppName = appName - params.LocationOrganizationID = loc.OrganizationID - params.LocationProjectID = loc.ProjectID - - var secrets *secret_service.OpenAppSecretsOK - var err error - for attempt := 0; attempt < retryCount; attempt++ { - secrets, err = client.VaultSecrets.OpenAppSecrets(params, nil) - if err != nil { - serviceErr, ok := err.(*secret_service.OpenAppSecretsDefault) - if !ok { - return nil, err - } - if shouldRetryWithSleep(ctx, serviceErr, attempt, []int{http.StatusTooManyRequests}) { - continue - } - return nil, err - } - break - } - - return secrets.Payload.Secrets, nil -} - // DeleteVaultSecretsAppSecret will delete a Vault Secrets application secret. func DeleteVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName, secretName string) error { diff --git a/internal/clients/vault_secrets_preview.go b/internal/clients/vault_secrets_preview.go index 42b91b036..8ad8adbb4 100644 --- a/internal/clients/vault_secrets_preview.go +++ b/internal/clients/vault_secrets_preview.go @@ -16,20 +16,6 @@ import ( "github.com/hashicorp/terraform-plugin-log/tflog" ) -// ListVaultSecretsAppSecrets will retrieve all app secrets metadata for a Vault Secrets application. -func ListVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20231128Secret, error) { - listParams := secret_service.NewListAppSecretsParamsWithContext(ctx). - WithAppName(appName). - WithOrganizationID(loc.OrganizationID). - WithProjectID(loc.ProjectID) - - listResp, err := client.VaultSecretsPreview.ListAppSecrets(listParams, nil) - if err != nil { - return nil, err - } - return listResp.GetPayload().Secrets, nil -} - // OpenVaultSecretsAppSecret will retrieve the latest secret for a Vault Secrets app, including it's value. func OpenVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName, secretName string) (*secretmodels.Secrets20231128OpenSecret, error) { getParams := secret_service.NewOpenAppSecretParamsWithContext(ctx). @@ -66,3 +52,34 @@ func OpenVaultSecretsAppSecret(ctx context.Context, client *Client, loc *sharedm return getResp.GetPayload().Secret, nil } + +func OpenVaultSecretsAppSecrets(ctx context.Context, client *Client, loc *sharedmodels.HashicorpCloudLocationLocation, appName string) ([]*secretmodels.Secrets20231128OpenSecret, error) { + params := secret_service.NewOpenAppSecretsParamsWithContext(ctx). + WithAppName(appName). + WithOrganizationID(loc.OrganizationID). + WithProjectID(loc.ProjectID) + + var secrets *secret_service.OpenAppSecretsOK + var err error + for attempt := 0; attempt < retryCount; attempt++ { + secrets, err = client.VaultSecretsPreview.OpenAppSecrets(params, nil) + if err != nil { + var serviceErr *secret_service.OpenAppSecretDefault + ok := errors.As(err, &serviceErr) + if !ok { + return nil, err + } + if shouldRetryWithSleep(ctx, serviceErr, attempt, []int{http.StatusTooManyRequests}) { + continue + } + return nil, err + } + break + } + + if secrets == nil { + return nil, errors.New("unable to get secrets") + } + + return secrets.GetPayload().Secrets, nil +} diff --git a/internal/provider/vaultsecrets/data_source_vault_secrets_app.go b/internal/provider/vaultsecrets/data_source_vault_secrets_app.go index 79540e13f..c688d36d6 100644 --- a/internal/provider/vaultsecrets/data_source_vault_secrets_app.go +++ b/internal/provider/vaultsecrets/data_source_vault_secrets_app.go @@ -106,8 +106,20 @@ func (d *DataSourceVaultSecretsApp) Read(ctx context.Context, req datasource.Rea openAppSecrets := map[string]string{} for _, appSecret := range appSecrets { - secretName := appSecret.Name - openAppSecrets[secretName] = appSecret.Version.Value + switch { + case appSecret.StaticVersion != nil: + openAppSecrets[appSecret.Name] = appSecret.StaticVersion.Value + case appSecret.RotatingVersion != nil: + for name, value := range appSecret.RotatingVersion.Values { + openAppSecrets[appSecret.Name+"_"+name] = value + } + default: + resp.Diagnostics.AddError( + "Unsupported HCP Secret type", + fmt.Sprintf("HCP Secrets secret type %q is not currently supported by terraform-provider-hcp", appSecret.Type), + ) + return + } } data.ID = data.AppName diff --git a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go index c162c4b32..2d6cb6d7f 100644 --- a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go +++ b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go @@ -121,6 +121,10 @@ func (d *DataSourceVaultSecretsSecret) Read(ctx context.Context, req datasource. resp.Diagnostics.AddError(err.Error(), "could not encode rotating secret as json") return } + resp.Diagnostics.AddWarning( + "HCP Vault Secrets mismatched type", + "Attempted to get a rotating secret in a KV secret data source, encoding the secret values as JSON", + ) secretValue = string(secretData) default: resp.Diagnostics.AddError( diff --git a/internal/provider/vaultsecrets/resource_vault_secrets_secret.go b/internal/provider/vaultsecrets/resource_vault_secrets_secret.go index bdc472ec2..cea6f4736 100644 --- a/internal/provider/vaultsecrets/resource_vault_secrets_secret.go +++ b/internal/provider/vaultsecrets/resource_vault_secrets_secret.go @@ -175,7 +175,9 @@ func (r *resourceVaultsecretsSecret) Read(ctx context.Context, req resource.Read return } - state.SecretValue = types.StringValue(res.Version.Value) + // TODO: so the resource can only create a static secret, + // what happens when a user tries to import a rotating/other type of secret? + state.SecretValue = types.StringValue(res.StaticVersion.Value) resp.Diagnostics.Append(resp.State.Set(ctx, &state)...) } From f37d2deb0e744fcca2f8590f183d57c5ea4a5870 Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Tue, 28 May 2024 16:38:21 -0400 Subject: [PATCH 4/5] add changelog --- .changelog/850.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/850.txt diff --git a/.changelog/850.txt b/.changelog/850.txt new file mode 100644 index 000000000..f88c31162 --- /dev/null +++ b/.changelog/850.txt @@ -0,0 +1,3 @@ +```release-note:feature +Allows users to fetch rotating secrets using the hcp_vault_secrets_app and hcp_vault_secrets_secret data sources +``` From e2ed1cea13b4f174b42edc5eb3d0ae2d7bbbeaef Mon Sep 17 00:00:00 2001 From: Daniel Huckins Date: Fri, 31 May 2024 09:01:02 -0400 Subject: [PATCH 5/5] Update internal/provider/vaultsecrets/data_source_vault_secrets_secret.go Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com> --- .../provider/vaultsecrets/data_source_vault_secrets_secret.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go index 2d6cb6d7f..cb0550850 100644 --- a/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go +++ b/internal/provider/vaultsecrets/data_source_vault_secrets_secret.go @@ -109,8 +109,8 @@ func (d *DataSourceVaultSecretsSecret) Read(ctx context.Context, req datasource. return } - // NOTE: for backwards compatibility purposes, if the secret is not a static secret (aka a string) - // encode the complex secret as a json string + // NOTE: for backwards compatibility purposes, if the secret is not a static secret (a string) + // encode the complex secret as a JSON string var secretValue string switch { case openSecret.StaticVersion != nil: