From 596614830129f368676051a25f1098c478347cdf Mon Sep 17 00:00:00 2001 From: Mirko Teodorovic Date: Thu, 10 Oct 2024 15:14:42 +0200 Subject: [PATCH] fix: [CDS-101363]: add validation, resolve problem with diffing creds (#1090) * fix: [CDS-101363]: add validation, resolve problem with diffing creds Signed-off-by: Mirko Teodorovic * fix: [CDS-101363]: add validation, resolve problem with diffing creds Signed-off-by: Mirko Teodorovic * fix: [CDS-101363]: add validation, resolve problem with diffing creds Signed-off-by: Mirko Teodorovic * fix: [CDS-101363]: add validation, resolve problem with diffing creds Signed-off-by: Mirko Teodorovic * Update platform_gitops_repo_cred.md * Update platform_gitops_repository.md * make update_mask deprecated field Signed-off-by: Mirko Teodorovic --------- Signed-off-by: Mirko Teodorovic --- .changelog/1085.txt | 4 + docs/resources/platform_gitops_repo_cred.md | 4 +- docs/resources/platform_gitops_repository.md | 15 +- .../repository/resource_gitops_repository.go | 199 +++++++++++++----- .../resource_gitops_repo_cred.go | 161 +++++++++++--- 5 files changed, 284 insertions(+), 99 deletions(-) create mode 100644 .changelog/1085.txt diff --git a/.changelog/1085.txt b/.changelog/1085.txt new file mode 100644 index 000000000..b95b55157 --- /dev/null +++ b/.changelog/1085.txt @@ -0,0 +1,4 @@ +```release-note:fix +harness_platform_gitops_repository: Fix reporting diff on credentials on rerun, add some validation. +harness_platform_gitops_repo_cred: Fix reporting diff on credentials on rerun, add some validation. +``` \ No newline at end of file diff --git a/docs/resources/platform_gitops_repo_cred.md b/docs/resources/platform_gitops_repo_cred.md index 0f43ac171..a5232b189 100644 --- a/docs/resources/platform_gitops_repo_cred.md +++ b/docs/resources/platform_gitops_repo_cred.md @@ -60,8 +60,8 @@ Optional: - `enable_oci` (Boolean) Specifies whether helm-oci support should be enabled for this repo. - `github_app_enterprise_base_url` (String) Specifies the GitHub API URL for GitHub app authentication. -- `github_app_id` (String) Specifies the Github App ID of the app used to access the repo for GitHub app authentication. -- `github_app_installation_id` (String) Specifies the ID of the installed GitHub App for GitHub app authentication. +- `github_app_id` (String, Sensitive) Specifies the Github App ID of the app used to access the repo for GitHub app authentication. +- `github_app_installation_id` (String, Sensitive) Specifies the ID of the installed GitHub App for GitHub app authentication. - `github_app_private_key` (String, Sensitive) github_app_private_key specifies the private key PEM data for authentication via GitHub app. - `password` (String, Sensitive) Password or PAT to be used for authenticating the remote repository. - `ssh_private_key` (String, Sensitive) SSH Key in PEM format for authenticating the repository. Used only for Git repository. diff --git a/docs/resources/platform_gitops_repository.md b/docs/resources/platform_gitops_repository.md index 949374f52..b9ae9a868 100644 --- a/docs/resources/platform_gitops_repository.md +++ b/docs/resources/platform_gitops_repository.md @@ -218,7 +218,6 @@ Enum: "UNSET" "AWS_ECR" "GOOGLE_GCR" - `org_id` (String) Organization identifier of the GitOps repository. - `project_id` (String) Project identifier of the GitOps repository. - `refresh_interval` (String) For OCI repos, this is the interval to refresh the token to access the registry. -- `update_mask` (Block List) Update mask of the repository. (see [below for nested schema](#nestedblock--update_mask)) - `upsert` (Boolean) Indicates if the GitOps repository should be updated if existing and inserted if not. ### Read-Only @@ -238,8 +237,8 @@ Optional: - `enable_lfs` (Boolean) Indicates if git-lfs support must be enabled for this repo. This is valid only for Git repositories. - `enable_oci` (Boolean) Indicates if helm-oci support must be enabled for this repo. - `github_app_enterprise_base_url` (String) Base URL of GitHub Enterprise installation. If left empty, this defaults to https://api.github.com. -- `github_app_id` (String) Id of the GitHub app used to access the repo. -- `github_app_installation_id` (String) Installation id of the GitHub app used to access the repo. +- `github_app_id` (String, Sensitive) Id of the GitHub app used to access the repo. +- `github_app_installation_id` (String, Sensitive) Installation id of the GitHub app used to access the repo. - `github_app_private_key` (String, Sensitive) GitHub app private key PEM data. - `insecure` (Boolean) Indicates if the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys. - `insecure_ignore_host_key` (Boolean) Indicates if InsecureIgnoreHostKey should be used. Insecure is favored used only for git repos. Deprecated. @@ -316,16 +315,6 @@ Optional: - `name` (String) The name of the ServiceAccount resource being referred to. - `namespace` (String) Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. - - - - -### Nested Schema for `update_mask` - -Optional: - -- `paths` (List of String) The set of field mask paths. - ## Import Import is supported using the following syntax: diff --git a/internal/service/platform/gitops/repository/resource_gitops_repository.go b/internal/service/platform/gitops/repository/resource_gitops_repository.go index bd11e99f8..8cbf429a4 100644 --- a/internal/service/platform/gitops/repository/resource_gitops_repository.go +++ b/internal/service/platform/gitops/repository/resource_gitops_repository.go @@ -24,6 +24,7 @@ func ResourceGitopsRepositories() *schema.Resource { UpdateContext: resourceGitOpsRepositoryUpdate, DeleteContext: resourceGitOpsRepositoryDelete, Importer: helpers.GitopsAgentResourceImporter, + Schema: map[string]*schema.Schema{ "account_id": { Description: "Account identifier of the GitOps repository.", @@ -77,14 +78,16 @@ func ResourceGitopsRepositories() *schema.Resource { Description: "Password or PAT to be used for authenticating the remote repository.", Type: schema.TypeString, Optional: true, + Computed: true, Sensitive: true, }, "ssh_private_key": { - Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.", - Type: schema.TypeString, - Optional: true, - Computed: true, - Sensitive: true, + Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"repo.0.password", "repo.0.github_app_private_key", "repo.0.github_app_id", "repo.0.github_app_installation_id", "repo.0.github_app_enterprise_base_url", "repo.0.tls_client_cert_data", "repo.0.tls_client_cert_key"}, }, "insecure_ignore_host_key": { Description: "Indicates if InsecureIgnoreHostKey should be used. Insecure is favored used only for git repos. Deprecated.", @@ -103,16 +106,20 @@ func ResourceGitopsRepositories() *schema.Resource { Default: false, }, "tls_client_cert_data": { - Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.github_app_private_key", "repo.0.github_app_id", "repo.0.github_app_installation_id", "repo.0.github_app_enterprise_base_url"}, }, "tls_client_cert_key": { - Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.github_app_private_key", "repo.0.github_app_id", "repo.0.github_app_installation_id", "repo.0.github_app_enterprise_base_url"}, }, "type_": { Description: "Type specifies the type of the repo. Can be either \"git\" or \"helm. \"git\" is assumed if empty or absent.", @@ -137,25 +144,34 @@ func ResourceGitopsRepositories() *schema.Resource { Optional: true, }, "github_app_private_key": { - Description: "GitHub app private key PEM data.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "GitHub app private key PEM data.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.tls_client_cert_data", "repo.0.tls_client_cert_key"}, }, "github_app_id": { - Description: "Id of the GitHub app used to access the repo.", - Type: schema.TypeString, - Optional: true, + Description: "Id of the GitHub app used to access the repo.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.tls_client_cert_data", "repo.0.tls_client_cert_key"}, }, "github_app_installation_id": { - Description: "Installation id of the GitHub app used to access the repo.", - Type: schema.TypeString, - Optional: true, + Description: "Installation id of the GitHub app used to access the repo.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.tls_client_cert_data", "repo.0.tls_client_cert_key"}, }, "github_app_enterprise_base_url": { - Description: "Base URL of GitHub Enterprise installation. If left empty, this defaults to https://api.github.com.", - Type: schema.TypeString, - Optional: true, + Description: "Base URL of GitHub Enterprise installation. If left empty, this defaults to https://api.github.com.", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"repo.0.password", "repo.0.ssh_private_key", "repo.0.tls_client_cert_data", "repo.0.tls_client_cert_key"}, }, "proxy": { Description: "The HTTP/HTTPS proxy used to access the repo.", @@ -345,6 +361,7 @@ func ResourceGitopsRepositories() *schema.Resource { Description: "Update mask of the repository.", Type: schema.TypeList, Optional: true, + Deprecated: "This field is deprecated and will be removed in a future release.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "paths": { @@ -403,6 +420,29 @@ func resourceGitOpsRepositoryCreate(ctx context.Context, d *schema.ResourceData, d.MarkNewResource() return nil } + + if attr, ok := d.GetOk("repo.0.password"); ok { + resp.Repository.Password = attr.(string) + } + if attr, ok := d.GetOk("repo.0.ssh_private_key"); ok { + resp.Repository.SshPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_data"); ok { + resp.Repository.TlsClientCertData = attr.(string) + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_key"); ok { + resp.Repository.TlsClientCertKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_private_key"); ok { + resp.Repository.GithubAppPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_id"); ok { + resp.Repository.GithubAppID = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_installation_id"); ok { + resp.Repository.GithubAppInstallationID = attr.(string) + } + setRepositoryDetails(d, &resp) return nil } @@ -437,6 +477,42 @@ func resourceGitOpsRepositoryRead(ctx context.Context, d *schema.ResourceData, m d.MarkNewResource() return nil } + if attr, ok := d.GetOk("repo.0.password"); ok { + if len(resp.Repository.Password) != 0 { + resp.Repository.Password = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.ssh_private_key"); ok { + if len(resp.Repository.SshPrivateKey) != 0 { + resp.Repository.SshPrivateKey = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_data"); ok { + if len(resp.Repository.TlsClientCertData) != 0 { + resp.Repository.TlsClientCertData = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_key"); ok { + if len(resp.Repository.TlsClientCertKey) != 0 { + resp.Repository.TlsClientCertKey = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.github_app_private_key"); ok { + if len(resp.Repository.GithubAppPrivateKey) != 0 { + resp.Repository.GithubAppPrivateKey = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.github_app_id"); ok { + if len(resp.Repository.GithubAppID) != 0 { + resp.Repository.GithubAppID = attr.(string) + } + } + if attr, ok := d.GetOk("repo.0.github_app_installation_id"); ok { + if len(resp.Repository.GithubAppInstallationID) != 0 { + resp.Repository.GithubAppInstallationID = attr.(string) + } + } + setRepositoryDetails(d, &resp) return nil @@ -479,6 +555,29 @@ func resourceGitOpsRepositoryUpdate(ctx context.Context, d *schema.ResourceData, d.MarkNewResource() return nil } + + if attr, ok := d.GetOk("repo.0.password"); ok { + resp.Repository.Password = attr.(string) + } + if attr, ok := d.GetOk("repo.0.ssh_private_key"); ok { + resp.Repository.SshPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_data"); ok { + resp.Repository.TlsClientCertData = attr.(string) + } + if attr, ok := d.GetOk("repo.0.tls_client_cert_key"); ok { + resp.Repository.TlsClientCertKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_private_key"); ok { + resp.Repository.GithubAppPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_id"); ok { + resp.Repository.GithubAppID = attr.(string) + } + if attr, ok := d.GetOk("repo.0.github_app_installation_id"); ok { + resp.Repository.GithubAppInstallationID = attr.(string) + } + setRepositoryDetails(d, &resp) return nil } @@ -512,18 +611,6 @@ func resourceGitOpsRepositoryDelete(ctx context.Context, d *schema.ResourceData, } func buildUpdateRepoRequest(d *schema.ResourceData) nextgen.RepositoriesRepoUpdateRequest { - var updateMask map[string]interface{} - if attr, ok := d.GetOk("update_mask"); ok { - if len(attr.([]interface{})) > 0 { - updateMask = attr.([]interface{})[0].(map[string]interface{}) - } - } - var updateMaskPath []string - if updateMask != nil && updateMask["paths"] != nil && len(updateMask["paths"].([]interface{})) > 0 { - for _, v := range updateMask["paths"].([]interface{}) { - updateMaskPath = append(updateMaskPath, v.(string)) - } - } var genType nextgen.RepositoriesEsoGeneratorType if attr, ok := d.GetOk("gen_type"); ok { genType = nextgen.RepositoriesEsoGeneratorType(attr.(string)) @@ -555,9 +642,6 @@ func buildUpdateRepoRequest(d *schema.ResourceData) nextgen.RepositoriesRepoUpda request := nextgen.RepositoriesRepoUpdateRequest{ Repo: r, RefreshInterval: refreshInterval, - UpdateMask: &nextgen.ProtobufFieldMask{ - Paths: updateMaskPath, - }, } if genType != "" { request.GenType = &genType @@ -783,26 +867,43 @@ func setRepositoryDetails(d *schema.ResourceData, repo *nextgen.Servicev1Reposit d.Set("project_id", repo.ProjectIdentifier) d.Set("agent_id", repo.AgentIdentifier) d.Set("identifier", repo.Identifier) + if repo.Repository != nil { repoList := []interface{}{} repoO := map[string]interface{}{} repoO["repo"] = repo.Repository.Repo - repoO["username"] = repo.Repository.Username - repoO["password"] = repo.Repository.Password + if len(repo.Repository.Username) > 0 { + repoO["username"] = repo.Repository.Username + } + if len(repo.Repository.Password) > 0 { + repoO["password"] = repo.Repository.Password + } repoO["ssh_private_key"] = repo.Repository.SshPrivateKey repoO["insecure_ignore_host_key"] = repo.Repository.InsecureIgnoreHostKey repoO["insecure"] = repo.Repository.Insecure repoO["enable_lfs"] = repo.Repository.EnableLfs - repoO["tls_client_cert_data"] = repo.Repository.TlsClientCertData - repoO["tls_client_cert_key"] = repo.Repository.TlsClientCertKey + if len(repo.Repository.TlsClientCertData) > 0 { + repoO["tls_client_cert_data"] = repo.Repository.TlsClientCertData + } + if len(repo.Repository.TlsClientCertKey) > 0 { + repoO["tls_client_cert_key"] = repo.Repository.TlsClientCertKey + } repoO["type_"] = repo.Repository.Type_ repoO["name"] = repo.Repository.Name repoO["inherited_creds"] = repo.Repository.InheritedCreds repoO["enable_oci"] = repo.Repository.EnableOCI - repoO["github_app_private_key"] = repo.Repository.GithubAppPrivateKey - repoO["github_app_id"] = repo.Repository.GithubAppID - repoO["github_app_installation_id"] = repo.Repository.GithubAppInstallationID - repoO["github_app_enterprise_base_url"] = repo.Repository.GithubAppEnterpriseBaseUrl + if len(repo.Repository.GithubAppPrivateKey) > 0 { + repoO["github_app_private_key"] = repo.Repository.GithubAppPrivateKey + } + if len(repo.Repository.GithubAppID) > 0 { + repoO["github_app_id"] = repo.Repository.GithubAppID + } + if len(repo.Repository.GithubAppInstallationID) > 0 { + repoO["github_app_installation_id"] = repo.Repository.GithubAppInstallationID + } + if len(repo.Repository.GithubAppEnterpriseBaseUrl) > 0 { + repoO["github_app_enterprise_base_url"] = repo.Repository.GithubAppEnterpriseBaseUrl + } repoO["proxy"] = repo.Repository.Proxy repoO["project"] = repo.Repository.Project repoO["connection_type"] = repo.Repository.ConnectionType diff --git a/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go b/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go index dd391a361..1604a1ae2 100644 --- a/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go +++ b/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go @@ -2,6 +2,7 @@ package repository_credentials import ( "context" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "net/http" "github.com/antihax/optional" @@ -74,54 +75,72 @@ func ResourceGitopsRepoCred() *schema.Resource { ForceNew: true, }, "username": { - Description: "Username to be used for authenticating the remote repository.", - Type: schema.TypeString, - Optional: true, + Description: "Username to be used for authenticating the remote repository.", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key", "creds.0.github_app_private_key", "creds.0.github_app_id", "creds.0.github_app_installation_id", "creds.0.github_app_enterprise_base_url"}, }, "password": { - Description: "Password or PAT to be used for authenticating the remote repository.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "Password or PAT to be used for authenticating the remote repository.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key", "creds.0.github_app_private_key", "creds.0.github_app_id", "creds.0.github_app_installation_id", "creds.0.github_app_enterprise_base_url"}, }, "ssh_private_key": { - Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key", "creds.0.github_app_private_key", "creds.0.github_app_id", "creds.0.github_app_installation_id", "creds.0.github_app_enterprise_base_url"}, }, "tls_client_cert_data": { - Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.github_app_private_key", "creds.0.github_app_id", "creds.0.github_app_installation_id", "creds.0.github_app_enterprise_base_url"}, }, "tls_client_cert_key": { - Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.github_app_private_key", "creds.0.github_app_id", "creds.0.github_app_installation_id", "creds.0.github_app_enterprise_base_url"}, }, "github_app_private_key": { - Description: "github_app_private_key specifies the private key PEM data for authentication via GitHub app.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, + Description: "github_app_private_key specifies the private key PEM data for authentication via GitHub app.", + Type: schema.TypeString, + Optional: true, + Computed: true, + Sensitive: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key"}, }, "github_app_id": { - Description: "Specifies the Github App ID of the app used to access the repo for GitHub app authentication.", - Type: schema.TypeString, - Optional: true, + Description: "Specifies the Github App ID of the app used to access the repo for GitHub app authentication.", + Type: schema.TypeString, + Sensitive: true, + Computed: true, + Optional: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key"}, }, "github_app_installation_id": { - Description: "Specifies the ID of the installed GitHub App for GitHub app authentication.", - Type: schema.TypeString, - Optional: true, + Description: "Specifies the ID of the installed GitHub App for GitHub app authentication.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Computed: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key"}, }, "github_app_enterprise_base_url": { - Description: "Specifies the GitHub API URL for GitHub app authentication.", - Type: schema.TypeString, - Optional: true, + Description: "Specifies the GitHub API URL for GitHub app authentication.", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"creds.0.username", "creds.0.password", "creds.0.ssh_private_key", "creds.0.tls_client_cert_data", "creds.0.tls_client_cert_key"}, }, "enable_oci": { Description: "Specifies whether helm-oci support should be enabled for this repo.", @@ -129,9 +148,10 @@ func ResourceGitopsRepoCred() *schema.Resource { Optional: true, }, "type": { - Description: "Type specifies the type of the repoCreds.Can be either 'git' or 'helm. 'git' is assumed if empty or absent", - Type: schema.TypeString, - Optional: true, + Description: "Type specifies the type of the repoCreds.Can be either 'git' or 'helm. 'git' is assumed if empty or absent", + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"git", "helm"}, false), }, }, }, @@ -184,6 +204,25 @@ func resourceGitopsRepoCredCreate(ctx context.Context, d *schema.ResourceData, m d.MarkNewResource() return nil } + if attr, ok := d.GetOk("creds.0.password"); ok { + resp.RepoCreds.Password = attr.(string) + } + if attr, ok := d.GetOk("creds.0.ssh_private_key"); ok { + resp.RepoCreds.SshPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_data"); ok { + resp.RepoCreds.TlsClientCertData = attr.(string) + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_key"); ok { + resp.RepoCreds.TlsClientCertKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.github_app_private_key"); ok { + resp.RepoCreds.GithubAppPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.github_app_installation_id"); ok { + resp.RepoCreds.GithubAppInstallationID = attr.(string) + } + setGitopsRepositoriesCredential(d, &resp) return nil } @@ -230,6 +269,26 @@ func resourceGitopsRepoCredUpdate(ctx context.Context, d *schema.ResourceData, m d.MarkNewResource() return nil } + + if attr, ok := d.GetOk("creds.0.password"); ok { + resp.RepoCreds.Password = attr.(string) + } + if attr, ok := d.GetOk("creds.0.ssh_private_key"); ok { + resp.RepoCreds.SshPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_data"); ok { + resp.RepoCreds.TlsClientCertData = attr.(string) + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_key"); ok { + resp.RepoCreds.TlsClientCertKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.github_app_private_key"); ok { + resp.RepoCreds.GithubAppPrivateKey = attr.(string) + } + if attr, ok := d.GetOk("creds.0.github_app_installation_id"); ok { + resp.RepoCreds.GithubAppInstallationID = attr.(string) + } + setGitopsRepositoriesCredential(d, &resp) return nil } @@ -257,6 +316,38 @@ func resourceGitopsRepoCredRead(ctx context.Context, d *schema.ResourceData, met d.MarkNewResource() return nil } + + if attr, ok := d.GetOk("creds.0.password"); ok { + if len(resp.RepoCreds.Password) != 0 { + resp.RepoCreds.Password = attr.(string) + } + } + if attr, ok := d.GetOk("creds.0.ssh_private_key"); ok { + if len(resp.RepoCreds.SshPrivateKey) != 0 { + resp.RepoCreds.SshPrivateKey = attr.(string) + } + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_data"); ok { + if len(resp.RepoCreds.TlsClientCertData) != 0 { + resp.RepoCreds.TlsClientCertData = attr.(string) + } + } + if attr, ok := d.GetOk("creds.0.tls_client_cert_key"); ok { + if len(resp.RepoCreds.TlsClientCertKey) != 0 { + resp.RepoCreds.TlsClientCertKey = attr.(string) + } + } + if attr, ok := d.GetOk("creds.0.github_app_private_key"); ok { + if len(resp.RepoCreds.GithubAppPrivateKey) != 0 { + resp.RepoCreds.GithubAppPrivateKey = attr.(string) + } + } + if attr, ok := d.GetOk("creds.0.github_app_installation_id"); ok { + if len(resp.RepoCreds.GithubAppInstallationID) != 0 { + resp.RepoCreds.GithubAppInstallationID = attr.(string) + } + } + setGitopsRepositoriesCredential(d, &resp) return nil }