diff --git a/.changelog/1029.txt b/.changelog/1029.txt
new file mode 100644
index 000000000..177a8a13a
--- /dev/null
+++ b/.changelog/1029.txt
@@ -0,0 +1,6 @@
+```release-note:fix
+harness_platform_gitops_repository: make fields computed, add sensitive for credentials
+harness_platform_gitops_repository: add sensitive for credentials, fix validation add missing value GITHUB_ENTERPRISE
+harness_platform_gitops_repo_cred: add sensitive for credentials, modify fields to computed
+resource_gitops_repo_cred.go: add sensitive for credentials, add ForceNew for harness identifiers and for url.
+```
diff --git a/docs/data-sources/platform_gitops_repo_cred.md b/docs/data-sources/platform_gitops_repo_cred.md
index fe31ce697..6a6b7982f 100644
--- a/docs/data-sources/platform_gitops_repo_cred.md
+++ b/docs/data-sources/platform_gitops_repo_cred.md
@@ -33,18 +33,18 @@ data "harness_platform_gitops_repo_cred" "test" {
### Optional
-- `creds` (Block List) credential details. (see [below for nested schema](#nestedblock--creds))
- `org_id` (String) Organization identifier of the Repository Credentials.
- `project_id` (String) Project identifier of the Repository Credentials.
### Read-Only
+- `creds` (List of Object) credential details. (see [below for nested schema](#nestedatt--creds))
- `id` (String) The ID of this resource.
-
+
### Nested Schema for `creds`
-Optional:
+Read-Only:
- `enable_oci` (Boolean) Specifies whether helm-oci support should be enabled for this repo.
- `github_app_enterprise_base_url` (String) Specifies the GitHub API URL for GitHub app authentication.
diff --git a/docs/data-sources/platform_gitops_repository.md b/docs/data-sources/platform_gitops_repository.md
index 8696291a7..efd1e0541 100644
--- a/docs/data-sources/platform_gitops_repository.md
+++ b/docs/data-sources/platform_gitops_repository.md
@@ -33,24 +33,15 @@ data "harness_platform_gitops_repository" "example" {
### Optional
-- `enable_oci` (Boolean) Indicates if helm-oci support must be enabled for this repo.
- `org_id` (String) Organization identifier of the GitOps repository.
- `project_id` (String) Project identifier of the GitOps repository.
-- `update_mask` (Block List) Update mask of the repository. (see [below for nested schema](#nestedblock--update_mask))
### Read-Only
+- `enable_oci` (Boolean) Indicates if helm-oci support must be enabled for this repo.
- `id` (String) The ID of this resource.
- `repo` (List of Object) Repo details holding application configurations. (see [below for nested schema](#nestedatt--repo))
-
-### Nested Schema for `update_mask`
-
-Optional:
-
-- `paths` (List of String) The set of field mask paths.
-
-
### Nested Schema for `repo`
diff --git a/docs/resources/platform_gitops_repo_cred.md b/docs/resources/platform_gitops_repo_cred.md
index a2d5df778..100466e35 100644
--- a/docs/resources/platform_gitops_repo_cred.md
+++ b/docs/resources/platform_gitops_repo_cred.md
@@ -62,11 +62,11 @@ Optional:
- `github_app_enterprise_base_url` (String) Specifies the GitHub API URL for GitHub app authentication.
- `github_app_id` (String) Specifies the Github App ID of the app used to access the repo for GitHub app authentication.
- `github_app_installation_id` (String) Specifies the ID of the installed GitHub App for GitHub app authentication.
-- `github_app_private_key` (String) github_app_private_key specifies the private key PEM data for authentication via GitHub app.
-- `password` (String) Password or PAT to be used for authenticating the remote repository.
-- `ssh_private_key` (String) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
-- `tls_client_cert_data` (String) Certificate in PEM format for authenticating at the repo server. This is used for mTLS.
-- `tls_client_cert_key` (String) Private key in PEM format for authenticating at the repo server. This is used for mTLS.
+- `github_app_private_key` (String, Sensitive) github_app_private_key specifies the private key PEM data for authentication via GitHub app.
+- `password` (String, Sensitive) Password or PAT to be used for authenticating the remote repository.
+- `ssh_private_key` (String, Sensitive) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
+- `tls_client_cert_data` (String, Sensitive) Certificate in PEM format for authenticating at the repo server. This is used for mTLS.
+- `tls_client_cert_key` (String, Sensitive) Private key in PEM format for authenticating at the repo server. This is used for mTLS.
- `type` (String) Type specifies the type of the repoCreds.Can be either 'git' or 'helm. 'git' is assumed if empty or absent
- `url` (String) URL of the remote repository. Make sure you pass at least an org, this will not work if you just provide the host, for eg. "https://github.com"
- `username` (String) Username to be used for authenticating the remote repository.
diff --git a/docs/resources/platform_gitops_repository.md b/docs/resources/platform_gitops_repository.md
index 722202b45..ae8c2db1c 100644
--- a/docs/resources/platform_gitops_repository.md
+++ b/docs/resources/platform_gitops_repository.md
@@ -230,7 +230,7 @@ Enum: "UNSET" "AWS_ECR" "GOOGLE_GCR"
Required:
-- `connection_type` (String) Identifies the authentication method used to connect to the repository. Possible values: "HTTPS" "SSH" "GITHUB" "HTTPS_ANONYMOUS_CONNECTION_TYPE"
+- `connection_type` (String) Identifies the authentication method used to connect to the repository. Possible values: "HTTPS" "SSH" "GITHUB" "HTTPS_ANONYMOUS", "GITHUB_ENTERPRISE".
- `repo` (String) URL to the remote repository.
Optional:
@@ -240,20 +240,23 @@ Optional:
- `github_app_enterprise_base_url` (String) Base URL of GitHub Enterprise installation. If left empty, this defaults to https://api.github.com.
- `github_app_id` (String) Id of the GitHub app used to access the repo.
- `github_app_installation_id` (String) Installation id of the GitHub app used to access the repo.
-- `github_app_private_key` (String) GitHub app private key PEM data.
-- `inherited_creds` (Boolean) Indicates if the credentials were inherited from a repository credential.
+- `github_app_private_key` (String, Sensitive) GitHub app private key PEM data.
- `insecure` (Boolean) Indicates if the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys.
- `insecure_ignore_host_key` (Boolean) Indicates if InsecureIgnoreHostKey should be used. Insecure is favored used only for git repos. Deprecated.
- `name` (String) Name to be used for this repo. Only used with Helm repos.
-- `password` (String) Password or PAT to be used for authenticating the remote repository.
+- `password` (String, Sensitive) Password or PAT to be used for authenticating the remote repository.
- `project` (String) The ArgoCD project name corresponding to this GitOps repository. An empty string means that the GitOps repository belongs to the default project created by Harness.
- `proxy` (String) The HTTP/HTTPS proxy used to access the repo.
-- `ssh_private_key` (String) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
-- `tls_client_cert_data` (String) Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.
-- `tls_client_cert_key` (String) Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.
+- `ssh_private_key` (String, Sensitive) SSH Key in PEM format for authenticating the repository. Used only for Git repository.
+- `tls_client_cert_data` (String, Sensitive) Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.
+- `tls_client_cert_key` (String, Sensitive) Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.
- `type_` (String) Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
- `username` (String) Username to be used for authenticating the remote repository.
+Read-Only:
+
+- `inherited_creds` (Boolean) Indicates if the credentials were inherited from a repository credential.
+
### Nested Schema for `ecr_gen`
@@ -280,8 +283,8 @@ Optional:
Optional:
- `aws_access_key_id` (String) AWS access key id.
-- `aws_secret_access_key` (String) AWS secret access key.
-- `aws_session_token` (String) AWS session token.
+- `aws_secret_access_key` (String, Sensitive) AWS secret access key.
+- `aws_session_token` (String, Sensitive) AWS session token.
@@ -290,7 +293,7 @@ Optional:
Optional:
-- `access_key` (String) GCP access key.
+- `access_key` (String, Sensitive) GCP access key.
- `project_id` (String) GCP project id.
- `workload_identity` (Block List, Max: 1) GCP workload identity. (see [below for nested schema](#nestedblock--gcr_gen--workload_identity))
diff --git a/internal/service/platform/gitops/repository/data_source_gitops_repository.go b/internal/service/platform/gitops/repository/data_source_gitops_repository.go
index 30b2b3262..6b1b0d011 100644
--- a/internal/service/platform/gitops/repository/data_source_gitops_repository.go
+++ b/internal/service/platform/gitops/repository/data_source_gitops_repository.go
@@ -8,7 +8,6 @@ import (
"github.com/harness/terraform-provider-harness/internal"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
- "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)
func DataSourceGitopsRepository() *schema.Resource {
@@ -52,105 +51,108 @@ func DataSourceGitopsRepository() *schema.Resource {
"repo": {
Description: "URL to the remote repository.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"username": {
Description: "Username to be used for authenticating the remote repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"password": {
Description: "Password or PAT to be used for authenticating the remote repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"ssh_private_key": {
Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"insecure_ignore_host_key": {
Description: "Indicates if InsecureIgnoreHostKey should be used. Insecure is favored used only for git repos. Deprecated.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"insecure": {
Description: "Indicates if the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"enable_lfs": {
Description: "Indicates if git-lfs support must be enabled for this repo. This is valid only for Git repositories.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"tls_client_cert_data": {
Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"tls_client_cert_key": {
Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"type_": {
- Description: "Type specifies the type of the repo. Can be either \"git\" or \"helm. \"git\" is assumed if empty or absent.",
- Type: schema.TypeString,
- Optional: true,
- Computed: true,
- ValidateFunc: validation.StringInSlice([]string{"git", "helm"}, false),
+ Description: "Type specifies the type of the repo. Can be either \"git\" or \"helm. \"git\" is assumed if empty or absent.",
+ Type: schema.TypeString,
+ Computed: true,
},
"name": {
Description: "Name to be used for this repo. Only used with Helm repos.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"inherited_creds": {
Description: "Indicates if the credentials were inherited from a repository credential.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"enable_oci": {
Description: "Indicates if helm-oci support must be enabled for this repo.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"github_app_private_key": {
Description: "GitHub app private key PEM data.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"github_app_id": {
Description: "Id of the GitHub app used to access the repo.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"github_app_installation_id": {
Description: "Installation id of the GitHub app used to access the repo.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"github_app_enterprise_base_url": {
Description: "Base URL of GitHub Enterprise installation. If left empty, this defaults to https://api.github.com.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"proxy": {
Description: "The HTTP/HTTPS proxy used to access the repo.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"project": {
Description: "The ArgoCD project name corresponding to this GitOps repository. An empty string means that the GitOps repository belongs to the default project created by Harness.",
Type: schema.TypeString,
- Optional: true,
Computed: true,
},
"connection_type": {
Description: "Identifies the authentication method used to connect to the repository. Possible values: \"HTTPS\" \"SSH\" \"GITHUB\" \"HTTPS_ANONYMOUS_CONNECTION_TYPE\"",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
},
},
@@ -158,27 +160,8 @@ func DataSourceGitopsRepository() *schema.Resource {
"enable_oci": {
Description: "Indicates if helm-oci support must be enabled for this repo.",
Type: schema.TypeBool,
- Optional: true,
Computed: true,
},
- "update_mask": {
- Description: "Update mask of the repository.",
- Type: schema.TypeList,
- Optional: true,
- Computed: true,
- Elem: &schema.Resource{
- Schema: map[string]*schema.Schema{
- "paths": {
- Description: "The set of field mask paths.",
- Optional: true,
- Type: schema.TypeList,
- Elem: &schema.Schema{
- Type: schema.TypeString,
- },
- },
- },
- },
- },
},
}
return resource
diff --git a/internal/service/platform/gitops/repository/resource_gitops_repository.go b/internal/service/platform/gitops/repository/resource_gitops_repository.go
index 743e9259d..247b9d45e 100644
--- a/internal/service/platform/gitops/repository/resource_gitops_repository.go
+++ b/internal/service/platform/gitops/repository/resource_gitops_repository.go
@@ -75,12 +75,14 @@ func ResourceGitopsRepositories() *schema.Resource {
Description: "Password or PAT to be used for authenticating the remote repository.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"ssh_private_key": {
Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.",
Type: schema.TypeString,
Optional: true,
Computed: true,
+ Sensitive: true,
},
"insecure_ignore_host_key": {
Description: "Indicates if InsecureIgnoreHostKey should be used. Insecure is favored used only for git repos. Deprecated.",
@@ -102,11 +104,13 @@ func ResourceGitopsRepositories() *schema.Resource {
Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"tls_client_cert_key": {
Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS. The value should be base64 encoded.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"type_": {
Description: "Type specifies the type of the repo. Can be either \"git\" or \"helm. \"git\" is assumed if empty or absent.",
@@ -134,6 +138,7 @@ func ResourceGitopsRepositories() *schema.Resource {
Description: "GitHub app private key PEM data.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"github_app_id": {
Description: "Id of the GitHub app used to access the repo.",
@@ -162,10 +167,10 @@ func ResourceGitopsRepositories() *schema.Resource {
Computed: true,
},
"connection_type": {
- Description: "Identifies the authentication method used to connect to the repository. Possible values: \"HTTPS\" \"SSH\" \"GITHUB\" \"HTTPS_ANONYMOUS\"",
+ Description: "Identifies the authentication method used to connect to the repository. Possible values: \"HTTPS\" \"SSH\" \"GITHUB\" \"HTTPS_ANONYMOUS\", \"GITHUB_ENTERPRISE\".",
Type: schema.TypeString,
Required: true,
- ValidateFunc: validation.StringInSlice([]string{"HTTPS", "SSH", "GITHUB", "HTTPS_ANONYMOUS"}, false),
+ ValidateFunc: validation.StringInSlice([]string{"HTTPS", "SSH", "GITHUB", "HTTPS_ANONYMOUS", "GITHUB_ENTERPRISE"}, false),
},
},
},
@@ -218,11 +223,13 @@ func ResourceGitopsRepositories() *schema.Resource {
Description: "AWS secret access key.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"aws_session_token": {
Description: "AWS session token.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
},
},
@@ -274,6 +281,7 @@ func ResourceGitopsRepositories() *schema.Resource {
Description: "GCP access key.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"workload_identity": {
Description: "GCP workload identity.",
diff --git a/internal/service/platform/gitops/repository_credentials/data_source_gitops_repo_cred.go b/internal/service/platform/gitops/repository_credentials/data_source_gitops_repo_cred.go
index ae8145235..a825f53fd 100644
--- a/internal/service/platform/gitops/repository_credentials/data_source_gitops_repo_cred.go
+++ b/internal/service/platform/gitops/repository_credentials/data_source_gitops_repo_cred.go
@@ -47,69 +47,74 @@ func DataSourceGitOpsRepoCred() *schema.Resource {
"creds": {
Description: "credential details.",
Type: schema.TypeList,
- Optional: true,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"url": {
Description: "URL of the remote repository. Make sure you pass at least an org, this will not work if you just provide the host, for eg. \"https://github.com\"",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"username": {
Description: "Username to be used for authenticating the remote repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"password": {
Description: "Password or PAT to be used for authenticating the remote repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"ssh_private_key": {
Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"tls_client_cert_data": {
Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"tls_client_cert_key": {
Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"github_app_private_key": {
Description: "github_app_private_key specifies the private key PEM data for authentication via GitHub app.",
Type: schema.TypeString,
- Optional: true,
+ Sensitive: true,
+ Computed: true,
},
"github_app_id": {
Description: "Specifies the Github App ID of the app used to access the repo for GitHub app authentication.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"github_app_installation_id": {
Description: "Specifies the ID of the installed GitHub App for GitHub app authentication.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"github_app_enterprise_base_url": {
Description: "Specifies the GitHub API URL for GitHub app authentication.",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
"enable_oci": {
Description: "Specifies whether helm-oci support should be enabled for this repo.",
Type: schema.TypeBool,
- Optional: true,
+ Computed: true,
},
"type": {
Description: "Type specifies the type of the repoCreds.Can be either 'git' or 'helm. 'git' is assumed if empty or absent",
Type: schema.TypeString,
- Optional: true,
+ Computed: true,
},
},
},
diff --git a/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go b/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go
index 82b4ae4af..822c00852 100644
--- a/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go
+++ b/internal/service/platform/gitops/repository_credentials/resource_gitops_repo_cred.go
@@ -28,26 +28,31 @@ func ResourceGitopsRepoCred() *schema.Resource {
Description: "Identifier of the Repository Credentials.",
Type: schema.TypeString,
Required: true,
+ ForceNew: true,
},
"agent_id": {
Description: "Agent identifier of the Repository Credentials.",
Type: schema.TypeString,
Required: true,
+ ForceNew: true,
},
"account_id": {
Description: "Account identifier of the Repository Credentials.",
Type: schema.TypeString,
Required: true,
+ ForceNew: true,
},
"org_id": {
Description: "Organization identifier of the Repository Credentials.",
Type: schema.TypeString,
Optional: true,
+ ForceNew: true,
},
"project_id": {
Description: "Project identifier of the Repository Credentials.",
Type: schema.TypeString,
Optional: true,
+ ForceNew: true,
},
"upsert": {
Description: "Indicates if the GitOps repository credential should be updated if existing and inserted if not.",
@@ -65,6 +70,7 @@ func ResourceGitopsRepoCred() *schema.Resource {
Description: "URL of the remote repository. Make sure you pass at least an org, this will not work if you just provide the host, for eg. \"https://github.com\"",
Type: schema.TypeString,
Optional: true,
+ ForceNew: true,
},
"username": {
Description: "Username to be used for authenticating the remote repository.",
@@ -75,26 +81,31 @@ func ResourceGitopsRepoCred() *schema.Resource {
Description: "Password or PAT to be used for authenticating the remote repository.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"ssh_private_key": {
Description: "SSH Key in PEM format for authenticating the repository. Used only for Git repository.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"tls_client_cert_data": {
Description: "Certificate in PEM format for authenticating at the repo server. This is used for mTLS.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"tls_client_cert_key": {
Description: "Private key in PEM format for authenticating at the repo server. This is used for mTLS.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"github_app_private_key": {
Description: "github_app_private_key specifies the private key PEM data for authentication via GitHub app.",
Type: schema.TypeString,
Optional: true,
+ Sensitive: true,
},
"github_app_id": {
Description: "Specifies the Github App ID of the app used to access the repo for GitHub app authentication.",