From 1a05797891cc8fff3e951e4cae7b07c052d047c7 Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Tue, 16 Apr 2024 14:51:10 +0100 Subject: [PATCH 1/6] Add secret data source and tests --- .github/workflows/canary.yml | 1 + .github/workflows/k8s_tunnel.yml | 1 + .github/workflows/test_add_machine.yml | 1 + .github/workflows/test_integration.yml | 1 + docs/data-sources/secret.md | 25 ++++ .../data-sources/juju_secret/data-souce.tf | 4 + internal/provider/data_source_secrets.go | 134 ++++++++++++++++++ internal/provider/data_source_secrets_test.go | 71 ++++++++++ internal/provider/helpers.go | 1 + internal/provider/provider.go | 1 + 10 files changed, 240 insertions(+) create mode 100644 docs/data-sources/secret.md create mode 100644 examples/data-sources/juju_secret/data-souce.tf create mode 100644 internal/provider/data_source_secrets.go create mode 100644 internal/provider/data_source_secrets_test.go diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml index 171059f9..80cf388b 100644 --- a/.github/workflows/canary.yml +++ b/.github/workflows/canary.yml @@ -75,6 +75,7 @@ jobs: run: | CONTROLLER=$(juju whoami --format yaml | yq .controller) + echo "JUJU_AGENT_VERSION=$(juju show-controller | yq .$CONTROLLER.details.agent-version |tr -d '"')" >> $GITHUB_ENV echo "JUJU_CONTROLLER_ADDRESSES=$(juju show-controller | yq .$CONTROLLER.details.api-endpoints | yq -r '. | join(",")')" >> $GITHUB_ENV echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)" >> $GITHUB_ENV echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)" >> $GITHUB_ENV diff --git a/.github/workflows/k8s_tunnel.yml b/.github/workflows/k8s_tunnel.yml index 48d7e5bf..9e0f9a43 100644 --- a/.github/workflows/k8s_tunnel.yml +++ b/.github/workflows/k8s_tunnel.yml @@ -68,6 +68,7 @@ jobs: run: | echo "Determine Juju details" CONTROLLER=$(juju whoami --format yaml | yq .controller) + JUJU_AGENT_VERSION=$(juju show-controller | yq .$CONTROLLER.details.agent-version |tr -d '"') JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user) JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password) JUJU_CA_CERT=$(juju show-controller | yq .$CONTROLLER.details.ca-cert | sed ':a;N;$!ba;s/\n/\\n/g') diff --git a/.github/workflows/test_add_machine.yml b/.github/workflows/test_add_machine.yml index ea68416d..f8aaa5a5 100644 --- a/.github/workflows/test_add_machine.yml +++ b/.github/workflows/test_add_machine.yml @@ -76,6 +76,7 @@ jobs: run: | CONTROLLER=$(juju whoami --format yaml | yq .controller) + echo "JUJU_AGENT_VERSION=$(juju show-controller | yq .$CONTROLLER.details.agent-version |tr -d '"')" >> $GITHUB_ENV echo "JUJU_CONTROLLER_ADDRESSES=$(juju show-controller | yq .$CONTROLLER.details.api-endpoints | yq -r '. | join(",")')" >> $GITHUB_ENV echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)" >> $GITHUB_ENV echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)" >> $GITHUB_ENV diff --git a/.github/workflows/test_integration.yml b/.github/workflows/test_integration.yml index 9c964d33..bf8b73c6 100644 --- a/.github/workflows/test_integration.yml +++ b/.github/workflows/test_integration.yml @@ -79,6 +79,7 @@ jobs: run: | CONTROLLER=$(juju whoami --format yaml | yq .controller) + echo "JUJU_AGENT_VERSION=$(juju show-controller | yq .$CONTROLLER.details.agent-version |tr -d '"')" >> $GITHUB_ENV echo "JUJU_CONTROLLER_ADDRESSES=$(juju show-controller | yq .$CONTROLLER.details.api-endpoints | yq -r '. | join(",")')" >> $GITHUB_ENV echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)" >> $GITHUB_ENV echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)" >> $GITHUB_ENV diff --git a/docs/data-sources/secret.md b/docs/data-sources/secret.md new file mode 100644 index 00000000..26cb194f --- /dev/null +++ b/docs/data-sources/secret.md @@ -0,0 +1,25 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "juju_secret Data Source - terraform-provider-juju" +subcategory: "" +description: |- + A data source representing a Juju Secret. +--- + +# juju_secret (Data Source) + +A data source representing a Juju Secret. + + + + +## Schema + +### Required + +- `model` (String) The name of the model containing the secret. +- `name` (String) The name of the secret. + +### Read-Only + +- `secret_id` (String) The ID of the secret. diff --git a/examples/data-sources/juju_secret/data-souce.tf b/examples/data-sources/juju_secret/data-souce.tf new file mode 100644 index 00000000..52c99214 --- /dev/null +++ b/examples/data-sources/juju_secret/data-souce.tf @@ -0,0 +1,4 @@ +data "juju_secret" "this" { + model = "model-name" + name = "secret-name" +} diff --git a/internal/provider/data_source_secrets.go b/internal/provider/data_source_secrets.go new file mode 100644 index 00000000..3bc23a37 --- /dev/null +++ b/internal/provider/data_source_secrets.go @@ -0,0 +1,134 @@ +// Copyright 2024 Canonical Ltd. +// Licensed under the AGPLv3, see LICENCE file for details. + +package provider + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/juju/terraform-provider-juju/internal/juju" +) + +// Ensure provider defined types fully satisfy framework interfaces. +var _ datasource.DataSourceWithConfigure = &secretDataSource{} + +func NewSecretDataSource() datasource.DataSource { + return &secretDataSource{} +} + +type secretDataSource struct { + client *juju.Client + + // context for the logging subsystem. + subCtx context.Context +} + +// secretDataSourceModel is the juju data stored by terraform. +// tfsdk must match secret data source schema attribute names. +type secretDataSourceModel struct { + // Model to which the secret belongs. + Model types.String `tfsdk:"model"` + // Name of the secret to be updated or removed. + Name types.String `tfsdk:"name"` + // SecretId is the ID of the secret. + SecretId types.String `tfsdk:"secret_id"` +} + +// Metadata returns the full data source name as used in terraform plans. +func (d *secretDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_secret" +} + +// Schema returns the schema for the model data source. +func (d *secretDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + Description: "A data source representing a Juju Secret.", + Attributes: map[string]schema.Attribute{ + "model": schema.StringAttribute{ + Description: "The name of the model containing the secret.", + Required: true, + }, + "name": schema.StringAttribute{ + Description: "The name of the secret.", + Required: true, + }, + "secret_id": schema.StringAttribute{ + Description: "The ID of the secret.", + Computed: true, + }, + }, + } +} + +// Configure enables provider-level data or clients to be set in the +// provider-defined DataSource type. It is separately executed for each +// ReadDataSource RPC. +func (d *secretDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) { + // Prevent panic if the provider has not been configured. + if req.ProviderData == nil { + return + } + + client, ok := req.ProviderData.(*juju.Client) + if !ok { + resp.Diagnostics.AddError( + "Unexpected Data Source Configure Type", + fmt.Sprintf("Expected *http.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData), + ) + return + } + + d.client = client + d.subCtx = tflog.NewSubsystem(ctx, LogDataSourceSecret) +} + +// Read is called when the provider must read data source values in +// order to update state. Config values should be read from the +// ReadRequest and new state values set on the ReadResponse. +func (d *secretDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + // Prevent panic if the provider has not been configured. + if d.client == nil { + addDSClientNotConfiguredError(&resp.Diagnostics, "secret") + return + } + + var data secretDataSourceModel + + // Read Terraform configuration state into the model + resp.Diagnostics.Append(req.Config.Get(ctx, &data)...) + if resp.Diagnostics.HasError() { + return + } + + readSecretOutput, err := d.client.Secrets.ReadSecret(&juju.ReadSecretInput{ + ModelName: data.Model.ValueString(), + Name: data.Name.ValueStringPointer(), + Revision: nil, + }) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read secret, got error: %s", err)) + return + } + d.trace(fmt.Sprintf("read secret data source %q", data.SecretId)) + + data.SecretId = types.StringValue(readSecretOutput.SecretId) + + // Save state into Terraform state + resp.Diagnostics.Append(resp.State.Set(ctx, &data)...) +} + +func (d *secretDataSource) trace(msg string, additionalFields ...map[string]interface{}) { + if d.subCtx == nil { + return + } + + //SubsystemTrace(subCtx, "datasource-secret", "hello, world", map[string]interface{}{"foo": 123}) + // Output: + // {"@level":"trace","@message":"hello, world","@module":"juju.datasource-secret","foo":123} + tflog.SubsystemTrace(d.subCtx, LogDataSourceSecret, msg, additionalFields...) +} diff --git a/internal/provider/data_source_secrets_test.go b/internal/provider/data_source_secrets_test.go new file mode 100644 index 00000000..7228dd90 --- /dev/null +++ b/internal/provider/data_source_secrets_test.go @@ -0,0 +1,71 @@ +// Copyright 2024 Canonical Ltd. +// Licensed under the AGPLv3, see LICENCE file for details. + +package provider + +import ( + "fmt" + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + internaltesting "github.com/juju/terraform-provider-juju/internal/testing" +) + +func TestAcc_DataSourceSecret(t *testing.T) { + if os.Getenv("JUJU_AGENT_VERSION") == "" || internaltesting.CompareVersions(os.Getenv("JUJU_AGENT_VERSION"), "3.3.0") < 0 { + t.Skip("JUJU_AGENT_VERSION is not set or is below 3.3.0") + } + modelName := acctest.RandomWithPrefix("tf-datasource-secret-test-model") + // ...-test-[0-9]+ is not a valid secret name, need to remove the dash before numbers + secretName := fmt.Sprintf("tf-datasource-secret-test%d", acctest.RandInt()) + secretValue := map[string]string{ + "key1": "value1", + "key2": "value2", + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: frameworkProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSecret(modelName, secretName, secretValue), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.juju_secret.secret_data_source", "model", modelName), + resource.TestCheckResourceAttr("data.juju_secret.secret_data_source", "name", secretName), + resource.TestCheckResourceAttrPair("data.juju_secret.secret_data_source", "secretID", "juju_secret.secret_resource", "secretID"), + ), + }, + }, + }) +} + +func testAccDataSourceSecret(modelName, secretName string, secretValue map[string]string) string { + return internaltesting.GetStringFromTemplateWithData( + "testAccResourceSecret", + ` +resource "juju_model" "{{.ModelName}}" { + name = "{{.ModelName}}" +} + +resource "juju_secret" "secret_resource" { + model = juju_model.{{.ModelName}}.name + name = "{{.SecretName}}" + value = { + {{- range $key, $value := .SecretValue }} + "{{$key}}" = "{{$value}}" + {{- end }} + } +} + +data "juju_secret" "secret_data_source" { + name = juju_secret.secret_resource.name + model = juju_model.{{.ModelName}}.name +} +`, internaltesting.TemplateData{ + "ModelName": modelName, + "SecretName": secretName, + "SecretValue": secretValue, + }) +} diff --git a/internal/provider/helpers.go b/internal/provider/helpers.go index 71a1facb..0d2e5d7a 100644 --- a/internal/provider/helpers.go +++ b/internal/provider/helpers.go @@ -19,6 +19,7 @@ const ( LogDataSourceMachine = "datasource-machine" LogDataSourceModel = "datasource-model" LogDataSourceOffer = "datasource-offer" + LogDataSourceSecret = "datasource-secret" LogResourceApplication = "resource-application" LogResourceAccessModel = "resource-assess-model" diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 0fb3091c..b261c825 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -306,6 +306,7 @@ func (p *jujuProvider) DataSources(_ context.Context) []func() datasource.DataSo func() datasource.DataSource { return NewMachineDataSource() }, func() datasource.DataSource { return NewModelDataSource() }, func() datasource.DataSource { return NewOfferDataSource() }, + func() datasource.DataSource { return NewSecretDataSource() }, } } From 0a4beea8acb8ee5b6230a9d8bf0b1fa1ae36a47d Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Thu, 18 Apr 2024 17:06:23 +0100 Subject: [PATCH 2/6] Use the secretID to access the sceret data source if its available rather than the name --- internal/provider/data_source_secrets.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/internal/provider/data_source_secrets.go b/internal/provider/data_source_secrets.go index 3bc23a37..a88d292f 100644 --- a/internal/provider/data_source_secrets.go +++ b/internal/provider/data_source_secrets.go @@ -105,11 +105,20 @@ func (d *secretDataSource) Read(ctx context.Context, req datasource.ReadRequest, return } - readSecretOutput, err := d.client.Secrets.ReadSecret(&juju.ReadSecretInput{ - ModelName: data.Model.ValueString(), - Name: data.Name.ValueStringPointer(), - Revision: nil, - }) + var readSecretInput juju.ReadSecretInput + if data.SecretId.IsNull() || data.SecretId.IsUnknown() { + readSecretInput = juju.ReadSecretInput{ + ModelName: data.Model.ValueString(), + Name: data.Name.ValueStringPointer(), + } + } else { + readSecretInput = juju.ReadSecretInput{ + ModelName: data.Model.ValueString(), + SecretId: data.SecretId.ValueString(), + } + } + + readSecretOutput, err := d.client.Secrets.ReadSecret(&readSecretInput) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read secret, got error: %s", err)) return From ac80039875fc078e172d5a50d0cd9910375a5a72 Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Thu, 18 Apr 2024 17:07:11 +0100 Subject: [PATCH 3/6] Add docs update --- docs/resources/secret.md | 30 ++++++++++++++++++++++++ internal/provider/data_source_secrets.go | 16 +++++-------- 2 files changed, 36 insertions(+), 10 deletions(-) create mode 100644 docs/resources/secret.md diff --git a/docs/resources/secret.md b/docs/resources/secret.md new file mode 100644 index 00000000..b1d2fe83 --- /dev/null +++ b/docs/resources/secret.md @@ -0,0 +1,30 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "juju_secret Resource - terraform-provider-juju" +subcategory: "" +description: |- + A resource that represents a Juju secret. +--- + +# juju_secret (Resource) + +A resource that represents a Juju secret. + + + + +## Schema + +### Required + +- `model` (String) The model in which the secret belongs. +- `value` (Map of String, Sensitive) The value map of the secret. There can be more than one key-value pair. + +### Optional + +- `info` (String) The description of the secret. +- `name` (String) The name of the secret. + +### Read-Only + +- `secret_id` (String) The ID of the secret. diff --git a/internal/provider/data_source_secrets.go b/internal/provider/data_source_secrets.go index a88d292f..c4d64741 100644 --- a/internal/provider/data_source_secrets.go +++ b/internal/provider/data_source_secrets.go @@ -105,17 +105,13 @@ func (d *secretDataSource) Read(ctx context.Context, req datasource.ReadRequest, return } - var readSecretInput juju.ReadSecretInput - if data.SecretId.IsNull() || data.SecretId.IsUnknown() { - readSecretInput = juju.ReadSecretInput{ - ModelName: data.Model.ValueString(), - Name: data.Name.ValueStringPointer(), - } + readSecretInput := juju.ReadSecretInput{ + ModelName: data.Model.ValueString(), + } + if data.SecretId.ValueString() == "" { + readSecretInput.Name = data.Name.ValueStringPointer() } else { - readSecretInput = juju.ReadSecretInput{ - ModelName: data.Model.ValueString(), - SecretId: data.SecretId.ValueString(), - } + readSecretInput.SecretId = data.SecretId.ValueString() } readSecretOutput, err := d.client.Secrets.ReadSecret(&readSecretInput) From f13ebcb5663049b5e0aea15f6b6aff0289854799 Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Fri, 19 Apr 2024 09:01:47 +0100 Subject: [PATCH 4/6] Improve example, sort imports and minor code changes Add a full example with a charm using the secret Sort import statements into stanzas Call os.Getenv only once for tests Check if secret id is emepty by directly comparing to empty string. --- .../data-sources/juju_secret/data-souce.tf | 32 +++++++++++++++++-- internal/provider/data_source_secrets.go | 1 + internal/provider/data_source_secrets_test.go | 7 +++- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/examples/data-sources/juju_secret/data-souce.tf b/examples/data-sources/juju_secret/data-souce.tf index 52c99214..03f58dbb 100644 --- a/examples/data-sources/juju_secret/data-souce.tf +++ b/examples/data-sources/juju_secret/data-souce.tf @@ -1,4 +1,30 @@ -data "juju_secret" "this" { - model = "model-name" - name = "secret-name" +data "juju_model" "my_model" { + name = "default" } + +data "juju_secret" "my_secret_data_source" { + name = "my_secret" + model = data.juju_model.my_model.name +} + +resource "juju_application" "ubuntu" { + model = juju_model.my_model.name + name = "ubuntu" + + charm { + name = "ubuntu" + } + + config = { + secret = data.juju_secret.my_secret_data_source.secret_id + } +} + +resource "juju_access_secret" "my_secret_access" { + model = juju_model.my_model.name + applications = [ + juju_application.ubuntu.name + ] + secret_id = data.juju_secret.my_secret_data_source.secret_id +} + diff --git a/internal/provider/data_source_secrets.go b/internal/provider/data_source_secrets.go index c4d64741..b44b900c 100644 --- a/internal/provider/data_source_secrets.go +++ b/internal/provider/data_source_secrets.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/datasource/schema" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/juju/terraform-provider-juju/internal/juju" ) diff --git a/internal/provider/data_source_secrets_test.go b/internal/provider/data_source_secrets_test.go index 7228dd90..eab26bef 100644 --- a/internal/provider/data_source_secrets_test.go +++ b/internal/provider/data_source_secrets_test.go @@ -10,11 +10,16 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" + internaltesting "github.com/juju/terraform-provider-juju/internal/testing" ) +// TODO(aflynn): Add add actual usage of the data source to the test. This is +// blocked on the lack of schema for secret access. + func TestAcc_DataSourceSecret(t *testing.T) { - if os.Getenv("JUJU_AGENT_VERSION") == "" || internaltesting.CompareVersions(os.Getenv("JUJU_AGENT_VERSION"), "3.3.0") < 0 { + version := os.Getenv("JUJU_AGENT_VERSION") + if version == "" || internaltesting.CompareVersions(version, "3.3.0") < 0 { t.Skip("JUJU_AGENT_VERSION is not set or is below 3.3.0") } modelName := acctest.RandomWithPrefix("tf-datasource-secret-test-model") From 5934da17801bc1f6a6c630c0475eec6e6d71da33 Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Fri, 19 Apr 2024 09:07:38 +0100 Subject: [PATCH 5/6] Do make docs --- examples/data-sources/juju_secret/data-souce.tf | 6 +++--- internal/provider/data_source_secrets.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/data-sources/juju_secret/data-souce.tf b/examples/data-sources/juju_secret/data-souce.tf index 03f58dbb..bce046d1 100644 --- a/examples/data-sources/juju_secret/data-souce.tf +++ b/examples/data-sources/juju_secret/data-souce.tf @@ -3,13 +3,13 @@ data "juju_model" "my_model" { } data "juju_secret" "my_secret_data_source" { - name = "my_secret" + name = "my_secret" model = data.juju_model.my_model.name } resource "juju_application" "ubuntu" { model = juju_model.my_model.name - name = "ubuntu" + name = "ubuntu" charm { name = "ubuntu" @@ -20,7 +20,7 @@ resource "juju_application" "ubuntu" { } } -resource "juju_access_secret" "my_secret_access" { +resource "juju_access_secret" "my_secret_access" { model = juju_model.my_model.name applications = [ juju_application.ubuntu.name diff --git a/internal/provider/data_source_secrets.go b/internal/provider/data_source_secrets.go index b44b900c..3dd61c01 100644 --- a/internal/provider/data_source_secrets.go +++ b/internal/provider/data_source_secrets.go @@ -34,7 +34,7 @@ type secretDataSource struct { type secretDataSourceModel struct { // Model to which the secret belongs. Model types.String `tfsdk:"model"` - // Name of the secret to be updated or removed. + // Name of the secret in the model. Name types.String `tfsdk:"name"` // SecretId is the ID of the secret. SecretId types.String `tfsdk:"secret_id"` From 609e7ed130ce175078e20f8fa749dce5d1785055 Mon Sep 17 00:00:00 2001 From: Alastair Flynn Date: Fri, 19 Apr 2024 09:22:09 +0100 Subject: [PATCH 6/6] Update docs --- docs/data-sources/secret.md | 34 ++++++++++++++++++- .../{data-souce.tf => data-source.tf} | 4 +-- 2 files changed, 35 insertions(+), 3 deletions(-) rename examples/data-sources/juju_secret/{data-souce.tf => data-source.tf} (86%) diff --git a/docs/data-sources/secret.md b/docs/data-sources/secret.md index 26cb194f..273b9c66 100644 --- a/docs/data-sources/secret.md +++ b/docs/data-sources/secret.md @@ -10,7 +10,39 @@ description: |- A data source representing a Juju Secret. - +## Example Usage + +```terraform +data "juju_model" "my_model" { + name = "default" +} + +data "juju_secret" "my_secret_data_source" { + name = "my_secret" + model = data.juju_model.my_model.name +} + +resource "juju_application" "ubuntu" { + model = data.juju_model.my_model.name + name = "ubuntu" + + charm { + name = "ubuntu" + } + + config = { + secret = data.juju_secret.my_secret_data_source.secret_id + } +} + +resource "juju_access_secret" "my_secret_access" { + model = data.juju_model.my_model.name + applications = [ + juju_application.ubuntu.name + ] + secret_id = data.juju_secret.my_secret_data_source.secret_id +} +``` ## Schema diff --git a/examples/data-sources/juju_secret/data-souce.tf b/examples/data-sources/juju_secret/data-source.tf similarity index 86% rename from examples/data-sources/juju_secret/data-souce.tf rename to examples/data-sources/juju_secret/data-source.tf index bce046d1..cb39fc7d 100644 --- a/examples/data-sources/juju_secret/data-souce.tf +++ b/examples/data-sources/juju_secret/data-source.tf @@ -8,7 +8,7 @@ data "juju_secret" "my_secret_data_source" { } resource "juju_application" "ubuntu" { - model = juju_model.my_model.name + model = data.juju_model.my_model.name name = "ubuntu" charm { @@ -21,7 +21,7 @@ resource "juju_application" "ubuntu" { } resource "juju_access_secret" "my_secret_access" { - model = juju_model.my_model.name + model = data.juju_model.my_model.name applications = [ juju_application.ubuntu.name ]