From 317590f25790e19b32a586c4af63b43ffd150913 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 15 Nov 2023 13:19:45 +0200 Subject: [PATCH 01/47] SC addition --- ibm/provider/provider.go | 2 + ...ource_ibm_sm_service_credentials_secret.go | 601 ++++++++++++ ...ource_ibm_sm_service_credentilas_secret.go | 868 ++++++++++++++++++ ...m_service_credentials_secret.html.markdown | 166 ++++ 4 files changed, 1637 insertions(+) create mode 100644 ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go create mode 100644 ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go create mode 100644 website/docs/r/sm_service_credentials_secret.html.markdown diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go index bdc22fc9a5..936814aded 100644 --- a/ibm/provider/provider.go +++ b/ibm/provider/provider.go @@ -710,6 +710,7 @@ func Provider() *schema.Provider { "ibm_sm_iam_credentials_secret": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmIamCredentialsSecret()), "ibm_sm_kv_secret": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmKvSecret()), "ibm_sm_username_password_secret": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmUsernamePasswordSecret()), + "ibm_sm_service_credentials_secret": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmServiceCredentialsSecret()), "ibm_sm_en_registration": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmEnRegistration()), // //Added for Satellite @@ -1234,6 +1235,7 @@ func Provider() *schema.Provider { "ibm_sm_public_certificate": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmPublicCertificate()), "ibm_sm_private_certificate": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmPrivateCertificate()), "ibm_sm_iam_credentials_secret": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmIamCredentialsSecret()), + "ibm_sm_service_credentials_secret": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmServiceCredentialsSecret()), "ibm_sm_username_password_secret": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmUsernamePasswordSecret()), "ibm_sm_kv_secret": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmKvSecret()), "ibm_sm_public_certificate_configuration_ca_lets_encrypt": secretsmanager.AddInstanceFields(secretsmanager.ResourceIbmSmPublicCertificateConfigurationCALetsEncrypt()), diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go new file mode 100644 index 0000000000..8e23da6863 --- /dev/null +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go @@ -0,0 +1,601 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager + +import ( + "context" + "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" + "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func DataSourceIbmSmServiceCredentialsSecret() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIbmSmServiceCredentialsSecretRead, + + Schema: map[string]*schema.Schema{ + "secret_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ExactlyOneOf: []string{"secret_id", "name"}, + Description: "The ID of the secret.", + }, + "created_by": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The unique identifier that is associated with the entity that created the secret.", + }, + "created_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was created. The date format follows RFC 3339.", + }, + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A CRN that uniquely identifies an IBM Cloud resource.", + }, + "custom_metadata": &schema.Schema{ + Type: schema.TypeMap, + Computed: true, + Description: "The secret metadata that a user can customize.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.", + }, + "downloaded": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.", + }, + "labels": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "locks_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of locks of the secret.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ExactlyOneOf: []string{"secret_id", "name"}, + RequiredWith: []string{"secret_group_name"}, + Description: "The human-readable name of your secret.", + }, + + "secret_group_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + ForceNew: true, + Description: "A v4 UUID identifier, or `default` secret group.", + }, + "secret_group_name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{"name"}, + Description: "The human-readable name of your secret group.", + }, + "secret_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.", + }, + "state": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values.", + }, + "state_description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A text representation of the secret state.", + }, + "updated_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was recently modified. The date format follows RFC 3339.", + }, + "versions_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of versions of the secret.", + }, + "ttl": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", + }, + "rotation": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secrets automatically.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auto_rotate": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval.", + }, + "interval": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The length of the secret rotation time interval.", + }, + "unit": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The units for the secret rotation time interval.", + }, + }, + }, + }, + "next_rotation_date": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date that the secret is scheduled for automatic rotation. The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.", + }, + "credentials": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The properties of the service credentials secret payload.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "apikey": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Sensitive: true, + Description: "The API key that is generated for this secret.", + }, + "cos_hmac_keys": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "access_key_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The access key ID for Cloud Object Storage HMAC credentials.", + }, + "secret_access_key": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The secret access key ID for Cloud Object Storage HMAC credentials.", + }, + }, + }, + }, + "endpoints": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The endpoints that are returned after you create a service credentials secret.", + }, + "iam_apikey_description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The description of the generated IAM API key.", + }, + "iam_apikey_name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The name of the generated IAM API key.", + }, + "iam_role_crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM role CRN that is returned after you create a service credentials secret.", + }, + "iam_serviceid_crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM serviceId CRN that is returned after you create a service credentials secret.", + }, + "resource_instance_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource instance CRN that is returned after you create a service credentials secret.", + }, + }, + }, + }, + "source_service": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The properties required for creating the service credentials for the specified source service instance.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "instance": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service instance identifier.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A CRN that uniquely identifies a service credentials target.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CRN role identifier for creating a service-id.", + }, + }, + }, + }, + "iam": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service IAM data is returned in case IAM credentials where created for this secret.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "apikey": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM apikey metadata for the IAM credentials that were generated.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key name for the generated service credentials.", + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key description for the generated service credentials.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM role for the generate service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM role CRN assigned to the generated service credentials.", + }, + }, + }, + }, + "serviceid": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM serviceid for the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM Service ID CRN.", + }, + }, + }, + }, + }, + }, + }, + "resource_key": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service resource key data of the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key CRN of the generated service credentials.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key name of the generated service credentials.", + }, + }, + }, + }, + "parameters": &schema.Schema{ + Type: schema.TypeMap, + Computed: true, + Description: "The collection of parameters for the service credentials target.", + }, + }, + }, + }, + }, + } +} + +func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + ServiceCredentialsSecretIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ServiceCredentialsSecretType) + if diagError != nil { + return diagError + } + + ServiceCredentialsSecret := ServiceCredentialsSecretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) + d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *ServiceCredentialsSecret.ID)) + + var err error + if err = d.Set("region", region); err != nil { + return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + } + if err = d.Set("created_by", ServiceCredentialsSecret.CreatedBy); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + } + + if err = d.Set("created_at", DateTimeToRFC3339(ServiceCredentialsSecret.CreatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + } + + if err = d.Set("crn", ServiceCredentialsSecret.Crn); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + } + + if ServiceCredentialsSecret.CustomMetadata != nil { + convertedMap := make(map[string]interface{}, len(ServiceCredentialsSecret.CustomMetadata)) + for k, v := range ServiceCredentialsSecret.CustomMetadata { + convertedMap[k] = v + } + + if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + } + if err != nil { + return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + } + } + + if err = d.Set("description", ServiceCredentialsSecret.Description); err != nil { + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + } + + if err = d.Set("downloaded", ServiceCredentialsSecret.Downloaded); err != nil { + return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + } + + if ServiceCredentialsSecret.Labels != nil { + if err = d.Set("labels", ServiceCredentialsSecret.Labels); err != nil { + return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + } + } + + if err = d.Set("locks_total", flex.IntValue(ServiceCredentialsSecret.LocksTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + } + + if err = d.Set("name", ServiceCredentialsSecret.Name); err != nil { + return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + } + + if err = d.Set("secret_group_id", ServiceCredentialsSecret.SecretGroupID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + } + + if err = d.Set("secret_type", ServiceCredentialsSecret.SecretType); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + } + + if err = d.Set("state", flex.IntValue(ServiceCredentialsSecret.State)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + } + + if err = d.Set("state_description", ServiceCredentialsSecret.StateDescription); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + } + + if err = d.Set("updated_at", DateTimeToRFC3339(ServiceCredentialsSecret.UpdatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + } + + if err = d.Set("versions_total", flex.IntValue(ServiceCredentialsSecret.VersionsTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + } + + if err = d.Set("ttl", ServiceCredentialsSecret.TTL); err != nil { + return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + } + + rotation := []map[string]interface{}{} + if ServiceCredentialsSecret.Rotation != nil { + modelMap, err := dataSourceIbmSmServiceCredentialsSecretRotationPolicyToMap(ServiceCredentialsSecret.Rotation.(*secretsmanagerv2.RotationPolicy)) + if err != nil { + return diag.FromErr(err) + } + rotation = append(rotation, modelMap) + } + if err = d.Set("rotation", rotation); err != nil { + return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + } + + if err = d.Set("next_rotation_date", DateTimeToRFC3339(ServiceCredentialsSecret.NextRotationDate)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + } + + if ServiceCredentialsSecret.Credentials != nil { + credentialsMap, err := dataSourceIbmSmServiceCredentialsSecretCredentialsToMap(ServiceCredentialsSecret.Credentials) + if err != nil { + return diag.FromErr(err) + } + if len(credentialsMap) > 0 { + if err = d.Set("credentials", []map[string]interface{}{credentialsMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting credentialsMap: %s", err)) + } + } + } + + sourceServiceMap, err := dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(ServiceCredentialsSecret.SourceService) + if err != nil { + return diag.FromErr(err) + } + if len(sourceServiceMap) > 0 { + if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + } + } + + return nil +} + +func dataSourceIbmSmServiceCredentialsSecretRotationPolicyToMap(model *secretsmanagerv2.RotationPolicy) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.AutoRotate != nil { + modelMap["auto_rotate"] = *model.AutoRotate + } + if model.Interval != nil { + modelMap["interval"] = *model.Interval + } + if model.Unit != nil { + modelMap["unit"] = *model.Unit + } + return modelMap, nil +} + +func dataSourceIbmSmServiceCredentialsSecretCredentialsToMap(credentials *secretsmanagerv2.ServiceCredentialsSecretCredentials) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if credentials.IamApikeyDescription != nil { + modelMap["iam_apikey_description"] = credentials.IamApikeyDescription + } + if credentials.Apikey != nil { + modelMap["apikey"] = credentials.Apikey + } + if credentials.Endpoints != nil { + modelMap["endpoints"] = credentials.Endpoints + } + if credentials.IamApikeyName != nil { + modelMap["iam_apikey_name"] = credentials.IamApikeyName + } + if credentials.IamRoleCrn != nil { + modelMap["iam_role_crn"] = credentials.IamRoleCrn + } + if credentials.IamServiceidCrn != nil { + modelMap["iam_serviceid_crn"] = credentials.IamServiceidCrn + } + if credentials.ResourceInstanceID != nil { + modelMap["resource_instance_id"] = credentials.ResourceInstanceID + } + if credentials.CosHmacKeys != nil { + cosHmacKeys := [1]map[string]interface{}{} + m := map[string]interface{}{} + if credentials.CosHmacKeys.AccessKeyID != nil { + m["access_key_id"] = credentials.CosHmacKeys.AccessKeyID + } + if credentials.CosHmacKeys.SecretAccessKey != nil { + m["secret_access_key"] = credentials.CosHmacKeys.SecretAccessKey + } + cosHmacKeys[0] = m + modelMap["cos_hmac_keys"] = cosHmacKeys + } + return modelMap, nil +} + +func dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) { + mainModelMap := make(map[string]interface{}) + if sourceService.Instance != nil { + instanceMap := make(map[string]interface{}) + instanceModel := sourceService.Instance + if instanceModel.Crn != nil { + instanceMap["crn"] = instanceModel.Crn + } + mainModelMap["instance"] = []map[string]interface{}{instanceMap} + } + + if sourceService.Role != nil { + roleMap := make(map[string]interface{}) + roleModel := sourceService.Role + if roleModel.Crn != nil { + roleMap["crn"] = roleModel.Crn + } + mainModelMap["role"] = []map[string]interface{}{roleMap} + } + + if sourceService.Iam != nil { + iamMap := make(map[string]interface{}) + iamModel := sourceService.Iam + + // apikey + if iamModel.Apikey != nil { + iamApikeyMap := make(map[string]interface{}) + iamApikeyModel := iamModel.Apikey + if iamApikeyModel.Name != nil { + iamApikeyMap["name"] = iamApikeyModel.Name + } + if iamApikeyModel.Description != nil { + iamApikeyMap["description"] = iamApikeyModel.Description + } + iamMap["apikey"] = []map[string]interface{}{iamApikeyMap} + } + + // role + if iamModel.Role != nil { + iamRoleMap := make(map[string]interface{}) + iamRoleModel := iamModel.Role + if iamRoleModel.Crn != nil { + iamRoleMap["crn"] = iamRoleModel.Crn + } + iamMap["role"] = []map[string]interface{}{iamRoleMap} + } + + // service id + if iamModel.Serviceid != nil { + iamServiceidMap := make(map[string]interface{}) + iamServiceidModel := iamModel.Serviceid + if iamServiceidModel.Crn != nil { + iamServiceidMap["crn"] = iamServiceidModel.Crn + } + iamMap["serviceid"] = []map[string]interface{}{iamServiceidMap} + } + + mainModelMap["iam"] = []map[string]interface{}{iamMap} + + } + + if sourceService.ResourceKey != nil { + resourceKeyMap := make(map[string]interface{}) + resourceKeyModel := sourceService.ResourceKey + if resourceKeyModel.Crn != nil { + resourceKeyMap["crn"] = resourceKeyModel.Crn + } + if resourceKeyModel.Name != nil { + resourceKeyMap["name"] = resourceKeyModel.Name + } + mainModelMap["resource_key"] = []map[string]interface{}{resourceKeyMap} + } + + if sourceService.Parameters != nil { + parametersMap := sourceService.Parameters.GetProperties() + for k, v := range parametersMap { + parametersMap[k] = fmt.Sprint(v) + } + if sourceService.Parameters.ServiceidCrn != nil { + parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn + } + mainModelMap["parameters"] = parametersMap + } + + return mainModelMap, nil +} diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go new file mode 100644 index 0000000000..1f1f813e83 --- /dev/null +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -0,0 +1,868 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager + +import ( + "context" + "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" + "github.com/IBM/go-sdk-core/v5/core" + "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "log" + "strconv" + "strings" +) + +func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceIbmSmServiceCredentialsSecretCreate, + ReadContext: resourceIbmSmServiceCredentialsSecretRead, + UpdateContext: resourceIbmSmServiceCredentialsSecretUpdate, + DeleteContext: resourceIbmSmServiceCredentialsSecretDelete, + Importer: &schema.ResourceImporter{}, + + Schema: map[string]*schema.Schema{ + "secret_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "A human-readable name to assign to your secret.To protect your privacy, do not use personal data, such as your name or location, as a name for your secret.", + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Description: "An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.", + }, + "secret_group_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "A v4 UUID identifier, or `default` secret group.", + }, + "labels": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: "Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "custom_metadata": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Computed: true, + Description: "The secret metadata that a user can customize.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "version_custom_metadata": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Computed: true, + Description: "The secret version metadata that a user can customize.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "created_by": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The unique identifier that is associated with the entity that created the secret.", + }, + "created_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was created. The date format follows RFC 3339.", + }, + "credentials": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The properties of the service credentials secret payload.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "apikey": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Sensitive: true, + Description: "The API key that is generated for this secret.", + }, + "cos_hmac_keys": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "access_key_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The access key ID for Cloud Object Storage HMAC credentials.", + }, + "secret_access_key": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The secret access key ID for Cloud Object Storage HMAC credentials.", + }, + }, + }, + }, + "endpoints": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The endpoints that are returned after you create a service credentials secret.", + }, + "iam_apikey_description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The description of the generated IAM API key.", + }, + "iam_apikey_name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The name of the generated IAM API key.", + }, + "iam_role_crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM role CRN that is returned after you create a service credentials secret.", + }, + "iam_serviceid_crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM serviceId CRN that is returned after you create a service credentials secret.", + }, + "resource_instance_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource instance CRN that is returned after you create a service credentials secret.", + }, + }, + }, + }, + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A CRN that uniquely identifies an IBM Cloud resource.", + }, + "downloaded": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.", + }, + "locks_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of locks of the secret.", + }, + "next_rotation_date": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date that the secret is scheduled for automatic rotation. The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.", + }, + "rotation": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secrets automatically.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auto_rotate": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval.", + }, + "interval": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + Description: "The length of the secret rotation time interval.", + DiffSuppressFunc: rotationAttributesDiffSuppress, + }, + "unit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The units for the secret rotation time interval.", + DiffSuppressFunc: rotationAttributesDiffSuppress, + }, + }, + }, + }, + "source_service": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Required: true, + ForceNew: true, + Description: "The properties required for creating the service credentials for the specified source service instance.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "instance": &schema.Schema{ + Type: schema.TypeList, + Required: true, + MaxItems: 1, + Description: "The source service instance identifier.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "A CRN that uniquely identifies a service credentials target.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The CRN role identifier for creating a service-id.", + }, + }, + }, + }, + "iam": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service IAM data is returned in case IAM credentials where created for this secret.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "apikey": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM apikey metadata for the IAM credentials that were generated.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key name for the generated service credentials.", + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key description for the generated service credentials.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM role for the generate service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM role CRN assigned to the generated service credentials.", + }, + }, + }, + }, + "serviceid": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM serviceid for the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM Service ID CRN.", + }, + }, + }, + }, + }, + }, + }, + "resource_key": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service resource key data of the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key CRN of the generated service credentials.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key name of the generated service credentials.", + }, + }, + }, + }, + "parameters": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Description: "The collection of parameters for the service credentials target.", + }, + }, + }, + }, + "state": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values.", + }, + "state_description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A text representation of the secret state.", + }, + "ttl": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: StringIsIntBetween(60, 7776000), + Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", + }, + "updated_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was recently modified. The date format follows RFC 3339.", + }, + "versions_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of versions of the secret.", + }, + "secret_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A v4 UUID identifier.", + }, + }, + } +} + +func resourceIbmSmServiceCredentialsSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() + if err != nil { + return diag.FromErr(err) + } + + region := getRegion(secretsManagerClient, d) + instanceId := d.Get("instance_id").(string) + secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) + + createSecretOptions := &secretsmanagerv2.CreateSecretOptions{} + + secretPrototypeModel, err := resourceIbmSmServiceCredentialsSecretMapToSecretPrototype(d) + if err != nil { + return diag.FromErr(err) + } + createSecretOptions.SetSecretPrototype(secretPrototypeModel) + + secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) + if err != nil { + log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + } + + secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) + d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *secret.ID)) + d.Set("secret_id", *secret.ID) + + return resourceIbmSmServiceCredentialsSecretRead(context, d, meta) +} + +func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() + if err != nil { + return diag.FromErr(err) + } + + id := strings.Split(d.Id(), "/") + if len(id) != 3 { + return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + } + region := id[0] + instanceId := id[1] + secretId := id[2] + secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) + + getSecretOptions := &secretsmanagerv2.GetSecretOptions{} + + getSecretOptions.SetID(secretId) + + secretIntf, response, err := secretsManagerClient.GetSecretWithContext(context, getSecretOptions) + if err != nil { + if response != nil && response.StatusCode == 404 { + d.SetId("") + return nil + } + log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + } + + secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) + + if err = d.Set("secret_id", secretId); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + } + if err = d.Set("instance_id", instanceId); err != nil { + return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + } + if err = d.Set("region", region); err != nil { + return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + } + if err = d.Set("created_by", secret.CreatedBy); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + } + if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + } + if err = d.Set("crn", secret.Crn); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + } + if err = d.Set("downloaded", secret.Downloaded); err != nil { + return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + } + if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + } + if err = d.Set("name", secret.Name); err != nil { + return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + } + if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + } + if err = d.Set("secret_type", secret.SecretType); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + } + if err = d.Set("state", flex.IntValue(secret.State)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + } + if err = d.Set("state_description", secret.StateDescription); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + } + if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + } + if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + } + if secret.CustomMetadata != nil { + d.Set("custom_metadata", secret.CustomMetadata) + } + if err = d.Set("description", secret.Description); err != nil { + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + } + if secret.Labels != nil { + if err = d.Set("labels", secret.Labels); err != nil { + return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + } + } + rotationMap, err := resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(secret.Rotation) + if err != nil { + return diag.FromErr(err) + } + if len(rotationMap) > 0 { + if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + } + } + sourceServiceMap, err := resourceIbmSmServiceCredentialsSecretSourceServiceToMap(secret.SourceService) + if err != nil { + return diag.FromErr(err) + } + if len(sourceServiceMap) > 0 { + if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + } + } + if secret.Credentials != nil { + credentialsMap, err := resourceIbmSmServiceCredentialsSecretCredentialsToMap(secret.Credentials) + if err != nil { + return diag.FromErr(err) + } + if len(credentialsMap) > 0 { + if err = d.Set("credentials", []map[string]interface{}{credentialsMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting credentialsMap: %s", err)) + } + } + } + if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + } + + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.ServiceCredentialsSecretVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } + } + + return nil +} + +func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() + if err != nil { + return diag.FromErr(err) + } + + id := strings.Split(d.Id(), "/") + region := id[0] + instanceId := id[1] + secretId := id[2] + secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) + + updateSecretMetadataOptions := &secretsmanagerv2.UpdateSecretMetadataOptions{} + + updateSecretMetadataOptions.SetID(secretId) + + hasChange := false + + patchVals := &secretsmanagerv2.SecretMetadataPatch{} + + if d.HasChange("name") { + patchVals.Name = core.StringPtr(d.Get("name").(string)) + hasChange = true + } + if d.HasChange("description") { + patchVals.Description = core.StringPtr(d.Get("description").(string)) + hasChange = true + } + if d.HasChange("labels") { + labels := d.Get("labels").([]interface{}) + labelsParsed := make([]string, len(labels)) + for i, v := range labels { + labelsParsed[i] = fmt.Sprint(v) + } + patchVals.Labels = labelsParsed + hasChange = true + } + if d.HasChange("custom_metadata") { + patchVals.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) + hasChange = true + } + + // Apply change in metadata (if changed) + if hasChange { + updateSecretMetadataOptions.SecretMetadataPatch, _ = patchVals.AsPatch() + _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) + if err != nil { + log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + } + } + + if d.HasChange("version_custom_metadata") { + // Apply change to version_custom_metadata in current version + secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) + secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + + updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} + updateSecretVersionOptions.SetSecretID(secretId) + updateSecretVersionOptions.SetID("current") + updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) + _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) + if err != nil { + if hasChange { + // Call the read function to update the Terraform state with the change already applied to the metadata + resourceIbmSmServiceCredentialsSecretRead(context, d, meta) + } + log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + } + + return resourceIbmSmServiceCredentialsSecretRead(context, d, meta) +} + +func resourceIbmSmServiceCredentialsSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() + if err != nil { + return diag.FromErr(err) + } + + id := strings.Split(d.Id(), "/") + region := id[0] + instanceId := id[1] + secretId := id[2] + secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) + + deleteSecretOptions := &secretsmanagerv2.DeleteSecretOptions{} + + deleteSecretOptions.SetID(secretId) + + response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) + if err != nil { + log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + } + + d.SetId("") + + return nil +} + +func resourceIbmSmServiceCredentialsSecretMapToSecretPrototype(d *schema.ResourceData) (*secretsmanagerv2.ServiceCredentialsSecretPrototype, error) { + model := &secretsmanagerv2.ServiceCredentialsSecretPrototype{} + model.SecretType = core.StringPtr("service_credentials") + + if _, ok := d.GetOk("name"); ok { + model.Name = core.StringPtr(d.Get("name").(string)) + } + if _, ok := d.GetOk("description"); ok { + model.Description = core.StringPtr(d.Get("description").(string)) + } + if _, ok := d.GetOk("secret_group_id"); ok { + model.SecretGroupID = core.StringPtr(d.Get("secret_group_id").(string)) + } + if _, ok := d.GetOk("labels"); ok { + labels := d.Get("labels").([]interface{}) + labelsParsed := make([]string, len(labels)) + for i, v := range labels { + labelsParsed[i] = fmt.Sprint(v) + } + model.Labels = labelsParsed + } + if _, ok := d.GetOk("ttl"); ok { + model.TTL = core.StringPtr(d.Get("ttl").(string)) + } + if _, ok := d.GetOk("rotation"); ok { + RotationModel, err := resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.Rotation = RotationModel + } + if _, ok := d.GetOk("source_service"); ok { + SourceServiceModel, err := resourceIbmSmServiceCredentialsSecretMapToSourceService(d.Get("source_service").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.SourceService = SourceServiceModel + } + if _, ok := d.GetOk("custom_metadata"); ok { + model.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) + } + if _, ok := d.GetOk("version_custom_metadata"); ok { + model.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + } + return model, nil +} + +func resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(modelMap map[string]interface{}) (secretsmanagerv2.RotationPolicyIntf, error) { + model := &secretsmanagerv2.RotationPolicy{} + if modelMap["auto_rotate"] != nil { + model.AutoRotate = core.BoolPtr(modelMap["auto_rotate"].(bool)) + } + if modelMap["interval"].(int) == 0 { + model.Interval = nil + } else { + model.Interval = core.Int64Ptr(int64(modelMap["interval"].(int))) + } + if modelMap["unit"] != nil && modelMap["unit"].(string) != "" { + model.Unit = core.StringPtr(modelMap["unit"].(string)) + } + return model, nil +} + +func resourceIbmSmServiceCredentialsSecretMapToSourceService(modelMap map[string]interface{}) (*secretsmanagerv2.ServiceCredentialsSecretSourceService, error) { + mainModel := &secretsmanagerv2.ServiceCredentialsSecretSourceService{} + + if modelMap["instance"] != nil && len(modelMap["instance"].([]interface{})) > 0 { + instanceModel := &secretsmanagerv2.ServiceCredentialsSourceServiceInstance{} + if modelMap["instance"].([]interface{})[0].(map[string]interface{})["crn"].(string) != "" { + instanceModel.Crn = core.StringPtr(modelMap["instance"].([]interface{})[0].(map[string]interface{})["crn"].(string)) + mainModel.Instance = instanceModel + } + } + + if modelMap["role"] != nil && len(modelMap["role"].([]interface{})) > 0 { + roleModel := &secretsmanagerv2.ServiceCredentialsSourceServiceRole{} + if modelMap["role"].([]interface{})[0].(map[string]interface{})["crn"].(string) != "" { + roleModel.Crn = core.StringPtr(modelMap["role"].([]interface{})[0].(map[string]interface{})["crn"].(string)) + mainModel.Role = roleModel + } + } + + if modelMap["parameters"] != nil { + mainModel.Parameters = &secretsmanagerv2.ServiceCredentialsSourceServiceParameters{} + parametersMap := modelMap["parameters"].(map[string]interface{}) + for k, v := range parametersMap { + if k == "serviceid_crn" { + serviceIdCrn := v.(string) + mainModel.Parameters.ServiceidCrn = &serviceIdCrn + } else if v == "true" || v == "false" { + b, _ := strconv.ParseBool(v.(string)) + mainModel.Parameters.SetProperty(k, b) + } else { + mainModel.Parameters.SetProperty(k, v) + } + } + } + return mainModel, nil +} + +func resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(modelIntf secretsmanagerv2.RotationPolicyIntf) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + model := modelIntf.(*secretsmanagerv2.RotationPolicy) + if model.AutoRotate != nil { + modelMap["auto_rotate"] = model.AutoRotate + } + if model.Interval != nil { + modelMap["interval"] = flex.IntValue(model.Interval) + } + if model.Unit != nil { + modelMap["unit"] = model.Unit + } + return modelMap, nil +} + +func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) { + mainModelMap := make(map[string]interface{}) + if sourceService.Instance != nil { + instanceMap := make(map[string]interface{}) + instanceModel := sourceService.Instance + if instanceModel.Crn != nil { + instanceMap["crn"] = instanceModel.Crn + } + mainModelMap["instance"] = []map[string]interface{}{instanceMap} + } + + if sourceService.Role != nil { + roleMap := make(map[string]interface{}) + roleModel := sourceService.Role + if roleModel.Crn != nil { + roleMap["crn"] = roleModel.Crn + } + mainModelMap["role"] = []map[string]interface{}{roleMap} + } + + if sourceService.Iam != nil { + iamMap := make(map[string]interface{}) + iamModel := sourceService.Iam + + // apikey + if iamModel.Apikey != nil { + iamApikeyMap := make(map[string]interface{}) + iamApikeyModel := iamModel.Apikey + if iamApikeyModel.Name != nil { + iamApikeyMap["name"] = iamApikeyModel.Name + } + if iamApikeyModel.Description != nil { + iamApikeyMap["description"] = iamApikeyModel.Description + } + iamMap["apikey"] = []map[string]interface{}{iamApikeyMap} + } + + // role + if iamModel.Role != nil { + iamRoleMap := make(map[string]interface{}) + iamRoleModel := iamModel.Role + if iamRoleModel.Crn != nil { + iamRoleMap["crn"] = iamRoleModel.Crn + } + iamMap["role"] = []map[string]interface{}{iamRoleMap} + } + + // service id + if iamModel.Serviceid != nil { + iamServiceidMap := make(map[string]interface{}) + iamServiceidModel := iamModel.Serviceid + if iamServiceidModel.Crn != nil { + iamServiceidMap["crn"] = iamServiceidModel.Crn + } + iamMap["serviceid"] = []map[string]interface{}{iamServiceidMap} + } + + mainModelMap["iam"] = []map[string]interface{}{iamMap} + + } + + if sourceService.ResourceKey != nil { + resourceKeyMap := make(map[string]interface{}) + resourceKeyModel := sourceService.ResourceKey + if resourceKeyModel.Crn != nil { + resourceKeyMap["crn"] = resourceKeyModel.Crn + } + if resourceKeyModel.Name != nil { + resourceKeyMap["name"] = resourceKeyModel.Name + } + mainModelMap["resource_key"] = []map[string]interface{}{resourceKeyMap} + } + + if sourceService.Parameters != nil { + parametersMap := sourceService.Parameters.GetProperties() + for k, v := range parametersMap { + parametersMap[k] = fmt.Sprint(v) + } + if sourceService.Parameters.ServiceidCrn != nil { + parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn + } + mainModelMap["parameters"] = parametersMap + } + + return mainModelMap, nil +} + +func resourceIbmSmServiceCredentialsSecretCredentialsToMap(credentials *secretsmanagerv2.ServiceCredentialsSecretCredentials) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if credentials.IamApikeyDescription != nil { + modelMap["iam_apikey_description"] = credentials.IamApikeyDescription + } + if credentials.Apikey != nil { + modelMap["apikey"] = credentials.Apikey + } + if credentials.Endpoints != nil { + modelMap["endpoints"] = credentials.Endpoints + } + if credentials.IamApikeyName != nil { + modelMap["iam_apikey_name"] = credentials.IamApikeyName + } + if credentials.IamRoleCrn != nil { + modelMap["iam_role_crn"] = credentials.IamRoleCrn + } + if credentials.IamServiceidCrn != nil { + modelMap["iam_serviceid_crn"] = credentials.IamServiceidCrn + } + if credentials.ResourceInstanceID != nil { + modelMap["resource_instance_id"] = credentials.ResourceInstanceID + } + if credentials.CosHmacKeys != nil { + cosHmacKeys := [1]map[string]interface{}{} + m := map[string]interface{}{} + if credentials.CosHmacKeys.AccessKeyID != nil { + m["access_key_id"] = credentials.CosHmacKeys.AccessKeyID + } + if credentials.CosHmacKeys.SecretAccessKey != nil { + m["secret_access_key"] = credentials.CosHmacKeys.SecretAccessKey + } + cosHmacKeys[0] = m + modelMap["cos_hmac_keys"] = cosHmacKeys + } + return modelMap, nil +} diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown new file mode 100644 index 0000000000..b86d6093a6 --- /dev/null +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -0,0 +1,166 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_sm_service_credentials_secret" +description: |- + Manages ServiceCredentialsSecret. +subcategory: "Secrets Manager" +--- + +# ibm_sm_service_credentials_secret + +Provides a resource for ServiceCredentialsSecret. This allows ServiceCredentialsSecret to be created, updated and deleted. + +## Example Usage + +```hcl +resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + name = "secret-name" + custom_metadata = {"key":"value"} + description = "Extended description for this secret." + labels = ["my-label"] + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + secret_group_id = ibm_sm_secret_group.sm_secret_group.secret_group_id + ttl = "1800" +} +``` + +## Argument Reference + +Review the argument reference that you can specify for your resource. + +* `instance_id` - (Required, Forces new resource, String) The GUID of the Secrets Manager instance. +* `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. +* `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. + * Constraints: Allowable values are: `private`, `public`. +* `custom_metadata` - (Optional, Map) The secret metadata that a user can customize. +* `description` - (Optional, String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. + * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. +* `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. + * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. +* `name` - (Required, String) The human-readable name of your secret. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. +* `rotation` - (Optional, List) Determines whether Secrets Manager rotates your secrets automatically. +Nested scheme for **rotation**: + * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. + * `interval` - (Optional, Integer) The length of the secret rotation time interval. + * Constraints: The minimum value is `1`. + * `rotate_keys` - (Optional, Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. + * `unit` - (Optional, String) The units for the secret rotation time interval. + * Constraints: Allowable values are: `day`, `month`. +* `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. + * Constraints: The maximum length is `36` characters. The minimum length is `7` characters. The value must match regular expression `/^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/`. +* `source_service` - (Optional, List) The properties required for creating the service credentials for the specified source service instance. +Nested scheme for **source_service**: + * `instance` - (Optional, List) The source service instance identifier. + Nested scheme for **instance**: + * `crn` - (Optional, String) A CRN that uniquely identifies a service credentials source. + * `parameters` - (Optional, List) Configuration options represented as key-value pairs. Service-defined options are used in the generation of credentials for some services. For example, Cloud Object Storage accepts the optional boolean parameter HMAC for creating specific kind of credentials. + * `role` - (Optional, List) The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles. + Nested scheme for **role**: + * `crn` - (Optional, String) The service role CRN. + * `iam` - (Optional, List) The source service IAM data is returned in case IAM credentials where created for this secret. + Nested scheme for **iam**: + * `apikey` - (Optional, String) The IAM apikey metadata for the IAM credentials that were generated. + * `role` - (Optional, String) The IAM role for the generate service credentials. + * `serviceid` - (Optional, String) The IAM serviceid for the generated service credentials. + * `resource_key` - (Optional, List) The source service resource key data of the generated service credentials. + Nested scheme for **resource_key**: + * `crn` - (Optional, String) The resource key CRN of the generated service credentials. + * `name` - (Optional, String) The resource key name of the generated service credentials. +* `ttl` - (Required, String) The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long each generated API key remains valid. The value should be an integer that specifies the number of seconds. Minimum duration is 60 seconds. Maximum is 7776000 seconds (90 days). + * Constraints: The maximum length is `7` characters. The minimum length is `2` characters. + +## Attribute Reference + +In addition to all argument references listed, you can access the following attribute references after your resource is created. + +* `secret_id` - The unique identifier of the ServiceCredentialsSecret. +* `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. +* `created_by` - (String) The unique identifier that is associated with the entity that created the secret. + * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. +* `crn` - (String) A CRN that uniquely identifies an IBM Cloud resource. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `/^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@\/]|%[0-9A-Z]{2})*){8}$/`. +* `downloaded` - (Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API. +* `locks_total` - (Integer) The number of locks of the secret. + * Constraints: The maximum value is `1000`. The minimum value is `0`. +* `next_rotation_date` - (String) The date that the secret is scheduled for automatic rotation.The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy. +* `state` - (Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values. + * Constraints: Allowable values are: `0`, `1`, `2`, `3`, `5`. +* `state_description` - (String) A text representation of the secret state. + * Constraints: Allowable values are: `pre_activation`, `active`, `suspended`, `deactivated`, `destroyed`. +* `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. + * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. +* `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. +* `versions_total` - (Integer) The number of versions of the secret. + * Constraints: The maximum value is `50`. The minimum value is `0`. + +## Provider Configuration + +The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below: + +- Static credentials +- Environment variables + +To find which credentials are required for this resource, see the service table [here](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-provider-reference#required-parameters). + +### Static credentials + +You can provide your static credentials by adding the `ibmcloud_api_key`, `iaas_classic_username`, and `iaas_classic_api_key` arguments in the IBM Cloud provider block. + +Usage: +``` +provider "ibm" { + ibmcloud_api_key = "" + iaas_classic_username = "" + iaas_classic_api_key = "" +} +``` + +### Environment variables + +You can provide your credentials by exporting the `IC_API_KEY`, `IAAS_CLASSIC_USERNAME`, and `IAAS_CLASSIC_API_KEY` environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively. + +``` +provider "ibm" {} +``` + +Usage: +``` +export IC_API_KEY="ibmcloud_api_key" +export IAAS_CLASSIC_USERNAME="iaas_classic_username" +export IAAS_CLASSIC_API_KEY="iaas_classic_api_key" +terraform plan +``` + +Note: + +1. Create or find your `ibmcloud_api_key` and `iaas_classic_api_key` [here](https://cloud.ibm.com/iam/apikeys). + - Select `My IBM Cloud API Keys` option from view dropdown for `ibmcloud_api_key` + - Select `Classic Infrastructure API Keys` option from view dropdown for `iaas_classic_api_key` +2. For iaas_classic_username + - Go to [Users](https://cloud.ibm.com/iam/users) + - Click on user. + - Find user name in the `VPN password` section under `User Details` tab + +For more informaton, see [here](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs#authentication). + +## Import + +You can import the `ibm_sm_service_credentials_secret` resource by using `region`, `instance_id`, and `secret_id`. +For more information, see [the documentation](https://cloud.ibm.com/docs/secrets-manager) + +# Syntax +```bash +$ terraform import ibm_sm_service_credentials_secret.sm_service_credentials_secret // +``` + +# Example +```bash +$ terraform import ibm_sm_service_credentials_secret.sm_service_credentials_secret us-east/6ebc4224-e983-496a-8a54-f40a0bfa9175/b49ad24d-81d4-5ebc-b9b9-b0937d1c84d5 +``` From babc0f9a9e52c3255d433975f8458067e699e52b Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 15 Nov 2023 14:31:44 +0200 Subject: [PATCH 02/47] SC addition --- ibm/service/secretsmanager/utils.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ibm/service/secretsmanager/utils.go b/ibm/service/secretsmanager/utils.go index a00f44c9af..07a23380be 100644 --- a/ibm/service/secretsmanager/utils.go +++ b/ibm/service/secretsmanager/utils.go @@ -17,13 +17,14 @@ import ( ) const ( - ArbitrarySecretType = "arbitrary" - UsernamePasswordSecretType = "username_password" - IAMCredentialsSecretType = "iam_credentials" - KvSecretType = "kv" - ImportedCertSecretType = "imported_cert" - PublicCertSecretType = "public_cert" - PrivateCertSecretType = "private_cert" + ArbitrarySecretType = "arbitrary" + UsernamePasswordSecretType = "username_password" + IAMCredentialsSecretType = "iam_credentials" + ServiceCredentialsSecretType = "service_credentials" + KvSecretType = "kv" + ImportedCertSecretType = "imported_cert" + PublicCertSecretType = "public_cert" + PrivateCertSecretType = "private_cert" ) func getRegion(originalClient *secretsmanagerv2.SecretsManagerV2, d *schema.ResourceData) string { From 80716674288963e6e64f30ba91de967a9465249c Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 15 Nov 2023 18:23:34 +0200 Subject: [PATCH 03/47] SC addition --- examples/ibm-secrets-manager/README.md | 238 +++++---- examples/ibm-secrets-manager/main.tf | 43 ++ examples/ibm-secrets-manager/outputs.tf | 6 + examples/ibm-secrets-manager/variables.tf | 63 +++ ibm/provider/provider.go | 1 + ..._sm_service_credentials_secret_metadata.go | 491 ++++++++++++++++++ ...ource_ibm_sm_service_credentilas_secret.go | 2 +- ...m_service_credentials_secret.html.markdown | 140 +++++ ..._credentials_secret_metadata.html.markdown | 113 ++++ ...m_service_credentials_secret.html.markdown | 62 ++- 10 files changed, 1046 insertions(+), 113 deletions(-) create mode 100644 ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go create mode 100644 website/docs/d/sm_service_credentials_secret.html.markdown create mode 100644 website/docs/d/sm_service_credentials_secret_metadata.html.markdown diff --git a/examples/ibm-secrets-manager/README.md b/examples/ibm-secrets-manager/README.md index 04a144758a..f68677dec5 100644 --- a/examples/ibm-secrets-manager/README.md +++ b/examples/ibm-secrets-manager/README.md @@ -131,6 +131,31 @@ resource "sm_iam_credentials_secret" "sm_iam_credentials_secret_instance" { rotation = var.sm_iam_credentials_secret_rotation } ``` +sm_service_credentials_secret resource: + +```hcl +resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = var.secrets_manager_instance_id + region = var.region + endpoint_type = var.endpoint_type + name = var.sm_service_credentials_secret_name + custom_metadata = { my_key = jsonencode(var.sm_service_credentials_secret_custom_metadata) } + description = var.sm_service_credentials_secret_description + labels = var.sm_service_credentials_secret_labels + rotation = var.sm_service_credentials_secret_rotation + secret_group_id = var.sm_service_credentials_secret_secret_group_id + source_service { + instance { + crn = var.sm_service_credentials_secret_source_service_instance_crn + } + role { + crn = var.sm_service_credentials_secret_source_service_role_crn + } + parameters = var.sm_service_credentials_secret_source_service_parameters + } + ttl = var.sm_service_credentials_secret_ttl +} +``` sm_arbitrary_secret resource: ```hcl @@ -349,6 +374,15 @@ data "sm_iam_credentials_secret_metadata" "sm_iam_credentials_secret_metadata_in secret_id = var.sm_iam_credentials_secret_metadata_id } ``` +sm_service_credentials_secret_metadata data source: + +```hcl +data "sm_service_credentials_secret_metadata" "sm_service_credentials_secret_metadata_instance" { + instance_id = var.secrets_manager_instance_id + region = var.region + secret_id = var.sm_service_credentials_secret_metadata_id +} +``` sm_arbitrary_secret_metadata data source: ```hcl @@ -403,6 +437,15 @@ data "sm_iam_credentials_secret" "sm_iam_credentials_secret_instance" { secret_id = var.sm_iam_credentials_secret_id } ``` +sm_service_credentials_secret data source: + +```hcl +data "sm_service_credentials_secret" "sm_service_credentials_secret_instance" { + instance_id = var.secrets_manager_instance_id + region = var.region + secret_id = var.sm_service_credentials_secret_id +} +``` sm_arbitrary_secret data source: ```hcl @@ -524,103 +567,106 @@ data "sm_en_registration" "sm_en_registration_instance" { ## Inputs -| Name | Description | Type | Default | Required | -|----------------------------------------|-------------|------|---------|----------| -| ibmcloud\_api\_key | IBM Cloud API key | `string` | | true | -| region | Secrets Manager Instance region | `string` | us-south | false | -| secrets\_manager\_instance\_id | Secrets Manager Instance GUID | `string` | | true | -| instance\_id | Secrets Manager Instance GUID | `string` | | true | -| endpoint\_type | Secrets manager endpoint type | `string` | `private` | false | -| description | An extended description of your secret group.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. | `string` | false | -| custom_metadata | The secret metadata that a user can customize. | `map()` | false | -| description | An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. | `string` | false | -| expiration_date | The date a secret is expired. The date format follows RFC 3339. | `` | false | -| labels | Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. | `list(string)` | false | -| secret_group_id | A v4 UUID identifier, or `default` secret group. | `string` | false | -| secret_type | The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. | `string` | false | -| certificate | The PEM-encoded contents of your certificate. | `string` | false | -| intermediate | (Optional) The PEM-encoded intermediate certificate to associate with the root certificate. | `string` | false | -| private_key | (Optional) The PEM-encoded private key to associate with the certificate. | `string` | false | -| custom_metadata | The secret metadata that a user can customize. | `map()` | false | -| rotation | Determines whether Secrets Manager rotates your secrets automatically. | `` | false | -| data | The payload data of a key-value secret. | `map()` | false | -| ttl | The time-to-live (TTL) or lease duration to assign to generated credentials.For `iam_credentials` secrets, the TTL defines for how long each generated API key remains valid. The value can be either an integer that specifies the number of seconds, or the string representation of a duration, such as `120m` or `24h`.Minimum duration is 1 minute. Maximum is 90 days. | `string` | false | -| access_groups | Access Groups that you can use for an `iam_credentials` secret.Up to 10 Access Groups can be used for each secret. | `list(string)` | false | -| service_id | The service ID under which the API key (see the `api_key` field) is created.If you omit this parameter, Secrets Manager generates a new service ID for your secret at its creation and adds it to the access groups that you assign.Optionally, you can use this field to provide your own service ID if you prefer to manage its access directly or retain the service ID after your secret expires, is rotated, or deleted. If you provide a service ID, do not include the `access_groups` parameter. | `string` | false | -| reuse_api_key | Determines whether to use the same service ID and API key for future read operations on an`iam_credentials` secret.If it is set to `true`, the service reuses the current credentials. If it is set to `false`, a new service ID and API key are generated each time that the secret is read or accessed. | `bool` | false | -| payload | The arbitrary secret's data payload. | `string` | false | -| username | The username that is assigned to the secret. | `string` | false | -| password | The password that is assigned to the secret. | `string` | false | -| secret_id | The ID of the secret. | `string` | true | -| certificate_template | The name of the certificate template. | `string` | false | -| config_type | Th configuration type. | `string` | false | -| crl_disable | Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL. | `bool` | false | -| crl_distribution_points_encoded | Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority. | `bool` | false | -| issuing_certificates_urls_encoded | Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority. | `bool` | false | -| ttl | The requested time-to-live (TTL) for certificates that are created by this CA. This field's value cannot be longer than the `max_ttl` limit.The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer). | `string` | false | -| signing_method | The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities). | `string` | false | -| certificate_authority | The name of the intermediate certificate authority. | `string` | false | -| allowed_secret_groups | Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs. | `string` | false | -| allow_localhost | Determines whether to allow `localhost` to be included as one of the requested common names. | `bool` | false | -| allowed_domains | The domains to define for the certificate template. This property is used along with the `allow_bare_domains` and `allow_subdomains` options. | `list(string)` | false | -| allowed_domains_template | Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access control list (ACL) templates. | `bool` | false | -| allow_bare_domains | Determines whether to allow clients to request private certificates that match the value of the actual domains on the final certificate.For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.**Important:** In some scenarios, allowing bare domains can be considered a security risk. | `bool` | false | -| allow_subdomains | Determines whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains.For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.**Note:** This field is redundant if you use the `allow_any_name` option. | `bool` | false | -| allow_glob_domains | Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified in the `allowed_domains` field.If set to `true`, clients are allowed to request private certificates with names that match the glob patterns. | `bool` | false | -| allow_any_name | Determines whether to allow clients to request a private certificate that matches any common name. | `bool` | false | -| enforce_hostnames | Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses. | `bool` | false | -| allow_ip_sans | Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. | `bool` | false | -| allowed_uri_sans | The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example `spiffe://hostname/_*`. | `list(string)` | false | -| allowed_other_sans | The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates.The format for each element in the list is the same as OpenSSL: `::` where the current valid type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to allow any `other_sans` input. | `list(string)` | false | -| server_flag | Determines whether private certificates are flagged for server use. | `bool` | false | -| client_flag | Determines whether private certificates are flagged for client use. | `bool` | false | -| code_signing_flag | Determines whether private certificates are flagged for code signing use. | `bool` | false | -| email_protection_flag | Determines whether private certificates are flagged for email protection use. | `bool` | false | -| key_usage | The allowed key usage constraint to define for private certificates.You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list. | `list(string)` | false | -| ext_key_usage | The allowed extended key usage constraint on private certificates.You can find valid values in the [Go x509 package documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list. | `list(string)` | false | -| ext_key_usage_oids | A list of extended key usage Object Identifiers (OIDs). | `list(string)` | false | -| use_csr_common_name | When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that's included in the data of the certificate.Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property. | `bool` | false | -| use_csr_sans | When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names(SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate.Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property. | `bool` | false | -| require_cn | Determines whether to require a common name to create a private certificate.By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`. | `bool` | false | -| policy_identifiers | A list of policy Object Identifiers (OIDs). | `list(string)` | false | -| basic_constraints_valid_for_non_ca | Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates. | `bool` | false | -| lets_encrypt_environment | The configuration of the Let's Encrypt CA environment. | `string` | false | -| lets_encrypt_private_key | The PEM encoded private key of your Lets Encrypt account. | `string` | false | -| lets_encrypt_preferred_chain | Prefer the chain with an issuer matching this Subject Common Name. | `string` | false | -| event_notifications_instance_crn | A CRN that uniquely identifies an IBM Cloud resource. | `string` | true | -| event_notifications_source_name | The name that is displayed as a source that is in your Event Notifications instance. | `string` | true | -| event_notifications_source_description | An optional description for the source that is in your Event Notifications instance. | `string` | false | -| secret_group_id | The ID of the secret group. | `string` | true | -| secret_id | The ID of the secret. | `string` | true | -| name | The name of the configuration. | `string` | true | +| Name | Description | Type | Default | Required | +|----------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|-----------|----------| +| ibmcloud\_api\_key | IBM Cloud API key | `string` | | true | +| region | Secrets Manager Instance region | `string` | us-south | false | +| secrets\_manager\_instance\_id | Secrets Manager Instance GUID | `string` | | true | +| instance\_id | Secrets Manager Instance GUID | `string` | | true | +| endpoint\_type | Secrets manager endpoint type | `string` | `private` | false | +| description | An extended description of your secret group.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. | `string` | false | +| custom_metadata | The secret metadata that a user can customize. | `map()` | false | +| description | An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. | `string` | false | +| expiration_date | The date a secret is expired. The date format follows RFC 3339. | `` | false | +| labels | Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. | `list(string)` | false | +| secret_group_id | A v4 UUID identifier, or `default` secret group. | `string` | false | +| secret_type | The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. | `string` | false | +| certificate | The PEM-encoded contents of your certificate. | `string` | false | +| intermediate | (Optional) The PEM-encoded intermediate certificate to associate with the root certificate. | `string` | false | +| private_key | (Optional) The PEM-encoded private key to associate with the certificate. | `string` | false | +| custom_metadata | The secret metadata that a user can customize. | `map()` | false | +| rotation | Determines whether Secrets Manager rotates your secrets automatically. | `` | false | +| source_service | The properties required for creating the service credentials for the specified source service instance. | `` | false | +| data | The payload data of a key-value secret. | `map()` | false | +| ttl | The time-to-live (TTL) or lease duration to assign to generated credentials.The TTL defines for how long generated credentials remain valid. For iam_credentials secret TTL is mandatory. The minimum duration is 1 minute. The maximum is 90 days. For service_credentials secret TTL is optional, if set the minimum duration is 1 day. The maximum is 90 days. The TTL defaults to 0 which means no TTL. | `string` | false | +| access_groups | Access Groups that you can use for an `iam_credentials` secret.Up to 10 Access Groups can be used for each secret. | `list(string)` | false | +| service_id | The service ID under which the API key (see the `api_key` field) is created.If you omit this parameter, Secrets Manager generates a new service ID for your secret at its creation and adds it to the access groups that you assign.Optionally, you can use this field to provide your own service ID if you prefer to manage its access directly or retain the service ID after your secret expires, is rotated, or deleted. If you provide a service ID, do not include the `access_groups` parameter. | `string` | false | +| reuse_api_key | Determines whether to use the same service ID and API key for future read operations on an`iam_credentials` secret.If it is set to `true`, the service reuses the current credentials. If it is set to `false`, a new service ID and API key are generated each time that the secret is read or accessed. | `bool` | false | +| payload | The arbitrary secret's data payload. | `string` | false | +| username | The username that is assigned to the secret. | `string` | false | +| password | The password that is assigned to the secret. | `string` | false | +| secret_id | The ID of the secret. | `string` | true | +| certificate_template | The name of the certificate template. | `string` | false | +| config_type | Th configuration type. | `string` | false | +| crl_disable | Disables or enables certificate revocation list (CRL) building.If CRL building is disabled, a signed but zero-length CRL is returned when downloading the CRL. If CRL building is enabled, it will rebuild the CRL. | `bool` | false | +| crl_distribution_points_encoded | Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority. | `bool` | false | +| issuing_certificates_urls_encoded | Determines whether to encode the URL of the issuing certificate in the certificates that are issued by this certificate authority. | `bool` | false | +| ttl | The requested time-to-live (TTL) for certificates that are created by this CA. This field's value cannot be longer than the `max_ttl` limit.The value can be supplied as a string representation of a duration in hours, for example '8760h'. In the API response, this value is returned in seconds (integer). | `string` | false | +| signing_method | The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities). | `string` | false | +| certificate_authority | The name of the intermediate certificate authority. | `string` | false | +| allowed_secret_groups | Scopes the creation of private certificates to only the secret groups that you specify.This field can be supplied as a comma-delimited list of secret group IDs. | `string` | false | +| allow_localhost | Determines whether to allow `localhost` to be included as one of the requested common names. | `bool` | false | +| allowed_domains | The domains to define for the certificate template. This property is used along with the `allow_bare_domains` and `allow_subdomains` options. | `list(string)` | false | +| allowed_domains_template | Determines whether to allow the domains that are supplied in the `allowed_domains` field to contain access control list (ACL) templates. | `bool` | false | +| allow_bare_domains | Determines whether to allow clients to request private certificates that match the value of the actual domains on the final certificate.For example, if you specify `example.com` in the `allowed_domains` field, you grant clients the ability to request a certificate that contains the name `example.com` as one of the DNS values on the final certificate.**Important:** In some scenarios, allowing bare domains can be considered a security risk. | `bool` | false | +| allow_subdomains | Determines whether to allow clients to request private certificates with common names (CN) that are subdomains of the CNs that are allowed by the other certificate template options. This includes wildcard subdomains.For example, if `allowed_domains` has a value of `example.com` and `allow_subdomains`is set to `true`, then the following subdomains are allowed: `foo.example.com`, `bar.example.com`, `*.example.com`.**Note:** This field is redundant if you use the `allow_any_name` option. | `bool` | false | +| allow_glob_domains | Determines whether to allow glob patterns, for example, `ftp*.example.com`, in the names that are specified in the `allowed_domains` field.If set to `true`, clients are allowed to request private certificates with names that match the glob patterns. | `bool` | false | +| allow_any_name | Determines whether to allow clients to request a private certificate that matches any common name. | `bool` | false | +| enforce_hostnames | Determines whether to enforce only valid host names for common names, DNS Subject Alternative Names, and the host section of email addresses. | `bool` | false | +| allow_ip_sans | Determines whether to allow clients to request a private certificate with IP Subject Alternative Names. | `bool` | false | +| allowed_uri_sans | The URI Subject Alternative Names to allow for private certificates.Values can contain glob patterns, for example `spiffe://hostname/_*`. | `list(string)` | false | +| allowed_other_sans | The custom Object Identifier (OID) or UTF8-string Subject Alternative Names (SANs) to allow for private certificates.The format for each element in the list is the same as OpenSSL: `::` where the current valid type is `UTF8`. To allow any value for an OID, use `*` as its value. Alternatively, specify a single `*` to allow any `other_sans` input. | `list(string)` | false | +| server_flag | Determines whether private certificates are flagged for server use. | `bool` | false | +| client_flag | Determines whether private certificates are flagged for client use. | `bool` | false | +| code_signing_flag | Determines whether private certificates are flagged for code signing use. | `bool` | false | +| email_protection_flag | Determines whether private certificates are flagged for email protection use. | `bool` | false | +| key_usage | The allowed key usage constraint to define for private certificates.You can find valid values in the [Go x509 package documentation](https://pkg.go.dev/crypto/x509#KeyUsage). Omit the `KeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list. | `list(string)` | false | +| ext_key_usage | The allowed extended key usage constraint on private certificates.You can find valid values in the [Go x509 package documentation](https://golang.org/pkg/crypto/x509/#ExtKeyUsage). Omit the `ExtKeyUsage` part of the value. Values are not case-sensitive. To specify no key usage constraints, set this field to an empty list. | `list(string)` | false | +| ext_key_usage_oids | A list of extended key usage Object Identifiers (OIDs). | `list(string)` | false | +| use_csr_common_name | When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that's included in the data of the certificate.Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property. | `bool` | false | +| use_csr_sans | When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names(SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate.Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property. | `bool` | false | +| require_cn | Determines whether to require a common name to create a private certificate.By default, a common name is required to generate a certificate. To make the `common_name` field optional, set the `require_cn` option to `false`. | `bool` | false | +| policy_identifiers | A list of policy Object Identifiers (OIDs). | `list(string)` | false | +| basic_constraints_valid_for_non_ca | Determines whether to mark the Basic Constraints extension of an issued private certificate as valid for non-CA certificates. | `bool` | false | +| lets_encrypt_environment | The configuration of the Let's Encrypt CA environment. | `string` | false | +| lets_encrypt_private_key | The PEM encoded private key of your Lets Encrypt account. | `string` | false | +| lets_encrypt_preferred_chain | Prefer the chain with an issuer matching this Subject Common Name. | `string` | false | +| event_notifications_instance_crn | A CRN that uniquely identifies an IBM Cloud resource. | `string` | true | +| event_notifications_source_name | The name that is displayed as a source that is in your Event Notifications instance. | `string` | true | +| event_notifications_source_description | An optional description for the source that is in your Event Notifications instance. | `string` | false | +| secret_group_id | The ID of the secret group. | `string` | true | +| secret_id | The ID of the secret. | `string` | true | +| name | The name of the configuration. | `string` | true | ## Outputs -| Name | Description | -|------|-------------| -| secrets\_manager\_secrets | secrets\_manager\_secrets object | -| secrets\_manager\_secret | secrets\_manager\_secret object | -| sm_secret_group | sm_secret_group object | -| sm_imported_certificate | sm_imported_certificate object | -| sm_public_certificate | sm_public_certificate object | -| sm_kv_secret | sm_kv_secret object | -| sm_iam_credentials_secret | sm_iam_credentials_secret object | -| sm_arbitrary_secret | sm_arbitrary_secret object | -| sm_username_password_secret | sm_username_password_secret object | -| sm_private_certificate | sm_private_certificate object | -| sm_private_certificate_configuration_root_ca | sm_private_certificate_configuration_root_ca object | +| Name | Description | +|------------------------------------------------------|-------------------------------------------------------------| +| secrets\_manager\_secrets | secrets\_manager\_secrets object | +| secrets\_manager\_secret | secrets\_manager\_secret object | +| sm_secret_group | sm_secret_group object | +| sm_imported_certificate | sm_imported_certificate object | +| sm_public_certificate | sm_public_certificate object | +| sm_kv_secret | sm_kv_secret object | +| sm_iam_credentials_secret | sm_iam_credentials_secret object | +| sm_service_credentials_secret | sm_service_credentials_secret object | +| sm_arbitrary_secret | sm_arbitrary_secret object | +| sm_username_password_secret | sm_username_password_secret object | +| sm_private_certificate | sm_private_certificate object | +| sm_private_certificate_configuration_root_ca | sm_private_certificate_configuration_root_ca object | | sm_private_certificate_configuration_intermediate_ca | sm_private_certificate_configuration_intermediate_ca object | -| sm_private_certificate_configuration_template | sm_private_certificate_configuration_template object | -| sm_public_certificate_configuration_ca_lets_encrypt | sm_public_certificate_configuration_ca_lets_encrypt object | -| sm_en_registration | sm_en_registration object | -| sm_secret_group | sm_secret_group object | -| sm_secret_groups | sm_secret_groups object | -| sm_secrets | sm_secrets object | -| sm_imported_certificate_metadata | sm_imported_certificate_metadata object | -| sm_public_certificate_metadata | sm_public_certificate_metadata object | -| sm_kv_secret_metadata | sm_kv_secret_metadata object | -| sm_iam_credentials_secret_metadata | sm_iam_credentials_secret_metadata object | -| sm_arbitrary_secret_metadata | sm_arbitrary_secret_metadata object | -| sm_username_password_secret_metadata | sm_username_password_secret_metadata object | -| sm_private_certificate_metadata | sm_private_certificate_metadata object | -| sm_configurations | sm_configurations object | +| sm_private_certificate_configuration_template | sm_private_certificate_configuration_template object | +| sm_public_certificate_configuration_ca_lets_encrypt | sm_public_certificate_configuration_ca_lets_encrypt object | +| sm_en_registration | sm_en_registration object | +| sm_secret_group | sm_secret_group object | +| sm_secret_groups | sm_secret_groups object | +| sm_secrets | sm_secrets object | +| sm_imported_certificate_metadata | sm_imported_certificate_metadata object | +| sm_public_certificate_metadata | sm_public_certificate_metadata object | +| sm_kv_secret_metadata | sm_kv_secret_metadata object | +| sm_iam_credentials_secret_metadata | sm_iam_credentials_secret_metadata object | +| sm_service_credentials_secret_metadata | sm_service_credentials_secret_metadata object | +| sm_arbitrary_secret_metadata | sm_arbitrary_secret_metadata object | +| sm_username_password_secret_metadata | sm_username_password_secret_metadata object | +| sm_private_certificate_metadata | sm_private_certificate_metadata object | +| sm_configurations | sm_configurations object | diff --git a/examples/ibm-secrets-manager/main.tf b/examples/ibm-secrets-manager/main.tf index 1e1a89fccb..5823fb3fa6 100644 --- a/examples/ibm-secrets-manager/main.tf +++ b/examples/ibm-secrets-manager/main.tf @@ -81,6 +81,33 @@ resource "ibm_sm_iam_credentials_secret" "sm_iam_credentials_secret_instance" { } } +// Provision sm_service_credentials_secret resource instance +resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = var.secrets_manager_instance_id + region = var.region + endpoint_type = var.endpoint_type + name = var.sm_service_credentials_secret_name + custom_metadata = { my_key = jsonencode(var.sm_service_credentials_secret_custom_metadata) } + description = var.sm_service_credentials_secret_description + labels = var.sm_service_credentials_secret_labels + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + secret_group_id = var.sm_service_credentials_secret_secret_group_id + source_service { + instance { + crn = var.sm_service_credentials_secret_source_service_instance_crn + } + role { + crn = var.sm_service_credentials_secret_source_service_role_crn + } + parameters = var.sm_service_credentials_secret_source_service_parameters + } + ttl = var.sm_service_credentials_secret_ttl +} + // Provision sm_arbitrary_secret resource instance resource "ibm_sm_arbitrary_secret" "sm_arbitrary_secret_instance" { instance_id = var.secrets_manager_instance_id @@ -304,6 +331,14 @@ data "ibm_sm_iam_credentials_secret_metadata" "sm_iam_credentials_secret_metadat secret_id = var.sm_iam_credentials_secret_metadata_id } +// Create sm_service_credentials_secret_metadata data source +data "ibm_sm_service_credentials_secret_metadata" "sm_service_credentials_secret_metadata_instance" { + instance_id = var.secrets_manager_instance_id + region = var.region + endpoint_type = var.endpoint_type + secret_id = var.sm_service_credentials_secret_metadata_id +} + // Create sm_arbitrary_secret_metadata data source data "ibm_sm_arbitrary_secret_metadata" "sm_arbitrary_secret_metadata_instance" { instance_id = var.secrets_manager_instance_id @@ -352,6 +387,14 @@ data "ibm_sm_iam_credentials_secret" "sm_iam_credentials_secret_instance" { secret_id = var.sm_iam_credentials_secret_id } +// Create sm_service_credentials_secret data source +data "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_instance" { + instance_id = var.secrets_manager_instance_id + region = var.region + endpoint_type = var.endpoint_type + secret_id = var.sm_service_credentials_secret_id +} + // Create sm_arbitrary_secret data source data "ibm_sm_arbitrary_secret" "sm_arbitrary_secret_instance" { instance_id = var.secrets_manager_instance_id diff --git a/examples/ibm-secrets-manager/outputs.tf b/examples/ibm-secrets-manager/outputs.tf index 9ea26978eb..9684c8c1eb 100644 --- a/examples/ibm-secrets-manager/outputs.tf +++ b/examples/ibm-secrets-manager/outputs.tf @@ -45,6 +45,12 @@ output "ibm_sm_iam_credentials_secret" { value = ibm_sm_iam_credentials_secret.sm_iam_credentials_secret_instance description = "sm_iam_credentials_secret resource instance" } +// This allows sm_service_credentials_secret data to be referenced by other resources and the terraform CLI +// Modify this if only certain data should be exposed +output "ibm_sm_service_credentials_secret" { + value = ibm_sm_service_credentials_secret.sm_service_credentials_secret_instance + description = "sm_service_credentials_secret resource instance" +} // This allows sm_arbitrary_secret data to be referenced by other resources and the terraform CLI // Modify this if only certain data should be exposed output "ibm_sm_arbitrary_secret" { diff --git a/examples/ibm-secrets-manager/variables.tf b/examples/ibm-secrets-manager/variables.tf index 6c713285b8..fba28a2af8 100644 --- a/examples/ibm-secrets-manager/variables.tf +++ b/examples/ibm-secrets-manager/variables.tf @@ -210,6 +210,54 @@ variable "sm_iam_credentials_secret_reuse_api_key" { default = true } +// Resource arguments for sm_service_credentials_secret +variable "sm_service_credentials_name" { + description = "The human-readable name of your secret." + type = string + default = "my-service-credentials-secret" +} +variable "sm_service_credentials_secret_custom_metadata" { + description = "The secret metadata that a user can customize." + type = any + default = "anything as a string" +} +variable "sm_service_credentials_secret_description" { + description = "An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group." + type = string + default = "Extended description for this secret." +} +variable "sm_service_credentials_secret_labels" { + description = "Labels that you can use to search for secrets in your instance.Up to 30 labels can be created." + type = list(string) + default = [ "my-label" ] +} +variable "sm_service_credentials_secret_secret_group_id" { + description = "A v4 UUID identifier, or `default` secret group." + type = string + default = "default" +} +variable "sm_service_credentials_secret_source_service_instance_crn" { + description = "A CRN that uniquely identifies a service credentials source" + type = string + default = "crn:v1:staging:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" +} +variable "sm_service_credentials_secret_source_service_role_crn" { + description = "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles." + type = string + default = "crn:v1:bluemix:public:iam::::serviceRole:Writer" +} +variable "sm_service_credentials_secret_source_service_parameters" { + description = "Configuration options represented as key-value pairs. Service-defined options are used in the generation of credentials for some services." + type = string + default = {} +} +variable "sm_service_credentials_secret_ttl" { + description = "The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long generated credentials remain valid. The value should be a string that specifies the number of seconds. Minimum duration is 86400 (1 day). Maximum is 7776000 seconds (90 days)." + type = string + default = "86401" +} + + // Resource arguments for sm_arbitrary_secret variable "sm_arbitrary_secret_name" { description = "The human-readable name of your secret." @@ -705,6 +753,14 @@ variable "sm_iam_credentials_secret_metadata_id" { default = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" } +// Data source arguments for sm_service_credentials_secret_metadata +variable "sm_service_credentials_secret_metadata_id" { + description = "The ID of the secret." + type = string + default = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" +} + + // Data source arguments for sm_arbitrary_secret_metadata variable "sm_arbitrary_secret_metadata_id" { description = "The ID of the secret." @@ -747,6 +803,13 @@ variable "sm_iam_credentials_secret_id" { default = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" } +// Data source arguments for sm_service_credentials_secret +variable "sm_service_credentials_secret_id" { + description = "The ID of the secret." + type = string + default = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" +} + // Data source arguments for sm_arbitrary_secret variable "sm_arbitrary_secret_id" { description = "The ID of the secret." diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go index 936814aded..92ffcdcc77 100644 --- a/ibm/provider/provider.go +++ b/ibm/provider/provider.go @@ -701,6 +701,7 @@ func Provider() *schema.Provider { "ibm_sm_public_certificate_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmPublicCertificateMetadata()), "ibm_sm_private_certificate_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmPrivateCertificateMetadata()), "ibm_sm_iam_credentials_secret_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmIamCredentialsSecretMetadata()), + "ibm_sm_service_credentials_secret_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmServiceCredentialsSecretMetadata()), "ibm_sm_kv_secret_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmKvSecretMetadata()), "ibm_sm_username_password_secret_metadata": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmUsernamePasswordSecretMetadata()), "ibm_sm_arbitrary_secret": secretsmanager.AddInstanceFields(secretsmanager.DataSourceIbmSmArbitrarySecret()), diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go new file mode 100644 index 0000000000..54ff509c4d --- /dev/null +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go @@ -0,0 +1,491 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager + +import ( + "context" + "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" + "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "log" +) + +func DataSourceIbmSmServiceCredentialsSecretMetadata() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIbmSmServiceCredentialsSecretMetadataRead, + + Schema: map[string]*schema.Schema{ + "secret_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The ID of the secret.", + }, + "created_by": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The unique identifier that is associated with the entity that created the secret.", + }, + "created_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was created. The date format follows RFC 3339.", + }, + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A CRN that uniquely identifies an IBM Cloud resource.", + }, + "custom_metadata": &schema.Schema{ + Type: schema.TypeMap, + Computed: true, + Description: "The secret metadata that a user can customize.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.", + }, + "downloaded": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.", + }, + "labels": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "locks_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of locks of the secret.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The human-readable name of your secret.", + }, + "secret_group_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + ForceNew: true, + Description: "A v4 UUID identifier, or `default` secret group.", + }, + "secret_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.", + }, + "state": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values.", + }, + "state_description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A text representation of the secret state.", + }, + "updated_at": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date when a resource was recently modified. The date format follows RFC 3339.", + }, + "versions_total": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The number of versions of the secret.", + }, + "ttl": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", + }, + "rotation": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secrets automatically.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auto_rotate": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval.", + }, + "interval": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + Description: "The length of the secret rotation time interval.", + }, + "unit": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The units for the secret rotation time interval.", + }, + }, + }, + }, + "next_rotation_date": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The date that the secret is scheduled for automatic rotation. The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.", + }, + "source_service": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The properties required for creating the service credentials for the specified source service instance.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "instance": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service instance identifier.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "A CRN that uniquely identifies a service credentials target.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CRN role identifier for creating a service-id.", + }, + }, + }, + }, + "iam": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service IAM data is returned in case IAM credentials where created for this secret.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "apikey": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM apikey metadata for the IAM credentials that were generated.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key name for the generated service credentials.", + }, + "description": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM API key description for the generated service credentials.", + }, + }, + }, + }, + "role": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM role for the generate service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM role CRN assigned to the generated service credentials.", + }, + }, + }, + }, + "serviceid": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The IAM serviceid for the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IAM Service ID CRN.", + }, + }, + }, + }, + }, + }, + }, + "resource_key": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The source service resource key data of the generated service credentials.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "crn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key CRN of the generated service credentials.", + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The resource key name of the generated service credentials.", + }, + }, + }, + }, + "parameters": &schema.Schema{ + Type: schema.TypeMap, + Computed: true, + Description: "The collection of parameters for the service credentials target.", + }, + }, + }, + }, + }, + } +} + +func dataSourceIbmSmServiceCredentialsSecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() + if err != nil { + return diag.FromErr(err) + } + + region := getRegion(secretsManagerClient, d) + instanceId := d.Get("instance_id").(string) + secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) + + getSecretMetadataOptions := &secretsmanagerv2.GetSecretMetadataOptions{} + + secretId := d.Get("secret_id").(string) + getSecretMetadataOptions.SetID(secretId) + + ServiceCredentialsSecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + } + ServiceCredentialsSecretMetadata := ServiceCredentialsSecretMetadataIntf.(*secretsmanagerv2.ServiceCredentialsSecretMetadata) + + d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) + + if err = d.Set("region", region); err != nil { + return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + } + if err = d.Set("created_by", ServiceCredentialsSecretMetadata.CreatedBy); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + } + + if err = d.Set("created_at", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.CreatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + } + + if err = d.Set("crn", ServiceCredentialsSecretMetadata.Crn); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + } + + if ServiceCredentialsSecretMetadata.CustomMetadata != nil { + convertedMap := make(map[string]interface{}, len(ServiceCredentialsSecretMetadata.CustomMetadata)) + for k, v := range ServiceCredentialsSecretMetadata.CustomMetadata { + convertedMap[k] = v + } + + if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + } + if err != nil { + return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + } + } + + if err = d.Set("description", ServiceCredentialsSecretMetadata.Description); err != nil { + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + } + + if err = d.Set("downloaded", ServiceCredentialsSecretMetadata.Downloaded); err != nil { + return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + } + + if ServiceCredentialsSecretMetadata.Labels != nil { + if err = d.Set("labels", ServiceCredentialsSecretMetadata.Labels); err != nil { + return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + } + } + + if err = d.Set("locks_total", flex.IntValue(ServiceCredentialsSecretMetadata.LocksTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + } + + if err = d.Set("name", ServiceCredentialsSecretMetadata.Name); err != nil { + return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + } + + if err = d.Set("secret_group_id", ServiceCredentialsSecretMetadata.SecretGroupID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + } + + if err = d.Set("secret_type", ServiceCredentialsSecretMetadata.SecretType); err != nil { + return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + } + + if err = d.Set("state", flex.IntValue(ServiceCredentialsSecretMetadata.State)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + } + + if err = d.Set("state_description", ServiceCredentialsSecretMetadata.StateDescription); err != nil { + return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + } + + if err = d.Set("updated_at", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.UpdatedAt)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + } + + if err = d.Set("versions_total", flex.IntValue(ServiceCredentialsSecretMetadata.VersionsTotal)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + } + + if err = d.Set("ttl", ServiceCredentialsSecretMetadata.TTL); err != nil { + return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + } + + rotation := []map[string]interface{}{} + if ServiceCredentialsSecretMetadata.Rotation != nil { + modelMap, err := dataSourceIbmSmServiceCredentialsSecretMetadataRotationPolicyToMap(ServiceCredentialsSecretMetadata.Rotation.(*secretsmanagerv2.RotationPolicy)) + if err != nil { + return diag.FromErr(err) + } + rotation = append(rotation, modelMap) + } + if err = d.Set("rotation", rotation); err != nil { + return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + } + + if err = d.Set("next_rotation_date", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.NextRotationDate)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + } + + sourceServiceMap, err := dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(ServiceCredentialsSecretMetadata.SourceService) + if err != nil { + return diag.FromErr(err) + } + if len(sourceServiceMap) > 0 { + if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + } + } + + return nil +} + +func dataSourceIbmSmServiceCredentialsSecretMetadataRotationPolicyToMap(model *secretsmanagerv2.RotationPolicy) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.AutoRotate != nil { + modelMap["auto_rotate"] = *model.AutoRotate + } + if model.Interval != nil { + modelMap["interval"] = *model.Interval + } + if model.Unit != nil { + modelMap["unit"] = *model.Unit + } + return modelMap, nil +} + +func dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) { + mainModelMap := make(map[string]interface{}) + if sourceService.Instance != nil { + instanceMap := make(map[string]interface{}) + instanceModel := sourceService.Instance + if instanceModel.Crn != nil { + instanceMap["crn"] = instanceModel.Crn + } + mainModelMap["instance"] = []map[string]interface{}{instanceMap} + } + + if sourceService.Role != nil { + roleMap := make(map[string]interface{}) + roleModel := sourceService.Role + if roleModel.Crn != nil { + roleMap["crn"] = roleModel.Crn + } + mainModelMap["role"] = []map[string]interface{}{roleMap} + } + + if sourceService.Iam != nil { + iamMap := make(map[string]interface{}) + iamModel := sourceService.Iam + + // apikey + if iamModel.Apikey != nil { + iamApikeyMap := make(map[string]interface{}) + iamApikeyModel := iamModel.Apikey + if iamApikeyModel.Name != nil { + iamApikeyMap["name"] = iamApikeyModel.Name + } + if iamApikeyModel.Description != nil { + iamApikeyMap["description"] = iamApikeyModel.Description + } + iamMap["apikey"] = []map[string]interface{}{iamApikeyMap} + } + + // role + if iamModel.Role != nil { + iamRoleMap := make(map[string]interface{}) + iamRoleModel := iamModel.Role + if iamRoleModel.Crn != nil { + iamRoleMap["crn"] = iamRoleModel.Crn + } + iamMap["role"] = []map[string]interface{}{iamRoleMap} + } + + // service id + if iamModel.Serviceid != nil { + iamServiceidMap := make(map[string]interface{}) + iamServiceidModel := iamModel.Serviceid + if iamServiceidModel.Crn != nil { + iamServiceidMap["crn"] = iamServiceidModel.Crn + } + iamMap["serviceid"] = []map[string]interface{}{iamServiceidMap} + } + + mainModelMap["iam"] = []map[string]interface{}{iamMap} + + } + + if sourceService.ResourceKey != nil { + resourceKeyMap := make(map[string]interface{}) + resourceKeyModel := sourceService.ResourceKey + if resourceKeyModel.Crn != nil { + resourceKeyMap["crn"] = resourceKeyModel.Crn + } + if resourceKeyModel.Name != nil { + resourceKeyMap["name"] = resourceKeyModel.Name + } + mainModelMap["resource_key"] = []map[string]interface{}{resourceKeyMap} + } + + if sourceService.Parameters != nil { + parametersMap := sourceService.Parameters.GetProperties() + for k, v := range parametersMap { + parametersMap[k] = fmt.Sprint(v) + } + if sourceService.Parameters.ServiceidCrn != nil { + parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn + } + mainModelMap["parameters"] = parametersMap + } + + return mainModelMap, nil +} diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go index 1f1f813e83..82232a7cfd 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -330,7 +330,7 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { "ttl": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: StringIsIntBetween(60, 7776000), + ValidateFunc: StringIsIntBetween(86400, 7776000), Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", }, "updated_at": &schema.Schema{ diff --git a/website/docs/d/sm_service_credentials_secret.html.markdown b/website/docs/d/sm_service_credentials_secret.html.markdown new file mode 100644 index 0000000000..0bce29f26e --- /dev/null +++ b/website/docs/d/sm_service_credentials_secret.html.markdown @@ -0,0 +1,140 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_sm_service_credentials_secret" +description: |- + Get information about ServiceCredentialsSecret +subcategory: "Secrets Manager" +--- + +# ibm_sm_service_credentials_secret + +Provides a read-only data source for a service credentials secret. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. +The data source can be defined by providing the secret ID or the secret and secret group names. + +## Example Usage + +By secret id +```hcl +data "ibm_sm_service_credentials_secret" "service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + secret_id = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" +} +``` + +By secret name and group name +```hcl +data "ibm_sm_service_credentials_secret" "service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + name = "secret-name" + secret_group_name = "group-name" +} +``` + +## Argument Reference + +Review the argument reference that you can specify for your data source. + +* `instance_id` - (Required, Forces new resource, String) The GUID of the Secrets Manager instance. +* `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. +* `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. + * Constraints: Allowable values are: `private`, `public`. +* `secret_id` - (Optional, String) The ID of the secret. + * Constraints: The maximum length is `36` characters. The minimum length is `36` characters. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. +* `name` - (Optional, String) The human-readable name of your secret. To be used in combination with `secret_group_name`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. +* `secret_group_name` - (Optional, String) The name of your existing secret group. To be used in combination with `name`. + * Constraints: The maximum length is `64` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. + +## Attribute Reference + +In addition to all argument references listed, you can access the following attribute references after your data source is created. + +* `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. + +* `created_by` - (String) The unique identifier that is associated with the entity that created the secret. + * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. + +* `credentials` - (List) The properties of the service credentials secret payload. + Nested scheme for **credentials**: + * `apikey` - (String) The API key that is generated for this secret. + * `cos_hmac_keys` - (String) The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret. + Nested scheme for **cos_hmac_keys**: + * `access_key_id` - (String) The access key ID for Cloud Object Storage HMAC credentials. + * `secret_access_key` - (String) The secret access key ID for Cloud Object Storage HMAC credentials. + * `endpoints` - (String) The endpoints that are returned after you create a service credentials secret. + * `iam_apikey_description` - (String) The description of the generated IAM API key. + * `iam_apikey_name` - (String) The name of the generated IAM API key. + * `iam_role_crn` - (String) The IAM role CRN that is returned after you create a service credentials secret. + * `iam_serviceid_crn` - (String) The IAM serviceId CRN that is returned after you create a service credentials secret. + * `resource_instance_id` - (String) The resource instance CRN that is returned after you create a service credentials secret. + +* `crn` - (String) A CRN that uniquely identifies an IBM Cloud resource. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `/^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@\/]|%[0-9A-Z]{2})*){8}$/`. + +* `custom_metadata` - (Map) The secret metadata that a user can customize. + +* `description` - (String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. + * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. + +* `downloaded` - (Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API. + +* `labels` - (List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. + * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. + +* `locks_total` - (Integer) The number of locks of the secret. + * Constraints: The maximum value is `1000`. The minimum value is `0`. + +* `name` - (String) The human-readable name of your secret. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. + +* `next_rotation_date` - (String) The date that the secret is scheduled for automatic rotation.The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy. + +* `rotation` - (List) Determines whether Secrets Manager rotates your secrets automatically. + Nested scheme for **rotation**: + * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. + * `interval` - (Integer) The length of the secret rotation time interval. + * Constraints: The minimum value is `1`. + * `unit` - (String) The units for the secret rotation time interval. + * Constraints: Allowable values are: `day`, `month`. + +* `secret_group_id` - (String) A v4 UUID identifier, or `default` secret group. + * Constraints: The maximum length is `36` characters. The minimum length is `7` characters. The value must match regular expression `/^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/`. + +* `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. + * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. + +* `source_service` - (List) The properties required for creating the service credentials for the specified source service instance. + Nested scheme for **source_service**: + * `iam` - (List) The source service IAM data is returned in case IAM credentials where created for this secret. + Nested scheme for **iam**: + * `apikey` - (String) The IAM apikey metadata for the IAM credentials that were generated. + Nested scheme for **apikey**: + * `name` - (String) The IAM API key name for the generated service credentials. + * `description` - (String) The IAM API key description for the generated service credentials. + * `role` - (String) The IAM role for the generate service credentials. + Nested scheme for **role**: + * `crn` - (String) The IAM role CRN assigned to the generated service credentials. + * `serviceid` - (String) The IAM serviceid for the generated service credentials. + Nested scheme for **serviceid**: + * `crn` - (String) The IAM Service ID CRN. + * `resource_key` - (List) The source service resource key data of the generated service credentials. + Nested scheme for **resource_key**: + * `crn` - (String) The resource key CRN of the generated service credentials. + * `name` - (String) The resource key name of the generated service credentials. + +* `state` - (Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values. + * Constraints: Allowable values are: `0`, `1`, `2`, `3`, `5`. + +* `state_description` - (String) A text representation of the secret state. + * Constraints: Allowable values are: `pre_activation`, `active`, `suspended`, `deactivated`, `destroyed`. + +* `ttl` - (String) The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long generated credentials remain valid. The value should be a string that specifies the number of seconds. Minimum duration is 86400 (1 day). Maximum is 7776000 seconds (90 days). + * Constraints: The maximum length is `7` characters. The minimum length is `2` characters. + +* `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. + +* `versions_total` - (Integer) The number of versions of the secret. + * Constraints: The maximum value is `50`. The minimum value is `0`. + diff --git a/website/docs/d/sm_service_credentials_secret_metadata.html.markdown b/website/docs/d/sm_service_credentials_secret_metadata.html.markdown new file mode 100644 index 0000000000..0710616c26 --- /dev/null +++ b/website/docs/d/sm_service_credentials_secret_metadata.html.markdown @@ -0,0 +1,113 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_sm_service_credentials_secret_metadata" +description: |- + Get information about ServiceCredentialsSecretMetadata +subcategory: "Secrets Manager" +--- + +# ibm_sm_service_credentials_secret + +Provides a read-only data source for the metadata of an service credentials secret. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. + + +## Example Usage + +```hcl +data "ibm_sm_service_credentials_secret_metadata" "service_credentials_secret_metadata" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + secret_id = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" +} +``` + +## Argument Reference + +Review the argument reference that you can specify for your data source. + +* `instance_id` - (Required, Forces new resource, String) The GUID of the Secrets Manager instance. +* `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. +* `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. + * Constraints: Allowable values are: `private`, `public`. +* `secret_id` - (Optional, String) The ID of the secret. + * Constraints: The maximum length is `36` characters. The minimum length is `36` characters. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + +## Attribute Reference + +In addition to all argument references listed, you can access the following attribute references after your data source is created. + +* `id` - The unique identifier of the data source. + +* `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. + +* `created_by` - (String) The unique identifier that is associated with the entity that created the secret. + * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. + +* `crn` - (String) A CRN that uniquely identifies an IBM Cloud resource. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `/^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@\/]|%[0-9A-Z]{2})*){8}$/`. + +* `custom_metadata` - (Map) The secret metadata that a user can customize. + +* `description` - (String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. + * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. + +* `downloaded` - (Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API. + +* `labels` - (List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. + * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. + +* `locks_total` - (Integer) The number of locks of the secret. + * Constraints: The maximum value is `1000`. The minimum value is `0`. + +* `name` - (String) The human-readable name of your secret. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. + +* `next_rotation_date` - (String) The date that the secret is scheduled for automatic rotation.The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy. + +* `rotation` - (List) Determines whether Secrets Manager rotates your secrets automatically. + Nested scheme for **rotation**: + * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. + * `interval` - (Integer) The length of the secret rotation time interval. + * Constraints: The minimum value is `1`. + * `unit` - (String) The units for the secret rotation time interval. + * Constraints: Allowable values are: `day`, `month`. + +* `secret_group_id` - (String) A v4 UUID identifier, or `default` secret group. + * Constraints: The maximum length is `36` characters. The minimum length is `7` characters. The value must match regular expression `/^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/`. + +* `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. + * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. + +* `source_service` - (List) The properties required for creating the service credentials for the specified source service instance. + Nested scheme for **source_service**: + * `iam` - (List) The source service IAM data is returned in case IAM credentials where created for this secret. + Nested scheme for **iam**: + * `apikey` - (String) The IAM apikey metadata for the IAM credentials that were generated. + Nested scheme for **apikey**: + * `name` - (String) The IAM API key name for the generated service credentials. + * `description` - (String) The IAM API key description for the generated service credentials. + * `role` - (String) The IAM role for the generate service credentials. + Nested scheme for **role**: + * `crn` - (String) The IAM role CRN assigned to the generated service credentials. + * `serviceid` - (String) The IAM serviceid for the generated service credentials. + Nested scheme for **serviceid**: + * `crn` - (String) The IAM Service ID CRN. + * `resource_key` - (List) The source service resource key data of the generated service credentials. + Nested scheme for **resource_key**: + * `crn` - (String) The resource key CRN of the generated service credentials. + * `name` - (String) The resource key name of the generated service credentials. + +* `state` - (Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values. + * Constraints: Allowable values are: `0`, `1`, `2`, `3`, `5`. + +* `state_description` - (String) A text representation of the secret state. + * Constraints: Allowable values are: `pre_activation`, `active`, `suspended`, `deactivated`, `destroyed`. + +* `ttl` - (String) The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long generated credentials remain valid. The value should be a string that specifies the number of seconds. Minimum duration is 86400 (1 day). Maximum is 7776000 seconds (90 days). + * Constraints: The maximum length is `7` characters. The minimum length is `2` characters. + +* `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. + +* `versions_total` - (Integer) The number of versions of the secret. + * Constraints: The maximum value is `50`. The minimum value is `0`. + diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown index b86d6093a6..fdeb388008 100644 --- a/website/docs/r/sm_service_credentials_secret.html.markdown +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -26,6 +26,15 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { unit = "day" } secret_group_id = ibm_sm_secret_group.sm_secret_group.secret_group_id + source_service { + instance { + crn = "crn:v1:staging:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" + } + role { + crn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" + } + parameters = {"HMAC": true} + } ttl = "1800" } ``` @@ -38,19 +47,18 @@ Review the argument reference that you can specify for your resource. * `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. * `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. * Constraints: Allowable values are: `private`, `public`. +* `name` - (Required, String) The human-readable name of your secret. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. * `custom_metadata` - (Optional, Map) The secret metadata that a user can customize. * `description` - (Optional, String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. -* `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. * `rotation` - (Optional, List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for **rotation**: * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Optional, Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Optional, Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (Optional, String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. @@ -59,21 +67,12 @@ Nested scheme for **rotation**: Nested scheme for **source_service**: * `instance` - (Optional, List) The source service instance identifier. Nested scheme for **instance**: - * `crn` - (Optional, String) A CRN that uniquely identifies a service credentials source. - * `parameters` - (Optional, List) Configuration options represented as key-value pairs. Service-defined options are used in the generation of credentials for some services. For example, Cloud Object Storage accepts the optional boolean parameter HMAC for creating specific kind of credentials. + * `crn` - (Optional, String) A CRN that uniquely identifies a service credentials source. * `role` - (Optional, List) The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles. Nested scheme for **role**: - * `crn` - (Optional, String) The service role CRN. - * `iam` - (Optional, List) The source service IAM data is returned in case IAM credentials where created for this secret. - Nested scheme for **iam**: - * `apikey` - (Optional, String) The IAM apikey metadata for the IAM credentials that were generated. - * `role` - (Optional, String) The IAM role for the generate service credentials. - * `serviceid` - (Optional, String) The IAM serviceid for the generated service credentials. - * `resource_key` - (Optional, List) The source service resource key data of the generated service credentials. - Nested scheme for **resource_key**: - * `crn` - (Optional, String) The resource key CRN of the generated service credentials. - * `name` - (Optional, String) The resource key name of the generated service credentials. -* `ttl` - (Required, String) The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long each generated API key remains valid. The value should be an integer that specifies the number of seconds. Minimum duration is 60 seconds. Maximum is 7776000 seconds (90 days). + * `crn` - (Optional, String) The service role CRN. + * `parameters` - (Optional, List) Configuration options represented as key-value pairs. Service-defined options are used in the generation of credentials for some services. For example, Cloud Object Storage accepts the optional boolean parameter HMAC for creating specific kind of credentials. +* `ttl` - (Required, String) The time-to-live (TTL) or lease duration to assign to generated credentials. The TTL defines for how long generated credentials remain valid. The value should be a string that specifies the number of seconds. Minimum duration is 86400 (1 day). Maximum is 7776000 seconds (90 days). * Constraints: The maximum length is `7` characters. The minimum length is `2` characters. ## Attribute Reference @@ -84,12 +83,43 @@ In addition to all argument references listed, you can access the following attr * `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. * `created_by` - (String) The unique identifier that is associated with the entity that created the secret. * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. +* `credentials` - (List) The properties of the service credentials secret payload. + Nested scheme for **credentials**: + * `apikey` - (String) The API key that is generated for this secret. + * `cos_hmac_keys` - (String) The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret. + Nested scheme for **cos_hmac_keys**: + * `access_key_id` - (String) The access key ID for Cloud Object Storage HMAC credentials. + * `secret_access_key` - (String) The secret access key ID for Cloud Object Storage HMAC credentials. + * `endpoints` - (String) The endpoints that are returned after you create a service credentials secret. + * `iam_apikey_description` - (String) The description of the generated IAM API key. + * `iam_apikey_name` - (String) The name of the generated IAM API key. + * `iam_role_crn` - (String) The IAM role CRN that is returned after you create a service credentials secret. + * `iam_serviceid_crn` - (String) The IAM serviceId CRN that is returned after you create a service credentials secret. + * `resource_instance_id` - (String) The resource instance CRN that is returned after you create a service credentials secret. * `crn` - (String) A CRN that uniquely identifies an IBM Cloud resource. * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `/^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@\/]|%[0-9A-Z]{2})*){8}$/`. * `downloaded` - (Boolean) Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API. * `locks_total` - (Integer) The number of locks of the secret. * Constraints: The maximum value is `1000`. The minimum value is `0`. * `next_rotation_date` - (String) The date that the secret is scheduled for automatic rotation.The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy. +* `source_service` - (List) The properties required for creating the service credentials for the specified source service instance. + Nested scheme for **source_service**: + * `iam` - (List) The source service IAM data is returned in case IAM credentials where created for this secret. + Nested scheme for **iam**: + * `apikey` - (String) The IAM apikey metadata for the IAM credentials that were generated. + Nested scheme for **apikey**: + * `name` - (String) The IAM API key name for the generated service credentials. + * `description` - (String) The IAM API key description for the generated service credentials. + * `role` - (String) The IAM role for the generate service credentials. + Nested scheme for **role**: + * `crn` - (String) The IAM role CRN assigned to the generated service credentials. + * `serviceid` - (String) The IAM serviceid for the generated service credentials. + Nested scheme for **serviceid**: + * `crn` - (String) The IAM Service ID CRN. + * `resource_key` - (List) The source service resource key data of the generated service credentials. + Nested scheme for **resource_key**: + * `crn` - (String) The resource key CRN of the generated service credentials. + * `name` - (String) The resource key name of the generated service credentials. * `state` - (Integer) The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values. * Constraints: Allowable values are: `0`, `1`, `2`, `3`, `5`. * `state_description` - (String) A text representation of the secret state. From 60abaf9338a777d728270769409e861a7e09105a Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Sun, 19 Nov 2023 14:10:52 +0200 Subject: [PATCH 04/47] update function updated --- .../resource_ibm_sm_service_credentilas_secret.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go index 82232a7cfd..013921c17e 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -552,6 +552,10 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch patchVals.Description = core.StringPtr(d.Get("description").(string)) hasChange = true } + if d.HasChange("ttl") { + patchVals.TTL = core.StringPtr(d.Get("ttl").(string)) + hasChange = true + } if d.HasChange("labels") { labels := d.Get("labels").([]interface{}) labelsParsed := make([]string, len(labels)) @@ -565,6 +569,15 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch patchVals.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) hasChange = true } + if d.HasChange("rotation") { + RotationModel, err := resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) + if err != nil { + log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) + return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + } + patchVals.Rotation = RotationModel + hasChange = true + } // Apply change in metadata (if changed) if hasChange { From 8477dde3ca0db972dd5e6c8a6aa3c9915e4c4582 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 22 Nov 2023 10:36:24 +0200 Subject: [PATCH 05/47] SC unit tests added --- ibm/acctest/acctest.go | 6 + ...ource_ibm_sm_service_credentials_secret.go | 3 + ..._sm_service_credentials_secret_metadata.go | 3 + ...ervice_credentials_secret_metadata_test.go | 74 ++++ ..._ibm_sm_service_credentials_secret_test.go | 84 +++++ ...ource_ibm_sm_service_credentilas_secret.go | 3 + ..._ibm_sm_service_credentilas_secret_test.go | 335 ++++++++++++++++++ 7 files changed, 508 insertions(+) create mode 100644 ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata_test.go create mode 100644 ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go create mode 100644 ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go index 65e4440b75..68cb246eac 100644 --- a/ibm/acctest/acctest.go +++ b/ibm/acctest/acctest.go @@ -139,6 +139,7 @@ var ( SecretsManagerPublicCertificateCommonName string SecretsManagerValidateManualDnsCisZoneId string SecretsManagerImportedCertificatePathToCertificate string + SecretsManagerServiceCredentialsCosCrn string SecretsManagerSecretType string SecretsManagerSecretID string ) @@ -1205,6 +1206,11 @@ func init() { fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_IMPORTED_CERTIFICATE_PATH_TO_CERTIFICATE for testing imported certificate's tests, else tests fail if not set correctly") } + SecretsManagerServiceCredentialsCosCrn = os.Getenv("SECRETS_MANAGER_SERVICE_CREDENTIALS_COS_CRN") + if SecretsManagerServiceCredentialsCosCrn == "" { + fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_SERVICE_CREDENTIALS_COS_CRN for testing service credentials' tests, else tests fail if not set correctly") + } + SecretsManagerSecretType = os.Getenv("SECRETS_MANAGER_SECRET_TYPE") if SecretsManagerSecretType == "" { SecretsManagerSecretType = "username_password" diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go index 8e23da6863..686a553ae7 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go @@ -592,6 +592,9 @@ func dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *se parametersMap[k] = fmt.Sprint(v) } if sourceService.Parameters.ServiceidCrn != nil { + if len(parametersMap) == 0 { + parametersMap = make(map[string]interface{}) + } parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn } mainModelMap["parameters"] = parametersMap diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go index 54ff509c4d..141e0f9e6d 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go @@ -482,6 +482,9 @@ func dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(sourceSer parametersMap[k] = fmt.Sprint(v) } if sourceService.Parameters.ServiceidCrn != nil { + if len(parametersMap) == 0 { + parametersMap = make(map[string]interface{}) + } parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn } mainModelMap["parameters"] = parametersMap diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata_test.go new file mode 100644 index 0000000000..91ad1c0491 --- /dev/null +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata_test.go @@ -0,0 +1,74 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIbmSmServiceCredentialsSecretMetadataDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIbmSmServiceCredentialsSecretMetadataDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "secret_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "instance_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "created_by"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "created_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "crn"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "secret_group_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "secret_type"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "updated_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "versions_total"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "rotation.#"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "ttl"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret_metadata.sm_service_credentials_secret_metadata", "source_service.#"), + ), + }, + }, + }) +} + +func testAccCheckIbmSmServiceCredentialsSecretMetadataDataSourceConfigBasic() string { + return fmt.Sprintf(` + resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_instance" { + instance_id = "%s" + region = "%s" + custom_metadata = {"key":"value"} + description = "Extended description for this secret." + labels = ["my-label"] + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + secret_group_id = "default" + name = "service_credentials-datasource-terraform-test" + ttl = "%s" + source_service { + instance { + crn = "%s" + } + parameters = %s + role { + crn = "%s" + } + } + } + + data "ibm_sm_service_credentials_secret_metadata" "sm_service_credentials_secret_metadata" { + instance_id = "%s" + region = "%s" + secret_id = ibm_sm_service_credentials_secret.sm_service_credentials_secret_instance.secret_id + } + `, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, serviceCredentialsTtl, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) +} diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go new file mode 100644 index 0000000000..ff445e0778 --- /dev/null +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go @@ -0,0 +1,84 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIbmSmServiceCredentialsSecretDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIbmSmServiceCredentialsSecretDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "secret_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "instance_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "created_by"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "created_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "crn"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "secret_group_id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "secret_type"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "updated_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "versions_total"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "rotation.#"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "ttl"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "source_service.#"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "credentials.#"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret_by_name", "name"), + resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret_by_name", "secret_group_name"), + ), + }, + }, + }) +} + +func testAccCheckIbmSmServiceCredentialsSecretDataSourceConfigBasic() string { + return fmt.Sprintf(` + resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_instance" { + instance_id = "%s" + region = "%s" + custom_metadata = {"key":"value"} + description = "Extended description for this secret." + labels = ["my-label"] + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + secret_group_id = "default" + name = "service_credentials-datasource-terraform-test" + ttl = "%s" + source_service { + instance { + crn = "%s" + } + parameters = %s + role { + crn = "%s" + } + } + } + + data "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = "%s" + region = "%s" + secret_id = ibm_sm_service_credentials_secret.sm_service_credentials_secret_instance.secret_id + } + + data "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_by_name" { + instance_id = "%s" + region = "%s" + name = ibm_sm_service_credentials_secret.sm_service_credentials_secret_instance.name + secret_group_name = "default" + } + `, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, serviceCredentialsTtl, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) +} diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go index 013921c17e..5795d0ec0a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -834,6 +834,9 @@ func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secr parametersMap[k] = fmt.Sprint(v) } if sourceService.Parameters.ServiceidCrn != nil { + if len(parametersMap) == 0 { + parametersMap = make(map[string]interface{}) + } parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn } mainModelMap["parameters"] = parametersMap diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go new file mode 100644 index 0000000000..85e9c37795 --- /dev/null +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go @@ -0,0 +1,335 @@ +// Copyright IBM Corp. 2023 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package secretsmanager_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" +) + +var serviceCredentialsSecretName = "terraform-test-sc-secret" +var modifiedServiceCredentialsSecretName = "modified-terraform-test-sc-secret" +var serviceCredentialsParameters = `{"HMAC":"true"}` +var serviceCredentialsParametersWithServiceId = `{"serviceid_crn": ibm_iam_service_id.ibm_iam_service_id_instance.crn}` +var serviceCredentialsTtl = "86400" +var modifiedServiceCredentialsTtl = "96400" +var serviceCredentialsRoleCrn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" + +func TestAccIbmSmServiceCredentialsSecretBasic(t *testing.T) { + resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret_basic" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: serviceCredentialsSecretConfigBasic(), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrSet(resourceName, "secret_id"), + resource.TestCheckResourceAttrSet(resourceName, "created_by"), + resource.TestCheckResourceAttrSet(resourceName, "created_at"), + resource.TestCheckResourceAttrSet(resourceName, "updated_at"), + resource.TestCheckResourceAttrSet(resourceName, "crn"), + resource.TestCheckResourceAttrSet(resourceName, "downloaded"), + resource.TestCheckResourceAttr(resourceName, "state", "1"), + resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), + ), + }, + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl"}, + }, + }, + }) +} + +func TestAccIbmSmServiceCredentialsSecretAllArgs(t *testing.T) { + resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: serviceCredentialsSecretConfigAllArgs(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmSmServiceCredentialsSecretCreated(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "secret_id"), + resource.TestCheckResourceAttrSet(resourceName, "created_by"), + resource.TestCheckResourceAttrSet(resourceName, "created_at"), + resource.TestCheckResourceAttrSet(resourceName, "updated_at"), + resource.TestCheckResourceAttrSet(resourceName, "crn"), + resource.TestCheckResourceAttrSet(resourceName, "downloaded"), + resource.TestCheckResourceAttrSet(resourceName, "next_rotation_date"), + resource.TestCheckResourceAttr(resourceName, "state", "1"), + resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), + ), + }, + resource.TestStep{ + Config: serviceCredentialsSecretConfigUpdated(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmSmServiceCredentialsSecretUpdated(resourceName), + ), + }, + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl"}, + }, + }, + }) +} + +func TestAccIbmSmServiceCredentialsSecretAllArgsWithExistingServiceId(t *testing.T) { + resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret_service_id" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: serviceCredentialsSecretConfigAllArgsWithExistingServiceId(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmSmServiceCredentialsSecretCreated(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "secret_id"), + resource.TestCheckResourceAttrSet(resourceName, "created_by"), + resource.TestCheckResourceAttrSet(resourceName, "created_at"), + resource.TestCheckResourceAttrSet(resourceName, "updated_at"), + resource.TestCheckResourceAttrSet(resourceName, "crn"), + resource.TestCheckResourceAttrSet(resourceName, "downloaded"), + resource.TestCheckResourceAttrSet(resourceName, "next_rotation_date"), + resource.TestCheckResourceAttr(resourceName, "state", "1"), + resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), + ), + }, + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl"}, + }, + }, + }) +} + +var serviceCredentialsSecretBasicConfigFormat = ` + resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_basic" { + instance_id = "%s" + region = "%s" + name = "%s" + source_service { + instance { + crn = "%s" + } + role { + crn = "%s" + } + } + ttl = "%s" + }` + +var serviceCredentialsSecretFullConfigFormat = ` + resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = "%s" + region = "%s" + name = "%s-serviceid" + description = "%s" + labels = ["%s"] + source_service { + instance { + crn = "%s" + } + parameters = %s + role { + crn = "%s" + } + } + ttl = "%s" + custom_metadata = %s + secret_group_id = "default" + rotation %s + }` + +var serviceCredentialsSecretFullConfigFormatWithExistingServiceId = ` + resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_service_id" { + instance_id = "%s" + region = "%s" + name = "%s" + description = "%s" + labels = ["%s"] + source_service { + instance { + crn = "%s" + } + parameters = %s + role { + crn = "%s" + } + } + ttl = "%s" + custom_metadata = %s + secret_group_id = "default" + rotation %s + }` + +func iamServiceIdConfig() string { + return fmt.Sprintf(` + resource "ibm_iam_service_id" "ibm_iam_service_id_instance" { + name = "service-id-terraform-tests-sc" + }`) +} + +func serviceCredentialsSecretConfigBasic() string { + return fmt.Sprintf(serviceCredentialsSecretBasicConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + serviceCredentialsSecretName, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsRoleCrn, serviceCredentialsTtl) +} + +func serviceCredentialsSecretConfigAllArgs() string { + return fmt.Sprintf(serviceCredentialsSecretFullConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParametersWithServiceId, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) +} + +func serviceCredentialsSecretConfigAllArgsWithExistingServiceId() string { + return iamServiceIdConfig() + fmt.Sprintf(serviceCredentialsSecretFullConfigFormatWithExistingServiceId, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParametersWithServiceId, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) +} + +func serviceCredentialsSecretConfigUpdated() string { + return fmt.Sprintf(serviceCredentialsSecretFullConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + modifiedServiceCredentialsSecretName, modifiedDescription, modifiedLabel, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, + modifiedServiceCredentialsTtl, modifiedCustomMetadata, modifiedRotationPolicy) +} + +func testAccCheckIbmSmServiceCredentialsSecretCreated(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + serviceCredentialsSecretIntf, err := getSecret(s, n) + if err != nil { + return err + } + secret := serviceCredentialsSecretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) + + if err := verifyAttr(*secret.Name, serviceCredentialsSecretName, "secret name"); err != nil { + return err + } + if err := verifyAttr(*secret.Description, description, "secret description"); err != nil { + return err + } + if len(secret.Labels) != 1 { + return fmt.Errorf("Wrong number of labels: %d", len(secret.Labels)) + } + if err := verifyAttr(secret.Labels[0], label, "label"); err != nil { + return err + } + if err := verifyJsonAttr(secret.CustomMetadata, customMetadata, "custom metadata"); err != nil { + return err + } + if err := verifyAttr(getAutoRotate(secret.Rotation), "true", "auto_rotate"); err != nil { + return err + } + if err := verifyAttr(getRotationUnit(secret.Rotation), "day", "rotation unit"); err != nil { + return err + } + if err := verifyAttr(getRotationInterval(secret.Rotation), "1", "rotation interval"); err != nil { + return err + } + if err := verifyAttr(*secret.TTL, serviceCredentialsTtl, "ttl"); err != nil { + return err + } + if err := verifyAttr(*secret.SourceService.Instance.Crn, acc.SecretsManagerServiceCredentialsCosCrn, "source_service.Instance.Crn"); err != nil { + return err + } + if err := verifyAttr(*secret.SourceService.Role.Crn, serviceCredentialsRoleCrn, "source_service.Role.Crn"); err != nil { + return err + } + if err := verifyAttr(*secret.Credentials.IamRoleCrn, serviceCredentialsRoleCrn, "credentials.IamRoleCrn"); err != nil { + return err + } + return nil + } +} + +func testAccCheckIbmSmServiceCredentialsSecretUpdated(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + serviceCredentialsSecretIntf, err := getSecret(s, n) + if err != nil { + return err + } + secret := serviceCredentialsSecretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) + + if err := verifyAttr(*secret.Name, modifiedServiceCredentialsSecretName, "secret name"); err != nil { + return err + } + if err := verifyAttr(*secret.Description, modifiedDescription, "secret description after update"); err != nil { + return err + } + if len(secret.Labels) != 1 { + return fmt.Errorf("Wrong number of labels after update: %d", len(secret.Labels)) + } + if err := verifyAttr(secret.Labels[0], modifiedLabel, "label after update"); err != nil { + return err + } + if err := verifyJsonAttr(secret.CustomMetadata, modifiedCustomMetadata, "custom metadata after update"); err != nil { + return err + } + if err := verifyAttr(*secret.TTL, modifiedServiceCredentialsTtl, "ttl after update"); err != nil { + return err + } + if err := verifyAttr(getAutoRotate(secret.Rotation), "true", "auto_rotate after update"); err != nil { + return err + } + if err := verifyAttr(getRotationUnit(secret.Rotation), "month", "rotation unit after update"); err != nil { + return err + } + if err := verifyAttr(getRotationInterval(secret.Rotation), "2", "rotation interval after update"); err != nil { + return err + } + return nil + } +} + +func testAccCheckIbmSmServiceCredentialsSecretDestroy(s *terraform.State) error { + secretsManagerClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).SecretsManagerV2() + if err != nil { + return err + } + + secretsManagerClient = getClientWithInstanceEndpointTest(secretsManagerClient) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "ibm_sm_service_credentials_secret" { + continue + } + + getSecretOptions := &secretsmanagerv2.GetSecretOptions{} + + id := strings.Split(rs.Primary.ID, "/") + secretId := id[2] + getSecretOptions.SetID(secretId) + + // Try to find the key + _, response, err := secretsManagerClient.GetSecret(getSecretOptions) + + if err == nil { + return fmt.Errorf("ServiceCredentialsSecret still exists: %s", rs.Primary.ID) + } else if response.StatusCode != 404 { + return fmt.Errorf("Error checking for ServiceCredentialsSecret (%s) has been destroyed: %s", rs.Primary.ID, err) + } + } + + return nil +} From 972a9b986bd75f778d14726e6ab8bf77cdb201bb Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 28 Nov 2023 13:01:11 +0200 Subject: [PATCH 06/47] SC unit tests added --- ...ource_ibm_sm_service_credentials_secret.go | 114 ++-------------- ...ource_ibm_sm_service_credentilas_secret.go | 126 +++--------------- ...m_service_credentials_secret.html.markdown | 16 +++ ...m_service_credentials_secret.html.markdown | 26 ++++ 4 files changed, 66 insertions(+), 216 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go index 686a553ae7..bc5c17a8c9 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go @@ -5,6 +5,7 @@ package secretsmanager import ( "context" + "encoding/json" "fmt" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" @@ -147,68 +148,10 @@ func DataSourceIbmSmServiceCredentialsSecret() *schema.Resource { Description: "The date that the secret is scheduled for automatic rotation. The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.", }, "credentials": &schema.Schema{ - Type: schema.TypeList, + Type: schema.TypeMap, Computed: true, + Sensitive: true, Description: "The properties of the service credentials secret payload.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "apikey": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Sensitive: true, - Description: "The API key that is generated for this secret.", - }, - "cos_hmac_keys": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "access_key_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The access key ID for Cloud Object Storage HMAC credentials.", - }, - "secret_access_key": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The secret access key ID for Cloud Object Storage HMAC credentials.", - }, - }, - }, - }, - "endpoints": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The endpoints that are returned after you create a service credentials secret.", - }, - "iam_apikey_description": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The description of the generated IAM API key.", - }, - "iam_apikey_name": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The name of the generated IAM API key.", - }, - "iam_role_crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM role CRN that is returned after you create a service credentials secret.", - }, - "iam_serviceid_crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM serviceId CRN that is returned after you create a service credentials secret.", - }, - "resource_instance_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The resource instance CRN that is returned after you create a service credentials secret.", - }, - }, - }, }, "source_service": &schema.Schema{ Type: schema.TypeList, @@ -437,14 +380,11 @@ func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *sch } if ServiceCredentialsSecret.Credentials != nil { - credentialsMap, err := dataSourceIbmSmServiceCredentialsSecretCredentialsToMap(ServiceCredentialsSecret.Credentials) - if err != nil { - return diag.FromErr(err) - } - if len(credentialsMap) > 0 { - if err = d.Set("credentials", []map[string]interface{}{credentialsMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting credentialsMap: %s", err)) - } + var credInterface map[string]interface{} + cred, _ := json.Marshal(ServiceCredentialsSecret.Credentials) + json.Unmarshal(cred, &credInterface) + if err = d.Set("credentials", flex.Flatten(credInterface)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting credentials: %s", err)) } } @@ -475,44 +415,6 @@ func dataSourceIbmSmServiceCredentialsSecretRotationPolicyToMap(model *secretsma return modelMap, nil } -func dataSourceIbmSmServiceCredentialsSecretCredentialsToMap(credentials *secretsmanagerv2.ServiceCredentialsSecretCredentials) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if credentials.IamApikeyDescription != nil { - modelMap["iam_apikey_description"] = credentials.IamApikeyDescription - } - if credentials.Apikey != nil { - modelMap["apikey"] = credentials.Apikey - } - if credentials.Endpoints != nil { - modelMap["endpoints"] = credentials.Endpoints - } - if credentials.IamApikeyName != nil { - modelMap["iam_apikey_name"] = credentials.IamApikeyName - } - if credentials.IamRoleCrn != nil { - modelMap["iam_role_crn"] = credentials.IamRoleCrn - } - if credentials.IamServiceidCrn != nil { - modelMap["iam_serviceid_crn"] = credentials.IamServiceidCrn - } - if credentials.ResourceInstanceID != nil { - modelMap["resource_instance_id"] = credentials.ResourceInstanceID - } - if credentials.CosHmacKeys != nil { - cosHmacKeys := [1]map[string]interface{}{} - m := map[string]interface{}{} - if credentials.CosHmacKeys.AccessKeyID != nil { - m["access_key_id"] = credentials.CosHmacKeys.AccessKeyID - } - if credentials.CosHmacKeys.SecretAccessKey != nil { - m["secret_access_key"] = credentials.CosHmacKeys.SecretAccessKey - } - cosHmacKeys[0] = m - modelMap["cos_hmac_keys"] = cosHmacKeys - } - return modelMap, nil -} - func dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) { mainModelMap := make(map[string]interface{}) if sourceService.Instance != nil { diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go index 5795d0ec0a..10d8494813 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -5,6 +5,7 @@ package secretsmanager import ( "context" + "encoding/json" "fmt" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" @@ -80,68 +81,10 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { Description: "The date when a resource was created. The date format follows RFC 3339.", }, "credentials": &schema.Schema{ - Type: schema.TypeList, + Type: schema.TypeMap, Computed: true, + Sensitive: true, Description: "The properties of the service credentials secret payload.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "apikey": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Sensitive: true, - Description: "The API key that is generated for this secret.", - }, - "cos_hmac_keys": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The Cloud Object Storage HMAC keys that are returned after you create a service credentials secret.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "access_key_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The access key ID for Cloud Object Storage HMAC credentials.", - }, - "secret_access_key": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The secret access key ID for Cloud Object Storage HMAC credentials.", - }, - }, - }, - }, - "endpoints": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The endpoints that are returned after you create a service credentials secret.", - }, - "iam_apikey_description": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The description of the generated IAM API key.", - }, - "iam_apikey_name": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The name of the generated IAM API key.", - }, - "iam_role_crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM role CRN that is returned after you create a service credentials secret.", - }, - "iam_serviceid_crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM serviceId CRN that is returned after you create a service credentials secret.", - }, - "resource_instance_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The resource instance CRN that is returned after you create a service credentials secret.", - }, - }, - }, }, "crn": &schema.Schema{ Type: schema.TypeString, @@ -206,12 +149,14 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { Type: schema.TypeList, Required: true, MaxItems: 1, + ForceNew: true, Description: "The source service instance identifier.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "crn": &schema.Schema{ Type: schema.TypeString, Required: true, + ForceNew: true, Description: "A CRN that uniquely identifies a service credentials target.", }, }, @@ -221,6 +166,7 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { Type: schema.TypeList, Optional: true, Computed: true, + ForceNew: true, MaxItems: 1, Description: "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles.", Elem: &schema.Resource{ @@ -229,6 +175,7 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, + ForceNew: true, Description: "The CRN role identifier for creating a service-id.", }, }, @@ -312,6 +259,7 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { "parameters": &schema.Schema{ Type: schema.TypeMap, Optional: true, + ForceNew: true, Description: "The collection of parameters for the service credentials target.", }, }, @@ -328,10 +276,9 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { Description: "A text representation of the secret state.", }, "ttl": &schema.Schema{ - Type: schema.TypeString, - Required: true, - ValidateFunc: StringIsIntBetween(86400, 7776000), - Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", + Type: schema.TypeString, + Required: true, + Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", }, "updated_at": &schema.Schema{ Type: schema.TypeString, @@ -489,14 +436,11 @@ func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schem } } if secret.Credentials != nil { - credentialsMap, err := resourceIbmSmServiceCredentialsSecretCredentialsToMap(secret.Credentials) - if err != nil { - return diag.FromErr(err) - } - if len(credentialsMap) > 0 { - if err = d.Set("credentials", []map[string]interface{}{credentialsMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting credentialsMap: %s", err)) - } + var credInterface map[string]interface{} + cred, _ := json.Marshal(secret.Credentials) + json.Unmarshal(cred, &credInterface) + if err = d.Set("credentials", flex.Flatten(credInterface)); err != nil { + return diag.FromErr(fmt.Errorf("Error setting credentials: %s", err)) } } if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { @@ -844,41 +788,3 @@ func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secr return mainModelMap, nil } - -func resourceIbmSmServiceCredentialsSecretCredentialsToMap(credentials *secretsmanagerv2.ServiceCredentialsSecretCredentials) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - if credentials.IamApikeyDescription != nil { - modelMap["iam_apikey_description"] = credentials.IamApikeyDescription - } - if credentials.Apikey != nil { - modelMap["apikey"] = credentials.Apikey - } - if credentials.Endpoints != nil { - modelMap["endpoints"] = credentials.Endpoints - } - if credentials.IamApikeyName != nil { - modelMap["iam_apikey_name"] = credentials.IamApikeyName - } - if credentials.IamRoleCrn != nil { - modelMap["iam_role_crn"] = credentials.IamRoleCrn - } - if credentials.IamServiceidCrn != nil { - modelMap["iam_serviceid_crn"] = credentials.IamServiceidCrn - } - if credentials.ResourceInstanceID != nil { - modelMap["resource_instance_id"] = credentials.ResourceInstanceID - } - if credentials.CosHmacKeys != nil { - cosHmacKeys := [1]map[string]interface{}{} - m := map[string]interface{}{} - if credentials.CosHmacKeys.AccessKeyID != nil { - m["access_key_id"] = credentials.CosHmacKeys.AccessKeyID - } - if credentials.CosHmacKeys.SecretAccessKey != nil { - m["secret_access_key"] = credentials.CosHmacKeys.SecretAccessKey - } - cosHmacKeys[0] = m - modelMap["cos_hmac_keys"] = cosHmacKeys - } - return modelMap, nil -} diff --git a/website/docs/d/sm_service_credentials_secret.html.markdown b/website/docs/d/sm_service_credentials_secret.html.markdown index 0bce29f26e..bef56d1469 100644 --- a/website/docs/d/sm_service_credentials_secret.html.markdown +++ b/website/docs/d/sm_service_credentials_secret.html.markdown @@ -32,6 +32,22 @@ data "ibm_sm_service_credentials_secret" "service_credentials_secret" { } ``` +### Example to access resource credentials using credentials attribute: + +```terraform +data "ibm_sm_service_credentials_secret" "service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + secret_id = "0b5571f7-21e6-42b7-91c5-3f5ac9793a46" +} +output "access_key_id" { + value = data.ibm_sm_service_credentials_secret.service_credentials_secret.credentials["cos_hmac_keys.access_key_id"] +} +output "secret_access_key" { + value = data.ibm_sm_service_credentials_secret.service_credentials_secret.credentials["cos_hmac_keys.secret_access_key"] +} +``` + ## Argument Reference Review the argument reference that you can specify for your data source. diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown index fdeb388008..cdf60c3e9f 100644 --- a/website/docs/r/sm_service_credentials_secret.html.markdown +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -39,6 +39,32 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { } ``` +### Example to access resource credentials using credentials attribute: + +```terraform +resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + region = "us-south" + name = "secret-name" + source_service { + instance { + crn = "crn:v1:staging:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" + } + role { + crn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" + } + parameters = {"HMAC": true} + } + ttl = "1800" +} + +output "access_key_id" { + value = ibm_sm_service_credentials_secret.sm_service_credentials_secret.credentials["cos_hmac_keys.access_key_id"] +} +output "secret_access_key" { + value = ibm_sm_service_credentials_secret.sm_service_credentials_secret.credentials["cos_hmac_keys.secret_access_key"] +} +``` + ## Argument Reference Review the argument reference that you can specify for your resource. From 59c5e72bbb9381d46965d10a34f1fe5b29c7bc20 Mon Sep 17 00:00:00 2001 From: Avi Ribchinsky Date: Wed, 6 Dec 2023 11:38:29 +0200 Subject: [PATCH 07/47] d --- .../resource_ibm_sm_service_credentilas_secret.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go index 10d8494813..7d5e211b0d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go @@ -1,6 +1,6 @@ // Copyright IBM Corp. 2023 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 - +// . package secretsmanager import ( From 2ff98ad7a2917ea3837552fa4c7f6d554999d906 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 6 Dec 2023 12:36:44 +0200 Subject: [PATCH 08/47] tests fixes --- .../data_source_ibm_sm_service_credentials_secret_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go index ff445e0778..eadf2f92c8 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_test.go @@ -32,7 +32,6 @@ func TestAccIbmSmServiceCredentialsSecretDataSourceBasic(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "rotation.#"), resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "ttl"), resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "source_service.#"), - resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret", "credentials.#"), resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret_by_name", "name"), resource.TestCheckResourceAttrSet("data.ibm_sm_service_credentials_secret.sm_service_credentials_secret_by_name", "secret_group_name"), ), From 40ea122d32b0339fc9314b400f2ebde941952c80 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 6 Dec 2023 12:37:25 +0200 Subject: [PATCH 09/47] tests fixes --- .../resource_ibm_sm_service_credentilas_secret_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go index 85e9c37795..7de340208c 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go @@ -20,8 +20,8 @@ var serviceCredentialsSecretName = "terraform-test-sc-secret" var modifiedServiceCredentialsSecretName = "modified-terraform-test-sc-secret" var serviceCredentialsParameters = `{"HMAC":"true"}` var serviceCredentialsParametersWithServiceId = `{"serviceid_crn": ibm_iam_service_id.ibm_iam_service_id_instance.crn}` -var serviceCredentialsTtl = "86400" -var modifiedServiceCredentialsTtl = "96400" +var serviceCredentialsTtl = "172800" +var modifiedServiceCredentialsTtl = "6048000" var serviceCredentialsRoleCrn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" func TestAccIbmSmServiceCredentialsSecretBasic(t *testing.T) { @@ -147,7 +147,7 @@ var serviceCredentialsSecretFullConfigFormat = ` resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { instance_id = "%s" region = "%s" - name = "%s-serviceid" + name = "%s" description = "%s" labels = ["%s"] source_service { @@ -201,7 +201,7 @@ func serviceCredentialsSecretConfigBasic() string { func serviceCredentialsSecretConfigAllArgs() string { return fmt.Sprintf(serviceCredentialsSecretFullConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, - serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParametersWithServiceId, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) + serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) } func serviceCredentialsSecretConfigAllArgsWithExistingServiceId() string { From f3a195f69c96fd8c80b4a59d57922b64d35d8e7b Mon Sep 17 00:00:00 2001 From: Tatyana Date: Mon, 11 Dec 2023 11:32:05 +0200 Subject: [PATCH 10/47] update sdk --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ddb9fcf327..8a622f0227 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 github.com/IBM/scc-go-sdk/v5 v5.1.3 github.com/IBM/schematics-go-sdk v0.2.2 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.1 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2 github.com/IBM/vpc-beta-go-sdk v0.6.0 github.com/IBM/vpc-go-sdk v0.43.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 diff --git a/go.sum b/go.sum index abd13996b4..2507c980b0 100644 --- a/go.sum +++ b/go.sum @@ -167,8 +167,8 @@ github.com/IBM/scc-go-sdk/v5 v5.1.3 h1:8zqJx/HgChTlMaC21HzthIR4HbFkuJ3dR/D68254j github.com/IBM/scc-go-sdk/v5 v5.1.3/go.mod h1:YtAVlzq10bwR82QX4ZavhDIwa1s85RuVO9N/KmXVcuk= github.com/IBM/schematics-go-sdk v0.2.2 h1:8S3hoVLzF/ZRgWDaLqwHnLmZvlEBHCKgHszmMh7yD2E= github.com/IBM/schematics-go-sdk v0.2.2/go.mod h1:Tw2OSAPdpC69AxcwoyqcYYaGTTW6YpERF9uNEU+BFRQ= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.1 h1:0Ouu31RsuOLdH26oNsnPErEjctWTplLEIXxwExnTZT0= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.1/go.mod h1:jagqWmjZ0zUEqh5jdGB42ApSQS40fu2LWw6pdg8JJko= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2 h1:+Svh1OmoFxMBnZQSOUtp2UUzrOGFsSQlE5TFL/ptJco= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.2/go.mod h1:WII+LS4VkQYykmq65NWSuPb5xGNvsqkcK1aCWZoU2x4= github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc= github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA= github.com/IBM/vpc-go-sdk v0.43.0 h1:uy/qWIqETCXraUG2cq5sjScr6pZ79ZteY1v5iLUVQ3Q= From 8fa09ae490bb853ea384b68858adac0e41df4257 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 11 Dec 2023 18:24:21 +0200 Subject: [PATCH 11/47] .secrets.baseline update --- .secrets.baseline | 130 ++++++++++++++++++++++++++++------------------ 1 file changed, 80 insertions(+), 50 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index c90644602f..f9d2be69de 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,11 +3,8 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-11-10T20:51:53Z", + "generated_at": "2023-12-11T16:20:36Z", "plugins_used": [ - { - "name": "AWSKeyDetector" - }, { "name": "ArtifactoryDetector" }, @@ -21,12 +18,6 @@ { "name": "BasicAuthDetector" }, - { - "name": "BoxDetector" - }, - { - "name": "CloudantDetector" - }, { "ghe_instance": "github.ibm.com", "name": "GheDetector" @@ -51,9 +42,6 @@ "keyword_exclude": null, "name": "KeywordDetector" }, - { - "name": "MailchimpDetector" - }, { "name": "NpmDetector" }, @@ -68,12 +56,6 @@ }, { "name": "SquareOAuthDetector" - }, - { - "name": "StripeDetector" - }, - { - "name": "TwilioKeyDetector" } ], "results": { @@ -696,7 +678,7 @@ "hashed_secret": "912accc17209bb36cb22d76d430ef9e9ec99dd4c", "is_secret": false, "is_verified": false, - "line_number": 163, + "line_number": 188, "type": "Secret Keyword", "verified_result": null }, @@ -704,7 +686,7 @@ "hashed_secret": "514edd121688f936809a62aecd24419c7eaa772b", "is_secret": false, "is_verified": false, - "line_number": 250, + "line_number": 275, "type": "Secret Keyword", "verified_result": null }, @@ -712,7 +694,7 @@ "hashed_secret": "fa33d07da58b52eee9f13b88e9cda8b98f1c19b6", "is_secret": false, "is_verified": false, - "line_number": 261, + "line_number": 286, "type": "Secret Keyword", "verified_result": null }, @@ -720,7 +702,7 @@ "hashed_secret": "5926151b9a84e25fbc262e88ef6c1d58f0c95548", "is_secret": false, "is_verified": false, - "line_number": 273, + "line_number": 298, "type": "Secret Keyword", "verified_result": null } @@ -760,7 +742,7 @@ "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004", "is_secret": false, "is_verified": false, - "line_number": 412, + "line_number": 417, "type": "Secret Keyword", "verified_result": null }, @@ -768,7 +750,7 @@ "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7", "is_secret": false, "is_verified": false, - "line_number": 418, + "line_number": 423, "type": "Secret Keyword", "verified_result": null }, @@ -776,7 +758,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 1123, + "line_number": 1128, "type": "Base64 High Entropy String", "verified_result": null } @@ -846,7 +828,7 @@ "hashed_secret": "da8cae6284528565678de15e03d461e23fe22538", "is_secret": false, "is_verified": false, - "line_number": 1845, + "line_number": 1858, "type": "Secret Keyword", "verified_result": null }, @@ -854,7 +836,7 @@ "hashed_secret": "1a0334cfa65f4be58b9d914b8e96e9d9478bfbac", "is_secret": false, "is_verified": false, - "line_number": 3226, + "line_number": 3239, "type": "Secret Keyword", "verified_result": null } @@ -864,7 +846,7 @@ "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9", "is_secret": false, "is_verified": false, - "line_number": 1803, + "line_number": 1806, "type": "Secret Keyword", "verified_result": null }, @@ -872,7 +854,7 @@ "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437", "is_secret": false, "is_verified": false, - "line_number": 1809, + "line_number": 1812, "type": "Secret Keyword", "verified_result": null } @@ -1268,15 +1250,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 129, - "type": "Secret Keyword", - "verified_result": null - }, - { - "hashed_secret": "505032eaf8a3acf9b094a326dfb1cd0537c75a0d", - "is_secret": false, - "is_verified": false, - "line_number": 235, + "line_number": 104, "type": "Secret Keyword", "verified_result": null } @@ -1364,15 +1338,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 94, - "type": "Secret Keyword", - "verified_result": null - }, - { - "hashed_secret": "505032eaf8a3acf9b094a326dfb1cd0537c75a0d", - "is_secret": false, - "is_verified": false, - "line_number": 364, + "line_number": 68, "type": "Secret Keyword", "verified_result": null } @@ -2014,7 +1980,7 @@ "hashed_secret": "884a58e4c2c5d195d3876787bdc63af6c5af2924", "is_secret": false, "is_verified": false, - "line_number": 1589, + "line_number": 1595, "type": "Secret Keyword", "verified_result": null } @@ -2940,7 +2906,7 @@ "hashed_secret": "3c2ecad9b250fd6d99893e4d05ec02ca19aa95d0", "is_secret": false, "is_verified": false, - "line_number": 383, + "line_number": 389, "type": "Secret Keyword", "verified_result": null } @@ -3355,6 +3321,34 @@ "verified_result": null } ], + "ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go": [ + { + "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", + "is_secret": false, + "is_verified": false, + "line_number": 196, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", + "is_secret": false, + "is_verified": false, + "line_number": 387, + "type": "Secret Keyword", + "verified_result": null + } + ], + "ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go": [ + { + "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", + "is_secret": false, + "is_verified": false, + "line_number": 179, + "type": "Secret Keyword", + "verified_result": null + } + ], "ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go": [ { "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", @@ -3663,6 +3657,24 @@ "verified_result": null } ], + "ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go": [ + { + "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", + "is_secret": false, + "is_verified": false, + "line_number": 190, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", + "is_secret": false, + "is_verified": false, + "line_number": 443, + "type": "Secret Keyword", + "verified_result": null + } + ], "ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go": [ { "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", @@ -4801,6 +4813,24 @@ "verified_result": null } ], + "website/docs/r/sm_service_credentials_secret.html.markdown": [ + { + "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", + "is_secret": false, + "is_verified": false, + "line_number": 191, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", + "is_secret": false, + "is_verified": false, + "line_number": 193, + "type": "Secret Keyword", + "verified_result": null + } + ], "website/docs/r/sm_username_password_secret.html.markdown": [ { "hashed_secret": "e3efaa78f2f6ca38f70ded91b232d8dac947315d", From a6b779c726db1c91c7619003fc79c05360f37945 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 11 Dec 2023 18:26:37 +0200 Subject: [PATCH 12/47] .secrets.baseline update --- .secrets.baseline | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.secrets.baseline b/.secrets.baseline index f9d2be69de..2f29990cf4 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-12-11T16:20:36Z", + "generated_at": "2023-12-11T16:26:19Z", "plugins_used": [ { "name": "ArtifactoryDetector" From cea9bd43196031714d31657113996522d9912054 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 11 Dec 2023 18:30:51 +0200 Subject: [PATCH 13/47] .secrets.baseline update --- .secrets.baseline | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.secrets.baseline b/.secrets.baseline index 2f29990cf4..9d2216f283 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -5,6 +5,9 @@ }, "generated_at": "2023-12-11T16:26:19Z", "plugins_used": [ + { + "name": "AWSKeyDetector" + }, { "name": "ArtifactoryDetector" }, @@ -18,6 +21,12 @@ { "name": "BasicAuthDetector" }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, { "ghe_instance": "github.ibm.com", "name": "GheDetector" @@ -42,6 +51,9 @@ "keyword_exclude": null, "name": "KeywordDetector" }, + { + "name": "MailchimpDetector" + }, { "name": "NpmDetector" }, @@ -56,6 +68,12 @@ }, { "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" } ], "results": { From ad75820af0514073951748edea910de9268c5872 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Wed, 13 Dec 2023 06:40:12 +0200 Subject: [PATCH 14/47] Update sm_service_credentials_secret_metadata.html.markdown --- .../docs/d/sm_service_credentials_secret_metadata.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/d/sm_service_credentials_secret_metadata.html.markdown b/website/docs/d/sm_service_credentials_secret_metadata.html.markdown index 0710616c26..94b9d8d648 100644 --- a/website/docs/d/sm_service_credentials_secret_metadata.html.markdown +++ b/website/docs/d/sm_service_credentials_secret_metadata.html.markdown @@ -6,7 +6,7 @@ description: |- subcategory: "Secrets Manager" --- -# ibm_sm_service_credentials_secret +# ibm_sm_service_credentials_secret_metadata Provides a read-only data source for the metadata of an service credentials secret. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. From e91f4292c7615ada18f0ffa33922afa1cbeccadf Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 26 Dec 2023 14:37:47 +0200 Subject: [PATCH 15/47] bugs fixes --- .secrets.baseline | 2 +- .../data_source_ibm_sm_iam_credentials_secret.go | 8 -------- ..._source_ibm_sm_iam_credentials_secret_metadata.go | 8 -------- .../data_source_ibm_sm_private_certificate.go | 8 -------- ...ata_source_ibm_sm_private_certificate_metadata.go | 8 -------- .../data_source_ibm_sm_username_password_secret.go | 8 -------- ...ource_ibm_sm_username_password_secret_metadata.go | 8 -------- .../resource_ibm_sm_iam_credentials_secret.go | 12 ------------ .../resource_ibm_sm_private_certificate.go | 3 +-- .../docs/d/sm_iam_credentials_secret.html.markdown | 1 - .../sm_iam_credentials_secret_metadata.html.markdown | 1 - website/docs/d/sm_private_certificate.html.markdown | 1 - .../d/sm_private_certificate_metadata.html.markdown | 1 - .../docs/d/sm_username_password_secret.html.markdown | 1 - ...m_username_password_secret_metadata.html.markdown | 1 - .../docs/r/sm_iam_credentials_secret.html.markdown | 1 - website/docs/r/sm_private_certificate.html.markdown | 1 - ..._certificate_configuration_template.html.markdown | 2 ++ .../docs/r/sm_username_password_secret.html.markdown | 1 - 19 files changed, 4 insertions(+), 72 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index cb30966a3b..75ebe186bb 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-12-14T01:01:48Z", + "generated_at": "2023-12-26T12:35:45Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go index 75ad6a8306..bce495303b 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go @@ -169,11 +169,6 @@ func DataSourceIbmSmIamCredentialsSecret() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -330,9 +325,6 @@ func dataSourceIbmSmIamCredentialsSecretRotationPolicyToMap(model secretsmanager if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go index d1124752b9..f58be6333d 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go @@ -161,11 +161,6 @@ func DataSourceIbmSmIamCredentialsSecretMetadata() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -325,9 +320,6 @@ func dataSourceIbmSmIamCredentialsSecretMetadataRotationPolicyToMap(model secret if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go index 31043b4a78..59ce4a1fa8 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go @@ -184,11 +184,6 @@ func DataSourceIbmSmPrivateCertificate() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -436,9 +431,6 @@ func dataSourceIbmSmPrivateCertificateRotationPolicyToMap(model secretsmanagerv2 if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go index 1585e1a831..a1afb4a638 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go @@ -176,11 +176,6 @@ func DataSourceIbmSmPrivateCertificateMetadata() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -403,9 +398,6 @@ func dataSourceIbmSmPrivateCertificateMetadataRotationPolicyToMap(model secretsm if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go index 5a9fa84aff..a1119f17e0 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go @@ -136,11 +136,6 @@ func DataSourceIbmSmUsernamePasswordSecret() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -296,9 +291,6 @@ func dataSourceIbmSmUsernamePasswordSecretRotationPolicyToMap(model secretsmanag if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go index 35d24ef67b..6eada6eb8b 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go @@ -128,11 +128,6 @@ func DataSourceIbmSmUsernamePasswordSecretMetadata() *schema.Resource { Computed: true, Description: "The units for the secret rotation time interval.", }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -282,9 +277,6 @@ func dataSourceIbmSmUsernamePasswordSecretMetadataRotationPolicyToMap(model secr if model.Unit != nil { modelMap["unit"] = *model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = *model.RotateKeys - } return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.RotationPolicyIntf subtype encountered") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go index e47da2cee7..542275b142 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go @@ -113,12 +113,6 @@ func ResourceIbmSmIamCredentialsSecret() *schema.Resource { Description: "The units for the secret rotation time interval.", DiffSuppressFunc: rotationAttributesDiffSuppress, }, - "rotate_keys": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Computed: true, - Description: "Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate.", - }, }, }, }, @@ -576,9 +570,6 @@ func resourceIbmSmIamCredentialsSecretMapToRotationPolicy(modelMap map[string]in if modelMap["unit"] != nil && modelMap["unit"].(string) != "" { model.Unit = core.StringPtr(modelMap["unit"].(string)) } - if modelMap["rotate_keys"] != nil { - model.RotateKeys = core.BoolPtr(modelMap["rotate_keys"].(bool)) - } return model, nil } @@ -594,8 +585,5 @@ func resourceIbmSmIamCredentialsSecretRotationPolicyToMap(modelIntf secretsmanag if model.Unit != nil { modelMap["unit"] = model.Unit } - if model.RotateKeys != nil { - modelMap["rotate_keys"] = model.RotateKeys - } return modelMap, nil } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go index dfbbc39e69..7fe6c10bd6 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go @@ -245,9 +245,8 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource { }, "key_algorithm": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Computed: true, ForceNew: true, - Default: "RSA2048", Description: "The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate.The algorithm that you select determines the encryption algorithm (`RSA` or `ECDSA`) and key size to be used to generate keys and sign certificates. For longer living certificates, it is recommended to use longer keys to provide more encryption protection. Allowed values: RSA2048, RSA4096, EC256, EC384.", }, "next_rotation_date": &schema.Schema{ diff --git a/website/docs/d/sm_iam_credentials_secret.html.markdown b/website/docs/d/sm_iam_credentials_secret.html.markdown index 8355a081f0..79fe4ce3c0 100644 --- a/website/docs/d/sm_iam_credentials_secret.html.markdown +++ b/website/docs/d/sm_iam_credentials_secret.html.markdown @@ -93,7 +93,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/d/sm_iam_credentials_secret_metadata.html.markdown b/website/docs/d/sm_iam_credentials_secret_metadata.html.markdown index e429c1892f..1db8123221 100644 --- a/website/docs/d/sm_iam_credentials_secret_metadata.html.markdown +++ b/website/docs/d/sm_iam_credentials_secret_metadata.html.markdown @@ -74,7 +74,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/d/sm_private_certificate.html.markdown b/website/docs/d/sm_private_certificate.html.markdown index 22bc586770..abecd98dc0 100644 --- a/website/docs/d/sm_private_certificate.html.markdown +++ b/website/docs/d/sm_private_certificate.html.markdown @@ -119,7 +119,6 @@ In addition to all argument references listed, you can access the following attr * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/d/sm_private_certificate_metadata.html.markdown b/website/docs/d/sm_private_certificate_metadata.html.markdown index caf491c86c..4d16d2b1a8 100644 --- a/website/docs/d/sm_private_certificate_metadata.html.markdown +++ b/website/docs/d/sm_private_certificate_metadata.html.markdown @@ -90,7 +90,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/d/sm_username_password_secret.html.markdown b/website/docs/d/sm_username_password_secret.html.markdown index c18a55df9c..64768e067f 100644 --- a/website/docs/d/sm_username_password_secret.html.markdown +++ b/website/docs/d/sm_username_password_secret.html.markdown @@ -88,7 +88,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/d/sm_username_password_secret_metadata.html.markdown b/website/docs/d/sm_username_password_secret_metadata.html.markdown index e4a10d832b..781f524f1a 100644 --- a/website/docs/d/sm_username_password_secret_metadata.html.markdown +++ b/website/docs/d/sm_username_password_secret_metadata.html.markdown @@ -69,7 +69,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. diff --git a/website/docs/r/sm_iam_credentials_secret.html.markdown b/website/docs/r/sm_iam_credentials_secret.html.markdown index 2f3e78f8f6..3c108eb82c 100644 --- a/website/docs/r/sm_iam_credentials_secret.html.markdown +++ b/website/docs/r/sm_iam_credentials_secret.html.markdown @@ -55,7 +55,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Optional, Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Optional, Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (Optional, String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. diff --git a/website/docs/r/sm_private_certificate.html.markdown b/website/docs/r/sm_private_certificate.html.markdown index 64f1bb83b7..98c1d2c122 100644 --- a/website/docs/r/sm_private_certificate.html.markdown +++ b/website/docs/r/sm_private_certificate.html.markdown @@ -56,7 +56,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Optional, Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Optional, Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (Optional, String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. diff --git a/website/docs/r/sm_private_certificate_configuration_template.html.markdown b/website/docs/r/sm_private_certificate_configuration_template.html.markdown index d34b20e904..00f6d033fd 100644 --- a/website/docs/r/sm_private_certificate_configuration_template.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_template.html.markdown @@ -67,6 +67,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The list items must match regular expression `/^[a-zA-Z]+$/`. The maximum length is `100` items. The minimum length is `0` items. * `locality` - (Optional, Forces new resource, List) The Locality (L) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. +* `max_ttl` - (Optional, String) The maximum time-to-live (TTL) for certificates that are created by this template. * `name` - (Required, String) A human-readable unique name to assign to your configuration. * `organization` - (Optional, Forces new resource, List) The Organization (O) values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. @@ -84,6 +85,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The maximum length is `64` characters. The minimum length is `32` characters. The value must match regular expression `/[^a-fA-F0-9]/`. * `street_address` - (Optional, Forces new resource, List) The street address values to define in the subject field of the resulting certificate. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `10` items. The minimum length is `0` items. +* `ttl` - The requested time-to-live (TTL) for certificates that are created by this template. This field's value can't be longer than the max_ttl limit. * `use_csr_common_name` - (Optional, Boolean) When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the common name (CN) from a certificate signing request (CSR) instead of the CN that's included in the data of the certificate.Does not include any requested Subject Alternative Names (SANs) in the CSR. To use the alternative names, include the `use_csr_sans` property. * `use_csr_sans` - (Optional, Boolean) When used with the `private_cert_configuration_action_sign_csr` action, this field determines whether to use the Subject Alternative Names(SANs) from a certificate signing request (CSR) instead of the SANs that are included in the data of the certificate.Does not include the common name in the CSR. To use the common name, include the `use_csr_common_name` property. diff --git a/website/docs/r/sm_username_password_secret.html.markdown b/website/docs/r/sm_username_password_secret.html.markdown index b8a07c3af0..fdb4605f15 100644 --- a/website/docs/r/sm_username_password_secret.html.markdown +++ b/website/docs/r/sm_username_password_secret.html.markdown @@ -55,7 +55,6 @@ Nested scheme for **rotation**: * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. * `interval` - (Optional, Integer) The length of the secret rotation time interval. * Constraints: The minimum value is `1`. - * `rotate_keys` - (Optional, Boolean) Determines whether Secrets Manager rotates the private key for your public certificate automatically.Default is `false`. If it is set to `true`, the service generates and stores a new private key for your rotated certificate. * `unit` - (Optional, String) The units for the secret rotation time interval. * Constraints: Allowable values are: `day`, `month`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. From c44ff91d82de43d35366c678af5efc41f0492754 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 26 Dec 2023 14:43:28 +0200 Subject: [PATCH 16/47] bugs fixes --- .secrets.baseline | 74 +- ...ource_ibm_sm_service_credentials_secret.go | 790 ------------------ ..._ibm_sm_service_credentials_secret_test.go | 335 -------- 3 files changed, 46 insertions(+), 1153 deletions(-) delete mode 100644 ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go delete mode 100644 ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go diff --git a/.secrets.baseline b/.secrets.baseline index 75ebe186bb..c7f19872a8 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -760,7 +760,7 @@ "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004", "is_secret": false, "is_verified": false, - "line_number": 426, + "line_number": 428, "type": "Secret Keyword", "verified_result": null }, @@ -768,7 +768,7 @@ "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7", "is_secret": false, "is_verified": false, - "line_number": 432, + "line_number": 434, "type": "Secret Keyword", "verified_result": null }, @@ -776,7 +776,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 1143, + "line_number": 1157, "type": "Base64 High Entropy String", "verified_result": null } @@ -2056,7 +2056,7 @@ "hashed_secret": "deab23f996709b4e3d14e5499d1cc2de677bfaa8", "is_secret": false, "is_verified": false, - "line_number": 1367, + "line_number": 1372, "type": "Secret Keyword", "verified_result": null }, @@ -2064,7 +2064,7 @@ "hashed_secret": "20a25bac21219ffff1904bde871ded4027eca2f8", "is_secret": false, "is_verified": false, - "line_number": 1957, + "line_number": 1962, "type": "Secret Keyword", "verified_result": null }, @@ -2072,7 +2072,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 1976, + "line_number": 1981, "type": "Secret Keyword", "verified_result": null }, @@ -2080,7 +2080,7 @@ "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c", "is_secret": false, "is_verified": false, - "line_number": 2189, + "line_number": 2194, "type": "Secret Keyword", "verified_result": null } @@ -3224,7 +3224,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 185, + "line_number": 180, "type": "Secret Keyword", "verified_result": null }, @@ -3232,7 +3232,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 312, + "line_number": 307, "type": "Secret Keyword", "verified_result": null } @@ -3250,7 +3250,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 291, + "line_number": 286, "type": "Secret Keyword", "verified_result": null } @@ -3298,7 +3298,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 235, + "line_number": 230, "type": "Secret Keyword", "verified_result": null }, @@ -3306,7 +3306,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 414, + "line_number": 409, "type": "Secret Keyword", "verified_result": null } @@ -3510,7 +3510,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 162, + "line_number": 157, "type": "Secret Keyword", "verified_result": null }, @@ -3518,7 +3518,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 278, + "line_number": 273, "type": "Secret Keyword", "verified_result": null } @@ -3556,7 +3556,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 204, + "line_number": 198, "type": "Secret Keyword", "verified_result": null }, @@ -3564,7 +3564,7 @@ "hashed_secret": "108b310facc1a193833fc2971fd83081f775ea0c", "is_secret": false, "is_verified": false, - "line_number": 395, + "line_number": 389, "type": "Secret Keyword", "verified_result": null }, @@ -3572,7 +3572,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 398, + "line_number": 392, "type": "Secret Keyword", "verified_result": null } @@ -3636,7 +3636,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 298, + "line_number": 297, "type": "Secret Keyword", "verified_result": null }, @@ -3644,7 +3644,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 539, + "line_number": 538, "type": "Secret Keyword", "verified_result": null } @@ -3831,6 +3831,24 @@ "verified_result": null } ], + "ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go": [ + { + "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", + "is_secret": false, + "is_verified": false, + "line_number": 190, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", + "is_secret": false, + "is_verified": false, + "line_number": 443, + "type": "Secret Keyword", + "verified_result": null + } + ], "ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go": [ { "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", @@ -4736,7 +4754,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 128, + "line_number": 127, "type": "Secret Keyword", "verified_result": null }, @@ -4744,7 +4762,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 130, + "line_number": 129, "type": "Secret Keyword", "verified_result": null } @@ -4790,7 +4808,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 148, + "line_number": 147, "type": "Secret Keyword", "verified_result": null }, @@ -4798,7 +4816,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 150, + "line_number": 149, "type": "Secret Keyword", "verified_result": null } @@ -4844,7 +4862,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 137, + "line_number": 139, "type": "Secret Keyword", "verified_result": null }, @@ -4852,7 +4870,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 139, + "line_number": 141, "type": "Secret Keyword", "verified_result": null } @@ -5010,7 +5028,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 122, + "line_number": 121, "type": "Secret Keyword", "verified_result": null }, @@ -5018,7 +5036,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 124, + "line_number": 123, "type": "Secret Keyword", "verified_result": null } @@ -5034,7 +5052,7 @@ } ] }, - "version": "0.13.1+ibm.51.dss", + "version": "0.13.1+ibm.61.dss", "word_list": { "file": null, "hash": null diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go deleted file mode 100644 index 7d5e211b0d..0000000000 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go +++ /dev/null @@ -1,790 +0,0 @@ -// Copyright IBM Corp. 2023 All Rights Reserved. -// Licensed under the Mozilla Public License v2.0 -// . -package secretsmanager - -import ( - "context" - "encoding/json" - "fmt" - "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" - "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" - "github.com/IBM/go-sdk-core/v5/core" - "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "log" - "strconv" - "strings" -) - -func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { - return &schema.Resource{ - CreateContext: resourceIbmSmServiceCredentialsSecretCreate, - ReadContext: resourceIbmSmServiceCredentialsSecretRead, - UpdateContext: resourceIbmSmServiceCredentialsSecretUpdate, - DeleteContext: resourceIbmSmServiceCredentialsSecretDelete, - Importer: &schema.ResourceImporter{}, - - Schema: map[string]*schema.Schema{ - "secret_type": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials.", - }, - "name": &schema.Schema{ - Type: schema.TypeString, - Required: true, - Description: "A human-readable name to assign to your secret.To protect your privacy, do not use personal data, such as your name or location, as a name for your secret.", - }, - "description": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Description: "An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.", - }, - "secret_group_id": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - Description: "A v4 UUID identifier, or `default` secret group.", - }, - "labels": &schema.Schema{ - Type: schema.TypeList, - Optional: true, - Computed: true, - Description: "Labels that you can use to search for secrets in your instance.Up to 30 labels can be created.", - Elem: &schema.Schema{Type: schema.TypeString}, - }, - "custom_metadata": &schema.Schema{ - Type: schema.TypeMap, - Optional: true, - Computed: true, - Description: "The secret metadata that a user can customize.", - Elem: &schema.Schema{Type: schema.TypeString}, - }, - "version_custom_metadata": &schema.Schema{ - Type: schema.TypeMap, - Optional: true, - Computed: true, - Description: "The secret version metadata that a user can customize.", - Elem: &schema.Schema{Type: schema.TypeString}, - }, - "created_by": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The unique identifier that is associated with the entity that created the secret.", - }, - "created_at": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The date when a resource was created. The date format follows RFC 3339.", - }, - "credentials": &schema.Schema{ - Type: schema.TypeMap, - Computed: true, - Sensitive: true, - Description: "The properties of the service credentials secret payload.", - }, - "crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "A CRN that uniquely identifies an IBM Cloud resource.", - }, - "downloaded": &schema.Schema{ - Type: schema.TypeBool, - Computed: true, - Description: "Indicates whether the secret data that is associated with a secret version was retrieved in a call to the service API.", - }, - "locks_total": &schema.Schema{ - Type: schema.TypeInt, - Computed: true, - Description: "The number of locks of the secret.", - }, - "next_rotation_date": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The date that the secret is scheduled for automatic rotation. The service automatically creates a new version of the secret on its next rotation date. This field exists only for secrets that have an existing rotation policy.", - }, - "rotation": &schema.Schema{ - Type: schema.TypeList, - MaxItems: 1, - Optional: true, - Computed: true, - Description: "Determines whether Secrets Manager rotates your secrets automatically.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "auto_rotate": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Computed: true, - Description: "Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval.", - }, - "interval": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Computed: true, - Description: "The length of the secret rotation time interval.", - DiffSuppressFunc: rotationAttributesDiffSuppress, - }, - "unit": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The units for the secret rotation time interval.", - DiffSuppressFunc: rotationAttributesDiffSuppress, - }, - }, - }, - }, - "source_service": &schema.Schema{ - Type: schema.TypeList, - MaxItems: 1, - Required: true, - ForceNew: true, - Description: "The properties required for creating the service credentials for the specified source service instance.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "instance": &schema.Schema{ - Type: schema.TypeList, - Required: true, - MaxItems: 1, - ForceNew: true, - Description: "The source service instance identifier.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "crn": &schema.Schema{ - Type: schema.TypeString, - Required: true, - ForceNew: true, - Description: "A CRN that uniquely identifies a service credentials target.", - }, - }, - }, - }, - "role": &schema.Schema{ - Type: schema.TypeList, - Optional: true, - Computed: true, - ForceNew: true, - MaxItems: 1, - Description: "The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "crn": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - Description: "The CRN role identifier for creating a service-id.", - }, - }, - }, - }, - "iam": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The source service IAM data is returned in case IAM credentials where created for this secret.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "apikey": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The IAM apikey metadata for the IAM credentials that were generated.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "name": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM API key name for the generated service credentials.", - }, - "description": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM API key description for the generated service credentials.", - }, - }, - }, - }, - "role": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The IAM role for the generate service credentials.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM role CRN assigned to the generated service credentials.", - }, - }, - }, - }, - "serviceid": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The IAM serviceid for the generated service credentials.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The IAM Service ID CRN.", - }, - }, - }, - }, - }, - }, - }, - "resource_key": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "The source service resource key data of the generated service credentials.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "crn": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The resource key CRN of the generated service credentials.", - }, - "name": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The resource key name of the generated service credentials.", - }, - }, - }, - }, - "parameters": &schema.Schema{ - Type: schema.TypeMap, - Optional: true, - ForceNew: true, - Description: "The collection of parameters for the service credentials target.", - }, - }, - }, - }, - "state": &schema.Schema{ - Type: schema.TypeInt, - Computed: true, - Description: "The secret state that is based on NIST SP 800-57. States are integers and correspond to the `Pre-activation = 0`, `Active = 1`, `Suspended = 2`, `Deactivated = 3`, and `Destroyed = 5` values.", - }, - "state_description": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "A text representation of the secret state.", - }, - "ttl": &schema.Schema{ - Type: schema.TypeString, - Required: true, - Description: "The time-to-live (TTL) or lease duration to assign to generated credentials.", - }, - "updated_at": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The date when a resource was recently modified. The date format follows RFC 3339.", - }, - "versions_total": &schema.Schema{ - Type: schema.TypeInt, - Computed: true, - Description: "The number of versions of the secret.", - }, - "secret_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "A v4 UUID identifier.", - }, - }, - } -} - -func resourceIbmSmServiceCredentialsSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() - if err != nil { - return diag.FromErr(err) - } - - region := getRegion(secretsManagerClient, d) - instanceId := d.Get("instance_id").(string) - secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) - - createSecretOptions := &secretsmanagerv2.CreateSecretOptions{} - - secretPrototypeModel, err := resourceIbmSmServiceCredentialsSecretMapToSecretPrototype(d) - if err != nil { - return diag.FromErr(err) - } - createSecretOptions.SetSecretPrototype(secretPrototypeModel) - - secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) - if err != nil { - log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) - } - - secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) - d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *secret.ID)) - d.Set("secret_id", *secret.ID) - - return resourceIbmSmServiceCredentialsSecretRead(context, d, meta) -} - -func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() - if err != nil { - return diag.FromErr(err) - } - - id := strings.Split(d.Id(), "/") - if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") - } - region := id[0] - instanceId := id[1] - secretId := id[2] - secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) - - getSecretOptions := &secretsmanagerv2.GetSecretOptions{} - - getSecretOptions.SetID(secretId) - - secretIntf, response, err := secretsManagerClient.GetSecretWithContext(context, getSecretOptions) - if err != nil { - if response != nil && response.StatusCode == 404 { - d.SetId("") - return nil - } - log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) - } - - secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) - - if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) - } - if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) - } - if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) - } - if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) - } - if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) - } - if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) - } - if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) - } - if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) - } - if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) - } - if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) - } - if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) - } - if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) - } - if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) - } - if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) - } - if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) - } - if secret.CustomMetadata != nil { - d.Set("custom_metadata", secret.CustomMetadata) - } - if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) - } - if secret.Labels != nil { - if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) - } - } - rotationMap, err := resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(secret.Rotation) - if err != nil { - return diag.FromErr(err) - } - if len(rotationMap) > 0 { - if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) - } - } - sourceServiceMap, err := resourceIbmSmServiceCredentialsSecretSourceServiceToMap(secret.SourceService) - if err != nil { - return diag.FromErr(err) - } - if len(sourceServiceMap) > 0 { - if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) - } - } - if secret.Credentials != nil { - var credInterface map[string]interface{} - cred, _ := json.Marshal(secret.Credentials) - json.Unmarshal(cred, &credInterface) - if err = d.Set("credentials", flex.Flatten(credInterface)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting credentials: %s", err)) - } - } - if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) - } - - // Call get version metadata API to get the current version_custom_metadata - getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} - getVersionMetdataOptions.SetSecretID(secretId) - getVersionMetdataOptions.SetID("current") - - versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) - if err != nil { - log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) - } - - versionMetadata := versionMetadataIntf.(*secretsmanagerv2.ServiceCredentialsSecretVersionMetadata) - if versionMetadata.VersionCustomMetadata != nil { - if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) - } - } - - return nil -} - -func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() - if err != nil { - return diag.FromErr(err) - } - - id := strings.Split(d.Id(), "/") - region := id[0] - instanceId := id[1] - secretId := id[2] - secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) - - updateSecretMetadataOptions := &secretsmanagerv2.UpdateSecretMetadataOptions{} - - updateSecretMetadataOptions.SetID(secretId) - - hasChange := false - - patchVals := &secretsmanagerv2.SecretMetadataPatch{} - - if d.HasChange("name") { - patchVals.Name = core.StringPtr(d.Get("name").(string)) - hasChange = true - } - if d.HasChange("description") { - patchVals.Description = core.StringPtr(d.Get("description").(string)) - hasChange = true - } - if d.HasChange("ttl") { - patchVals.TTL = core.StringPtr(d.Get("ttl").(string)) - hasChange = true - } - if d.HasChange("labels") { - labels := d.Get("labels").([]interface{}) - labelsParsed := make([]string, len(labels)) - for i, v := range labels { - labelsParsed[i] = fmt.Sprint(v) - } - patchVals.Labels = labelsParsed - hasChange = true - } - if d.HasChange("custom_metadata") { - patchVals.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) - hasChange = true - } - if d.HasChange("rotation") { - RotationModel, err := resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) - if err != nil { - log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) - } - patchVals.Rotation = RotationModel - hasChange = true - } - - // Apply change in metadata (if changed) - if hasChange { - updateSecretMetadataOptions.SecretMetadataPatch, _ = patchVals.AsPatch() - _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) - if err != nil { - log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) - } - } - - if d.HasChange("version_custom_metadata") { - // Apply change to version_custom_metadata in current version - secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) - secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() - - updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} - updateSecretVersionOptions.SetSecretID(secretId) - updateSecretVersionOptions.SetID("current") - updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) - _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) - if err != nil { - if hasChange { - // Call the read function to update the Terraform state with the change already applied to the metadata - resourceIbmSmServiceCredentialsSecretRead(context, d, meta) - } - log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) - } - } - - return resourceIbmSmServiceCredentialsSecretRead(context, d, meta) -} - -func resourceIbmSmServiceCredentialsSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() - if err != nil { - return diag.FromErr(err) - } - - id := strings.Split(d.Id(), "/") - region := id[0] - instanceId := id[1] - secretId := id[2] - secretsManagerClient = getClientWithInstanceEndpoint(secretsManagerClient, instanceId, region, getEndpointType(secretsManagerClient, d)) - - deleteSecretOptions := &secretsmanagerv2.DeleteSecretOptions{} - - deleteSecretOptions.SetID(secretId) - - response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) - if err != nil { - log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) - } - - d.SetId("") - - return nil -} - -func resourceIbmSmServiceCredentialsSecretMapToSecretPrototype(d *schema.ResourceData) (*secretsmanagerv2.ServiceCredentialsSecretPrototype, error) { - model := &secretsmanagerv2.ServiceCredentialsSecretPrototype{} - model.SecretType = core.StringPtr("service_credentials") - - if _, ok := d.GetOk("name"); ok { - model.Name = core.StringPtr(d.Get("name").(string)) - } - if _, ok := d.GetOk("description"); ok { - model.Description = core.StringPtr(d.Get("description").(string)) - } - if _, ok := d.GetOk("secret_group_id"); ok { - model.SecretGroupID = core.StringPtr(d.Get("secret_group_id").(string)) - } - if _, ok := d.GetOk("labels"); ok { - labels := d.Get("labels").([]interface{}) - labelsParsed := make([]string, len(labels)) - for i, v := range labels { - labelsParsed[i] = fmt.Sprint(v) - } - model.Labels = labelsParsed - } - if _, ok := d.GetOk("ttl"); ok { - model.TTL = core.StringPtr(d.Get("ttl").(string)) - } - if _, ok := d.GetOk("rotation"); ok { - RotationModel, err := resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err - } - model.Rotation = RotationModel - } - if _, ok := d.GetOk("source_service"); ok { - SourceServiceModel, err := resourceIbmSmServiceCredentialsSecretMapToSourceService(d.Get("source_service").([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err - } - model.SourceService = SourceServiceModel - } - if _, ok := d.GetOk("custom_metadata"); ok { - model.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) - } - if _, ok := d.GetOk("version_custom_metadata"); ok { - model.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - } - return model, nil -} - -func resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(modelMap map[string]interface{}) (secretsmanagerv2.RotationPolicyIntf, error) { - model := &secretsmanagerv2.RotationPolicy{} - if modelMap["auto_rotate"] != nil { - model.AutoRotate = core.BoolPtr(modelMap["auto_rotate"].(bool)) - } - if modelMap["interval"].(int) == 0 { - model.Interval = nil - } else { - model.Interval = core.Int64Ptr(int64(modelMap["interval"].(int))) - } - if modelMap["unit"] != nil && modelMap["unit"].(string) != "" { - model.Unit = core.StringPtr(modelMap["unit"].(string)) - } - return model, nil -} - -func resourceIbmSmServiceCredentialsSecretMapToSourceService(modelMap map[string]interface{}) (*secretsmanagerv2.ServiceCredentialsSecretSourceService, error) { - mainModel := &secretsmanagerv2.ServiceCredentialsSecretSourceService{} - - if modelMap["instance"] != nil && len(modelMap["instance"].([]interface{})) > 0 { - instanceModel := &secretsmanagerv2.ServiceCredentialsSourceServiceInstance{} - if modelMap["instance"].([]interface{})[0].(map[string]interface{})["crn"].(string) != "" { - instanceModel.Crn = core.StringPtr(modelMap["instance"].([]interface{})[0].(map[string]interface{})["crn"].(string)) - mainModel.Instance = instanceModel - } - } - - if modelMap["role"] != nil && len(modelMap["role"].([]interface{})) > 0 { - roleModel := &secretsmanagerv2.ServiceCredentialsSourceServiceRole{} - if modelMap["role"].([]interface{})[0].(map[string]interface{})["crn"].(string) != "" { - roleModel.Crn = core.StringPtr(modelMap["role"].([]interface{})[0].(map[string]interface{})["crn"].(string)) - mainModel.Role = roleModel - } - } - - if modelMap["parameters"] != nil { - mainModel.Parameters = &secretsmanagerv2.ServiceCredentialsSourceServiceParameters{} - parametersMap := modelMap["parameters"].(map[string]interface{}) - for k, v := range parametersMap { - if k == "serviceid_crn" { - serviceIdCrn := v.(string) - mainModel.Parameters.ServiceidCrn = &serviceIdCrn - } else if v == "true" || v == "false" { - b, _ := strconv.ParseBool(v.(string)) - mainModel.Parameters.SetProperty(k, b) - } else { - mainModel.Parameters.SetProperty(k, v) - } - } - } - return mainModel, nil -} - -func resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(modelIntf secretsmanagerv2.RotationPolicyIntf) (map[string]interface{}, error) { - modelMap := make(map[string]interface{}) - model := modelIntf.(*secretsmanagerv2.RotationPolicy) - if model.AutoRotate != nil { - modelMap["auto_rotate"] = model.AutoRotate - } - if model.Interval != nil { - modelMap["interval"] = flex.IntValue(model.Interval) - } - if model.Unit != nil { - modelMap["unit"] = model.Unit - } - return modelMap, nil -} - -func resourceIbmSmServiceCredentialsSecretSourceServiceToMap(sourceService *secretsmanagerv2.ServiceCredentialsSecretSourceService) (map[string]interface{}, error) { - mainModelMap := make(map[string]interface{}) - if sourceService.Instance != nil { - instanceMap := make(map[string]interface{}) - instanceModel := sourceService.Instance - if instanceModel.Crn != nil { - instanceMap["crn"] = instanceModel.Crn - } - mainModelMap["instance"] = []map[string]interface{}{instanceMap} - } - - if sourceService.Role != nil { - roleMap := make(map[string]interface{}) - roleModel := sourceService.Role - if roleModel.Crn != nil { - roleMap["crn"] = roleModel.Crn - } - mainModelMap["role"] = []map[string]interface{}{roleMap} - } - - if sourceService.Iam != nil { - iamMap := make(map[string]interface{}) - iamModel := sourceService.Iam - - // apikey - if iamModel.Apikey != nil { - iamApikeyMap := make(map[string]interface{}) - iamApikeyModel := iamModel.Apikey - if iamApikeyModel.Name != nil { - iamApikeyMap["name"] = iamApikeyModel.Name - } - if iamApikeyModel.Description != nil { - iamApikeyMap["description"] = iamApikeyModel.Description - } - iamMap["apikey"] = []map[string]interface{}{iamApikeyMap} - } - - // role - if iamModel.Role != nil { - iamRoleMap := make(map[string]interface{}) - iamRoleModel := iamModel.Role - if iamRoleModel.Crn != nil { - iamRoleMap["crn"] = iamRoleModel.Crn - } - iamMap["role"] = []map[string]interface{}{iamRoleMap} - } - - // service id - if iamModel.Serviceid != nil { - iamServiceidMap := make(map[string]interface{}) - iamServiceidModel := iamModel.Serviceid - if iamServiceidModel.Crn != nil { - iamServiceidMap["crn"] = iamServiceidModel.Crn - } - iamMap["serviceid"] = []map[string]interface{}{iamServiceidMap} - } - - mainModelMap["iam"] = []map[string]interface{}{iamMap} - - } - - if sourceService.ResourceKey != nil { - resourceKeyMap := make(map[string]interface{}) - resourceKeyModel := sourceService.ResourceKey - if resourceKeyModel.Crn != nil { - resourceKeyMap["crn"] = resourceKeyModel.Crn - } - if resourceKeyModel.Name != nil { - resourceKeyMap["name"] = resourceKeyModel.Name - } - mainModelMap["resource_key"] = []map[string]interface{}{resourceKeyMap} - } - - if sourceService.Parameters != nil { - parametersMap := sourceService.Parameters.GetProperties() - for k, v := range parametersMap { - parametersMap[k] = fmt.Sprint(v) - } - if sourceService.Parameters.ServiceidCrn != nil { - if len(parametersMap) == 0 { - parametersMap = make(map[string]interface{}) - } - parametersMap["serviceid_crn"] = sourceService.Parameters.ServiceidCrn - } - mainModelMap["parameters"] = parametersMap - } - - return mainModelMap, nil -} diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go deleted file mode 100644 index 7de340208c..0000000000 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go +++ /dev/null @@ -1,335 +0,0 @@ -// Copyright IBM Corp. 2023 All Rights Reserved. -// Licensed under the Mozilla Public License v2.0 - -package secretsmanager_test - -import ( - "fmt" - "strings" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" - - acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" - "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" - "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" -) - -var serviceCredentialsSecretName = "terraform-test-sc-secret" -var modifiedServiceCredentialsSecretName = "modified-terraform-test-sc-secret" -var serviceCredentialsParameters = `{"HMAC":"true"}` -var serviceCredentialsParametersWithServiceId = `{"serviceid_crn": ibm_iam_service_id.ibm_iam_service_id_instance.crn}` -var serviceCredentialsTtl = "172800" -var modifiedServiceCredentialsTtl = "6048000" -var serviceCredentialsRoleCrn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" - -func TestAccIbmSmServiceCredentialsSecretBasic(t *testing.T) { - resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret_basic" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.TestAccPreCheck(t) }, - Providers: acc.TestAccProviders, - CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, - Steps: []resource.TestStep{ - resource.TestStep{ - Config: serviceCredentialsSecretConfigBasic(), - Check: resource.ComposeAggregateTestCheckFunc( - resource.TestCheckResourceAttrSet(resourceName, "secret_id"), - resource.TestCheckResourceAttrSet(resourceName, "created_by"), - resource.TestCheckResourceAttrSet(resourceName, "created_at"), - resource.TestCheckResourceAttrSet(resourceName, "updated_at"), - resource.TestCheckResourceAttrSet(resourceName, "crn"), - resource.TestCheckResourceAttrSet(resourceName, "downloaded"), - resource.TestCheckResourceAttr(resourceName, "state", "1"), - resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), - ), - }, - resource.TestStep{ - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ttl"}, - }, - }, - }) -} - -func TestAccIbmSmServiceCredentialsSecretAllArgs(t *testing.T) { - resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.TestAccPreCheck(t) }, - Providers: acc.TestAccProviders, - CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, - Steps: []resource.TestStep{ - resource.TestStep{ - Config: serviceCredentialsSecretConfigAllArgs(), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckIbmSmServiceCredentialsSecretCreated(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "secret_id"), - resource.TestCheckResourceAttrSet(resourceName, "created_by"), - resource.TestCheckResourceAttrSet(resourceName, "created_at"), - resource.TestCheckResourceAttrSet(resourceName, "updated_at"), - resource.TestCheckResourceAttrSet(resourceName, "crn"), - resource.TestCheckResourceAttrSet(resourceName, "downloaded"), - resource.TestCheckResourceAttrSet(resourceName, "next_rotation_date"), - resource.TestCheckResourceAttr(resourceName, "state", "1"), - resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), - ), - }, - resource.TestStep{ - Config: serviceCredentialsSecretConfigUpdated(), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckIbmSmServiceCredentialsSecretUpdated(resourceName), - ), - }, - resource.TestStep{ - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ttl"}, - }, - }, - }) -} - -func TestAccIbmSmServiceCredentialsSecretAllArgsWithExistingServiceId(t *testing.T) { - resourceName := "ibm_sm_service_credentials_secret.sm_service_credentials_secret_service_id" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.TestAccPreCheck(t) }, - Providers: acc.TestAccProviders, - CheckDestroy: testAccCheckIbmSmServiceCredentialsSecretDestroy, - Steps: []resource.TestStep{ - resource.TestStep{ - Config: serviceCredentialsSecretConfigAllArgsWithExistingServiceId(), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckIbmSmServiceCredentialsSecretCreated(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "secret_id"), - resource.TestCheckResourceAttrSet(resourceName, "created_by"), - resource.TestCheckResourceAttrSet(resourceName, "created_at"), - resource.TestCheckResourceAttrSet(resourceName, "updated_at"), - resource.TestCheckResourceAttrSet(resourceName, "crn"), - resource.TestCheckResourceAttrSet(resourceName, "downloaded"), - resource.TestCheckResourceAttrSet(resourceName, "next_rotation_date"), - resource.TestCheckResourceAttr(resourceName, "state", "1"), - resource.TestCheckResourceAttr(resourceName, "versions_total", "1"), - ), - }, - resource.TestStep{ - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"ttl"}, - }, - }, - }) -} - -var serviceCredentialsSecretBasicConfigFormat = ` - resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_basic" { - instance_id = "%s" - region = "%s" - name = "%s" - source_service { - instance { - crn = "%s" - } - role { - crn = "%s" - } - } - ttl = "%s" - }` - -var serviceCredentialsSecretFullConfigFormat = ` - resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { - instance_id = "%s" - region = "%s" - name = "%s" - description = "%s" - labels = ["%s"] - source_service { - instance { - crn = "%s" - } - parameters = %s - role { - crn = "%s" - } - } - ttl = "%s" - custom_metadata = %s - secret_group_id = "default" - rotation %s - }` - -var serviceCredentialsSecretFullConfigFormatWithExistingServiceId = ` - resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret_service_id" { - instance_id = "%s" - region = "%s" - name = "%s" - description = "%s" - labels = ["%s"] - source_service { - instance { - crn = "%s" - } - parameters = %s - role { - crn = "%s" - } - } - ttl = "%s" - custom_metadata = %s - secret_group_id = "default" - rotation %s - }` - -func iamServiceIdConfig() string { - return fmt.Sprintf(` - resource "ibm_iam_service_id" "ibm_iam_service_id_instance" { - name = "service-id-terraform-tests-sc" - }`) -} - -func serviceCredentialsSecretConfigBasic() string { - return fmt.Sprintf(serviceCredentialsSecretBasicConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, - serviceCredentialsSecretName, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsRoleCrn, serviceCredentialsTtl) -} - -func serviceCredentialsSecretConfigAllArgs() string { - return fmt.Sprintf(serviceCredentialsSecretFullConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, - serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) -} - -func serviceCredentialsSecretConfigAllArgsWithExistingServiceId() string { - return iamServiceIdConfig() + fmt.Sprintf(serviceCredentialsSecretFullConfigFormatWithExistingServiceId, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, - serviceCredentialsSecretName, description, label, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParametersWithServiceId, serviceCredentialsRoleCrn, serviceCredentialsTtl, customMetadata, rotationPolicy) -} - -func serviceCredentialsSecretConfigUpdated() string { - return fmt.Sprintf(serviceCredentialsSecretFullConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, - modifiedServiceCredentialsSecretName, modifiedDescription, modifiedLabel, acc.SecretsManagerServiceCredentialsCosCrn, serviceCredentialsParameters, serviceCredentialsRoleCrn, - modifiedServiceCredentialsTtl, modifiedCustomMetadata, modifiedRotationPolicy) -} - -func testAccCheckIbmSmServiceCredentialsSecretCreated(n string) resource.TestCheckFunc { - return func(s *terraform.State) error { - serviceCredentialsSecretIntf, err := getSecret(s, n) - if err != nil { - return err - } - secret := serviceCredentialsSecretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) - - if err := verifyAttr(*secret.Name, serviceCredentialsSecretName, "secret name"); err != nil { - return err - } - if err := verifyAttr(*secret.Description, description, "secret description"); err != nil { - return err - } - if len(secret.Labels) != 1 { - return fmt.Errorf("Wrong number of labels: %d", len(secret.Labels)) - } - if err := verifyAttr(secret.Labels[0], label, "label"); err != nil { - return err - } - if err := verifyJsonAttr(secret.CustomMetadata, customMetadata, "custom metadata"); err != nil { - return err - } - if err := verifyAttr(getAutoRotate(secret.Rotation), "true", "auto_rotate"); err != nil { - return err - } - if err := verifyAttr(getRotationUnit(secret.Rotation), "day", "rotation unit"); err != nil { - return err - } - if err := verifyAttr(getRotationInterval(secret.Rotation), "1", "rotation interval"); err != nil { - return err - } - if err := verifyAttr(*secret.TTL, serviceCredentialsTtl, "ttl"); err != nil { - return err - } - if err := verifyAttr(*secret.SourceService.Instance.Crn, acc.SecretsManagerServiceCredentialsCosCrn, "source_service.Instance.Crn"); err != nil { - return err - } - if err := verifyAttr(*secret.SourceService.Role.Crn, serviceCredentialsRoleCrn, "source_service.Role.Crn"); err != nil { - return err - } - if err := verifyAttr(*secret.Credentials.IamRoleCrn, serviceCredentialsRoleCrn, "credentials.IamRoleCrn"); err != nil { - return err - } - return nil - } -} - -func testAccCheckIbmSmServiceCredentialsSecretUpdated(n string) resource.TestCheckFunc { - return func(s *terraform.State) error { - serviceCredentialsSecretIntf, err := getSecret(s, n) - if err != nil { - return err - } - secret := serviceCredentialsSecretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) - - if err := verifyAttr(*secret.Name, modifiedServiceCredentialsSecretName, "secret name"); err != nil { - return err - } - if err := verifyAttr(*secret.Description, modifiedDescription, "secret description after update"); err != nil { - return err - } - if len(secret.Labels) != 1 { - return fmt.Errorf("Wrong number of labels after update: %d", len(secret.Labels)) - } - if err := verifyAttr(secret.Labels[0], modifiedLabel, "label after update"); err != nil { - return err - } - if err := verifyJsonAttr(secret.CustomMetadata, modifiedCustomMetadata, "custom metadata after update"); err != nil { - return err - } - if err := verifyAttr(*secret.TTL, modifiedServiceCredentialsTtl, "ttl after update"); err != nil { - return err - } - if err := verifyAttr(getAutoRotate(secret.Rotation), "true", "auto_rotate after update"); err != nil { - return err - } - if err := verifyAttr(getRotationUnit(secret.Rotation), "month", "rotation unit after update"); err != nil { - return err - } - if err := verifyAttr(getRotationInterval(secret.Rotation), "2", "rotation interval after update"); err != nil { - return err - } - return nil - } -} - -func testAccCheckIbmSmServiceCredentialsSecretDestroy(s *terraform.State) error { - secretsManagerClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).SecretsManagerV2() - if err != nil { - return err - } - - secretsManagerClient = getClientWithInstanceEndpointTest(secretsManagerClient) - - for _, rs := range s.RootModule().Resources { - if rs.Type != "ibm_sm_service_credentials_secret" { - continue - } - - getSecretOptions := &secretsmanagerv2.GetSecretOptions{} - - id := strings.Split(rs.Primary.ID, "/") - secretId := id[2] - getSecretOptions.SetID(secretId) - - // Try to find the key - _, response, err := secretsManagerClient.GetSecret(getSecretOptions) - - if err == nil { - return fmt.Errorf("ServiceCredentialsSecret still exists: %s", rs.Primary.ID) - } else if response.StatusCode != 404 { - return fmt.Errorf("Error checking for ServiceCredentialsSecret (%s) has been destroyed: %s", rs.Primary.ID, err) - } - } - - return nil -} From 74626d8d3cd1bb23260726096022032b1cd74688 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 26 Dec 2023 14:45:19 +0200 Subject: [PATCH 17/47] bugs fixes --- ...as_secret.go => resource_ibm_sm_service_credentials_secret.go} | 0 ...test.go => resource_ibm_sm_service_credentials_secret_test.go} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename ibm/service/secretsmanager/{resource_ibm_sm_service_credentilas_secret.go => resource_ibm_sm_service_credentials_secret.go} (100%) rename ibm/service/secretsmanager/{resource_ibm_sm_service_credentilas_secret_test.go => resource_ibm_sm_service_credentials_secret_test.go} (100%) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go similarity index 100% rename from ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go rename to ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go similarity index 100% rename from ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret_test.go rename to ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret_test.go From fbf61c65a90dd20c11738ebb683fc09a6790ba05 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 3 Jan 2024 15:55:31 +0200 Subject: [PATCH 18/47] docs bugs fixes --- website/docs/r/sm_service_credentials_secret.html.markdown | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown index cdf60c3e9f..12b43a166b 100644 --- a/website/docs/r/sm_service_credentials_secret.html.markdown +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -43,6 +43,7 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { ```terraform resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid region = "us-south" name = "secret-name" source_service { @@ -89,11 +90,11 @@ Nested scheme for **rotation**: * Constraints: Allowable values are: `day`, `month`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. * Constraints: The maximum length is `36` characters. The minimum length is `7` characters. The value must match regular expression `/^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/`. -* `source_service` - (Optional, List) The properties required for creating the service credentials for the specified source service instance. +* `source_service` - (Required, List) The properties required for creating the service credentials for the specified source service instance. Nested scheme for **source_service**: - * `instance` - (Optional, List) The source service instance identifier. + * `instance` - (Required, List) The source service instance identifier. Nested scheme for **instance**: - * `crn` - (Optional, String) A CRN that uniquely identifies a service credentials source. + * `crn` - (Required, String) A CRN that uniquely identifies a service credentials source. * `role` - (Optional, List) The service-specific custom role object, CRN role is accepted. Refer to the service’s documentation for supported roles. Nested scheme for **role**: * `crn` - (Optional, String) The service role CRN. From e63a564fd3bbc0b784276ccb6d682ab77e11400e Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 15 Jan 2024 14:34:40 +0200 Subject: [PATCH 19/47] preferred_chain added for public cert lets encrypt configuration --- ...rtificate_configuration_ca_lets_encrypt.go | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go index 1e5620511c..4d23c48659 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go @@ -36,6 +36,11 @@ func ResourceIbmSmPublicCertificateConfigurationCALetsEncrypt() *schema.Resource Required: true, Description: "The configuration of the Let's Encrypt CA environment.", }, + "lets_encrypt_preferred_chain": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Description: "Prefer the chain with an issuer matching this Subject Common Name.", + }, "lets_encrypt_private_key": &schema.Schema{ Type: schema.TypeString, Required: true, @@ -140,6 +145,9 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context contex if err = d.Set("lets_encrypt_environment", configuration.LetsEncryptEnvironment); err != nil { return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_environment: %s", err)) } + if err = d.Set("lets_encrypt_preferred_chain", configuration.LetsEncryptPreferredChain); err != nil { + return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_preferred_chain: %s", err)) + } if err = d.Set("lets_encrypt_private_key", configuration.LetsEncryptPrivateKey); err != nil { return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_private_key: %s", err)) } @@ -173,6 +181,11 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptUpdate(context cont hasChange = true } + if d.HasChange("lets_encrypt_preferred_chain") { + patchVals.LetsEncryptPreferredChain = core.StringPtr(d.Get("lets_encrypt_preferred_chain").(string)) + hasChange = true + } + patchVals.LetsEncryptEnvironment = core.StringPtr(d.Get("lets_encrypt_environment").(string)) if d.HasChange("lets_encrypt_environment") { hasChange = true @@ -222,15 +235,15 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptMapToConfigurationP model.ConfigType = core.StringPtr("public_cert_configuration_ca_lets_encrypt") - //if _, ok := d.GetOk("config_type"); ok { - // model.ConfigType = core.StringPtr(d.Get("config_type").(string)) - //} if _, ok := d.GetOk("name"); ok { model.Name = core.StringPtr(d.Get("name").(string)) } if _, ok := d.GetOk("lets_encrypt_environment"); ok { model.LetsEncryptEnvironment = core.StringPtr(d.Get("lets_encrypt_environment").(string)) } + if _, ok := d.GetOk("lets_encrypt_preferred_chain"); ok { + model.LetsEncryptPreferredChain = core.StringPtr(d.Get("lets_encrypt_preferred_chain").(string)) + } if _, ok := d.GetOk("lets_encrypt_private_key"); ok { model.LetsEncryptPrivateKey = core.StringPtr(formatCertificate(d.Get("lets_encrypt_private_key").(string))) } From ef612d90fa2a71221a4a59a0bae16b00c98dc2ec Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 15 Jan 2024 17:26:48 +0200 Subject: [PATCH 20/47] support for creating secret version for username password & version_custom_metadata for all --- .../resource_ibm_sm_iam_credentials_secret.go | 22 ++++++++- .../resource_ibm_sm_private_certificate.go | 22 ++++++++- .../resource_ibm_sm_public_certificate.go | 22 ++++++++- ...esource_ibm_sm_username_password_secret.go | 48 ++++++++++++++++++- 4 files changed, 109 insertions(+), 5 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go index 542275b142..401488105a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go @@ -126,7 +126,6 @@ func ResourceIbmSmIamCredentialsSecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - ForceNew: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -475,6 +474,27 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. } } + if d.HasChange("version_custom_metadata") { + // Apply change to version_custom_metadata in current version + secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) + secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + + updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} + updateSecretVersionOptions.SetSecretID(secretId) + updateSecretVersionOptions.SetID("current") + updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) + _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) + if err != nil { + if hasChange { + // Call the read function to update the Terraform state with the change already applied to the metadata + resourceIbmSmIamCredentialsSecretRead(context, d, meta) + } + log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + } + return resourceIbmSmIamCredentialsSecretRead(context, d, meta) } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go index 7fe6c10bd6..78d4369c7d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go @@ -168,7 +168,6 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource { }, "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, - ForceNew: true, Optional: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, @@ -608,6 +607,27 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re } } + if d.HasChange("version_custom_metadata") { + // Apply change to version_custom_metadata in current version + secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) + secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + + updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} + updateSecretVersionOptions.SetSecretID(secretId) + updateSecretVersionOptions.SetID("current") + updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) + _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) + if err != nil { + if hasChange { + // Call the read function to update the Terraform state with the change already applied to the metadata + resourceIbmSmPrivateCertificateRead(context, d, meta) + } + log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + } + return resourceIbmSmPrivateCertificateRead(context, d, meta) } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go index fb268ad8ed..e4da540d19 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go @@ -140,7 +140,6 @@ func ResourceIbmSmPublicCertificate() *schema.Resource { }, "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, - ForceNew: true, Optional: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, @@ -706,6 +705,27 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res } } + if d.HasChange("version_custom_metadata") { + // Apply change to version_custom_metadata in current version + secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) + secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + + updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} + updateSecretVersionOptions.SetSecretID(secretId) + updateSecretVersionOptions.SetID("current") + updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) + _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) + if err != nil { + if hasChange { + // Call the read function to update the Terraform state with the change already applied to the metadata + resourceIbmSmPublicCertificateRead(context, d, meta) + } + log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + } + return resourceIbmSmPublicCertificateRead(context, d, meta) } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go index a5d48f33ac..6040163fb8 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go @@ -81,7 +81,7 @@ func ResourceIbmSmUsernamePasswordSecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - ForceNew: true, + Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -124,7 +124,6 @@ func ResourceIbmSmUsernamePasswordSecret() *schema.Resource { "password": &schema.Schema{ Type: schema.TypeString, Required: true, - ForceNew: true, Sensitive: true, Description: "The password that is assigned to the secret.", }, @@ -434,6 +433,51 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem } } + // Apply change in payload (if changed) + if d.HasChange("password") { + versionModel := &secretsmanagerv2.UsernamePasswordSecretVersionPrototype{} + versionModel.Password = core.StringPtr(d.Get("password").(string)) + if _, ok := d.GetOk("version_custom_metadata"); ok { + versionModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + } + if _, ok := d.GetOk("custom_metadata"); ok { + versionModel.CustomMetadata = d.Get("custom_metadata").(map[string]interface{}) + } + + createSecretVersionOptions := &secretsmanagerv2.CreateSecretVersionOptions{} + createSecretVersionOptions.SetSecretID(secretId) + createSecretVersionOptions.SetSecretVersionPrototype(versionModel) + _, response, err := secretsManagerClient.CreateSecretVersionWithContext(context, createSecretVersionOptions) + if err != nil { + if hasChange { + // Before returning an error, call the read function to update the Terraform state with the change + // that was already applied to the metadata + resourceIbmSmUsernamePasswordSecretRead(context, d, meta) + } + log.Printf("[DEBUG] CreateSecretVersionWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("CreateSecretVersionWithContext failed %s\n%s", err, response)) + } + } else if d.HasChange("version_custom_metadata") { + // Apply change to version_custom_metadata in current version + secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) + secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + + updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} + updateSecretVersionOptions.SetSecretID(secretId) + updateSecretVersionOptions.SetID("current") + updateSecretVersionOptions.SetSecretVersionMetadataPatch(secretVersionMetadataPatchModelAsPatch) + _, response, err := secretsManagerClient.UpdateSecretVersionMetadataWithContext(context, updateSecretVersionOptions) + if err != nil { + if hasChange { + // Call the read function to update the Terraform state with the change already applied to the metadata + resourceIbmSmUsernamePasswordSecretRead(context, d, meta) + } + log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + } + return resourceIbmSmUsernamePasswordSecretRead(context, d, meta) } From 3bb189afbab9514750b50d7e2ddfb259dd531a1f Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 15 Jan 2024 17:29:22 +0200 Subject: [PATCH 21/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 64 +++++++++++++++++------------------------------ 1 file changed, 23 insertions(+), 41 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index dae78c7d80..9951ef0b1f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-12-26T12:35:45Z", + "generated_at": "2024-01-15T15:28:18Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -760,7 +760,7 @@ "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004", "is_secret": false, "is_verified": false, - "line_number": 428, + "line_number": 432, "type": "Secret Keyword", "verified_result": null }, @@ -768,7 +768,7 @@ "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7", "is_secret": false, "is_verified": false, - "line_number": 434, + "line_number": 438, "type": "Secret Keyword", "verified_result": null }, @@ -776,7 +776,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 1157, + "line_number": 1161, "type": "Base64 High Entropy String", "verified_result": null } @@ -794,7 +794,7 @@ "hashed_secret": "c427f185ddcb2440be9b77c8e45f1cd487a2e790", "is_secret": false, "is_verified": false, - "line_number": 1451, + "line_number": 1454, "type": "Base64 High Entropy String", "verified_result": null }, @@ -802,7 +802,7 @@ "hashed_secret": "1f7e33de15e22de9d2eaf502df284ed25ca40018", "is_secret": false, "is_verified": false, - "line_number": 1518, + "line_number": 1521, "type": "Secret Keyword", "verified_result": null }, @@ -810,7 +810,7 @@ "hashed_secret": "1f614c2eb6b3da22d89bd1b9fd47d7cb7c8fc670", "is_secret": false, "is_verified": false, - "line_number": 3338, + "line_number": 3342, "type": "Secret Keyword", "verified_result": null }, @@ -818,7 +818,7 @@ "hashed_secret": "7abfce65b8504403afc25c9790f358d513dfbcc6", "is_secret": false, "is_verified": false, - "line_number": 3351, + "line_number": 3355, "type": "Secret Keyword", "verified_result": null }, @@ -826,7 +826,7 @@ "hashed_secret": "0c2d85bf9a9b1579b16f220a4ea8c3d62b2e24b1", "is_secret": false, "is_verified": false, - "line_number": 3392, + "line_number": 3396, "type": "Secret Keyword", "verified_result": null } @@ -2964,7 +2964,7 @@ "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd", "is_secret": false, "is_verified": false, - "line_number": 1091, + "line_number": 1115, "type": "Secret Keyword", "verified_result": null } @@ -2992,7 +2992,7 @@ "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd", "is_secret": false, "is_verified": false, - "line_number": 509, + "line_number": 513, "type": "Secret Keyword", "verified_result": null } @@ -3556,7 +3556,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 198, + "line_number": 197, "type": "Secret Keyword", "verified_result": null }, @@ -3564,7 +3564,7 @@ "hashed_secret": "108b310facc1a193833fc2971fd83081f775ea0c", "is_secret": false, "is_verified": false, - "line_number": 389, + "line_number": 388, "type": "Secret Keyword", "verified_result": null }, @@ -3572,7 +3572,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 392, + "line_number": 391, "type": "Secret Keyword", "verified_result": null } @@ -3636,7 +3636,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 297, + "line_number": 296, "type": "Secret Keyword", "verified_result": null }, @@ -3644,7 +3644,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 538, + "line_number": 537, "type": "Secret Keyword", "verified_result": null } @@ -3690,7 +3690,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 397, + "line_number": 396, "type": "Secret Keyword", "verified_result": null }, @@ -3698,7 +3698,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 637, + "line_number": 636, "type": "Secret Keyword", "verified_result": null } @@ -3718,7 +3718,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 39, + "line_number": 44, "type": "Secret Keyword", "verified_result": null }, @@ -3726,7 +3726,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 144, + "line_number": 152, "type": "Secret Keyword", "verified_result": null } @@ -3831,24 +3831,6 @@ "verified_result": null } ], - "ibm/service/secretsmanager/resource_ibm_sm_service_credentilas_secret.go": [ - { - "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", - "is_secret": false, - "is_verified": false, - "line_number": 190, - "type": "Secret Keyword", - "verified_result": null - }, - { - "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", - "is_secret": false, - "is_verified": false, - "line_number": 443, - "type": "Secret Keyword", - "verified_result": null - } - ], "ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go": [ { "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", @@ -3862,7 +3844,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 356, + "line_number": 355, "type": "Secret Keyword", "verified_result": null } @@ -5002,7 +4984,7 @@ "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 191, + "line_number": 192, "type": "Secret Keyword", "verified_result": null }, @@ -5010,7 +4992,7 @@ "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", "is_secret": false, "is_verified": false, - "line_number": 193, + "line_number": 194, "type": "Secret Keyword", "verified_result": null } From 47ea09c426b0d49f45b3a839a0626a7a7487a321 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 17 Jan 2024 12:11:09 +0200 Subject: [PATCH 22/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 6 +++--- .../resource_ibm_sm_username_password_secret.go | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 9951ef0b1f..8ed181f610 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-15T15:28:18Z", + "generated_at": "2024-01-17T10:10:24Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -3836,7 +3836,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 124, + "line_number": 123, "type": "Secret Keyword", "verified_result": null }, @@ -3844,7 +3844,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 355, + "line_number": 354, "type": "Secret Keyword", "verified_result": null } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go index 6040163fb8..811d59f990 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go @@ -81,7 +81,6 @@ func ResourceIbmSmUsernamePasswordSecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, From 27241e546c7e15fdd0d4c0c77c62bb041d76bf2f Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 17 Jan 2024 15:18:27 +0200 Subject: [PATCH 23/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 24 +++---------------- .../resource_ibm_sm_arbitrary_secret.go | 3 +-- .../resource_ibm_sm_iam_credentials_secret.go | 20 +++++++++++++++- .../resource_ibm_sm_imported_certificate.go | 3 +-- .../resource_ibm_sm_kv_secret.go | 3 +-- .../resource_ibm_sm_private_certificate.go | 20 +++++++++++++++- .../resource_ibm_sm_public_certificate.go | 20 +++++++++++++++- ...ource_ibm_sm_service_credentials_secret.go | 3 +-- ...esource_ibm_sm_username_password_secret.go | 20 +++++++++++++++- ibm/service/secretsmanager/utils.go | 11 +++++++++ 10 files changed, 94 insertions(+), 33 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 8ed181f610..de648a2e1f 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,11 +3,8 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-17T10:10:24Z", + "generated_at": "2024-01-17T10:13:16Z", "plugins_used": [ - { - "name": "AWSKeyDetector" - }, { "name": "ArtifactoryDetector" }, @@ -21,12 +18,6 @@ { "name": "BasicAuthDetector" }, - { - "name": "BoxDetector" - }, - { - "name": "CloudantDetector" - }, { "ghe_instance": "github.ibm.com", "name": "GheDetector" @@ -51,9 +42,6 @@ "keyword_exclude": null, "name": "KeywordDetector" }, - { - "name": "MailchimpDetector" - }, { "name": "NpmDetector" }, @@ -68,12 +56,6 @@ }, { "name": "SquareOAuthDetector" - }, - { - "name": "StripeDetector" - }, - { - "name": "TwilioKeyDetector" } ], "results": { @@ -3818,7 +3800,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 190, + "line_number": 189, "type": "Secret Keyword", "verified_result": null }, @@ -3826,7 +3808,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 443, + "line_number": 442, "type": "Secret Keyword", "verified_result": null } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go index 6c5b4f3661..b4b4e2bd7f 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go @@ -84,7 +84,6 @@ func ResourceIbmSmArbitrarySecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -422,7 +421,7 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go index 401488105a..e729325efb 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go @@ -407,6 +407,24 @@ func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.Re return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) } + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.IAMCredentialsSecretVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } + } + return nil } @@ -478,7 +496,7 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go index b87a9cfdc5..aae9c5503c 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go @@ -78,7 +78,6 @@ func ResourceIbmSmImportedCertificate() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -537,7 +536,7 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go index f474f7cb04..f32d9ee23a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go @@ -75,7 +75,6 @@ func ResourceIbmSmKvSecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -396,7 +395,7 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go index 78d4369c7d..19bd04e50c 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go @@ -544,6 +544,24 @@ func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Reso return diag.FromErr(fmt.Errorf("Error setting ca_chain: %s", err)) } } + + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PrivateCertificateVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } + } return nil } @@ -611,7 +629,7 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go index e4da540d19..61b5575d97 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go @@ -635,6 +635,24 @@ func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.Resou if err = d.Set("private_key", secret.PrivateKey); err != nil { return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) } + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PublicCertificateVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } + } + if d.Get("dns").(string) == "akamai" && d.Get("state_description").(string) == "pre_activation" { err := setChallengesWithAkamaiAndValidateManualDns(context, d, meta, secret, secretsManagerClient) if err != nil { @@ -709,7 +727,7 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go index 7d5e211b0d..8beb6980d2 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go @@ -66,7 +66,6 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { "version_custom_metadata": &schema.Schema{ Type: schema.TypeMap, Optional: true, - Computed: true, Description: "The secret version metadata that a user can customize.", Elem: &schema.Schema{Type: schema.TypeString}, }, @@ -537,7 +536,7 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go index 811d59f990..5975f94dac 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go @@ -354,6 +354,24 @@ func resourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema. return diag.FromErr(fmt.Errorf("Error setting password: %s", err)) } + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } + + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.UsernamePasswordSecretVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } + } + return nil } @@ -460,7 +478,7 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem // Apply change to version_custom_metadata in current version secretVersionMetadataPatchModel := new(secretsmanagerv2.SecretVersionMetadataPatch) secretVersionMetadataPatchModel.VersionCustomMetadata = d.Get("version_custom_metadata").(map[string]interface{}) - secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataPatchModel.AsPatch() + secretVersionMetadataPatchModelAsPatch, _ := secretVersionMetadataAsPatchFunction(secretVersionMetadataPatchModel) updateSecretVersionOptions := &secretsmanagerv2.UpdateSecretVersionMetadataOptions{} updateSecretVersionOptions.SetSecretID(secretId) diff --git a/ibm/service/secretsmanager/utils.go b/ibm/service/secretsmanager/utils.go index 07a23380be..da8e661425 100644 --- a/ibm/service/secretsmanager/utils.go +++ b/ibm/service/secretsmanager/utils.go @@ -2,6 +2,7 @@ package secretsmanager import ( "context" + "encoding/json" "fmt" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" "github.com/IBM/go-sdk-core/v5/core" @@ -182,3 +183,13 @@ func getSecretByIdOrByName(context context.Context, d *schema.ResourceData, meta return nil, "", "", diag.FromErr(fmt.Errorf("Missing required arguments. Please make sure that either \"secret_id\" or \"name\" and \"secret_group_name\" are provided\n")) } + +func secretVersionMetadataAsPatchFunction(secretVersionMetadataPatch *secretsmanagerv2.SecretVersionMetadataPatch) (_patch map[string]interface{}, err error) { + jsonData, err := json.Marshal(struct { + VersionCustomMetadata map[string]interface{} `json:"version_custom_metadata"` + }{VersionCustomMetadata: secretVersionMetadataPatch.VersionCustomMetadata}) + if err == nil { + err = json.Unmarshal(jsonData, &_patch) + } + return +} From c1ca0e775cb52dd5d745d45a0feeaa5d0e115583 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 17 Jan 2024 15:23:24 +0200 Subject: [PATCH 24/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index de648a2e1f..10d6b057a6 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-17T10:13:16Z", + "generated_at": "2024-01-17T13:22:37Z", "plugins_used": [ { "name": "ArtifactoryDetector" @@ -3574,7 +3574,7 @@ "hashed_secret": "3046d9f6cfaaeea6eed9bb7a4ab010fe49b0cfd4", "is_secret": false, "is_verified": false, - "line_number": 109, + "line_number": 108, "type": "Secret Keyword", "verified_result": null }, @@ -3582,7 +3582,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 430, + "line_number": 429, "type": "Secret Keyword", "verified_result": null }, @@ -3590,7 +3590,7 @@ "hashed_secret": "9beb31de125498074813c6f31c0e4df3e54a5489", "is_secret": false, "is_verified": false, - "line_number": 646, + "line_number": 645, "type": "Secret Keyword", "verified_result": null } From 988d3df5adaf6211e6fb3bbe0a6e49d876d0b0a5 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 17 Jan 2024 15:25:07 +0200 Subject: [PATCH 25/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.secrets.baseline b/.secrets.baseline index 10d6b057a6..d34b26a7c3 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -5,6 +5,9 @@ }, "generated_at": "2024-01-17T13:22:37Z", "plugins_used": [ + { + "name": "AWSKeyDetector" + }, { "name": "ArtifactoryDetector" }, @@ -18,6 +21,12 @@ { "name": "BasicAuthDetector" }, + { + "name": "BoxDetector" + }, + { + "name": "CloudantDetector" + }, { "ghe_instance": "github.ibm.com", "name": "GheDetector" @@ -42,6 +51,9 @@ "keyword_exclude": null, "name": "KeywordDetector" }, + { + "name": "MailchimpDetector" + }, { "name": "NpmDetector" }, @@ -56,6 +68,12 @@ }, { "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" } ], "results": { From 61de984920f29df6097ad80cca39c26a6d260aff Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jan 2024 12:53:54 +0200 Subject: [PATCH 26/47] preferred chain docs update --- ...ic_certificate_configuration_ca_lets_encrypt.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/sm_public_certificate_configuration_ca_lets_encrypt.html.markdown b/website/docs/r/sm_public_certificate_configuration_ca_lets_encrypt.html.markdown index 6c8cebb18c..e1e9cc1af3 100644 --- a/website/docs/r/sm_public_certificate_configuration_ca_lets_encrypt.html.markdown +++ b/website/docs/r/sm_public_certificate_configuration_ca_lets_encrypt.html.markdown @@ -32,8 +32,8 @@ Review the argument reference that you can specify for your resource. * Constraints: Allowable values are: `private`, `public`. * `lets_encrypt_environment` - (Required, String) The configuration of the Let's Encrypt CA environment. * Constraints: Allowable values are: `production`, `staging`. -* `lets_encrypt_preferred_chain` - (Optional, String) Prefer the chain with an issuer matching this Subject Common Name. - * Constraints: The maximum length is `30` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. +* `lets_encrypt_preferred_chain` - (Optional, String) This field supports only the chains that Let's Encrypt provides. Keep empty to use the default or supply a valid Let's Encrypt-provided value. For a list of supported chains, see: https://letsencrypt.org/certificates/. + * Constraints: The value must match regular expression `/(.*?)/`. * `lets_encrypt_private_key` - (Required, String) The PEM encoded private key of your Lets Encrypt account. * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/(^-----BEGIN PRIVATE KEY-----.*?)/`. * `name` - (Required, String) A human-readable unique name to assign to your configuration. From 5396f65674aa07dd4050ad7384e8ed6b43ad4529 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jan 2024 13:08:22 +0200 Subject: [PATCH 27/47] support for creating secret version for username password & version_custom_metadata for all --- .secrets.baseline | 12 ++-- ..._source_ibm_secrets_manager_secret_test.go | 65 ++++++++--------- ...source_ibm_secrets_manager_secrets_test.go | 71 ++++++++----------- 3 files changed, 65 insertions(+), 83 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 9ac7ee02c8..655991178a 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.mod|go.sum|.*.map|^.secrets.baseline$", "lines": null }, - "generated_at": "2024-01-22T15:02:07Z", + "generated_at": "2024-01-29T11:06:53Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -760,7 +760,7 @@ "hashed_secret": "731438016c5ab94431f61820f35e3ae5f8ad6004", "is_secret": false, "is_verified": false, - "line_number": 434, + "line_number": 438, "type": "Secret Keyword", "verified_result": null }, @@ -768,7 +768,7 @@ "hashed_secret": "12da2e35d6b50c902c014f1ab9e3032650368df7", "is_secret": false, "is_verified": false, - "line_number": 440, + "line_number": 444, "type": "Secret Keyword", "verified_result": null }, @@ -776,7 +776,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 1175, + "line_number": 1179, "type": "Base64 High Entropy String", "verified_result": null } @@ -2964,7 +2964,7 @@ "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd", "is_secret": false, "is_verified": false, - "line_number": 1115, + "line_number": 1107, "type": "Secret Keyword", "verified_result": null } @@ -2992,7 +2992,7 @@ "hashed_secret": "92f08f2d9a0dc3f0d4cb3796435a48508cf59ecd", "is_secret": false, "is_verified": false, - "line_number": 513, + "line_number": 509, "type": "Secret Keyword", "verified_result": null } diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go index d5cbd1b566..fd66f51524 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go @@ -3,40 +3,31 @@ package secretsmanager_test -import ( - "fmt" - "testing" - - acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" -) - -func TestAccIBMSecretsManagerSecretDataSourceBasic(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.TestAccPreCheck(t) }, - Providers: acc.TestAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic(), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type", acc.SecretsManagerSecretType), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "id"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_id"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "metadata.#"), - ), - }, - }, - }) -} - -func testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic() string { - return fmt.Sprintf(` - data "ibm_secrets_manager_secret" "secrets_manager_secret" { - instance_id = "%s" - secret_type = "%s" - secret_id = "%s" - } - `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType, acc.SecretsManagerSecretID) -} +//func TestAccIBMSecretsManagerSecretDataSourceBasic(t *testing.T) { +// resource.Test(t, resource.TestCase{ +// PreCheck: func() { acc.TestAccPreCheck(t) }, +// Providers: acc.TestAccProviders, +// Steps: []resource.TestStep{ +// { +// Config: testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic(), +// Check: resource.ComposeTestCheckFunc( +// resource.TestCheckResourceAttr("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type", acc.SecretsManagerSecretType), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "id"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_id"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "metadata.#"), +// ), +// }, +// }, +// }) +//} +// +//func testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic() string { +// return fmt.Sprintf(` +// data "ibm_secrets_manager_secret" "secrets_manager_secret" { +// instance_id = "%s" +// secret_type = "%s" +// secret_id = "%s" +// } +// `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType, acc.SecretsManagerSecretID) +//} diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go index 9849e835bc..c42e79f227 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go @@ -3,43 +3,34 @@ package secretsmanager_test -import ( - "fmt" - "testing" - - acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" -) - -func TestAccIBMSecretsManagerSecretsDataSourceBasic(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { acc.TestAccPreCheck(t) }, - Providers: acc.TestAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic(), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type", acc.SecretsManagerSecretType), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "id"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "metadata.#"), - resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secrets.#"), - ), - }, - }, - }) -} - -func testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic() string { - return fmt.Sprintf(` - data "ibm_secrets_manager_secrets" "secrets_manager_secrets" { - instance_id = "%s" - secret_type = "%s" - } - - output "WorkSpaceValues" { - value = data.ibm_secrets_manager_secrets.secrets_manager_secrets.secret_type - } - `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType) -} +//func TestAccIBMSecretsManagerSecretsDataSourceBasic(t *testing.T) { +// resource.Test(t, resource.TestCase{ +// PreCheck: func() { acc.TestAccPreCheck(t) }, +// Providers: acc.TestAccProviders, +// Steps: []resource.TestStep{ +// { +// Config: testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic(), +// Check: resource.ComposeTestCheckFunc( +// resource.TestCheckResourceAttr("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type", acc.SecretsManagerSecretType), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "id"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "metadata.#"), +// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secrets.#"), +// ), +// }, +// }, +// }) +//} +// +//func testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic() string { +// return fmt.Sprintf(` +// data "ibm_secrets_manager_secrets" "secrets_manager_secrets" { +// instance_id = "%s" +// secret_type = "%s" +// } +// +// output "WorkSpaceValues" { +// value = data.ibm_secrets_manager_secrets.secrets_manager_secrets.secret_type +// } +// `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType) +//} From 1ea2493c94969c5e929d83a632031cd079992274 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jan 2024 13:09:19 +0200 Subject: [PATCH 28/47] support for creating secret version for username password & version_custom_metadata for all --- ..._source_ibm_secrets_manager_secret_test.go | 62 +++++++++-------- ...source_ibm_secrets_manager_secrets_test.go | 68 ++++++++++--------- 2 files changed, 71 insertions(+), 59 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go index fd66f51524..29d2426812 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go @@ -3,31 +3,37 @@ package secretsmanager_test -//func TestAccIBMSecretsManagerSecretDataSourceBasic(t *testing.T) { -// resource.Test(t, resource.TestCase{ -// PreCheck: func() { acc.TestAccPreCheck(t) }, -// Providers: acc.TestAccProviders, -// Steps: []resource.TestStep{ -// { -// Config: testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic(), -// Check: resource.ComposeTestCheckFunc( -// resource.TestCheckResourceAttr("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type", acc.SecretsManagerSecretType), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "id"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_id"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "metadata.#"), -// ), -// }, -// }, -// }) -//} -// -//func testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic() string { -// return fmt.Sprintf(` -// data "ibm_secrets_manager_secret" "secrets_manager_secret" { -// instance_id = "%s" -// secret_type = "%s" -// secret_id = "%s" -// } -// `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType, acc.SecretsManagerSecretID) -//} +import ( + "fmt" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccIBMSecretsManagerSecretDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type", acc.SecretsManagerSecretType), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "id"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_type"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "secret_id"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secret.secrets_manager_secret", "metadata.#"), + ), + }, + }, + }) +} + +func testAccCheckIBMSecretsManagerSecretDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_secrets_manager_secret" "secrets_manager_secret" { + instance_id = "%s" + secret_type = "%s" + secret_id = "%s" + } + `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType, acc.SecretsManagerSecretID) +} diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go index c42e79f227..bc6b830e9b 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go @@ -3,34 +3,40 @@ package secretsmanager_test -//func TestAccIBMSecretsManagerSecretsDataSourceBasic(t *testing.T) { -// resource.Test(t, resource.TestCase{ -// PreCheck: func() { acc.TestAccPreCheck(t) }, -// Providers: acc.TestAccProviders, -// Steps: []resource.TestStep{ -// { -// Config: testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic(), -// Check: resource.ComposeTestCheckFunc( -// resource.TestCheckResourceAttr("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type", acc.SecretsManagerSecretType), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "id"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "metadata.#"), -// resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secrets.#"), -// ), -// }, -// }, -// }) -//} -// -//func testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic() string { -// return fmt.Sprintf(` -// data "ibm_secrets_manager_secrets" "secrets_manager_secrets" { -// instance_id = "%s" -// secret_type = "%s" -// } -// -// output "WorkSpaceValues" { -// value = data.ibm_secrets_manager_secrets.secrets_manager_secrets.secret_type -// } -// `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType) -//} +import ( + "fmt" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccIBMSecretsManagerSecretsDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type", acc.SecretsManagerSecretType), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "id"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secret_type"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "metadata.#"), + resource.TestCheckResourceAttrSet("data.ibm_secrets_manager_secrets.secrets_manager_secrets", "secrets.#"), + ), + }, + }, + }) +} + +func testAccCheckIBMSecretsManagerSecretsDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_secrets_manager_secrets" "secrets_manager_secrets" { + instance_id = "%s" + secret_type = "%s" + } + + output "WorkSpaceValues" { + value = data.ibm_secrets_manager_secrets.secrets_manager_secrets.secret_type + } + `, acc.SecretsManagerInstanceID, acc.SecretsManagerSecretType) +} From 1a16c08b08289d6cc71bb208ae16704930da8630 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jan 2024 13:10:50 +0200 Subject: [PATCH 29/47] support for creating secret version for username password & version_custom_metadata for all --- .../data_source_ibm_secrets_manager_secret_test.go | 3 +++ .../data_source_ibm_secrets_manager_secrets_test.go | 3 +++ 2 files changed, 6 insertions(+) diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go index 29d2426812..d5cbd1b566 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secret_test.go @@ -5,7 +5,10 @@ package secretsmanager_test import ( "fmt" + "testing" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) diff --git a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go index bc6b830e9b..9849e835bc 100644 --- a/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_secrets_manager_secrets_test.go @@ -5,7 +5,10 @@ package secretsmanager_test import ( "fmt" + "testing" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) From 86af4c0ad9a55c58611e192c37727a8a352f9fc1 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jan 2024 15:06:36 +0200 Subject: [PATCH 30/47] fix public cert bug --- .../resource_ibm_sm_public_certificate.go | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go index 61b5575d97..8cbd049687 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go @@ -635,21 +635,24 @@ func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.Resou if err = d.Set("private_key", secret.PrivateKey); err != nil { return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) } - // Call get version metadata API to get the current version_custom_metadata - getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} - getVersionMetdataOptions.SetSecretID(secretId) - getVersionMetdataOptions.SetID("current") - versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) - if err != nil { - log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) - } + if *secret.StateDescription == "active" { + // Call get version metadata API to get the current version_custom_metadata + getVersionMetdataOptions := &secretsmanagerv2.GetSecretVersionMetadataOptions{} + getVersionMetdataOptions.SetSecretID(secretId) + getVersionMetdataOptions.SetID("current") + + versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) + if err != nil { + log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + } - versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PublicCertificateVersionMetadata) - if versionMetadata.VersionCustomMetadata != nil { - if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PublicCertificateVersionMetadata) + if versionMetadata.VersionCustomMetadata != nil { + if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { + return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + } } } From b16e9f348196849c7bdb5b33da4a6cd7239ff23a Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 27 Mar 2024 14:58:37 +0200 Subject: [PATCH 31/47] update docs --- ...m_service_credentials_secret.html.markdown | 33 +++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown index 12e808bcdc..b15770176b 100644 --- a/website/docs/r/sm_service_credentials_secret.html.markdown +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -28,7 +28,7 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { secret_group_id = ibm_sm_secret_group.sm_secret_group.secret_group_id source_service { instance { - crn = "crn:v1:staging:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" + crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" } role { crn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" @@ -39,6 +39,35 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { } ``` +## Example Usage with existing service ID + +```hcl +resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { + instance_id = ibm_resource_instance.sm_instance.guid + region = "us-south" + name = "secret-name" + custom_metadata = {"key":"value"} + description = "Extended description for this secret." + labels = ["my-label"] + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + secret_group_id = ibm_sm_secret_group.sm_secret_group.secret_group_id + source_service { + instance { + crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" + } + role { + crn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" + } + parameters = {"HMAC": true, "serviceid_crn": "crn:v1:bluemix:public:iam-identity::a/22222f3c34444ff155555d15ca616946::serviceid:ServiceId-1234f56e-1d23-45e6-123c-cfb456b87fyb"} + } + ttl = "1800" +} +``` + ### Example to access resource credentials using credentials attribute: ```terraform @@ -48,7 +77,7 @@ resource "ibm_sm_service_credentials_secret" "sm_service_credentials_secret" { name = "secret-name" source_service { instance { - crn = "crn:v1:staging:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" + crn = "crn:v1:bluemix:public:cloud-object-storage:global:a/111f5fb10986423e9saa8512f1db7e65:111133c8-49ea-41xe-8c40-122038246f5b::" } role { crn = "crn:v1:bluemix:public:iam::::serviceRole:Writer" From a1b39ba88b78c34d113f60be87393cb26657159d Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 20 May 2024 11:05:14 +0300 Subject: [PATCH 32/47] reordering bug in alt_names --- .../resource_ibm_sm_imported_certificate.go | 9 +++++---- .../resource_ibm_sm_private_certificate.go | 13 +++++++------ ...ate_certificate_configuration_action_sign_csr.go | 11 ++++++----- ...ate_certificate_configuration_intermediate_ca.go | 11 ++++++----- ..._sm_private_certificate_configuration_root_ca.go | 11 ++++++----- 5 files changed, 30 insertions(+), 25 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go index aae9c5503c..a441abb60d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go @@ -123,10 +123,11 @@ func ResourceIbmSmImportedCertificate() *schema.Resource { Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, "alt_names": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + Computed: true, + Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: altNamesDiffSuppress, }, "key_algorithm": &schema.Schema{ Type: schema.TypeString, diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go index 19bd04e50c..6cd0aa6faf 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go @@ -71,12 +71,13 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource { Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, "alt_names": &schema.Schema{ - Type: schema.TypeList, - ForceNew: true, - Optional: true, - Computed: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + ForceNew: true, + Optional: true, + Computed: true, + Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: altNamesDiffSuppress, }, "ip_sans": &schema.Schema{ Type: schema.TypeString, diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go index 205ab2a478..0c808c4791 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go @@ -48,11 +48,12 @@ func ResourceIbmSmPrivateCertificateConfigurationActionSignCsr() *schema.Resourc Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, "alt_names": &schema.Schema{ - Type: schema.TypeList, - ForceNew: true, - Optional: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + ForceNew: true, + Optional: true, + Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: altNamesDiffSuppress, }, "ip_sans": &schema.Schema{ Type: schema.TypeString, diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index 795460a263..221f227363 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -90,11 +90,12 @@ func ResourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Resour Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, "alt_names": &schema.Schema{ - Type: schema.TypeList, - Optional: true, - ForceNew: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: altNamesDiffSuppress, }, "ip_sans": &schema.Schema{ Type: schema.TypeString, diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index 767250b940..88f3e2a823 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -75,11 +75,12 @@ func ResourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, "alt_names": &schema.Schema{ - Type: schema.TypeList, - Optional: true, - ForceNew: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, + Type: schema.TypeList, + Optional: true, + ForceNew: true, + Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: altNamesDiffSuppress, }, "ip_sans": &schema.Schema{ Type: schema.TypeString, From 3af4490790b0b89e9df44fafbf92eec72c95caba Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 22 May 2024 14:26:34 +0300 Subject: [PATCH 33/47] name regex fix in docs --- website/docs/r/sm_arbitrary_secret.html.markdown | 2 +- website/docs/r/sm_iam_credentials_secret.html.markdown | 2 +- website/docs/r/sm_imported_certificate.html.markdown | 2 +- website/docs/r/sm_kv_secret.html.markdown | 2 +- website/docs/r/sm_private_certificate.html.markdown | 2 +- website/docs/r/sm_public_certificate.html.markdown | 2 +- website/docs/r/sm_service_credentials_secret.html.markdown | 2 +- website/docs/r/sm_username_password_secret.html.markdown | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/website/docs/r/sm_arbitrary_secret.html.markdown b/website/docs/r/sm_arbitrary_secret.html.markdown index aadaef107d..ec60f7d09e 100644 --- a/website/docs/r/sm_arbitrary_secret.html.markdown +++ b/website/docs/r/sm_arbitrary_secret.html.markdown @@ -40,7 +40,7 @@ Review the argument reference that you can specify for your resource. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. * `payload` - (Required, String) The arbitrary secret's data payload. You can manually rotate the secret by modifying this argument. Modifying the payload creates a new version of the secret. * Constraints: The maximum length is `100000` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. diff --git a/website/docs/r/sm_iam_credentials_secret.html.markdown b/website/docs/r/sm_iam_credentials_secret.html.markdown index b457b8a40d..07d13ccb19 100644 --- a/website/docs/r/sm_iam_credentials_secret.html.markdown +++ b/website/docs/r/sm_iam_credentials_secret.html.markdown @@ -48,7 +48,7 @@ Review the argument reference that you can specify for your resource. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `reuse_api_key` - (Optional, Boolean) Determines whether to use the same service ID and API key for future read operations on an`iam_credentials` secret. Must be set to `true` for IAM credentials secrets managed by Terraform. * `rotation` - (Optional, List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for **rotation**: diff --git a/website/docs/r/sm_imported_certificate.html.markdown b/website/docs/r/sm_imported_certificate.html.markdown index 8ae2e0e158..f0bf5a170b 100644 --- a/website/docs/r/sm_imported_certificate.html.markdown +++ b/website/docs/r/sm_imported_certificate.html.markdown @@ -44,7 +44,7 @@ Review the argument reference that you can specify for your resource. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `private_key` - (Computed, String) (Optional) The PEM-encoded private key to associate with the certificate. * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. diff --git a/website/docs/r/sm_kv_secret.html.markdown b/website/docs/r/sm_kv_secret.html.markdown index 955b5dcc7d..6620fcc2d7 100644 --- a/website/docs/r/sm_kv_secret.html.markdown +++ b/website/docs/r/sm_kv_secret.html.markdown @@ -41,7 +41,7 @@ Review the argument reference that you can specify for your resource. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `secret_group_id` - (Optional, Forces new resource, String) A v4 UUID identifier, or `default` secret group. * Constraints: The maximum length is `36` characters. The minimum length is `7` characters. The value must match regular expression `/^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/`. diff --git a/website/docs/r/sm_private_certificate.html.markdown b/website/docs/r/sm_private_certificate.html.markdown index 98c1d2c122..b6746b39d0 100644 --- a/website/docs/r/sm_private_certificate.html.markdown +++ b/website/docs/r/sm_private_certificate.html.markdown @@ -50,7 +50,7 @@ Review the argument reference that you can specify for your resource. * `labels` - (Optional, List) Labels that you can use to search for secrets in your instance.Up to 30 labels can be created. * Constraints: The list items must match regular expression `/(.*?)/`. The maximum length is `30` items. The minimum length is `0` items. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `rotation` - (Optional, List) Determines whether Secrets Manager rotates your secrets automatically. Nested scheme for **rotation**: * `auto_rotate` - (Optional, Boolean) Determines whether Secrets Manager rotates your secret automatically.Default is `false`. If `auto_rotate` is set to `true` the service rotates your secret based on the defined interval. diff --git a/website/docs/r/sm_public_certificate.html.markdown b/website/docs/r/sm_public_certificate.html.markdown index 44686b2f55..1d6251acbc 100644 --- a/website/docs/r/sm_public_certificate.html.markdown +++ b/website/docs/r/sm_public_certificate.html.markdown @@ -40,7 +40,7 @@ Review the argument reference that you can specify for your resource. * `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. * Constraints: Allowable values are: `private`, `public`. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `ca` - (Required, Forces new resource, String) The name of the certificate authority configuration. * `common_name` - (Required, Forces new resource, String) The Common Name (AKA CN) represents the server name protected by the SSL certificate. * Constraints: The maximum length is `64` characters. The minimum length is `4` characters. The value must match regular expression `/^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/`. diff --git a/website/docs/r/sm_service_credentials_secret.html.markdown b/website/docs/r/sm_service_credentials_secret.html.markdown index b15770176b..625b1f9f7d 100644 --- a/website/docs/r/sm_service_credentials_secret.html.markdown +++ b/website/docs/r/sm_service_credentials_secret.html.markdown @@ -104,7 +104,7 @@ Review the argument reference that you can specify for your resource. * `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. * Constraints: Allowable values are: `private`, `public`. * `name` - (Required, String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `custom_metadata` - (Optional, Map) The secret metadata that a user can customize. * `description` - (Optional, String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. diff --git a/website/docs/r/sm_username_password_secret.html.markdown b/website/docs/r/sm_username_password_secret.html.markdown index 40a776d161..cc57b228ec 100644 --- a/website/docs/r/sm_username_password_secret.html.markdown +++ b/website/docs/r/sm_username_password_secret.html.markdown @@ -47,7 +47,7 @@ Review the argument reference that you can specify for your resource. * `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. * Constraints: Allowable values are: `private`, `public`. * `name` - (String) The human-readable name of your secret. - * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9][A-Za-z0-9]*(?:_*-*\\.*[A-Za-z0-9]+)*$`. + * Constraints: The maximum length is `256` characters. The minimum length is `2` characters. The value must match regular expression `^[A-Za-z0-9_][A-Za-z0-9_]*(?:_*-*\.*[A-Za-z0-9]*)*[A-Za-z0-9]+$`. * `custom_metadata` - (Optional, Map) The secret metadata that a user can customize. * `description` - (Optional, String) An extended description of your secret.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group. * Constraints: The maximum length is `1024` characters. The minimum length is `0` characters. The value must match regular expression `/(.*?)/`. From edde88eb728c65bd3d60bf5946738d421356ba70 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 27 May 2024 07:59:04 +0300 Subject: [PATCH 34/47] imported cert bug fix --- .../data_source_ibm_sm_imported_certificate.go | 8 -------- ...ta_source_ibm_sm_imported_certificate_metadata.go | 8 -------- .../resource_ibm_sm_imported_certificate.go | 12 ------------ website/docs/d/sm_imported_certificate.html.markdown | 2 -- .../d/sm_imported_certificate_metadata.html.markdown | 2 -- website/docs/r/sm_imported_certificate.html.markdown | 2 -- 6 files changed, 34 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go index cb1b9f4f6c..d951300505 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go @@ -120,14 +120,6 @@ func DataSourceIbmSmImportedCertificate() *schema.Resource { Computed: true, Description: "The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.", }, - "alt_names": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, "common_name": &schema.Schema{ Type: schema.TypeString, Computed: true, diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go index f34ed71830..deb8aeb65d 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go @@ -112,14 +112,6 @@ func DataSourceIbmSmImportedCertificateMetadata() *schema.Resource { Computed: true, Description: "The identifier for the cryptographic algorithm that was used by the issuing certificate authority to sign a certificate.", }, - "alt_names": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, "common_name": &schema.Schema{ Type: schema.TypeString, Computed: true, diff --git a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go index a441abb60d..c91f1c2d31 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go @@ -122,13 +122,6 @@ func ResourceIbmSmImportedCertificate() *schema.Resource { Computed: true, Description: "The Common Name (AKA CN) represents the server name that is protected by the SSL certificate.", }, - "alt_names": &schema.Schema{ - Type: schema.TypeList, - Computed: true, - Description: "With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate.", - Elem: &schema.Schema{Type: schema.TypeString}, - DiffSuppressFunc: altNamesDiffSuppress, - }, "key_algorithm": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -387,11 +380,6 @@ func resourceIbmSmImportedCertificateRead(context context.Context, d *schema.Res if err = d.Set("signing_algorithm", secret.SigningAlgorithm); err != nil { return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) } - if secret.AltNames != nil { - if err = d.Set("alt_names", secret.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) - } - } if err = d.Set("common_name", secret.CommonName); err != nil { return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) } diff --git a/website/docs/d/sm_imported_certificate.html.markdown b/website/docs/d/sm_imported_certificate.html.markdown index 4b6e1209fd..09ce6e0768 100644 --- a/website/docs/d/sm_imported_certificate.html.markdown +++ b/website/docs/d/sm_imported_certificate.html.markdown @@ -53,8 +53,6 @@ Review the argument reference that you can specify for your data source. In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the data source. -* `alt_names` - (List) With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate. - * Constraints: The list items must match regular expression `/^(.*?)$/`. The maximum length is `99` items. The minimum length is `0` items. * `certificate` - (String) The PEM-encoded contents of your certificate. * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. diff --git a/website/docs/d/sm_imported_certificate_metadata.html.markdown b/website/docs/d/sm_imported_certificate_metadata.html.markdown index 35c2ca599a..5f2bb4e510 100644 --- a/website/docs/d/sm_imported_certificate_metadata.html.markdown +++ b/website/docs/d/sm_imported_certificate_metadata.html.markdown @@ -36,8 +36,6 @@ Review the argument reference that you can specify for your data source. In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the data source. -* `alt_names` - (List) With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate. - * Constraints: The list items must match regular expression `/^(.*?)$/`. The maximum length is `99` items. The minimum length is `0` items. * `common_name` - (String) The Common Name (AKA CN) represents the server name protected by the SSL certificate. * Constraints: The maximum length is `64` characters. The minimum length is `4` characters. The value must match regular expression `/^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/`. diff --git a/website/docs/r/sm_imported_certificate.html.markdown b/website/docs/r/sm_imported_certificate.html.markdown index f0bf5a170b..3ba5e12ae6 100644 --- a/website/docs/r/sm_imported_certificate.html.markdown +++ b/website/docs/r/sm_imported_certificate.html.markdown @@ -55,8 +55,6 @@ Review the argument reference that you can specify for your resource. In addition to all argument references listed, you can access the following attribute references after your resource is created. * `secret_id` - The unique identifier of the ImportedCertificate. -* `alt_names` - (Forces new resource, List) With the Subject Alternative Name field, you can specify additional host names to be protected by a single SSL certificate. - * Constraints: The list items must match regular expression `/^(.*?)$/`. The maximum length is `99` items. The minimum length is `0` items. * `common_name` - (Forces new resource, String) The Common Name (AKA CN) represents the server name protected by the SSL certificate. * Constraints: The maximum length is `64` characters. The minimum length is `4` characters. The value must match regular expression `/^(\\*\\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])\\.?$/`. * `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. From bcf6e76e8b143347db35c97d66b0d36938e73aab Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Sun, 21 Jul 2024 15:26:17 +0300 Subject: [PATCH 35/47] crypto_key addition --- .../data_source_ibm_sm_configurations.go | 70 +++++++ ...rtificate_configuration_intermediate_ca.go | 65 +++++++ ...ivate_certificate_configuration_root_ca.go | 64 +++++++ ...rtificate_configuration_intermediate_ca.go | 171 +++++++++++++++++- ...ivate_certificate_configuration_root_ca.go | 89 ++++++++- .../docs/d/sm_configurations.html.markdown | 75 +++++--- ...onfiguration_intermediate_ca.html.markdown | 18 ++ ...ficate_configuration_root_ca.html.markdown | 18 ++ ...onfiguration_intermediate_ca.html.markdown | 44 +++-- ...ficate_configuration_root_ca.html.markdown | 17 ++ 10 files changed, 587 insertions(+), 44 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go index 910c861998..3165b164d9 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go @@ -132,6 +132,61 @@ func DataSourceIbmSmConfigurations() *schema.Resource { Computed: true, Description: "The name of the intermediate certificate authority.", }, + "crypto_key": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic key.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.", + }, + "label": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.", + }, + "allow_generate_key": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "The indication of whether a new key is generated by the crypto provider if the given key name cannot be found.", + }, + "provider": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The data that is associated with a cryptographic provider.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type of cryptographic provider.", + }, + "instance_crn": &schema.Schema{ + Description: "The HPCS instance CRN.", + Computed: true, + Type: schema.TypeString, + }, + "pin_iam_credentials_secret_id": &schema.Schema{ + Description: "The secret Id of iam credentials with api key to access HPCS instance.", + Computed: true, + Type: schema.TypeString, + }, + "private_keystore_id": &schema.Schema{ + Description: "The HPCS private key store space id.", + Computed: true, + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, }, }, }, @@ -268,6 +323,7 @@ func dataSourceIbmSmConfigurationsConfigurationMetadataToMap(model secretsmanage if model.CertificateAuthority != nil { modelMap["certificate_authority"] = *model.CertificateAuthority } + return modelMap, nil } else { return nil, fmt.Errorf("Unrecognized secretsmanagerv2.ConfigurationMetadataIntf subtype encountered") @@ -318,6 +374,13 @@ func dataSourceIbmSmConfigurationsPrivateCertificateConfigurationIntermediateCAM if model.SigningMethod != nil { modelMap["signing_method"] = *model.SigningMethod } + if model.CryptoKey != nil { + cryptoModelMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(model.CryptoKey) + if err != nil { + return modelMap, err + } + modelMap["crypto_key"] = []map[string]interface{}{cryptoModelMap} + } return modelMap, nil } @@ -382,6 +445,13 @@ func dataSourceIbmSmConfigurationsPrivateCertificateConfigurationRootCAMetadataT if model.Status != nil { modelMap["status"] = *model.Status } + if model.CryptoKey != nil { + cryptoModelMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(model.CryptoKey) + if err != nil { + return modelMap, err + } + modelMap["crypto_key"] = []map[string]interface{}{cryptoModelMap} + } return modelMap, nil } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go index 682e627829..31022ffc04 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -198,6 +198,61 @@ func DataSourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Reso Computed: true, Description: "The date a secret is expired. The date format follows RFC 3339.", }, + "crypto_key": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic key.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.", + }, + "label": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.", + }, + "allow_generate_key": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "The indication of whether a new key is generated by the crypto provider if the given key name cannot be found.", + }, + "provider": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The data that is associated with a cryptographic provider.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type of cryptographic provider.", + }, + "instance_crn": &schema.Schema{ + Description: "The HPCS instance CRN.", + Computed: true, + Type: schema.TypeString, + }, + "pin_iam_credentials_secret_id": &schema.Schema{ + Description: "The secret Id of iam credentials with api key to access HPCS instance.", + Computed: true, + Type: schema.TypeString, + }, + "private_keystore_id": &schema.Schema{ + Description: "The HPCS private key store space id.", + Computed: true, + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, "data": &schema.Schema{ Type: schema.TypeList, Computed: true, @@ -360,6 +415,16 @@ func dataSourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context co return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) } + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationIntermediateCA.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } + } + data := []map[string]interface{}{} if privateCertificateConfigurationIntermediateCA.Data != nil { modelMap, err := dataSourceIbmSmPrivateCertificateConfigurationIntermediateCAPrivateCertificateCADataToMap(privateCertificateConfigurationIntermediateCA.Data) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go index 29f119c593..a14f91f907 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go @@ -221,6 +221,61 @@ func DataSourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { Computed: true, Description: "The date a secret is expired. The date format follows RFC 3339.", }, + "crypto_key": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic key.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.", + }, + "label": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.", + }, + "allow_generate_key": &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + Description: "The indication of whether a new key is generated by the crypto provider if the given key name cannot be found.", + }, + "provider": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The data that is associated with a cryptographic provider.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The type of cryptographic provider.", + }, + "instance_crn": &schema.Schema{ + Description: "The HPCS instance CRN.", + Computed: true, + Type: schema.TypeString, + }, + "pin_iam_credentials_secret_id": &schema.Schema{ + Description: "The secret Id of iam credentials with api key to access HPCS instance.", + Computed: true, + Type: schema.TypeString, + }, + "private_keystore_id": &schema.Schema{ + Description: "The HPCS private key store space id.", + Computed: true, + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, "data": &schema.Schema{ Type: schema.TypeList, Computed: true, @@ -445,6 +500,15 @@ func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Co if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificateConfigurationRootCA.ExpirationDate)); err != nil { return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) } + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationRootCA.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } + } if privateCertificateConfigurationRootCA.Data != nil { dataMap, err := dataSourceIbmSmPrivateCertificateConfigurationRootCAPrivateCertificateCADataToMap(privateCertificateConfigurationRootCA.Data) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index 221f227363..60ada23860 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -235,6 +235,78 @@ func ResourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Resour Computed: true, Description: "The date a secret is expired. The date format follows RFC 3339.", }, + "crypto_key": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic key.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.", + }, + "label": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.", + }, + "allow_generate_key": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The indication of whether a new key is generated by the crypto provider if the given key name cannot be found.", + }, + "provider": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic provider.", + MaxItems: 1, + ForceNew: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The type of cryptographic provider.", + }, + "instance_crn": &schema.Schema{ + Description: "The HPCS instance CRN.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + "pin_iam_credentials_secret_id": &schema.Schema{ + Description: "The secret Id of iam credentials with api key to access HPCS instance.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + "private_keystore_id": &schema.Schema{ + Description: "The HPCS private key store space id.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, "data": &schema.Schema{ Type: schema.TypeList, Computed: true, @@ -529,10 +601,60 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context cont return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) } } - + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } + } return nil } +func resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(model *secretsmanagerv2.PrivateCertificateCryptoKey) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.ID != nil { + modelMap["id"] = model.ID + } + if model.Label != nil { + modelMap["label"] = model.Label + } + if model.AllowGenerateKey != nil { + modelMap["allow_generate_key"] = model.AllowGenerateKey + } + if model.Provider != nil { + providerModelMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyProviderToMap(model.Provider) + if err != nil { + return modelMap, err + } + modelMap["provider"] = []map[string]interface{}{providerModelMap} + } + + return modelMap, nil +} + +func resourceIbmSmPrivateCertificateConfigurationCryptoKeyProviderToMap(providerModelIntf secretsmanagerv2.PrivateCertificateCryptoProviderIntf) (map[string]interface{}, error) { + providerModelMap := make(map[string]interface{}) + providerModel := providerModelIntf.(*secretsmanagerv2.PrivateCertificateCryptoProviderHPCS) + + if providerModel.Type != nil { + providerModelMap["type"] = providerModel.Type + } + if providerModel.InstanceCrn != nil { + providerModelMap["instance_crn"] = providerModel.InstanceCrn + } + if providerModel.PinIamCredentialsSecretID != nil { + providerModelMap["pin_iam_credentials_secret_id"] = providerModel.PinIamCredentialsSecretID + } + if providerModel.PrivateKeystoreID != nil { + providerModelMap["private_keystore_id"] = providerModel.PrivateKeystoreID + } + + return providerModelMap, nil +} + func resourceIbmSmPrivateCertificateConfigurationIntermediateCAUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { @@ -737,9 +859,56 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCAMapToConfiguratio } model.PostalCode = postalCode } + if _, ok := d.GetOk("crypto_key"); ok { + CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.CryptoKey = CryptoKeyModel + } + return model, nil +} + +func resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(modelMap map[string]interface{}) (*secretsmanagerv2.PrivateCertificateCryptoKey, error) { + model := &secretsmanagerv2.PrivateCertificateCryptoKey{} + if modelMap["id"] != "" { + model.ID = core.StringPtr(modelMap["id"].(string)) + } + if modelMap["label"] != "" { + model.Label = core.StringPtr(modelMap["label"].(string)) + } + if modelMap["allow_generate_key"] != nil { + model.AllowGenerateKey = core.BoolPtr(modelMap["allow_generate_key"].(bool)) + } + if modelMap["provider"] != nil && len(modelMap["provider"].([]interface{})) > 0 { + providerModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKeyProvider(modelMap["provider"].([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.Provider = providerModel + } + return model, nil } +func resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKeyProvider(modelMapProvider map[string]interface{}) (secretsmanagerv2.PrivateCertificateCryptoProviderIntf, error) { + modelProvider := &secretsmanagerv2.PrivateCertificateCryptoProviderHPCS{} + if modelMapProvider["type"] != "" { + modelProvider.Type = core.StringPtr(modelMapProvider["type"].(string)) + } + if modelMapProvider["instance_crn"] != "" { + modelProvider.InstanceCrn = core.StringPtr(modelMapProvider["instance_crn"].(string)) + } + if modelMapProvider["pin_iam_credentials_secret_id"] != "" { + modelProvider.PinIamCredentialsSecretID = core.StringPtr(modelMapProvider["pin_iam_credentials_secret_id"].(string)) + } + if modelMapProvider["private_keystore_id"] != "" { + modelProvider.PrivateKeystoreID = core.StringPtr(modelMapProvider["private_keystore_id"].(string)) + } + + return modelProvider, nil +} + func resourceIbmSmPrivateCertificateConfigurationIntermediateCAPrivateCertificateCADataToMap(modelIntf secretsmanagerv2.PrivateCertificateCADataIntf) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) model := modelIntf.(*secretsmanagerv2.PrivateCertificateCAData) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index 88f3e2a823..9525faca7e 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -219,6 +219,78 @@ func ResourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { Description: "The postal code values to define in the subject field of the resulting certificate.", Elem: &schema.Schema{Type: schema.TypeString}, }, + "crypto_key": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic key.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified.", + }, + "label": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified.", + }, + "allow_generate_key": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The indication of whether a new key is generated by the crypto provider if the given key name cannot be found.", + }, + "provider": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: "The data that is associated with a cryptographic provider.", + MaxItems: 1, + ForceNew: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: "The type of cryptographic provider.", + }, + "instance_crn": &schema.Schema{ + Description: "The HPCS instance CRN.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + "pin_iam_credentials_secret_id": &schema.Schema{ + Description: "The secret Id of iam credentials with api key to access HPCS instance.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + "private_keystore_id": &schema.Schema{ + Description: "The HPCS private key store space id.", + Optional: true, + Computed: true, + ForceNew: true, + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + }, "serial_number": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -525,6 +597,15 @@ func resourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Cont return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) } } + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } + } return nil } @@ -741,7 +822,13 @@ func resourceIbmSmPrivateCertificateConfigurationRootCAMapToConfigurationPrototy } model.PostalCode = postalCodeParsed } - + if _, ok := d.GetOk("crypto_key"); ok { + CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.CryptoKey = CryptoKeyModel + } return model, nil } diff --git a/website/docs/d/sm_configurations.html.markdown b/website/docs/d/sm_configurations.html.markdown index 393bcdc54b..7f9bc6e386 100644 --- a/website/docs/d/sm_configurations.html.markdown +++ b/website/docs/d/sm_configurations.html.markdown @@ -36,32 +36,49 @@ In addition to all argument references listed, you can access the following attr * `configurations` - (List) A collection of configuration metadata. * Constraints: The maximum length is `1000` items. The minimum length is `0` items. Nested scheme for **configurations**: - * `config_type` - (String) Th configuration type. - * Constraints: Allowable values are: `public_cert_configuration_ca_lets_encrypt`, `public_cert_configuration_dns_classic_infrastructure`, `public_cert_configuration_dns_cloud_internet_services`, `iam_credentials_configuration`, `private_cert_configuration_root_ca`, `private_cert_configuration_intermediate_ca`, `private_cert_configuration_template`. - * `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. - * `created_by` - (String) The unique identifier that is associated with the entity that created the secret. - * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. - * `name` - (String) The unique name of your configuration. - * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. - * `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. - * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. - * `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. - * `lets_encrypt_environment` - (String) The configuration of the Let's Encrypt CA environment. - * Constraints: Allowable values are: `production`, `staging`. - * `lets_encrypt_preferred_chain` - (String) Prefer the chain with an issuer matching this Subject Common Name. - * Constraints: The maximum length is `30` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. - * `common_name` - (String) The Common Name (AKA CN) represents the server name that is protected by the SSL certificate. - * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. The value must match regular expression `/(.*?)/`. - * `crl_distribution_points_encoded` - (Boolean) Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority. - * `expiration_date` - (String) The date a secret is expired. The date format follows RFC 3339. - * `key_type` - (String) The type of private key to generate. - * Constraints: Allowable values are: `rsa`, `ec`. - * `key_bits` - (Integer) The number of bits to use to generate the private key.Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and `521`. The default for RSA keys is `2048`. The default for EC keys is `256`. - * `status` - (String) The status of the certificate authority. The status of a root certificate authority is either `configured` or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,`signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`. - * Constraints: Allowable values are: `signing_required`, `signed_certificate_required`, `certificate_template_required`, `configured`, `expired`, `revoked`. - * `issuer` - (String) The distinguished name that identifies the entity that signed and issued the certificate. - * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. - * `signing_method` - (String) The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities). - * Constraints: Allowable values are: `internal`, `external`. - * `certificate_authority` - (String) The name of the intermediate certificate authority. - * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/`. + * `config_type` - (String) Th configuration type. + * Constraints: Allowable values are: `public_cert_configuration_ca_lets_encrypt`, `public_cert_configuration_dns_classic_infrastructure`, `public_cert_configuration_dns_cloud_internet_services`, `iam_credentials_configuration`, `private_cert_configuration_root_ca`, `private_cert_configuration_intermediate_ca`, `private_cert_configuration_template`. + * `created_at` - (String) The date when a resource was created. The date format follows RFC 3339. + * `created_by` - (String) The unique identifier that is associated with the entity that created the secret. + * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. + * `name` - (String) The unique name of your configuration. + * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. + * `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. + * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. + * `updated_at` - (String) The date when a resource was recently modified. The date format follows RFC 3339. + * `lets_encrypt_environment` - (String) The configuration of the Let's Encrypt CA environment. + * Constraints: Allowable values are: `production`, `staging`. + * `lets_encrypt_preferred_chain` - (String) Prefer the chain with an issuer matching this Subject Common Name. + * Constraints: The maximum length is `30` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. + * `common_name` - (String) The Common Name (AKA CN) represents the server name that is protected by the SSL certificate. + * Constraints: The maximum length is `128` characters. The minimum length is `4` characters. The value must match regular expression `/(.*?)/`. + * `crl_distribution_points_encoded` - (Boolean) Determines whether to encode the certificate revocation list (CRL) distribution points in the certificates that are issued by this certificate authority. + * `expiration_date` - (String) The date a secret is expired. The date format follows RFC 3339. + * `key_type` - (String) The type of private key to generate. + * Constraints: Allowable values are: `rsa`, `ec`. + * `key_bits` - (Integer) The number of bits to use to generate the private key.Allowable values for RSA keys are: `2048` and `4096`. Allowable values for EC keys are: `224`, `256`, `384`, and `521`. The default for RSA keys is `2048`. The default for EC keys is `256`. + * `status` - (String) The status of the certificate authority. The status of a root certificate authority is either `configured` or `expired`. For intermediate certificate authorities, possible statuses include `signing_required`,`signed_certificate_required`, `certificate_template_required`, `configured`, `expired` or `revoked`. + * Constraints: Allowable values are: `signing_required`, `signed_certificate_required`, `certificate_template_required`, `configured`, `expired`, `revoked`. + * `issuer` - (String) The distinguished name that identifies the entity that signed and issued the certificate. + * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. + * `signing_method` - (String) The signing method to use with this certificate authority to generate private certificates.You can choose between internal or externally signed options. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-intermediate-certificate-authorities). + * Constraints: Allowable values are: `internal`, `external`. + * `certificate_authority` - (String) The name of the intermediate certificate authority. + * Constraints: The maximum length is `128` characters. The minimum length is `2` characters. The value must match regular expression `/^[A-Za-z0-9][A-Za-z0-9]*(?:_?-?\\.?[A-Za-z0-9]+)*$/`. + * `crypto_key` - (List) The data that is associated with a cryptographic key. + Nested scheme for **crypto_key**: + * `provider` - (List) The data that is associated with a cryptographic provider. + Nested scheme for **provider**: + * `type` - (String) The type of cryptographic provider. + * Constraints: Allowable values are: `hyper_protect_crypto_services`. + * `instance_crn` - (String) The HPCS instance CRN. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@/]|%[0-9A-Z]{2})*){8}$`. + * `pin_iam_credentials_secret_id` - (String) The secret Id of iam credentials with api key to access HPCS instance. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `private_keystore_id` - (String) The HPCS private key store space id. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `id` - (String) The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `label` - (String) The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified. + * Constraints: The maximum length is `255` characters. The minimum length is `1` characters. The value must match regular expression `/^[A-Za-z0-9._ /-]+$/`. + * `allow_generate_key` - (Boolean) The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is `false`. diff --git a/website/docs/d/sm_private_certificate_configuration_intermediate_ca.html.markdown b/website/docs/d/sm_private_certificate_configuration_intermediate_ca.html.markdown index 52e2b23047..e1cd41175d 100644 --- a/website/docs/d/sm_private_certificate_configuration_intermediate_ca.html.markdown +++ b/website/docs/d/sm_private_certificate_configuration_intermediate_ca.html.markdown @@ -138,3 +138,21 @@ Nested scheme for **data**: * `uri_sans` - (String) The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. * Constraints: The maximum length is `2048` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. +* `crypto_key` - (List) The data that is associated with a cryptographic key. + Nested scheme for **crypto_key**: + * `provider` - (List) The data that is associated with a cryptographic provider. + Nested scheme for **provider**: + * `type` - (String) The type of cryptographic provider. + * Constraints: Allowable values are: `hyper_protect_crypto_services`. + * `instance_crn` - (String) The HPCS instance CRN. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@/]|%[0-9A-Z]{2})*){8}$`. + * `pin_iam_credentials_secret_id` - (String) The secret Id of iam credentials with api key to access HPCS instance. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `private_keystore_id` - (String) The HPCS private key store space id. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `id` - (String) The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `label` - (String) The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified. + * Constraints: The maximum length is `255` characters. The minimum length is `1` characters. The value must match regular expression `/^[A-Za-z0-9._ /-]+$/`. + * `allow_generate_key` - (Boolean) The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is `false`. + diff --git a/website/docs/d/sm_private_certificate_configuration_root_ca.html.markdown b/website/docs/d/sm_private_certificate_configuration_root_ca.html.markdown index a444f52db7..2ed3f25867 100644 --- a/website/docs/d/sm_private_certificate_configuration_root_ca.html.markdown +++ b/website/docs/d/sm_private_certificate_configuration_root_ca.html.markdown @@ -140,3 +140,21 @@ Nested scheme for **data**: * `uri_sans` - (String) The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. * Constraints: The maximum length is `2048` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. +* `crypto_key` - (List) The data that is associated with a cryptographic key. + Nested scheme for **crypto_key**: + * `provider` - (List) The data that is associated with a cryptographic provider. + Nested scheme for **provider**: + * `type` - (String) The type of cryptographic provider. + * Constraints: Allowable values are: `hyper_protect_crypto_services`. + * `instance_crn` - (String) The HPCS instance CRN. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@/]|%[0-9A-Z]{2})*){8}$`. + * `pin_iam_credentials_secret_id` - (String) The secret Id of iam credentials with api key to access HPCS instance. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `private_keystore_id` - (String) The HPCS private key store space id. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `id` - (String) The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `label` - (String) The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified. + * Constraints: The maximum length is `255` characters. The minimum length is `1` characters. The value must match regular expression `/^[A-Za-z0-9._ /-]+$/`. + * `allow_generate_key` - (Boolean) The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is `false`. + diff --git a/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown b/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown index 26e23c899f..cc9f8230ee 100644 --- a/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_intermediate_ca.html.markdown @@ -76,6 +76,24 @@ Review the argument reference that you can specify for your resource. * `ttl` - (Optional, String) Specifies the requested Time To Live (after which the certificate will be expired). The value can be provided as a string representation of a duration in hours (e.g. `24h`) or the number of seconds as a string (e.g. `86400`). The value cannot exceed the value of `max_ttl`. * `uri_sans` - (Optional, Forces new resource, String) The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. * Constraints: The maximum length is `2048` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. +* `crypto_key` - (Optional, Forces new resource, List) The data that is associated with a cryptographic key. + Nested scheme for **crypto_key**: + * `provider` - (Required, Forces new resource, List) The data that is associated with a cryptographic provider. + Nested scheme for **provider**: + * `type` - (Required, Forces new resource, String) The type of cryptographic provider. + * Constraints: Allowable values are: `hyper_protect_crypto_services`. + * `instance_crn` - (Required, Forces new resource, String) The HPCS instance CRN. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@/]|%[0-9A-Z]{2})*){8}$`. + * `pin_iam_credentials_secret_id` - (Required, Forces new resource, String) The secret Id of iam credentials with api key to access HPCS instance. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `private_keystore_id` - (Required, Forces new resource, String) The HPCS private key store space id. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `id` - (Optional, Forces new resource, String) The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `label` - (Optional, Forces new resource, String) The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified. + * Constraints: The maximum length is `255` characters. The minimum length is `1` characters. The value must match regular expression `/^[A-Za-z0-9._ /-]+$/`. + * `allow_generate_key` - (Optional, Forces new resource, Boolean) The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is `false`. + ## Attribute Reference @@ -88,19 +106,19 @@ In addition to all argument references listed, you can access the following attr * `crl_expiry_seconds` - (Integer) The time until the certificate revocation list (CRL) expires, in seconds. * `data` - (List) The configuration data of your Private Certificate. Nested scheme for **data**: - * `ca_chain` - (List) The chain of certificate authorities that are associated with the certificate. - * Constraints: The list items must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. The maximum length is `16` items. The minimum length is `1` item. - * `certificate` - (Forces new resource, String) The PEM-encoded contents of your certificate. - * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. - * `csr` - (Forces new resource, String) The certificate signing request. - * Constraints: The maximum length is `4096` characters. The minimum length is `2` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. - * `expiration` - (Integer) The certificate expiration time. - * `issuing_ca` - (String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate. - * Constraints: The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. - * `private_key` - (Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate. - * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. - * `private_key_type` - (Forces new resource, String) The type of private key to generate. - * Constraints: Allowable values are: `rsa`, `ec`. + * `ca_chain` - (List) The chain of certificate authorities that are associated with the certificate. + * Constraints: The list items must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. The maximum length is `16` items. The minimum length is `1` item. + * `certificate` - (Forces new resource, String) The PEM-encoded contents of your certificate. + * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. + * `csr` - (Forces new resource, String) The certificate signing request. + * Constraints: The maximum length is `4096` characters. The minimum length is `2` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. + * `expiration` - (Integer) The certificate expiration time. + * `issuing_ca` - (String) The PEM-encoded certificate of the certificate authority that signed and issued this certificate. + * Constraints: The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. + * `private_key` - (Forces new resource, String) (Optional) The PEM-encoded private key to associate with the certificate. + * Constraints: The maximum length is `100000` characters. The minimum length is `50` characters. The value must match regular expression `/^(-{5}BEGIN.+?-{5}[\\s\\S]+-{5}END.+?-{5})$/`. + * `private_key_type` - (Forces new resource, String) The type of private key to generate. + * Constraints: Allowable values are: `rsa`, `ec`. * `max_ttl_seconds` - (Integer) The maximum time-to-live (TTL) for certificates that are created by this CA in seconds. * `secret_type` - (String) The secret type. Supported types are arbitrary, certificates (imported, public, and private), IAM credentials, key-value, and user credentials. * Constraints: Allowable values are: `arbitrary`, `imported_cert`, `public_cert`, `iam_credentials`, `kv`, `username_password`, `private_cert`. diff --git a/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown b/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown index f240feb528..389fb6b44a 100644 --- a/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown +++ b/website/docs/r/sm_private_certificate_configuration_root_ca.html.markdown @@ -73,6 +73,23 @@ Review the argument reference that you can specify for your resource. * Constraints: The maximum length is `10` characters. The minimum length is `2` characters. The value must match regular expression `/^[0-9]+[s,m,h,d]{0,1}$/`. * `uri_sans` - (Optional, Forces new resource, String) The URI Subject Alternative Names to define for the CA certificate, in a comma-delimited list. * Constraints: The maximum length is `2048` characters. The minimum length is `2` characters. The value must match regular expression `/(.*?)/`. +* `crypto_key` - (Optional, Forces new resource, List) The data that is associated with a cryptographic key. + Nested scheme for **crypto_key**: + * `provider` - (Required, Forces new resource, List) The data that is associated with a cryptographic provider. + Nested scheme for **provider**: + * `type` - (Required, Forces new resource, String) The type of cryptographic provider. + * Constraints: Allowable values are: `hyper_protect_crypto_services`. + * `instance_crn` - (Required, Forces new resource, String) The HPCS instance CRN. + * Constraints: The maximum length is `512` characters. The minimum length is `9` characters. The value must match regular expression `^crn:v[0-9](:([A-Za-z0-9-._~!$&'()*+,;=@/]|%[0-9A-Z]{2})*){8}$`. + * `pin_iam_credentials_secret_id` - (Required, Forces new resource, String) The secret Id of iam credentials with api key to access HPCS instance. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `private_keystore_id` - (Required, Forces new resource, String) The HPCS private key store space id. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `id` - (Optional, Forces new resource, String) The ID of a PKCS#11 key to use. If the key does not exist and generation is enabled, this ID is given to the generated key. If the key exists, and generation is disabled, then this ID is used to look up the key. This value or the crypto key label must be specified. + * Constraints: Value length should be 36. The value must match regular expression `/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/`. + * `label` - (Optional, Forces new resource, String) The label of the key to use. If the key does not exist and generation is enabled, this field is the label that is given to the generated key. If the key exists, and generation is disabled, then this label is used to look up the key. This value or the crypto key ID must be specified. + * Constraints: The maximum length is `255` characters. The minimum length is `1` characters. The value must match regular expression `/^[A-Za-z0-9._ /-]+$/`. + * `allow_generate_key` - (Optional, Forces new resource, Boolean) The indication of whether a new key is generated by the crypto provider if the given key name cannot be found. Default is `false`. ## Attribute Reference From 85ab27f74f87bc13a1c51d4dfee2c9a9cd30914f Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 29 Jul 2024 17:07:58 +0300 Subject: [PATCH 36/47] crypto_key addition --- ibm/acctest/acctest.go | 59 ++++++++++---- .../data_source_ibm_sm_configurations.go | 14 ++++ ...cate_configuration_intermediate_ca_test.go | 58 ++++++++++++++ ..._certificate_configuration_root_ca_test.go | 78 +++++++++++++++++++ .../docs/d/sm_configurations.html.markdown | 6 +- website/docs/d/sm_secrets.html.markdown | 2 +- 6 files changed, 198 insertions(+), 19 deletions(-) diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go index 4eed05f675..f7b16ae23f 100644 --- a/ibm/acctest/acctest.go +++ b/ibm/acctest/acctest.go @@ -147,23 +147,28 @@ var ( // Secrets Manager var ( - SecretsManagerInstanceID string - SecretsManagerInstanceRegion string - SecretsManagerENInstanceCrn string - SecretsManagerIamCredentialsConfigurationApiKey string - SecretsManagerIamCredentialsSecretServiceId string - SecretsManagerIamCredentialsSecretServiceAccessGroup string - SecretsManagerPublicCertificateLetsEncryptEnvironment string - SecretsManagerPublicCertificateLetsEncryptPrivateKey string - SecretsManagerPublicCertificateCisCrn string - SecretsManagerPublicCertificateClassicInfrastructureUsername string - SecretsManagerPublicCertificateClassicInfrastructurePassword string - SecretsManagerPublicCertificateCommonName string - SecretsManagerValidateManualDnsCisZoneId string - SecretsManagerImportedCertificatePathToCertificate string - SecretsManagerServiceCredentialsCosCrn string - SecretsManagerSecretType string - SecretsManagerSecretID string + SecretsManagerInstanceID string + SecretsManagerInstanceRegion string + SecretsManagerENInstanceCrn string + SecretsManagerIamCredentialsConfigurationApiKey string + SecretsManagerIamCredentialsSecretServiceId string + SecretsManagerIamCredentialsSecretServiceAccessGroup string + SecretsManagerPublicCertificateLetsEncryptEnvironment string + SecretsManagerPublicCertificateLetsEncryptPrivateKey string + SecretsManagerPublicCertificateCisCrn string + SecretsManagerPublicCertificateClassicInfrastructureUsername string + SecretsManagerPublicCertificateClassicInfrastructurePassword string + SecretsManagerPublicCertificateCommonName string + SecretsManagerValidateManualDnsCisZoneId string + SecretsManagerImportedCertificatePathToCertificate string + SecretsManagerServiceCredentialsCosCrn string + SecretsManagerPrivateCertificateConfigurationCryptoKeyIAMSecretServiceId string + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType string + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn string + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId string + + SecretsManagerSecretType string + SecretsManagerSecretID string ) var ( @@ -1321,6 +1326,26 @@ func init() { fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_SERVICE_CREDENTIALS_COS_CRN for testing service credentials' tests, else tests fail if not set correctly") } + SecretsManagerPrivateCertificateConfigurationCryptoKeyIAMSecretServiceId = os.Getenv("SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_IAM_SECRET_SERVICE_ID") + if SecretsManagerPrivateCertificateConfigurationCryptoKeyIAMSecretServiceId == "" { + fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_IAM_SECRET_SERVICE_ID for testing private certificate's configuration with crypto key tests, else tests fail if not set correctly") + } + + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType = os.Getenv("SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_TYPE") + if SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType == "" { + fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_TYPE for testing private certificate's configuration with crypto key tests, else tests fail if not set correctly") + } + + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn = os.Getenv("SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_INSTANCE_CRN") + if SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn == "" { + fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_INSTANCE_CRN for testing private certificate's configuration with crypto key tests, else tests fail if not set correctly") + } + + SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId = os.Getenv("SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_PRIVATE_KEYSTORE_ID") + if SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId == "" { + fmt.Println("[INFO] Set the environment variable SECRETS_MANAGER_PRIVATE_CERTIFICATE_CONFIGURATION_CRYPTO_KEY_PROVIDER_PRIVATE_KEYSTORE_ID for testing private certificate's configuration with crypto key tests, else tests fail if not set correctly") + } + Tg_cross_network_account_api_key = os.Getenv("IBM_TG_CROSS_ACCOUNT_API_KEY") if Tg_cross_network_account_api_key == "" { fmt.Println("[INFO] Set the environment variable IBM_TG_CROSS_ACCOUNT_API_KEY for testing ibm_tg_connection resource else tests will fail if this is not set correctly") diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go index 3165b164d9..1c896c1d4e 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go @@ -36,6 +36,12 @@ func DataSourceIbmSmConfigurations() *schema.Resource { Optional: true, Description: "Filter secrets by groups. You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets that are in the default secret group, use the `default` keyword.", }, + "secret_types": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Description: "Filter secrets by secret types.", + Elem: &schema.Schema{Type: schema.TypeString}, + }, "total_count": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -215,6 +221,14 @@ func dataSourceIbmSmConfigurationsRead(context context.Context, d *schema.Resour searchStr := search.(string) listConfigurationsOptions.SetSearch(searchStr) } + if _, ok := d.GetOk("secret_types"); ok { + secretTypes := d.Get("secret_types").([]interface{}) + parsedTypes := make([]string, len(secretTypes)) + for i, v := range secretTypes { + parsedTypes[i] = fmt.Sprint(v) + } + listConfigurationsOptions.SetSecretTypes(parsedTypes) + } var pager *secretsmanagerv2.ConfigurationsPager pager, err = secretsManagerClient.NewConfigurationsPager(listConfigurationsOptions) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go index 198899427c..0983c1c3e0 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go @@ -76,6 +76,31 @@ func TestAccIbmSmPrivateCertificateConfigurationIntermediateCAllArgs(t *testing. }) } +func TestAccIbmSmPrivateCertificateConfigurationIntermediateCACryptoKey(t *testing.T) { + resourceName := "ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_cert_intermediate_ca_crypto_key" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCADestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: privateCertificateIntermediateCAConfigCryptoKey(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCAExists(resourceName, 94680000., 259200, false, true, true), + ), + }, + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"crl_expiry", "max_ttl", "max_path_length", + "permitted_dns_domains", "ttl", "use_csr_values"}, + }, + }, + }) +} + func rootCaConfig() string { return fmt.Sprintf(` @@ -142,6 +167,39 @@ func privateCertificateIntermediateCAConfigAllArgs(maxTtl, crlExpiry, crlDisable crlDistributionPointsEncoded, issuingCertificatesUrlsEncoded) } +func privateCertificateIntermediateCAConfigCryptoKey() string { + return privateCertificateRootCAConfigCryptoKey() + fmt.Sprintf(` + resource "ibm_sm_private_certificate_configuration_intermediate_ca" "sm_private_cert_intermediate_ca_crypto_key" { + depends_on = [ibm_sm_private_certificate_configuration_root_ca.sm_private_cert_root_ca_crypto_key] + instance_id = "%s" + region = "%s" + name = "intermediate-ca-terraform-private-cert-test" + max_ttl = "26300h" + ttl = "2190h" + issuing_certificates_urls_encoded = true + crl_distribution_points_encoded = true + crl_disable = false + key_type = "rsa" + key_bits = 4096 + signing_method = "internal" + issuer = ibm_sm_private_certificate_configuration_root_ca.sm_private_cert_root_ca_crypto_key.name + common_name = "ibm.com" + crypto_key { + allow_generate_key = true + label = "tf_test" + provider { + type = "%s" + instance_crn = "%s" + pin_iam_credentials_secret_id = ibm_sm_iam_credentials_secret.sm_iam_credentials_secret_instance_crypto_key.secret_id + private_keystore_id = "%s" + } + } + }`, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId) +} + func testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCAExists(resourceName string, maxTtl, crlExpiry int, crlDisable, crlDistributionPointsEncoded, issuingCertificatesUrlsEncoded bool) resource.TestCheckFunc { diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go index f0ce03db80..7d3d10de13 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go @@ -79,6 +79,30 @@ func TestAccIbmSmPrivateCertificateConfigurationRootCAllArgs(t *testing.T) { }) } +func TestAccIbmSmPrivateCertificateConfigurationRootCACryptoKey(t *testing.T) { + resourceName := "ibm_sm_private_certificate_configuration_root_ca.sm_private_cert_root_ca_crypto_key" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIbmSmPrivateCertificateConfigurationRootCADestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: privateCertificateRootCAConfigCryptoKey(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIbmSmPrivateCertificateConfigurationRootCAExists(resourceName, 157788000, 259200, false, true, true), + ), + }, + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"crl_expiry", "max_ttl", "ttl"}, + }, + }, + }) +} + var rootCaBasicConfigFormat = ` resource "ibm_sm_private_certificate_configuration_root_ca" "sm_private_cert_root_ca_basic" { instance_id = "%s" @@ -120,6 +144,60 @@ var rootCaFullConfigFormat = ` postal_code = ["12345"] }` +func iamCredentialsSecretConfigCryptoKey() string { + return fmt.Sprintf(` + resource "ibm_sm_iam_credentials_secret" "sm_iam_credentials_secret_instance_crypto_key" { + instance_id = "%s" + region = "%s" + name = "iam-credentials-for-crypto-key-terraform-tests" + service_id = "%s" + reuse_api_key = true + ttl = "259200" + rotation { + auto_rotate = true + interval = 1 + unit = "day" + } + depends_on = [ + ibm_sm_iam_credentials_configuration.sm_iam_credentials_configuration_instance + ] + }`, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyIAMSecretServiceId) +} + +func privateCertificateRootCAConfigCryptoKey() string { + return iamCredentialsEngineConfig() + iamCredentialsSecretConfigCryptoKey() + fmt.Sprintf(` + resource "ibm_sm_private_certificate_configuration_root_ca" "sm_private_cert_root_ca_crypto_key" { + depends_on = [ibm_sm_iam_credentials_secret.sm_iam_credentials_secret_instance_crypto_key] + instance_id = "%s" + region = "%s" + name = "root-ca-terraform-private-cert-test" + max_ttl = "43830h" + ttl = "2190h" + crl_disable = false + crl_expiry = "72h" + crl_distribution_points_encoded = true + issuing_certificates_urls_encoded = true + key_type = "rsa" + key_bits = 4096 + common_name = "ibm.com" + alt_names = ["ddd.com", "aaa.com"] + crypto_key { + allow_generate_key = true + label = "tf_test" + provider { + type = "%s" + instance_crn = "%s" + pin_iam_credentials_secret_id = ibm_sm_iam_credentials_secret.sm_iam_credentials_secret_instance_crypto_key.secret_id + private_keystore_id = "%s" + } + } + }`, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn, + acc.SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId) +} + func privateCertificateRootCAConfigBasic() string { return fmt.Sprintf(rootCaBasicConfigFormat, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) } diff --git a/website/docs/d/sm_configurations.html.markdown b/website/docs/d/sm_configurations.html.markdown index 7f9bc6e386..580c4da4a0 100644 --- a/website/docs/d/sm_configurations.html.markdown +++ b/website/docs/d/sm_configurations.html.markdown @@ -26,7 +26,11 @@ Review the argument reference that you can specify for your data source. * `instance_id` - (Required, Forces new resource, String) The GUID of the Secrets Manager instance. * `region` - (Optional, Forces new resource, String) The region of the Secrets Manager instance. If not provided defaults to the region defined in the IBM provider configuration. * `endpoint_type` - (Optional, String) - The endpoint type. If not provided the endpoint type is determined by the `visibility` argument provided in the provider configuration. - * Constraints: Allowable values are: `private`, `public`. + * Constraints: Allowable values are: `private`, `public`. +* `sort` - (Optional, String) - Sort a collection of configurations by the specified field in ascending order. To sort in descending order use the `-` character. + * Constraints: Allowable values are: `config_type`, `secret_type`, `name`. +* `search` - (Optional, String) - Obtain a collection of configurations that contain the specified string in one or more of the fields: `name`, `config_type`, `secret_type`. +* `secret_types` - (Optional, List) - Filter configurations by secret types: `iam_credentials`, `public_cert` or `private_cert`. You can apply multiple filters by using a comma-separated list of secret types. ## Attribute Reference diff --git a/website/docs/d/sm_secrets.html.markdown b/website/docs/d/sm_secrets.html.markdown index d36a0648ee..ed32aae298 100644 --- a/website/docs/d/sm_secrets.html.markdown +++ b/website/docs/d/sm_secrets.html.markdown @@ -31,7 +31,7 @@ Review the argument reference that you can specify for your data source. * Constraints: Allowable values are: `id`, `created_at`, `updated_at`, `expiration_date`, `secret_type`, `name`. * `search` - (Optional, String) - Obtain a collection of secrets that contain the specified string in one or more of the fields: `id`, `name`, `description`, `labels`, `secret_type`. * `groups` - (Optional, String) - Filter secrets by groups. You can apply multiple filters by using a comma-separated list of secret group IDs. If you need to filter secrets that are in the default secret group, use the `default` keyword. -* `secret_types` - (Optional, String) - Filter secrets by secret types. You can apply multiple filters by using a comma-separated list of secret types. +* `secret_types` - (Optional, List) - Filter secrets by secret types. You can apply multiple filters by using a comma-separated list of secret types. * `match_all_labels` - (Optional, String) - Filter secrets by a label or a combination of labels (comma-separated list). ## Attribute Reference From 34d937129110971e0aa7629a50e2e83822a96ad4 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 6 Aug 2024 12:25:29 +0300 Subject: [PATCH 37/47] crypto_key addition --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2d0ce5ea25..b07fc9ac08 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 github.com/IBM/scc-go-sdk/v5 v5.1.6 github.com/IBM/schematics-go-sdk v0.2.3 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 github.com/IBM/vpc-beta-go-sdk v0.6.0 github.com/IBM/vpc-go-sdk v0.50.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 diff --git a/go.sum b/go.sum index c852481171..88e203c7dc 100644 --- a/go.sum +++ b/go.sum @@ -184,8 +184,8 @@ github.com/IBM/scc-go-sdk/v5 v5.1.6 h1:vpcrADzaY6K967pcOVvp+rjAmoOyyxFgR9woQ20Q/ github.com/IBM/scc-go-sdk/v5 v5.1.6/go.mod h1:YtAVlzq10bwR82QX4ZavhDIwa1s85RuVO9N/KmXVcuk= github.com/IBM/schematics-go-sdk v0.2.3 h1:lgTt0Sbudii3cuSk1YSQgrtiZAXDbBABAoVj3eQuBrU= github.com/IBM/schematics-go-sdk v0.2.3/go.mod h1:Tw2OSAPdpC69AxcwoyqcYYaGTTW6YpERF9uNEU+BFRQ= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 h1:VMc/Zd6RzB8j60CqZekkwYT2wQsCfrkGV2n01Gviuaw= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5/go.mod h1:5kUgJ1dG9cdiAcPDqVz46m362bPnoqZQSth24NiowSg= github.com/IBM/vmware-go-sdk v0.1.2 h1:5lKWFyInWz9e2hwGsoFTEoLa1jYkD30SReN0fQ10w9M= github.com/IBM/vmware-go-sdk v0.1.2/go.mod h1:2UGPBJju3jiv5VKKBBm9a5L6bzF/aJdKOKAzJ7HaOjA= github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc= From 1f27098a4f3d6f5feecc593cc992f35fad21d6c0 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 6 Aug 2024 12:57:07 +0300 Subject: [PATCH 38/47] crypto_key addition --- ibm/acctest/acctest.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go index 52e747bd62..ba2c8a4c5b 100644 --- a/ibm/acctest/acctest.go +++ b/ibm/acctest/acctest.go @@ -169,9 +169,8 @@ var ( SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderType string SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderInstanceCrn string SecretsManagerPrivateCertificateConfigurationCryptoKeyProviderPrivateKeystoreId string - - SecretsManagerSecretType string - SecretsManagerSecretID string + SecretsManagerSecretType string + SecretsManagerSecretID string ) var ( From 6f8fe147ba37552202b89869f2be52af0180f523 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 12 Aug 2024 11:05:47 +0300 Subject: [PATCH 39/47] rejections fixes --- ...rivate_certificate_configuration_intermediate_ca.go | 1 - ...ibm_sm_private_certificate_configuration_root_ca.go | 1 - ...rivate_certificate_configuration_intermediate_ca.go | 10 ++++++---- ...ibm_sm_private_certificate_configuration_root_ca.go | 10 ++++++---- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go index 31022ffc04..a451991bec 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -201,7 +201,6 @@ func DataSourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Reso "crypto_key": &schema.Schema{ Type: schema.TypeList, MaxItems: 1, - Optional: true, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go index a14f91f907..7cfd84ff6d 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go @@ -224,7 +224,6 @@ func DataSourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { "crypto_key": &schema.Schema{ Type: schema.TypeList, MaxItems: 1, - Optional: true, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index 60ada23860..6f54e1c5e8 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -860,11 +860,13 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCAMapToConfiguratio model.PostalCode = postalCode } if _, ok := d.GetOk("crypto_key"); ok { - CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err + if len(d.Get("crypto_key").([]interface{})) > 0 { + CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.CryptoKey = CryptoKeyModel } - model.CryptoKey = CryptoKeyModel } return model, nil } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index 9525faca7e..f863ef4802 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -823,11 +823,13 @@ func resourceIbmSmPrivateCertificateConfigurationRootCAMapToConfigurationPrototy model.PostalCode = postalCodeParsed } if _, ok := d.GetOk("crypto_key"); ok { - CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) - if err != nil { - return model, err + if len(d.Get("crypto_key").([]interface{})) > 0 { + CryptoKeyModel, err := resourceIbmSmPrivateCertificateConfigurationMapToPrivateCertificateConfigurationCryptoKey(d.Get("crypto_key").([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.CryptoKey = CryptoKeyModel } - model.CryptoKey = CryptoKeyModel } return model, nil } From 4670c9171733d081e8478b541e7b0043814fae86 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 13 Aug 2024 17:59:54 +0300 Subject: [PATCH 40/47] rejections fixes --- ibm/service/secretsmanager/data_source_ibm_sm_configurations.go | 1 - 1 file changed, 1 deletion(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go index 1c896c1d4e..059be105e0 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go @@ -141,7 +141,6 @@ func DataSourceIbmSmConfigurations() *schema.Resource { "crypto_key": &schema.Schema{ Type: schema.TypeList, MaxItems: 1, - Optional: true, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ From c8972f59e32c44fe92f550ca3d7e3c65acfb7006 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 13 Aug 2024 18:29:19 +0300 Subject: [PATCH 41/47] rejections fixes --- .../data_source_ibm_sm_configurations.go | 1 - ...rtificate_configuration_intermediate_ca.go | 1 - ...cate_configuration_intermediate_ca_test.go | 33 +++++++++++++++++++ ...ivate_certificate_configuration_root_ca.go | 1 - ..._certificate_configuration_root_ca_test.go | 33 +++++++++++++++++++ 5 files changed, 66 insertions(+), 3 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go index 059be105e0..8b950a1d17 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go @@ -140,7 +140,6 @@ func DataSourceIbmSmConfigurations() *schema.Resource { }, "crypto_key": &schema.Schema{ Type: schema.TypeList, - MaxItems: 1, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go index a451991bec..f3cbb0851e 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -200,7 +200,6 @@ func DataSourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Reso }, "crypto_key": &schema.Schema{ Type: schema.TypeList, - MaxItems: 1, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca_test.go index 9115c848a2..e347ec2d13 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca_test.go @@ -35,6 +35,30 @@ func TestAccIbmSmPrivateCertificateConfigurationIntermediateCADataSourceBasic(t }) } +func TestAccIbmSmPrivateCertificateConfigurationIntermediateCADataSourceCryptoKey(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCADataSourceConfigCryptoKey(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "name"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "config_type"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "secret_type"), + //resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "created_by"), + //resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "created_at"), + //resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "updated_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "signing_method"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "common_name"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_certificate_configuration_intermediate_ca_crypto_key", "crypto_key.#"), + ), + }, + }, + }) +} + func testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCADataSourceConfigBasic() string { return fmt.Sprintf(` resource "ibm_sm_private_certificate_configuration_root_ca" "ibm_sm_private_certificate_configuration_root_ca_instance" { @@ -62,3 +86,12 @@ func testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCADataSourceCon } `, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) } + +func testAccCheckIbmSmPrivateCertificateConfigurationIntermediateCADataSourceConfigCryptoKey() string { + return privateCertificateIntermediateCAConfigCryptoKey() + fmt.Sprintf(` + data "ibm_sm_private_certificate_configuration_intermediate_ca" "sm_private_certificate_configuration_intermediate_ca_crypto_key" { + instance_id = "%s" + region = "%s" + name = ibm_sm_private_certificate_configuration_intermediate_ca.sm_private_cert_intermediate_ca_crypto_key.name + }`, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) +} diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go index 7cfd84ff6d..b338ca1182 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go @@ -223,7 +223,6 @@ func DataSourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { }, "crypto_key": &schema.Schema{ Type: schema.TypeList, - MaxItems: 1, Computed: true, Description: "The data that is associated with a cryptographic key.", Elem: &schema.Resource{ diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca_test.go index 2a1ad944da..a2b2dfe0af 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca_test.go @@ -34,6 +34,29 @@ func TestAccIbmSmPrivateCertificateConfigurationRootCADataSourceBasic(t *testing }) } +func TestAccIbmSmPrivateCertificateConfigurationRootCADataSourceCryptoKey(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIbmSmPrivateCertificateConfigurationRootCADataSourceConfigCryptoKey(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "name"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "config_type"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "secret_type"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "created_by"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "created_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "updated_at"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "common_name"), + resource.TestCheckResourceAttrSet("data.ibm_sm_private_certificate_configuration_root_ca.sm_private_certificate_configuration_root_ca_crypto_key", "crypto_key.#"), + ), + }, + }, + }) +} + func testAccCheckIbmSmPrivateCertificateConfigurationRootCADataSourceConfigBasic() string { return fmt.Sprintf(` resource "ibm_sm_private_certificate_configuration_root_ca" "ibm_sm_private_certificate_configuration_root_ca_instance" { @@ -52,3 +75,13 @@ func testAccCheckIbmSmPrivateCertificateConfigurationRootCADataSourceConfigBasic } `, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) } + +func testAccCheckIbmSmPrivateCertificateConfigurationRootCADataSourceConfigCryptoKey() string { + return privateCertificateRootCAConfigCryptoKey() + fmt.Sprintf(` + data "ibm_sm_private_certificate_configuration_root_ca" "sm_private_certificate_configuration_root_ca_crypto_key" { + instance_id = "%s" + region = "%s" + name = ibm_sm_private_certificate_configuration_root_ca.sm_private_cert_root_ca_crypto_key.name + }`, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) + +} From 9b77d30cdc8f11ad59765d70044057209dc45443 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 13 Aug 2024 19:04:44 +0300 Subject: [PATCH 42/47] rejections fixes --- ...certificate_configuration_intermediate_ca.go | 16 +++++++++------- ...private_certificate_configuration_root_ca.go | 17 ++++++++++------- ...certificate_configuration_intermediate_ca.go | 16 +++++++++------- ...private_certificate_configuration_root_ca.go | 16 +++++++++------- 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go index f3cbb0851e..43c50c46a8 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -413,13 +413,15 @@ func dataSourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context co return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) } - cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationIntermediateCA.CryptoKey) - if err != nil { - return diag.FromErr(err) - } - if len(cryptoKeyMap) > 0 { - if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + if privateCertificateConfigurationIntermediateCA.CryptoKey != nil { + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationIntermediateCA.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go index b338ca1182..68a90a5690 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go @@ -498,13 +498,16 @@ func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Co if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificateConfigurationRootCA.ExpirationDate)); err != nil { return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) } - cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationRootCA.CryptoKey) - if err != nil { - return diag.FromErr(err) - } - if len(cryptoKeyMap) > 0 { - if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + + if privateCertificateConfigurationRootCA.CryptoKey != nil { + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationRootCA.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } } } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index 6f54e1c5e8..e82d66747c 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -601,13 +601,15 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context cont return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) } } - cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) - if err != nil { - return diag.FromErr(err) - } - if len(cryptoKeyMap) > 0 { - if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + if configuration.CryptoKey != nil { + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } } } return nil diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index f863ef4802..e51d97856c 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -597,13 +597,15 @@ func resourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Cont return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) } } - cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) - if err != nil { - return diag.FromErr(err) - } - if len(cryptoKeyMap) > 0 { - if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + if configuration.CryptoKey != nil { + cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) + if err != nil { + return diag.FromErr(err) + } + if len(cryptoKeyMap) > 0 { + if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { + return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + } } } From 7fe57d156e944828a6923c79144117f1ba20fbf3 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Tue, 13 Aug 2024 20:52:15 +0300 Subject: [PATCH 43/47] rejections fixes --- .../data_source_ibm_sm_configurations_test.go | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations_test.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations_test.go index 34698d82b3..1b7b23c688 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations_test.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations_test.go @@ -27,6 +27,22 @@ func TestAccIbmSmConfigurationsDataSourceBasic(t *testing.T) { }) } +func TestAccIbmSmConfigurationsDataSourceCryptoKey(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIbmSmConfigurationsDataSourceConfigCryptoKey(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_sm_configurations.sm_configurations", "id"), + resource.TestCheckResourceAttrSet("data.ibm_sm_configurations.sm_configurations", "configurations.#"), + ), + }, + }, + }) +} + func testAccCheckIbmSmConfigurationsDataSourceConfigBasic() string { return fmt.Sprintf(` resource "ibm_sm_iam_credentials_configuration" "sm_iam_credentials_configuration_instance" { @@ -83,3 +99,12 @@ func testAccCheckIbmSmConfigurationsDataSourceConfigBasic() string { acc.SecretsManagerPublicCertificateClassicInfrastructureUsername, acc.SecretsManagerPublicCertificateClassicInfrastructurePassword, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) } + +func testAccCheckIbmSmConfigurationsDataSourceConfigCryptoKey() string { + return privateCertificateIntermediateCAConfigCryptoKey() + fmt.Sprintf(` + data "ibm_sm_configurations" "sm_configurations" { + instance_id = "%s" + region = "%s" + } + `, acc.SecretsManagerInstanceID, acc.SecretsManagerInstanceRegion) +} From 5c6ca94122e83654ab3038114a5dcb0feaeb7500 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 19 Aug 2024 17:16:36 +0300 Subject: [PATCH 44/47] test label name changed --- ...sm_private_certificate_configuration_intermediate_ca_test.go | 2 +- ...rce_ibm_sm_private_certificate_configuration_root_ca_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go index 0983c1c3e0..9c9e88acbb 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go @@ -186,7 +186,7 @@ func privateCertificateIntermediateCAConfigCryptoKey() string { common_name = "ibm.com" crypto_key { allow_generate_key = true - label = "tf_test" + label = "E2E-tf-test" provider { type = "%s" instance_crn = "%s" diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go index 7d3d10de13..b90566ffcb 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go @@ -184,7 +184,7 @@ func privateCertificateRootCAConfigCryptoKey() string { alt_names = ["ddd.com", "aaa.com"] crypto_key { allow_generate_key = true - label = "tf_test" + label = "E2E-tf-test" provider { type = "%s" instance_crn = "%s" From d1864d7608db3d51261a911df7390f56cafa1974 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 19 Aug 2024 17:18:45 +0300 Subject: [PATCH 45/47] test label name changed --- ...sm_private_certificate_configuration_intermediate_ca_test.go | 2 +- ...rce_ibm_sm_private_certificate_configuration_root_ca_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go index 9c9e88acbb..0865e6ec58 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca_test.go @@ -186,7 +186,7 @@ func privateCertificateIntermediateCAConfigCryptoKey() string { common_name = "ibm.com" crypto_key { allow_generate_key = true - label = "E2E-tf-test" + label = "e2e-tf-test" provider { type = "%s" instance_crn = "%s" diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go index b90566ffcb..b9825fd9e5 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca_test.go @@ -184,7 +184,7 @@ func privateCertificateRootCAConfigCryptoKey() string { alt_names = ["ddd.com", "aaa.com"] crypto_key { allow_generate_key = true - label = "E2E-tf-test" + label = "e2e-tf-test" provider { type = "%s" instance_crn = "%s" From c572d556eba3e5185f16a95cc510233b3b22ffca Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Mon, 2 Sep 2024 12:29:10 +0300 Subject: [PATCH 46/47] error formating update --- .../data_source_ibm_sm_arbitrary_secret.go | 57 +++-- ...source_ibm_sm_arbitrary_secret_metadata.go | 57 +++-- .../data_source_ibm_sm_configurations.go | 19 +- .../data_source_ibm_sm_en_registration.go | 13 +- ...ce_ibm_sm_iam_credentials_configuration.go | 28 ++- ...ta_source_ibm_sm_iam_credentials_secret.go | 81 ++++--- ..._ibm_sm_iam_credentials_secret_metadata.go | 81 ++++--- ...data_source_ibm_sm_imported_certificate.go | 89 +++++--- ...ce_ibm_sm_imported_certificate_metadata.go | 84 ++++--- .../data_source_ibm_sm_kv_secret.go | 56 +++-- .../data_source_ibm_sm_kv_secret_metadata.go | 54 +++-- .../data_source_ibm_sm_private_certificate.go | 104 ++++++--- ...rtificate_configuration_intermediate_ca.go | 81 ++++--- ...ivate_certificate_configuration_root_ca.go | 120 ++++++---- ...vate_certificate_configuration_template.go | 96 +++++--- ...rce_ibm_sm_private_certificate_metadata.go | 99 +++++--- .../data_source_ibm_sm_public_certificate.go | 110 ++++++--- ...rtificate_configuration_ca_lets_encrypt.go | 28 ++- ...ublic_certificate_configuration_dns_cis.go | 31 ++- ...onfiguration_dns_classic_infrastructure.go | 31 ++- ...urce_ibm_sm_public_certificate_metadata.go | 99 +++++--- .../data_source_ibm_sm_secret_group.go | 22 +- .../data_source_ibm_sm_secret_groups.go | 18 +- .../data_source_ibm_sm_secrets.go | 21 +- ...ource_ibm_sm_service_credentials_secret.go | 77 ++++--- ..._sm_service_credentials_secret_metadata.go | 78 ++++--- ..._source_ibm_sm_username_password_secret.go | 74 ++++-- ...bm_sm_username_password_secret_metadata.go | 72 ++++-- .../resource_ibm_sm_arbitrary_secret.go | 127 +++++++---- .../resource_ibm_sm_en_registration.go | 47 ++-- ...ce_ibm_sm_iam_credentials_configuration.go | 52 +++-- .../resource_ibm_sm_iam_credentials_secret.go | 136 +++++++---- .../resource_ibm_sm_imported_certificate.go | 136 +++++++---- .../resource_ibm_sm_kv_secret.go | 97 +++++--- .../resource_ibm_sm_private_certificate.go | 157 ++++++++----- ...ificate_configuration_action_set_signed.go | 10 +- ...rtificate_configuration_action_sign_csr.go | 15 +- ...rtificate_configuration_intermediate_ca.go | 153 ++++++++----- ...ivate_certificate_configuration_root_ca.go | 153 ++++++++----- ...vate_certificate_configuration_template.go | 156 ++++++++----- .../resource_ibm_sm_public_certificate.go | 214 ++++++++++++------ ..._certificate_action_validate_manual_dns.go | 11 +- ...rtificate_configuration_ca_lets_encrypt.go | 55 +++-- ...ublic_certificate_configuration_dns_cis.go | 67 ++++-- ...onfiguration_dns_classic_infrastructure.go | 67 ++++-- .../resource_ibm_sm_secret_group.go | 55 +++-- ...ource_ibm_sm_service_credentials_secret.go | 114 ++++++---- ...esource_ibm_sm_username_password_secret.go | 134 +++++++---- ibm/service/secretsmanager/utils.go | 41 +++- 49 files changed, 2513 insertions(+), 1264 deletions(-) diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret.go index 7572a8d2f0..2cd8853a85 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret.go @@ -131,8 +131,7 @@ func DataSourceIbmSmArbitrarySecret() *schema.Resource { } func dataSourceIbmSmArbitrarySecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - - secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ArbitrarySecretType) + secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ArbitrarySecretType, ArbitrarySecretResourceName) if diagError != nil { return diagError } @@ -142,18 +141,22 @@ func dataSourceIbmSmArbitrarySecretRead(context context.Context, d *schema.Resou var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", arbitrarySecret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(arbitrarySecret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", arbitrarySecret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if arbitrarySecret.CustomMetadata != nil { @@ -163,59 +166,73 @@ func dataSourceIbmSmArbitrarySecretRead(context context.Context, d *schema.Resou } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", arbitrarySecret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", arbitrarySecret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(arbitrarySecret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", arbitrarySecret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", arbitrarySecret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", arbitrarySecret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(arbitrarySecret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", arbitrarySecret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(arbitrarySecret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(arbitrarySecret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(arbitrarySecret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("payload", arbitrarySecret.Payload); err != nil { - return diag.FromErr(fmt.Errorf("Error setting payload: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting payload"), fmt.Sprintf("(Data) %s", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret_metadata.go index 9ac786871a..c822a89341 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_arbitrary_secret_metadata.go @@ -119,7 +119,8 @@ func DataSourceIbmSmArbitrarySecretMetadata() *schema.Resource { func dataSourceIbmSmArbitrarySecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -134,7 +135,8 @@ func dataSourceIbmSmArbitrarySecretMetadataRead(context context.Context, d *sche arbitrarySecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } arbitrarySecretMetadata := arbitrarySecretMetadataIntf.(*secretsmanagerv2.ArbitrarySecretMetadata) @@ -142,19 +144,23 @@ func dataSourceIbmSmArbitrarySecretMetadataRead(context context.Context, d *sche d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("created_by", arbitrarySecretMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(arbitrarySecretMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", arbitrarySecretMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if arbitrarySecretMetadata.CustomMetadata != nil { @@ -164,55 +170,68 @@ func dataSourceIbmSmArbitrarySecretMetadataRead(context context.Context, d *sche } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", arbitrarySecretMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", arbitrarySecretMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(arbitrarySecretMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", arbitrarySecretMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", arbitrarySecretMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", arbitrarySecretMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(arbitrarySecretMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", arbitrarySecretMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(arbitrarySecretMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(arbitrarySecretMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(arbitrarySecretMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", ArbitrarySecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go index 8b950a1d17..7bf7d41211 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_configurations.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "time" @@ -201,7 +202,8 @@ func DataSourceIbmSmConfigurations() *schema.Resource { func dataSourceIbmSmConfigurationsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -231,13 +233,15 @@ func dataSourceIbmSmConfigurationsRead(context context.Context, d *schema.Resour var pager *secretsmanagerv2.ConfigurationsPager pager, err = secretsManagerClient.NewConfigurationsPager(listConfigurationsOptions) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } allItems, err := pager.GetAll() if err != nil { log.Printf("[DEBUG] ConfigurationsPager.GetAll() failed %s", err) - return diag.FromErr(fmt.Errorf("ConfigurationsPager.GetAll() failed %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("ConfigurationsPager.GetAll() %s", err), fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } d.SetId(dataSourceIbmSmConfigurationsID(d)) @@ -246,16 +250,19 @@ func dataSourceIbmSmConfigurationsRead(context context.Context, d *schema.Resour for _, modelItem := range allItems { modelMap, err := dataSourceIbmSmConfigurationsConfigurationMetadataToMap(modelItem) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } mapSlice = append(mapSlice, modelMap) } if err = d.Set("configurations", mapSlice); err != nil { - return diag.FromErr(fmt.Errorf("Error setting configurations %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting configurations"), fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("total_count", len(mapSlice)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting total_count"), fmt.Sprintf("(Data) %s", ConfigurationsResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_en_registration.go b/ibm/service/secretsmanager/data_source_ibm_sm_en_registration.go index 913ba863b1..928a7bf6ef 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_en_registration.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_en_registration.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "log" @@ -31,7 +32,8 @@ func DataSourceIbmSmEnRegistration() *schema.Resource { func dataSourceIbmSmEnRegistrationRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", EnRegistrationResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -43,16 +45,19 @@ func dataSourceIbmSmEnRegistrationRead(context context.Context, d *schema.Resour notificationsRegistration, response, err := secretsManagerClient.GetNotificationsRegistrationWithContext(context, getNotificationsRegistrationOptions) if err != nil { log.Printf("[DEBUG] GetNotificationsRegistrationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetNotificationsRegistrationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetNotificationsRegistrationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", EnRegistrationResourceName), "read") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s", region, instanceId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", EnRegistrationResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("event_notifications_instance_crn", notificationsRegistration.EventNotificationsInstanceCrn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting event_notifications_instance_crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting event_notifications_instance_crn"), fmt.Sprintf("(Data) %s", EnRegistrationResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_configuration.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_configuration.go index ab8f4277de..d6e80959ee 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_configuration.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_configuration.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -63,7 +64,8 @@ func DataSourceIbmSmIamCredentialsConfiguration() *schema.Resource { func dataSourceIbmSmIamCredentialsConfigurationRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -77,37 +79,45 @@ func dataSourceIbmSmIamCredentialsConfigurationRead(context context.Context, d * iAMCredentialsConfigurationIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } iAMCredentialsConfiguration := iAMCredentialsConfigurationIntf.(*secretsmanagerv2.IAMCredentialsConfiguration) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", iAMCredentialsConfiguration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", iAMCredentialsConfiguration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", iAMCredentialsConfiguration.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(iAMCredentialsConfiguration.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(iAMCredentialsConfiguration.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("api_key", iAMCredentialsConfiguration.ApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key"), fmt.Sprintf("(Data) %s", IAMCredentialsConfigResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go index 2fc4b0929a..6c0a18e03e 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret.go @@ -193,8 +193,7 @@ func DataSourceIbmSmIamCredentialsSecret() *schema.Resource { } func dataSourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - - iAMCredentialsSecretIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, IAMCredentialsSecretType) + iAMCredentialsSecretIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, IAMCredentialsSecretType, IAMCredentialsSecretResourceName) if diagError != nil { return diagError } @@ -204,18 +203,22 @@ func dataSourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema. var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", iAMCredentialsSecret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(iAMCredentialsSecret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", iAMCredentialsSecret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if iAMCredentialsSecret.CustomMetadata != nil { @@ -225,96 +228,118 @@ func dataSourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema. } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", iAMCredentialsSecret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", iAMCredentialsSecret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(iAMCredentialsSecret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", iAMCredentialsSecret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", iAMCredentialsSecret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", iAMCredentialsSecret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(iAMCredentialsSecret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", iAMCredentialsSecret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(iAMCredentialsSecret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(iAMCredentialsSecret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ttl", iAMCredentialsSecret.TTL); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("api_key_id", iAMCredentialsSecret.ApiKeyID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key_id"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("service_id", iAMCredentialsSecret.ServiceID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("service_id_is_static", iAMCredentialsSecret.ServiceIdIsStatic); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id_is_static: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id_is_static"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("reuse_api_key", iAMCredentialsSecret.ReuseApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting reuse_api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting reuse_api_key"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if iAMCredentialsSecret.Rotation != nil { modelMap, err := dataSourceIbmSmIamCredentialsSecretRotationPolicyToMap(iAMCredentialsSecret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(iAMCredentialsSecret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("api_key", iAMCredentialsSecret.ApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if iAMCredentialsSecret.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(iAMCredentialsSecret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go index e4193e2ee6..0bca907e28 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_iam_credentials_secret_metadata.go @@ -181,7 +181,8 @@ func DataSourceIbmSmIamCredentialsSecretMetadata() *schema.Resource { func dataSourceIbmSmIamCredentialsSecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -196,25 +197,30 @@ func dataSourceIbmSmIamCredentialsSecretMetadataRead(context context.Context, d iAMCredentialsSecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } iAMCredentialsSecretMetadata := iAMCredentialsSecretMetadataIntf.(*secretsmanagerv2.IAMCredentialsSecretMetadata) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", iAMCredentialsSecretMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(iAMCredentialsSecretMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", iAMCredentialsSecretMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if iAMCredentialsSecretMetadata.CustomMetadata != nil { @@ -224,92 +230,113 @@ func dataSourceIbmSmIamCredentialsSecretMetadataRead(context context.Context, d } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", iAMCredentialsSecretMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", iAMCredentialsSecretMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(iAMCredentialsSecretMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", iAMCredentialsSecretMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", iAMCredentialsSecretMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", iAMCredentialsSecretMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(iAMCredentialsSecretMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", iAMCredentialsSecretMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(iAMCredentialsSecretMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(iAMCredentialsSecretMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ttl", iAMCredentialsSecretMetadata.TTL); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("api_key_id", iAMCredentialsSecretMetadata.ApiKeyID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key_id"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("service_id", iAMCredentialsSecretMetadata.ServiceID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("service_id_is_static", iAMCredentialsSecretMetadata.ServiceIdIsStatic); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id_is_static: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id_is_static"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("reuse_api_key", iAMCredentialsSecretMetadata.ReuseApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting reuse_api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting reuse_api_key"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if iAMCredentialsSecretMetadata.Rotation != nil { modelMap, err := dataSourceIbmSmIamCredentialsSecretMetadataRotationPolicyToMap(iAMCredentialsSecretMetadata.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(iAMCredentialsSecretMetadata.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if iAMCredentialsSecretMetadata.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(iAMCredentialsSecretMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", IAMCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go index d951300505..1a0310db03 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate.go @@ -197,7 +197,7 @@ func DataSourceIbmSmImportedCertificate() *schema.Resource { } func dataSourceIbmSmImportedCertificateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - importedCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ImportedCertSecretType) + importedCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ImportedCertSecretType, ImportedCertSecretResourceName) if diagError != nil { return diagError } @@ -207,18 +207,22 @@ func dataSourceIbmSmImportedCertificateRead(context context.Context, d *schema.R var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", importedCertificate.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(importedCertificate.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", importedCertificate.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if importedCertificate.CustomMetadata != nil { @@ -228,107 +232,132 @@ func dataSourceIbmSmImportedCertificateRead(context context.Context, d *schema.R } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", importedCertificate.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", importedCertificate.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(importedCertificate.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", importedCertificate.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", importedCertificate.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", importedCertificate.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(importedCertificate.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", importedCertificate.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(importedCertificate.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(importedCertificate.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", importedCertificate.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", importedCertificate.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(importedCertificate.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("intermediate_included", importedCertificate.IntermediateIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate_included"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", importedCertificate.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", importedCertificate.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key_included", importedCertificate.PrivateKeyIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_included"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", importedCertificate.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if importedCertificate.Validity != nil { modelMap, err := dataSourceIbmSmImportedCertificateCertificateValidityToMap(importedCertificate.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate", importedCertificate.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("intermediate", importedCertificate.Intermediate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key", importedCertificate.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), fmt.Sprintf("(Data) %s", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go index deb8aeb65d..d44b056af8 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_imported_certificate_metadata.go @@ -173,7 +173,8 @@ func DataSourceIbmSmImportedCertificateMetadata() *schema.Resource { func dataSourceIbmSmImportedCertificateMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -188,26 +189,31 @@ func dataSourceIbmSmImportedCertificateMetadataRead(context context.Context, d * importedCertificateMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } importedCertificateMetadata := importedCertificateMetadataIntf.(*secretsmanagerv2.ImportedCertificateMetadata) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", importedCertificateMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(importedCertificateMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", importedCertificateMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if importedCertificateMetadata.CustomMetadata != nil { @@ -217,95 +223,117 @@ func dataSourceIbmSmImportedCertificateMetadataRead(context context.Context, d * } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", importedCertificateMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", importedCertificateMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(importedCertificateMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", importedCertificateMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", importedCertificateMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", importedCertificateMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(importedCertificateMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", importedCertificateMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(importedCertificateMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(importedCertificateMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", importedCertificateMetadata.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", importedCertificateMetadata.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(importedCertificateMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("intermediate_included", importedCertificateMetadata.IntermediateIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate_included"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", importedCertificateMetadata.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", importedCertificateMetadata.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key_included", importedCertificateMetadata.PrivateKeyIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_included"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", importedCertificateMetadata.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if importedCertificateMetadata.Validity != nil { modelMap, err := dataSourceIbmSmImportedCertificateMetadataCertificateValidityToMap(importedCertificateMetadata.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s_metadata", ImportedCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret.go index 49e78f615f..8ad39c1e08 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret.go @@ -130,7 +130,7 @@ func DataSourceIbmSmKvSecret() *schema.Resource { func dataSourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, KvSecretType) + secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, KvSecretType, KvSecretResourceName) if diagError != nil { return diagError } @@ -140,19 +140,23 @@ func dataSourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *kVSecret.ID)) var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", kVSecret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(kVSecret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", kVSecret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if kVSecret.CustomMetadata != nil { @@ -162,51 +166,63 @@ func dataSourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", kVSecret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", kVSecret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(kVSecret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", kVSecret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", kVSecret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", kVSecret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(kVSecret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", kVSecret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(kVSecret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(kVSecret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if kVSecret.Data != nil { @@ -216,10 +232,12 @@ func dataSourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData } if err = d.Set("data", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting data %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), fmt.Sprintf("(Data) %s", KvSecretResourceName), "read") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret_metadata.go index b36a9376fc..11f82b269e 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_kv_secret_metadata.go @@ -114,7 +114,8 @@ func DataSourceIbmSmKvSecretMetadata() *schema.Resource { func dataSourceIbmSmKvSecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -129,26 +130,31 @@ func dataSourceIbmSmKvSecretMetadataRead(context context.Context, d *schema.Reso kVSecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } kVSecretMetadata := kVSecretMetadataIntf.(*secretsmanagerv2.KVSecretMetadata) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", kVSecretMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(kVSecretMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", kVSecretMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if kVSecretMetadata.CustomMetadata != nil { @@ -158,51 +164,63 @@ func dataSourceIbmSmKvSecretMetadataRead(context context.Context, d *schema.Reso } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", kVSecretMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", kVSecretMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(kVSecretMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", kVSecretMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", kVSecretMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", kVSecretMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(kVSecretMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", kVSecretMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(kVSecretMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(kVSecretMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", KvSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go index 59ce4a1fa8..d8aa2181a7 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate.go @@ -253,7 +253,7 @@ func DataSourceIbmSmPrivateCertificate() *schema.Resource { } func dataSourceIbmSmPrivateCertificateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - privateCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, PrivateCertSecretType) + privateCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, PrivateCertSecretType, PrivateCertSecretResourceName) if diagError != nil { return diagError } @@ -264,19 +264,23 @@ func dataSourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Re var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", privateCertificate.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(privateCertificate.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", privateCertificate.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if privateCertificate.CustomMetadata != nil { @@ -286,131 +290,161 @@ func dataSourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Re } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", privateCertificate.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", privateCertificate.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(privateCertificate.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", privateCertificate.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", privateCertificate.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", privateCertificate.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(privateCertificate.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", privateCertificate.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(privateCertificate.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(privateCertificate.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", privateCertificate.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate_authority", privateCertificate.CertificateAuthority); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_authority: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_authority"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate_template", privateCertificate.CertificateTemplate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_template: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_template"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", privateCertificate.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificate.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", privateCertificate.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", privateCertificate.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(privateCertificate.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if privateCertificate.Rotation != nil { modelMap, err := dataSourceIbmSmPrivateCertificateRotationPolicyToMap(privateCertificate.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", privateCertificate.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if privateCertificate.Validity != nil { modelMap, err := dataSourceIbmSmPrivateCertificateCertificateValidityToMap(privateCertificate.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("revocation_time_seconds", flex.IntValue(privateCertificate.RevocationTimeSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_seconds"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("revocation_time_rfc3339", DateTimeToRFC3339(privateCertificate.RevocationTimeRfc3339)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_rfc3339: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_rfc3339"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate", privateCertificate.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key", privateCertificate.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuing_ca", privateCertificate.IssuingCa); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_ca"), fmt.Sprintf("(Data) %s", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go index 43c50c46a8..1db43ac87c 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -309,7 +309,8 @@ func DataSourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Reso func dataSourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -323,104 +324,128 @@ func dataSourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context co configurationIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } privateCertificateConfigurationIntermediateCA := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationIntermediateCA) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", privateCertificateConfigurationIntermediateCA.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", privateCertificateConfigurationIntermediateCA.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(privateCertificateConfigurationIntermediateCA.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_method", privateCertificateConfigurationIntermediateCA.SigningMethod); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_method: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_method"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", privateCertificateConfigurationIntermediateCA.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_expiry_seconds", flex.IntValue(privateCertificateConfigurationIntermediateCA.CrlExpirySeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_expiry_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_disable", privateCertificateConfigurationIntermediateCA.CrlDisable); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_disable: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_disable"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_distribution_points_encoded", privateCertificateConfigurationIntermediateCA.CrlDistributionPointsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_distribution_points_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_distribution_points_encoded"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuing_certificates_urls_encoded", privateCertificateConfigurationIntermediateCA.IssuingCertificatesUrlsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_certificates_urls_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_certificates_urls_encoded"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", privateCertificateConfigurationIntermediateCA.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ip_sans", privateCertificateConfigurationIntermediateCA.IpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ip_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("uri_sans", privateCertificateConfigurationIntermediateCA.UriSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting uri_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting uri_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("format", privateCertificateConfigurationIntermediateCA.Format); err != nil { - return diag.FromErr(fmt.Errorf("Error setting format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting format"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key_format", privateCertificateConfigurationIntermediateCA.PrivateKeyFormat); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_format"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_type", privateCertificateConfigurationIntermediateCA.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(privateCertificateConfigurationIntermediateCA.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("exclude_cn_from_sans", privateCertificateConfigurationIntermediateCA.ExcludeCnFromSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting exclude_cn_from_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting exclude_cn_from_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", privateCertificateConfigurationIntermediateCA.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("status", privateCertificateConfigurationIntermediateCA.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting status"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificateConfigurationIntermediateCA.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if privateCertificateConfigurationIntermediateCA.CryptoKey != nil { cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationIntermediateCA.CryptoKey) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } if len(cryptoKeyMap) > 0 { if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crypto_key"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } } } @@ -429,12 +454,14 @@ func dataSourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context co if privateCertificateConfigurationIntermediateCA.Data != nil { modelMap, err := dataSourceIbmSmPrivateCertificateConfigurationIntermediateCAPrivateCertificateCADataToMap(privateCertificateConfigurationIntermediateCA.Data) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } data = append(data, modelMap) } if err = d.Set("data", data); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), fmt.Sprintf("(Data) %s", PrivateCertConfigIntermediateCAResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go index 68a90a5690..a415d6efa3 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_root_ca.go @@ -333,7 +333,8 @@ func DataSourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -347,7 +348,8 @@ func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Co privateCertificateConfigurationRootCAIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } privateCertificateConfigurationRootCA := privateCertificateConfigurationRootCAIntf.(*secretsmanagerv2.PrivateCertificateConfigurationRootCA) @@ -355,158 +357,194 @@ func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Co d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", privateCertificateConfigurationRootCA.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", privateCertificateConfigurationRootCA.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", privateCertificateConfigurationRootCA.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(privateCertificateConfigurationRootCA.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(privateCertificateConfigurationRootCA.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(privateCertificateConfigurationRootCA.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_expiry_seconds", flex.IntValue(privateCertificateConfigurationRootCA.CrlExpirySeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_expiry_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_disable", privateCertificateConfigurationRootCA.CrlDisable); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_disable: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_disable"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crl_distribution_points_encoded", privateCertificateConfigurationRootCA.CrlDistributionPointsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_distribution_points_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_distribution_points_encoded"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuing_certificates_urls_encoded", privateCertificateConfigurationRootCA.IssuingCertificatesUrlsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_certificates_urls_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_certificates_urls_encoded"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", privateCertificateConfigurationRootCA.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if privateCertificateConfigurationRootCA.AltNames != nil { if err = d.Set("alt_names", privateCertificateConfigurationRootCA.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("ip_sans", privateCertificateConfigurationRootCA.IpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ip_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("uri_sans", privateCertificateConfigurationRootCA.UriSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting uri_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting uri_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if privateCertificateConfigurationRootCA.OtherSans != nil { if err = d.Set("other_sans", privateCertificateConfigurationRootCA.OtherSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting other_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting other_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("ttl_seconds", flex.IntValue(privateCertificateConfigurationRootCA.TtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("format", privateCertificateConfigurationRootCA.Format); err != nil { - return diag.FromErr(fmt.Errorf("Error setting format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting format"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key_format", privateCertificateConfigurationRootCA.PrivateKeyFormat); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_format"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_type", privateCertificateConfigurationRootCA.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(privateCertificateConfigurationRootCA.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("max_path_length", flex.IntValue(privateCertificateConfigurationRootCA.MaxPathLength)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_path_length: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_path_length"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("exclude_cn_from_sans", privateCertificateConfigurationRootCA.ExcludeCnFromSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting exclude_cn_from_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting exclude_cn_from_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if privateCertificateConfigurationRootCA.PermittedDnsDomains != nil { if err = d.Set("permitted_dns_domains", privateCertificateConfigurationRootCA.PermittedDnsDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting permitted_dns_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting permitted_dns_domains"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.Ou != nil { if err = d.Set("ou", privateCertificateConfigurationRootCA.Ou); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ou: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ou"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.Organization != nil { if err = d.Set("organization", privateCertificateConfigurationRootCA.Organization); err != nil { - return diag.FromErr(fmt.Errorf("Error setting organization: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting organization"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.Country != nil { if err = d.Set("country", privateCertificateConfigurationRootCA.Country); err != nil { - return diag.FromErr(fmt.Errorf("Error setting country: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting country"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.Locality != nil { if err = d.Set("locality", privateCertificateConfigurationRootCA.Locality); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locality: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locality"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.Province != nil { if err = d.Set("province", privateCertificateConfigurationRootCA.Province); err != nil { - return diag.FromErr(fmt.Errorf("Error setting province: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting province"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.StreetAddress != nil { if err = d.Set("street_address", privateCertificateConfigurationRootCA.StreetAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting street_address: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting street_address"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if privateCertificateConfigurationRootCA.PostalCode != nil { if err = d.Set("postal_code", privateCertificateConfigurationRootCA.PostalCode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting postal_code: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting postal_code"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("serial_number", privateCertificateConfigurationRootCA.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("status", privateCertificateConfigurationRootCA.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting status"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificateConfigurationRootCA.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if privateCertificateConfigurationRootCA.CryptoKey != nil { cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(privateCertificateConfigurationRootCA.CryptoKey) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if len(cryptoKeyMap) > 0 { if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crypto_key"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } } @@ -514,10 +552,12 @@ func dataSourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Co if privateCertificateConfigurationRootCA.Data != nil { dataMap, err := dataSourceIbmSmPrivateCertificateConfigurationRootCAPrivateCertificateCADataToMap(privateCertificateConfigurationRootCA.Data) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("data", []map[string]interface{}{dataMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), fmt.Sprintf("(Data) %s", PrivateCertConfigRootCAResourceName), "read") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_template.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_template.go index 2fbf395d9e..e82a8166fa 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_template.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_configuration_template.go @@ -290,7 +290,8 @@ func DataSourceIbmSmPrivateCertificateConfigurationTemplate() *schema.Resource { func dataSourceIbmSmPrivateCertificateConfigurationTemplateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -304,130 +305,161 @@ func dataSourceIbmSmPrivateCertificateConfigurationTemplateRead(context context. privateCertificateConfigurationTemplateIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } privateCertificateConfigurationTemplate := privateCertificateConfigurationTemplateIntf.(*secretsmanagerv2.PrivateCertificateConfigurationTemplate) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", privateCertificateConfigurationTemplate.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", privateCertificateConfigurationTemplate.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", privateCertificateConfigurationTemplate.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(privateCertificateConfigurationTemplate.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(privateCertificateConfigurationTemplate.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate_authority", privateCertificateConfigurationTemplate.CertificateAuthority); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_authority: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_authority"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allowed_secret_groups", privateCertificateConfigurationTemplate.AllowedSecretGroups); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_secret_groups: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_secret_groups"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(privateCertificateConfigurationTemplate.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ttl_seconds", flex.IntValue(privateCertificateConfigurationTemplate.TtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_localhost", privateCertificateConfigurationTemplate.AllowLocalhost); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_localhost: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_localhost"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allowed_domains_template", privateCertificateConfigurationTemplate.AllowedDomainsTemplate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_domains_template: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_domains_template"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_bare_domains", privateCertificateConfigurationTemplate.AllowBareDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_bare_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_bare_domains"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_subdomains", privateCertificateConfigurationTemplate.AllowSubdomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_subdomains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_subdomains"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_glob_domains", privateCertificateConfigurationTemplate.AllowGlobDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_glob_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_glob_domains"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_any_name", privateCertificateConfigurationTemplate.AllowAnyName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_any_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_any_name"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("enforce_hostnames", privateCertificateConfigurationTemplate.EnforceHostnames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting enforce_hostnames: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting enforce_hostnames"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("allow_ip_sans", privateCertificateConfigurationTemplate.AllowIpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_ip_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("server_flag", privateCertificateConfigurationTemplate.ServerFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting server_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting server_flag"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("client_flag", privateCertificateConfigurationTemplate.ClientFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting client_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting client_flag"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("code_signing_flag", privateCertificateConfigurationTemplate.CodeSigningFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting code_signing_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting code_signing_flag"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("email_protection_flag", privateCertificateConfigurationTemplate.EmailProtectionFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting email_protection_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting email_protection_flag"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_type", privateCertificateConfigurationTemplate.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(privateCertificateConfigurationTemplate.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("use_csr_common_name", privateCertificateConfigurationTemplate.UseCsrCommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting use_csr_common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting use_csr_common_name"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("use_csr_sans", privateCertificateConfigurationTemplate.UseCsrSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting use_csr_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting use_csr_sans"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", privateCertificateConfigurationTemplate.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("require_cn", privateCertificateConfigurationTemplate.RequireCn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting require_cn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting require_cn"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("basic_constraints_valid_for_non_ca", privateCertificateConfigurationTemplate.BasicConstraintsValidForNonCa); err != nil { - return diag.FromErr(fmt.Errorf("Error setting basic_constraints_valid_for_non_ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting basic_constraints_valid_for_non_ca"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("not_before_duration_seconds", flex.IntValue(privateCertificateConfigurationTemplate.NotBeforeDurationSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting not_before_duration_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting not_before_duration_seconds"), fmt.Sprintf("(Data) %s", PrivateCertConfigTemplateResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go index a1afb4a638..12706e4f58 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_private_certificate_metadata.go @@ -220,7 +220,8 @@ func DataSourceIbmSmPrivateCertificateMetadata() *schema.Resource { func dataSourceIbmSmPrivateCertificateMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -235,7 +236,8 @@ func dataSourceIbmSmPrivateCertificateMetadataRead(context context.Context, d *s privateCertificateMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } privateCertificateMetadata := privateCertificateMetadataIntf.(*secretsmanagerv2.PrivateCertificateMetadata) @@ -243,19 +245,23 @@ func dataSourceIbmSmPrivateCertificateMetadataRead(context context.Context, d *s d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", privateCertificateMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(privateCertificateMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", privateCertificateMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if privateCertificateMetadata.CustomMetadata != nil { @@ -265,119 +271,146 @@ func dataSourceIbmSmPrivateCertificateMetadataRead(context context.Context, d *s } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", privateCertificateMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", privateCertificateMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(privateCertificateMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", privateCertificateMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", privateCertificateMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", privateCertificateMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(privateCertificateMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", privateCertificateMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(privateCertificateMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(privateCertificateMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", privateCertificateMetadata.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate_authority", privateCertificateMetadata.CertificateAuthority); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_authority: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_authority"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate_template", privateCertificateMetadata.CertificateTemplate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_template: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_template"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", privateCertificateMetadata.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(privateCertificateMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", privateCertificateMetadata.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", privateCertificateMetadata.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(privateCertificateMetadata.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if privateCertificateMetadata.Rotation != nil { modelMap, err := dataSourceIbmSmPrivateCertificateMetadataRotationPolicyToMap(privateCertificateMetadata.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", privateCertificateMetadata.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if privateCertificateMetadata.Validity != nil { modelMap, err := dataSourceIbmSmPrivateCertificateMetadataCertificateValidityToMap(privateCertificateMetadata.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("revocation_time_seconds", flex.IntValue(privateCertificateMetadata.RevocationTimeSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_seconds"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("revocation_time_rfc3339", DateTimeToRFC3339(privateCertificateMetadata.RevocationTimeRfc3339)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_rfc3339: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_rfc3339"), fmt.Sprintf("(Data) %s_metadata", PrivateCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate.go b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate.go index 20bfe5e1dd..17bc5ead32 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate.go @@ -307,7 +307,7 @@ func DataSourceIbmSmPublicCertificate() *schema.Resource { } func dataSourceIbmSmPublicCertificateSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - publicCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, PublicCertSecretType) + publicCertificateIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, PublicCertSecretType, PublicCertSecretResourceName) if diagError != nil { return diagError } @@ -318,19 +318,23 @@ func dataSourceIbmSmPublicCertificateSecretRead(context context.Context, d *sche var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", publicCertificate.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(publicCertificate.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", publicCertificate.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if publicCertificate.CustomMetadata != nil { @@ -340,146 +344,178 @@ func dataSourceIbmSmPublicCertificateSecretRead(context context.Context, d *sche } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", publicCertificate.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", publicCertificate.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if publicCertificate.Labels != nil { if err = d.Set("labels", publicCertificate.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(publicCertificate.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", publicCertificate.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", publicCertificate.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", publicCertificate.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(publicCertificate.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", publicCertificate.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(publicCertificate.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(publicCertificate.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", publicCertificate.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if publicCertificate.AltNames != nil { if err = d.Set("alt_names", publicCertificate.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("common_name", publicCertificate.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(publicCertificate.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } issuanceInfo := []map[string]interface{}{} if publicCertificate.IssuanceInfo != nil { modelMap, err := dataSourceIbmSmPublicCertificateSecretCertificateIssuanceInfoToMap(publicCertificate.IssuanceInfo) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } issuanceInfo = append(issuanceInfo, modelMap) } if err = d.Set("issuance_info", issuanceInfo); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuance_info %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuance_info"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", publicCertificate.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", publicCertificate.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", publicCertificate.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if publicCertificate.Validity != nil { modelMap, err := dataSourceIbmSmPublicCertificateSecretCertificateValidityToMap(publicCertificate.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if publicCertificate.Rotation != nil { modelMap, err := dataSourceIbmSmPublicCertificateSecretRotationPolicyToMap(publicCertificate.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("bundle_certs", publicCertificate.BundleCerts); err != nil { - return diag.FromErr(fmt.Errorf("Error setting bundle_certs: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting bundle_certs"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ca", publicCertificate.Ca); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ca"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("dns", publicCertificate.Dns); err != nil { - return diag.FromErr(fmt.Errorf("Error setting dns: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting dns"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("certificate", publicCertificate.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("intermediate", publicCertificate.Intermediate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("private_key", publicCertificate.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), fmt.Sprintf("(Data) %s", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go index 4f2631e6c9..89d75dcfde 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -63,7 +64,8 @@ func DataSourceIbmSmPublicCertificateConfigurationCALetsEncrypt() *schema.Resour func dataSourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -77,38 +79,46 @@ func dataSourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context cont publicCertificateConfigurationCALetsEncryptIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } publicCertificateConfigurationCALetsEncrypt := publicCertificateConfigurationCALetsEncryptIntf.(*secretsmanagerv2.PublicCertificateConfigurationCALetsEncrypt) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", publicCertificateConfigurationCALetsEncrypt.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(publicCertificateConfigurationCALetsEncrypt.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(publicCertificateConfigurationCALetsEncrypt.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_environment", publicCertificateConfigurationCALetsEncrypt.LetsEncryptEnvironment); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_environment: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_environment"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_private_key", publicCertificateConfigurationCALetsEncrypt.LetsEncryptPrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_private_key"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_preferred_chain", publicCertificateConfigurationCALetsEncrypt.LetsEncryptPreferredChain); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_preferred_chain: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_preferred_chain"), fmt.Sprintf("(Data) %s", PublicCertConfigCALetsEncryptResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_cis.go b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_cis.go index 8a9acbe6f5..ab7f7d5893 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_cis.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_cis.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -67,7 +68,8 @@ func DataSourceIbmSmConfigurationPublicCertificateDNSCis() *schema.Resource { func dataSourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -81,7 +83,8 @@ func dataSourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Con publicCertificateConfigurationDNSCloudInternetServicesIntf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } publicCertificateConfigurationDNSCloudInternetServices := publicCertificateConfigurationDNSCloudInternetServicesIntf.(*secretsmanagerv2.PublicCertificateConfigurationDNSCloudInternetServices) @@ -89,35 +92,43 @@ func dataSourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Con d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", publicCertificateConfigurationDNSCloudInternetServices.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", publicCertificateConfigurationDNSCloudInternetServices.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", publicCertificateConfigurationDNSCloudInternetServices.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(publicCertificateConfigurationDNSCloudInternetServices.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(publicCertificateConfigurationDNSCloudInternetServices.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("cloud_internet_services_apikey", publicCertificateConfigurationDNSCloudInternetServices.CloudInternetServicesApikey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting cloud_internet_services_apikey: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting cloud_internet_services_apikey"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("cloud_internet_services_crn", publicCertificateConfigurationDNSCloudInternetServices.CloudInternetServicesCrn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting cloud_internet_services_crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting cloud_internet_services_crn"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsCISResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go index 5ddf409829..90e622cee9 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -67,7 +68,8 @@ func DataSourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructure() *sc func dataSourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -81,42 +83,51 @@ func dataSourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureRead(c publicCertificateConfigurationDNSClassicInfrastructureInf, response, err := secretsManagerClient.GetConfigurationWithContext(context, getConfigurationOptions) if err != nil { log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } publicCertificateConfigurationDNSClassicInfrastructure := publicCertificateConfigurationDNSClassicInfrastructureInf.(*secretsmanagerv2.PublicCertificateConfigurationDNSClassicInfrastructure) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *getConfigurationOptions.Name)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("config_type", publicCertificateConfigurationDNSClassicInfrastructure.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", publicCertificateConfigurationDNSClassicInfrastructure.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", publicCertificateConfigurationDNSClassicInfrastructure.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(publicCertificateConfigurationDNSClassicInfrastructure.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(publicCertificateConfigurationDNSClassicInfrastructure.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("classic_infrastructure_username", publicCertificateConfigurationDNSClassicInfrastructure.ClassicInfrastructureUsername); err != nil { - return diag.FromErr(fmt.Errorf("Error setting classic_infrastructure_username: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting classic_infrastructure_username"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("classic_infrastructure_password", publicCertificateConfigurationDNSClassicInfrastructure.ClassicInfrastructurePassword); err != nil { - return diag.FromErr(fmt.Errorf("Error setting classic_infrastructure_password: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting classic_infrastructure_password"), fmt.Sprintf("(Data) %s", PublicCertConfigDnsClassicInfrastructureResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_metadata.go index 0114bf0c27..569fb67cec 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_public_certificate_metadata.go @@ -283,7 +283,8 @@ func DataSourceIbmSmPublicCertificateMetadata() *schema.Resource { func dataSourceIbmSmPublicCertificateMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -298,7 +299,8 @@ func dataSourceIbmSmPublicCertificateMetadataRead(context context.Context, d *sc publicCertificateMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } publicCertificateMetadata := publicCertificateMetadataIntf.(*secretsmanagerv2.PublicCertificateMetadata) @@ -306,19 +308,23 @@ func dataSourceIbmSmPublicCertificateMetadataRead(context context.Context, d *sc d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", publicCertificateMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(publicCertificateMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", publicCertificateMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if publicCertificateMetadata.CustomMetadata != nil { @@ -328,123 +334,150 @@ func dataSourceIbmSmPublicCertificateMetadataRead(context context.Context, d *sc } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", publicCertificateMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", publicCertificateMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(publicCertificateMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", publicCertificateMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", publicCertificateMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", publicCertificateMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(publicCertificateMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", publicCertificateMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(publicCertificateMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(publicCertificateMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", publicCertificateMetadata.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("common_name", publicCertificateMetadata.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(publicCertificateMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } issuanceInfo := []map[string]interface{}{} if publicCertificateMetadata.IssuanceInfo != nil { modelMap, err := dataSourceIbmSmPublicCertificateMetadataCertificateIssuanceInfoToMap(publicCertificateMetadata.IssuanceInfo) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } issuanceInfo = append(issuanceInfo, modelMap) } if err = d.Set("issuance_info", issuanceInfo); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuance_info %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuance_info"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("issuer", publicCertificateMetadata.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", publicCertificateMetadata.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", publicCertificateMetadata.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } validity := []map[string]interface{}{} if publicCertificateMetadata.Validity != nil { modelMap, err := dataSourceIbmSmPublicCertificateMetadataCertificateValidityToMap(publicCertificateMetadata.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } validity = append(validity, modelMap) } if err = d.Set("validity", validity); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if publicCertificateMetadata.Rotation != nil { modelMap, err := dataSourceIbmSmPublicCertificateMetadataRotationPolicyToMap(publicCertificateMetadata.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("bundle_certs", publicCertificateMetadata.BundleCerts); err != nil { - return diag.FromErr(fmt.Errorf("Error setting bundle_certs: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting bundle_certs"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ca", publicCertificateMetadata.Ca); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ca"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("dns", publicCertificateMetadata.Dns); err != nil { - return diag.FromErr(fmt.Errorf("Error setting dns: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting dns"), fmt.Sprintf("(Data) %s_metadata", PublicCertSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_secret_group.go b/ibm/service/secretsmanager/data_source_ibm_sm_secret_group.go index 7352119b19..8c074e439e 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_secret_group.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_secret_group.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" @@ -52,7 +53,8 @@ func DataSourceIbmSmSecretGroup() *schema.Resource { func dataSourceIbmSmSecretGroupRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -67,28 +69,34 @@ func dataSourceIbmSmSecretGroupRead(context context.Context, d *schema.ResourceD secretGroup, response, err := secretsManagerClient.GetSecretGroupWithContext(context, getSecretGroupOptions) if err != nil { log.Printf("[DEBUG] GetSecretGroupWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretGroupWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretGroupWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretGroupId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", secretGroup.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("description", secretGroup.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secretGroup.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secretGroup.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", SecretGroupResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_secret_groups.go b/ibm/service/secretsmanager/data_source_ibm_sm_secret_groups.go index 014dbe6d51..ea1ee4dc89 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_secret_groups.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_secret_groups.go @@ -68,7 +68,8 @@ func DataSourceIbmSmSecretGroups() *schema.Resource { func dataSourceIbmSmSecretGroupsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -80,7 +81,8 @@ func dataSourceIbmSmSecretGroupsRead(context context.Context, d *schema.Resource secretGroupCollection, response, err := secretsManagerClient.ListSecretGroupsWithContext(context, listSecretGroupsOptions) if err != nil { log.Printf("[DEBUG] ListSecretGroupsWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("ListSecretGroupsWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("ListSecretGroupsWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s", region, instanceId)) @@ -90,21 +92,25 @@ func dataSourceIbmSmSecretGroupsRead(context context.Context, d *schema.Resource for _, modelItem := range secretGroupCollection.SecretGroups { modelMap, err := dataSourceIbmSmSecretGroupsSecretGroupToMap(&modelItem) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } secretGroups = append(secretGroups, modelMap) } } if err = d.Set("secret_groups", secretGroups); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_groups %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_groups"), fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("total_count", flex.IntValue(secretGroupCollection.TotalCount)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting total_count: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting total_count"), fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", SecretGroupsResourceName), "read") + return tfErr.GetDiag() } return nil } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_secrets.go b/ibm/service/secretsmanager/data_source_ibm_sm_secrets.go index a37c67ce96..a921d68cb9 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_secrets.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_secrets.go @@ -519,7 +519,8 @@ func DataSourceIbmSmSecrets() *schema.Resource { func dataSourceIbmSmSecretsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -569,13 +570,15 @@ func dataSourceIbmSmSecretsRead(context context.Context, d *schema.ResourceData, var pager *secretsmanagerv2.SecretsPager pager, err = secretsManagerClient.NewSecretsPager(listSecretsOptions) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } allItems, err := pager.GetAll() if err != nil { log.Printf("[DEBUG] SecretsPager.GetAll() failed %s", err) - return diag.FromErr(fmt.Errorf("SecretsPager.GetAll() failed %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("SecretsPager.GetAll() failed %s", err), fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s", region, instanceId)) @@ -584,20 +587,24 @@ func dataSourceIbmSmSecretsRead(context context.Context, d *schema.ResourceData, for _, modelItem := range allItems { modelMap, err := dataSourceIbmSmSecretsSecretMetadataToMap(modelItem) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } mapSlice = append(mapSlice, modelMap) } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secrets", mapSlice); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secrets %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secrets"), fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("total_count", len(mapSlice)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting total_count"), fmt.Sprintf("(Data) %s", SecretsResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go index ac195ad03f..205328b790 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret.go @@ -280,7 +280,7 @@ func DataSourceIbmSmServiceCredentialsSecret() *schema.Resource { } func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - ServiceCredentialsSecretIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ServiceCredentialsSecretType) + ServiceCredentialsSecretIntf, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, ServiceCredentialsSecretType, ServiceCredentialsSecretResourceName) if diagError != nil { return diagError } @@ -290,18 +290,22 @@ func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *sch var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", ServiceCredentialsSecret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(ServiceCredentialsSecret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", ServiceCredentialsSecret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if ServiceCredentialsSecret.CustomMetadata != nil { @@ -311,77 +315,94 @@ func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *sch } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", ServiceCredentialsSecret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", ServiceCredentialsSecret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if ServiceCredentialsSecret.Labels != nil { if err = d.Set("labels", ServiceCredentialsSecret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(ServiceCredentialsSecret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", ServiceCredentialsSecret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", ServiceCredentialsSecret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", ServiceCredentialsSecret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(ServiceCredentialsSecret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", ServiceCredentialsSecret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(ServiceCredentialsSecret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(ServiceCredentialsSecret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ttl", ServiceCredentialsSecret.TTL); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if ServiceCredentialsSecret.Rotation != nil { modelMap, err := dataSourceIbmSmServiceCredentialsSecretRotationPolicyToMap(ServiceCredentialsSecret.Rotation.(*secretsmanagerv2.RotationPolicy)) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(ServiceCredentialsSecret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if ServiceCredentialsSecret.Credentials != nil { @@ -389,23 +410,27 @@ func dataSourceIbmSmServiceCredentialsSecretRead(context context.Context, d *sch cred, _ := json.Marshal(ServiceCredentialsSecret.Credentials) json.Unmarshal(cred, &credInterface) if err = d.Set("credentials", flex.Flatten(credInterface)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting credentials: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting credentials"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } sourceServiceMap, err := dataSourceIbmSmServiceCredentialsSecretSourceServiceToMap(ServiceCredentialsSecret.SourceService) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if len(sourceServiceMap) > 0 { if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting source_service"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if ServiceCredentialsSecret.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(ServiceCredentialsSecret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go index af85181e3a..1114706736 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_service_credentials_secret_metadata.go @@ -265,7 +265,8 @@ func DataSourceIbmSmServiceCredentialsSecretMetadata() *schema.Resource { func dataSourceIbmSmServiceCredentialsSecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -280,25 +281,30 @@ func dataSourceIbmSmServiceCredentialsSecretMetadataRead(context context.Context ServiceCredentialsSecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } ServiceCredentialsSecretMetadata := ServiceCredentialsSecretMetadataIntf.(*secretsmanagerv2.ServiceCredentialsSecretMetadata) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", ServiceCredentialsSecretMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", ServiceCredentialsSecretMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if ServiceCredentialsSecretMetadata.CustomMetadata != nil { @@ -308,92 +314,112 @@ func dataSourceIbmSmServiceCredentialsSecretMetadataRead(context context.Context } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", ServiceCredentialsSecretMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", ServiceCredentialsSecretMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if ServiceCredentialsSecretMetadata.Labels != nil { if err = d.Set("labels", ServiceCredentialsSecretMetadata.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(ServiceCredentialsSecretMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", ServiceCredentialsSecretMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", ServiceCredentialsSecretMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", ServiceCredentialsSecretMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(ServiceCredentialsSecretMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", ServiceCredentialsSecretMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(ServiceCredentialsSecretMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("ttl", ServiceCredentialsSecretMetadata.TTL); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if ServiceCredentialsSecretMetadata.Rotation != nil { modelMap, err := dataSourceIbmSmServiceCredentialsSecretMetadataRotationPolicyToMap(ServiceCredentialsSecretMetadata.Rotation.(*secretsmanagerv2.RotationPolicy)) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } sourceServiceMap, err := dataSourceIbmSmServiceCredentialsSecretMetadataSourceServiceToMap(ServiceCredentialsSecretMetadata.SourceService) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } if len(sourceServiceMap) > 0 { if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting source_service"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } if ServiceCredentialsSecretMetadata.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(ServiceCredentialsSecretMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", ServiceCredentialsSecretResourceName), "read") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go index 262b037ad5..2ef644bd18 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret.go @@ -194,7 +194,7 @@ func DataSourceIbmSmUsernamePasswordSecret() *schema.Resource { } func dataSourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, UsernamePasswordSecretType) + secret, region, instanceId, diagError := getSecretByIdOrByName(context, d, meta, UsernamePasswordSecretType, UsernamePasswordSecretResourceName) if diagError != nil { return diagError } @@ -205,19 +205,23 @@ func dataSourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schem var err error if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", usernamePasswordSecret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(usernamePasswordSecret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", usernamePasswordSecret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if usernamePasswordSecret.CustomMetadata != nil { @@ -227,91 +231,111 @@ func dataSourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schem } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", usernamePasswordSecret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", usernamePasswordSecret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(usernamePasswordSecret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", usernamePasswordSecret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", usernamePasswordSecret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", usernamePasswordSecret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(usernamePasswordSecret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", usernamePasswordSecret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(usernamePasswordSecret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(usernamePasswordSecret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if usernamePasswordSecret.Rotation != nil { modelMap, err := dataSourceIbmSmUsernamePasswordSecretRotationPolicyToMap(usernamePasswordSecret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } passwordPolicy := []map[string]interface{}{} if usernamePasswordSecret.PasswordGenerationPolicy != nil { modelMap, err := passwordGenerationPolicyToMap(usernamePasswordSecret.PasswordGenerationPolicy) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } passwordPolicy = append(passwordPolicy, modelMap) } if err = d.Set("password_generation_policy", passwordPolicy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting password_generation_policy %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting password_generation_policy"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(usernamePasswordSecret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(usernamePasswordSecret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("username", usernamePasswordSecret.Username); err != nil { - return diag.FromErr(fmt.Errorf("Error setting username: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting username"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("password", usernamePasswordSecret.Password); err != nil { - return diag.FromErr(fmt.Errorf("Error setting password: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting password"), fmt.Sprintf("(Data) %s", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go index cc6756f00c..a1bdb8ce35 100644 --- a/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go +++ b/ibm/service/secretsmanager/data_source_ibm_sm_username_password_secret_metadata.go @@ -177,7 +177,8 @@ func DataSourceIbmSmUsernamePasswordSecretMetadata() *schema.Resource { func dataSourceIbmSmUsernamePasswordSecretMetadataRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -192,26 +193,31 @@ func dataSourceIbmSmUsernamePasswordSecretMetadataRead(context context.Context, usernamePasswordSecretMetadataIntf, response, err := secretsManagerClient.GetSecretMetadataWithContext(context, getSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] GetSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretMetadataWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } usernamePasswordSecretMetadata := usernamePasswordSecretMetadataIntf.(*secretsmanagerv2.UsernamePasswordSecretMetadata) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, secretId)) if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_by", usernamePasswordSecretMetadata.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(usernamePasswordSecretMetadata.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("crn", usernamePasswordSecretMetadata.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if usernamePasswordSecretMetadata.CustomMetadata != nil { @@ -221,83 +227,101 @@ func dataSourceIbmSmUsernamePasswordSecretMetadataRead(context context.Context, } if err = d.Set("custom_metadata", flex.Flatten(convertedMap)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err != nil { - return diag.FromErr(fmt.Errorf("Error setting custom_metadata %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting custom_metadata"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } } if err = d.Set("description", usernamePasswordSecretMetadata.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", usernamePasswordSecretMetadata.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(usernamePasswordSecretMetadata.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("name", usernamePasswordSecretMetadata.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", usernamePasswordSecretMetadata.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", usernamePasswordSecretMetadata.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(usernamePasswordSecretMetadata.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("state_description", usernamePasswordSecretMetadata.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(usernamePasswordSecretMetadata.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(usernamePasswordSecretMetadata.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } rotation := []map[string]interface{}{} if usernamePasswordSecretMetadata.Rotation != nil { modelMap, err := dataSourceIbmSmUsernamePasswordSecretMetadataRotationPolicyToMap(usernamePasswordSecretMetadata.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } rotation = append(rotation, modelMap) } if err = d.Set("rotation", rotation); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } passwordPolicy := []map[string]interface{}{} if usernamePasswordSecretMetadata.PasswordGenerationPolicy != nil { modelMap, err := passwordGenerationPolicyToMap(usernamePasswordSecretMetadata.PasswordGenerationPolicy) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } passwordPolicy = append(passwordPolicy, modelMap) } if err = d.Set("password_generation_policy", passwordPolicy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting password_generation_policy %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting password_generation_policy"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(usernamePasswordSecretMetadata.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(usernamePasswordSecretMetadata.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), fmt.Sprintf("(Data) %s_metadata", UsernamePasswordSecretResourceName), "read") + return tfErr.GetDiag() } return nil diff --git a/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go index b4b4e2bd7f..88a3336911 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_arbitrary_secret.go @@ -144,7 +144,8 @@ func ResourceIbmSmArbitrarySecret() *schema.Resource { func resourceIbmSmArbitrarySecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ArbitrarySecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -155,14 +156,16 @@ func resourceIbmSmArbitrarySecretCreate(context context.Context, d *schema.Resou secretPrototypeModel, err := resourceIbmSmArbitrarySecretMapToArbitrarySecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ArbitrarySecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), ArbitrarySecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ArbitrarySecret) @@ -171,8 +174,8 @@ func resourceIbmSmArbitrarySecretCreate(context context.Context, d *schema.Resou _, err = waitForIbmSmArbitrarySecretCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmArbitrarySecret (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmArbitrarySecret (%s) to be created: %s", d.Id(), err.Error()), ArbitrarySecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmArbitrarySecretRead(context, d, meta) @@ -214,12 +217,14 @@ func waitForIbmSmArbitrarySecretCreate(secretsManagerClient *secretsmanagerv2.Se func resourceIbmSmArbitrarySecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -237,72 +242,92 @@ func resourceIbmSmArbitrarySecretRead(context context.Context, d *schema.Resourc return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ArbitrarySecret) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() + } + if secret.CustomMetadata != nil { + d.Set("custom_metadata", secret.CustomMetadata) + } + if err = d.Set("description", secret.Description); err != nil { + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() + } + if secret.Labels != nil { + if err = d.Set("labels", secret.Labels); err != nil { + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() + } } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) - } - if secret.CustomMetadata != nil { - d.Set("custom_metadata", secret.CustomMetadata) - } - if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) - } - if secret.Labels != nil { - if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) - } + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("payload", secret.Payload); err != nil { - return diag.FromErr(fmt.Errorf("Error setting payload: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting payload"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } // Call get version metadata API to get the current version_custom_metadata @@ -313,13 +338,15 @@ func resourceIbmSmArbitrarySecretRead(context context.Context, d *schema.Resourc versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.ArbitrarySecretVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), ArbitrarySecretResourceName, "read") + return tfErr.GetDiag() } } @@ -329,7 +356,8 @@ func resourceIbmSmArbitrarySecretRead(context context.Context, d *schema.Resourc func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -373,13 +401,15 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou layout := time.RFC3339 parseToTime, err := time.Parse(layout, d.Get("expiration_date").(string)) if err != nil { - return diag.FromErr(errors.New(`Failed to get "expiration_date". Error: ` + err.Error())) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf(`Failed to get "expiration_date"`), ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } parseToDateTime := strfmt.DateTime(parseToTime) patchVals.ExpirationDate = &parseToDateTime hasChange = true } else { - return diag.FromErr(errors.New(`The "expiration_date" field cannot be removed. To disable expiration set expiration date to a far future date'`)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf(`The "expiration_date" field cannot be removed. To disable expiration set expiration date to a far future date'`), ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } } @@ -389,7 +419,8 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } } @@ -415,7 +446,8 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou resourceIbmSmArbitrarySecretRead(context, d, meta) } log.Printf("[DEBUG] CreateSecretVersionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretVersionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretVersionWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } } else if d.HasChange("version_custom_metadata") { // Apply change to version_custom_metadata in current version @@ -434,7 +466,8 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou resourceIbmSmArbitrarySecretRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "update") + return tfErr.GetDiag() } } @@ -444,7 +477,8 @@ func resourceIbmSmArbitrarySecretUpdate(context context.Context, d *schema.Resou func resourceIbmSmArbitrarySecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ArbitrarySecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -460,7 +494,8 @@ func resourceIbmSmArbitrarySecretDelete(context context.Context, d *schema.Resou response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), ArbitrarySecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_en_registration.go b/ibm/service/secretsmanager/resource_ibm_sm_en_registration.go index c32fd78b37..f0ce9112e7 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_en_registration.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_en_registration.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "strings" @@ -30,21 +31,21 @@ func ResourceIbmSmEnRegistration() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_en_registration", "event_notifications_instance_crn"), + ValidateFunc: validate.InvokeValidator(EnRegistrationResourceName, "event_notifications_instance_crn"), Description: "A CRN that uniquely identifies an IBM Cloud resource.", }, "event_notifications_source_name": &schema.Schema{ Type: schema.TypeString, Required: true, ForceNew: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_en_registration", "event_notifications_source_name"), + ValidateFunc: validate.InvokeValidator(EnRegistrationResourceName, "event_notifications_source_name"), Description: "The name that is displayed as a source that is in your Event Notifications instance.", }, "event_notifications_source_description": &schema.Schema{ Type: schema.TypeString, Optional: true, ForceNew: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_en_registration", "event_notifications_source_description"), + ValidateFunc: validate.InvokeValidator(EnRegistrationResourceName, "event_notifications_source_description"), Description: "An optional description for the source that is in your Event Notifications instance.", }, }, @@ -83,14 +84,15 @@ func ResourceIbmSmEnRegistrationValidator() *validate.ResourceValidator { }, ) - resourceValidator := validate.ResourceValidator{ResourceName: "ibm_sm_en_registration", Schema: validateSchema} + resourceValidator := validate.ResourceValidator{ResourceName: EnRegistrationResourceName, Schema: validateSchema} return &resourceValidator } func resourceIbmSmEnRegistrationCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", EnRegistrationResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -108,7 +110,8 @@ func resourceIbmSmEnRegistrationCreate(context context.Context, d *schema.Resour _, response, err := secretsManagerClient.CreateNotificationsRegistrationWithContext(context, createNotificationsRegistrationOptions) if err != nil { log.Printf("[DEBUG] CreateNotificationsRegistrationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateNotificationsRegistrationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateNotificationsRegistrationWithContext failed %s\n%s", err, response), EnRegistrationResourceName, "create") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s", region, instanceId)) @@ -119,12 +122,14 @@ func resourceIbmSmEnRegistrationCreate(context context.Context, d *schema.Resour func resourceIbmSmEnRegistrationRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", EnRegistrationResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 2 { - return diag.Errorf("Wrong format of resource ID. To import event notification registration use the format `/`") + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Wrong format of resource ID. To import event notification registration use the format `/`"), EnRegistrationResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -139,17 +144,21 @@ func resourceIbmSmEnRegistrationRead(context context.Context, d *schema.Resource return nil } log.Printf("[DEBUG] GetNotificationsRegistrationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetNotificationsRegistrationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetNotificationsRegistrationWithContext failed %s\n%s", err, response), EnRegistrationResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), EnRegistrationResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), EnRegistrationResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("event_notifications_instance_crn", notificationsRegistration.EventNotificationsInstanceCrn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting event_notifications_instance_crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting event_notifications_instance_crn"), EnRegistrationResourceName, "read") + return tfErr.GetDiag() } return nil @@ -158,7 +167,8 @@ func resourceIbmSmEnRegistrationRead(context context.Context, d *schema.Resource func resourceIbmSmEnRegistrationUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf(""), EnRegistrationResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -183,8 +193,9 @@ func resourceIbmSmEnRegistrationUpdate(context context.Context, d *schema.Resour if hasChange { _, response, err := secretsManagerClient.CreateNotificationsRegistrationWithContext(context, createNotificationsRegistrationOptions) if err != nil { - log.Printf("[DEBUG] CreateNotificationsRegistrationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateNotificationsRegistrationWithContext failed %s\n%s", err, response)) + log.Printf("[DEBUG] UpdateNotificationsRegistrationWithContext failed %s\n%s", err, response) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateNotificationsRegistrationWithContext failed %s\n%s", err, response), EnRegistrationResourceName, "update") + return tfErr.GetDiag() } } @@ -194,7 +205,8 @@ func resourceIbmSmEnRegistrationUpdate(context context.Context, d *schema.Resour func resourceIbmSmEnRegistrationDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", EnRegistrationResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -207,7 +219,8 @@ func resourceIbmSmEnRegistrationDelete(context context.Context, d *schema.Resour response, err := secretsManagerClient.DeleteNotificationsRegistrationWithContext(context, deleteNotificationsRegistrationOptions) if err != nil { log.Printf("[DEBUG] DeleteNotificationsRegistrationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteNotificationsRegistrationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteNotificationsRegistrationWithContext failed %s\n%s", err, response), EnRegistrationResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_configuration.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_configuration.go index b284d0567d..cfda48d0bd 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_configuration.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_configuration.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "strings" @@ -70,7 +71,8 @@ func ResourceIbmSmIamCredentialsConfiguration() *schema.Resource { func resourceIbmSmIamCredentialsConfigurationCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsConfigResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -81,14 +83,16 @@ func resourceIbmSmIamCredentialsConfigurationCreate(context context.Context, d * configurationPrototypeModel, err := resourceIbmSmIamCredentialsConfigurationMapToConfigurationPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsConfigResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(configurationPrototypeModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed %s\n%s", err, response), IAMCredentialsConfigResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.IAMCredentialsConfiguration) @@ -100,12 +104,14 @@ func resourceIbmSmIamCredentialsConfigurationCreate(context context.Context, d * func resourceIbmSmIamCredentialsConfigurationRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import IAM credentials configuration use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import IAM credentials configuration use the format `//`", IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -123,33 +129,42 @@ func resourceIbmSmIamCredentialsConfigurationRead(context context.Context, d *sc return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.IAMCredentialsConfiguration) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", configuration.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(configuration.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(configuration.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("api_key", configuration.ApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key"), IAMCredentialsConfigResourceName, "read") + return tfErr.GetDiag() } return nil @@ -158,7 +173,8 @@ func resourceIbmSmIamCredentialsConfigurationRead(context context.Context, d *sc func resourceIbmSmIamCredentialsConfigurationUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsConfigResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -186,7 +202,8 @@ func resourceIbmSmIamCredentialsConfigurationUpdate(context context.Context, d * _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), IAMCredentialsConfigResourceName, "update") + return tfErr.GetDiag() } } @@ -212,7 +229,8 @@ func resourceIbmSmIamCredentialsConfigurationDelete(context context.Context, d * response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), IAMCredentialsConfigResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go index a0fef420ab..0a78d80a50 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_iam_credentials_secret.go @@ -212,7 +212,8 @@ func ResourceIbmSmIamCredentialsSecret() *schema.Resource { func resourceIbmSmIamCredentialsSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -222,18 +223,21 @@ func resourceIbmSmIamCredentialsSecretCreate(context context.Context, d *schema. createSecretOptions := &secretsmanagerv2.CreateSecretOptions{} if !d.Get("reuse_api_key").(bool) { - return diag.Errorf("IAM credentials secrets managed by Terraform must have reuse_api_key set to true") + tfErr := flex.TerraformErrorf(err, "IAM credentials secrets managed by Terraform must have reuse_api_key set to true", IAMCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } secretPrototypeModel, err := resourceIbmSmIamCredentialsSecretMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), IAMCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.IAMCredentialsSecret) @@ -242,8 +246,8 @@ func resourceIbmSmIamCredentialsSecretCreate(context context.Context, d *schema. _, err = waitForIbmSmIamCredentialsSecretCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmIamCredentialsSecret (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmIamCredentialsSecret (%s) to be created: %s", d.Id(), err.Error()), IAMCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmIamCredentialsSecretRead(context, d, meta) @@ -286,12 +290,14 @@ func waitForIbmSmIamCredentialsSecretCreate(secretsManagerClient *secretsmanager func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -309,107 +315,136 @@ func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.Re return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.IAMCredentialsSecret) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("ttl", secret.TTL); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if secret.AccessGroups != nil { if err = d.Set("access_groups", secret.AccessGroups); err != nil { - return diag.FromErr(fmt.Errorf("Error setting access_groups: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting access_groups"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("api_key_id", secret.ApiKeyID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting api_key_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key_id"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("service_id", secret.ServiceID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("service_id_is_static", secret.ServiceIdIsStatic); err != nil { - return diag.FromErr(fmt.Errorf("Error setting service_id_is_static: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting service_id_is_static"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } // Prevent import of secrets with reuse_api_key = false into Terraform if !*secret.ReuseApiKey { - return diag.Errorf("IAM credentials secrets with Reuse IAM credentials turned off (reuse_api_key = false) cannot be managed by Terraform") + tfErr := flex.TerraformErrorf(nil, "IAM credentials secrets with Reuse IAM credentials turned off (reuse_api_key = false) cannot be managed by Terraform", IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } else { if err = d.Set("reuse_api_key", true); err != nil { - return diag.FromErr(fmt.Errorf("Error setting reuse_api_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting reuse_api_key"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } rotationMap, err := resourceIbmSmIamCredentialsSecretRotationPolicyToMap(secret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if len(rotationMap) > 0 { if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("api_key", secret.ApiKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting api_key"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } // Call get version metadata API to get the current version_custom_metadata @@ -420,19 +455,22 @@ func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.Re versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.IAMCredentialsSecretVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if secret.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), IAMCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -442,7 +480,8 @@ func resourceIbmSmIamCredentialsSecretRead(context context.Context, d *schema.Re func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -488,7 +527,8 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. RotationModel, err := resourceIbmSmIamCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err), IAMCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.Rotation = RotationModel hasChange = true @@ -499,7 +539,8 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), IAMCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -520,7 +561,8 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. resourceIbmSmIamCredentialsSecretRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), IAMCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -530,7 +572,8 @@ func resourceIbmSmIamCredentialsSecretUpdate(context context.Context, d *schema. func resourceIbmSmIamCredentialsSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", IAMCredentialsSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -546,7 +589,8 @@ func resourceIbmSmIamCredentialsSecretDelete(context context.Context, d *schema. response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), IAMCredentialsSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go index c91f1c2d31..adc731ae96 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_imported_certificate.go @@ -223,7 +223,8 @@ func ResourceIbmSmImportedCertificate() *schema.Resource { func resourceIbmSmImportedCertificateCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -234,14 +235,16 @@ func resourceIbmSmImportedCertificateCreate(context context.Context, d *schema.R secretPrototypeModel, err := resourceIbmSmImportedCertificateMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), ImportedCertSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ImportedCertificate) @@ -250,8 +253,8 @@ func resourceIbmSmImportedCertificateCreate(context context.Context, d *schema.R _, err = waitForIbmSmImportedCertificateCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmImportedCertificate (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmImportedCertificate (%s) to be created: %s", d.Id(), err.Error()), ImportedCertSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmImportedCertificateRead(context, d, meta) @@ -294,12 +297,14 @@ func waitForIbmSmImportedCertificateCreate(secretsManagerClient *secretsmanagerv func resourceIbmSmImportedCertificateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -317,105 +322,136 @@ func resourceIbmSmImportedCertificateRead(context context.Context, d *schema.Res return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ImportedCertificate) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", secret.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("common_name", secret.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("intermediate_included", secret.IntermediateIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate_included"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuer", secret.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", secret.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key_included", secret.PrivateKeyIncluded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_included: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_included"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", secret.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } validityMap, err := resourceIbmSmImportedCertificateCertificateValidityToMap(secret.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("validity", []map[string]interface{}{validityMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("certificate", secret.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("intermediate", secret.Intermediate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key", secret.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } // Call get version metadata API to get the current version_custom_metadata @@ -426,13 +462,15 @@ func resourceIbmSmImportedCertificateRead(context context.Context, d *schema.Res versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.ImportedCertificateVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), ImportedCertSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -442,7 +480,8 @@ func resourceIbmSmImportedCertificateRead(context context.Context, d *schema.Res func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -487,7 +526,8 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -519,7 +559,8 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R resourceIbmSmImportedCertificateRead(context, d, meta) } log.Printf("[DEBUG] CreateSecretVersionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretVersionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretVersionWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "update") + return tfErr.GetDiag() } } else if d.HasChange("version_custom_metadata") { // Apply change to version_custom_metadata in current version @@ -538,7 +579,8 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R resourceIbmSmImportedCertificateRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "update") + return tfErr.GetDiag() } } return resourceIbmSmImportedCertificateRead(context, d, meta) @@ -547,7 +589,8 @@ func resourceIbmSmImportedCertificateUpdate(context context.Context, d *schema.R func resourceIbmSmImportedCertificateDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ImportedCertSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -563,7 +606,8 @@ func resourceIbmSmImportedCertificateDelete(context context.Context, d *schema.R response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), ImportedCertSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go index f32d9ee23a..81a6f44be1 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_kv_secret.go @@ -135,7 +135,8 @@ func ResourceIbmSmKvSecret() *schema.Resource { func resourceIbmSmKvSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", KvSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -146,14 +147,16 @@ func resourceIbmSmKvSecretCreate(context context.Context, d *schema.ResourceData secretPrototypeModel, err := resourceIbmSmKvSecretMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", KvSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), KvSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.KVSecret) @@ -162,8 +165,8 @@ func resourceIbmSmKvSecretCreate(context context.Context, d *schema.ResourceData _, err = waitForIbmSmKvSecretCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmKvSecret (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmKvSecret (%s) to be created: %s", d.Id(), err.Error()), KvSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmKvSecretRead(context, d, meta) @@ -206,12 +209,14 @@ func waitForIbmSmKvSecretCreate(secretsManagerClient *secretsmanagerv2.SecretsMa func resourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", KvSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", KvSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -229,65 +234,83 @@ func resourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData, return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), KvSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.KVSecret) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), KvSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), KvSecretResourceName, "read") + return tfErr.GetDiag() } } if secret.Data != nil { @@ -302,13 +325,15 @@ func resourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData, versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), KvSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.KVSecretVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), KvSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -318,7 +343,8 @@ func resourceIbmSmKvSecretRead(context context.Context, d *schema.ResourceData, func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", KvSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -363,7 +389,8 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), KvSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -389,7 +416,8 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData resourceIbmSmKvSecretRead(context, d, meta) } log.Printf("[DEBUG] CreateSecretVersionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretVersionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretVersionWithContext failed %s\n%s", err, response), KvSecretResourceName, "update") + return tfErr.GetDiag() } } else if d.HasChange("version_custom_metadata") { // Apply change to version_custom_metadata in current version @@ -408,7 +436,8 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData resourceIbmSmKvSecretRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), KvSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -418,7 +447,8 @@ func resourceIbmSmKvSecretUpdate(context context.Context, d *schema.ResourceData func resourceIbmSmKvSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", KvSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -434,7 +464,8 @@ func resourceIbmSmKvSecretDelete(context context.Context, d *schema.ResourceData response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), KvSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go index 6cd0aa6faf..8a2e424619 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate.go @@ -320,7 +320,8 @@ func ResourceIbmSmPrivateCertificate() *schema.Resource { func resourceIbmSmPrivateCertificateCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -331,14 +332,16 @@ func resourceIbmSmPrivateCertificateCreate(context context.Context, d *schema.Re secretPrototypeModel, err := resourceIbmSmPrivateCertificateMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), PrivateCertSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.PrivateCertificate) @@ -347,8 +350,8 @@ func resourceIbmSmPrivateCertificateCreate(context context.Context, d *schema.Re _, err = waitForIbmSmPrivateCertificateCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmPrivateCertificate (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmPrivateCertificate (%s) to be created: %s", d.Id(), err.Error()), PrivateCertSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmPrivateCertificateRead(context, d, meta) @@ -391,12 +394,14 @@ func waitForIbmSmPrivateCertificateCreate(secretsManagerClient *secretsmanagerv2 func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -414,135 +419,173 @@ func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Reso return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.PrivateCertificate) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("signing_algorithm", secret.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.AltNames != nil { if err = d.Set("alt_names", secret.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("certificate_authority", secret.CertificateAuthority); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_authority: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_authority"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("certificate_template", secret.CertificateTemplate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_template: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_template"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("common_name", secret.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuer", secret.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_algorithm", secret.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } rotationMap, err := resourceIbmSmPrivateCertificateRotationPolicyToMap(secret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if len(rotationMap) > 0 { if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("serial_number", secret.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Validity != nil { validityMap, err := resourceIbmSmPrivateCertificateCertificateValidityToMap(secret.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("validity", []map[string]interface{}{validityMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("revocation_time_seconds", flex.IntValue(secret.RevocationTimeSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_seconds"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("revocation_time_rfc3339", DateTimeToRFC3339(secret.RevocationTimeRfc3339)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting revocation_time_rfc3339: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting revocation_time_rfc3339"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("certificate", secret.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key", secret.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuing_ca", secret.IssuingCa); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_ca"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CaChain != nil { if err = d.Set("ca_chain", secret.CaChain); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ca_chain: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ca_chain"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -554,13 +597,15 @@ func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Reso versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PrivateCertificateVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), PrivateCertSecretResourceName, "read") + return tfErr.GetDiag() } } return nil @@ -569,7 +614,8 @@ func resourceIbmSmPrivateCertificateRead(context context.Context, d *schema.Reso func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -611,7 +657,8 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re RotationModel, err := resourceIbmSmPrivateCertificateMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err), PrivateCertSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.Rotation = RotationModel hasChange = true @@ -622,7 +669,8 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), PrivateCertSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -643,7 +691,8 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re resourceIbmSmPrivateCertificateRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), PrivateCertSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -653,7 +702,8 @@ func resourceIbmSmPrivateCertificateUpdate(context context.Context, d *schema.Re func resourceIbmSmPrivateCertificateDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -669,7 +719,8 @@ func resourceIbmSmPrivateCertificateDelete(context context.Context, d *schema.Re response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), PrivateCertSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_set_signed.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_set_signed.go index 99f3836a8e..fe29f3c189 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_set_signed.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_set_signed.go @@ -3,6 +3,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/IBM/go-sdk-core/v5/core" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -47,7 +48,8 @@ func ResourceIbmSmPrivateCertificateConfigurationActionSetSigned() *schema.Resou func resourceIbmSmPrivateCertificateConfigurationActionSetSignedCreateOrUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigActionSetSigned, "create/update") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -58,7 +60,8 @@ func resourceIbmSmPrivateCertificateConfigurationActionSetSignedCreateOrUpdate(c configurationActionPrototypeModel, err := resourceIbmSmPrivateCertificateConfigurationActionSetSignedPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigActionSetSigned, "create/update") + return tfErr.GetDiag() } createConfigurationActionOptions.SetConfigActionPrototype(configurationActionPrototypeModel) createConfigurationActionOptions.SetName(d.Get("name").(string)) @@ -66,7 +69,8 @@ func resourceIbmSmPrivateCertificateConfigurationActionSetSignedCreateOrUpdate(c _, response, err := secretsManagerClient.CreateConfigurationActionWithContext(context, createConfigurationActionOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationActionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationActionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationActionWithContext failed: %s\n%s", err.Error(), response), PrivateCertConfigActionSetSigned, "create/update") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s/%s/set_signed", region, instanceId, d.Get("name").(string))) diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go index 0c808c4791..e177853407 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_action_sign_csr.go @@ -212,7 +212,8 @@ func ResourceIbmSmPrivateCertificateConfigurationActionSignCsr() *schema.Resourc func resourceIbmSmPrivateCertificateConfigurationActionSignCsrCreateOrUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigActionSignCsr, "create/update") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -223,7 +224,8 @@ func resourceIbmSmPrivateCertificateConfigurationActionSignCsrCreateOrUpdate(con configurationActionPrototypeModel, err := resourceIbmSmPrivateCertificateConfigurationActionSignCsrMapToConfigurationActionPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigActionSignCsr, "create/update") + return tfErr.GetDiag() } createConfigurationActionOptions.SetConfigActionPrototype(configurationActionPrototypeModel) createConfigurationActionOptions.SetName(d.Get("name").(string)) @@ -231,7 +233,8 @@ func resourceIbmSmPrivateCertificateConfigurationActionSignCsrCreateOrUpdate(con configurationActionIntf, response, err := secretsManagerClient.CreateConfigurationActionWithContext(context, createConfigurationActionOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationActionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationActionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationActionWithContext failed: %s\n%s", err.Error(), response), PrivateCertConfigActionSignCsr, "create/update") + return tfErr.GetDiag() } configurationAction := configurationActionIntf.(*secretsmanagerv2.PrivateCertificateConfigurationActionSignCSR) @@ -239,10 +242,12 @@ func resourceIbmSmPrivateCertificateConfigurationActionSignCsrCreateOrUpdate(con if configurationAction.Data != nil { dataMap, err := resourceIbmSmPrivateCertificateConfigurationActionSignCsrDataToMap(*configurationAction.Data) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigActionSignCsr, "create/update") + return tfErr.GetDiag() } if err = d.Set("data", []map[string]interface{}{dataMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data: %s", err), PrivateCertConfigActionSignCsr, "create/update") + return tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go index e82d66747c..e774f2f764 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_intermediate_ca.go @@ -389,7 +389,8 @@ func ResourceIbmSmPrivateCertificateConfigurationIntermediateCA() *schema.Resour func resourceIbmSmPrivateCertificateConfigurationIntermediateCACreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -400,14 +401,16 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCACreate(context co configurationPrototypeModel, err := resourceIbmSmPrivateCertificateConfigurationIntermediateCAMapToConfigurationPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(configurationPrototypeModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationIntermediateCA) @@ -421,17 +424,20 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCACreate(context co createConfigurationActionOptions.SetName(d.Get("issuer").(string)) configurationActionPrototypeModel, err := resourceIbmSmConfigurationActionPrivateCertificateSignIntermediateCAMapToConfigurationActionPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } createConfigurationActionOptions.SetConfigActionPrototype(configurationActionPrototypeModel) _, responseAction, errAction := secretsManagerClient.CreateConfigurationActionWithContext(context, createConfigurationActionOptions) if errAction != nil { log.Printf("[DEBUG] CreateConfigurationActionWithContext failed %s\n%s", errAction, responseAction) - return diag.FromErr(fmt.Errorf("CreateConfigurationActionWithContext failed %s\n%s", errAction, responseAction)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationActionWithContext failed %s\n%s", errAction, responseAction), PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } } else { - return diag.FromErr(fmt.Errorf("`issuer` parameter is missing")) + tfErr := flex.TerraformErrorf(nil, "`issuer` parameter is missing", PrivateCertConfigIntermediateCAResourceName, "create") + return tfErr.GetDiag() } } @@ -441,12 +447,14 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCACreate(context co func resourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import an intermediate CA use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import an intermediate CA use the format `//`", PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -464,151 +472,190 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCARead(context cont return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationIntermediateCA) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("config_type", configuration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(configuration.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if d.Get("max_ttl") == nil || d.Get("max_ttl") == "" { if err = d.Set("max_ttl", strconv.FormatInt(*configuration.MaxTtlSeconds, 10)+"s"); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("crl_expiry_seconds", flex.IntValue(configuration.CrlExpirySeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_expiry_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry_seconds"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if d.Get("crl_expiry") == nil || d.Get("crl_expiry") == "" { if err = d.Set("crl_expiry", strconv.FormatInt(*configuration.CrlExpirySeconds, 10)+"s"); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("signing_method", configuration.SigningMethod); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_method: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_method"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuer", configuration.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crl_disable", configuration.CrlDisable); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_disable: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_disable"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crl_distribution_points_encoded", configuration.CrlDistributionPointsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_distribution_points_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_distribution_points_encoded"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuing_certificates_urls_encoded", configuration.IssuingCertificatesUrlsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_certificates_urls_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_certificates_urls_encoded"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("common_name", configuration.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if configuration.AltNames != nil { if err = d.Set("alt_names", configuration.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("ip_sans", configuration.IpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ip_sans"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("uri_sans", configuration.UriSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting uri_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting uri_sans"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if configuration.OtherSans != nil { if err = d.Set("other_sans", configuration.OtherSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting other_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting other_sans"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("format", configuration.Format); err != nil { - return diag.FromErr(fmt.Errorf("Error setting format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting format"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key_format", configuration.PrivateKeyFormat); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_format"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_type", configuration.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(configuration.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("exclude_cn_from_sans", configuration.ExcludeCnFromSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting exclude_cn_from_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting exclude_cn_from_sans"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if configuration.Ou != nil { if err = d.Set("ou", configuration.Ou); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ou: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ou"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Organization != nil { if err = d.Set("organization", configuration.Organization); err != nil { - return diag.FromErr(fmt.Errorf("Error setting organization: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting organization"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Country != nil { if err = d.Set("country", configuration.Country); err != nil { - return diag.FromErr(fmt.Errorf("Error setting country: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting country"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Locality != nil { if err = d.Set("locality", configuration.Locality); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locality: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locality"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Province != nil { if err = d.Set("province", configuration.Province); err != nil { - return diag.FromErr(fmt.Errorf("Error setting province: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting province"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.StreetAddress != nil { if err = d.Set("street_address", configuration.StreetAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting street_address: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting street_address"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.PostalCode != nil { if err = d.Set("postal_code", configuration.PostalCode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting postal_code: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting postal_code"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("serial_number", configuration.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("status", configuration.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting status"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(configuration.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if configuration.Data != nil { dataMap, err := resourceIbmSmPrivateCertificateConfigurationIntermediateCAPrivateCertificateCADataToMap(configuration.Data) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("data", []map[string]interface{}{dataMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.CryptoKey != nil { cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } if len(cryptoKeyMap) > 0 { if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crypto_key"), PrivateCertConfigIntermediateCAResourceName, "read") + return tfErr.GetDiag() } } } @@ -660,7 +707,8 @@ func resourceIbmSmPrivateCertificateConfigurationCryptoKeyProviderToMap(provider func resourceIbmSmPrivateCertificateConfigurationIntermediateCAUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -708,7 +756,8 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCAUpdate(context co _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigIntermediateCAResourceName, "update") + return tfErr.GetDiag() } } @@ -718,7 +767,8 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCAUpdate(context co func resourceIbmSmPrivateCertificateConfigurationIntermediateCADelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigIntermediateCAResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -734,7 +784,8 @@ func resourceIbmSmPrivateCertificateConfigurationIntermediateCADelete(context co response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigIntermediateCAResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go index e51d97856c..77e167787a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_root_ca.go @@ -393,7 +393,8 @@ func ResourceIbmSmPrivateCertificateConfigurationRootCA() *schema.Resource { func resourceIbmSmPrivateCertificateConfigurationRootCACreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -404,14 +405,16 @@ func resourceIbmSmPrivateCertificateConfigurationRootCACreate(context context.Co configurationPrototypeModel, err := resourceIbmSmPrivateCertificateConfigurationRootCAMapToConfigurationPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(configurationPrototypeModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PrivateCertConfigRootCAResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationRootCA) @@ -423,12 +426,14 @@ func resourceIbmSmPrivateCertificateConfigurationRootCACreate(context context.Co func resourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a root CA use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a root CA use the format `//`", PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -446,165 +451,207 @@ func resourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Cont return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationRootCA) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", configuration.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(configuration.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(configuration.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(configuration.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if d.Get("max_ttl") == nil || d.Get("max_ttl") == "" { if err = d.Set("max_ttl", strconv.FormatInt(*configuration.MaxTtlSeconds, 10)+"s"); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("crl_expiry_seconds", flex.IntValue(configuration.CrlExpirySeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_expiry_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry_seconds"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if d.Get("crl_expiry") == nil || d.Get("crl_expiry") == "" { if err = d.Set("crl_expiry", strconv.FormatInt(*configuration.CrlExpirySeconds, 10)+"s"); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_expiry"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("crl_disable", configuration.CrlDisable); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_disable: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_disable"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crl_distribution_points_encoded", configuration.CrlDistributionPointsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crl_distribution_points_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crl_distribution_points_encoded"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuing_certificates_urls_encoded", configuration.IssuingCertificatesUrlsEncoded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuing_certificates_urls_encoded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuing_certificates_urls_encoded"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("common_name", configuration.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if configuration.AltNames != nil { if err = d.Set("alt_names", configuration.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("ip_sans", configuration.IpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ip_sans"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("uri_sans", configuration.UriSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting uri_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting uri_sans"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if configuration.OtherSans != nil { if err = d.Set("other_sans", configuration.OtherSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting other_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting other_sans"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("ttl_seconds", flex.IntValue(configuration.TtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl_seconds"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("format", configuration.Format); err != nil { - return diag.FromErr(fmt.Errorf("Error setting format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting format"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key_format", configuration.PrivateKeyFormat); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key_format: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key_format"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_type", configuration.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(configuration.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("max_path_length", flex.IntValue(configuration.MaxPathLength)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_path_length: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_path_length"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("exclude_cn_from_sans", configuration.ExcludeCnFromSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting exclude_cn_from_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting exclude_cn_from_sans"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if configuration.PermittedDnsDomains != nil { if err = d.Set("permitted_dns_domains", configuration.PermittedDnsDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting permitted_dns_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting permitted_dns_domains"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Ou != nil { if err = d.Set("ou", configuration.Ou); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ou: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ou"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Organization != nil { if err = d.Set("organization", configuration.Organization); err != nil { - return diag.FromErr(fmt.Errorf("Error setting organization: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting organization"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Country != nil { if err = d.Set("country", configuration.Country); err != nil { - return diag.FromErr(fmt.Errorf("Error setting country: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting country"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Locality != nil { if err = d.Set("locality", configuration.Locality); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locality: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locality"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.Province != nil { if err = d.Set("province", configuration.Province); err != nil { - return diag.FromErr(fmt.Errorf("Error setting province: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting province"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.StreetAddress != nil { if err = d.Set("street_address", configuration.StreetAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting street_address: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting street_address"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.PostalCode != nil { if err = d.Set("postal_code", configuration.PostalCode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting postal_code: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting postal_code"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("serial_number", configuration.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("status", configuration.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting status"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(configuration.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if configuration.Data != nil { dataMap, err := resourceIbmSmPrivateCertificateConfigurationRootCAPrivateCertificateCADataToMap(configuration.Data) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("data", []map[string]interface{}{dataMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting data: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting data"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } if configuration.CryptoKey != nil { cryptoKeyMap, err := resourceIbmSmPrivateCertificateConfigurationCryptoKeyToMap(configuration.CryptoKey) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } if len(cryptoKeyMap) > 0 { if err = d.Set("crypto_key", []map[string]interface{}{cryptoKeyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crypto_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crypto_key"), PrivateCertConfigRootCAResourceName, "read") + return tfErr.GetDiag() } } } @@ -615,7 +662,8 @@ func resourceIbmSmPrivateCertificateConfigurationRootCARead(context context.Cont func resourceIbmSmPrivateCertificateConfigurationRootCAUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -658,7 +706,8 @@ func resourceIbmSmPrivateCertificateConfigurationRootCAUpdate(context context.Co _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigRootCAResourceName, "update") + return tfErr.GetDiag() } } @@ -668,7 +717,8 @@ func resourceIbmSmPrivateCertificateConfigurationRootCAUpdate(context context.Co func resourceIbmSmPrivateCertificateConfigurationRootCADelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigRootCAResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -684,7 +734,8 @@ func resourceIbmSmPrivateCertificateConfigurationRootCADelete(context context.Co response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigRootCAResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go index fbebe341a0..d7c104cf7d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_private_certificate_configuration_template.go @@ -325,7 +325,8 @@ func ResourceIbmSmPrivateCertificateConfigurationTemplate() *schema.Resource { func resourceIbmSmPrivateCertificateConfigurationTemplateCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigTemplateResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -336,14 +337,16 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateCreate(context context. configurationPrototypeModel, err := resourceIbmSmPrivateCertificateConfigurationTemplateMapToConfigurationPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigTemplateResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(configurationPrototypeModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PrivateCertConfigTemplateResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationTemplate) @@ -355,12 +358,14 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateCreate(context context. func resourceIbmSmPrivateCertificateConfigurationTemplateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a certificate template use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a certificate template use the format `//`", PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -378,163 +383,206 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateRead(context context.Co return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PrivateCertificateConfigurationTemplate) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("config_type", configuration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("certificate_authority", configuration.CertificateAuthority); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate_authority: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate_authority"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allowed_secret_groups", configuration.AllowedSecretGroups); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_secret_groups: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_secret_groups"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("max_ttl_seconds", flex.IntValue(configuration.MaxTtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting max_ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting max_ttl_seconds"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("ttl_seconds", flex.IntValue(configuration.TtlSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ttl_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ttl_seconds"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_localhost", configuration.AllowLocalhost); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_localhost: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_localhost"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if configuration.AllowedDomains != nil { if err = d.Set("allowed_domains", configuration.AllowedDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_domains"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("allowed_domains_template", configuration.AllowedDomainsTemplate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_domains_template: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_domains_template"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_bare_domains", configuration.AllowBareDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_bare_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_bare_domains"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_subdomains", configuration.AllowSubdomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_subdomains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_subdomains"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_glob_domains", configuration.AllowGlobDomains); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_glob_domains: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_glob_domains"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_any_name", configuration.AllowAnyName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_any_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_any_name"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("enforce_hostnames", configuration.EnforceHostnames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting enforce_hostnames: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting enforce_hostnames"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("allow_ip_sans", configuration.AllowIpSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allow_ip_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allow_ip_sans"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if configuration.AllowedUriSans != nil { if err = d.Set("allowed_uri_sans", configuration.AllowedUriSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_uri_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_uri_sans"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.AllowedOtherSans != nil { if err = d.Set("allowed_other_sans", configuration.AllowedOtherSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting allowed_other_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting allowed_other_sans"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("server_flag", configuration.ServerFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting server_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting server_flag"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("client_flag", configuration.ClientFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting client_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting client_flag"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("code_signing_flag", configuration.CodeSigningFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting code_signing_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting code_signing_flag"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("email_protection_flag", configuration.EmailProtectionFlag); err != nil { - return diag.FromErr(fmt.Errorf("Error setting email_protection_flag: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting email_protection_flag"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_type", configuration.KeyType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_type"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("key_bits", flex.IntValue(configuration.KeyBits)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_bits: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_bits"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if configuration.KeyUsage != nil { if err = d.Set("key_usage", configuration.KeyUsage); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_usage: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_usage"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.ExtKeyUsage != nil { if err = d.Set("ext_key_usage", configuration.ExtKeyUsage); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ext_key_usage: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ext_key_usage"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.ExtKeyUsageOids != nil { if err = d.Set("ext_key_usage_oids", configuration.ExtKeyUsageOids); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ext_key_usage_oids: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ext_key_usage_oids"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("use_csr_common_name", configuration.UseCsrCommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting use_csr_common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting use_csr_common_name"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("use_csr_sans", configuration.UseCsrSans); err != nil { - return diag.FromErr(fmt.Errorf("Error setting use_csr_sans: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting use_csr_sans"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if configuration.Ou != nil { if err = d.Set("ou", configuration.Ou); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ou: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ou"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.Organization != nil { if err = d.Set("organization", configuration.Organization); err != nil { - return diag.FromErr(fmt.Errorf("Error setting organization: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting organization"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.Country != nil { if err = d.Set("country", configuration.Country); err != nil { - return diag.FromErr(fmt.Errorf("Error setting country: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting country"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.Locality != nil { if err = d.Set("locality", configuration.Locality); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locality: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locality"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.Province != nil { if err = d.Set("province", configuration.Province); err != nil { - return diag.FromErr(fmt.Errorf("Error setting province: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting province"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.StreetAddress != nil { if err = d.Set("street_address", configuration.StreetAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting street_address: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting street_address"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if configuration.PostalCode != nil { if err = d.Set("postal_code", configuration.PostalCode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting postal_code: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting postal_code"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("require_cn", configuration.RequireCn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting require_cn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting require_cn"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if configuration.PolicyIdentifiers != nil { if err = d.Set("policy_identifiers", configuration.PolicyIdentifiers); err != nil { - return diag.FromErr(fmt.Errorf("Error setting policy_identifiers: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting policy_identifiers"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("basic_constraints_valid_for_non_ca", configuration.BasicConstraintsValidForNonCa); err != nil { - return diag.FromErr(fmt.Errorf("Error setting basic_constraints_valid_for_non_ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting basic_constraints_valid_for_non_ca"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("not_before_duration_seconds", flex.IntValue(configuration.NotBeforeDurationSeconds)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting not_before_duration_seconds: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting not_before_duration_seconds"), PrivateCertConfigTemplateResourceName, "read") + return tfErr.GetDiag() } return nil @@ -543,7 +591,8 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateRead(context context.Co func resourceIbmSmPrivateCertificateConfigurationTemplateUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigTemplateResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -802,7 +851,8 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateUpdate(context context. _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigTemplateResourceName, "update") + return tfErr.GetDiag() } } @@ -812,7 +862,8 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateUpdate(context context. func resourceIbmSmPrivateCertificateConfigurationTemplateDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PrivateCertConfigTemplateResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -828,7 +879,8 @@ func resourceIbmSmPrivateCertificateConfigurationTemplateDelete(context context. response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PrivateCertConfigTemplateResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go index 8cbd049687..17aa926c7d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate.go @@ -409,7 +409,8 @@ func ResourceIbmSmPublicCertificate() *schema.Resource { func resourceIbmSmPublicCertificateCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -420,14 +421,16 @@ func resourceIbmSmPublicCertificateCreate(context context.Context, d *schema.Res secretPrototypeModel, err := resourceIbmSmPublicCertificateMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), PublicCertSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.PublicCertificate) @@ -441,8 +444,8 @@ func resourceIbmSmPublicCertificateCreate(context context.Context, d *schema.Res } if err != nil { - return diag.FromErr(fmt.Errorf( - "error waiting for resource IbmSmPublicCertificate (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmPublicCertificate (%s) to be created: %s", d.Id(), err.Error()), PublicCertSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmPublicCertificateRead(context, d, meta) @@ -484,12 +487,14 @@ func waitForIbmSmPublicCertificateCreate(secretsManagerClient *secretsmanagerv2. func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -507,133 +512,170 @@ func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.Resou return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.PublicCertificate) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("common_name", secret.CommonName); err != nil { - return diag.FromErr(fmt.Errorf("Error setting common_name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting common_name"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.IssuanceInfo != nil { issuanceInfoMap, err := resourceIbmSmPublicCertificateCertificateIssuanceInfoToMap(secret.IssuanceInfo, d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuance_info", []map[string]interface{}{issuanceInfoMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuance_info: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuance_info"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("key_algorithm", secret.KeyAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting key_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting key_algorithm"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("ca", secret.Ca); err != nil { - return diag.FromErr(fmt.Errorf("Error setting ca: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting ca"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if d.Get("dns").(string) != "akamai" { if err = d.Set("dns", secret.Dns); err != nil { - return diag.FromErr(fmt.Errorf("Error setting dns: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting dns"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("bundle_certs", secret.BundleCerts); err != nil { - return diag.FromErr(fmt.Errorf("Error setting bundle_certs: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting bundle_certs"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } rotationMap, err := resourceIbmSmPublicCertificateRotationPolicyToMap(secret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("signing_algorithm", secret.SigningAlgorithm); err != nil { - return diag.FromErr(fmt.Errorf("Error setting signing_algorithm: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting signing_algorithm"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if secret.AltNames != nil { if err = d.Set("alt_names", secret.AltNames); err != nil { - return diag.FromErr(fmt.Errorf("Error setting alt_names: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting alt_names"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("issuer", secret.Issuer); err != nil { - return diag.FromErr(fmt.Errorf("Error setting issuer: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting issuer"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("serial_number", secret.SerialNumber); err != nil { - return diag.FromErr(fmt.Errorf("Error setting serial_number: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting serial_number"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } validityMap, err := resourceIbmSmPublicCertificateCertificateValidityToMap(secret.Validity) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("validity", []map[string]interface{}{validityMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting validity: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting validity"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("certificate", secret.Certificate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting certificate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting certificate"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("intermediate", secret.Intermediate); err != nil { - return diag.FromErr(fmt.Errorf("Error setting intermediate: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting intermediate"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("private_key", secret.PrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting private_key"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if *secret.StateDescription == "active" { @@ -645,13 +687,15 @@ func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.Resou versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.PublicCertificateVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } } @@ -669,7 +713,8 @@ func resourceIbmSmPublicCertificateRead(context context.Context, d *schema.Resou func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -711,7 +756,8 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res RotationModel, err := resourceIbmSmPublicCertificateMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err), PublicCertSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.Rotation = RotationModel hasChange = true @@ -722,7 +768,8 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), PublicCertSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -743,7 +790,8 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res resourceIbmSmPublicCertificateRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), PublicCertSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -753,7 +801,8 @@ func resourceIbmSmPublicCertificateUpdate(context context.Context, d *schema.Res func resourceIbmSmPublicCertificateDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -769,7 +818,8 @@ func resourceIbmSmPublicCertificateDelete(context context.Context, d *schema.Res response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), PublicCertSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") @@ -1095,7 +1145,8 @@ func setChallengesWithAkamaiAndValidateManualDns(context context.Context, d *sch for _, challengeItem := range secret.IssuanceInfo.Challenges { if _, exists := successfullySetChallengeDomains[*challengeItem.TxtRecordValue]; !exists { resourceIbmSmPublicCertificateDelete(context, d, meta) - return diag.FromErr(fmt.Errorf("error: a dns record set in Akamai was not created for domain: %s", *challengeItem.Domain)) + tfErr := flex.TerraformErrorf(nil, fmt.Sprintf("error: a dns record set in Akamai was not created for domain: %s", *challengeItem.Domain), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -1106,9 +1157,10 @@ func configureAkamai(d *schema.ResourceData) (edgegrid.Config, diag.Diagnostics) var config edgegrid.Config var err error defaultErrMsg := "error configuring Akamai: One or more arguments are missing. Please verify that you provided either a path to your 'edgerc' file or all the config parameters ('host', 'client_secret', 'access_token' and 'client_token')" + defaultTfErr := flex.TerraformErrorf(nil, defaultErrMsg, PublicCertSecretResourceName, "read") if len(d.Get("akamai").([]interface{})) == 0 || d.Get("akamai").([]interface{})[0] == nil { - return config, diag.FromErr(fmt.Errorf(defaultErrMsg)) + return config, defaultTfErr.GetDiag() } akamaiData := d.Get("akamai").([]interface{})[0].(map[string]interface{}) @@ -1116,12 +1168,13 @@ func configureAkamai(d *schema.ResourceData) (edgegrid.Config, diag.Diagnostics) edgercData := akamaiData["edgerc"].([]interface{})[0].(map[string]interface{}) edgerc := edgercData["path_to_edgerc"].(string) if edgerc == "" { - return config, diag.FromErr(fmt.Errorf(defaultErrMsg)) + return config, defaultTfErr.GetDiag() } configSection := edgercData["config_section"].(string) config, err = edgegrid.InitEdgeRc(edgerc, configSection) if err != nil { - return config, diag.FromErr(fmt.Errorf("error initiating edgerc: %s", err)) + tfErr := flex.TerraformErrorf(nil, fmt.Sprintf("error initiating edgerc: %s", err), PublicCertSecretResourceName, "read") + return config, tfErr.GetDiag() } } else if len(akamaiData["config"].([]interface{})) > 0 && akamaiData["config"].([]interface{})[0] != nil { akamaiDataConfig := akamaiData["config"].([]interface{})[0].(map[string]interface{}) @@ -1134,10 +1187,10 @@ func configureAkamai(d *schema.ResourceData) (edgegrid.Config, diag.Diagnostics) config.MaxBody = 131072 } } else { - return config, diag.FromErr(fmt.Errorf(defaultErrMsg)) + return config, defaultTfErr.GetDiag() } } else { - return config, diag.FromErr(fmt.Errorf(defaultErrMsg)) + return config, defaultTfErr.GetDiag() } return config, nil @@ -1147,11 +1200,13 @@ func configureAkamai(d *schema.ResourceData) (edgegrid.Config, diag.Diagnostics) func checkIfRecordExistsInAkamai(config edgegrid.Config, zone string, txtRecordName string) ([]string, diag.Diagnostics) { req, err := client.NewRequest(config, "GET", fmt.Sprintf("/config-dns/v2/zones/%s/names/%s/types/TXT", zone, txtRecordName), nil) if err != nil { - return nil, diag.FromErr(fmt.Errorf("error creating akamai 'GET' request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error creating akamai 'GET' request: %s", err), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } res, err := client.Do(config, req) if err != nil { - return nil, diag.FromErr(fmt.Errorf("error in performing akamai 'GET' request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' request: %s", err), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } if res.StatusCode == 404 { // there is no record set, we need to create one return nil, nil @@ -1160,7 +1215,8 @@ func checkIfRecordExistsInAkamai(config edgegrid.Config, zone string, txtRecordN err := json.NewDecoder(res.Body).Decode(&recordData) if err != nil { - diag.FromErr(fmt.Errorf("error in performing akamai 'GET' request: error in decoding JSON: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' request: error in decoding JSON: %s", err), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } return recordData.Target, nil @@ -1168,9 +1224,11 @@ func checkIfRecordExistsInAkamai(config edgegrid.Config, zone string, txtRecordN body, err := ioutil.ReadAll(res.Body) if err != nil { fmt.Printf("Error reading response: %s\n", err.Error()) - return nil, diag.FromErr(fmt.Errorf("error in performing akamai 'GET' request: error reading error: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' request: error reading error: %s", err), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } - return nil, diag.FromErr(fmt.Errorf("error in performing akamai 'GET' request: %s", string(body))) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' request: %s", string(body)), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } } @@ -1191,15 +1249,18 @@ func createOrUpdateAkamaiChallengeRecordSet(config edgegrid.Config, zone string, jsonBody, err := json.Marshal(recordSetBody) if err != nil { - return diag.FromErr(fmt.Errorf("error setting body for akamai request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error setting body for akamai request: %s", err), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } req, err := client.NewRequest(config, method, fmt.Sprintf("/config-dns/v2/zones/%s/names/%s/types/TXT", zone, txtRecordName), bytes.NewReader(jsonBody)) if err != nil { - return diag.FromErr(fmt.Errorf("error creating akamai request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error creating akamai request: %s", err), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } res, err := client.Do(config, req) if err != nil { - return diag.FromErr(fmt.Errorf("error in akamai request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in akamai request: %s", err), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } if res.StatusCode != 201 && res.StatusCode != 200 { body, err := ioutil.ReadAll(res.Body) @@ -1207,7 +1268,8 @@ func createOrUpdateAkamaiChallengeRecordSet(config edgegrid.Config, zone string, fmt.Printf("Error reading response: %s\n", err.Error()) return nil } - return diag.FromErr(fmt.Errorf("error from akamai in '%s' request: %s", method, string(body))) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error from akamai in '%s' request: %s", method, string(body)), PublicCertSecretResourceName, "read") + return tfErr.GetDiag() } return nil } @@ -1230,7 +1292,8 @@ func findAllTxtRecordValuesForDomain(domainItem string, txtRecordName string, se if len(txtRecordValues) > 0 { return txtRecordValues, nil } - return nil, diag.FromErr(fmt.Errorf("failed to find a challenge for the domain: %s", domainItem)) + tfErr := flex.TerraformErrorf(nil, fmt.Sprintf("failed to find a challenge for the domain: %s", domainItem), PublicCertSecretResourceName, "read") + return nil, tfErr.GetDiag() } func findTxtRecordValuesDifferences(akamaiValues, challengesValues []string) []string { @@ -1256,16 +1319,19 @@ func findTxtRecordValuesDifferences(akamaiValues, challengesValues []string) []s func getZone(currentZone string, originalDomain string, config edgegrid.Config) (string, diag.Diagnostics) { req, err := client.NewRequest(config, "GET", fmt.Sprintf("/config-dns/v2/zones/%s", currentZone), nil) if err != nil { - return "", diag.FromErr(fmt.Errorf("error creating akamai 'GET' zone request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error creating akamai 'GET' zone request: %s", err), PublicCertSecretResourceName, "read") + return "", tfErr.GetDiag() } res, err := client.Do(config, req) if err != nil { - return "", diag.FromErr(fmt.Errorf("error in performing akamai 'GET' zone request: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' zone request: %s", err), PublicCertSecretResourceName, "read") + return "", tfErr.GetDiag() } if res.StatusCode == 404 { zoneSplit := strings.Split(currentZone, ".") if len(zoneSplit) == 2 { - return "", diag.FromErr(fmt.Errorf("could not find a zone in Akamai for the domain: %s", originalDomain)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("could not find a zone in Akamai for the domain: %s", originalDomain), PublicCertSecretResourceName, "read") + return "", tfErr.GetDiag() } newZone := strings.Join(zoneSplit[1:], ".") @@ -1277,8 +1343,10 @@ func getZone(currentZone string, originalDomain string, config edgegrid.Config) body, err := ioutil.ReadAll(res.Body) if err != nil { fmt.Printf("Error reading response: %s\n", err.Error()) - return "", diag.FromErr(fmt.Errorf("error in performing akamai 'GET' zone request for zone: %s: error reading error: %s", currentZone, err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' zone request for zone: %s: error reading error: %s", currentZone, err), PublicCertSecretResourceName, "read") + return "", tfErr.GetDiag() } - return "", diag.FromErr(fmt.Errorf("error in performing akamai 'GET' zone request for zone: %s:: %s", currentZone, string(body))) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("error in performing akamai 'GET' zone request for zone: %s:: %s", currentZone, string(body)), PublicCertSecretResourceName, "read") + return "", tfErr.GetDiag() } } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_action_validate_manual_dns.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_action_validate_manual_dns.go index bc317e7fe4..4180dba347 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_action_validate_manual_dns.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_action_validate_manual_dns.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "log" @@ -40,7 +41,8 @@ func ResourceIbmSmPublicCertificateActionValidateManualDns() *schema.Resource { func resourceIbmSmPublicCertificateActionValidateManualDnsCreateOrUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigActionValidateManualDNSResourceName, "create/update") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -75,13 +77,14 @@ func validateManualDns(context context.Context, d *schema.ResourceData, secretsM _, response, err := secretsManagerClient.CreateSecretActionWithContext(context, createActionOptions) if err != nil { log.Printf("[DEBUG] CreateSecretActionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretActionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretActionWithContext failed: %s\n%s", err.Error(), response), PublicCertConfigActionValidateManualDNSResourceName, "create") + return tfErr.GetDiag() } _, err = waitForIbmSmPublicCertificateCreate(secretsManagerClient, d, "pre_activation", "active") if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmPublicCertificateActionValidateManualDns (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmPublicCertificateActionValidateManualDns (%s) to be created: %s", d.Id(), err.Error()), PublicCertConfigActionValidateManualDNSResourceName, "create") + return tfErr.GetDiag() } return nil } diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go index 4d23c48659..6719aed8d2 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_ca_lets_encrypt.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "log" @@ -70,7 +71,8 @@ func ResourceIbmSmPublicCertificateConfigurationCALetsEncrypt() *schema.Resource func resourceIbmSmPublicCertificateConfigurationCALetsEncryptCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigCALetsEncryptResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -81,14 +83,16 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptCreate(context cont configurationPrototypeModel, err := resourceIbmSmPublicCertificateConfigurationCALetsEncryptMapToConfigurationPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigCALetsEncryptResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(configurationPrototypeModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PublicCertConfigCALetsEncryptResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationCALetsEncrypt) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *configuration.Name)) @@ -99,12 +103,14 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptCreate(context cont func resourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a CA configuration use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a CA configuration use the format `//`", PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -122,34 +128,43 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context contex return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationCALetsEncrypt) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("config_type", configuration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_environment", configuration.LetsEncryptEnvironment); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_environment: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_environment"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_preferred_chain", configuration.LetsEncryptPreferredChain); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_preferred_chain: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_preferred_chain"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("lets_encrypt_private_key", configuration.LetsEncryptPrivateKey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting lets_encrypt_private_key: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting lets_encrypt_private_key"), PublicCertConfigCALetsEncryptResourceName, "read") + return tfErr.GetDiag() } return nil @@ -158,7 +173,8 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptRead(context contex func resourceIbmSmPublicCertificateConfigurationCALetsEncryptUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigCALetsEncryptResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -196,7 +212,8 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptUpdate(context cont _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigCALetsEncryptResourceName, "update") + return tfErr.GetDiag() } } @@ -206,7 +223,8 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptUpdate(context cont func resourceIbmSmPublicCertificateConfigurationCALetsEncryptDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigCALetsEncryptResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -222,7 +240,8 @@ func resourceIbmSmPublicCertificateConfigurationCALetsEncryptDelete(context cont response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigCALetsEncryptResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_cis.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_cis.go index 4dd008a3a5..4421f09bb4 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_cis.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_cis.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "strings" @@ -41,13 +42,13 @@ func ResourceIbmSmConfigurationPublicCertificateDNSCis() *schema.Resource { "cloud_internet_services_apikey": &schema.Schema{ Type: schema.TypeString, Optional: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_public_certificate_configuration_dns_cis", "cloud_internet_services_apikey"), + ValidateFunc: validate.InvokeValidator(PublicCertConfigDnsCISResourceName, "cloud_internet_services_apikey"), Description: "An IBM Cloud API key that can to list domains in your Cloud Internet Services instance.To grant Secrets Manager the ability to view the Cloud Internet Services instance and all of its domains, the API key must be assigned the Reader service role on Internet Services (`internet-svcs`).If you need to manage specific domains, you can assign the Manager role. For production environments, it is recommended that you assign the Reader access role, and then use the[IAM Policy Management API](https://cloud.ibm.com/apidocs/iam-policy-management#create-policy) to control specific domains. For more information, see the [docs](https://cloud.ibm.com/docs/secrets-manager?topic=secrets-manager-prepare-order-certificates#authorize-specific-domains).", }, "cloud_internet_services_crn": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_public_certificate_configuration_dns_cis", "cloud_internet_services_crn"), + ValidateFunc: validate.InvokeValidator(PublicCertConfigDnsCISResourceName, "cloud_internet_services_crn"), Description: "A CRN that uniquely identifies an IBM Cloud resource.", }, "secret_type": &schema.Schema{ @@ -97,14 +98,15 @@ func ResourceIbmSmConfigurationPublicCertificateDNSCisValidator() *validate.Reso }, ) - resourceValidator := validate.ResourceValidator{ResourceName: "ibm_sm_public_certificate_configuration_dns_cis", Schema: validateSchema} + resourceValidator := validate.ResourceValidator{ResourceName: PublicCertConfigDnsCISResourceName, Schema: validateSchema} return &resourceValidator } func resourceIbmSmConfigurationPublicCertificateDNSCisCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsCISResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -129,14 +131,16 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisCreate(context context.Con } convertedModel, err := resourceIbmSmConfigurationPublicCertificateCisMapToPublicCertificateConfigurationDNSCloudInternetServicesPrototype(bodyModelMap) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsCISResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(convertedModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PublicCertConfigDnsCISResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationDNSCloudInternetServices) @@ -148,12 +152,14 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisCreate(context context.Con func resourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a DNS configuration use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a DNS configuration use the format `//`", PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -170,45 +176,56 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Conte return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationDNSCloudInternetServices) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if !core.IsNil(configuration.ConfigType) { if err = d.Set("config_type", configuration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } } if !core.IsNil(configuration.CloudInternetServicesApikey) { if err = d.Set("cloud_internet_services_apikey", configuration.CloudInternetServicesApikey); err != nil { - return diag.FromErr(fmt.Errorf("Error setting cloud_internet_services_apikey: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting cloud_internet_services_apikey"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } } if !core.IsNil(configuration.CloudInternetServicesCrn) { if err = d.Set("cloud_internet_services_crn", configuration.CloudInternetServicesCrn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting cloud_internet_services_crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting cloud_internet_services_crn"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", configuration.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(configuration.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(configuration.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), PublicCertConfigDnsCISResourceName, "read") + return tfErr.GetDiag() } return nil @@ -217,7 +234,8 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisRead(context context.Conte func resourceIbmSmConfigurationPublicCertificateDNSCisUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsCISResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -248,7 +266,8 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisUpdate(context context.Con _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsCISResourceName, "update") + return tfErr.GetDiag() } } @@ -258,7 +277,8 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisUpdate(context context.Con func resourceIbmSmConfigurationPublicCertificateDNSCisDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsCISResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -273,7 +293,8 @@ func resourceIbmSmConfigurationPublicCertificateDNSCisDelete(context context.Con response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsCISResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go index 9b1f9f8eaf..1fa2028750 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_public_certificate_configuration_dns_classic_infrastructure.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "strings" @@ -41,13 +42,13 @@ func ResourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructure() *sche "classic_infrastructure_username": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_public_certificate_configuration_dns_classic_infrastructure", "classic_infrastructure_username"), + ValidateFunc: validate.InvokeValidator(PublicCertConfigDnsClassicInfrastructureResourceName, "classic_infrastructure_username"), Description: "The username that is associated with your classic infrastructure account.In most cases, your classic infrastructure username is your `_`. For more information, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).", }, "classic_infrastructure_password": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_public_certificate_configuration_dns_classic_infrastructure", "classic_infrastructure_password"), + ValidateFunc: validate.InvokeValidator(PublicCertConfigDnsClassicInfrastructureResourceName, "classic_infrastructure_password"), Description: "Your classic infrastructure API key.For information about viewing and accessing your classic infrastructure API key, see the [docs](https://cloud.ibm.com/docs/account?topic=account-classic_keys).", }, "secret_type": &schema.Schema{ @@ -97,14 +98,15 @@ func ResourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureValidato }, ) - resourceValidator := validate.ResourceValidator{ResourceName: "ibm_sm_public_certificate_configuration_dns_classic_infrastructure", Schema: validateSchema} + resourceValidator := validate.ResourceValidator{ResourceName: PublicCertConfigDnsClassicInfrastructureResourceName, Schema: validateSchema} return &resourceValidator } func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsClassicInfrastructureResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -127,14 +129,16 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureCreate(c } convertedModel, err := resourceIbmSmConfigurationPublicCertificateClassicInfrastructureMapToPublicCertificateConfigurationDNSClassicInfrastructurePrototype(bodyModelMap) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsClassicInfrastructureResourceName, "create") + return tfErr.GetDiag() } createConfigurationOptions.SetConfigurationPrototype(convertedModel) configurationIntf, response, err := secretsManagerClient.CreateConfigurationWithContext(context, createConfigurationOptions) if err != nil { log.Printf("[DEBUG] CreateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateConfigurationWithContext failed: %s\n%s", err.Error(), response), PublicCertConfigDnsClassicInfrastructureResourceName, "create") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationDNSClassicInfrastructure) @@ -146,12 +150,14 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureCreate(c func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a DNS configuration use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a DNS configuration use the format `//`", PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -168,45 +174,56 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureRead(con return nil } log.Printf("[DEBUG] GetConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } configuration := configurationIntf.(*secretsmanagerv2.PublicCertificateConfigurationDNSClassicInfrastructure) if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if !core.IsNil(configuration.ConfigType) { if err = d.Set("config_type", configuration.ConfigType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting config_type"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } } if !core.IsNil(configuration.ClassicInfrastructureUsername) { if err = d.Set("classic_infrastructure_username", configuration.ClassicInfrastructureUsername); err != nil { - return diag.FromErr(fmt.Errorf("Error setting classic_infrastructure_username: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting classic_infrastructure_username"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } } if !core.IsNil(configuration.ClassicInfrastructurePassword) { if err = d.Set("classic_infrastructure_password", configuration.ClassicInfrastructurePassword); err != nil { - return diag.FromErr(fmt.Errorf("Error setting classic_infrastructure_password: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting classic_infrastructure_password"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("name", configuration.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting config name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", configuration.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", configuration.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(configuration.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(configuration.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), PublicCertConfigDnsClassicInfrastructureResourceName, "read") + return tfErr.GetDiag() } return nil @@ -215,7 +232,8 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureRead(con func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsClassicInfrastructureResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -246,7 +264,8 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureUpdate(c _, response, err := secretsManagerClient.UpdateConfigurationWithContext(context, updateConfigurationOptions) if err != nil { log.Printf("[DEBUG] UpdateConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsClassicInfrastructureResourceName, "update") + return tfErr.GetDiag() } } @@ -256,7 +275,8 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureUpdate(c func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", PublicCertConfigDnsClassicInfrastructureResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -271,7 +291,8 @@ func resourceIbmSmPublicCertificateConfigurationDNSClassicInfrastructureDelete(c response, err := secretsManagerClient.DeleteConfigurationWithContext(context, deleteConfigurationOptions) if err != nil { log.Printf("[DEBUG] DeleteConfigurationWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteConfigurationWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteConfigurationWithContext failed %s\n%s", err, response), PublicCertConfigDnsClassicInfrastructureResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_secret_group.go b/ibm/service/secretsmanager/resource_ibm_sm_secret_group.go index 1c04eccab6..0fb9fbcd0b 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_secret_group.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_secret_group.go @@ -6,6 +6,7 @@ package secretsmanager import ( "context" "fmt" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "log" "strings" @@ -34,13 +35,13 @@ func ResourceIbmSmSecretGroup() *schema.Resource { "name": &schema.Schema{ Type: schema.TypeString, Required: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_secret_group", "name"), + ValidateFunc: validate.InvokeValidator(SecretGroupResourceName, "name"), Description: "The name of your secret group.", }, "description": &schema.Schema{ Type: schema.TypeString, Optional: true, - ValidateFunc: validate.InvokeValidator("ibm_sm_secret_group", "description"), + ValidateFunc: validate.InvokeValidator(SecretGroupResourceName, "description"), Description: "An extended description of your secret group.To protect your privacy, do not use personal data, such as your name or location, as a description for your secret group.", }, "created_at": &schema.Schema{ @@ -80,14 +81,15 @@ func ResourceIbmSmSecretGroupValidator() *validate.ResourceValidator { }, ) - resourceValidator := validate.ResourceValidator{ResourceName: "ibm_sm_secret_group", Schema: validateSchema} + resourceValidator := validate.ResourceValidator{ResourceName: SecretGroupResourceName, Schema: validateSchema} return &resourceValidator } func resourceIbmSmSecretGroupCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", SecretGroupResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -104,7 +106,8 @@ func resourceIbmSmSecretGroupCreate(context context.Context, d *schema.ResourceD secretGroup, response, err := secretsManagerClient.CreateSecretGroupWithContext(context, createSecretGroupOptions) if err != nil { log.Printf("[DEBUG] CreateSecretGroupWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretGroupWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretGroupWithContext failed: %s\n%s", err.Error(), response), SecretGroupResourceName, "create") + return tfErr.GetDiag() } d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *secretGroup.ID)) @@ -116,12 +119,14 @@ func resourceIbmSmSecretGroupCreate(context context.Context, d *schema.ResourceD func resourceIbmSmSecretGroupRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", SecretGroupResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret group use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret group use the format `//`", SecretGroupResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -139,29 +144,37 @@ func resourceIbmSmSecretGroupRead(context context.Context, d *schema.ResourceDat return nil } log.Printf("[DEBUG] GetSecretGroupWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretGroupWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretGroupWithContext failed %s\n%s", err, response), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secretGroupId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secretGroup.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("description", secretGroup.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secretGroup.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secretGroup.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), SecretGroupResourceName, "read") + return tfErr.GetDiag() } return nil @@ -170,7 +183,8 @@ func resourceIbmSmSecretGroupRead(context context.Context, d *schema.ResourceDat func resourceIbmSmSecretGroupUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", SecretGroupResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -202,7 +216,8 @@ func resourceIbmSmSecretGroupUpdate(context context.Context, d *schema.ResourceD _, response, err := secretsManagerClient.UpdateSecretGroupWithContext(context, updateSecretGroupOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretGroupWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretGroupWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretGroupWithContext failed %s\n%s", err, response), SecretGroupResourceName, "update") + return tfErr.GetDiag() } } @@ -212,7 +227,8 @@ func resourceIbmSmSecretGroupUpdate(context context.Context, d *schema.ResourceD func resourceIbmSmSecretGroupDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", SecretGroupResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -228,7 +244,8 @@ func resourceIbmSmSecretGroupDelete(context context.Context, d *schema.ResourceD response, err := secretsManagerClient.DeleteSecretGroupWithContext(context, deleteSecretGroupOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretGroupWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretGroupWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretGroupWithContext failed %s\n%s", err, response), SecretGroupResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go index d2f0b337a9..b4dc68f99d 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_service_credentials_secret.go @@ -307,7 +307,8 @@ func ResourceIbmSmServiceCredentialsSecret() *schema.Resource { func resourceIbmSmServiceCredentialsSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -318,14 +319,16 @@ func resourceIbmSmServiceCredentialsSecretCreate(context context.Context, d *sch secretPrototypeModel, err := resourceIbmSmServiceCredentialsSecretMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), ServiceCredentialsSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) @@ -338,12 +341,14 @@ func resourceIbmSmServiceCredentialsSecretCreate(context context.Context, d *sch func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -361,83 +366,105 @@ func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schem return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.ServiceCredentialsSecret) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } rotationMap, err := resourceIbmSmServiceCredentialsSecretRotationPolicyToMap(secret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if len(rotationMap) > 0 { if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } sourceServiceMap, err := resourceIbmSmServiceCredentialsSecretSourceServiceToMap(secret.SourceService) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } if len(sourceServiceMap) > 0 { if err = d.Set("source_service", []map[string]interface{}{sourceServiceMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting source_service: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting source_service"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if secret.Credentials != nil { @@ -445,11 +472,13 @@ func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schem cred, _ := json.Marshal(secret.Credentials) json.Unmarshal(cred, &credInterface) if err = d.Set("credentials", flex.Flatten(credInterface)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting credentials: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting credentials"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } // Call get version metadata API to get the current version_custom_metadata @@ -460,19 +489,22 @@ func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schem versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.ServiceCredentialsSecretVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } if secret.ExpirationDate != nil { if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), ServiceCredentialsSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -482,7 +514,8 @@ func resourceIbmSmServiceCredentialsSecretRead(context context.Context, d *schem func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -528,7 +561,8 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch RotationModel, err := resourceIbmSmServiceCredentialsSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err), ServiceCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.Rotation = RotationModel hasChange = true @@ -540,7 +574,8 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), ServiceCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -561,7 +596,8 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch resourceIbmSmServiceCredentialsSecretRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), ServiceCredentialsSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -571,7 +607,8 @@ func resourceIbmSmServiceCredentialsSecretUpdate(context context.Context, d *sch func resourceIbmSmServiceCredentialsSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", ServiceCredentialsSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -587,7 +624,8 @@ func resourceIbmSmServiceCredentialsSecretDelete(context context.Context, d *sch response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), ServiceCredentialsSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go index 2a21a8935f..267928197a 100644 --- a/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go +++ b/ibm/service/secretsmanager/resource_ibm_sm_username_password_secret.go @@ -9,7 +9,6 @@ import ( "github.com/IBM-Cloud/bluemix-go/bmxerror" "github.com/go-openapi/strfmt" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/pkg/errors" "log" "strings" "time" @@ -219,7 +218,8 @@ func ResourceIbmSmUsernamePasswordSecret() *schema.Resource { func resourceIbmSmUsernamePasswordSecretCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "create") + return tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) @@ -230,14 +230,16 @@ func resourceIbmSmUsernamePasswordSecretCreate(context context.Context, d *schem secretPrototypeModel, err := resourceIbmSmUsernamePasswordSecretMapToSecretPrototype(d) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "create") + return tfErr.GetDiag() } createSecretOptions.SetSecretPrototype(secretPrototypeModel) secretIntf, response, err := secretsManagerClient.CreateSecretWithContext(context, createSecretOptions) if err != nil { log.Printf("[DEBUG] CreateSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretWithContext failed: %s\n%s", err.Error(), response), UsernamePasswordSecretResourceName, "create") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.UsernamePasswordSecret) d.SetId(fmt.Sprintf("%s/%s/%s", region, instanceId, *secret.ID)) @@ -245,8 +247,8 @@ func resourceIbmSmUsernamePasswordSecretCreate(context context.Context, d *schem _, err = waitForIbmSmUsernamePasswordSecretCreate(secretsManagerClient, d) if err != nil { - return diag.FromErr(fmt.Errorf( - "Error waiting for resource IbmSmUsernamePasswordSecret (%s) to be created: %s", d.Id(), err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error waiting for resource IbmSmUsernamePasswordSecret (%s) to be created: %s", d.Id(), err.Error()), UsernamePasswordSecretResourceName, "create") + return tfErr.GetDiag() } return resourceIbmSmUsernamePasswordSecretRead(context, d, meta) @@ -287,12 +289,14 @@ func waitForIbmSmUsernamePasswordSecretCreate(secretsManagerClient *secretsmanag func resourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") if len(id) != 3 { - return diag.Errorf("Wrong format of resource ID. To import a secret use the format `//`") + tfErr := flex.TerraformErrorf(nil, "Wrong format of resource ID. To import a secret use the format `//`", UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } region := id[0] instanceId := id[1] @@ -310,92 +314,118 @@ func resourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema. return nil } log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } secret := secretIntf.(*secretsmanagerv2.UsernamePasswordSecret) if err = d.Set("secret_id", secretId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_id"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("instance_id", instanceId); err != nil { - return diag.FromErr(fmt.Errorf("Error setting instance_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting instance_id"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("region", region); err != nil { - return diag.FromErr(fmt.Errorf("Error setting region: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting region"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_by", secret.CreatedBy); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_by: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_by"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("created_at", DateTimeToRFC3339(secret.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting created_at"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("crn", secret.Crn); err != nil { - return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting crn"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if secret.CustomMetadata != nil { d.Set("custom_metadata", secret.CustomMetadata) } if err = d.Set("description", secret.Description); err != nil { - return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting description"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("downloaded", secret.Downloaded); err != nil { - return diag.FromErr(fmt.Errorf("Error setting downloaded: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting downloaded"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if secret.Labels != nil { if err = d.Set("labels", secret.Labels); err != nil { - return diag.FromErr(fmt.Errorf("Error setting labels: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting labels"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } } if err = d.Set("locks_total", flex.IntValue(secret.LocksTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting locks_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting locks_total"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("name", secret.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting name"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_group_id", secret.SecretGroupID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_group_id: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_group_id"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("secret_type", secret.SecretType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting secret_type: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting secret_type"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state", flex.IntValue(secret.State)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("state_description", secret.StateDescription); err != nil { - return diag.FromErr(fmt.Errorf("Error setting state_description: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting state_description"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("updated_at", DateTimeToRFC3339(secret.UpdatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting updated_at: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting updated_at"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("versions_total", flex.IntValue(secret.VersionsTotal)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting versions_total: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting versions_total"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } rotationMap, err := resourceIbmSmUsernamePasswordSecretRotationPolicyToMap(secret.Rotation) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("rotation", []map[string]interface{}{rotationMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting rotation: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting rotation"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("expiration_date", DateTimeToRFC3339(secret.ExpirationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting expiration_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting expiration_date"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("next_rotation_date", DateTimeToRFC3339(secret.NextRotationDate)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting next_rotation_date: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting next_rotation_date"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("username", secret.Username); err != nil { - return diag.FromErr(fmt.Errorf("Error setting username: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting username"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("password", secret.Password); err != nil { - return diag.FromErr(fmt.Errorf("Error setting password: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting password"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } passwordPolicyMap, err := passwordGenerationPolicyToMap(secret.PasswordGenerationPolicy) if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } if err = d.Set("password_generation_policy", []map[string]interface{}{passwordPolicyMap}); err != nil { - return diag.FromErr(fmt.Errorf("Error setting password generation policy: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting password_generation_policy"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } // Call get version metadata API to get the current version_custom_metadata @@ -406,13 +436,15 @@ func resourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema. versionMetadataIntf, response, err := secretsManagerClient.GetSecretVersionMetadataWithContext(context, getVersionMetdataOptions) if err != nil { log.Printf("[DEBUG] GetSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretVersionMetadataWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } versionMetadata := versionMetadataIntf.(*secretsmanagerv2.UsernamePasswordSecretVersionMetadata) if versionMetadata.VersionCustomMetadata != nil { if err = d.Set("version_custom_metadata", versionMetadata.VersionCustomMetadata); err != nil { - return diag.FromErr(fmt.Errorf("Error setting version_custom_metadata: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error setting version_custom_metadata"), UsernamePasswordSecretResourceName, "read") + return tfErr.GetDiag() } } @@ -422,7 +454,8 @@ func resourceIbmSmUsernamePasswordSecretRead(context context.Context, d *schema. func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -464,7 +497,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem RotationModel, err := resourceIbmSmUsernamePasswordSecretMapToRotationPolicy(d.Get("rotation").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading Rotation parameter failed: %s", err), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.Rotation = RotationModel hasChange = true @@ -475,13 +509,15 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem layout := time.RFC3339 parseToTime, err := time.Parse(layout, d.Get("expiration_date").(string)) if err != nil { - return diag.FromErr(errors.New(`Failed to get "expiration_date". Error: ` + err.Error())) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf(`Failed to get "expiration_date". Error: %s`, err.Error()), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } parseToDateTime := strfmt.DateTime(parseToTime) patchVals.ExpirationDate = &parseToDateTime hasChange = true } else { - return diag.FromErr(errors.New(`The "expiration_date" field cannot be removed. To disable expiration set expiration date to a far future date'`)) + tfErr := flex.TerraformErrorf(nil, `The "expiration_date" field cannot be removed. To disable expiration set expiration date to a far future date'`, UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -489,7 +525,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem passwordPolicyModel, err := mapToPasswordGenerationPolicyPatch(d.Get("password_generation_policy").([]interface{})[0].(map[string]interface{})) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed: Reading password_generation_policy parameter failed: %s", err) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed: Reading password_generation_policy parameter failed: %s", err)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed: Reading password_generation_policy parameter failed: %s", err), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } patchVals.PasswordGenerationPolicy = passwordPolicyModel hasChange = true @@ -500,7 +537,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem _, response, err := secretsManagerClient.UpdateSecretMetadataWithContext(context, updateSecretMetadataOptions) if err != nil { log.Printf("[DEBUG] UpdateSecretMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretMetadataWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -526,7 +564,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem resourceIbmSmUsernamePasswordSecretRead(context, d, meta) } log.Printf("[DEBUG] CreateSecretVersionWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("CreateSecretVersionWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("CreateSecretVersionWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } } else if d.HasChange("version_custom_metadata") { // Apply change to version_custom_metadata in current version @@ -545,7 +584,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem resourceIbmSmUsernamePasswordSecretRead(context, d, meta) } log.Printf("[DEBUG] UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("UpdateSecretVersionMetadataWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "update") + return tfErr.GetDiag() } } @@ -555,7 +595,8 @@ func resourceIbmSmUsernamePasswordSecretUpdate(context context.Context, d *schem func resourceIbmSmUsernamePasswordSecretDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", UsernamePasswordSecretResourceName, "delete") + return tfErr.GetDiag() } id := strings.Split(d.Id(), "/") @@ -571,7 +612,8 @@ func resourceIbmSmUsernamePasswordSecretDelete(context context.Context, d *schem response, err := secretsManagerClient.DeleteSecretWithContext(context, deleteSecretOptions) if err != nil { log.Printf("[DEBUG] DeleteSecretWithContext failed %s\n%s", err, response) - return diag.FromErr(fmt.Errorf("DeleteSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("DeleteSecretWithContext failed %s\n%s", err, response), UsernamePasswordSecretResourceName, "delete") + return tfErr.GetDiag() } d.SetId("") diff --git a/ibm/service/secretsmanager/utils.go b/ibm/service/secretsmanager/utils.go index da8e661425..0a481168ff 100644 --- a/ibm/service/secretsmanager/utils.go +++ b/ibm/service/secretsmanager/utils.go @@ -5,6 +5,7 @@ import ( "encoding/json" "fmt" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/IBM/go-sdk-core/v5/core" "github.com/IBM/secrets-manager-go-sdk/v2/secretsmanagerv2" "github.com/go-openapi/strfmt" @@ -26,6 +27,32 @@ const ( ImportedCertSecretType = "imported_cert" PublicCertSecretType = "public_cert" PrivateCertSecretType = "private_cert" + + ArbitrarySecretResourceName = "ibm_sm_arbitrary_secret" + UsernamePasswordSecretResourceName = "ibm_sm_username_password_secret" + IAMCredentialsSecretResourceName = "ibm_sm_iam_credentials_secret" + ServiceCredentialsSecretResourceName = "ibm_sm_service_credentials_secret" + KvSecretResourceName = "ibm_sm_kv_secret" + ImportedCertSecretResourceName = "ibm_sm_imported_certificate" + PublicCertSecretResourceName = "ibm_sm_public_certificate" + PrivateCertSecretResourceName = "ibm_sm_private_certificate" + + EnRegistrationResourceName = "ibm_sm_en_registration" + IAMCredentialsConfigResourceName = "ibm_sm_iam_credentials_configuration" + ConfigurationsResourceName = "ibm_sm_configurations" + PrivateCertConfigIntermediateCAResourceName = "ibm_sm_private_certificate_configuration_intermediate_ca" + PrivateCertConfigRootCAResourceName = "ibm_sm_private_certificate_configuration_root_ca" + PrivateCertConfigTemplateResourceName = "ibm_sm_private_certificate_configuration_template" + PrivateCertConfigActionSetSigned = "ibm_sm_private_certificate_configuration_action_set_signed" + PrivateCertConfigActionSignCsr = "ibm_sm_private_certificate_configuration_action_sign_csr" + PublicCertConfigCALetsEncryptResourceName = "ibm_sm_public_certificate_configuration_ca_lets_encrypt" + PublicCertConfigDnsCISResourceName = "ibm_sm_public_certificate_configuration_dns_cis" + PublicCertConfigDnsClassicInfrastructureResourceName = "ibm_sm_public_certificate_configuration_dns_classic_infrastructure" + PublicCertConfigActionValidateManualDNSResourceName = "ibm_sm_public_certificate_action_validate_manual_dns" + + SecretGroupResourceName = "ibm_sm_secret_group" + SecretGroupsResourceName = "ibm_sm_secret_groups" + SecretsResourceName = "ibm_sm_secrets" ) func getRegion(originalClient *secretsmanagerv2.SecretsManagerV2, d *schema.ResourceData) string { @@ -134,11 +161,12 @@ func DateTimeToRFC3339(dt *strfmt.DateTime) (s string) { return } -func getSecretByIdOrByName(context context.Context, d *schema.ResourceData, meta interface{}, secretType string) (secretsmanagerv2.SecretIntf, string, string, diag.Diagnostics) { +func getSecretByIdOrByName(context context.Context, d *schema.ResourceData, meta interface{}, secretType string, dataSourceName string) (secretsmanagerv2.SecretIntf, string, string, diag.Diagnostics) { secretsManagerClient, err := meta.(conns.ClientSession).SecretsManagerV2() if err != nil { - return nil, "", "", diag.FromErr(err) + tfErr := flex.TerraformErrorf(err, "", fmt.Sprintf("(Data) %s", dataSourceName), "read") + return nil, "", "", tfErr.GetDiag() } region := getRegion(secretsManagerClient, d) instanceId := d.Get("instance_id").(string) @@ -160,7 +188,8 @@ func getSecretByIdOrByName(context context.Context, d *schema.ResourceData, meta secretIntf, response, err = secretsManagerClient.GetSecretWithContext(context, getSecretOptions) if err != nil { log.Printf("[DEBUG] GetSecretWithContext failed %s\n%s", err, response) - return nil, "", "", diag.FromErr(fmt.Errorf("GetSecretWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", dataSourceName), "read") + return nil, "", "", tfErr.GetDiag() } return secretIntf, region, instanceId, nil } @@ -176,12 +205,14 @@ func getSecretByIdOrByName(context context.Context, d *schema.ResourceData, meta secretIntf, response, err = secretsManagerClient.GetSecretByNameTypeWithContext(context, getSecretByNameOptions) if err != nil { log.Printf("[DEBUG] GetSecretByNameTypeWithContext failed %s\n%s", err, response) - return nil, "", "", diag.FromErr(fmt.Errorf("GetSecretByNameTypeWithContext failed %s\n%s", err, response)) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("GetSecretByNameTypeWithContext failed %s\n%s", err, response), fmt.Sprintf("(Data) %s", dataSourceName), "read") + return nil, "", "", tfErr.GetDiag() } return secretIntf, region, instanceId, nil } - return nil, "", "", diag.FromErr(fmt.Errorf("Missing required arguments. Please make sure that either \"secret_id\" or \"name\" and \"secret_group_name\" are provided\n")) + tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Missing required arguments. Please make sure that either \"secret_id\" or \"name\" and \"secret_group_name\" are provided\n"), fmt.Sprintf("(Data) %s", dataSourceName), "read") + return nil, "", "", tfErr.GetDiag() } func secretVersionMetadataAsPatchFunction(secretVersionMetadataPatch *secretsmanagerv2.SecretVersionMetadataPatch) (_patch map[string]interface{}, err error) { From eb913ca0a3874adab7526246316a7a457f107c46 Mon Sep 17 00:00:00 2001 From: Yonathan-Yellin Date: Wed, 11 Sep 2024 17:15:30 +0300 Subject: [PATCH 47/47] go sdk version update --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index d73aaa801d..4203d4d873 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 github.com/IBM/scc-go-sdk/v5 v5.1.6 github.com/IBM/schematics-go-sdk v0.2.3 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 github.com/IBM/vpc-beta-go-sdk v0.6.0 github.com/IBM/vpc-go-sdk v0.56.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 diff --git a/go.sum b/go.sum index ad0cb7525e..f6cce3bdeb 100644 --- a/go.sum +++ b/go.sum @@ -188,6 +188,8 @@ github.com/IBM/schematics-go-sdk v0.2.3 h1:lgTt0Sbudii3cuSk1YSQgrtiZAXDbBABAoVj3 github.com/IBM/schematics-go-sdk v0.2.3/go.mod h1:Tw2OSAPdpC69AxcwoyqcYYaGTTW6YpERF9uNEU+BFRQ= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 h1:VMc/Zd6RzB8j60CqZekkwYT2wQsCfrkGV2n01Gviuaw= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5/go.mod h1:5kUgJ1dG9cdiAcPDqVz46m362bPnoqZQSth24NiowSg= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 h1:bF6bAdI4wDZSje6+Yx1mJxvirboxO+uMuKhzgfRCNxE= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6/go.mod h1:XWYnbcc5vN1RnKwk/fCzfD8aZd7At/Y1/b6c+oDyliU= github.com/IBM/vmware-go-sdk v0.1.2 h1:5lKWFyInWz9e2hwGsoFTEoLa1jYkD30SReN0fQ10w9M= github.com/IBM/vmware-go-sdk v0.1.2/go.mod h1:2UGPBJju3jiv5VKKBBm9a5L6bzF/aJdKOKAzJ7HaOjA= github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc=