[FEAT]: Ability to import repository secrets (#1763)

* add ability to import for actions/codespaces/dependabot secrets

* update documentation

github/resource_github_actions_secret.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-github/v53/github"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -18,6 +19,9 @@ func resourceGithubActionsSecret() *schema.Resource {
 		Read:   resourceGithubActionsSecretRead,
 		Update: resourceGithubActionsSecretCreateOrUpdate,
 		Delete: resourceGithubActionsSecretDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceGithubActionsSecretImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"repository": {
@@ -170,6 +174,39 @@ func resourceGithubActionsSecretDelete(d *schema.ResourceData, meta interface{})
 	return err
 }
 
+func resourceGithubActionsSecretImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	ctx := context.Background()
+
+	parts := strings.Split(d.Id(), "/")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("invalid ID specified: supplied ID must be written as <repository>/<secret_name>")
+	}
+
+	d.SetId(buildTwoPartID(parts[0], parts[1]))
+
+	repoName, secretName, err := parseTwoPartID(d.Id(), "repository", "secret_name")
+	if err != nil {
+		return nil, err
+	}
+
+	secret, _, err := client.Actions.GetRepoSecret(ctx, owner, repoName, secretName)
+	if err != nil {
+		return nil, err
+	}
+
+	d.Set("repository", repoName)
+	d.Set("secret_name", secretName)
+
+	// encrypted_value or plaintext_value can not be imported
+
+	d.Set("created_at", secret.CreatedAt.String())
+	d.Set("updated_at", secret.UpdatedAt.String())
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func getPublicKeyDetails(owner, repository string, meta interface{}) (keyId, pkValue string, err error) {
 	client := meta.(*Owner).v3client
 	ctx := context.Background()

github/resource_github_codespaces_secret.go

@@ -3,8 +3,10 @@ package github
 import (
 	"context"
 	"encoding/base64"
+	"fmt"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-github/v53/github"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -16,6 +18,9 @@ func resourceGithubCodespacesSecret() *schema.Resource {
 		Read:   resourceGithubCodespacesSecretRead,
 		Update: resourceGithubCodespacesSecretCreateOrUpdate,
 		Delete: resourceGithubCodespacesSecretDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceGithubCodespacesSecretImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"repository": {
@@ -169,6 +174,39 @@ func resourceGithubCodespacesSecretDelete(d *schema.ResourceData, meta interface
 	return err
 }
 
+func resourceGithubCodespacesSecretImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	ctx := context.Background()
+
+	parts := strings.Split(d.Id(), "/")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("invalid ID specified: supplied ID must be written as <repository>/<secret_name>")
+	}
+
+	d.SetId(buildTwoPartID(parts[0], parts[1]))
+
+	repoName, secretName, err := parseTwoPartID(d.Id(), "repository", "secret_name")
+	if err != nil {
+		return nil, err
+	}
+
+	secret, _, err := client.Codespaces.GetRepoSecret(ctx, owner, repoName, secretName)
+	if err != nil {
+		return nil, err
+	}
+
+	d.Set("repository", repoName)
+	d.Set("secret_name", secretName)
+
+	// encrypted_value or plaintext_value can not be imported
+
+	d.Set("created_at", secret.CreatedAt.String())
+	d.Set("updated_at", secret.UpdatedAt.String())
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func getCodespacesPublicKeyDetails(owner, repository string, meta interface{}) (keyId, pkValue string, err error) {
 	client := meta.(*Owner).v3client
 	ctx := context.Background()

github/resource_github_dependabot_secret.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-github/v53/github"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -18,6 +19,9 @@ func resourceGithubDependabotSecret() *schema.Resource {
 		Read:   resourceGithubDependabotSecretRead,
 		Update: resourceGithubDependabotSecretCreateOrUpdate,
 		Delete: resourceGithubDependabotSecretDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceGithubDependabotSecretImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"repository": {
@@ -171,6 +175,39 @@ func resourceGithubDependabotSecretDelete(d *schema.ResourceData, meta interface
 	return err
 }
 
+func resourceGithubDependabotSecretImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	ctx := context.Background()
+
+	parts := strings.Split(d.Id(), "/")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("invalid ID specified: supplied ID must be written as <repository>/<secret_name>")
+	}
+
+	d.SetId(buildTwoPartID(parts[0], parts[1]))
+
+	repoName, secretName, err := parseTwoPartID(d.Id(), "repository", "secret_name")
+	if err != nil {
+		return nil, err
+	}
+
+	secret, _, err := client.Dependabot.GetRepoSecret(ctx, owner, repoName, secretName)
+	if err != nil {
+		return nil, err
+	}
+
+	d.Set("repository", repoName)
+	d.Set("secret_name", secretName)
+
+	// encrypted_value or plaintext_value can not be imported
+
+	d.Set("created_at", secret.CreatedAt.String())
+	d.Set("updated_at", secret.UpdatedAt.String())
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func getDependabotPublicKeyDetails(owner, repository string, meta interface{}) (keyId, pkValue string, err error) {
 	client := meta.(*Owner).v3client
 	ctx := context.Background()

website/docs/r/actions_secret.html.markdown

@@ -52,3 +52,14 @@ The following arguments are supported:
 
 * `created_at`      - Date of actions_secret creation.
 * `updated_at`      - Date of actions_secret update.
+
+## Import
+
+This resource can be imported using an ID made up of the `repository` and `secret_name`:
+
+```
+$ terraform import github_actions_secret.example_secret <repository>/<secret_name>
+```
+
+NOTE: the implementation is limited in that it won't fetch the value of the
+`plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround.

website/docs/r/codespaces_secret.html.markdown

@@ -50,5 +50,16 @@ The following arguments are supported:
 
 ## Attributes Reference
 
-* `created_at`      - Date of actions_secret creation.
-* `updated_at`      - Date of actions_secret update.
+* `created_at`      - Date of codespaces_secret creation.
+* `updated_at`      - Date of codespaces_secret update.
+
+## Import
+
+This resource can be imported using an ID made up of the `repository` and `secret_name`:
+
+```
+$ terraform import github_codespaces_secret.example_secret <repository>/<secret_name>
+```
+
+NOTE: the implementation is limited in that it won't fetch the value of the
+`plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround.

website/docs/r/dependabot_secret.html.markdown

@@ -50,5 +50,16 @@ The following arguments are supported:
 
 ## Attributes Reference
 
-* `created_at`      - Date of actions_secret creation.
-* `updated_at`      - Date of actions_secret update.
+* `created_at`      - Date of dependabot_secret creation.
+* `updated_at`      - Date of dependabot_secret update.
+
+## Import
+
+This resource can be imported using an ID made up of the `repository` and `secret_name`:
+
+```
+$ terraform import github_dependabot_secret.example_secret <repository>/<secret_name>
+```
+
+NOTE: the implementation is limited in that it won't fetch the value of the
+`plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround.