feat: add output ids for vault and secrets (#76)

multycloud · Jul 26, 2022 · 61cacbe · 61cacbe
1 parent 303ff59
commit 61cacbe
Show file tree

Hide file tree

Showing 9 changed files with 193 additions and 10 deletions.
diff --git a/docs/resources/vault.md b/docs/resources/vault.md
@@ -35,6 +35,7 @@ resource "multy_vault" "v" {
 
 ### Read-Only
 
+- `azure` (Object) Azure-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--azure))
 - `id` (String) The ID of this resource.
 - `resource_group_id` (String)
 
@@ -46,3 +47,11 @@ Optional:
 - `project` (String) The project to use for this resource.
 
 
+<a id="nestedatt--azure"></a>
+### Nested Schema for `azure`
+
+Read-Only:
+
+- `key_vault_id` (String)
+
+
diff --git a/docs/resources/vault_access_policy.md b/docs/resources/vault_access_policy.md
@@ -37,6 +37,32 @@ resource "multy_vault_access_policy" "kv_ap" {
 
 ### Read-Only
 
+- `aws` (Object) AWS-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--aws))
+- `azure` (Object) Azure-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--azure))
+- `gcp` (Object) GCP-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--gcp))
 - `id` (String) The ID of this resource.
 
+<a id="nestedatt--aws"></a>
+### Nested Schema for `aws`
+
+Read-Only:
+
+- `iam_policy_arn` (String)
+
+
+<a id="nestedatt--azure"></a>
+### Nested Schema for `azure`
+
+Read-Only:
+
+- `key_vault_access_policy_id` (String)
+
+
+<a id="nestedatt--gcp"></a>
+### Nested Schema for `gcp`
+
+Read-Only:
+
+- `secret_manager_secret_iam_membership_ids` (List of String)
+
 
diff --git a/docs/resources/vault_secret.md b/docs/resources/vault_secret.md
@@ -36,6 +36,33 @@ resource "multy_vault_secret" s {
 
 ### Read-Only
 
+- `aws` (Object) AWS-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--aws))
+- `azure` (Object) Azure-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--azure))
+- `gcp` (Object) GCP-specific ids of the underlying generated resources (see [below for nested schema](#nestedatt--gcp))
 - `id` (String) The ID of this resource.
 
+<a id="nestedatt--aws"></a>
+### Nested Schema for `aws`
+
+Read-Only:
+
+- `ssm_parameter_arn` (String)
+
+
+<a id="nestedatt--azure"></a>
+### Nested Schema for `azure`
+
+Read-Only:
+
+- `key_vault_secret_id` (String)
+
+
+<a id="nestedatt--gcp"></a>
+### Nested Schema for `gcp`
+
+Read-Only:
+
+- `secret_manager_secret_id` (String)
+- `secret_manager_secret_version_id` (String)
+
 
diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	google.golang.org/protobuf v1.28.0
 )
 
-//replace github.com/multycloud/multy v0.1.53 => ../multy
+//replace github.com/multycloud/multy v0.1.54 => ../multy
 
 require (
 	github.com/Azure/azure-sdk-for-go v59.2.0+incompatible // indirect

diff --git a/multy/resource_vault.go b/multy/resource_vault.go
@@ -17,6 +17,10 @@ import (
 
 type ResourceVaultType struct{}
 
+var vaultAzureOutputs = map[string]attr.Type{
+	"key_vault_id": types.StringType,
+}
+
 func (r ResourceVaultType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Vault resource",
@@ -52,6 +56,11 @@ func (r ResourceVaultType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diag
 				Optional: true,
 				Computed: true,
 			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAzureOutputs},
+				Computed:    true,
+			},
 			"cloud":    common.CloudsSchema,
 			"location": common.LocationSchema,
 		},
@@ -114,6 +123,7 @@ type Vault struct {
 	ResourceGroupId types.String                             `tfsdk:"resource_group_id"`
 
 	GcpOverridesObject types.Object `tfsdk:"gcp_overrides"`
+	AzureOutputs       types.Object `tfsdk:"azure"`
 }
 
 func convertToVault(res *resourcespb.VaultResource) Vault {
@@ -124,6 +134,12 @@ func convertToVault(res *resourcespb.VaultResource) Vault {
 		Location:           mtypes.LocationType.NewVal(res.CommonParameters.Location),
 		ResourceGroupId:    types.String{Value: res.CommonParameters.ResourceGroupId},
 		GcpOverridesObject: convertToVaultGcpOverrides(res.GcpOverride).GcpOverridesToObj(),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultId()),
+			},
+			AttrTypes: vaultAzureOutputs,
+		}),
 	}
 }
 

diff --git a/multy/resource_vault_access_policy.go b/multy/resource_vault_access_policy.go
@@ -3,16 +3,30 @@ package multy
 import (
 	"context"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/multycloud/multy/api/proto/resourcespb"
+	"terraform-provider-multy/multy/common"
 	"terraform-provider-multy/multy/mtypes"
 	"terraform-provider-multy/multy/validators"
 )
 
 type ResourceVaultAccessPolicyType struct{}
 
+var vaultAccessPolicyAwsOutputs = map[string]attr.Type{
+	"iam_policy_arn": types.StringType,
+}
+
+var vaultAccessPolicyAzureOutputs = map[string]attr.Type{
+	"key_vault_access_policy_id": types.StringType,
+}
+
+var vaultAccessPolicyGcpOutputs = map[string]attr.Type{
+	"secret_manager_secret_iam_membership_ids": types.ListType{ElemType: types.StringType},
+}
+
 func (r ResourceVaultAccessPolicyType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Object Storage resource",
@@ -40,6 +54,21 @@ func (r ResourceVaultAccessPolicyType) GetSchema(_ context.Context) (tfsdk.Schem
 				Required:    true,
 				Validators:  []tfsdk.AttributeValidator{validators.NewValidator(mtypes.VaultAclType)},
 			},
+			"aws": {
+				Description: "AWS-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyAwsOutputs},
+				Computed:    true,
+			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyAzureOutputs},
+				Computed:    true,
+			},
+			"gcp": {
+				Description: "GCP-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyGcpOutputs},
+				Computed:    true,
+			},
 		},
 	}, nil
 }
@@ -93,10 +122,13 @@ func deleteVaultAccessPolicy(ctx context.Context, p Provider, state VaultAccessP
 }
 
 type VaultAccessPolicy struct {
-	Id       types.String                                   `tfsdk:"id"`
-	VaultId  types.String                                   `tfsdk:"vault_id"`
-	Identity types.String                                   `tfsdk:"identity"`
-	Access   mtypes.EnumValue[resourcespb.VaultAccess_Enum] `tfsdk:"access"`
+	Id           types.String                                   `tfsdk:"id"`
+	VaultId      types.String                                   `tfsdk:"vault_id"`
+	Identity     types.String                                   `tfsdk:"identity"`
+	Access       mtypes.EnumValue[resourcespb.VaultAccess_Enum] `tfsdk:"access"`
+	AwsOutputs   types.Object                                   `tfsdk:"aws"`
+	AzureOutputs types.Object                                   `tfsdk:"azure"`
+	GcpOutputs   types.Object                                   `tfsdk:"gcp"`
 }
 
 func convertToVaultAccessPolicy(res *resourcespb.VaultAccessPolicyResource) VaultAccessPolicy {
@@ -105,6 +137,24 @@ func convertToVaultAccessPolicy(res *resourcespb.VaultAccessPolicyResource) Vaul
 		VaultId:  types.String{Value: res.VaultId},
 		Identity: types.String{Value: res.Identity},
 		Access:   mtypes.VaultAclType.NewVal(res.Access),
+		AwsOutputs: common.OptionallyObj(res.AwsOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"iam_policy_arn": common.DefaultToNull[types.String](res.GetAwsOutputs().GetIamPolicyArn()),
+			},
+			AttrTypes: vaultAccessPolicyAwsOutputs,
+		}),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_access_policy_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultAccessPolicyId()),
+			},
+			AttrTypes: vaultAccessPolicyAzureOutputs,
+		}),
+		GcpOutputs: common.OptionallyObj(res.GcpOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"secret_manager_secret_iam_membership_ids": common.TypesStringListToListType(res.GetGcpOutputs().GetSecretManagerSecretIamMembershipId()),
+			},
+			AttrTypes: vaultAccessPolicyGcpOutputs,
+		}),
 	}
 }
 

diff --git a/multy/resource_vault_secret.go b/multy/resource_vault_secret.go
@@ -2,14 +2,29 @@ package multy
 
 import (
 	"context"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/multycloud/multy/api/proto/resourcespb"
+	"terraform-provider-multy/multy/common"
 )
 
 type ResourceVaultSecretType struct{}
 
+var vaultSecretAwsOutputs = map[string]attr.Type{
+	"ssm_parameter_arn": types.StringType,
+}
+
+var vaultSecretAzureOutputs = map[string]attr.Type{
+	"key_vault_secret_id": types.StringType,
+}
+
+var vaultSecretGcpOutputs = map[string]attr.Type{
+	"secret_manager_secret_id":         types.StringType,
+	"secret_manager_secret_version_id": types.StringType,
+}
+
 func (r ResourceVaultSecretType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Object Storage resource",
@@ -36,6 +51,21 @@ func (r ResourceVaultSecretType) GetSchema(_ context.Context) (tfsdk.Schema, dia
 				Required:      true,
 				PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()},
 			},
+			"aws": {
+				Description: "AWS-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretAwsOutputs},
+				Computed:    true,
+			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretAzureOutputs},
+				Computed:    true,
+			},
+			"gcp": {
+				Description: "GCP-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretGcpOutputs},
+				Computed:    true,
+			},
 		},
 	}, nil
 }
@@ -89,10 +119,13 @@ func deleteVaultSecret(ctx context.Context, p Provider, state VaultSecret) error
 }
 
 type VaultSecret struct {
-	Id      types.String `tfsdk:"id"`
-	VaultId types.String `tfsdk:"vault_id"`
-	Name    types.String `tfsdk:"name"`
-	Value   types.String `tfsdk:"value"`
+	Id           types.String `tfsdk:"id"`
+	VaultId      types.String `tfsdk:"vault_id"`
+	Name         types.String `tfsdk:"name"`
+	Value        types.String `tfsdk:"value"`
+	AwsOutputs   types.Object `tfsdk:"aws"`
+	AzureOutputs types.Object `tfsdk:"azure"`
+	GcpOutputs   types.Object `tfsdk:"gcp"`
 }
 
 func convertToVaultSecret(res *resourcespb.VaultSecretResource) VaultSecret {
@@ -101,6 +134,25 @@ func convertToVaultSecret(res *resourcespb.VaultSecretResource) VaultSecret {
 		VaultId: types.String{Value: res.VaultId},
 		Name:    types.String{Value: res.Name},
 		Value:   types.String{Value: res.Value},
+		AwsOutputs: common.OptionallyObj(res.AwsOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"ssm_parameter_arn": common.DefaultToNull[types.String](res.GetAwsOutputs().GetSsmParameterArn()),
+			},
+			AttrTypes: vaultSecretAwsOutputs,
+		}),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_secret_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultSecretId()),
+			},
+			AttrTypes: vaultSecretAzureOutputs,
+		}),
+		GcpOutputs: common.OptionallyObj(res.GcpOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"secret_manager_secret_id":         common.DefaultToNull[types.String](res.GetGcpOutputs().GetSecretManagerSecretId()),
+				"secret_manager_secret_version_id": common.DefaultToNull[types.String](res.GetGcpOutputs().GetSecretManagerSecretVersionId()),
+			},
+			AttrTypes: vaultSecretGcpOutputs,
+		}),
 	}
 }
 

diff --git a/tests/resources/vault_secret/main.tf b/tests/resources/vault_secret/main.tf
@@ -1,6 +1,6 @@
 variable cloud {
   type    = string
-  default = "aws"
+  default = "gcp"
 }
 
 resource multy_vault v {

diff --git a/tests/resources/vault_secret/provider.tf b/tests/resources/vault_secret/provider.tf
@@ -10,4 +10,7 @@ terraform {
 provider "multy" {
   api_key         = "secret-1"
   server_endpoint = "localhost:8000"
+  aws             = {}
+  azure           = {}
+  gcp             = { project = "multy-project" }
 }