From d5a6d22581dbd3d603731fa42d20c1dd49e30023 Mon Sep 17 00:00:00 2001
From: goncalo-rodrigues <goncalo.alfredo.rodrigues@gmail.com>
Date: Tue, 26 Jul 2022 16:35:49 +0200
Subject: [PATCH] feat: add output ids for vault and secrets

---
 go.mod                                   |  2 +-
 multy/resource_vault.go                  | 16 +++++++
 multy/resource_vault_access_policy.go    | 58 +++++++++++++++++++++--
 multy/resource_vault_secret.go           | 60 ++++++++++++++++++++++--
 tests/resources/vault_secret/main.tf     |  2 +-
 tests/resources/vault_secret/provider.tf |  3 ++
 6 files changed, 131 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index 9e84d44..f624428 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	google.golang.org/protobuf v1.28.0
 )
 
-//replace github.com/multycloud/multy v0.1.53 => ../multy
+//replace github.com/multycloud/multy v0.1.54 => ../multy
 
 require (
 	github.com/Azure/azure-sdk-for-go v59.2.0+incompatible // indirect
diff --git a/multy/resource_vault.go b/multy/resource_vault.go
index 47e4fa9..7522cb5 100644
--- a/multy/resource_vault.go
+++ b/multy/resource_vault.go
@@ -17,6 +17,10 @@ import (
 
 type ResourceVaultType struct{}
 
+var vaultAzureOutputs = map[string]attr.Type{
+	"key_vault_id": types.StringType,
+}
+
 func (r ResourceVaultType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Vault resource",
@@ -52,6 +56,11 @@ func (r ResourceVaultType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diag
 				Optional: true,
 				Computed: true,
 			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAzureOutputs},
+				Computed:    true,
+			},
 			"cloud":    common.CloudsSchema,
 			"location": common.LocationSchema,
 		},
@@ -114,6 +123,7 @@ type Vault struct {
 	ResourceGroupId types.String                             `tfsdk:"resource_group_id"`
 
 	GcpOverridesObject types.Object `tfsdk:"gcp_overrides"`
+	AzureOutputs       types.Object `tfsdk:"azure"`
 }
 
 func convertToVault(res *resourcespb.VaultResource) Vault {
@@ -124,6 +134,12 @@ func convertToVault(res *resourcespb.VaultResource) Vault {
 		Location:           mtypes.LocationType.NewVal(res.CommonParameters.Location),
 		ResourceGroupId:    types.String{Value: res.CommonParameters.ResourceGroupId},
 		GcpOverridesObject: convertToVaultGcpOverrides(res.GcpOverride).GcpOverridesToObj(),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultId()),
+			},
+			AttrTypes: vaultAzureOutputs,
+		}),
 	}
 }
 
diff --git a/multy/resource_vault_access_policy.go b/multy/resource_vault_access_policy.go
index 2f37bfb..b11ffe5 100644
--- a/multy/resource_vault_access_policy.go
+++ b/multy/resource_vault_access_policy.go
@@ -3,16 +3,30 @@ package multy
 import (
 	"context"
 	"fmt"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/multycloud/multy/api/proto/resourcespb"
+	"terraform-provider-multy/multy/common"
 	"terraform-provider-multy/multy/mtypes"
 	"terraform-provider-multy/multy/validators"
 )
 
 type ResourceVaultAccessPolicyType struct{}
 
+var vaultAccessPolicyAwsOutputs = map[string]attr.Type{
+	"iam_policy_arn": types.StringType,
+}
+
+var vaultAccessPolicyAzureOutputs = map[string]attr.Type{
+	"key_vault_access_policy_id": types.StringType,
+}
+
+var vaultAccessPolicyGcpOutputs = map[string]attr.Type{
+	"secret_manager_secret_iam_membership_ids": types.ListType{ElemType: types.StringType},
+}
+
 func (r ResourceVaultAccessPolicyType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Object Storage resource",
@@ -40,6 +54,21 @@ func (r ResourceVaultAccessPolicyType) GetSchema(_ context.Context) (tfsdk.Schem
 				Required:    true,
 				Validators:  []tfsdk.AttributeValidator{validators.NewValidator(mtypes.VaultAclType)},
 			},
+			"aws": {
+				Description: "AWS-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyAwsOutputs},
+				Computed:    true,
+			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyAzureOutputs},
+				Computed:    true,
+			},
+			"gcp": {
+				Description: "GCP-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultAccessPolicyGcpOutputs},
+				Computed:    true,
+			},
 		},
 	}, nil
 }
@@ -93,10 +122,13 @@ func deleteVaultAccessPolicy(ctx context.Context, p Provider, state VaultAccessP
 }
 
 type VaultAccessPolicy struct {
-	Id       types.String                                   `tfsdk:"id"`
-	VaultId  types.String                                   `tfsdk:"vault_id"`
-	Identity types.String                                   `tfsdk:"identity"`
-	Access   mtypes.EnumValue[resourcespb.VaultAccess_Enum] `tfsdk:"access"`
+	Id           types.String                                   `tfsdk:"id"`
+	VaultId      types.String                                   `tfsdk:"vault_id"`
+	Identity     types.String                                   `tfsdk:"identity"`
+	Access       mtypes.EnumValue[resourcespb.VaultAccess_Enum] `tfsdk:"access"`
+	AwsOutputs   types.Object                                   `tfsdk:"aws"`
+	AzureOutputs types.Object                                   `tfsdk:"azure"`
+	GcpOutputs   types.Object                                   `tfsdk:"gcp"`
 }
 
 func convertToVaultAccessPolicy(res *resourcespb.VaultAccessPolicyResource) VaultAccessPolicy {
@@ -105,6 +137,24 @@ func convertToVaultAccessPolicy(res *resourcespb.VaultAccessPolicyResource) Vaul
 		VaultId:  types.String{Value: res.VaultId},
 		Identity: types.String{Value: res.Identity},
 		Access:   mtypes.VaultAclType.NewVal(res.Access),
+		AwsOutputs: common.OptionallyObj(res.AwsOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"iam_policy_arn": common.DefaultToNull[types.String](res.GetAwsOutputs().GetIamPolicyArn()),
+			},
+			AttrTypes: vaultAccessPolicyAwsOutputs,
+		}),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_access_policy_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultAccessPolicyId()),
+			},
+			AttrTypes: vaultAccessPolicyAzureOutputs,
+		}),
+		GcpOutputs: common.OptionallyObj(res.GcpOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"secret_manager_secret_iam_membership_ids": common.TypesStringListToListType(res.GetGcpOutputs().GetSecretManagerSecretIamMembershipId()),
+			},
+			AttrTypes: vaultAccessPolicyGcpOutputs,
+		}),
 	}
 }
 
diff --git a/multy/resource_vault_secret.go b/multy/resource_vault_secret.go
index 971d356..64052a1 100644
--- a/multy/resource_vault_secret.go
+++ b/multy/resource_vault_secret.go
@@ -2,14 +2,29 @@ package multy
 
 import (
 	"context"
+	"github.com/hashicorp/terraform-plugin-framework/attr"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/multycloud/multy/api/proto/resourcespb"
+	"terraform-provider-multy/multy/common"
 )
 
 type ResourceVaultSecretType struct{}
 
+var vaultSecretAwsOutputs = map[string]attr.Type{
+	"ssm_parameter_arn": types.StringType,
+}
+
+var vaultSecretAzureOutputs = map[string]attr.Type{
+	"key_vault_secret_id": types.StringType,
+}
+
+var vaultSecretGcpOutputs = map[string]attr.Type{
+	"secret_manager_secret_id":         types.StringType,
+	"secret_manager_secret_version_id": types.StringType,
+}
+
 func (r ResourceVaultSecretType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) {
 	return tfsdk.Schema{
 		MarkdownDescription: "Provides Multy Object Storage resource",
@@ -36,6 +51,21 @@ func (r ResourceVaultSecretType) GetSchema(_ context.Context) (tfsdk.Schema, dia
 				Required:      true,
 				PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()},
 			},
+			"aws": {
+				Description: "AWS-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretAwsOutputs},
+				Computed:    true,
+			},
+			"azure": {
+				Description: "Azure-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretAzureOutputs},
+				Computed:    true,
+			},
+			"gcp": {
+				Description: "GCP-specific ids of the underlying generated resources",
+				Type:        types.ObjectType{AttrTypes: vaultSecretGcpOutputs},
+				Computed:    true,
+			},
 		},
 	}, nil
 }
@@ -89,10 +119,13 @@ func deleteVaultSecret(ctx context.Context, p Provider, state VaultSecret) error
 }
 
 type VaultSecret struct {
-	Id      types.String `tfsdk:"id"`
-	VaultId types.String `tfsdk:"vault_id"`
-	Name    types.String `tfsdk:"name"`
-	Value   types.String `tfsdk:"value"`
+	Id           types.String `tfsdk:"id"`
+	VaultId      types.String `tfsdk:"vault_id"`
+	Name         types.String `tfsdk:"name"`
+	Value        types.String `tfsdk:"value"`
+	AwsOutputs   types.Object `tfsdk:"aws"`
+	AzureOutputs types.Object `tfsdk:"azure"`
+	GcpOutputs   types.Object `tfsdk:"gcp"`
 }
 
 func convertToVaultSecret(res *resourcespb.VaultSecretResource) VaultSecret {
@@ -101,6 +134,25 @@ func convertToVaultSecret(res *resourcespb.VaultSecretResource) VaultSecret {
 		VaultId: types.String{Value: res.VaultId},
 		Name:    types.String{Value: res.Name},
 		Value:   types.String{Value: res.Value},
+		AwsOutputs: common.OptionallyObj(res.AwsOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"ssm_parameter_arn": common.DefaultToNull[types.String](res.GetAwsOutputs().GetSsmParameterArn()),
+			},
+			AttrTypes: vaultSecretAwsOutputs,
+		}),
+		AzureOutputs: common.OptionallyObj(res.AzureOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"key_vault_secret_id": common.DefaultToNull[types.String](res.GetAzureOutputs().GetKeyVaultSecretId()),
+			},
+			AttrTypes: vaultSecretAzureOutputs,
+		}),
+		GcpOutputs: common.OptionallyObj(res.GcpOutputs, types.Object{
+			Attrs: map[string]attr.Value{
+				"secret_manager_secret_id":         common.DefaultToNull[types.String](res.GetGcpOutputs().GetSecretManagerSecretId()),
+				"secret_manager_secret_version_id": common.DefaultToNull[types.String](res.GetGcpOutputs().GetSecretManagerSecretVersionId()),
+			},
+			AttrTypes: vaultSecretGcpOutputs,
+		}),
 	}
 }
 
diff --git a/tests/resources/vault_secret/main.tf b/tests/resources/vault_secret/main.tf
index 032e363..7d616cb 100644
--- a/tests/resources/vault_secret/main.tf
+++ b/tests/resources/vault_secret/main.tf
@@ -1,6 +1,6 @@
 variable cloud {
   type    = string
-  default = "aws"
+  default = "gcp"
 }
 
 resource multy_vault v {
diff --git a/tests/resources/vault_secret/provider.tf b/tests/resources/vault_secret/provider.tf
index e8eb6a6..ab453e4 100644
--- a/tests/resources/vault_secret/provider.tf
+++ b/tests/resources/vault_secret/provider.tf
@@ -10,4 +10,7 @@ terraform {
 provider "multy" {
   api_key         = "secret-1"
   server_endpoint = "localhost:8000"
+  aws             = {}
+  azure           = {}
+  gcp             = { project = "multy-project" }
 }
\ No newline at end of file