feat(codegen): Add sensitive variable marking and skip_subcategory support#714
Merged
Conversation
- Add Subcategory field to TerraformProviderConfig struct for YAML override support - Add Subcategory field to TerraformProviderSpecMetadata struct - Implement deriveSubcategoryFromPath() to extract subcategory from spec directory - Generate individual tfplugindocs templates per resource/data source with subcategory - Pass subcategory through to terraform provider metadata Subcategory derivation from directory structure: - specs/network/ → "Network" - specs/objects/ → "Objects" - specs/device/ → "Device" - specs/panorama/ → "Panorama" - specs/policies/ → "Policies" The generated templates in target/terraform/templates/ will have the subcategory hardcoded, eliminating the need for fix-docs.go post-processing script.
Add scripts/release.sh to automate the PAN-OS release process with three modes: - --auto: Fully automated (runs codegen, versions, tags, pushes) - --manual: Interactive (prompts for confirmation, no auto-push) - --dry-run: Simulation (shows what would be done) The script handles: - Running codegen in pan-os-codegen - Copying generated code to pango and terraform-provider-panos - Version determination using standard-version (with fallback) - Creating commits and tags - Running gofix and terraform doc generation - Validating subcategories in documentation - Pushing to remote (in auto mode only) Uses npx standard-version for conventional commit-based versioning, with fallback to manual detection if standard-version is unavailable. Includes comprehensive logging with timestamps and colored output.
- Fix Makefile to use correct config path (cmd/codegen/config.yaml) - Accumulate flags when same resource has both resource and datasource - Add debug logging for template generation This ensures tfplugindocs templates are generated correctly with proper subcategories for all resources and data sources.
terraform-plugin-docs automatically prepends the provider name when looking up templates. Template files should be named without the provider prefix: - Before: panos_address.md.tmpl (looked for panos_panos_address) - After: address.md.tmpl (correctly looks for panos_address) This fixes the 'does not exist' error when generating terraform docs.
Resolved conflicts in pkg/translate/terraform_provider/entity_generators.go by merging the subcategory support from the PR branch with the refactored code structure from main. The generator.go file was removed as it contained duplicate declarations now present in entity_generators.go. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add sensitive: true to API key in terraform provider config and to private-key field in certificate-import spec to ensure these values are handled securely in generated Terraform code. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- release.yml: GitHub Actions workflow that generates code, runs tests, pushes pango SDK, and creates a provider PR with release notes - determine-version.sh: Detects next version from conventional commits with custom release rules (breaking=minor, feat=patch) - generate-release-notes.sh: Generates markdown release notes grouped by commit type Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…gory Specs can now set `skip_subcategory: true` to explicitly opt out of subcategory validation. This produces docs with an empty subcategory and records the resource in a .subcategory-skip file that CI uses to exclude them from validation. Missing subcategory without the flag is now an error. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
# Conflicts: # pkg/commands/codegen/codegen.go # pkg/properties/normalized.go
migara
changed the title
The ethernet interface resources referenced panos_template.template but the template resource is named "tmpl". Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate)
Types of changes
Checklist