diff --git a/github/data_source_github_actions_environment_secrets_test.go b/github/data_source_github_actions_environment_secrets_test.go index 4d9a826342..0d4e1bdfad 100644 --- a/github/data_source_github_actions_environment_secrets_test.go +++ b/github/data_source_github_actions_environment_secrets_test.go @@ -24,10 +24,10 @@ func TestAccGithubActionsEnvironmentSecretsDataSource(t *testing.T) { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "secret_1" - plaintext_value = "foo" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "secret_1" + value = "foo" } `, repoName) diff --git a/github/data_source_github_actions_organization_secrets_test.go b/github/data_source_github_actions_organization_secrets_test.go index 93efd76961..381d54b3a4 100644 --- a/github/data_source_github_actions_organization_secrets_test.go +++ b/github/data_source_github_actions_organization_secrets_test.go @@ -15,9 +15,9 @@ func TestAccGithubActionsOrganizationSecretsDataSource(t *testing.T) { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "org_secret_1_%s" - plaintext_value = "foo" - visibility = "all" # going with all as it does not require a paid subscrption + secret_name = "org_secret_1_%s" + value = "foo" + visibility = "all" # going with all as it does not require a paid subscrption } `, randomID) diff --git a/github/data_source_github_actions_secrets_test.go b/github/data_source_github_actions_secrets_test.go index e810d4a999..e229cf3618 100644 --- a/github/data_source_github_actions_secrets_test.go +++ b/github/data_source_github_actions_secrets_test.go @@ -20,9 +20,9 @@ func TestAccGithubActionsSecretsDataSource(t *testing.T) { } resource "github_actions_secret" "test" { - secret_name = "secret_1" - repository = github_repository.test.name - plaintext_value = "foo" + secret_name = "secret_1" + repository = github_repository.test.name + value = "foo" } `, repoName) diff --git a/github/data_source_github_dependabot_organization_secrets_test.go b/github/data_source_github_dependabot_organization_secrets_test.go index 6b72579982..12f63d2fa0 100644 --- a/github/data_source_github_dependabot_organization_secrets_test.go +++ b/github/data_source_github_dependabot_organization_secrets_test.go @@ -15,9 +15,9 @@ func TestAccGithubDependabotOrganizationSecretsDataSource(t *testing.T) { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "org_dep_secret_1_%s" - plaintext_value = "foo" - visibility = "private" + secret_name = "org_dep_secret_1_%s" + value = "foo" + visibility = "private" } `, randomID) diff --git a/github/data_source_github_dependabot_secrets_test.go b/github/data_source_github_dependabot_secrets_test.go index 646aea04da..ba67820296 100644 --- a/github/data_source_github_dependabot_secrets_test.go +++ b/github/data_source_github_dependabot_secrets_test.go @@ -20,9 +20,9 @@ func TestAccGithubDependabotSecretsDataSource(t *testing.T) { } resource "github_dependabot_secret" "test" { - secret_name = "dep_secret_1" - repository = github_repository.test.name - plaintext_value = "foo" + secret_name = "dep_secret_1" + repository = github_repository.test.name + value = "foo" } `, repoName) diff --git a/github/resource_github_actions_environment_secret.go b/github/resource_github_actions_environment_secret.go index df122ded35..f503440e60 100644 --- a/github/resource_github_actions_environment_secret.go +++ b/github/resource_github_actions_environment_secret.go @@ -54,22 +54,41 @@ func resourceGithubActionsEnvironmentSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ConflictsWith: []string{"plaintext_value"}, + RequiredWith: []string{"value_encrypted"}, + ConflictsWith: []string{"value", "plaintext_value"}, Description: "ID of the public key used to encrypt the secret.", }, + "value": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + Description: "Plaintext value to be encrypted.", + }, + "value_encrypted": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Value encrypted with the GitHub public key, defined by key_id, in Base64 format.", + }, "encrypted_value": { Type: schema.TypeString, Optional: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + Deprecated: "Use value_encrypted and key_id.", }, "plaintext_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, Description: "Plaintext value of the secret to be encrypted.", + Deprecated: "Use value.", }, "created_at": { Type: schema.TypeString, @@ -112,7 +131,7 @@ func resourceGithubActionsEnvironmentSecretCreate(ctx context.Context, d *schema envName := d.Get("environment").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") escapedEnvName := url.PathEscape(envName) @@ -134,7 +153,7 @@ func resourceGithubActionsEnvironmentSecretCreate(ctx context.Context, d *schema } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { @@ -239,7 +258,7 @@ func resourceGithubActionsEnvironmentSecretUpdate(ctx context.Context, d *schema envName := d.Get("environment").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") escapedEnvName := url.PathEscape(envName) @@ -255,7 +274,7 @@ func resourceGithubActionsEnvironmentSecretUpdate(ctx context.Context, d *schema } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { diff --git a/github/resource_github_actions_environment_secret_migration_test.go b/github/resource_github_actions_environment_secret_migration_test.go index 830edcc4ca..3242431633 100644 --- a/github/resource_github_actions_environment_secret_migration_test.go +++ b/github/resource_github_actions_environment_secret_migration_test.go @@ -20,19 +20,19 @@ package github // { // testName: "migrates v0 to v1", // rawState: map[string]any{ -// "id": "my-repo:my-environment:MY_SECRET", -// "repository": "my-repo", -// "environment": "my-environment", -// "secret_name": "MY_SECRET", -// "value": "my-value", +// "id": "my-repo:my-environment:MY_SECRET", +// "repository": "my-repo", +// "environment": "my-environment", +// "secret_name": "MY_SECRET", +// "plaintext_value": "my-value", // }, // want: map[string]any{ -// "id": "my-repo:my-environment:MY_SECRET", -// "repository": "my-repo", -// "repository_id": 123456, -// "environment": "my-environment", -// "secret_name": "MY_SECRET", -// "value": "my-value", +// "id": "my-repo:my-environment:MY_SECRET", +// "repository": "my-repo", +// "repository_id": 123456, +// "environment": "my-environment", +// "secret_name": "MY_SECRET", +// "plaintext_value": "my-value", // }, // shouldError: false, // }, diff --git a/github/resource_github_actions_environment_secret_test.go b/github/resource_github_actions_environment_secret_test.go index 9ac8bdb869..6af6b9e9c8 100644 --- a/github/resource_github_actions_environment_secret_test.go +++ b/github/resource_github_actions_environment_secret_test.go @@ -33,10 +33,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "%s" } `, repoName, envName, secretName, value) @@ -50,8 +50,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -79,10 +79,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "%s" } `, repoName, envName, secretName, value) @@ -96,8 +96,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -126,10 +126,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "%s" } ` @@ -143,8 +143,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -156,8 +156,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "plaintext_value", updatedValue), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -189,7 +189,7 @@ resource "github_actions_environment_secret" "test" { repository = github_repository.test.name environment = github_repository_environment.test.environment secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" } ` @@ -203,8 +203,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -216,8 +216,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -255,7 +255,7 @@ resource "github_actions_environment_secret" "test" { environment = github_repository_environment.test.environment key_id = data.github_actions_environment_public_key.test.key_id secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" } ` @@ -269,8 +269,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -282,8 +282,8 @@ resource "github_actions_environment_secret" "test" { resource.TestCheckResourceAttrPair("github_actions_environment_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "environment", envName), resource.TestCheckResourceAttr("github_actions_environment_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_environment_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_environment_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_environment_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_environment_secret.test", "updated_at"), @@ -310,10 +310,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "test" } `, repoName, envName, secretName) @@ -402,10 +402,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "test" lifecycle { ignore_changes = [remote_updated_at] @@ -502,10 +502,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "test" + value = "test" } ` @@ -569,10 +569,10 @@ resource "github_repository_environment" "test2" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -596,10 +596,10 @@ resource "github_repository_environment" "test2" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test2.name - environment = github_repository_environment.test2.environment - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test2.name + environment = github_repository_environment.test2.environment + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -653,10 +653,10 @@ resource "github_actions_environment_secret" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "test" + value = "test" } `, repoName) @@ -692,10 +692,10 @@ resource "github_repository_environment" "test" { } resource "github_actions_environment_secret" "test" { - repository = github_repository.test.name - environment = github_repository_environment.test.environment - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + environment = github_repository_environment.test.environment + secret_name = "%s" + value = "test" } `, repoName, envName, secretName) @@ -710,7 +710,7 @@ resource "github_actions_environment_secret" "test" { ResourceName: "github_actions_environment_secret.test", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"key_id", "plaintext_value"}, + ImportStateVerifyIgnore: []string{"key_id", "value"}, }, }, }) diff --git a/github/resource_github_actions_environment_variable_migration_test.go b/github/resource_github_actions_environment_variable_migration_test.go index 6b43858ca3..94bc5646b4 100644 --- a/github/resource_github_actions_environment_variable_migration_test.go +++ b/github/resource_github_actions_environment_variable_migration_test.go @@ -24,15 +24,15 @@ package github // "repository": "my-repo", // "environment": "my-environment", // "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "plaintext_value": "my-value", // }, // want: map[string]any{ -// "id": "my-repo:my-environment:MY_VARIABLE", -// "repository": "my-repo", -// "repository_id": 123456, -// "environment": "my-environment", -// "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "id": "my-repo:my-environment:MY_VARIABLE", +// "repository": "my-repo", +// "repository_id": 123456, +// "environment": "my-environment", +// "variable_name": "MY_VARIABLE", +// "plaintext_value": "my-value", // }, // shouldError: false, // }, diff --git a/github/resource_github_actions_organization_secret.go b/github/resource_github_actions_organization_secret.go index 90ccf94db9..5071d16e32 100644 --- a/github/resource_github_actions_organization_secret.go +++ b/github/resource_github_actions_organization_secret.go @@ -37,23 +37,41 @@ func resourceGithubActionsOrganizationSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, + RequiredWith: []string{"value_encrypted"}, + ConflictsWith: []string{"value", "plaintext_value"}, Description: "ID of the public key used to encrypt the secret.", - ConflictsWith: []string{"plaintext_value"}, + }, + "value": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + Description: "Plaintext value to be encrypted.", + }, + "value_encrypted": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Value encrypted with the GitHub public key, defined by key_id, in Base64 format.", }, "encrypted_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, - Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + Deprecated: "Use value_encrypted and key_id.", }, "plaintext_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, Description: "Plaintext value of the secret to be encrypted.", + Deprecated: "Use value.", }, "visibility": { Type: schema.TypeString, @@ -115,7 +133,7 @@ func resourceGithubActionsOrganizationSecretCreate(ctx context.Context, d *schem secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") visibility := d.Get("visibility").(string) repoIDs := github.SelectedRepoIDs{} @@ -139,7 +157,7 @@ func resourceGithubActionsOrganizationSecretCreate(ctx context.Context, d *schem } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { @@ -264,7 +282,7 @@ func resourceGithubActionsOrganizationSecretUpdate(ctx context.Context, d *schem secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") visibility := d.Get("visibility").(string) repoIDs := github.SelectedRepoIDs{} @@ -288,7 +306,7 @@ func resourceGithubActionsOrganizationSecretUpdate(ctx context.Context, d *schem } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { diff --git a/github/resource_github_actions_organization_secret_repositories_test.go b/github/resource_github_actions_organization_secret_repositories_test.go index 276798c569..80f1e10af0 100644 --- a/github/resource_github_actions_organization_secret_repositories_test.go +++ b/github/resource_github_actions_organization_secret_repositories_test.go @@ -20,7 +20,7 @@ func TestAccGithubActionsOrganizationSecretRepositories(t *testing.T) { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "selected" } diff --git a/github/resource_github_actions_organization_secret_repository_test.go b/github/resource_github_actions_organization_secret_repository_test.go index d7dec7d116..25ed2b7e38 100644 --- a/github/resource_github_actions_organization_secret_repository_test.go +++ b/github/resource_github_actions_organization_secret_repository_test.go @@ -19,7 +19,7 @@ func TestAccGithubActionsOrganizationSecretRepository(t *testing.T) { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "selected" } diff --git a/github/resource_github_actions_organization_secret_test.go b/github/resource_github_actions_organization_secret_test.go index fe4985e244..c69f27740a 100644 --- a/github/resource_github_actions_organization_secret_test.go +++ b/github/resource_github_actions_organization_secret_test.go @@ -22,9 +22,9 @@ func TestAccGithubActionsOrganizationSecret(t *testing.T) { config := ` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } ` @@ -37,8 +37,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -50,8 +50,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -71,7 +71,7 @@ resource "github_actions_organization_secret" "test" { config := ` resource "github_actions_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "all" } ` @@ -85,8 +85,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value_encrypted", value), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -98,8 +98,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "encrypted_value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value_encrypted", valueUpdated), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -122,7 +122,7 @@ data "github_actions_organization_public_key" "default" {} resource "github_actions_organization_secret" "test" { secret_name = "%s" key_id = data.github_actions_organization_public_key.default.key_id - encrypted_value = "%s" + value_encrypted = "%s" visibility = "all" } ` @@ -136,8 +136,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value_encrypted", value), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -149,8 +149,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "encrypted_value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value_encrypted", valueUpdated), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -169,9 +169,9 @@ resource "github_actions_organization_secret" "test" { config := ` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } ` @@ -184,8 +184,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -197,8 +197,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -217,9 +217,9 @@ resource "github_actions_organization_secret" "test" { config := ` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "private" + secret_name = "%s" + value = "%s" + visibility = "private" } ` @@ -232,8 +232,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "private"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -245,8 +245,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "private"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -275,9 +275,9 @@ resource "github_repository" "test_1" { } resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "selected" + secret_name = "%s" + value = "%s" + visibility = "selected" selected_repository_ids = [github_repository.test_%s.repo_id] } @@ -292,8 +292,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "1"), resource.TestCheckResourceAttrPair("github_actions_organization_secret.test", "selected_repository_ids.0", "github_repository.test_0", "repo_id"), @@ -306,8 +306,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "1"), resource.TestCheckResourceAttrPair("github_actions_organization_secret.test", "selected_repository_ids.0", "github_repository.test_1", "repo_id"), @@ -327,9 +327,9 @@ resource "github_actions_organization_secret" "test" { config := ` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "selected" + secret_name = "%s" + value = "%s" + visibility = "selected" } ` @@ -342,8 +342,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plainvaluetext_value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -355,8 +355,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -377,9 +377,9 @@ resource "github_actions_organization_secret" "test" { config := ` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "%s" + secret_name = "%s" + value = "%s" + visibility = "%s" } ` @@ -392,8 +392,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", visibility), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -405,8 +405,8 @@ resource "github_actions_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_actions_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_actions_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_actions_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "visibility", visibilityUpdated), resource.TestCheckResourceAttr("github_actions_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_actions_organization_secret.test", "created_at"), @@ -424,9 +424,9 @@ resource "github_actions_organization_secret" "test" { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -498,9 +498,9 @@ resource "github_actions_organization_secret" "test" { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" lifecycle { ignore_changes = [remote_updated_at] @@ -575,9 +575,9 @@ resource "github_actions_organization_secret" "test" { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -603,9 +603,9 @@ resource "github_actions_organization_secret" "test" { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -620,7 +620,7 @@ resource "github_actions_organization_secret" "test" { ResourceName: "github_actions_organization_secret.test", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"key_id", "plaintext_value", "destroy_on_drift"}, + ImportStateVerifyIgnore: []string{"key_id", "value", "destroy_on_drift"}, }, }, }) @@ -633,9 +633,9 @@ resource "github_actions_organization_secret" "test" { config := fmt.Sprintf(` resource "github_actions_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" selected_repository_ids = [123456] } diff --git a/github/resource_github_actions_secret.go b/github/resource_github_actions_secret.go index d1b5319b4f..dcc81a3ad3 100644 --- a/github/resource_github_actions_secret.go +++ b/github/resource_github_actions_secret.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "golang.org/x/crypto/nacl/box" ) @@ -53,22 +54,41 @@ func resourceGithubActionsSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ConflictsWith: []string{"plaintext_value"}, + RequiredWith: []string{"value_encrypted"}, + ConflictsWith: []string{"value", "plaintext_value"}, Description: "ID of the public key used to encrypt the secret.", }, - "encrypted_value": { + "value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, - Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + Description: "Plaintext value to be encrypted.", + }, + "value_encrypted": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Value encrypted with the GitHub public key, defined by key_id, in Base64 format.", + }, + "encrypted_value": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + Deprecated: "Use value_encrypted and key_id.", }, "plaintext_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, Description: "Plaintext value of the secret to be encrypted.", + Deprecated: "Use value.", }, "created_at": { Type: schema.TypeString, @@ -115,7 +135,7 @@ func resourceGithubActionsSecretCreate(ctx context.Context, d *schema.ResourceDa repoName := d.Get("repository").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") repo, _, err := client.Repositories.Get(ctx, owner, repoName) if err != nil { @@ -135,7 +155,7 @@ func resourceGithubActionsSecretCreate(ctx context.Context, d *schema.ResourceDa } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { @@ -238,7 +258,7 @@ func resourceGithubActionsSecretUpdate(ctx context.Context, d *schema.ResourceDa repoName := d.Get("repository").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") var publicKey string if len(keyID) == 0 || len(encryptedValue) == 0 { @@ -252,7 +272,7 @@ func resourceGithubActionsSecretUpdate(ctx context.Context, d *schema.ResourceDa } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { diff --git a/github/resource_github_actions_secret_test.go b/github/resource_github_actions_secret_test.go index 0d4e7d3801..edd7f49929 100644 --- a/github/resource_github_actions_secret_test.go +++ b/github/resource_github_actions_secret_test.go @@ -25,9 +25,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + secret_name = "%s" + value = "%s" } `, repoName, secretName, value) @@ -40,8 +40,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -64,9 +64,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + secret_name = "%s" + value = "%s" } ` @@ -79,8 +79,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -91,8 +91,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_actions_secret.test", "plaintext_value", updatedValue), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -117,7 +117,7 @@ resource "github_repository" "test" { resource "github_actions_secret" "test" { repository = github_repository.test.name secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" } ` @@ -130,8 +130,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -142,8 +142,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -173,7 +173,7 @@ resource "github_actions_secret" "test" { repository = github_repository.test.name key_id = data.github_actions_public_key.test.key_id secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" } ` @@ -186,8 +186,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -198,8 +198,8 @@ resource "github_actions_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_actions_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_actions_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_actions_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_actions_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_actions_secret.test", "value"), + resource.TestCheckResourceAttr("github_actions_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_actions_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_actions_secret.test", "updated_at"), @@ -220,9 +220,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" } `, repoName, secretName) @@ -297,9 +297,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" lifecycle { ignore_changes = [remote_updated_at] @@ -378,9 +378,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } ` @@ -434,9 +434,9 @@ resource "github_repository" "test2" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -450,9 +450,9 @@ resource "github_repository" "test2" { } resource "github_actions_secret" "test" { - repository = github_repository.test2.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test2.name + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -501,9 +501,9 @@ resource "github_actions_secret" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } `, repoName) @@ -533,9 +533,9 @@ resource "github_repository" "test" { } resource "github_actions_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" } `, repoName, secretName) @@ -550,7 +550,7 @@ resource "github_actions_secret" "test" { ResourceName: "github_actions_secret.test", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"key_id", "plaintext_value"}, + ImportStateVerifyIgnore: []string{"key_id", "value"}, }, }, }) diff --git a/github/resource_github_actions_variable_migration_test.go b/github/resource_github_actions_variable_migration_test.go index 43372bd79c..3130357d69 100644 --- a/github/resource_github_actions_variable_migration_test.go +++ b/github/resource_github_actions_variable_migration_test.go @@ -20,17 +20,17 @@ package github // { // testName: "migrates v0 to v1", // rawState: map[string]any{ -// "id": "my-repo:MY_VARIABLE", -// "repository": "my-repo", -// "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "id": "my-repo:MY_VARIABLE", +// "repository": "my-repo", +// "variable_name": "MY_VARIABLE", +// "plaintext_value": "my-value", // }, // want: map[string]any{ -// "id": "my-repo:MY_VARIABLE", -// "repository": "my-repo", -// "repository_id": 123456, -// "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "id": "my-repo:MY_VARIABLE", +// "repository": "my-repo", +// "repository_id": 123456, +// "variable_name": "MY_VARIABLE", +// "plaintext_value": "my-value", // }, // shouldError: false, // }, diff --git a/github/resource_github_dependabot_organization_secret.go b/github/resource_github_dependabot_organization_secret.go index cf81d6d426..b0636f80c6 100644 --- a/github/resource_github_dependabot_organization_secret.go +++ b/github/resource_github_dependabot_organization_secret.go @@ -28,23 +28,41 @@ func resourceGithubDependabotOrganizationSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, + RequiredWith: []string{"value_encrypted"}, + ConflictsWith: []string{"value", "plaintext_value"}, Description: "ID of the public key used to encrypt the secret.", - ConflictsWith: []string{"plaintext_value"}, + }, + "value": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + Description: "Plaintext value to be encrypted.", + }, + "value_encrypted": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Value encrypted with the GitHub public key, defined by key_id, in Base64 format.", }, "encrypted_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + Deprecated: "Use value_encrypted and key_id.", }, "plaintext_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, Description: "Plaintext value of the secret to be encrypted.", + Deprecated: "Use value.", }, "visibility": { Type: schema.TypeString, @@ -101,7 +119,7 @@ func resourceGithubDependabotOrganizationSecretCreate(ctx context.Context, d *sc secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") visibility := d.Get("visibility").(string) repoIDs := github.DependabotSecretsSelectedRepoIDs{} @@ -125,7 +143,7 @@ func resourceGithubDependabotOrganizationSecretCreate(ctx context.Context, d *sc } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { @@ -250,7 +268,7 @@ func resourceGithubDependabotOrganizationSecretUpdate(ctx context.Context, d *sc secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") visibility := d.Get("visibility").(string) repoIDs := github.DependabotSecretsSelectedRepoIDs{} @@ -274,7 +292,7 @@ func resourceGithubDependabotOrganizationSecretUpdate(ctx context.Context, d *sc } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { diff --git a/github/resource_github_dependabot_organization_secret_repositories_test.go b/github/resource_github_dependabot_organization_secret_repositories_test.go index c3191d4c65..cc73a0e561 100644 --- a/github/resource_github_dependabot_organization_secret_repositories_test.go +++ b/github/resource_github_dependabot_organization_secret_repositories_test.go @@ -20,7 +20,7 @@ func TestAccGithubDependabotOrganizationSecretRepositories(t *testing.T) { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "selected" } diff --git a/github/resource_github_dependabot_organization_secret_repository_test.go b/github/resource_github_dependabot_organization_secret_repository_test.go index 04771315bc..3d022df548 100644 --- a/github/resource_github_dependabot_organization_secret_repository_test.go +++ b/github/resource_github_dependabot_organization_secret_repository_test.go @@ -19,7 +19,7 @@ func TestAccGithubDependabotOrganizationSecretRepository(t *testing.T) { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "selected" } diff --git a/github/resource_github_dependabot_organization_secret_test.go b/github/resource_github_dependabot_organization_secret_test.go index ba5d350169..1a1871bcb0 100644 --- a/github/resource_github_dependabot_organization_secret_test.go +++ b/github/resource_github_dependabot_organization_secret_test.go @@ -22,9 +22,9 @@ func TestAccGithubDependabotOrganizationSecret(t *testing.T) { config := ` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } ` @@ -37,8 +37,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -50,8 +50,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -71,7 +71,7 @@ resource "github_dependabot_organization_secret" "test" { config := ` resource "github_dependabot_organization_secret" "test" { secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" visibility = "all" } ` @@ -85,8 +85,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value_encrypted", value), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -98,8 +98,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "encrypted_value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value_encrypted", valueUpdated), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -122,7 +122,7 @@ data "github_dependabot_organization_public_key" "default" {} resource "github_dependabot_organization_secret" "test" { secret_name = "%s" key_id = data.github_dependabot_organization_public_key.default.key_id - encrypted_value = "%s" + value_encrypted = "%s" visibility = "all" } ` @@ -136,8 +136,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value_encrypted", value), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -149,8 +149,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "encrypted_value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value_encrypted", valueUpdated), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -169,9 +169,9 @@ resource "github_dependabot_organization_secret" "test" { config := ` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } ` @@ -184,8 +184,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -197,8 +197,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "all"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -217,9 +217,9 @@ resource "github_dependabot_organization_secret" "test" { config := ` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "private" + secret_name = "%s" + value = "%s" + visibility = "private" } ` @@ -232,8 +232,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "private"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -245,8 +245,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "private"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -275,9 +275,9 @@ resource "github_repository" "test_1" { } resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "selected" + secret_name = "%s" + value = "%s" + visibility = "selected" selected_repository_ids = [github_repository.test_%s.repo_id] } @@ -292,8 +292,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "1"), resource.TestCheckResourceAttrPair("github_dependabot_organization_secret.test", "selected_repository_ids.0", "github_repository.test_0", "repo_id"), @@ -306,8 +306,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "1"), resource.TestCheckResourceAttrPair("github_dependabot_organization_secret.test", "selected_repository_ids.0", "github_repository.test_1", "repo_id"), @@ -327,9 +327,9 @@ resource "github_dependabot_organization_secret" "test" { config := ` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "selected" + secret_name = "%s" + value = "%s" + visibility = "selected" } ` @@ -342,8 +342,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -355,8 +355,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", "selected"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -377,9 +377,9 @@ resource "github_dependabot_organization_secret" "test" { config := ` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "%s" + secret_name = "%s" + value = "%s" + visibility = "%s" } ` @@ -392,8 +392,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", visibility), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -405,8 +405,8 @@ resource "github_dependabot_organization_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "secret_name", secretName), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "key_id"), - resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "plaintext_value", valueUpdated), - resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "value", valueUpdated), + resource.TestCheckNoResourceAttr("github_dependabot_organization_secret.test", "value_encrypted"), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "visibility", visibilityUpdated), resource.TestCheckResourceAttr("github_dependabot_organization_secret.test", "selected_repository_ids.#", "0"), resource.TestCheckResourceAttrSet("github_dependabot_organization_secret.test", "created_at"), @@ -424,9 +424,9 @@ resource "github_dependabot_organization_secret" "test" { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -498,9 +498,9 @@ resource "github_dependabot_organization_secret" "test" { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" lifecycle { ignore_changes = [remote_updated_at] @@ -575,9 +575,9 @@ resource "github_dependabot_organization_secret" "test" { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -603,9 +603,9 @@ resource "github_dependabot_organization_secret" "test" { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" } `, secretName, value) @@ -620,7 +620,7 @@ resource "github_dependabot_organization_secret" "test" { ResourceName: "github_dependabot_organization_secret.test", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"key_id", "plaintext_value", "destroy_on_drift"}, + ImportStateVerifyIgnore: []string{"key_id", "value", "destroy_on_drift"}, }, }, }) @@ -633,9 +633,9 @@ resource "github_dependabot_organization_secret" "test" { config := fmt.Sprintf(` resource "github_dependabot_organization_secret" "test" { - secret_name = "%s" - plaintext_value = "%s" - visibility = "all" + secret_name = "%s" + value = "%s" + visibility = "all" selected_repository_ids = [123456] } diff --git a/github/resource_github_dependabot_secret.go b/github/resource_github_dependabot_secret.go index 3f03cc6eca..7f0de25e8a 100644 --- a/github/resource_github_dependabot_secret.go +++ b/github/resource_github_dependabot_secret.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) func resourceGithubDependabotSecret() *schema.Resource { @@ -46,22 +47,41 @@ func resourceGithubDependabotSecret() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ConflictsWith: []string{"plaintext_value"}, + RequiredWith: []string{"value_encrypted"}, + ConflictsWith: []string{"value", "plaintext_value"}, Description: "ID of the public key used to encrypt the secret.", }, - "encrypted_value": { + "value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, - Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + Description: "Plaintext value to be encrypted.", + }, + "value_encrypted": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Value encrypted with the GitHub public key, defined by key_id, in Base64 format.", + }, + "encrypted_value": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringIsBase64), + Description: "Encrypted value of the secret using the GitHub public key in Base64 format.", + Deprecated: "Use value_encrypted and key_id.", }, "plaintext_value": { Type: schema.TypeString, Optional: true, Sensitive: true, - ExactlyOneOf: []string{"encrypted_value", "plaintext_value"}, + ExactlyOneOf: []string{"value", "value_encrypted", "encrypted_value", "plaintext_value"}, Description: "Plaintext value of the secret to be encrypted.", + Deprecated: "Use value.", }, "created_at": { Type: schema.TypeString, @@ -103,7 +123,7 @@ func resourceGithubDependabotSecretCreate(ctx context.Context, d *schema.Resourc repoName := d.Get("repository").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") repo, _, err := client.Repositories.Get(ctx, owner, repoName) if err != nil { @@ -123,7 +143,7 @@ func resourceGithubDependabotSecretCreate(ctx context.Context, d *schema.Resourc } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { @@ -226,7 +246,7 @@ func resourceGithubDependabotSecretUpdate(ctx context.Context, d *schema.Resourc repoName := d.Get("repository").(string) secretName := d.Get("secret_name").(string) keyID := d.Get("key_id").(string) - encryptedValue := d.Get("encrypted_value").(string) + encryptedValue, _ := resourceKeysGetOk[string](d, "value_encrypted", "encrypted_value") var publicKey string if len(keyID) == 0 || len(encryptedValue) == 0 { @@ -240,7 +260,7 @@ func resourceGithubDependabotSecretUpdate(ctx context.Context, d *schema.Resourc } if len(encryptedValue) == 0 { - plaintextValue := d.Get("plaintext_value").(string) + plaintextValue, _ := resourceKeysGetOk[string](d, "value", "plaintext_value") encryptedBytes, err := encryptPlaintext(plaintextValue, publicKey) if err != nil { diff --git a/github/resource_github_dependabot_secret_migration_test.go b/github/resource_github_dependabot_secret_migration_test.go index b112a4149b..f5b6255373 100644 --- a/github/resource_github_dependabot_secret_migration_test.go +++ b/github/resource_github_dependabot_secret_migration_test.go @@ -20,17 +20,17 @@ package github // { // testName: "migrates v0 to v1", // rawState: map[string]any{ -// "id": "my-repo:MY_VARIABLE", -// "repository": "my-repo", -// "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "id": "my-repo:MY_VARIABLE", +// "repository": "my-repo", +// "variable_name": "MY_VARIABLE", +// "plaintext_value": "my-value", // }, // want: map[string]any{ -// "id": "my-repo:MY_VARIABLE", -// "repository": "my-repo", -// "repository_id": 123456, -// "variable_name": "MY_VARIABLE", -// "value": "my-value", +// "id": "my-repo:MY_VARIABLE", +// "repository": "my-repo", +// "repository_id": 123456, +// "variable_name": "MY_VARIABLE", +// "plaintext_value": "my-value", // }, // shouldError: false, // }, diff --git a/github/resource_github_dependabot_secret_test.go b/github/resource_github_dependabot_secret_test.go index 1b9beb41ae..97a364fea8 100644 --- a/github/resource_github_dependabot_secret_test.go +++ b/github/resource_github_dependabot_secret_test.go @@ -26,9 +26,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + secret_name = "%s" + value = "%s" } `, repoName, secretName, value) @@ -41,8 +41,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -65,9 +65,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "%s" + repository = github_repository.test.name + secret_name = "%s" + value = "%s" } ` @@ -80,8 +80,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "plaintext_value", value), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value", value), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -92,8 +92,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "plaintext_value", updatedValue), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "encrypted_value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value", updatedValue), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value_encrypted"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -118,7 +118,7 @@ resource "github_repository" "test" { resource "github_dependabot_secret" "test" { repository = github_repository.test.name secret_name = "%s" - encrypted_value = "%s" + value_encrypted = "%s" } ` @@ -131,8 +131,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -143,8 +143,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -171,10 +171,10 @@ data "github_dependabot_public_key" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - key_id = data.github_dependabot_public_key.test.key_id - secret_name = "%s" - encrypted_value = "%s" + repository = github_repository.test.name + key_id = data.github_dependabot_public_key.test.key_id + secret_name = "%s" + value_encrypted = "%s" } ` @@ -187,8 +187,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "encrypted_value", value), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value_encrypted", value), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -199,8 +199,8 @@ resource "github_dependabot_secret" "test" { Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrPair("github_dependabot_secret.test", "repository", "github_repository.test", "name"), resource.TestCheckResourceAttr("github_dependabot_secret.test", "secret_name", secretName), - resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "plaintext_value"), - resource.TestCheckResourceAttr("github_dependabot_secret.test", "encrypted_value", updatedValue), + resource.TestCheckNoResourceAttr("github_dependabot_secret.test", "value"), + resource.TestCheckResourceAttr("github_dependabot_secret.test", "value_encrypted", updatedValue), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "key_id"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "created_at"), resource.TestCheckResourceAttrSet("github_dependabot_secret.test", "updated_at"), @@ -221,9 +221,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" } `, repoName, secretName) @@ -298,9 +298,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" lifecycle { ignore_changes = [remote_updated_at] @@ -379,9 +379,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } ` @@ -435,9 +435,9 @@ resource "github_repository" "test2" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -451,9 +451,9 @@ resource "github_repository" "test2" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test2.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test2.name + secret_name = "test" + value = "test" } `, repoName, repoName2) @@ -502,9 +502,9 @@ resource "github_dependabot_secret" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "test" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "test" + value = "test" } `, repoName) @@ -534,9 +534,9 @@ resource "github_repository" "test" { } resource "github_dependabot_secret" "test" { - repository = github_repository.test.name - secret_name = "%s" - plaintext_value = "test" + repository = github_repository.test.name + secret_name = "%s" + value = "test" } `, repoName, secretName) @@ -551,7 +551,7 @@ resource "github_dependabot_secret" "test" { ResourceName: "github_dependabot_secret.test", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"key_id", "plaintext_value"}, + ImportStateVerifyIgnore: []string{"key_id", "value"}, }, }, }) diff --git a/github/util.go b/github/util.go index bd5e67e2f7..e16e568e04 100644 --- a/github/util.go +++ b/github/util.go @@ -281,3 +281,16 @@ func toInt64(v any) int64 { return 0 } } + +// resourceKeysGetOk is a helper function that checks multiple keys in the ResourceData and returns the first one that is set and a boolean indicating if any were set. +func resourceKeysGetOk[T any](d *schema.ResourceData, keys ...string) (T, bool) { + var empty T + for _, key := range keys { + if v, ok := d.GetOk(key); ok { + if vv, ok := v.(T); ok { + return vv, true + } + } + } + return empty, false +} diff --git a/github/util_test.go b/github/util_test.go index 38db46353d..6442a70ff2 100644 --- a/github/util_test.go +++ b/github/util_test.go @@ -5,6 +5,7 @@ import ( "unicode" "github.com/hashicorp/go-cty/cty" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func Test_escapeIDPart(t *testing.T) { @@ -397,6 +398,75 @@ func Test_parseID4(t *testing.T) { } } +func Test_resourceKeysGetOk_string(t *testing.T) { + t.Parallel() + + key0, key1 := "foo", "bar" + expect := "bar" + unwanted := "baz" + s := map[string]*schema.Schema{ + key0: { + Type: schema.TypeString, + Optional: true, + }, + key1: { + Type: schema.TypeString, + Optional: true, + }, + } + + for _, d := range []struct { + testName string + data *schema.ResourceData + keys []string + found bool + }{ + { + testName: "none", + data: schema.TestResourceDataRaw(t, s, map[string]any{}), + keys: []string{key0, key1}, + found: false, + }, + { + testName: "only_first_key", + data: schema.TestResourceDataRaw(t, s, map[string]any{key0: expect}), + keys: []string{key0, key1}, + found: true, + }, + { + testName: "only_second_key", + data: schema.TestResourceDataRaw(t, s, map[string]any{key1: expect}), + keys: []string{key0, key1}, + found: true, + }, + { + testName: "first_key", + data: schema.TestResourceDataRaw(t, s, map[string]any{key0: expect, key1: unwanted}), + keys: []string{key0, key1}, + found: true, + }, + { + testName: "second_key", + data: schema.TestResourceDataRaw(t, s, map[string]any{key0: "", key1: expect}), + keys: []string{key0, key1}, + found: true, + }, + } { + t.Run(d.testName, func(t *testing.T) { + t.Parallel() + + got, found := resourceKeysGetOk[string](d.data, d.keys...) + + if found != d.found { + t.Fatalf("expected found to be %v but got %v", d.found, found) + } + if found && got != expect { + t.Fatalf("expected value to be %q but got %q", expect, got) + } + }) + } +} + func TestGithubUtilRole_validation(t *testing.T) { cases := []struct { Value string diff --git a/website/docs/r/actions_environment_secret.html.markdown b/website/docs/r/actions_environment_secret.html.markdown index 9e8f524abf..5d332c8f8c 100644 --- a/website/docs/r/actions_environment_secret.html.markdown +++ b/website/docs/r/actions_environment_secret.html.markdown @@ -13,9 +13,9 @@ You must have write access to a repository to use this resource. Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. -For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, +For the purposes of security, the contents of the `value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. -It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` +It is also advised that you do not store plaintext values in your code but rather populate the `value_encrypted` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. @@ -23,10 +23,10 @@ in your code. See below for an example of this abstraction. ```hcl resource "github_actions_environment_secret" "example_plaintext" { - repository = "example-repo" - environment = "example-environment" - secret_name = "example_secret_name" - plaintext_value = "example-value + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + value = "example-value } resource "github_actions_environment_secret" "example_encrypted" { @@ -34,7 +34,7 @@ resource "github_actions_environment_secret" "example_encrypted" { environment = "example-environment" secret_name = "example_secret_name" key_id = var.key_id - encrypted_value = var.encrypted_secret_string + value_encrypted = var.encrypted_secret_string } ``` @@ -49,10 +49,10 @@ resource "github_repository_environment" "example_plaintext" { } resource "github_actions_environment_secret" "example_encrypted" { - repository = data.github_repository.example.name - environment = github_repository_environment.example.environment - secret_name = "test_secret_name" - plaintext_value = "example-value" + repository = data.github_repository.example.name + environment = github_repository_environment.example.environment + secret_name = "test_secret_name" + value = "example-value" } ``` @@ -62,10 +62,10 @@ This resource supports using the `lifecycle` `ignore_changes` block on `remote_u ```hcl resource "github_actions_environment_secret" "example_allow_drift" { - repository = "example-repo" - environment = "example-environment" - secret_name = "example_secret_name" - plaintext_value = "placeholder" + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + value = "placeholder" lifecycle { ignore_changes = [remote_updated_at] @@ -80,11 +80,13 @@ The following arguments are supported: - `repository` - (Required) Name of the repository. - `environment` - (Required) Name of the environment. - `secret_name` - (Required) Name of the secret. -- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. -- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. -- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `key_id` - (Optional) ID of the public key used to encrypt the secret, required when setting `encrypted_value`. +- `value` - (Optional) Plaintext value of the secret to be encrypted. This conflicts with `value_encrypted`, `encrypted_value` & `plaintext_value`. +- `value_encrypted` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format, `key_id` is required with this value. This conflicts with `value`, `encrypted_value` & `plaintext_value`. +- `encrypted_value` - (**DEPRECATED**)(Optional) Please use `value_encrypted`. +- `plaintext_value` - (**DEPRECATED**)(Optional) Please use `value`. -~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. +~> **Note**: One of either `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` must be specified. ## Attributes Reference @@ -97,7 +99,7 @@ The following arguments are supported: This resource can be imported using an ID made of the repository name, environment name (URL escaped), and secret name all separated by a `:`. -~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. +~> **Note**: When importing secrets, the `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. ### Import Block diff --git a/website/docs/r/actions_organization_secret.html.markdown b/website/docs/r/actions_organization_secret.html.markdown index 3531fc0b29..9a6c894283 100644 --- a/website/docs/r/actions_organization_secret.html.markdown +++ b/website/docs/r/actions_organization_secret.html.markdown @@ -13,9 +13,9 @@ You must have write access to a repository to use this resource. Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. -For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, +For the purposes of security, the contents of the `value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. -It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` +It is also advised that you do not store plaintext values in your code but rather populate the `value_encrypted` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. @@ -23,15 +23,15 @@ in your code. See below for an example of this abstraction. ```hcl resource "github_actions_organization_secret" "example_plaintext" { - secret_name = "example_secret_name" - visibility = "all" - plaintext_value = var.some_secret_string + secret_name = "example_secret_name" + visibility = "all" + value = var.some_secret_string } resource "github_actions_organization_secret" "example_encrypted" { secret_name = "example_secret_name" visibility = "all" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string } ``` @@ -43,14 +43,14 @@ data "github_repository" "repo" { resource "github_actions_organization_secret" "example_encrypted" { secret_name = "example_secret_name" visibility = "selected" - plaintext_value = var.some_secret_string + value = var.some_secret_string selected_repository_ids = [data.github_repository.repo.repo_id] } resource "github_actions_organization_secret" "example_secret" { secret_name = "example_secret_name" visibility = "selected" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string selected_repository_ids = [data.github_repository.repo.repo_id] } ``` @@ -63,7 +63,7 @@ This resource supports using the `lifecycle` `ignore_changes` block on `remote_u resource "github_actions_organization_secret" "example_allow_drift" { secret_name = "example_secret_name" visibility = "all" - plaintext_value = "placeholder" + value = "placeholder" lifecycle { ignore_changes = [remote_updated_at] @@ -76,14 +76,16 @@ resource "github_actions_organization_secret" "example_allow_drift" { The following arguments are supported: - `secret_name` - (Required) Name of the secret. -- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. -- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. -- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `key_id` - (Optional) ID of the public key used to encrypt the secret, required when setting `encrypted_value`. +- `value` - (Optional) Plaintext value of the secret to be encrypted. This conflicts with `value_encrypted`, `encrypted_value` & `plaintext_value`. +- `value_encrypted` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format, `key_id` is required with this value. This conflicts with `value`, `encrypted_value` & `plaintext_value`. +- `encrypted_value` - (**DEPRECATED**)(Optional) Please use `value_encrypted`. +- `plaintext_value` - (**DEPRECATED**)(Optional) Please use `value`. - `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. - `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. - `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. -~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. +~> **Note**: One of either `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` must be specified. ## Attributes Reference @@ -95,7 +97,7 @@ The following arguments are supported: This resource can be imported using the secret name as the ID. -~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. +~> **Note**: When importing secrets, the `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. ### Import Block diff --git a/website/docs/r/actions_organization_secret_repositories.html.markdown b/website/docs/r/actions_organization_secret_repositories.html.markdown index 6e822b19c2..7cbff71ae4 100644 --- a/website/docs/r/actions_organization_secret_repositories.html.markdown +++ b/website/docs/r/actions_organization_secret_repositories.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_actions_organization_secret" "example" { - secret_name = "mysecret" - plaintext_value = "foo" - visibility = "selected" + secret_name = "mysecret" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/actions_organization_secret_repository.html.markdown b/website/docs/r/actions_organization_secret_repository.html.markdown index 4876cf0363..f5e9e67959 100644 --- a/website/docs/r/actions_organization_secret_repository.html.markdown +++ b/website/docs/r/actions_organization_secret_repository.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_actions_organization_secret" "example" { - secret_name = "mysecret" - plaintext_value = "foo" - visibility = "selected" + secret_name = "mysecret" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/actions_organization_variable_repositories.html.markdown b/website/docs/r/actions_organization_variable_repositories.html.markdown index 56975c302f..d69d24bfe8 100644 --- a/website/docs/r/actions_organization_variable_repositories.html.markdown +++ b/website/docs/r/actions_organization_variable_repositories.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_actions_organization_variable" "example" { - variable_name = "myvariable" - plaintext_value = "foo" - visibility = "selected" + variable_name = "myvariable" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/actions_organization_variable_repository.html.markdown b/website/docs/r/actions_organization_variable_repository.html.markdown index 7fc0992200..721a58db7a 100644 --- a/website/docs/r/actions_organization_variable_repository.html.markdown +++ b/website/docs/r/actions_organization_variable_repository.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_actions_organization_variable" "example" { - variable_name = "myvariable" - plaintext_value = "foo" - visibility = "selected" + variable_name = "myvariable" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/actions_secret.html.markdown b/website/docs/r/actions_secret.html.markdown index e7636cc9d3..9b5890c0b0 100644 --- a/website/docs/r/actions_secret.html.markdown +++ b/website/docs/r/actions_secret.html.markdown @@ -13,9 +13,9 @@ You must have write access to a repository to use this resource. Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. -For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, +For the purposes of security, the contents of the `value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. -It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` +It is also advised that you do not store plaintext values in your code but rather populate the `value_encrypted` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. @@ -23,15 +23,15 @@ in your code. See below for an example of this abstraction. ```hcl resource "github_actions_secret" "example_plaintext" { - repository = "example_repository" - secret_name = "example_secret_name" - plaintext_value = var.some_secret_string + repository = "example_repository" + secret_name = "example_secret_name" + value = var.some_secret_string } resource "github_actions_secret" "example_encrypted" { repository = "example_repository" secret_name = "example_secret_name" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string } ``` @@ -41,9 +41,9 @@ This resource supports using the `lifecycle` `ignore_changes` block on `remote_u ```hcl resource "github_actions_secret" "example_allow_drift" { - repository = "example_repository" - secret_name = "example_secret_name" - plaintext_value = "placeholder" + repository = "example_repository" + secret_name = "example_secret_name" + value = "placeholder" lifecycle { ignore_changes = [remote_updated_at] @@ -57,9 +57,11 @@ The following arguments are supported: - `repository` - (Required) Name of the repository. - `secret_name` - (Required) Name of the secret. -- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. -- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. -- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `key_id` - (Optional) ID of the public key used to encrypt the secret, required when setting `encrypted_value`. +- `value` - (Optional) Plaintext value of the secret to be encrypted. This conflicts with `value_encrypted`, `encrypted_value` & `plaintext_value`. +- `value_encrypted` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format, `key_id` is required with this value. This conflicts with `value`, `encrypted_value` & `plaintext_value`. +- `encrypted_value` - (**DEPRECATED**)(Optional) Please use `value_encrypted`. +- `plaintext_value` - (**DEPRECATED**)(Optional) Please use `value`. - `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. ~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. @@ -75,7 +77,7 @@ The following arguments are supported: This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. -~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. +~> **Note**: When importing secrets, the `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. ### Import Block diff --git a/website/docs/r/dependabot_organization_secret.html.markdown b/website/docs/r/dependabot_organization_secret.html.markdown index b1a8197b5d..0cee525884 100644 --- a/website/docs/r/dependabot_organization_secret.html.markdown +++ b/website/docs/r/dependabot_organization_secret.html.markdown @@ -13,9 +13,9 @@ You must have write access to a repository to use this resource. Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. -For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, +For the purposes of security, the contents of the `value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. -It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` +It is also advised that you do not store plaintext values in your code but rather populate the `value_encrypted` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. @@ -23,15 +23,15 @@ in your code. See below for an example of this abstraction. ```hcl resource "github_dependabot_organization_secret" "example_plaintext" { - secret_name = "example_secret_name" - visibility = "all" - plaintext_value = var.some_secret_string + secret_name = "example_secret_name" + visibility = "all" + value = var.some_secret_string } resource "github_dependabot_organization_secret" "example_secret" { secret_name = "example_secret_name" visibility = "all" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string } ``` @@ -43,14 +43,14 @@ data "github_repository" "repo" { resource "github_dependabot_organization_secret" "example_plaintext" { secret_name = "example_secret_name" visibility = "selected" - plaintext_value = var.some_secret_string + value = var.some_secret_string selected_repository_ids = [data.github_repository.repo.repo_id] } resource "github_dependabot_organization_secret" "example_encrypted" { secret_name = "example_secret_name" visibility = "selected" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string selected_repository_ids = [data.github_repository.repo.repo_id] } ``` @@ -61,10 +61,10 @@ This resource supports using the `lifecycle` `ignore_changes` block on `remote_u ```hcl resource "github_dependabot_organization_secret" "example_allow_drift" { - secret_name = "example_secret_name" - visibility = "all" - secret_name = "example_secret_name" - plaintext_value = "placeholder" + secret_name = "example_secret_name" + visibility = "all" + secret_name = "example_secret_name" + value = "placeholder" lifecycle { ignore_changes = [remote_updated_at] @@ -77,12 +77,16 @@ resource "github_dependabot_organization_secret" "example_allow_drift" { The following arguments are supported: - `secret_name` - (Required) Name of the secret. -- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. -- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. -- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `key_id` - (Optional) ID of the public key used to encrypt the secret, required when setting `encrypted_value`. +- `value` - (Optional) Plaintext value of the secret to be encrypted. This conflicts with `value_encrypted`, `encrypted_value` & `plaintext_value`. +- `value_encrypted` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format, `key_id` is required with this value. This conflicts with `value`, `encrypted_value` & `plaintext_value`. +- `encrypted_value` - (**DEPRECATED**)(Optional) Please use `value_encrypted`. +- `plaintext_value` - (**DEPRECATED**)(Optional) Please use `value`. - `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. - `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. +~> **Note**: One of either `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` must be specified. + ## Attributes Reference - `created_at` - Date the secret was created. @@ -93,7 +97,7 @@ The following arguments are supported: This resource can be imported using the secret name as the ID. -~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. +~> **Note**: When importing secrets, the `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. ### Import Block diff --git a/website/docs/r/dependabot_organization_secret_repositories.html.markdown b/website/docs/r/dependabot_organization_secret_repositories.html.markdown index aca52a612a..b13fda64d8 100644 --- a/website/docs/r/dependabot_organization_secret_repositories.html.markdown +++ b/website/docs/r/dependabot_organization_secret_repositories.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_dependabot_organization_secret" "example" { - secret_name = "mysecret" - plaintext_value = "foo" - visibility = "selected" + secret_name = "mysecret" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/dependabot_organization_secret_repository.html.markdown b/website/docs/r/dependabot_organization_secret_repository.html.markdown index 1477ac64ad..47d2cf5f85 100644 --- a/website/docs/r/dependabot_organization_secret_repository.html.markdown +++ b/website/docs/r/dependabot_organization_secret_repository.html.markdown @@ -16,9 +16,9 @@ This resource is only applicable when `visibility` of the existing organization ```hcl resource "github_dependabot_organization_secret" "example" { - secret_name = "mysecret" - plaintext_value = "foo" - visibility = "selected" + secret_name = "mysecret" + value = "foo" + visibility = "selected" } resource "github_repository" "example" { diff --git a/website/docs/r/dependabot_secret.html.markdown b/website/docs/r/dependabot_secret.html.markdown index 68bda004cc..07c24cf91e 100644 --- a/website/docs/r/dependabot_secret.html.markdown +++ b/website/docs/r/dependabot_secret.html.markdown @@ -13,9 +13,9 @@ You must have write access to a repository to use this resource. Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. -For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, +For the purposes of security, the contents of the `value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. -It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` +It is also advised that you do not store plaintext values in your code but rather populate the `value_encrypted` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. @@ -23,15 +23,15 @@ in your code. See below for an example of this abstraction. ```hcl resource "github_dependabot_secret" "example_plaintext" { - repository = "example_repository" - secret_name = "example_secret_name" - plaintext_value = var.some_secret_string + repository = "example_repository" + secret_name = "example_secret_name" + value = var.some_secret_string } resource "github_dependabot_secret" "example_encrypted" { repository = "example_repository" secret_name = "example_secret_name" - encrypted_value = var.some_encrypted_secret_string + value_encrypted = var.some_encrypted_secret_string } ``` @@ -41,9 +41,9 @@ This resource supports using the `lifecycle` `ignore_changes` block on `remote_u ```hcl resource "github_dependabot_secret" "example_allow_drift" { - repository = "example_repository" - secret_name = "example_secret_name" - plaintext_value = "placeholder" + repository = "example_repository" + secret_name = "example_secret_name" + value = "placeholder" lifecycle { ignore_changes = [remote_updated_at] @@ -57,11 +57,13 @@ The following arguments are supported: - `repository` - (Required) Name of the repository. - `secret_name` - (Required) Name of the secret. -- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. -- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. -- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `key_id` - (Optional) ID of the public key used to encrypt the secret, required when setting `encrypted_value`. +- `value` - (Optional) Plaintext value of the secret to be encrypted. This conflicts with `value_encrypted`, `encrypted_value` & `plaintext_value`. +- `value_encrypted` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format, `key_id` is required with this value. This conflicts with `value`, `encrypted_value` & `plaintext_value`. +- `encrypted_value` - (**DEPRECATED**)(Optional) Please use `value_encrypted`. +- `plaintext_value` - (**DEPRECATED**)(Optional) Please use `value`. -~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. +~> **Note**: One of either `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` must be specified. ## Attributes Reference @@ -74,7 +76,7 @@ The following arguments are supported: This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. -~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. +~> **Note**: When importing secrets, the `value`, `value_encrypted`, `encrypted_value`, or `plaintext_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. ### Import Block