feat: add woodpecker_repository_secret resource (#7)

This commit is contained in:
Dawid Wysokiński 2023-09-02 08:24:04 +02:00 committed by GitHub
parent 3a575d2f7b
commit 56b1ca02b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 530 additions and 0 deletions

View File

@ -0,0 +1,55 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "woodpecker_repository_secret Resource - terraform-provider-woodpecker"
subcategory: ""
description: |-
This resource allows you to add/remove secrets that are only available to specific repositories. When applied, a new secret will be created. When destroyed, that secret will be removed. For more information see the Woodpecker docs https://woodpecker-ci.org/docs/usage/secrets.
---
# woodpecker_repository_secret (Resource)
This resource allows you to add/remove secrets that are only available to specific repositories. When applied, a new secret will be created. When destroyed, that secret will be removed. For more information see [the Woodpecker docs](https://woodpecker-ci.org/docs/usage/secrets).
## Example Usage
```terraform
resource "woodpecker_repository" "test_repo" {
full_name = "Kichiyaki/test-repo"
is_trusted = true
visibility = "public"
}
resource "woodpecker_repository_secret" "test" {
repository_id = woodpecker_repository.test_repo.id
name = "test"
value = "test"
events = ["cron", "deployment"]
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `events` (Set of String) events for which the secret is available (push, tag, pull_request, deployment, cron, manual)
- `name` (String) the name of the secret
- `repository_id` (Number) the ID of the repository
- `value` (String, Sensitive) the value of the secret
### Optional
- `images` (Set of String) list of Docker images for which this secret is available, leave blank to allow all images
- `plugins_only` (Boolean) whether secret is only available for [plugins](https://woodpecker-ci.org/docs/usage/plugins/plugins)
### Read-Only
- `id` (Number) the secret's id
## Import
Import is supported using the following syntax:
```shell
terraform import woodpecker_repository_secret.test "<repository_id>/<name>"
```

View File

@ -0,0 +1 @@
terraform import woodpecker_repository_secret.test "<repository_id>/<name>"

View File

@ -0,0 +1,12 @@
resource "woodpecker_repository" "test_repo" {
full_name = "Kichiyaki/test-repo"
is_trusted = true
visibility = "public"
}
resource "woodpecker_repository_secret" "test" {
repository_id = woodpecker_repository.test_repo.id
name = "test"
value = "test"
events = ["cron", "deployment"]
}

View File

@ -153,3 +153,43 @@ func (m *repositoryModel) toWoodpeckerPatch(ctx context.Context) (*woodpecker.Re
AllowPull: m.AllowPullRequests.ValueBoolPointer(),
}, nil
}
type repositorySecretResourceModel struct {
ID types.Int64 `tfsdk:"id"`
RepositoryID types.Int64 `tfsdk:"repository_id"`
Name types.String `tfsdk:"name"`
Value types.String `tfsdk:"value"`
Images types.Set `tfsdk:"images"`
PluginsOnly types.Bool `tfsdk:"plugins_only"`
Events types.Set `tfsdk:"events"`
}
func (m *repositorySecretResourceModel) setValues(ctx context.Context, secret *woodpecker.Secret) diag.Diagnostics {
var diagsRes diag.Diagnostics
var diags diag.Diagnostics
m.ID = types.Int64Value(secret.ID)
m.Name = types.StringValue(secret.Name)
m.Images, diags = types.SetValueFrom(ctx, types.StringType, secret.Images)
diagsRes.Append(diags...)
m.PluginsOnly = types.BoolValue(secret.PluginsOnly)
m.Events, diags = types.SetValueFrom(ctx, types.StringType, secret.Events)
diagsRes.Append(diags...)
return diagsRes
}
func (m *repositorySecretResourceModel) toWoodpeckerModel(ctx context.Context) (*woodpecker.Secret, diag.Diagnostics) {
var diags diag.Diagnostics
secret := &woodpecker.Secret{
ID: m.ID.ValueInt64(),
Name: m.Name.ValueString(),
Value: m.Value.ValueString(),
PluginsOnly: m.PluginsOnly.ValueBool(),
}
diags.Append(m.Images.ElementsAs(ctx, &secret.Images, false)...)
diags.Append(m.Events.ElementsAs(ctx, &secret.Events, false)...)
return secret, diags
}

View File

@ -65,6 +65,7 @@ func (p *woodpeckerProvider) Resources(_ context.Context) []func() resource.Reso
newUserResource,
newSecretResource,
newRepositoryResource,
newRepositorySecretResource,
}
}

View File

@ -0,0 +1,240 @@
package internal
import (
"context"
"fmt"
"strconv"
"strings"
"github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/setplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/woodpecker-ci/woodpecker/woodpecker-go/woodpecker"
)
type repositorySecretResource struct {
client woodpecker.Client
}
var _ resource.Resource = (*repositorySecretResource)(nil)
var _ resource.ResourceWithConfigure = (*repositorySecretResource)(nil)
var _ resource.ResourceWithImportState = (*repositorySecretResource)(nil)
func newRepositorySecretResource() resource.Resource {
return &repositorySecretResource{}
}
func (r *repositorySecretResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_repository_secret"
}
func (r *repositorySecretResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
resp.Schema = schema.Schema{
MarkdownDescription: "This resource allows you to add/remove secrets that are only available to specific repositories." +
" When applied, a new secret will be created." +
" When destroyed, that secret will be removed." +
" For more information see [the Woodpecker docs](https://woodpecker-ci.org/docs/usage/secrets).",
Attributes: map[string]schema.Attribute{
"id": schema.Int64Attribute{
Computed: true,
Description: "the secret's id",
PlanModifiers: []planmodifier.Int64{
int64planmodifier.UseStateForUnknown(),
},
},
"repository_id": schema.Int64Attribute{
Required: true,
Description: "the ID of the repository",
PlanModifiers: []planmodifier.Int64{
int64planmodifier.RequiresReplace(),
},
},
"name": schema.StringAttribute{
Required: true,
Description: "the name of the secret",
PlanModifiers: []planmodifier.String{
stringplanmodifier.RequiresReplace(),
},
},
"value": schema.StringAttribute{
Required: true,
Description: "the value of the secret",
Sensitive: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
},
},
"events": schema.SetAttribute{
ElementType: types.StringType,
Required: true,
Description: "events for which the secret is available (push, tag, pull_request, deployment, cron, manual)",
Validators: []validator.Set{
setvalidator.ValueStringsAre(
stringvalidator.OneOfCaseInsensitive("push", "tag", "pull_request", "deployment", "cron", "manual"),
),
},
PlanModifiers: []planmodifier.Set{
setplanmodifier.UseStateForUnknown(),
},
},
"plugins_only": schema.BoolAttribute{
Optional: true,
Computed: true,
MarkdownDescription: "whether secret is only available for [plugins](https://woodpecker-ci.org/docs/usage/plugins/plugins)",
PlanModifiers: []planmodifier.Bool{
boolplanmodifier.UseStateForUnknown(),
},
},
"images": schema.SetAttribute{
ElementType: types.StringType,
Optional: true,
Computed: true,
Description: "list of Docker images for which this secret is available, leave blank to allow all images",
PlanModifiers: []planmodifier.Set{
setplanmodifier.UseStateForUnknown(),
},
},
},
}
}
func (r *repositorySecretResource) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
// Prevent panic if the provider has not been configured.
if req.ProviderData == nil {
return
}
client, ok := req.ProviderData.(woodpecker.Client)
if !ok {
resp.Diagnostics.AddError(
"Unexpected Data Source Configure Type",
fmt.Sprintf("Expected woodpecker.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
)
return
}
r.client = client
}
func (r *repositorySecretResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
var data repositorySecretResourceModel
resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}
wData, diags := data.toWoodpeckerModel(ctx)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
secret, err := r.client.SecretCreate(data.RepositoryID.ValueInt64(), wData)
if err != nil {
resp.Diagnostics.AddError("Couldn't create secret", err.Error())
return
}
resp.Diagnostics.Append(data.setValues(ctx, secret)...)
if resp.Diagnostics.HasError() {
return
}
resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
}
func (r *repositorySecretResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
var data repositorySecretResourceModel
resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}
secret, err := r.client.Secret(data.RepositoryID.ValueInt64(), data.Name.ValueString())
if err != nil {
resp.Diagnostics.AddError("Couldn't get secret", err.Error())
}
resp.Diagnostics.Append(data.setValues(ctx, secret)...)
if resp.Diagnostics.HasError() {
return
}
resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
}
func (r *repositorySecretResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) {
var data repositorySecretResourceModel
resp.Diagnostics.Append(req.Plan.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}
wData, diags := data.toWoodpeckerModel(ctx)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
secret, err := r.client.SecretUpdate(data.RepositoryID.ValueInt64(), wData)
if err != nil {
resp.Diagnostics.AddError("Couldn't update secret", err.Error())
return
}
resp.Diagnostics.Append(data.setValues(ctx, secret)...)
if resp.Diagnostics.HasError() {
return
}
resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
}
func (r *repositorySecretResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
var data repositorySecretResourceModel
resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
if resp.Diagnostics.HasError() {
return
}
if err := r.client.SecretDelete(data.RepositoryID.ValueInt64(), data.Name.ValueString()); err != nil {
resp.Diagnostics.AddError("Couldn't delete secret", err.Error())
return
}
resp.State.RemoveResource(ctx)
}
func (r *repositorySecretResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
idParts := strings.Split(req.ID, "/")
if len(idParts) != 2 || idParts[0] == "" || idParts[1] == "" {
resp.Diagnostics.AddError(
"Unexpected Import Identifier",
fmt.Sprintf("Expected import identifier with format: repository_id/name. Got: %q", req.ID),
)
return
}
repoID, err := strconv.ParseInt(idParts[0], 10, 64)
if err != nil {
resp.Diagnostics.AddError("Invalid repository id", err.Error())
return
}
resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("repository_id"), repoID)...)
resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("name"), idParts[1])...)
}

View File

@ -0,0 +1,167 @@
package internal_test
import (
"errors"
"fmt"
"regexp"
"slices"
"strconv"
"testing"
"github.com/google/uuid"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
"github.com/hashicorp/terraform-plugin-testing/plancheck"
"github.com/hashicorp/terraform-plugin-testing/terraform"
"github.com/woodpecker-ci/woodpecker/woodpecker-go/woodpecker"
)
func TestRepositorySecretResource(t *testing.T) {
t.Parallel()
t.Run("OK", func(t *testing.T) {
t.Parallel()
repo := activateRepo(t, createRepo(t))
name := uuid.NewString()
newName := uuid.NewString()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
CheckDestroy: testAccCheckRepositorySecretResourceDestroy(repo.ID, name, newName),
Steps: []resource.TestStep{
{ // create secret
Config: fmt.Sprintf(`
resource "woodpecker_repository_secret" "test_secret" {
repository_id = %d
name = "%s"
value = "test123"
events = ["push"]
}
`, repo.ID, name),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrSet("woodpecker_repository_secret.test_secret", "id"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "repository_id", strconv.FormatInt(repo.ID, 10)),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "name", name),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "value", "test123"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "push"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "plugins_only", "false"),
),
},
{ // update secret
Config: fmt.Sprintf(`
resource "woodpecker_repository_secret" "test_secret" {
repository_id = %d
name = "%s"
value = "test123123"
events = ["push", "deployment"]
plugins_only = true
images = ["testimage"]
}
`, repo.ID, name),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrSet("woodpecker_repository_secret.test_secret", "id"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "repository_id", strconv.FormatInt(repo.ID, 10)),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "name", name),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "value", "test123123"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "push"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "deployment"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "plugins_only", "true"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "images.*", "testimage"),
),
},
{ // update secret
Config: fmt.Sprintf(`
resource "woodpecker_repository_secret" "test_secret" {
repository_id = %d
name = "%s"
value = "test123123"
events = ["push", "deployment", "cron"]
}
//`, repo.ID, name),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrSet("woodpecker_repository_secret.test_secret", "id"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "repository_id", strconv.FormatInt(repo.ID, 10)),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "name", name),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "value", "test123123"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "push"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "deployment"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "cron"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "plugins_only", "true"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "images.*", "testimage"),
),
},
{ // import
ResourceName: "woodpecker_repository_secret.test_secret",
ImportState: true,
ImportStateId: fmt.Sprintf("%d/%s", repo.ID, name),
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"value"},
},
{ // replace secret
Config: fmt.Sprintf(`
resource "woodpecker_repository_secret" "test_secret" {
repository_id = %d
name = "%s"
value = "test123New"
events = ["push"]
}
`, repo.ID, newName),
ConfigPlanChecks: resource.ConfigPlanChecks{
PreApply: []plancheck.PlanCheck{
plancheck.ExpectResourceAction("woodpecker_repository_secret.test_secret", plancheck.ResourceActionReplace),
},
},
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrSet("woodpecker_repository_secret.test_secret", "id"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "repository_id", strconv.FormatInt(repo.ID, 10)),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "name", newName),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "value", "test123New"),
resource.TestCheckTypeSetElemAttr("woodpecker_repository_secret.test_secret", "events.*", "push"),
resource.TestCheckResourceAttr("woodpecker_repository_secret.test_secret", "plugins_only", "false"),
),
},
},
})
})
t.Run("ERR: incorrect event value", func(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories,
Steps: []resource.TestStep{
{
Config: fmt.Sprintf(`
resource "woodpecker_repository_secret" "test_secret" {
repository_id = 123
name = "%s"
value = "test123"
events = ["random"]
}
`, uuid.NewString()),
ExpectError: regexp.MustCompile(`Attribute events\[Value\("random"\)] value must be one of`),
},
},
})
})
}
func testAccCheckRepositorySecretResourceDestroy(repoID int64, names ...string) func(state *terraform.State) error {
return func(state *terraform.State) error {
secrets, err := woodpeckerClient.SecretList(repoID)
if err != nil {
return fmt.Errorf("couldn't list secrets: %w", err)
}
if slices.ContainsFunc(secrets, func(secret *woodpecker.Secret) bool {
return slices.Contains(names, secret.Name)
}) {
return errors.New("at least one of the created secrets isn't deleted")
}
return nil
}
}

View File

@ -233,3 +233,17 @@ func createRepo(tb testing.TB) *gitea.Repository {
return repo
}
func activateRepo(tb testing.TB, giteaRepo *gitea.Repository) *woodpecker.Repo {
tb.Helper()
repo, err := woodpeckerClient.RepoPost(giteaRepo.ID)
if err != nil {
tb.Fatalf("got unexpected error while activating repo: %s", err)
}
tb.Cleanup(func() {
_ = woodpeckerClient.RepoDel(repo.ID)
})
return repo
}