Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import secret and access secret resources #467

Merged
merged 2 commits into from
Apr 23, 2024
Merged

Import secret and access secret resources #467

merged 2 commits into from
Apr 23, 2024

Conversation

hmlanigan
Copy link
Member

@hmlanigan hmlanigan commented Apr 22, 2024
edited by cderici
Loading

Description

Implement ImportState fully for both the secret and access secret resources.

Type of change

  • Update to resources not yet released.

Environment

  • Juju controller version: 3.5-beta1

  • Terraform version: 1.8.1

QA steps

terraform {
  required_providers {
    juju = {
      version = ">= 0.12.0"
      source  = "juju/juju"
    }
  }
}

provider "juju" {}

resource "juju_model" "my_model" {
   name = "tf-secret-test"
}

/*
resource "juju_secret" "my_secret" {
  model = juju_model.my_model.name
  name  = "my_secret_name"
  value = {
    key1 = "value1"
    key2 = "value2"
  }
  info  = "This is my secret"
}

resource "juju_access_secret"  "my_secret_access" {
  model = juju_model.my_model.name
  applications = [
    juju_application.jul.name, juju_application.jul2.name
  ]
  secret_id = juju_secret.my_secret.secret_id
}
*/

resource "juju_application" "jul" {
  name  = "jul"
  model = juju_model.my_model.name

  charm {
    name     = "jameinel-ubuntu-lite"
    channel  = "latest/stable"
  }

  units = 1
}

resource "juju_application" "jul2" {
  name  = "jul2"
  model = juju_model.my_model.name

  charm {
    name     = "jameinel-ubuntu-lite"
    channel  = "latest/stable"
  }

  units = 1
}
# Using the plan above, run:
$ terraform init && terraform plan && terraform apply -auto-approve
# Only the model and two applications will be created

# Create the secret and access details in juju
$ juju add-secret my_secret_name --info "This is my secret" key1=value1 key2=value2
secret:cojb5haeidiish9hvcrg
$ juju grant-secret my_secret_name jul,juj2

# Import the two new import resources
$ terraform import juju_secret.my_secret tf-secret-test:my_secret_name
$ terraform import juju_access_secret.my_secret_access tf-secret-test:my_secret_name

# Edit the plan: copy the contents of my_secret to my_secret_import and the contents of my_access_secret to my_access_secret_import
# Run 
$ terraform plan
# No changes should be necessary.

Additional notes

JUJU-5904

@hmlanigan hmlanigan added this to the 0.12.0 milestone Apr 22, 2024
@hmlanigan hmlanigan requested a review from cderici April 22, 2024 18:58
@hmlanigan hmlanigan force-pushed the import-secret branch 2 times, most recently from ceb9760 to 71da92e Compare April 22, 2024 19:21
cderici
cderici approved these changes Apr 22, 2024
View reviewed changes
Copy link
Contributor

@cderici cderici left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! QA went well, code looks good with a couple nits. Otherwise good to go 👍

internal/provider/resource_secret.go Outdated Show resolved Hide resolved
internal/provider/resource_secret.go Show resolved Hide resolved
internal/provider/resource_access_secret.go Outdated Show resolved Hide resolved
anvial
anvial approved these changes Apr 23, 2024
View reviewed changes
Copy link
Member

@anvial anvial left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thx, passed well.

PS: Thx for fixing (ID issue) in tests.

@hmlanigan
Save the secret URI ID not the schema.
f6a4884 
When interacting with secrets, most do not know there is a schema
associated with it. To ensure we don't get mismatches between the two
types with terraform doing a string comparision, only save the ID. The
risk is with the Access Secret resource where we cannot guarentee how
the secret id is provided. Related docs will be updated to be more
clear.
@hmlanigan
Implement full ImportState for secret and access secret resources.
10a8c9b 
Do not use ImportStatePassthroughID. This allows for importing these
resources by the secret name rather than requiring the secret URI.
It will be the only time we Read one of the resources by name rather
than ID.

Terraform errors if the ID attribute name provided in the ImportStateRequest
is not written to state at some point. In state, this will be
modelname:secretname.

Updating docs with new examples and updated schema information.
@hmlanigan hmlanigan merged commit 39e1769 into juju:main Apr 23, 2024
25 checks passed
@hmlanigan hmlanigan deleted the import-secret branch April 23, 2024 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cderici cderici cderici approved these changes

@anvial anvial anvial approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.12.0
Development

Successfully merging this pull request may close these issues.
3 participants
@hmlanigan @cderici @anvial