secret

package

v0.18.1 Latest Latest Go to latest Published: Feb 17, 2026 License: MPL-2.0 Imports: 13 Imported by: 0

Documentation ¶

Index ¶

func DatasourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)
func ResourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)
func SetHashToUnknownIfVersionChanged(ctx context.Context, plan, state generic.AttributeGetter, ...) func(attributePath path.Path, diags *diag.Diagnostics) (versionChanged bool)
func ValueFromConverter(ctx context.Context, plan, state generic.AttributeGetter, ...) (out tftypes.Value, err error)
func ValueToConverter(ctx context.Context, config, plan, state generic.AttributeGetter, ...) (out clientTypes.Secret, err error)
func WalkSecretPathsIn(raw tftypes.Value, diags *diag.Diagnostics, ...)
func WithConverterSupport(ctx context.Context, config, plan, state generic.AttributeGetter) generic.ConverterOptions
func WithDatasourceConverter() generic.ConverterOption
type SchemaOptions
type Secret

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DatasourceSchema ¶

func DatasourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)

DatasourceSchema represents a secret read out from the backend (hash-only, sorry). Still the hash is useful to detect if secrets have changed externally. Use together with generic.ValueFrom and WithDatasourceConverter.

func ResourceSchema ¶

func ResourceSchema(opts SchemaOptions) (result schema.SingleNestedAttribute)

ResourceSchema defines the Secret representation within the Terraform state/plan. Use during Create/Update resource actions with generic.ValueTo, generic.ValueFrom conversion and WithConverterSupport as options. For ModifyPlan resource action, use WalkSecretPathsIn with SetHashToUnknownIfVersionChanged.

func SetHashToUnknownIfVersionChanged ¶

func SetHashToUnknownIfVersionChanged(ctx context.Context, plan, state generic.AttributeGetter, responsePlan generic.AttributeSetter) func(attributePath path.Path, diags *diag.Diagnostics) (versionChanged bool)

SetHashToUnknownIfVersionChanged constructs a visitor which sets the secret_hash of the secret at the given attribute to unknown if the secret_version changes according to the given plan and state. Used together with WalkSecretPathsIn.

func ValueFromConverter ¶

func ValueFromConverter(ctx context.Context, plan, state generic.AttributeGetter, attributePath path.Path, in clientTypes.Secret) (out tftypes.Value, err error)

ValueFromConverter is called during generic.ValueFrom when converting Terraform value from a client DTO representation. According to the given plan and state (during create and update resource phase), this converter copies over a given hash value as the initial secret_version. This way resources with secrets can be imported without explicitly specifying the correct version initially. Typically used with WithConverterSupport in conjunction with ValueToConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func ValueToConverter ¶

func ValueToConverter(ctx context.Context, config, plan, state generic.AttributeGetter, attributePath path.Path) (out clientTypes.Secret, err error)

ValueToConverter is called during generic.ValueTo when converting Terraform value to a client DTO representation. According to the given plan and state (during create and update resource phase), this converter pulls the write-only attribute secret_value if the secret_version changes and provides this as a one-off value to the backend. Thus, secret rotation can be controlled with secret_version. Typically used with WithConverterSupport in conjunction with ValueFromConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func WalkSecretPathsIn ¶

func WalkSecretPathsIn(raw tftypes.Value, diags *diag.Diagnostics, visitor func(attributePath path.Path, diags *diag.Diagnostics))

WalkSecretPathsIn finds all secrets matching the Secret object representation in the given raw Terraform value (usually a req.Plan.Raw). It calls the given visitor with the attributePath where the secret is located. See SetHashToUnknownIfVersionChanged for an example visitor.

func WithConverterSupport ¶

func WithConverterSupport(ctx context.Context, config, plan, state generic.AttributeGetter) generic.ConverterOptions

WithConverterSupport enables resources to use Secret representations in their ResourceSchema, while the client uses clientTypes.Secret. See ValueFromConverter and ValueToConverter for details of the bidirectional conversion.

func WithDatasourceConverter ¶

func WithDatasourceConverter() generic.ConverterOption

WithDatasourceConverter converts read in hashes from the backend to the Terraform DatasourceSchema representation. As data sources are read-only, only generic.ValueFrom conversion is supported.

Types ¶

type SchemaOptions ¶

type SchemaOptions struct {
	MarkdownDescription string
	Optional            bool
}

type Secret ¶

type Secret struct {
	Value   *string `tfsdk:"secret_value"`
	Version *string `tfsdk:"secret_version"`
	Hash    *string `tfsdk:"secret_hash"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL