secret

package
v0.19.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DatasourceSchema 

func DatasourceSchema(opts DatasourceSchemaOptions) (result schema.SingleNestedAttribute)

DatasourceSchema represents a secret read out from the backend (hash-only, sorry). Still the hash is useful to detect if secrets have changed externally. Use together with generic.ValueFrom and WithDatasourceConverter.

func ResourceSchema 

func ResourceSchema(opts ResourceSchemaOptions) (result schema.SingleNestedAttribute)

ResourceSchema defines the Secret representation within the Terraform state/plan. Use during Create/Update resource actions with generic.ValueTo, generic.ValueFrom conversion and WithConverterSupport as options. For the ModifyPlan resource action, use WalkSecretPathsIn with SetToUnknownIfVersionChangedOrCreated.

func SetToUnknownIfVersionChangedOrCreated added in v0.19.2 

func SetToUnknownIfVersionChangedOrCreated(ctx context.Context, plan, state generic.AttributeGetter, responsePlan generic.AttributeSetter) func(attributePath path.Path, diags *diag.Diagnostics) (versionChanged bool)

SetToUnknownIfVersionChangedOrCreated constructs a visitor which sets the secret_hash of the secret at the given attribute to unknown if the secret_version changes according to the given plan and state. If the secret is newly created, sets secret_hash and secret_version to unknown to cover the case of later addition of a secret attribute if the resource exists already (resource is updated). Used together with WalkSecretPathsIn.

func ValueFromConverter 

func ValueFromConverter(ctx context.Context, plan, state generic.AttributeGetter, attributePath path.Path, in clientTypes.Secret) (out tftypes.Value, err error)

ValueFromConverter is called during generic.ValueFrom when converting Terraform value from a client DTO representation. According to the given plan and state (during create and update resource phase), this converter copies over a given hash value as the initial secret_version. This way resources with secrets can be imported without explicitly specifying the correct version initially. Typically used with WithConverterSupport in conjunction with ValueToConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func ValueToConverter 

func ValueToConverter(ctx context.Context, config, plan, state generic.AttributeGetter, attributePath path.Path) (out clientTypes.Secret, err error)

ValueToConverter is called during generic.ValueTo when converting Terraform value to a client DTO representation. According to the given plan and state (during create and update resource phase), this converter pulls the write-only attribute secret_value if the secret_version changes and provides this as a one-off value to the backend. Thus, secret rotation can be controlled with secret_version. Typically used with WithConverterSupport in conjunction with ValueFromConverter, but the building_block_definition resource has some special needs as it combines secret values with arbitrary json-encoded strings.

func WalkSecretPathsIn 

func WalkSecretPathsIn(raw tftypes.Value, diags *diag.Diagnostics, visitor func(attributePath path.Path, diags *diag.Diagnostics))

WalkSecretPathsIn finds all secrets matching the Secret object representation in the given raw Terraform value (usually a req.Plan.Raw). It calls the given visitor with the attributePath where the secret is located. See SetToUnknownIfVersionChangedOrCreated for an example visitor.

func WithConverterSupport 

func WithConverterSupport(ctx context.Context, config, plan, state generic.AttributeGetter) generic.ConverterOptions

WithConverterSupport enables resources to use Secret representations in their ResourceSchema, while the client uses clientTypes.Secret. See ValueFromConverter and ValueToConverter for details of the bidirectional conversion.

func WithDatasourceConverter 

func WithDatasourceConverter() generic.ConverterOption

WithDatasourceConverter converts read in hashes from the backend to the Terraform DatasourceSchema representation. As data sources are read-only, only generic.ValueFrom conversion is supported.

Types

type DatasourceSchemaOptions added in v0.19.0 

type DatasourceSchemaOptions struct {
	MarkdownDescription string
}

type ResourceSchemaOptions added in v0.19.0 

type ResourceSchemaOptions struct {
	MarkdownDescription string
	Optional            bool
}

type Secret 

type Secret struct {
	Value   *string `tfsdk:"secret_value"`
	Version *string `tfsdk:"secret_version"`
	Hash    *string `tfsdk:"secret_hash"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.