feat(secret): add type field (#2698)

* feat(secret): add type field

* update cassettes

* add doc

* remove extra code

* add type test to secret_version

* add cassette to exceptions

* lint

---------

Co-authored-by: Rémy Léone <[email protected]>

Author: Codelax

docs/resources/secret.md

@@ -46,6 +46,7 @@ The following arguments are supported:
     - `ttl` - (Optional) Time frame, from one second and up to one year, during which the secret's versions are valid. Has to be specified in [Go Duration format](https://pkg.go.dev/time#ParseDuration) (ex: "30m", "24h").
     - `expires_once_accessed` - (Optional) True if the secret version expires after a single user access.
     - `action` - (Required) Action to perform when the version of a secret expires. Available values can be found in [SDK constants](https://pkg.go.dev/github.com/scaleway/scaleway-sdk-go@master/api/secret/v1beta1#pkg-constants).
+- `type` - (Optional) Type of the secret. If not specified, the type is Opaque. Available values can be found in [SDK Constants](https://pkg.go.dev/github.com/scaleway/scaleway-sdk-go@master/api/secret/v1beta1#pkg-constants).
 - `region` - (Defaults to [provider](../index.md#region) `region`) The [region](../guides/regions_and_zones.md#regions)
   in which the resource exists.
 - `project_id` - (Optional) The project ID containing is the secret.

internal/acctest/validate_cassettes_test.go

@@ -27,6 +27,7 @@ func exceptionsCassettesCases() map[string]struct{} {
 		"../services/rdb/testdata/privilege-basic.cassette.yaml":                {},
 		"../services/object/testdata/object-bucket-destroy-force.cassette.yaml": {},
 		"../services/secret/testdata/secret-protected.cassette.yaml":            {},
+		"../services/secret/testdata/secret-version-type.cassette.yaml":         {},
 	}
 }
 

internal/services/secret/secret.go

@@ -77,6 +77,13 @@ func ResourceSecret() *schema.Resource {
 					return filepath.Clean(oldValue) == filepath.Clean(newValue)
 				},
 			},
+			"type": {
+				ForceNew:         true,
+				Type:             schema.TypeString,
+				Optional:         true,
+				Default:          secret.SecretTypeOpaque,
+				ValidateDiagFunc: verify.ValidateEnum[secret.SecretType](),
+			},
 			"protected": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -125,6 +132,7 @@ func ResourceSecretCreate(ctx context.Context, d *schema.ResourceData, m interfa
 		ProjectID: d.Get("project_id").(string),
 		Name:      d.Get("name").(string),
 		Protected: d.Get("protected").(bool),
+		Type:      secret.SecretType(d.Get("type").(string)),
 	}
 
 	rawTag, tagExist := d.GetOk("tags")
@@ -193,6 +201,7 @@ func ResourceSecretRead(ctx context.Context, d *schema.ResourceData, m interface
 	_ = d.Set("path", secretResponse.Path)
 	_ = d.Set("protected", secretResponse.Protected)
 	_ = d.Set("ephemeral_policy", flattenEphemeralPolicy(secretResponse.EphemeralPolicy))
+	_ = d.Set("type", secretResponse.Type)
 
 	return nil
 }

internal/services/secret/secret_test.go

@@ -43,6 +43,7 @@ func TestAccSecret_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_secret.main", "tags.2", "terraform"),
 					resource.TestCheckResourceAttr("scaleway_secret.main", "tags.#", "3"),
 					resource.TestCheckResourceAttr("scaleway_secret.main", "ephemeral_policy.#", "0"),
+					resource.TestCheckResourceAttr("scaleway_secret.main", "type", "opaque"),
 					resource.TestCheckResourceAttrSet("scaleway_secret.main", "updated_at"),
 					resource.TestCheckResourceAttrSet("scaleway_secret.main", "created_at"),
 					acctest.CheckResourceAttrUUID("scaleway_secret.main", "id"),