feat(dew): add a data source to get csms secrets by tags. (#6859)

Author: shi2duxinxia

docs/data-sources/csms_secrets_by_tags.md

@@ -0,0 +1,151 @@
+---
+subcategory: "Data Encryption Workshop (DEW)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_csms_secrets_by_tags"
+description: |-
+  Use this data source to get a list of the secrets by tags.
+---
+
+# huaweicloud_csms_secret_versions
+
+Use this data source to get a list of the secrets by tags.
+
+## Example Usage
+
+```hcl
+variable "resource_instances" {}
+variable "action" {}
+
+data "huaweicloud_csms_secrets_by_tags" "test" {
+  resource_instances = var.resource_instances
+  action             = var.action
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String) Specifies the region in which to query the resource.
+  If omitted, the provider-level region will be used.
+
+* `resource_instances` - (Required, String) Specifies the resource instances, the valid value is **resource_instances**.
+
+* `action` - (Required, String) Specifies the operation type. The valid values are as follows:
+  + **filter**: Indicates filtering secrets.
+  + **count**: Indicates the total number of secrets.
+
+* `tags` - (Optional, List) Specifies the list of tags, the maximum of tags is `10`.
+  The [tags](#tags_struct) structure is documented below.
+
+* `matches` - (Optional, List) Specifies the key-value pair to be matched.
+  The [matches](#matches_struct) structure is documented below.
+
+* `sequence` - (Optional, String) Specifies the `36` byte sequence number of a request message.
+
+<a name="tags_struct"></a>
+The `tags` block supports:
+
+* `key` - (Optional, String) Specifies the tag key.
+
+* `values` - (Optional, List) Specifies the set of tag values, the maximum of values is `10`.
+  If the tag list is empty, any value can be matched.
+  A search result matches only one value.
+
+<a name="matches_struct"></a>
+The `matches` block supports:
+
+* `key` - (Optional, String) Specifies the search field, the valid value is **resource_name**.
+
+* `value` - (Optional, String) Specifies the field for fuzzy match, maximum of `255` characters are allowed.
+  If it is left blank, a null value is returned.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The data source ID.
+
+* `resources` - The list of the filtered secrets.
+
+  The [resources](#resources_struct) structure is documented below.
+
+* `total_count` - The total number of the filtered secrets.
+
+<a name="resources_struct"></a>
+The `resources` block supports:
+
+* `resource_id` - The secret ID.
+
+* `resource_name` - The secret name.
+
+* `resource_detail` - The secret detail.
+
+  The [resource_detail](#resource_detail_struct) structure is documented below.
+
+* `tags` - The tag list.
+
+  The [tags](#tags_item_struct) structure is documented below.
+
+* `sys_tags` - The system tag list.
+
+  The [sys_tags](#sys_tags_struct) structure is documented below.
+
+<a name="resource_detail_struct"></a>
+The `resource_detail` block supports:
+
+* `id` - The ID of the secret.
+
+* `name` - The secret name.
+
+* `state` - The secret status. The valid values are as follows:
+  + **ENABLED**: Indicates enabled status.
+  + **DISABLED**: Indicates disabled status.
+  + **PENDING_DELETE**: Indicates pending deletion status.
+  + **FROZEN**: Indicates frozen state.
+
+* `kms_key_id` - The ID of KMS key used to encrypt secret.
+
+* `description` - The description of the secret.
+
+* `create_time` - The creation time of the secret, the value is a timestamp.
+
+* `update_time` - The update time of the secret, the value is a timestamp.
+
+* `scheduled_delete_time` - The time of the secret to be scheduled deleted, the value is a timestamp.
+
+* `secret_type` - The secret type. The valid values are as follows:
+  + **COMMON**: shared secret (default), which is used to store sensitive information in an application system.
+  + **RDS**: RDS secret, which is used to store RDS account information. (no longer supported, replaced by RDS-FG).
+  + **RDS-FG**: RDS secret, which is used to store RDS account information.
+  + **GaussDB-FG**: TaurusDB secret, which is used to store TaurusDB account information.
+
+* `auto_rotation` - Automatic rotation. The valid values are as follows:
+  + **true**: Enabled.
+  + **false**: Disabled.
+
+* `rotation_period` - The secret rotation period. Valid when `auto_rotation` is **true**.
+
+* `rotation_config` - The secret rotation config. Valid when `auto_rotation` is **true**.
+
+* `rotation_time` - The rotation time of the secret, the value is a timestamp.
+
+* `next_rotation_time` - The next rotation time of the secret, the value is a timestamp.
+
+* `event_subscriptions` - The list of events subscribed to by secret.
+
+* `enterprise_project_id` - The enterprise project ID.
+
+<a name="tags_item_struct"></a>
+The `tags` block supports:
+
+* `key` - The tag key.
+
+* `value` - The tag value.
+
+<a name="sys_tags_struct"></a>
+The `sys_tags` block supports:
+
+* `key` - The system tag key.
+
+* `value` - The system tag value.

huaweicloud/provider.go

@@ -715,6 +715,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_csms_secrets":                  dew.DataSourceDewCsmsSecrets(),
 			"huaweicloud_csms_secret_version":           dew.DataSourceDewCsmsSecret(),
 			"huaweicloud_csms_secret_versions":          dew.DataSourceDewCsmsSecretVersions(),
+			"huaweicloud_csms_secrets_by_tags":          dew.DataSourceCSMSSecretsByTags(),
 			"huaweicloud_css_flavors":                   css.DataSourceCssFlavors(),
 			"huaweicloud_css_clusters":                  css.DataSourceCssClusters(),
 			"huaweicloud_css_logstash_pipelines":        css.DataSourceCssLogstashPipelines(),

huaweicloud/services/acceptance/dew/data_source_huaweicloud_csms_secrets_by_tags_test.go

@@ -0,0 +1,196 @@
+package dew
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccCSMSSecretsByTagDataSource_basic(t *testing.T) {
+	var (
+		name           = acceptance.RandomAccResourceName()
+		dataSourceName = "data.huaweicloud_csms_secrets_by_tags.test"
+		dc             = acceptance.InitDataSourceCheck(dataSourceName)
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testCSMSSecretsByTagDataSource_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					dc.CheckResourceExists(),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.#"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_name"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.tags.0.key"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.tags.0.value"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.auto_rotation"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.create_time"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.description"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.enterprise_project_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.kms_key_id"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.name"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.description"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.secret_type"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.state"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "resources.0.resource_detail.0.update_time"),
+					resource.TestCheckOutput("tags_single_filter_is_useful", "true"),
+					resource.TestCheckOutput("tags_double_filter_is_useful", "true"),
+					resource.TestCheckOutput("matches_single_filter_is_useful", "true"),
+					resource.TestCheckOutput("matches_double_filter_is_useful", "true"),
+					resource.TestCheckOutput("count_is_useful", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testCSMSSecretsByTagDataSource_basic(name string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_csms_secret" "test" {
+  name                  = "%s_1"
+  secret_text           = "this is a password"
+  description           = "csms secret test"
+  secret_type           = "COMMON"
+  enterprise_project_id = "0"
+
+  tags = {
+    test_tag_1 = "test_value_1"
+  }
+}
+
+resource "huaweicloud_csms_secret" "test2" {
+  name                  = "%s_2"
+  secret_text           = "this is a password"
+  description           = "csms secret test"
+  secret_type           = "COMMON"
+  enterprise_project_id = "0"
+
+  tags = {
+    test_tag_1 = "test_value_2"
+  }
+}
+
+data "huaweicloud_csms_secrets_by_tags" "test" {
+  resource_instances = "resource_instances"
+  action             = "filter"
+  sequence           = "test_sequence"
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+locals {
+  secret1_key   = keys(huaweicloud_csms_secret.test.tags)[0]
+  secret1_value = huaweicloud_csms_secret.test.tags[keys(huaweicloud_csms_secret.test.tags)[0]]
+  secret2_key   = keys(huaweicloud_csms_secret.test2.tags)[0]
+  secret2_value = huaweicloud_csms_secret.test2.tags[keys(huaweicloud_csms_secret.test.tags)[0]]
+  secret1_name  = huaweicloud_csms_secret.test.name
+  secret2_name  = huaweicloud_csms_secret.test2.name
+}
+
+data "huaweicloud_csms_secrets_by_tags" "tags_single_filter" {
+  resource_instances = "resource_instances"
+  action             = "filter"
+
+  tags {
+    key    = local.secret1_key
+    values = [local.secret1_value]
+  }
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+data "huaweicloud_csms_secrets_by_tags" "tags_double_filter" {
+  resource_instances = "resource_instances"
+  action             = "filter"
+
+  tags {
+    key    = local.secret1_key
+    values = [local.secret1_value,local.secret2_value]
+  }
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+data "huaweicloud_csms_secrets_by_tags" "matches_single_filter" {
+  resource_instances = "resource_instances"
+  action             = "filter"
+
+  matches {
+    key   = "resource_name"
+    value = local.secret1_name
+  }
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+data "huaweicloud_csms_secrets_by_tags" "matches_double_filter" {
+  resource_instances = "resource_instances"
+  action             = "filter"
+
+  matches {
+    key   = "resource_name"
+    value = local.secret1_name
+  }
+
+  matches {
+    key   = "resource_name"
+    value = local.secret2_name
+  }
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+data "huaweicloud_csms_secrets_by_tags" "count" {
+  resource_instances = "resource_instances"
+  action             = "count"
+
+  depends_on = [huaweicloud_csms_secret.test, huaweicloud_csms_secret.test2]
+}
+
+output "tags_single_filter_is_useful" {
+  value = alltrue([
+    length(data.huaweicloud_csms_secrets_by_tags.tags_single_filter.resources) == 1,
+    data.huaweicloud_csms_secrets_by_tags.tags_single_filter.resources[0].tags[0].key == local.secret1_key,
+    data.huaweicloud_csms_secrets_by_tags.tags_single_filter.resources[0].tags[0].value == local.secret1_value
+  ])
+}
+
+output "tags_double_filter_is_useful" {
+  value = alltrue([
+    length(data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources) == 2,
+    data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources[0].tags[0].key == local.secret1_key,
+    data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources[0].tags[0].value == local.secret1_value,
+    data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources[1].tags[0].key == local.secret1_key,
+    data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources[1].tags[0].value == local.secret2_value,
+  ])
+}
+
+output "matches_single_filter_is_useful" {
+  value = alltrue([
+    length(data.huaweicloud_csms_secrets_by_tags.matches_single_filter.resources) == 1,
+    data.huaweicloud_csms_secrets_by_tags.tags_double_filter.resources[0].resource_name == local.secret1_name,
+  ])
+}
+
+output "matches_double_filter_is_useful" {
+  value = alltrue([
+    length(data.huaweicloud_csms_secrets_by_tags.matches_double_filter.resources) == 0,
+  ])
+}
+
+output "count_is_useful" {
+  value = alltrue([
+    data.huaweicloud_csms_secrets_by_tags.count.total_count == 2,
+  ])
+}
+`, name, name)
+}