[Feature] Add data source to read secrets (#1245)

* Add github_actions_secrets

* Update sdk version

* Improve doc

* Fix merge

* Reorder github.erb for alphabetization (is that a word?)

Co-authored-by: Keegan Campbell <[email protected]>

Author: bpaquet

github/data_source_github_actions_organization_secrets.go

@@ -0,0 +1,77 @@
+package github
+
+import (
+	"context"
+
+	"github.com/google/go-github/v47/github"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubActionsOrganizationSecrets() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubActionsOrganizationSecretsRead,
+
+		Schema: map[string]*schema.Schema{
+			"secrets": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"visibility": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"created_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"updated_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsOrganizationSecretsRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+
+	options := github.ListOptions{
+		PerPage: 100,
+	}
+
+	var all_secrets []map[string]string
+	for {
+		secrets, resp, err := client.Actions.ListOrgSecrets(context.TODO(), owner, &options)
+		if err != nil {
+			return err
+		}
+		for _, secret := range secrets.Secrets {
+			new_secret := map[string]string{
+				"name":       secret.Name,
+				"created_at": secret.CreatedAt.String(),
+				"updated_at": secret.UpdatedAt.String(),
+			}
+			all_secrets = append(all_secrets, new_secret)
+
+		}
+		if resp.NextPage == 0 {
+			break
+		}
+		options.Page = resp.NextPage
+	}
+
+	d.SetId(owner)
+	d.Set("secrets", all_secrets)
+
+	return nil
+}

github/data_source_github_actions_organization_secrets_test.go

@@ -0,0 +1,59 @@
+package github
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubActionsOrganizationSecretsDataSource(t *testing.T) {
+
+	t.Run("queries organization actions secrets from a repository", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+
+		config := fmt.Sprintf(`
+			resource "github_actions_organization_secret" "test" {
+				secret_name 		= "org_secret_1_%s"
+				plaintext_value = "foo"
+				visibility      = "private"
+			}
+	`, randomID)
+
+		config2 := config + `
+			data "github_actions_organization_secrets" "test" {
+			}
+		`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.#", "1"),
+			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.0.name", strings.ToUpper(fmt.Sprintf("ORG_SECRET_1_%s", randomID))),
+			resource.TestCheckResourceAttr("data.github_actions_organization_secrets.test", "secrets.0.visibility", "private"),
+			resource.TestCheckResourceAttrSet("data.github_actions_organization_secrets.test", "secrets.0.created_at"),
+			resource.TestCheckResourceAttrSet("data.github_actions_organization_secrets.test", "secrets.0.updated_at"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config2,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}

github/data_source_github_actions_secrets.go

@@ -0,0 +1,102 @@
+package github
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-github/v47/github"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubActionsSecrets() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubActionsSecretsRead,
+
+		Schema: map[string]*schema.Schema{
+			"full_name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"name"},
+			},
+			"name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"full_name"},
+			},
+			"secrets": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"created_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"updated_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubActionsSecretsRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+	var repoName string
+
+	if fullName, ok := d.GetOk("full_name"); ok {
+		var err error
+		owner, repoName, err = splitRepoFullName(fullName.(string))
+		if err != nil {
+			return err
+		}
+	}
+
+	if name, ok := d.GetOk("name"); ok {
+		repoName = name.(string)
+	}
+
+	if repoName == "" {
+		return fmt.Errorf("one of %q or %q has to be provided", "full_name", "name")
+	}
+
+	options := github.ListOptions{
+		PerPage: 100,
+	}
+
+	var all_secrets []map[string]string
+	for {
+		secrets, resp, err := client.Actions.ListRepoSecrets(context.TODO(), owner, repoName, &options)
+		if err != nil {
+			return err
+		}
+		for _, secret := range secrets.Secrets {
+			new_secret := map[string]string{
+				"name":       secret.Name,
+				"created_at": secret.CreatedAt.String(),
+				"updated_at": secret.UpdatedAt.String(),
+			}
+			all_secrets = append(all_secrets, new_secret)
+		}
+		if resp.NextPage == 0 {
+			break
+		}
+		options.Page = resp.NextPage
+	}
+
+	d.SetId(repoName)
+	d.Set("secrets", all_secrets)
+
+	return nil
+}

github/data_source_github_actions_secrets_test.go

@@ -0,0 +1,64 @@
+package github
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccGithubActionsSecretsDataSource(t *testing.T) {
+
+	t.Run("queries actions secrets from a repository", func(t *testing.T) {
+		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+
+		config := fmt.Sprintf(`
+			resource "github_repository" "test" {
+				name      = "tf-acc-test-%s"
+				auto_init = true
+			}
+
+			resource "github_actions_secret" "test" {
+				secret_name 		= "secret_1"
+				repository  		= github_repository.test.name
+				plaintext_value = "foo"
+			}
+		`, randomID)
+
+		config2 := config + `
+			data "github_actions_secrets" "test" {
+				name = github_repository.test.name
+			}
+		`
+
+		check := resource.ComposeTestCheckFunc(
+			resource.TestCheckResourceAttr("data.github_actions_secrets.test", "name", fmt.Sprintf("tf-acc-test-%s", randomID)),
+			resource.TestCheckResourceAttr("data.github_actions_secrets.test", "secrets.#", "1"),
+			resource.TestCheckResourceAttr("data.github_actions_secrets.test", "secrets.0.name", "SECRET_1"),
+			resource.TestCheckResourceAttrSet("data.github_actions_secrets.test", "secrets.0.created_at"),
+			resource.TestCheckResourceAttrSet("data.github_actions_secrets.test", "secrets.0.updated_at"),
+		)
+
+		testCase := func(t *testing.T, mode string) {
+			resource.Test(t, resource.TestCase{
+				PreCheck:  func() { skipUnlessMode(t, mode) },
+				Providers: testAccProviders,
+				Steps: []resource.TestStep{
+					{
+						Config: config,
+						Check:  resource.ComposeTestCheckFunc(),
+					},
+					{
+						Config: config2,
+						Check:  check,
+					},
+				},
+			})
+		}
+
+		t.Run("with an organization account", func(t *testing.T) {
+			testCase(t, organization)
+		})
+	})
+}

github/data_source_github_dependabot_organization_secrets.go

@@ -0,0 +1,78 @@
+package github
+
+import (
+	"context"
+
+	"github.com/google/go-github/v47/github"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceGithubDependabotOrganizationSecrets() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceGithubDependabotOrganizationSecretsRead,
+
+		Schema: map[string]*schema.Schema{
+			"secrets": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"visibility": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"created_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"updated_at": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceGithubDependabotOrganizationSecretsRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*Owner).v3client
+	owner := meta.(*Owner).name
+
+	options := github.ListOptions{
+		PerPage: 100,
+	}
+
+	var all_secrets []map[string]string
+	for {
+		secrets, resp, err := client.Dependabot.ListOrgSecrets(context.TODO(), owner, &options)
+		if err != nil {
+			return err
+		}
+		for _, secret := range secrets.Secrets {
+			new_secret := map[string]string{
+				"name":       secret.Name,
+				"visibility": secret.Visibility,
+				"created_at": secret.CreatedAt.String(),
+				"updated_at": secret.UpdatedAt.String(),
+			}
+			all_secrets = append(all_secrets, new_secret)
+
+		}
+		if resp.NextPage == 0 {
+			break
+		}
+		options.Page = resp.NextPage
+	}
+
+	d.SetId(owner)
+	d.Set("secrets", all_secrets)
+
+	return nil
+}