fix new HVS sync resource creation

Author: rodrigo-hcp

examples/resources/hcp_vault_secrets_sync/import.sh

@@ -1,2 +1,2 @@
 # Vault Secrets Integration can be imported by specifying the name of the integration
-terraform import hcp_vault_secrets_sync.example my-sync-name
+terraform import hcp_vault_secrets_sync.example gitlab-proj-sync

internal/provider/vaultsecrets/resource_vault_secrets_app_test.go

@@ -23,7 +23,8 @@ func TestAccVaultSecretsResourceApp(t *testing.T) {
 		appName2         = generateRandomSlug()
 		description1     = "my description 1"
 		description2     = "my description 2"
-		syncName         = generateRandomSlug()
+		projSyncName     = generateRandomSlug()
+		groupSyncName    = generateRandomSlug()
 		gitLabToken      = checkRequiredEnvVarOrFail(t, "GITLAB_ACCESS_TOKEN")
 	)
 
@@ -62,22 +63,30 @@ func TestAccVaultSecretsResourceApp(t *testing.T) {
 							token = %q
 						}
 					}
-					resource "hcp_vault_secrets_sync" "gitlab_sync" {
+					resource "hcp_vault_secrets_sync" "gitlab_proj_sync" {
 						name = %q
 						integration_name = hcp_vault_secrets_integration.acc_test.name
 						gitlab_config = {
 						    scope = "PROJECT"
-						    project_id = "1234"
+						    project_id = "123456789"
+						}
+					}
+					resource "hcp_vault_secrets_sync" "gitlab_group_sync" {
+						name = %q
+						integration_name = hcp_vault_secrets_integration.acc_test.name
+						gitlab_config = {
+						    scope = "GROUP"
+						    project_id = "987654321"
 						}
 					}
 					resource "hcp_vault_secrets_app" "acc_test_app" {
 						app_name    = %q
 						description = %q
 						sync_names = [hcp_vault_secrets_sync.gitlab_sync.name]
 					}
-				`, integrationName1, gitLabToken, syncName, appName2, description2),
+				`, integrationName1, gitLabToken, projSyncName, groupSyncName, appName2, description2),
 				Check: resource.ComposeTestCheckFunc(
-					appCheckFunc(appName2, description2, []string{syncName})...,
+					appCheckFunc(appName2, description2, []string{projSyncName, groupSyncName})...,
 				),
 			},
 			// Deleting the app out of band causes a recreation

internal/provider/vaultsecrets/resource_vault_secrets_integration.go

@@ -296,6 +296,9 @@ func (r *resourceVaultSecretsIntegration) Schema(_ context.Context, _ resource.S
 					Sensitive:   true,
 				},
 			},
+			Validators: []validator.Object{
+				exactlyOneIntegrationTypeFieldsValidator,
+			},
 		},
 	}
 

internal/provider/vaultsecrets/resource_vault_secrets_sync.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/stable/2023-11-28/client/secret_service"
 	secretmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-vault-secrets/stable/2023-11-28/models"
+	"github.com/hashicorp/terraform-plugin-framework-validators/objectvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
@@ -18,11 +19,19 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
 	"github.com/hashicorp/terraform-provider-hcp/internal/clients"
+	"github.com/hashicorp/terraform-provider-hcp/internal/provider/modifiers"
 )
 
 var _ hvsResource = &Sync{}
 
+var exactlyOneSyncConfigFieldsValidator = objectvalidator.ExactlyOneOf(
+	path.Expressions{
+		path.MatchRoot("gitlab_config"),
+	}...,
+)
+
 type Sync struct {
+	ID              types.String `tfsdk:"id"`
 	Name            types.String `tfsdk:"name"`
 	IntegrationName types.String `tfsdk:"integration_name"`
 	ProjectID       types.String `tfsdk:"project_id"`
@@ -35,11 +44,14 @@ type Sync struct {
 	gitlabConfig *secretmodels.Secrets20231128SyncConfigGitlab `tfsdk:"-"`
 }
 
+func (s *Sync) projectID() types.String {
+	return s.ProjectID
+}
+
 type gitlabConfigParams struct {
-	EnvironmentScope types.String `tfsdk:"environment_scope"`
-	Scope            types.String `tfsdk:"scope"`
-	GroupID          types.String `tfsdk:"group_id"`
-	ProjectID        types.String `tfsdk:"project_id"`
+	Scope     types.String `tfsdk:"scope"`
+	GroupID   types.String `tfsdk:"group_id"`
+	ProjectID types.String `tfsdk:"project_id"`
 }
 
 func (s *Sync) initModel(ctx context.Context, orgID, projID string) diag.Diagnostics {
@@ -56,23 +68,18 @@ func (s *Sync) initModel(ctx context.Context, orgID, projID string) diag.Diagnos
 		scope := secretmodels.SyncConfigGitlabScope(config.Scope.ValueString())
 
 		s.gitlabConfig = &secretmodels.Secrets20231128SyncConfigGitlab{
-			EnvironmentScope: config.EnvironmentScope.ValueString(),
-			GroupID:          config.GroupID.ValueString(),
-			ProjectID:        config.ProjectID.ValueString(),
-			Protected:        false,
-			Raw:              false,
-			Scope:            &scope,
+			GroupID:   config.GroupID.ValueString(),
+			ProjectID: config.ProjectID.ValueString(),
+			Protected: false,
+			Raw:       false,
+			Scope:     &scope,
 		}
 	}
 
 	return diag.Diagnostics{}
 }
 
-func (s *Sync) projectID() types.String {
-	return s.ProjectID
-}
-
-func (s *Sync) fromModel(_ context.Context, orgID, projID string, model any) diag.Diagnostics {
+func (s *Sync) fromModel(ctx context.Context, orgID, projID string, model any) diag.Diagnostics {
 	diags := diag.Diagnostics{}
 
 	syncModel, ok := model.(*secretmodels.Secrets20231128Sync)
@@ -85,11 +92,15 @@ func (s *Sync) fromModel(_ context.Context, orgID, projID string, model any) dia
 	s.IntegrationName = types.StringValue(syncModel.IntegrationName)
 	s.OrganizationID = types.StringValue(orgID)
 	s.ProjectID = types.StringValue(projID)
+	s.ID = types.StringValue(syncModel.ResourceID)
 
 	return diags
 }
 
 var _ resource.Resource = &resourceVaultSecretsSync{}
+var _ resource.ResourceWithConfigure = &resourceVaultSecretsSync{}
+var _ resource.ResourceWithModifyPlan = &resourceVaultSecretsSync{}
+var _ resource.ResourceWithImportState = &resourceVaultSecretsSync{}
 
 func NewVaultSecretsSyncResource() resource.Resource {
 	return &resourceVaultSecretsSync{}
@@ -149,7 +160,7 @@ func (r *resourceVaultSecretsSync) Schema(_ context.Context, _ resource.SchemaRe
 				},
 			},
 			Validators: []validator.Object{
-				exactlyOneIntegrationTypeFieldsValidator,
+				exactlyOneSyncConfigFieldsValidator,
 			},
 		},
 	}
@@ -162,6 +173,25 @@ func (r *resourceVaultSecretsSync) Schema(_ context.Context, _ resource.SchemaRe
 	}
 }
 
+func (r *resourceVaultSecretsSync) Configure(_ context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+	client, ok := req.ProviderData.(*clients.Client)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected *clients.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+	r.client = client
+}
+
+func (r *resourceVaultSecretsSync) ModifyPlan(ctx context.Context, req resource.ModifyPlanRequest, resp *resource.ModifyPlanResponse) {
+	modifiers.ModifyPlanForDefaultProjectChange(ctx, r.client.Config.ProjectID, req.State, req.Config, req.Plan, resp)
+}
+
 func (r *resourceVaultSecretsSync) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
 	resp.Diagnostics.Append(decorateOperation[*Sync](ctx, r.client, &resp.State, req.State.Get, "reading", func(i hvsResource) (any, error) {
 		sync, ok := i.(*Sync)