Merge pull request #292 from port-labs/ft/portOrg

feat: add organization secret management with terraform provider

Author: azeezport

docs/resources/port_organization_secret.md

@@ -0,0 +1,29 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "port_organization_secret Resource - terraform-provider-port-labs"
+subcategory: ""
+description: |-
+  Organization secret resource
+---
+
+# port_organization_secret (Resource)
+
+Organization secret resource
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `secret_name` (String) The name of the organization secret
+- `secret_value` (String, Sensitive) The value of the organization secret
+
+### Optional
+
+- `description` (String) The description of the organization secret
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

examples/resources/port_organization/main.tf

@@ -0,0 +1,62 @@
+# Example with sensitive variable
+variable "api_secret_name" {
+  type      = string
+  default   = "api_key"
+}
+
+variable "home_secret_name" {
+  type      = string
+  default   = "home_url"
+}
+variable "guest_secret_name" {
+  type      = string
+  default   = "guest_url"
+}
+variable "api_key" {
+  type      = string
+  sensitive = true
+  default   = "api_key"
+}
+variable "api_description" {
+  type      = string
+  default   = "api description"
+}
+
+variable "home_url" {
+  type      = string
+  default   = "home url"
+}
+
+variable "guest_url" {
+  type      = string
+  default   = "guest url"
+}
+
+variable "home_description" {
+  type      = string
+  default   = "home description"
+}
+
+variable "guest_description" {
+  type      = string
+  default   = "guest description"
+}
+
+resource "port_organization_secret" "api_key" {
+  secret_name  = var.api_secret_name
+  secret_value = var.api_key
+  description  = var.api_description
+}
+
+resource "port_organization_secret" "home_url" {
+  secret_name  = var.home_secret_name
+  secret_value = var.home_url
+  description  = var.home_description
+}
+
+resource "port_organization_secret" "guest_url" {
+  secret_name  = var.guest_secret_name
+  secret_value = var.guest_url
+  description  = var.guest_description
+}
+

examples/resources/port_organization/provider.tf

@@ -0,0 +1 @@
+../../provider.tf

internal/cli/models.go

@@ -678,3 +678,14 @@ type Organization struct {
 	Name         string   `json:"name"`
 	FeatureFlags []string `json:"featureFlags"`
 }
+
+type OrganizationSecret struct {
+	SecretName  string  `json:"secretName,omitempty"`
+	SecretValue *string `json:"secretValue,omitempty"`
+	Description *string `json:"description,omitempty"`
+}
+
+type OrganizationSecretBody struct {
+	OK     bool               `json:"ok"`
+	Secret OrganizationSecret `json:"secret"`
+}

internal/cli/organization.go

@@ -2,10 +2,12 @@ package cli
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 )
 
 const orgUrl = "/v1/organization"
+const orgSecretsUrl = "/v1/organization/secrets"
 
 func (c *PortClient) ReadOrganization(ctx context.Context) (*Organization, int, error) {
 	pb := &PortBody{}
@@ -24,3 +26,88 @@ func (c *PortClient) ReadOrganization(ctx context.Context) (*Organization, int,
 	}
 	return pb.Organization, resp.StatusCode(), nil
 }
+
+func (c *PortClient) CreateOrganizationSecret(ctx context.Context, secret *OrganizationSecret) (*OrganizationSecret, error) {
+	resp, err := c.Client.R().
+		SetBody(secret).
+		SetContext(ctx).
+		Post(orgSecretsUrl)
+
+	if err != nil {
+		return nil, err
+	}
+	var pb OrganizationSecretBody
+	err = json.Unmarshal(resp.Body(), &pb)
+	if err != nil {
+		return nil, err
+	}
+	if !pb.OK {
+		return nil, fmt.Errorf("failed to create organization secret, got: %s", resp.Body())
+	}
+
+	return &pb.Secret, nil
+}
+
+func (c *PortClient) ReadOrganizationSecret(ctx context.Context, secretName string) (*OrganizationSecret, int, error) {
+	var pb OrganizationSecretBody
+	resp, err := c.Client.R().
+		SetContext(ctx).
+		SetHeader("Accept", "application/json").
+		SetPathParam("secretName", secretName).
+		SetResult(&pb).
+		Get(orgSecretsUrl + "/{secretName}")
+	if err != nil {
+		return nil, 0, err
+	} else if resp.IsError() {
+		return nil, resp.StatusCode(), fmt.Errorf("failed to read organization secret, got: %s", resp.Body())
+	}
+	if !pb.OK {
+		return nil, resp.StatusCode(), fmt.Errorf("failed to read organization secret, got: %s", resp.Body())
+	}
+
+	return &pb.Secret, resp.StatusCode(), nil
+}
+
+func (c *PortClient) UpdateOrganizationSecret(ctx context.Context, secretName string, secret *OrganizationSecret) (*OrganizationSecret, error) {
+	resp, err := c.Client.R().
+		SetBody(secret).
+		SetContext(ctx).
+		SetPathParam("secretName", secretName).
+		Patch(orgSecretsUrl + "/{secretName}")
+
+	if err != nil {
+		return nil, err
+	}
+	var pb OrganizationSecretBody
+	err = json.Unmarshal(resp.Body(), &pb)
+	if err != nil {
+		return nil, err
+	}
+	if !pb.OK {
+		return nil, fmt.Errorf("failed to update organization secret, got: %s", resp.Body())
+	}
+
+	return &pb.Secret, nil
+}
+
+func (c *PortClient) DeleteOrganizationSecret(ctx context.Context, secretName string) error {
+	resp, err := c.Client.R().
+		SetContext(ctx).
+		SetHeader("Accept", "application/json").
+		SetPathParam("secretName", secretName).
+		Delete(orgSecretsUrl + "/{secretName}")
+
+	if err != nil {
+		return err
+	}
+	var pb PortBodyDelete
+	err = json.Unmarshal(resp.Body(), &pb)
+	if err != nil {
+		return err
+	}
+
+	if !pb.Ok {
+		return fmt.Errorf("failed to delete organization secret, got: %s", string(resp.Body()))
+	}
+	return nil
+}

port/organization/model.go

@@ -0,0 +1,12 @@
+package organization
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type OrganizationSecretModel struct {
+	ID          types.String `tfsdk:"id"`
+	SecretName  types.String `tfsdk:"secret_name"`
+	SecretValue types.String `tfsdk:"secret_value"`
+	Description types.String `tfsdk:"description"`
+}

port/organization/organizationSecretResourceToPortBody.go

@@ -0,0 +1,44 @@
+package organization
+
+import (
+	"context"
+
+	"github.com/port-labs/terraform-provider-port-labs/v2/internal/cli"
+)
+
+func organizationSecretResourceToPortBody(ctx context.Context, state *OrganizationSecretModel) (*cli.OrganizationSecret, error) {
+	secret := &cli.OrganizationSecret{
+		SecretName: state.SecretName.ValueString(),
+	}
+
+	if !state.SecretValue.IsNull() {
+		secretValue := state.SecretValue.ValueString()
+		secret.SecretValue = &secretValue
+	}
+
+	if !state.Description.IsNull() {
+		description := state.Description.ValueString()
+		secret.Description = &description
+	}
+
+	return secret, nil
+}
+
+func organizationSecretResourceToPortBodyForUpdate(ctx context.Context, state *OrganizationSecretModel) (*cli.OrganizationSecret, error) {
+	secret := &cli.OrganizationSecret{}
+
+	if !state.SecretValue.IsNull() {
+		secretValue := state.SecretValue.ValueString()
+		secret.SecretValue = &secretValue
+	}
+
+	if !state.Description.IsNull() {
+		description := state.Description.ValueString()
+		secret.Description = &description
+	} else {
+		emptyDesc := ""
+		secret.Description = &emptyDesc
+	}
+
+	return secret, nil
+}

port/organization/refreshOrganizationSecretState.go

@@ -0,0 +1,23 @@
+package organization
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/port-labs/terraform-provider-port-labs/v2/internal/cli"
+)
+
+func refreshOrganizationSecretState(ctx context.Context, state *OrganizationSecretModel, secret *cli.OrganizationSecret) error {
+	state.ID = types.StringValue(secret.SecretName)
+	state.SecretName = types.StringValue(secret.SecretName)
+	
+	if secret.Description != nil && *secret.Description != "" {
+		state.Description = types.StringValue(*secret.Description)
+	} else {
+		state.Description = types.StringNull()
+	}
+
+	// Note: SecretValue is not returned by the API for security reasons
+	// We keep the existing state value
+	return nil
+}