PLT-1799:Added support for AzureUSSecretCloud in Azure cloud account

docs/resources/cloudaccount_azure.md

@@ -34,12 +34,13 @@ resource "spectrocloud_cloudaccount_azure" "azure-1" {
 ### Optional
 
 - `cloud` (String) The Azure partition in which the cloud account is located. 
-Can be 'AzurePublicCloud' for standard Azure regions or 'AzureUSGovernmentCloud' for Azure GovCloud (US) regions.
+Can be 'AzurePublicCloud' for standard Azure regions or 'AzureUSGovernmentCloud' for Azure GovCloud (US) regions or 'AzureUSSecretCloud' for Azure Secret Cloud regions.
 Default is 'AzurePublicCloud'.
 - `context` (String) The context of the Azure configuration. Defaults to `project`. If  the `project` context is specified, the project name will sourced from the provider configuration parameter [`project_name`](https://registry.terraform.io/providers/spectrocloud/spectrocloud/latest/docs#schema).
 - `disable_properties_request` (Boolean) Disable properties request. This is a boolean value that indicates whether to disable properties request or not. If not specified, the default value is `false`.
 - `private_cloud_gateway_id` (String) ID of the private cloud gateway. This is the ID of the private cloud gateway that is used to connect to the private cluster endpoint.
 - `tenant_name` (String) The name of the tenant. This is the name of the tenant that is used to connect to the Azure cloud.
+- `tls_cert` (String) TLS certificate for authentication. This field is only allowed when cloud is set to 'AzureUSSecretCloud'.
 
 ### Read-Only
 

examples/resources/spectrocloud_cloudaccount_azure/providers.tf

@@ -7,20 +7,6 @@ terraform {
   }
 }
 
-variable "sc_host" {
-  description = "Spectro Cloud Endpoint"
-  default     = "api.spectrocloud.com"
-}
-
-variable "sc_api_key" {
-  description = "Spectro Cloud API key"
-}
-
-variable "sc_project_name" {
-  description = "Spectro Cloud Project (e.g: Default)"
-  default     = "Default"
-}
-
 provider "spectrocloud" {
   host                      = var.sc_host
   api_key                   = var.sc_api_key

examples/resources/spectrocloud_cloudaccount_azure/resource.tf

@@ -1,6 +1,49 @@
-resource "spectrocloud_cloudaccount_azure" "azure-1" {
-  name                = "azure-1"
+# Example 1: Basic Azure cloud account for public cloud
+resource "spectrocloud_cloudaccount_azure" "azure_public" {
+  name                = "azure-public-account"
   azure_tenant_id     = var.azure_tenant_id
   azure_client_id     = var.azure_client_id
   azure_client_secret = var.azure_client_secret
+
+  # Optional: Context (defaults to "project")
+  context = "project"
+
+  # Optional: Cloud environment (defaults to "AzurePublicCloud")
+  cloud = "AzurePublicCloud"
+
+  # Optional: Tenant name
+  tenant_name = "My Azure Tenant"
+
+  # Optional: Disable properties request (defaults to false)
+  disable_properties_request = false
+
+  # Optional: Private cloud gateway ID for private cluster connectivity
+  # private_cloud_gateway_id = "pcg-12345"
+}
+
+# Example 2: Azure US Government Cloud account
+resource "spectrocloud_cloudaccount_azure" "azure_government" {
+  name                = "azure-government-account"
+  azure_tenant_id     = var.azure_gov_tenant_id
+  azure_client_id     = var.azure_gov_client_id
+  azure_client_secret = var.azure_gov_client_secret
+
+  cloud   = "AzureUSGovernmentCloud"
+  context = "project"
+}
+
+# Example 3: Azure US Secret Cloud account with TLS certificate
+resource "spectrocloud_cloudaccount_azure" "azure_secret" {
+  name                = "azure-secret-account"
+  azure_tenant_id     = var.azure_secret_tenant_id
+  azure_client_id     = var.azure_secret_client_id
+  azure_client_secret = var.azure_secret_client_secret
+
+  cloud   = "AzureUSSecretCloud"
+  context = "project"
+
+  # TLS certificate is only allowed when cloud is set to "AzureUSSecretCloud"
+  tls_cert = var.azure_secret_tls_cert
+
+  tenant_name = "Secret Cloud Tenant"
 }

examples/resources/spectrocloud_cloudaccount_azure/terraform.template.tfvars

@@ -0,0 +1,20 @@
+# Azure Public Cloud credentials (required)
+azure_tenant_id     = "{Enter Azure Tenant ID}"
+azure_client_id     = "{Enter Azure Client ID}"
+azure_client_secret = "{Enter Azure Client Secret}"
+
+# Azure US Government Cloud credentials (optional - only if using Government Cloud)
+# azure_gov_tenant_id     = "{Enter Azure US Government Tenant ID}"
+# azure_gov_client_id     = "{Enter Azure US Government Client ID}"
+# azure_gov_client_secret = "{Enter Azure US Government Client Secret}"
+
+# Azure US Secret Cloud credentials (optional - only if using Secret Cloud)
+# azure_secret_tenant_id     = "{Enter Azure US Secret Cloud Tenant ID}"
+# azure_secret_client_id     = "{Enter Azure US Secret Cloud Client ID}"
+# azure_secret_client_secret = "{Enter Azure US Secret Cloud Client Secret}"
+# azure_secret_tls_cert      = "{Enter TLS Certificate for Azure US Secret Cloud}"
+
+# Spectro Cloud credentials
+sc_host         = "{Enter Spectro Cloud API Host}" #e.g: api.spectrocloud.com (for SaaS)
+sc_api_key      = "{Enter Spectro Cloud API Key}"
+sc_project_name = "{Enter Spectro Cloud Project Name}" #e.g: Default

examples/resources/spectrocloud_cloudaccount_azure/variables.tf

@@ -0,0 +1,77 @@
+variable "sc_host" {
+  description = "Spectro Cloud Endpoint"
+  default     = "api.spectrocloud.com"
+}
+
+variable "sc_api_key" {
+  description = "Spectro Cloud API key"
+}
+
+variable "sc_project_name" {
+  description = "Spectro Cloud Project (e.g: Default)"
+  default     = "Default"
+}
+
+# Azure Public Cloud variables
+variable "azure_tenant_id" {
+  description = "Azure Tenant ID"
+  type        = string
+}
+
+variable "azure_client_id" {
+  description = "Azure Client ID"
+  type        = string
+}
+
+variable "azure_client_secret" {
+  description = "Azure Client Secret"
+  type        = string
+  sensitive   = true
+}
+
+# Azure US Government Cloud variables (optional)
+variable "azure_gov_tenant_id" {
+  description = "Azure US Government Tenant ID"
+  type        = string
+  default     = ""
+}
+
+variable "azure_gov_client_id" {
+  description = "Azure US Government Client ID"
+  type        = string
+  default     = ""
+}
+
+variable "azure_gov_client_secret" {
+  description = "Azure US Government Client Secret"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+# Azure US Secret Cloud variables (optional)
+variable "azure_secret_tenant_id" {
+  description = "Azure US Secret Cloud Tenant ID"
+  type        = string
+  default     = ""
+}
+
+variable "azure_secret_client_id" {
+  description = "Azure US Secret Cloud Client ID"
+  type        = string
+  default     = ""
+}
+
+variable "azure_secret_client_secret" {
+  description = "Azure US Secret Cloud Client Secret"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
+variable "azure_secret_tls_cert" {
+  description = "TLS certificate for Azure US Secret Cloud authentication"
+  type        = string
+  default     = ""
+  sensitive   = true
+}

go.mod

@@ -13,7 +13,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/robfig/cron v1.2.0
-	github.com/spectrocloud/palette-sdk-go v0.0.0-20250708143007-797b352a2da2
+	github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf
 	github.com/stretchr/testify v1.10.0
 	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible

go.sum

@@ -597,8 +597,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250708143007-797b352a2da2 h1:jNRU4jOsYIYsWjXkc1lt9bN4zRDemuwq+a8RLFReMIc=
-github.com/spectrocloud/palette-sdk-go v0.0.0-20250708143007-797b352a2da2/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf h1:1T3AyqVCWFjz1PHyYFJ4fRZuHDX1qsV7clSQBMjVdqk=
+github.com/spectrocloud/palette-sdk-go v0.0.0-20250804050913-1ddc51bd0edf/go.mod h1:wIt8g7I7cmcQvTo5ktwhSF0/bWq6uRdxGBs9dwTpleU=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=

spectrocloud/resource_cloud_account_azure.go

@@ -51,15 +51,9 @@ func resourceCloudAccountAzure() *schema.Resource {
 				Description: "Unique client Id from Azure console.",
 			},
 			"azure_client_secret": {
-				Type:      schema.TypeString,
-				Required:  true,
-				Sensitive: true,
-				//DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
-				//	return false
-				//},
-				//StateFunc: func(val interface{}) string {
-				//	return strings.ToLower(val.(string))
-				//},
+				Type:        schema.TypeString,
+				Required:    true,
+				Sensitive:   true,
 				Description: "Azure secret for authentication.",
 			},
 			"tenant_name": {
@@ -77,11 +71,16 @@ func resourceCloudAccountAzure() *schema.Resource {
 				Type:         schema.TypeString,
 				Optional:     true,
 				Default:      "AzurePublicCloud",
-				ValidateFunc: validation.StringInSlice([]string{"AzurePublicCloud", "AzureUSGovernmentCloud"}, false),
+				ValidateFunc: validation.StringInSlice([]string{"AzurePublicCloud", "AzureUSGovernmentCloud", "AzureUSSecretCloud"}, false),
 				Description: `The Azure partition in which the cloud account is located. 
-Can be 'AzurePublicCloud' for standard Azure regions or 'AzureUSGovernmentCloud' for Azure GovCloud (US) regions.
+Can be 'AzurePublicCloud' for standard Azure regions or 'AzureUSGovernmentCloud' for Azure GovCloud (US) regions or 'AzureUSSecretCloud' for Azure Secret Cloud regions.
 Default is 'AzurePublicCloud'.`,
 			},
+			"tls_cert": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "TLS certificate for authentication. This field is only allowed when cloud is set to 'AzureUSSecretCloud'.",
+			},
 		},
 	}
 }
@@ -93,6 +92,11 @@ func resourceCloudAccountAzureCreate(ctx context.Context, d *schema.ResourceData
 	// Warning or errors can be collected in a slice type
 	var diags diag.Diagnostics
 
+	// Validate tls_cert is only used with AzureUSSecretCloud
+	if err := validateTlsCertConfiguration(d); err != nil {
+		return diag.FromErr(err)
+	}
+
 	account := toAzureAccount(d)
 
 	uid, err := c.CreateCloudAccountAzure(account)
@@ -159,6 +163,11 @@ func flattenCloudAccountAzure(d *schema.ResourceData, account *models.V1AzureAcc
 			return diag.FromErr(err), true
 		}
 	}
+	if account.Spec.TLS != nil && account.Spec.TLS.Cert != "" {
+		if err := d.Set("tls_cert", account.Spec.TLS.Cert); err != nil {
+			return diag.FromErr(err), true
+		}
+	}
 	return nil, false
 }
 
@@ -169,6 +178,11 @@ func resourceCloudAccountAzureUpdate(ctx context.Context, d *schema.ResourceData
 	// Warning or errors can be collected in a slice type
 	var diags diag.Diagnostics
 
+	// Validate tls_cert is only used with AzureUSSecretCloud
+	if err := validateTlsCertConfiguration(d); err != nil {
+		return diag.FromErr(err)
+	}
+
 	account := toAzureAccount(d)
 
 	err := c.UpdateCloudAccountAzure(account)
@@ -225,9 +239,29 @@ func toAzureAccount(d *schema.ResourceData) *models.V1AzureAccount {
 	if d.Get("cloud") != nil {
 		account.Spec.AzureEnvironment = types.Ptr(d.Get("cloud").(string))
 	}
+
+	// add TLS configuration if tls_cert is provided
+	if tlsCert, ok := d.GetOk("tls_cert"); ok && tlsCert.(string) != "" {
+		account.Spec.TLS = &models.V1AzureSecretTLSConfig{
+			Cert: tlsCert.(string),
+		}
+	}
+
 	return account
 }
 
+func validateTlsCertConfiguration(d *schema.ResourceData) error {
+	cloud := d.Get("cloud").(string)
+	tlsCert := d.Get("tls_cert").(string)
+
+	// If tls_cert is provided but cloud is not AzureUSSecretCloud, return an error
+	if tlsCert != "" && cloud != "AzureUSSecretCloud" {
+		return fmt.Errorf("tls_cert can only be set when cloud is 'AzureUSSecretCloud', but cloud is set to '%s'", cloud)
+	}
+
+	return nil
+}
+
 func resourceAccountAzureImport(ctx context.Context, d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
 	resourceContext := d.Get("context").(string)
 	c := getV1ClientWithResourceContext(m, resourceContext)