feat: add SN Cloud secrets support

[freeznet]

No description provided.

[Copilot]

Pull request overview

This PR adds support for SN Cloud secrets management by introducing a new Terraform resource and data source for handling secrets. The implementation allows users to create, read, update, and delete secrets in the StreamNative Cloud platform.

• Adds streamnative_secret resource and data source for managing secrets
• Moves k8s.io/api from indirect to direct dependency in go.mod
• Includes a delete timeout configuration for Pulsar clusters (unrelated improvement)

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
go.mod	Promotes k8s.io/api to direct dependency for secret type support
examples/secrets/main.tf	Provides example Terraform configuration for secret resource usage
docs/resources/secret.md	Auto-generated documentation for streamnative_secret resource schema
docs/data-sources/secret.md	Auto-generated documentation for streamnative_secret data source schema
cloud/secret_test.go	Test suite covering secret creation, deletion, and external removal scenarios
cloud/resource_secret.go	Implementation of CRUD operations for secret resource with support for data and string_data
cloud/data_source_secret.go	Implementation of read operation for secret data source
cloud/provider.go	Registers secret resource/data source and adds description entries
cloud/resource_pulsar_cluster.go	Adds 30-minute delete timeout to prevent test failures (unrelated improvement)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[Copilot]

Data sources should not have an Importer field. The Importer is only applicable to resources, not data sources. Data sources are read-only and don't maintain state that needs to be imported. Other data sources in the codebase (e.g., cloud/data_source_volume.go) do not define an Importer.

Suggested change

	Importer: &schema.ResourceImporter{
	StateContext: func(
	ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
	parts := strings.Split(d.Id(), "/")
	if len(parts) != 2 {
	return nil, fmt.Errorf("invalid import id %q, expected <organization>/<name>", d.Id())
	}
	_ = d.Set("organization", parts[0])
	_ = d.Set("name", parts[1])
	if diags := dataSourceSecretRead(ctx, d, meta); diags.HasError() {
	return nil, fmt.Errorf("import %q: %s", d.Id(), diags[0].Summary)
	}
	return []*schema.ResourceData{d}, nil
	},
	},

[freeznet]

we have multiple existing data sources have Importer blocks, so we may remove such in future PRs, this PR will not cover such changes.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

All fields in the secret resource schema are marked as ForceNew: true, which means any change forces recreation of the resource. However, the resource defines an UpdateContext function that will never be called since there are no updatable fields.

Additionally, the test TestSecretUpdate expects to update fields like type, instance_name, data, and string_data, but these are all marked as ForceNew: true, which means Terraform will destroy and recreate the resource instead of updating it in-place.

Consider either:

1. Removing the ForceNew: true constraint from fields that should be updatable (like type, data, string_data)
2. Removing the UpdateContext handler and the update test if all fields truly require recreation

[Copilot]

[nitpick] This timeout configuration change appears unrelated to the PR's stated purpose of adding SN Cloud secrets support. Consider moving this change to a separate PR or adding context to the PR description explaining why this is included.

Suggested change

	Timeouts: &schema.ResourceTimeout{
	// Pulsar clusters can take time to tear down; allow 30m to avoid spurious test failures.
	Delete: schema.DefaultTimeout(30 * time.Minute),
	},

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The data and string_data fields both have ForceNew: true, which means changing either field should force resource recreation. However, the test TestSecretUpdate at lines 140-151 attempts to switch from data (initialData) to string_data (updatedStringData) without recreating the resource. This is contradictory to the ForceNew flag and may cause unexpected behavior.

Either:

1. Remove ForceNew: true from both fields if updates should be allowed without recreation, or
2. Update the test to expect resource recreation when these fields change.

[Copilot]

The description field is empty. Consider adding a brief description of what this resource does, such as: "Manages StreamNative Cloud secrets for storing sensitive data like credentials and tokens."

Suggested change

	Manages StreamNative Cloud secrets for storing sensitive data like credentials and tokens.

[Copilot]

The description field is empty. Consider adding a brief description of what this data source does, such as: "Retrieves information about an existing StreamNative Cloud secret."

Suggested change

	Retrieves information about an existing StreamNative Cloud secret.